PRIVACY POLICY

  1. Introduction

1.1 This Privacy Policy explains the data collection and use practices of eMag Solutions, LLC having its principal place of business at 1120 Sanctuary Parkway, Suite 275, Alpharetta, Georgia, 30009, United States, and its subsidiaries and affiliates (hereinafter, referred to as ‘Company’).

 

1.2 Company provides data management services including but not limited to: data restoration, data migration, data remediation, litigation support, and information governance support (hereinafter, referred to as ‘Services’). Company’s UK subsidiary is certified for the provision of Services with the ISO/IEC 27001 standard for information security management systems; the rest of Company follows those practices as well. Moreover, Company adheres to the Electronic Discovery Reference Model (EDRM) that outlines the standards for gathering and assimilating electronic data during legal processes, including criminal evidence discovery.

1.3 Company operates the website https://www.emagsolutions.com/ (hereinafter, referred to as the ‘Website’). Company collects certain personal data from individual visitors of the Website (hereinafter, referred to as ‘Visitors’). This Privacy Policy contains a detailed description of the way Company collects, stores, uses, and discloses personal data that it obtains through the Website (hereinafter, referred to as ‘Visitors’ Data’).

1.4 Company collects from its customers and prospects (hereinafter, referred to as ‘Customers’) certain personal data prior to providing Services. This Privacy Policy explains in detail the way Company collects, stores, uses, and discloses Customers’ personal data (hereinafter, referred to as ‘Customers’ Data’).

1.5 Company may process certain types of data while providing Services to Customers (hereinafter, referred to as ‘Project-related Data’). In this Privacy Policy, Company explains its privacy practices regarding Project-related Data.

1.6 Company complies with personal data collection, processing, and transferring principles as set forth in the EU-U.S. Privacy Shield Framework (see Section 6 of this Privacy Policy).

  1. Types of Data

2.1 Visitors’ Data

2.1.1 The Website allows Visitors to contact Company by filling out the Contact Us form. If Visitors want to download information from the Website, they do so by filling out the Downloads form available on the Website (hereinafter, the Contact Us form and the Downloads form are collectively referred to as the ‘Forms’). When Visitors fill out the Forms, Company collects the following personal data from them:

  1. full name;
  2. email address; and
  3. any other information that Visitors may decide to provide to Company through the Forms.

2.1.2 If Visitors sign up for Company’s newsletter by using the ‘Sign up for newsletter’ functionality available on the Website, Company will collect their email address.

2.1.3 When Visitors visit the Website, Company collects their IP address.

2.2 Customers’ Data

2.2.1 Company may collect the following Customers’ Data:

  1. full name;
  2. company information;
  3. work phone number;
  4. job title;
  5. email address; and
  6. any other information that the Customers may decide to provide to the Company in writing or orally.

2.2.2 Please note that Company does not collect Customers’ sensitive data such as health records, political and philosophic beliefs, racial and ethnic origin, and data of minors.

2.3 Project-related Data

2.3.1 The provision of Services by Company is governed by a contract concluded between Company and Customers (hereinafter referred to as the ‘Contract’). Upon provision of Services as set forth in the Contract, Company may restore and process certain types of personal and non-personal Project-related Data extracted from the following:

  1. email files;
  2. file shares;
  3. network shares;
  4. electronic files;
  5. computer images;
  6. voice recordings; and
  7. any other sources that Customers may decide to provide to Company.

2.3.2 Please note that, depending on the nature of the requested Services, Company may also be exposed to certain types of Customers’ sensitive data. Please note that such sensitive data will be processed in accordance with the Contract and after receiving Customers’ prior written consent. The sensitive data may include the following:

  1. health data;
  2. racial and ethnic origin;
  3. political opinions;
  4. religious or philosophical beliefs;
  5. sexual life;
  6. data of minors;
  7. biometric data;
  8. genetic data; and
  9. any other data that Customers may decide to provide to Company.

2.4 Company may receive and process personal data indicated in Sections 2.1, 2.2., and 2.3 to the extent such data are relevant to processing as described in this Privacy Policy. Company ensures that Visitors’ Data and Customers’ Data are accurate, reliable, complete and up to date; Company never alters Project-related Data.

