This document sets out our Privacy and Security Policy (the “Policy”) of CloudLex, Inc. (“we” or “us”). We may change, modify, or update this Policy, in whole or in part, in our sole discretion at any time without notice by posting updated versions on our website located at www.cloudlex.com (the “Website”) and any changes, modifications or updates will become effective immediately upon such posting.
We understand that privacy and data security is important to you and your organization (individually and collectively referred to herein as “you” or “your”) and we are committed to respecting your privacy when you visit our Website located at www.cloudlex.com, use any of our mobile applications, and/or otherwise access our Services via a direct or indirect connection to the internet (collectively, the “Sites”) or sign up for and use any of our products or service offerings via the Site or otherwise, including, without limitation our case management solution known as “CloudLex®” (collectively, along with any future modules or functionality you are provided access to through use of our CloudLex® platform, the “Services”).
The following information in this Policy is designed to help you better understand what information we gather from you and, through your use of any of our Services, how we use and disclose this information, who we might share this information with, and to describe generally what security steps we take.
By visiting any of our Sites, downloading any of our applications or otherwise installing any of our software, and/or by using our Services in any manner, you are accepting the practices described in this Policy and expressly consent to our collection, use and disclosure of all information transmitted or otherwise received by us (including all personally identifiable information) in the manner described in this Policy.
This Policy is incorporated into and subject to the terms of our Terms of Service or other agreement entered into between us and your organization (either via click-through acceptance or otherwise) (collectively, the “Use Agreements”). This Policy applies to all Sites operated or controlled by us and all Services provided, however it does not apply to any third party site linked to our Site or accessible via our Services or recommended or referred by our Site or via our Service or any third party service used in the provision of the Services to you (including, without limitation, third party sites used for sign-in to our Services).
Data Collection and Personally Identifiable Information.
1. Overview and Definition of Personally Identifiable Information.
In providing our Services or otherwise interacting with you through your use of our Sites or our Services, we may collect your personally identifiable information (“PII”). PII includes personal information such as a user’s name, email address, account profiles and passwords, IP address, telephone number, physical addresses, and anything else a user provides to us that can in any manner identify the user individually.
2. Methods of Information Collection of Information, Including Collection of PII.
Your information, including your PII, and any other information you input via use of our Services may be collected through your direct interactions with our Site or our Services, email or written correspondence, telephone calls, or web based forms or from third party providers. Such information is transmitted and/or received by us in a number of ways, including:
a. You may give us information about you by filling in forms on our Sites or via our Services, or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our Sites, subscribe to our Services, participate in any discussion boards, forums or other social media functions made available by us or enter a competition, promotion or survey via our Sites, or when you report a problem with our Sites or Services.
b. We may also receive information about you from individuals or corporate entities which are subscribers to our Services (‘Subscribers’) where you are to be designated a user of our Service by the Subscriber. We are also working closely with third parties (including, for example, subcontractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them, subject to your agreements with them.
c. We also may place a “cookie” (a small file) on your hard drive during your access to any of our Sites or use of our Services to help us identify the number of unique visitors to our Sites, learn what our users’ technology preferences are, monitor the functionality of our Sites and/or Services, help with authentication/login and otherwise improve our Services. We may also use “local storage”, a feature of your browser, to retain information locally regarding your usage to improve our Services. If you do not wish to have cookies placed on your computer or do not wish for us to use “local storage” you may adjust your web browser settings accordingly. If adjustment is not feasible, you may elect to refrain from using our Services or accessing our Sites. Please be aware that restricting cookies may impede your ability to use our Site or our Services or certain features of our Site or our Services. Additional technologies that our marketing partners, affiliates, or analytics or our online customer support service providers and we may use include web beacons, tags (tiny graphic images) and scripts (code designed to collect information about a user’s interactions with our Sites or Services). All of these technologies are used in analyzing trends, administering our Sites and the Services, tracking users’ movements around our Sites and Services, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
d. Like most Internet services, we use log files on the server side. The data held in log files includes your IP address, browser type, e-mail application, Internet service provider (“ISP”), referring/exit Web pages, computer platform type, date/time stamp, and user activity. We use server log data to analyze trends, administer the Services offered through our Sites and otherwise administer our Sites. The software enabling the Sites and the Services also has associated log and temporary files that are stored on Company controlled servers. These files may store your account information, preference settings, system notifications as well as other data necessary to enable you to participate on the Site and/or use the Services. Your information may also exist within regularly performed server backups.
e. Additionally, if you log-in to our Services using a 3rd Party Authenticator (as defined in Section 5 below), we may receive and collect your third party service log-in, email, profile picture, and/or other information transmitted by such 3rd Party Authenticator to us.
f. Moreover, we partner with a third party to either display advertising on our Sites or to manage our advertising via our Services. Our third party partner may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by sending your opt-out request to [email protected]. Please note this does not opt you out of being served ads. You will continue to receive generic ads.
