Last Updated: 8th August 2018
Alfresco Software, Ltd. ("Alfresco", "we", "us" or "our") is committed to protecting and respecting your privacy. This Privacy Statement is intended to describe our privacy practices and provide information about how and why we collect, use and share your personal information when you:
• visit www.alfresco.com and any of its subdomains ("our sites"); and / or
• purchase or otherwise use our desktop or mobile Business Process Management ("BPM") and / or Enterprise Content Management ("ECM") solutions and services ("services").
Information We Collect
This Privacy Statement applies to all personal information which you give to us and / or which we collect automatically from you, either via our sites and / or our services and / or which we receive about you from third parties.
Information you give to us when using our sites and / or our services
We may collect and process the following personal information you give to us:
- Information that you provide to us by completing forms on our sites such as requests for quotes or online applications for free trials of our products / services. Such information typically includes your first name, last name, personal and / or professional contact details;
- Information that you provide to us when you purchase a product / service via our sites or other means such as by telephone or e-mail. Such information typically includes your first name, last name, personal and / or professional contact details, credit card details, billing address, your alfresco.com browsing history, information about BPM preferences and / or ECM preferences, as well as any contact or other information you choose to provide for us to undertake the services;
- Any other information which you choose to provide to us in the following circumstances: when you complete surveys conducted by us or third parties on our behalf; when you attend conventions, trade shows, and expositions; when you participate in promotions, contests and giveaways; when you register for webcasts, request information or materials (e.g., whitepapers); and when you submit any questions, comments or complaints to us.
Information we automatically collect when you use our sites and / or our services
We may process the following information automatically from your device when you use our sites and / or our services:
- Information we may collect about your interaction with our software, mobile applications, sites and services, including IP addresses, repository IDs, account activity, license information, MAC addresses, what pages your device visited, the time that your device visited our sites, traffic data, location data, weblogs, other communication data and cookie data (please see the section below entitled "cookies" and our Cookie Statement for further information on this topic).
Information we receive about you from third parties
- Information we receive from third party search engines relating to your search activity.
How We Use Information
We may use the personal information we collect from you for a range of reasons, including to:
- Provide, operate and maintain the sites and services;
- Process and complete transactions, and send related information, including transaction confirmations and invoices;
- Manage your use of the sites and / or services, respond to enquiries and comments and provide customer service and support;
- Analyze your use of the sites and / or services for trend monitoring, marketing and advertising purposes;
- Improve the sites and services so that they are delivered in the most effective manner for you and customers;
- Send customers technical alerts, updates, security notifications, and administrative communications;
- Investigate and prevent fraudulent activities, unauthorized access to the services, and other illegal activities;
- Where you have consented to receive such information or where we have another lawful basis for doing so, to contact you via email, SMS or telephone about other offers, products, promotions, developments or services of ours which we think may be of interest to you; and
- For any other purposes about which we notify you and customers.
Legal basis for processing personal information (EEA visitors only)
If you are a visitor from the European Economic Area, our legal basis for collecting and using the personal information described in the “Information We Collect” heading above and this section will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to process the personal information collected from you or may otherwise need the personal information to protect your vital interests or those of another person. If this is the case, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to conduct our business and communicate with you as necessary to provide our services to you and for our other legitimate interests, for instance, responding to your queries, improving our services or for the purpose of detecting or preventing illegal activities.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, or object to the use of your personal information on these grounds, please email us at firstname.lastname@example.org using the contact details provided under the “How to contact us” heading below.
We may share and disclose your personal information to third parties under any of the following circumstances:
- As may be required for internal purposes (e.g. to any member of our group including our subsidiaries, our ultimate holding company and its subsidiaries);
- As may be required to fulfill orders, to conduct billing/credit card processing, to provide services to and for our customers, and for email housing (as a consequence of uses already described in this Privacy Statement);
- As required by law (such as responding to a valid subpoena, warrant, audit, or agency, law enforcement, or national security action, or to prevent fraud) where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- To make marketing messages more relevant to you;
- For analysis and filtering of messages and content for spam;
- For research activities, including the production of statistical reports (such aggregated information is used to describe our services to current and prospective partners and other third parties, and is not used to contact the subjects of the report); and
- In the context of a business transaction, such as a merger, acquisition, consolidation, or divestiture (pursuant to a pledge of confidentiality under which the recipient agrees to use the information for no purpose other than carrying out the transaction).
We are responsible for and maintain contracts with third parties restricting their access, use, and disclosure of personal information in compliance with our legal obligations, and we may be liable if they fail to meet those contractual obligations.