2.5 Non-personal Data

2.5.1 Company may collect non-personal data, such as browser types, operating systems, and the URL addresses of websites clicked to and from the Website.

2.5.2 Company collects the non-personal data mentioned in Section 2.5.1 to analyze what kind of users visit the Website, how they find it, how long they stay, from which other websites they come to the Website, what pages they look at, and to which other websites they go from the Website.

2.5.3 The Website uses the Google Maps API(s). By using the Website, Visitors agree that the Google Privacy Policy available at http://www.google.com/policies/privacy will apply to their use of the Google Maps API(s).

  1. The Purposes of Collection of Personal Data

3.1 Visitors’ Data are used by the Company only for the following:

  1. the purposes for which the data are provided;
  2. verifying Visitors’ contact details;
  3. customizing Website’s content based on Visitors’ location;
  4. providing the Visitors with advertisements of products and services which may be of interest to them;
  5. delivering Company’s newsletter to Visitors;
  6. sending notifications to Visitors about updates to the Website;
  7. sending information about promotions and/or events that may be of interest to Visitors; and
  8. audit and security purposes.

3.2 Customers’ Data are collected and processed solely for internal customer relationship management, financial management, and project management purposes, including the following:

  1. managing leads;
  2. managing sales processes;
  3. managing marketing processes;
  4. managing accounts receivable;
  5. managing accounts payable;
  6. managing post-sales projects; and
  7. delivering Services.

3.3 Project-related Data are collected and processed solely for the purposes of completing Services requested by Customers in accordance with the Contract. Please note that Company keeps Project-related Data in strict confidentiality and neither sells nor transfers such data to third parties. The employees of Company are subject to strict contractual confidentiality obligations and have restricted access to Project-related Data.

3.4 Company will never use the data indicated in Section 2 of this Privacy Policy for a purpose that is incompatible with the original purpose.

  1. Data Protection and Liability

4.1 Company employs information security tools complying with ISO/IEC 27001 requirements to protect Visitors’ Data and Customers’ Data from loss, misuse, unauthorized access, alteration, and destruction. Such information security tools include, but are not limited to, secured networks, encryption, firewalls, antivirus protection, access control, physical security of buildings, camera monitoring, and regular background checks of Company’s employees.

4.2 Company employs extensive physical and information security measures to protect the Project-related Data from loss, misuse, unauthorized access, alteration, and destruction. Such measures include, but are not limited to, isolated data processing systems complying with ISO/IEC 27001 requirements, disconnection from the Internet, and limited access to sensitive data. Project-related Data may be stored with the prior consent of Customers in off-site, vaulted, and secured data centers managed by Company.

4.3 Company commits to conduct compliance audits of its information and data processing systems to verify adherence to this Privacy Policy. Any employee of Company who violates this Privacy Policy will be subject to disciplinary action, up to and including termination of employment.

4.4 Due to the inherent risks of using the Internet, Company cannot be liable for any destruction, loss, leakage, and falsification of Customers’ Data and Visitors’ Data caused by circumstances beyond Company’s reasonable control.

  1. Third Party Access and Data Transfer

5.1 Company may store Visitors’ Data using Constant Contact, which is a trading name of Constant Contact, Inc., an email marketing provider, having its principal place of business at Reservoir Place, 1601 Trapelo Road, Waltham, Massachusetts, 02451, United States, to provide Visitors with the requested newsletter, and to support the activities listed in Section 3.1. Constant Contact’s privacy statement is available at https://www.constantcontact.com/legal/privacy-statement. By signing up for Company’s newsletter or filling out the Forms on the Website, Visitors consent to the transfer of their personal data outside the European Union.

5.2 Customers’ Data may be used by Company for internal customer relationship management, financial management, and project management purposes. Customers’ Data may also be stored and used by the system mentioned in Section 5.1, strictly only with Customers’ prior written or oral permission and consent.

