Our Collection of your Personal Information
The information we collect may include your personal information, such as your name, contact information, IP addresses, product and service selections and other things that identify you. We collect personal information from you at several different points, including but not limited to the following:
Our Use of your Personal Information
Our Company may use information that we collect about you to:
Our Disclosure of your Personal Information to Third Parties
Please note that these third parties may be in other countries where the laws on processing personal information may be less stringent than in your country.
Our Security Measures to Protect your Personal Information
Our Company uses industry-standard technologies when transferring and receiving data exchanged between our Company and other companies to help ensure its security. This site has security measures in place to help protect information under our control from the risk of accidental or unlawful destruction or accidental loss, alteration or unauthorized disclosure or access. However, “perfect security” does not exist on the Internet. Also, if this website contains links to other sites, our Company is not responsible for the security practices or the content of such sites.
Our Retention of your Personal Information
We will retain any personal information only for as long as is necessary to fulfill the business purpose it was collected. We will also retain and use your personal information for as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
International Transfers of your Personal Information
Information collected from you may be stored and processed in the United States or any other country in which our Company or agents or contractors maintain facilities, and by accessing our sites and using our services, you consent to any such transfer of information outside of your country. European Union or Swiss individuals may refer to the Privacy Shield Statement below with regard to the transfer of their personal data.
Your Access to and Updating of your Personal Information
Reasonable access to your personal information may be provided at no cost upon request made to our Company at the contact information provided below. If access cannot be provided within that time frame, our Company will provide the requesting party a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied.
Because of the nature of our business, our services are not designed to appeal to minors. We do not knowingly attempt to solicit or receive any information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us immediately.
Your California Privacy Rights
Our Company does not currently respond to browser “Do Not Track” (DNT) signals or other mechanisms. Third parties may collect personal information about your online activities over time and across sites when you visit the Site or use the Service.
If you are a California resident, California Civil Code Section 1798.83 permits you to request certain information regarding our disclosure of personal information to third parties for the third parties’ direct marketing purposes. To make such a request, please contact us by sending an e-mail to firstname.lastname@example.org.
Our site, products, and services are not intended to appeal to minors. However, if you are a California resident under the age of 18, and a registered user of our Site or Service, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. To make such a request, please send an e-mail with a detailed description of the specific content or information to email@example.com.
Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
Under California law, California residents who have an established business relationship with us may opt-out of our disclosing personal information about them to third parties for their marketing purposes.
GFI USA, Inc., Kerio Technologies Inc., and Exinda Inc. (collectively the “GFI Corporate Group”) comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.
“Personal Data” means information that (1)is transferred from the EU/EEA or Switzerland to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.
“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.
The GFI Corporate Group may receive Personal Data from its own personnel as well as from its affiliates and other parties located in the EU/EEA. Such information may contain, but is not limited to name (fist and last name), position, address, email address, phone number, login credentials, human resources data and transaction information and may be about customers, clients of customers, business partners, acquisition targets, potential buyers consultants, employees, and candidates for employment and includes information recorded on various media as well as electronic data.
Other than its own human resources data, the GFI Corporate Group generally does not collect Personal Data directly from individuals. The GFI Corporate Group, however, acting as a data processor may receive Personal Data via its customers. The GFI Corporate Group executes data processing agreements with such customers which set out the parties’ obligations and responsibilities to comply with the Principles. The GFI Corporate Group will cooperate with its customers to enable them to comply with the Principles, to the extent a Principle is applicable to the GFI Corporate Group.
Whenever the GFI Corporate Group collects Personal Data directly from individuals, the GFI Corporate Group complies with the Principles:
Notice. We shall inform an individual of the purpose for which we collect and use their Personal Data and the types of third parties to which the GFI Corporate Group discloses or may disclose that Personal Data. The GFI Corporate Group shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to the GFI Corporate Group, or as soon as practicable thereafter, and in any event before the GFI Corporate Group uses or discloses the Personal Data for a purpose other than for which it was originally collected. The GFI Corporate Group may be required to disclose Personal Data in response to lawful request by public authorities, including to meet national security or law enforcement requirements.
Choice. Individuals have the opportunity to choose (opt out) whether their Personal Data is (1) to be disclosed to a non-Agent third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual by contacting our Data Protection Officer via email at privacy@GFIsoftware.com. For Sensitive Personal Information, The GFI Corporate Group will give individuals the opportunity to affirmatively or explicitly (opt in) consent to the disclosure of the information to a non-Agent third party or for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. The GFI Corporate Group shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information. Agents, technology vendors and/or contractors of the GFI Corporate Group or affiliated companies may have access to an individual’s Personal Data on a need to know basis for the purpose of performing services on behalf of the GFI Corporate Group or providing or enabling elements of the services. All such agents, technology vendors and contractors who have access to such information are contractually required to keep the information confidential and not use it for any other purpose than to carry out the services they are performing for the GFI Corporate Group or as otherwise required by law.
Accountability for Onward Transfer. Prior to disclosing Personal Data to a third party, we shall notify the individual of such disclosure and allow the individual the choice (opt out) of such disclosure. The GFI Corporate Group shall ensure that any third party to which Personal Data may be disclosed subscribes to the Principles or is subject to laws providing the same level of privacy protection as is required by the Principles and agrees in writing to provide an adequate level of privacy protection. The GFI Corporate Group may be held responsible in cases of onward transfers to third parties.
Data Security. We shall take reasonable steps to protect the Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. The GFI Corporate Group has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Personal Data from loss, misuse, unauthorized access or disclosure, alteration or destruction. However, the GFI Corporate Group cannot guarantee the security of Personal Data on or transmitted via the Internet.
Data Integrity and Purpose Limitation. We shall only process Personal Data in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, the GFI Corporate Group shall take reasonable steps to ensure that Personal Data is accurate, complete, current and reliable for its intended use.
Access and Recourse. We acknowledge the individual’s right to access their Personal Data. We shall allow an individual access to their Personal Data and allow the individual the opportunity to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. Individuals may contact our Data Protection Officer via email to request access. In cases where the GFI Corporate Group is a Data Processor, individuals must contract the Data Controller.
GFI Corporate Group
Data Protection Officer
401 Congress Avenue, Suite 2650
Austin Texas 78701 USA
Human Resources Data. If your complaint is not satisfactorily addressed by the GFI Corporate Group, and your inquiry or complaint involves human resource data, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel established by the EU data protection authorities (“DPA Panel”), and for Swiss Data Subjects, the Swiss Federal Data Protection and Information Commissioner (“FDPIC”). To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work. The GFI Corporate Group agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel and the FDPIC. The services of EU DPAs are provided at no cost to you.
Non-Human Resources Data. If you do not receive timely acknowledgment of your complaint by the GFI Corporate Group, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. GFI CORPORATE GROUP has committed to refer unresolved privacy complaints under the Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus.
Please note that if your complaint is not resolved through any of the above channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
This Privacy Statement may be amended from time to time consistent with the requirements of the Shield Frameworks. We will post any revised policy on this website.
D) Information Subject to Other Policies
We are committed to following the Principles for all Personal Data within the scope of the Privacy Shield Frameworks. However, certain information is subject to policies of the GFI Corporate Group that may differ in some respects from the general policies set forth in this Privacy Statement. We are committed to following the Principles for all Personal Data within the scope of the Privacy Shield Frameworks. However, certain information is subject to policies of the GFI Corporate Group that may differ in some respects from the general policies set forth in this Privacy Statement.
Last Updated: April 2, 2018.