3. Use of PII
We use your PII to create your account to (i) communicate with you about Services you have purchased (including any changes thereto), (ii) offer you additional products and services offered by us or our marketing partners (subject to your right to opt out as explained below), (iii) allow use of the Sites and the applicable Services you have purchased and optimize such offerings for you, (iv) process service requests, (v) provide access to secure areas of the Sites, (vi) verify credit worthiness and send invoices for our Services and process payments related thereto, and (vii) ensure compliance with intellectual property laws. We also use PII to the extent necessary to enforce all applicable user agreements (including the Terms of Service) (the “User Agreements”), monitor adherence to all applicable Use Agreements, analyze, monitor and enhance our Sites and Services, and to attempt to prevent and/or detect fraud, as well as to allow third parties to carry out technical, logistical, fraud detection, credit worthiness and risk reduction, or other functions on our behalf as long as those third parties have agreed to use the level of privacy protections commensurate with industry norms. By signing up for any of our paid Services, you agree that we may use third-party credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
For example, your account information is stored on servers controlled by us and if you forget your log-in password, you will be asked to enter your e-mail address on record with us in order to gain access to the Site or Service (as applicable). Moreover, we collect additional information from you when you provide us with on-line comments or feedback via our Site or via our Services or post information about yourself or others to a Site or via the Services. This information, if any, is available to others accessing the Site or Service (as applicable). We work to process and maintain accurately the information that you share with us and will use commercially reasonable efforts to allow you the ability to change or modify your user information in order to enhance your ability to use our Sites and the Services you have purchased.
Additionally, when you purchase or subscribe to a Service, we collect your contact information (such as your address) and may collect your financial information (such as your credit/debit card information). We use the information you provide only to complete that Service order or to otherwise fulfill the Service. We do not share this information with unaffiliated parties except to the extent necessary to complete that transaction. If we have trouble processing an order, we use the information to contact you. For clarification, we may use third party vendors to process payment transactions and/or check credit worthiness (the “Payment Processors”) and you agree to such use and understand that the terms and conditions (and privacy and security policies) of such vendors shall govern and control for all purposes with respect to all applicable payment processing transactions related to your purchases.
4. Hosted Data; Location
Through our Services, we provide technology hosting services used to host a variety of internet-based solutions, including internet-based communications and applications (including “mobile apps”) as well as other information you and your users input via use of the Services. As a result, our hosting services store and transmit information about our customers, their business, as well as information collected or inputted by those businesses (the “Hosted Info”). Hosted Info may include PII and other information that belongs to you and/or your employees or other service providers.
With respect to all Hosted Info, the Company is a passive recipient and takes no active part in collecting or storing any Hosted Info. Moreover, except in extraordinary cases or to the extent necessary to render the Services to you, the Company does not purposefully access any Hosted Info. For example, if you input court documents, our Service passively receives such information and normally only accesses or reviews such information to the extent necessary to provide the Services to you (and provide any related support of the Services) and you agree that such access is permissible for all purposes.
The Sites and Services are controlled and operated by us from the United States, and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than those of the United States. Your Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using Sites or Services, you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have different data protection rules than those of your country.
5. Security Measures
Substantially all information we receive from you or via your use of any Services are copied, stored and managed through computer servers owned or controlled by us. While we attempt to employ security techniques commensurate with industry norms to protect your PII and other Hosted Info from unauthorized access by users inside and outside the organization, you should be aware that “perfect security” does not exist on the Internet; third parties may unlawfully or improperly intercept or access transmissions, personal information, or private communications. As such, we cannot make any assurances that a security breach will not occur that may expose your personally identifiable information to others.
For example, our servers are not located at CloudLex, Inc., but rather are managed and located at a third-party Infrastructure-as-a-Service provider (an “IAAS”). We have taken commercially reasonable steps to choose a professional IAAS provider but we cannot guarantee the performance of the IAAS provider, its security measures, or the actions or inactions it takes in the future. By using our Services, you understand and agree that we have no liability for the action, behaviors or failings of our IAAS provider.
We endeavor to only collect as much PII as required to provide customers with our Service and meet our legal obligations.
Your user account related to the Services is also protected by a password for your privacy and security You need to ensure that there is no unauthorized access to your account, your PII and/or your Hosted Info by selecting (if you so choose) and protecting your password appropriately and limiting access to your computer (or other device) and browser by signing off after you have finished accessing your account. Additionally, we may use third party sign in providers to authenticate users of our Services, such as Google Sign in and OneLogin (the “3rd Party Authenticators”). You understand that your information (including PII) may be made available to and stored by such 3rd Party Authenticators and by using our Services, you understand and agree that we have no liability for the action, behaviors or failings of our 3rd Party Authenticators.
Additionally, while we endeavor to protect user information to ensure that user account information is kept private, we cannot guarantee the security of user account information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
6. Sharing of Information; Importing Information of Others.
We make other tools available to sync information with our Services, and may also develop additional features that allow you to sync information stored via our Services to other third-party services used by you or your organization (each an “Additional Platform”). For example, our Service may allow your organization or you to sync your Services account (and all information related thereto) to another of your organization’s document management platforms (e.g., iManage, iCal, Google Calendar etc.). By using the Service, you consent to such syncing and agree that all such information that is distributed to an Additional Platform is permissible and that by using our Services, you understand and agree that we have no liability for the action, behaviors or failings of any operator of any applicable Additional Platform (including, without limitation, a failing that cause a data breach of our Service).