5.3 Company may transfer Customers’ Data and Visitors’ Data amongst its subsidiaries and affiliates. By providing their personal data to Company, Visitors and Customers consent to the transfer of their personal data between the European Union and the United States. The transfer of personal data between the U.S. and the EU is conducted in strict compliance with the Privacy Shield Framework (https://www.privacyshield.gov) as set forth by the U.S. Department of Commerce regarding the collection, use, protection, and retention of personal information between the Member States of the EU and the U.S.

5.4 Company does not provide third parties with access to Project-related Data, unless Company is legally bound to do so.

5.5 Company uses customer relationship management, financial management, and project management software provided by: (1) FutureSimple, Inc., a company having its principal place of business at 850, Shoreline Blvd, Mountain View, California, 94043, United States; (2) Vtiger Systems (India) Private Limited, a company having its principal place of business at No. 95, 12th Main, 3rd Block, Rajajinagar, Bangalore – 560 010, India; (3) The Sage Group plc, a company having its principal place of business at North Park, Newcastle Upon Tyne, NE13 9AA, United Kingdom; and (4) Intuit Inc., a company having its principal place of business at 2632 Marine Way, MS2675, Mountain View, California, 94043, United States. Company may store Visitors’ Data and Customers’ Data in these systems strictly for internal customer relationship management, financial management, and project management purposes.

5.6 The third parties indicated in Sections 5.1 and 5.5, except for Vtiger Systems (India) Private Limited and The Sage Group plc, comply with the EU-U.S. Privacy Shield Framework. They have certified adhering to the Privacy Shield principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If Visitors and Customers would like to read more information on the EU-U.S. Privacy Shield Framework, they can visit https://www.privacyshield.gov.

5.7 The data stored in the software from Vtiger Systems (India) Private Limited, The Sage Group plc, and Intuit Inc. are entirely maintained on Company’s internal servers and internal network, and protected as described in Section 4.

5.8 Company will respond to lawful requests from U.S. public authorities to disclose information about Visitors and Customers to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.

5.9 With the exception of the cases in Sections 5.1, 5.2, and 5.5, Company does not transfer Visitors’ Data and Customers’ Data to third parties, unless Company is legally bound to do so.

  1. Commitment to Privacy Shield

6.1 Company commits to apply the EU-U.S. Privacy Shield principles regarding notice, choice, onward transfer, security, data integrity, access, and enforcement to all Visitors’ Data and Customers’ Data transferred between the U.S. and the EU. For more information on the EU-U.S. Privacy Shield Framework, please visit https://www.privacyshield.gov.

6.2 Visitors and Customers can easily check the Privacy Shield status of Company by visiting the website of the U.S. Department of Commerce: https://www.privacyshield.gov/list.

6.3 Company only transfers Visitors’ Data and Customers’ Data for limited and specified purposes, consistent with any notice provided to it and consent given.

6.4 Company transfers Visitors’ Data and Customers’ Data only if the recipient agrees to provide the same level of privacy protection as it is required by this Privacy Policy and the Privacy Shield principles.

6.5 If the recipient can no longer provide the level of protection as required by the Privacy Shield principles, Company requires the recipient to notify it as soon as such a failure occurs. Company will take reasonable steps to stop and remediate unauthorized processing of Visitors’ Data and Customers’ Data.

6.6 The government agency in the U.S. that is responsible for investigation and enforcement of Company’s obligations under the Privacy Shield Framework is the U.S. Department of Commerce (https://www.commerce.gov).

6.7 In compliance with the Privacy Shield Principles, Company commits to resolve complaints about its collection or use of Visitors’ and Customers’ personal information. EU individuals with inquiries or complaints regarding Company’s Privacy Shield policy should first contact Company using the information in Section 14.1.

6.8 Company has further committed to cooperate with EU data protection authorities (DPAs) regarding unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship. If a Visitor or Customer does not receive timely acknowledgment of their complaint from Company, or if Company has not addressed a complaint to a Visitor’s or Customer’s satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to the complainant.

