Privacy Policy

PRIVACY POLICY

Effective: 06.07.2019

Welcome!

Please review this Privacy Policy (the “Policy”) to understand how we collect, use, and share your personal data, as well as your choices and rights with respect to that personal data.

Who We Are

This is the Policy of PolyPort, Inc. (“us,” “our,” or “we”). You can contact us here.

Applicability

This Policy applies to our “Services” which include:

  • our PolyPort file and 3D asset protection software and related services, including our downloadable endpoint file management software (“User Agent”), Client administrative software and dashboard (“Client Software”), and other SaaS applications, downloadable or web-based software and services where we link to/post this Policy (collectively the “Software”); and
  • our corporate website at polyport.io, and other websites where we link to/post this Policy, including any subdomains or mobile versions (the “Corporate Site(s)”).

Agreement

This Policy is incorporated into the Terms of Use governing your use of our Services. Any capitalized term not defined in this Policy will have the definition provided in our Terms of Use.

Your use of our Services indicates your acknowledgement of the practices described in this Policy.

Third Parties

We provide the Software and process information relating to third parties that have entered into a subscription, license, or services agreement with us (our “Clients”), and in relation to the Client’s authorized users of the Software (“Client Users”). These Clients and Client Users may share files protected by the Software with third parties who must install the User Agent in order to access the file (“External Users”).

This Policy reflects only how we process Personal Data through our Services. This Policy does not apply to information processed by other third parties, including Clients, or when you visit a third-party website or interact with third-party services unless we process information from those parties. Please review the relevant third party’s privacy policy for information regarding their privacy practices.

Collection and Use of Personal Data

Personal Data Collected

In order to provide our Services, we may collect and process information that relates to identified or identifiable individuals (“Personal Data”). We collect and process the following categories of Personal Data (note: specific Personal Data elements are examples and may change):

Identity Data: Personal Data about you and your identity, such as your name, username, profile data, employer information, and other Personal Data you may provide on registration forms or as part of an account profile.

Contact Data: Personal Data used to contact an individual, e.g. email address, physical address, or phone number.

Device/Network Data: Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session history and similar browsing metadata, and other data generated through applications and browsers, including via cookies and similar technologies.

User Content: Personal Data included in content provided by users of the Services in any free-form or unstructured format, such as in a “contact us” box, free text field, file or document, or messages to us.

Usage Data: Application, program, and file information, including information on the existence, characteristics, use and behavior of your files and applications collected by the User Agent (e.g., file use and interactions with other applications, duration of file use, browser type, applications using ports, active directory identifiers, and other data pertaining to file path and folders) and determinations on the proper or improper use of certain files).

Collection of Personal Data

We collect Personal Data from various sources based on the context in which the Personal Data will be processed:

Data we collect from you: We collect Personal Data (such as Identity Data, User Content, or Contact Data) from you directly, for example, when you input information into an online form, or contact us directly.

Data we receive from others: We receive Personal Data (such as Usage Data, Device Network Data, or Identity Data) from third parties with whom we have a relationship in connection with a certain transaction, for example, we may receive certain Personal Data when a Client signs up for our Services and provides a list of Client Users.

Data collected automatically: We may collect certain Personal Data (such as Usage Data, Device/Network Data) automatically. For example, we automatically collect Device/Network Data using cookies and similar technologies when you browse our Site, when you open our marketing communications, or, together with Usage Data, when you install and use our Software.

Processing of Personal Data

Account Registration & Client Software

Data: Client Users and External Users must register and create an account (for themselves or on behalf of other Client Users) in order to use our Software. If you register for an account, we or our Client (depending on whether PolyPort or the Client hosts the Client Software) will process Identity Data, and Contact Data in connection with the creation, operation, and maintenance of that account. We (or the Client) may also collect certain User Content from you, for example, in response to a free form field, as part of a file uploads, or similar matters. We also collect Device/Network Data automatically when you access or use the Client Software.

Uses: Identity Data, Usage Data, Contact Data, and User Content is used as necessary to create, maintain, and provide you with important information about your account, and to otherwise provide the services and features Clients or Users request. Subject to Your Rights & Choices, and consistent with legitimate business interests, we (or the Client) may process Identity Data, Device/Network Data, and Contact Data in connection with File Use Analytics, Aggregate Analytics, Internal Processes and Service Improvement. Additionally, subject to Your Rights & Choices, we may process Contact Data we collect or receive in connection with our Marketing Communications.

