Interfolio Data Privacy Framework Notice
Effective: October 10, 2023
Interfolio, Inc. has certified to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework programs (collectively, “DPF”) as set forth by the U.S. Department of Commerce. Our DPF certification is listed here: www.dataprivacyframework.gov.
We adhere to the DPF Principles including relevant Supplemental Principles (collectively, the “Principles”) with respect to the personal data submitted through our online services by our customers in the European Economic Area, the United Kingdom (and Gibraltar), and Switzerland. If there is any conflict between the terms in this notice and the Principles, the Principles will govern.
Types of Data Collected
The types of personal data collected includes personal data contained in messages, files and other content our customers submit to our services or instruct us to process on their behalf in connection with our services, we well as contact and registration information, account and device data, identification and authentication data, transactional data, and usage activity.
Purposes of Processing
We collect and use personal data to fulfill our contractual requirements with our customers, to provide and improve our services, customer and technical support, and billing and marketing activities, to respond to requests, to process transactions, for administrative purposes and as otherwise instructed by customers.
Disclosure to Third Parties
We disclose personal data to our affiliates, contractors, service providers and other third parties to assist us in providing our services, support and related activities to customers based on our instructions, as well as other corporate entities as part of a business transition, such as a merger, acquisition by another company, or sale of all or a portion of our assets.
We remain responsible for the personal data that we share with third parties for processing on our behalf, and we remain liable under the Principles if such third parties process such personal data in a manner inconsistent with the Principles and we are responsible for the event giving rise to the damage.
We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, and other legal obligations.
Individuals have a right to access to their personal data, to correct, amend, or delete that data, and to limit use and disclosure of that data, subject to certain exceptions. To exercise these rights, please contact us via the contact details below. Please note that where we are processing personal data for our customer, we may first refer your request to the customer that submitted your personal data, and we will assist our customer as needed in responding to your request.
Inquiries or Complaints
If you have any inquiry or complaint concerning this notice or our participation in the DPF, please contact us at firstname.lastname@example.org or
1400 K Street, NW, 11th Floor
Washington, DC 20005
We will work with you to resolve your issue. If the issue cannot be resolved through our internal processes, you may file a claim free of charge with JAMS, an independent U.S. alternative dispute resolution provider, at http://www.jamsadr.com/eu-us-data-privacy-framework.
If you have a complaint left unresolved by all available recourse mechanisms, you may invoke binding arbitration. For more details, visit https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf.
Our commitments under the DPF are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.