6.9 In the event of a third party’s violation of the Privacy Shield Principles related to an onward transfer of Visitors’ Data or Customers’ Data, Company may be held liable to the complainant for its vendor’s violation of the Principles unless Company proves that it is not responsible for the event giving rise to the damage.

  1. Accessing and Correcting Personal Data; Opting Out

7.1 Visitors and Customers have the right to: (1) have their data communicated; (2) get information about the purpose for which their data are processed; (3) learn about the categories of personal data concerned; and (4) get information about the recipients to whom the data are disclosed.

7.2 Visitors’ Data and Customers’ Data that are not accurate, outdated, or have been processed in violation of this Privacy Policy can be accessed, corrected, and deleted. To access, correct, or delete such personal data, please contact Company by using the information provided in Section 14.1.

7.3 Customers and Visitors have the right to opt out from collection and processing of their personal data by contacting Company as set forth in Section 7.2.

7.4 Project-related Data can be accessed, corrected, and deleted by contacting Company as set forth in Section 7.2.

7.5 Company will answer any requests made under Section 7 within a reasonable time frame but no later than within two weeks.

7.6 Please note that Company may limit Visitors’ and Customers’ access rights in specific situations such as when providing access would undermine confidentiality, breach professional privilege, or conflict with legal obligations.

7.7 Unsubscribing from the newsletter service can be done through clicking on the ‘unsubscribe’ or ‘opt-out’ link contained in any of Company’s newsletters or mass emails.

  1. Complaints and Disputes

8.1 Customers and Visitors have the right to lodge a complaint free of cost regarding the use of their personal data. The complaint should be first submitted to Company by using the contact as set forth in Section 14.1.

8.2 If the dispute between (1) Customers or Visitors and (2) Company fails to be resolved within a reasonable time frame, Visitors and Customers have the right to invoke binding arbitration with an independent recourse mechanism at no charge to the complainant.

8.3 Company is registered with JAMS (Judicial Arbitration and Mediation Services, https://www.jamsadr.com) as its alternative dispute resolution provider.

  1. Retention Period

9.1 Visitors’ Data and Customers’ Data will be kept for as long as it is necessary to provide with the requested Services. For instance, if personal data is collected to deliver the newsletter, the personal data will be kept until the Visitors or the Customers unsubscribe from the newsletter service.

9.2 When Visitors’ Data and Customers’ Data are no longer necessary to deliver the requested Services, the Company will immediately delete such data.

9.3 Please note that the Project-related Data are deleted immediately after the Contract is executed. Upon explicit written request of the Customers, the Company may store the Project-related Data for a longer period. The retention period for Project-related Data is bound by the Contract signed between the Company and the Customers. The Project-related Data will be stored and/or disposed for the time period specified in the Contract.

  1. Consent

10.1 By using the Website, Visitors are consenting to processing of their personal data as set forth in this Privacy Policy. The term ‘processing’ includes collecting, storing, deleting, using, and disclosing personal data.

10.2 By concluding the Contract, Customers are consenting to processing of their personal data as set forth in this Privacy Policy.

10.3 Collecting and processing of Project-related Data will be carried out only after concluding the Contract and obtaining Customers’ prior consent (i.e., opt-in).

  1. Links

11.1 The Website may contain links to other websites. Company is not responsible for the privacy practices of those websites.

  1. Cookies

12.1 The Website uses cookies. A cookie is a small computer file. It typically consists of letters and numbers. When Visitors visit the Website, the Website may send cookies to their browsers. Subsequently, the browsers may store the cookies on their computer systems. The main purpose of the cookies is to allow the Website to recognize Visitors’ devices.

12.2 There are two types of cookies, namely, persistent cookies and session cookies. Persistent cookies remain valid until their expiration date, unless deleted before that date. Session cookies are stored on a web browser and will remain valid until the moment when the browser is closed.

12.3 Cookies do not typically contain personal data. However, personal data stored by Company may be linked to the information stored in and obtained from cookies.

12.4 Company uses both session and persistent cookies (e.g., essential cookies, analytics cookies, preference cookies, advertising targeting cookies, and email cookies). Company uses session cookies to verify Visitors’ details while they are navigating from page to page on the Website. Company uses persistent cookies to recognize Visitors as unique Visitors when they return to the Website. Company will not use cookies for purposes which are not mentioned in this Privacy Policy.