User Agent Operation

Data: External Users must install and use the User Agent in order to access protected files and other data secured via the Software. The User Agent will collect Usage Data and Device/Network Data when the protected data or files are being accessed or used, and this information will be associated with the External User’s Account Registration information, and shared with PolyPort or the Client. Further, this information (e.g. in the form of a log file showing system activity) may be collected in connection with crash reporting and diagnostic reports, and shared with PolyPort.

Uses: Subject to Your Rights & Choices, and consistent with our applicable legitimate business interests, we or the Client may process data collected from the user agent as part of file security processes in connection with File Use Analytics, as well in connection with Aggregate Analytics and Internal Processes and Service Improvement. When we collect this information in connection with crash reporting and diagnostics, the information will be shared with PolyPort, and used in connection with Internal Processes and Service Improvement.

Marketing Communications

Data: We may process Identity Data, Device/Network Data and Contact Data in connection with email marketing communications (such as emails or texts), which you might receive if we receive or collect Contact Data in connection with your registration for an account on our Software, or if you choose to receive marketing communications, or engage in a transaction allowing us to send you those marketing communications. We may also collect Device/Network Data when you open or interact with those marketing communications.

Uses: Subject to Your Rights & Choices, we use Identity Data and Contact Data as necessary to customize, deliver, and otherwise process marketing communications, and in order to tailor certain communications to individuals’ preferences and requests. Additionally, we may process Device/Network Data from devices receiving those marketing communications as part of our business interest in understanding whether our emails are opened or other aspects of engagement with such marketing communications.

Contact Us

Data: When you contact us though the Corporate Site, we process on behalf of the Client certain Personal Data such as Identity Data, Device/Network Data, and any Personal Data contained within any User Content.

Uses: We use Identity Data, Contact Data, and User Content as necessary to communicate with you about the subject matter of your request and related matters. Subject to Your Rights & Choices, we may also use Identity Data and Contact Data in connection with Marketing Communications, if relevant to your request (such as when you request more information about our Services), and for Internal Processes and Service Improvement.

Cookies and Similar Tracking Technologies

Data: We, and certain third parties, may process Identity Data, Contact Data, and Device/Network Data when you interact with cookies and similar technologies on our Services. We may receive this data (or Aggregate Data derived from it) from third parties to the extent allowed by the relevant third party. Please note that the privacy policies of third parties may also apply to these technologies and the Personal Data collected through them.

Uses: Subject to Your Rights & Choices, we may use this information as follows:

  • for “essential” or “functional” purposes, such as to enable certain features of the Services, or keeping you logged in during your session;
  • for “analytics” and “personalization” purposes, consistent with our business interest in how the Services are used or perform, how users engage with and navigate through our Services, what sites users visit before visiting the Services, how often they visit the Services, and other similar information, as well as to greet users by name and modify the appearance of the Services to usage history, tailor the Services based on geographic location or Client, and understand characteristics of users in various technical and geographic contexts; and
  • for “retargeting” or similar advertising purposes on our Corporate Site, so that you can see advertisements from us on other websites. These technologies and the data they collect, may be used by advertisers to deliver ads that are more relevant to you based on content you have viewed, including content on our Corporate Sites. These tracking technologies may also help prevent you from seeing the same advertisements too many times, and help us understand whether you have interacted with or viewed ads we’ve delivered to you. This collection and ad targeting may take place both on our Corporate Sites, as well as and on third-party websites that participate in the ad network (e.g. any advertisements delivered by that ad network on a third party website).

Note: Some of these technologies can be used to identify you across platforms, devices, sites, and services.

Processing of Personal Data for Specific Purposes

File Use Analytics

Subject to Your Rights & Choices, we (or the Client) will automatically collect Personal Data via the User Agent in order to create and analyze information relating to External Users’ use of protected files, and in order to track, create, and report such information to Clients through the Client Dashboard. For example, we will track duration of use and changes made to a protected file that a Client sent you through our Software. The software includes tools that allow for the reporting and analysis of this Personal Data in individual and aggregate form. Clients may create or receive alerts regarding certain uses of protected files, or based on various signals from User Agent data. As a result of the processing in connection with File Use Analytics, External Users’ may be denied access to or use of protected files, or reported to administrators of the Client.