We may share your personal information with any member of our group, which includes our subsidiaries and subsidiaries so long as such members abide by the provisions of this Policy. Additionally, we may share your information (including PII) with selected third parties, including:
(i) Business partners, vendors, suppliers and subcontractors related to the performance of any contract between us and you;
(ii) Analytics and search engine providers that assist us in the improvement and optimization of our Sites and Services.
We may also share aggregated demographic information (without PII) about users of our Services to others.
Through use of our Services, you can import contacts from and/or integrate CloudLex® with your Outlook or other email account address book to, among other things, invite such contacts to become users of our Services or Sites. You are responsible for insuring you have the legal right to import such contacts.
Moreover, by using our Services, you understand and agree that we have no liability for the action, behaviors or failings of our Payment Processors.
As a matter of policy, we will not sell or rent information about you and we will not disclose your PII or Hosted Info in a manner inconsistent with this Policy except as required by law or government regulation. We cooperate with law enforcement inquiries, as well as other third parties, to enforce laws such as those regarding intellectual property rights, fraud and other personal rights. WE CAN (AND YOU AUTHORIZE US TO) DISCLOSE ANY INFORMATION ABOUT YOU, INCLUDING YOUR PII OR OTHER HOSTED INFO, TO LAW ENFORCEMENT, OTHER GOVERNMENT OFFICIALS, OR ANY OTHER THIRD PARTY THAT WE, IN OUR SOLE DISCRETION, BELIEVE NECESSARY OR APPROPRIATE IN CONNECTION WITH AN INVESTIGATION OF FRAUD, INTELLECTUAL PROPERTY INFRINGEMENT, OR OTHER ACTIVITY THAT IS ILLEGAL OR MAY EXPOSE US, OR YOU, TO CRIMINAL OR CIVIL LIABILITY.
Your information, including all PII, may also be disclosed by us to any party that is an acquirer or potential acquirer of us, our Services or substantially all of our assets.
Information we receive from other sources.
We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Some of our pages utilize framing techniques to serve content to/from our partners while preserving the look and feel of our site. Please be aware that you are providing your personal information to these third parties and not to www.cloudlex.com.
7. User Access and Choice
Upon request, we will grant you reasonable access to your PII held by us. In addition, we will take reasonable steps to permit you to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. We will respond to your request to access within 30 days of actual receipt of any such request.
We will not intentionally collect or maintain, and request that you please do not provide, any information regarding any medical or health conditions, your race or ethnic origins, political opinions, your religious or philosophical beliefs, or other such information. Use of our Site and our Services are not designed for or directed to children under the age of 13, and we will not intentionally collect or maintain information about anyone under the age of 13.
We will retain your information for as long as your account to use our Sites or Services is active or as needed to provide you Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements with you.
Under EU Data Protection Directive 95/46/EC, we are at times a “data controller” and at other times merely a “data processor”. When we are a “data controller,” meaning we are collecting, using and retaining PII from European Union member countries and Switzerland, the Company complies with the U.S.-E.U. and U.S.-Swiss Safe Harbor Privacy Principles (“Safe Harbor Principles”) of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view our certification, please visit the U.S. Department of Commerce website.
8. Opt-out Preferences
You can prevent future disclosure for direct marketing purposes of your PII, at no charge, by exercising your “opt out” rights by using the “opt out” procedures described below:
Send an email to: [email protected], or
Send mail to the following postal address:
31 East 32nd Street, Suite 906
New York, NY 10016
Telephone: 646 415 8307
Additionally, upon receipt of any electronic communication from us to you, to unsubscribe from future communications, you can click on the link that says words substantially to the effect of “If you do not wish to receive these emails in the future, You can click here to unsubscribe.” Because email communications are not always secure, please do not include credit card information or other sensitive information in your emails to us.
9. Third-Party Sites
Our Sites and Services may, from time to time, contain links to and from the websites of others (each a “Third Party Site”). If you follow a link to any of these Third Party Sites, please note that these Third Party Sites have their own privacy policies and that we do not accept any responsibility or liability for these policies or anything related to your access of any Third Party Site. Please check these policies before you submit any personal data to these Third Party Sites.
10. Public Display
Our Sites or Services may include publicly accessible blogs or community forums. Any information you provide in these areas may be read, collected and used by others who access them. This includes information posted on our public social media accounts. To request removal of your personal information from our blog or community forum, contact us at [email protected]. In some cases, we may not be able to remove your personal information.
With your consent, we may display personal testimonials on our Sites, along with other endorsements. If you wish to update or delete your testimonial after providing your consent to us, you can contact us at [email protected].
The Company may change, modify, or update this Policy, in whole or in part, in our sole discretion at any time without notice by posting updated versions on our Site located at www.cloudlex.com and any changes, modifications or updates will become effective immediately upon such posting. We will attempt to notify you of any such changes you’re your log-in to the Services but it is your responsibility to review the www.cloudlex.com website for any changes. Therefore, please check back frequently to see any updates or changes to this Policy.