Infrascale Privacy Statement

Introduction.

Infrascale, Inc. (“Infrascale,” “we,” “us”, “our”) is committed to protecting the privacy and data of its customers.  We recognize the importance of appropriate policies and procedures to protect Customer Data and the privacy of our website users.  We have therefore created this statement to describe Infrascale’s privacy practices and procedures relating to the use of its website and the Customer Data it receives, processes, maintains, or transmits in connection with the backup, archiving, and failover services it provides (all backup, archiving and failover services shall be collectively referred to as the “Services,” “Products” or “Products and Services”).

• By “Customer Data,” we are referring to information and data we receive, process, maintain, or transmit on behalf of a customer when delivering Infrascale’s Services to a customer or other information and data customers otherwise provide to Infrascale. For instance, Customer Data includes data customers upload to our Services for backup, archival, or failover purposes.  It also includes Personal Information about customer representatives.  Finally, “Customer Data” includes metadata and other system data generated by our systems in connection with the delivery of Infrascale’s Services.
• “Website User Personal Information,” or “Personal Information” for short, refers to information we collect in connection with our website or your communications with us.
• This statement summarizes the types of data and Personal Information we collect, how we process them, the circumstances in which we will disclose them, how we safeguard them, gaining access to them, updating or correcting them, and resolving disputes relating to Infrascale’s privacy practices concerning them.

EU-US and Swiss-US Privacy Shield Certification.

• We comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.   If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/
• Our participation in the Privacy Shield applies to all personal data that is subject to the this Privacy Policy and which is received from the European Union, European Economic Area, and Switzerland. We will comply with the Privacy Shield Principles in respect of such personal data.
• Our accountability for personal data that we receive under the Privacy Shield and subsequently transfer to a third party is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process the personal data on our behalf do so in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
• We encourage European individuals (including Swiss individuals) to contact us should you have a Privacy Shield-related (or general privacy-related) complaint at legal@infrascale.com. We have further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles or the Swiss-US Privacy Shield Principles to the American Arbitration Association. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://go.adr.org/privacyshield for more information and to file a complaint. As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. We are subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).
• Finally, we commit to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.

Types of Data and Information Infrascale Collects.

• Infrascale provides its customers with data backup, archiving, and failover solutions with offerings that include hardware, software, and cloud-hosted functionality. Its applications help customers to manage disaster recovery and business continuity functions while increasing the efficiency of data storage via de-duplication of data. Infrascale’s solutions work with private, public, and Infrascale-hosted cloud facilities.
• In general, Infrascale collects two categories of Customer Data. First, Infrascale collects data processed by its hardware and applications for backup, archival, or failover purposes.  If the customer is using Infrascale’s cloud, Infrascale also hosts this Customer Data.  Second, Infrascale collects Customer Data relating to customer accounts and their management.  For instance, Infrascale collects Personal Information about representatives and contacts at its customer organizations, including their contact information (name, address, telephone numbers, and email addresses), job title, and name of employer.  Infrascale also collects payment card information for processing payments for Infrascale’s Products and Services.
• Infrascale also generates Customer Data in the form of metadata and system data in connection with the delivery of its Services.
• We collect information from users of our website via web forms and other communications as described in Section 5 below.

Infrascale’s Role as a Data Processor.

• If and when customers upload Customer Data containing personally identifiable information to Infrascale’s Services, it is the customers that are data controllers with respect to such personally identifiable information. That is, the customer has the direct contact with the individuals whose personally identifiable information was uploaded to the applicable Service.  Customers are the ones who would collect the personally identifiable information from their customers, personnel, patients, or other data subjects.  Infrascale has no such contact with these individuals.
• We may process any personally identifiable information, among other data, when customers use the Services for backup, archiving, and failover purposes. When performing its Services, Infrascale processes data strictly in accordance with the actions or instructions of the applicable customer.
• As a data processor, with certain exceptions, Infrascale has an obligation under its agreement with the customer not to disclose or otherwise transfer data to a third party except to provide the Services or the customer has instructed us to disclose or transfer the data. Except as noted below, Infrascale processes any personally identifiable information and other Customer Data solely for the purpose of delivering Services to customers.  Infrascale may use third party data processors to assist it in delivering the Services to its customers.

How Infrascale Collects Customer Data and Personal Information.

Data Collected by Infrascale’s Solutions.

We receive Customer Data from customers’ systems when they use our Services for backup, archiving, and failover purposes or otherwise transmit Customer Data to us.