Aggregate Analytics

Subject to Your Rights & Choices, we will collect and aggregate your Personal Data and information about your use of the Services in order to identify certain trends in how our Services are used and perform, the individuals who use our Services, and the products and services most relevant to users (“Aggregated Data”). Aggregated Data will not contain information from which you may be individually identified. We may use this information in order to create analytics that help us better identify patterns and trends among employees, and provide analytics to our Clients regarding our Services and their employees. Internal Processes and Service Improvement

Subject to Your Rights & Choices, we may use any Personal Data we process through our Services as necessary in connection with our business interests in improving the design of our Services, to create a personalized user experience (such as greeting you by name, or associating Client Users with Clients and Software versions), and for ensuring the security and stability of the Software. For example, we may use Personal Data to understand what parts of our Services are most relevant to users, how users interact with various aspects of our Software, how our Services perform or fail to perform, etc., or we may analyze use of the Services to determine if there are specific activities that might indicate an information security risk to the Services or our Clients and Client Users.

Miscellaneous Processing

If we process Personal Data in connection with our Services in a way not described in this Policy, this Policy will still apply generally (e.g. with respect to Your Rights & Choices) unless otherwise stated when you provide it.

In addition to the processing described above, we may, without your consent, also process your Personal Data on certain public interest grounds or in connection with our other legal rights/obligations. For example, we may process Personal Data as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, or in any other way that is expressly permitted by law. Please see the Data Sharing section for more information about how we disclose Personal Data in extraordinary circumstances.

Data Sharing

Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the categories of recipients or in connection with specific business purposes, each described below.

Clients

The Client may collect certain Personal Data directly from External Users and Client Users if the Client hosts the Client Software. Additionally, we process Personal Data on behalf of Clients, and share that Personal Data with Clients to the extent such information was provided to us for processing on the Client’s behalf, or in the event the Client has a legitimate business purpose for receiving the information. For example, Client Users’ account information (for example name and email) may be made available to the relevant Client when necessary to document Client use of the Software, or as appropriate to ensure the security of user accounts, or Client’s protected files.

Business Purposes

In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other lawful business interests, we may share your Personal Data with service providers or subprocessors who provide certain services or process data on our behalf (For example, we may use cloud-based hosting providers to host our Services or disclose information as part of our own internal operations, such as security operations, internal research, etc.). When we disclose information for business purposes we may disclose Identity Data, Usage Data, Contact Data, Device/Network Data, and User Content.

Corporate Events

Your Personal Data may be processed in the event that we go through a business transition, such as a change of control, merger, consolidation, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

Affiliates

In order to streamline certain business operations, share promotions and content we believe would be of interest to you, and develop products and services that better meet the interests and needs of our customers, we may share your Personal Data with any of our current or future, subsidiaries, parent companies, and other affiliates.

Legal Disclosures

In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use or Subscription Agreement, or in the vital interests of us or any person. Note, these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.

Data Sale

For purposes of the California Consumer Privacy Act, we do not sell your Personal Data.

Your Rights & Choices

Your Rights

To the extent required under applicable law, and subject to our rights or obligation to limit or deny access or disclosure, you may have the following rights in Personal Data (users in the EU may wish to review the “Additional Information for EU Users” below, in addition to the rights and choices listed in this section):

List of Data: You may receive a list of the specific Personal Data about you that we process.

Rectification: You may correct any Personal Data that we hold about you.

Erasure: You may request that we delete your Personal Data from our systems.

Data Export: You may request that we send you a copy of your Personal Data in a common, portable format of our choice.

Regulator Contact: You have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. Your appropriate local data protection or consumer protection authority varies based on your location and jurisdiction.

California Rights: Residents of California (and others to the extent required by applicable law) may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year. You may also request that we provide you a copy of your Personal Data, direct us to stop selling or disclosing Personal Data for certain purposes (if we have done so), and receive information regarding: (1) the categories of Personal Data we have collected about you, or that we have sold, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the business or commercial purpose for which we collected or sold your Personal Data; (4) the categories of third parties with whom we have disclosed your Personal Data, or sold, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you.