12.5 Company uses Google Analytics to analyze Visitors’ activity on the Website. Google Analytics generates statistical and other information about the Website by means of cookies. The information generated by Google Analytics in relation to the Website is used to create reports about the use of the Website. Company uses the following Google Analytics advertising features: (1) Remarketing with Google Analytics; (2) Google Display Network Impression Reporting; (3) Google Analytics Demographics and Interest Reporting; and (4) integrated services that require Google Analytics to collect data via advertising cookies and identifiers.

12.6 If Visitors want to opt out from Google Analytics advertising features, they can do so through Ads Settings, Ad Settings for mobile apps, or any other available means (for example, the NAI’s consumer opt-out). Visitors can also install a Google Analytics opt-out browser add-on available at https://tools.google.com/dlpage/gaoptout?hl=en.

12.7 Third party vendors, including Google, use cookies to serve ads based on Visitors’ prior visits to the Website. Google’s use of advertising cookies enables it and its partners to serve Visitors ads based on their visits to the Website and/or other websites on the Internet. Visitors may opt out of personalized advertising by visiting https://www.google.com/settings/u/0/ads/authenticated. Alternatively, Visitors can opt out of a third-party vendor’s use of cookies for personalized advertising by visiting http://www.aboutads.info/choices.

12.8 By using the Website, Visitors agree to Company’s use of cookies as described in this Privacy Policy. If Visitors do not agree to Company’s use of cookies, Visitors need to either (1) discontinue their use of the Website or (2) set their browsers to refuse cookies. Some parts of the Website may not function properly without cookies. If Visitors would like to set their browsers to refuse cookies, they can check their browsers’ help information or visit the following links for further information:

  1. User-Generated Content

13.1 The Website provides Visitors with the possibility to comment on the articles published on the blog of the Website (hereinafter, referred to as ‘User-Generated Content’). Visitors agree not to submit any User-Generated Content on the Website that violates the applicable privacy and other laws.

13.2 Company shall not be liable for any direct or indirect damages caused by publication of unlawful content by Visitors.

13.3 Any User-Generated Content submitted by Visitors to Company may become public.

  1. Contact Details

14.1 Individuals with inquiries or complaints regarding this Privacy Policy should contact Company at:

eMag Solutions, Ltd.
2A Oaktree Court, Mulberry Drive
Cardiff Gate Business Park
Cardiff, Wales, CF238RS, United Kingdom
Email: privacy@emagsolutions.com
Phone: +44 (0) 220 739940
Fax: +44 (0) 2920 739948

14.2 Company will respond to any inquiries regarding this Privacy Policy within a reasonable time frame but no later than within two weeks.

  1. Amendment of this Privacy Policy

15.1 Company reserves the right to amend this Privacy Policy from time to time by posting an amended version on the Website (www.emagsolutions.com/privacy) and sending Visitors an email notification.

15.2 The continued use of the Website after posting such an amended version and receiving an email will constitute an acknowledgment of the amendments and a consent to abide and be bound by the amended Privacy Policy.

15.3 Please regularly review this Privacy Policy to be aware of new amendments.

15.4 Please note that Company will only amend the Privacy Policy in a manner that is consistent with the requirements of the EU-U.S. Privacy Shield and other applicable law.

  1. Last Amendment

16.1 This Privacy Policy was last amended on April 12, 2017.

Get in Touch >>

 

Important Links:

 Privacy Policy

 Terms of Service

 Site Map

eMag New York

 

65 Broadway
Suite 1804
New York, New York 10006
+1.404.995.6060

eMag Atlanta

Global Headquarters

1120 Sanctuary Parkway
Suite 275
Alpharetta, Georgia 30022
+1.404.995.6060

eMag EMEA & APAC

 

2A Oaktree Court
Mulberry Drive
Cardiff Gate Business Park
Cardiff CF238RS
Wales, UK
+44.02920.739940

© eMag Solutions 2017