Account-Related Information.

We receive account-related contact information from customer representatives and contacts when they provide it to us.  Customer representatives may provide Infrascale with payment card information in order to pay for our Services.  We may also obtain biographical information about representatives and contacts through our review of information they post to the Internet.  We may obtain additional information about our customer representatives from public sources and third-party databases.

Personal Information Sent via Our Website and Email.

We will collect the Personal Information of website visitors who complete web forms to communicate with us to submit a support ticket or use the chat function to communicate with a support representative.  When a customer submits a ticket or chats with a support representative, we collect information such as name, contact information (email and phone), account user name, and comments.  On our website, we also encourage website visitors to send us email inquiries, both to learn about our Products and Services and to consider careers at Infrascale.  If you send us email, we will collect whatever Personal Information you include in your email.  If a communication prompts follow-up communications, we may collect additional information that you provide to us.

Cookies, Beacons and Pixels.

• Our website uses “Cookies” and other standard web technology to enable our Products and Services to work. A “Cookie” is a small data file that we store on your computer. We may use session Cookies (which expire once you close your browser) or persistent Cookies (which remain on your computer for an extended period of time). We set a persistent Cookie on your computer if you choose “remember me”, so you don’t have to log in to the web site each time you visit. Most web browsers accept Cookies by default, but allow users to reject Cookies by changing the browser preferences. If you have set up your browser to reject Cookies, our Products and Services will not work properly. In addition, our Products and Services may cause Cookies from third party sites or applications to be saved on your browser or device. Our Privacy Policy does not cover these third party Cookies since we do not have any control over them. Finally, we may partner with third parties to manage our advertising on other sites or to analyze the use of our Products and Services. More specifically, we may use Google, Microsoft, Facebook or other providers to place advertisements on different sites across the Internet or to provide analytical data on how you and other users are using our Products and Services. Such third parties may use technologies such as Cookies to gather such information on the other sites you visit in order to provide you advertising based upon your browsing activities and interests as well as to inform us about how, how often and to what extent the Products and Services are being used. Our Privacy Policy does not address these third party Cookies designed for advertising and analytics.
• Our emails to you use email beacons or tracking pixels. Email beacons and tracking pixels are small electronic images that tell us if an email has been opened and acted upon.

Website Data.

We also review information logged by our web servers to understand our website visitors better.  It is very common for websites to collect these kinds of logs.  For example, we collect information such as your Internet Protocol address, your location, domain name, the type of web browser and operating system you are using, the pages on our websites that you view, when you visit, and how long you view each page visited.

Data-Appending Methods.

We may add to the information we receive from customer representatives and website users by information they provide to us at other occasions and using other means.  Examples include information they provide to us at educational programs, trade shows, or meetings, as well as information gathered using other data-appending methods.  We may also review and collect biographical information about representatives and users that they post to the Internet.

Metadata and Other System Data.

Our systems generate certain metadata and other system data concerning customers’ account, such as logs showing when files are transmitted to our Services and when they are recovered from our Services.

Use of Customer Data and Personal Information.

Data Collected by Infrascale’s Solutions.

We process Customer Data collected by our Services for the purpose of delivering backup, archiving, and failover services and functionality to our customers.  Our systems process Customer Data to perform these functions based on the actions and instructions of our customers.

Account-Related Information.

We use account-related information in order to market our Services, establish relationships, set up our Services for customers’ use, deliver the Services, obtain payment for the Services, provide customer and technical support for the Services, and otherwise communicate with customers.

Personal Information from Website Visitors.

We will use Personal Information collected as described in Section 5(c)-(f) above solely with the objective of fulfilling those purposes specified above, unless we obtain your consent.  Specifically, we may use your Personal Information to communicate with you.  Our communications may relate to Infrascale’s Products and Services or, in the case of job candidates, possible employment opportunities at Infrascale.

General Use of Customer Data and Personal Information.

Infrascale uses Customer Data and Personal Information for the following general purposes: (i) identification; (ii) establishment and maintenance of our relationship with you, (iii) to provide you with ongoing news, publications and information, to respond to your requests and inquiries, to fulfill your requests to register for Services, use our Products and Services, request publications or other information from us, sign up for newsletters, and obtain or provide user access credentials; (iv) marketing purposes, such as your activity, browsing, and usage information concerning our websites and/or your demographic information that you may have voluntarily provided to us, in order to better tailor our marketing activities and to implement and maintain loyalty programs; (v) providing information to third-party administrators or other providers necessary to optimize our Services and operation of our website; (vi) maintaining business records for reasonable periods, and generally managing and administering our business; (vii) meeting legal, regulatory, insurance, security, and processing requirements and court or administrative orders; and (viii) otherwise with consent or as permitted or required by law.  We may keep any and all of your Personal Information on hand for as long as permitted by law for any and all of the purposes described in this Section.