You may exercise these rights by contacting us at the address below and submitting a request. We respond to only verifiable requests, and we may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to verify your identity.

Note: We are able to fulfill rights requests regarding Personal Data that we control or process. We may not have access to or control over Personal Data controlled by third parties, including our Clients. Please contact the third party directly to exercise your rights in third party-controlled information.

Your Choices

You may have the following choices regarding the Personal Data we process, to the extent required under applicable law:

Consent: If you consent to processing, you may withdraw your consent at any time. You may be required to close your account in order to withdraw consent where your consent is necessary to perform essential aspects of our Services.

Direct Marketing: You have the choice to opt-out of or withdraw your consent to marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choice via the links in our communications or by contacting us re: direct marketing.

Cookies & Similar Tech: If you do not want information collected through the use of cookies and similar technologies, you can manage/deny cookies and certain similar technologies using your browser’s settings menu. You must opt out of the use of some third party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Ads Privacy Policy, or Google Analytics Opt-out. To learn more about how to opt out of Google’s use of cookies for retargeting, visit Google’s Ads Settings, here. Please note, at this time, our Services do not respond to your browser’s do-not-track request.

Other Processing: You may have the right under applicable law to object to our processing of your Personal Data for certain purposes, including without limitation, situations where we process in accordance with our business interests. You may do so by contacting us re: data rights requests. Note that we may not be required to cease processing based solely on your objection.

Security

We implement and maintain reasonable security measures to safeguard the Personal Data you provide us. However, we sometimes share Personal Data with third parties as noted above, and though we may enter contracts to help ensure security, we do control third parties’ security processes. We do not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure.

Data Retention

We retain information for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law. We will review retention periods periodically, and may sometimes pseudonymize or anonymize data held for longer periods, if appropriate. Please note, we do not determine the retention periods for data held or processed by Clients, including Usage Data, or other information processed in connection with File Use Analytics.

Minors

Our Services are neither directed at nor intended for use by minors under the age of majority in the relevant jurisdiction. Further, we do not knowingly collect Personal Data from such individuals. If we learn that we have inadvertently done so, we will promptly delete it.

International Transfers

We operate in and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data in the European Union. Accordingly, your Personal Data may be transferred to the U.S. pursuant to the EU’s Standard Contractual Clauses, or other adequacy mechanisms, or pursuant to exemptions provided under EU law. Contact us for more information regarding the mechanisms we use to ensure adequate protection of data subject to EU Law.

Additional Information for EU Users

Controller

PolyPort, Inc. is the data controller for Personal Data we collect or process through the Service. The Client is the controller with respect to Personal Data the Client collects through the Service.

Legal bases for processing

The legal bases for our processing of your Personal Data are described in the table below. If you have questions about the legal basis of how we process your Personal Data, contact us at: privacy@polyport.io

Rights of EU Users

In addition to the applicable rights set forth above under Your Rights & Choices, users of our Service in the EU may have the following additional rights:

Right to Object: Where we process data on the basis of our legitimate interests, you can object to that processing to extent allowed by law. Note that we must only limit processing where our interests in processing do not override an individual’s interests, rights, and freedoms, or the processing is not for the establishment exercise, or defense of a legal claim.

Right to Restrict: You may have the right to restrict processing of your Personal Data where the accuracy of the Personal Data is contested, the processing is unlawful but you object to deleting the Personal Data, or we no longer require the Personal Data, but it is still required for the establishment, exercise, or defense of a legal claim, or while we assess an objection to processing.

Automated Processing: To the extent we process Personal Data using automated means (if any), or where otherwise required by law, you may opt-out of, or revoke your consent, to this processing or elect to have an individual review any of the results of processing.

Changes to Our Policy

We may change this Policy from time to time. Please visit this page regularly so that you are aware of our latest updates. Your use of the Services following notice of any changes indicates acceptance of any changes.

Contact Us

Feel free to contact us with questions or concerns using the appropriate address below.

General inquires: info@polyport.io

Physical address: 1525 Raleigh St Suite 330, Denver, CO 80204

Toll-Free Phone: (720) 432-6597