Customer Data Protection

Introduction

PRIVATLOCKER Limited and its subsidiaries and affiliates (“Privatlocker”, “we”, “us”, or “our”) provides cloud-based Services that allow our customers to store and share files in a secure environment for personal and business use. This Customer Data Protection Statement represents an Agreement between Privatlocker and the customer and governs the use of Customer Data. If there is any inconsistency between this general Agreement and any negotiated Agreement between Privatlocker and the customer, the terms of the negotiated agreement will prevail.

Definitions

Customer:  Person or firm that has registered with Privatlocker

Customer Data:  Documents, images, video and any other material that is stored.

Services:  Your use of our websites, software, and services.

User:  An individual authorised by the Customer

The following terms are used as defined in the EU General Data Protection Regulation (GDPR):

Controller:  The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data

Personal Data:  Any information relating to an identified or identifiable natural person (“Data Subject”)

Processor:  A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller

Third Party:  A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data

Data We Process

Privatlocker may process the following types of Customer Data in order to provide and support the Services:

User Information:  The Services require minimal information from Users for the purpose of authentication and communication.

Metadata:  User activity are automatically logged, for example login time and location,

Materials accessed:  The logs for the purpose of monitoring behaviour.

Materials:  The Materials uploaded by Users that may contain Personal Data.

Privatlocker may collect and process Personal Data for its own business purposes such as account management, billing, recruiting, and marketing. These activities are separate from the provision of the Services and are governed instead by the Privatlocker Privacy Policy.

Purposes for Processing

Privatlocker processes Customer Data for the following purposes: To provide and enhance our product and Services; To provide insights and statistics on an aggregated basis; To respond to Customer requests for support or assistance

With regard to Personal Data, Privatlocker acts as a Processor on behalf of Customers. Customers have primary responsibility for interacting with Data Subjects, and the role of Privatlocker is generally limited to assisting customers as needed. Privatlocker processes data only upon a Customer’s instruction and shall have a duty to respect the security and confidentiality of the data, pursuant to the measures outlined in agreements with customers and as required by applicable law.

For clarity, a Customer may be a Controller or a Processor of Personal Data. Where a Customer is a Processor of Personal Data, Privatlocker shall process Personal Data as sub-processor on behalf of the Controller. Instructions from the Controller regarding the processing Personal Data shall be given through the Processor.

How We Protect Data

Data Protection Program

Privatlocker maintains a managed data protection program to identify risks and implement preventative measures. Our Privacy Officer is responsible for managing the data protection program. The program is reviewed on a regular basis to provide for continued effectiveness. Privatlocker employees with access to Customer Data are trained on data protection and their responsibilities, and they are bound by confidentiality agreements.

Information Security

Privatlocker takes security very seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorised access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.

Transparency and Co-operation with Customers

Privatlocker undertakes to be transparent regarding its data processing activities and to provide customers with reasonable cooperation to help facilitate their respective data protection obligations.

In the event that Privatlocker becomes aware of any unauthorised access to or disclosure of Customer Data, Privatlocker will promptly notify affected customers to the extent such notification is permitted by applicable law. Upon termination of the Services, Privatlocker shall delete all Customer Data.

Sharing and Disclosure

There are limited times when information may be shared by Privatlocker. This section discusses how Privatlocker may share such information.

Sub-processing by Third Parties: Privatlocker may retain third party sub-processors. Such third-party sub-processors shall process data only in accordance with the Customer’s instructions and the commitments outlined in this and other agreements. Such third-party sub-processors have entered into written agreements with Privatlocker in accordance with the applicable requirements, and Privatlocker conducts annual due diligence to verify their security measures.

Compliance with Laws: Privatlocker may share or disclose data to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.

Enforcing Our Rights, Preventing Fraud, and Safety: Privatlocker may share or disclose data to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigation and preventing fraud.

Changes to our Business Structure: Privatlocker may share or disclose data if we engage in a merger, acquisition, bankruptcy, dissolution, reorganisation, sale of some or all of Privatlocker’s assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities.

Data Subject Rights

Privatlocker acts as a data Processor on behalf of customers. Customers have primary responsibility for interacting with Data Subjects, and the role of Privatlocker is generally limited to assisting customers as needed.

Access, Correction, Amendment or Deletion Requests: Privatlocker shall promptly notify a Customer if Privatlocker receives a request from a Data Subject for access to, correction, amendment or deletion of that person’s Personal Data. Privatlocker shall not respond to any such Data Subject request without the Customer’s prior written consent except to confirm that the request relates to that Customer. Privatlocker shall provide Customers with co-operation and assistance in a reasonable period of time and to the extent reasonably possible in relation to any request regarding Personal Data.

Handling of Complaints: Data Subjects may lodge a complaint about processing of their respective Personal Data by contacting the relevant Customer or the Privatlocker Privacy department at the email address privacy@privatlocker.com. Privat Locker shall promptly communicate the complaint to the Customer to whom the request relates. Customers shall be responsible for responding to all Data Subject complaints forwarded by Privatlocker, except in cases where a customer has disappeared factually or has ceased to exist in law or become insolvent. Where Privatlocker is aware of such a case, it undertakes to respond directly to Data Subjects’ complaints within thirty (30) days, including the consequences of the complaint and further actions Data Subjects may take if they are unsatisfied by the reply.

Regulatory Inquiries and Complaints: Privatlocker shall, to the extent legally permitted, promptly notify a Customer if it receives an inquiry or complaint from a data protection authority in which that Customer is specifically named. Upon a Customer’s request, Privatlocker shall provide the Customer with co-operation and assistance in relation to any regulatory inquiry or complaint involving Privatlocker’s processing of Personal Data.

Changes to this Statement

We may change this statement from time to time, and if we do we will post any changes on this page. If you continue to use the Services after those changes are in effect, you agree to the revised policy. This document was last updated on 1st January 2024.

Standard Contractual Clauses

According to the General Data Protection Regulation (GDPR), contractual clauses ensuring appropriate data protection safeguards can be used as a ground for data transfers from the EU to third countries. This includes model contract clauses – so-called standard contractual clauses (SCCs) that have been “pre-approved” by the European Commission.

Contacting Privatlocker

For inquiries regarding our activities, privacy policy, and protection of personal information, you may contact our Head of Data Protection and Privatlocker’s CTO at privacy@privatlocker.com.