How We Protect Information
We use appropriate technical, organizational and administrative measures to protect any personal information we process about you with measures being designed to provide a level of security appropriate to the risk of processing your personal information. Personal information you provide to us is stored on secure servers operated by us or our third-party providers. Any payment transactions will be encrypted using Secure Socket Layer (SSL) technology. In addition, we enter into confidentiality agreements which require that care and precautions be taken to prevent loss, misuse, or disclosure of your personal information.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our sites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Although we will do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our sites; any transmission is at your own risk. Once we have received your personal information, we will use robust procedures and security features to prevent unauthorized access.
Your Rights; How To Update And Access Information
We may send you e-mails about the products / services you have purchased, your account, to remind you about a webcast for which you have registered, or in response to your questions. We may also send you e-mails with information and / or special offers about products and services that may be of interest to you, in accordance with your marketing preferences.
You may at any time ask us to remove you from any marketing mailing list on which you previously asked us to include you, or object to our use of your personal information, by sending us an e-mail at email@example.com, by calling us on (888) 317-3395, or by clicking "Unsubscribe" in any e-mail communications we send you. You may also update your preferences by visiting our Preference Center.
You may access, review, modify and delete your account profile information by going to your account and editing your information. However, if you want to update, delete, limit the use or disclosure of, or access the personal information we hold about you (or request portability of your personal information) in our systems, you will need to email your request to firstname.lastname@example.org. If your personal information was submitted to us through the services by an Alfresco customer, please provide the name of the Alfresco customer that submitted your data, so we can forward your request to that customer. We do not have the ability to access data submitted by customers through the services, and we will not be able to respond to your requests directly.
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available here.)
Where Information Is Stored
Personal information collected from you may be transferred and stored outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us, a member of our group, or for one of our suppliers. Our group companies and third-party service providers and partners operate in countries located in the EEA (including without limitation the United Kingdom, Germany and France), the United States, and Australia. Such staff or suppliers may be engaged in, among other things, the provision of CRM services, marketing campaigns, support and hosting services on our behalf.
Your information is stored on our servers in Ireland, the United Kingdom and the United States, and potentially in other countries whose data protection laws may be different to the laws in your country. We will protect your personal information in accordance with this Privacy Statement wherever it is processed.
However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Statement.
EU and Swiss Privacy Shield
Alfresco adheres to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce here. Our certification is available here and applies to the personal data we receive from EU and Swiss visitors and users of the sites and services and from our customers about EU and Swiss individuals through the sites or services.
European Union and Swiss individuals with inquiries or complaints regarding our privacy practices should first contact Alfresco at email@example.com. Alfresco commits to respond to complaints of EU and Swiss individuals about our collection and/or processing of their personal information within 45 days.
If you do not receive acknowledgment of your complaint within 45 days of receipt from us or if your complaint is not satisfactorily addressed, you may bring a complaint to the EU Data Protection Authorities or the Swiss Federal Data Protection and Information Commissioner through the United States Council for International Business (USCIB) free of charge. You can learn more at http://www.uscib.org. In limited situations, if neither Alfresco nor the USCIB resolves your complaint, you may have the opportunity to engage in binding arbitration through the Privacy Shield Panel. Alfresco is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Public Forums Reminder
The sites often make chat rooms, forums, message boards, and/or news groups available to you. Please remember that any information that is disclosed in these areas becomes public information. Exercise caution when deciding to disclose your personal information.
Children’s Online Privacy
Note: You must be 16 years or older to register as a Member or use the Alfresco web-site. We do not knowingly accept online personal information from children under the age of 16. We do not knowingly allow children under the age of 16 to become registered members of our sites or buy products and services on our sites. We do not knowingly collect or solicit personal information about children under 16.
In the event that we ever decide to expand our intended site audience to include children under the age of 16, those specific web pages will, in accordance with the requirements of applicable law (including the Children's Online Privacy Protection Act (COPPA)), be clearly identified and provide an explicit privacy notice addressed to children under 16. In addition, we will provide an appropriate mechanism to obtain parental approval, allow parents to subsequently make changes to or request removal of their children's personal information, and provide access to any other information as required by law.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Links To Other Sites
This site contains links to other sites. We do not control the information collection of sites that can be reached through links from our sites. If you have questions about the data collection procedures of linked sites, please contact those companies directly.
Changes To This Statement
We may change this Privacy Statement from time to time. If we make any changes, we will post these on this page and change the “Last Updated” date above. If we make material changes to this Privacy Statement, we will notify you more directly, for example by posting a notification or message on our website or by emailing you prior to such changes taking effect. We encourage you to check this Privacy Statement frequently to stay informed of the latest modifications.
How To Contact Us
If you have any questions, comments or concerns regarding this Privacy Statement, then please contact us via e-mail to firstname.lastname@example.org or in writing to Alfresco Software, Ltd., The Place, Bridge Avenue, Maidenhead, Berkshire SL6 1AF UK.