Metadata and Other System Data.

Infrascale uses metadata and other systems data to manage its Services and deliver its Services to customers.

Your Choices Regarding Customer Data and Personal Information

We offer you choices regarding the collection, use, and sharing of your Personal Information.

• You can manage your email preferences, indicating that you want or do not want to receive informational emails (such as a newsletter), or promotional emails (such as a special offer). OPTION 1: If you are not given the opportunity to choose whether or not to receive informational or promotional emails or choose not to receive such communications at the time you begin using the Services, we will not send you such communications unless and until you advise us that you would like to receive them. OPTION 2: We will not send you any informational or promotional emails unless and until you tell us that you wish to receive them from us. As long as you use the Services, you may receive transactional emails (e.g., notices of material changes to this Privacy Policy).
• You can manage your browser’s Cookies using the tools your browser provides, and you can opt-out of third-party vendor’s use of cookies (including advertising networks like Google and Bing) by visiting the Network Advertising Initiative opt-out page.
• You may change the information you submitted when registering for or using the Services or by contacting us at team@infrascale.com. You may request deletion of your Personal Information by us, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request, only after we have fulfilled such requirements).

Third Party Hosting of Customer Data.

• We use certain third party service providers to host and maintain Customer Data that we may receive from you. More specifically, we may use Amazon Web Services, Google Cloud Platform and other cloud platform providers to host the Infrascale cloud solutions and to collect and maintain Customer Data uploaded to our Services.  In addition, we upload some account-related information to cloud service providers to maintain and analyze information about our relationships with our customers, undertake Infrascale marketing campaigns, and provide customer and technical support.
• We enter into agreements with third parties hosting Customer Data. These agreements bind such third parties to confidentiality restrictions requiring them to use Customer Data only for purposes of delivering their services to us, not to disclose Customer Data without authorization, and to adhere to the kinds of privacy practices summarized in this Privacy Policy.

Disclosure or Transfer of Customer Data or Personal Information.

Customer Data and Personal Information may be disclosed to: (a) our employees, agents, representatives, advisors, affiliates, and independent contractors, in connection with their performance of services for or on behalf of our customers; and (b) service providers who help us with our business operations, sales and marketing, information technology, or professional services.

We do not sell or rent Customer Data or Personal Information to anyone. Nonetheless, we may sell, transfer, or otherwise share some or all of its Infrascale’s assets in connection with a merger, acquisition, reorganization, or sale of assets of our business, or in the event of bankruptcy.  These assets may include Customer Data or Personal Information collected by Infrascale as described above.

Also, we may disclose Customer Data or Personal Information when required by a subpoena, court order, search warrant, other legal process, requests by law enforcement agencies, or applicable law. Moreover, we may disclose Customer Data or Personal Information to the extent necessary to maintain the security of our websites, Products, or Services; resolve disputes; or investigate possible misconduct.

How Infrascale Safeguards Customer Data and Personal Information.

We will take reasonable measures to ensure that your Customer Data and Personal Information collected, used, disclosed, or otherwise processed for us or on our behalf is protected and not used or disclosed for purposes other than as directed by Infrascale, subject to legal requirements in foreign jurisdictions applicable to those organizations.  Please note that foreign jurisdictions differ in their privacy laws and some have privacy protection laws equivalent to or greater than those in the United States whereas others do not.

Infrascale is committed to protecting Customer Data and Personal Information and preventing unauthorized disclosure, use, modification, or access of or to Customer Data and Personal Information. In specific, Infrascale is committed to maintain reasonable and appropriate administrative, physical, and technical safeguards to:

• Provide assurances of the integrity and confidentiality of Customer Data and Personal Information.
• Protect Customer Data and Personal Information against any reasonably anticipated threats or hazards to the security or integrity of Customer Data or Personal Information, and unauthorized uses or disclosures of them, and
• Maintain compliance with the legal framework of requirements for the privacy and security of Customer Data and Personal Information.

Your Right to Access Personal Information and Customer Data and to Make Changes.

Customer Data.

Infrascale’s Services provide functionality to access and update Customer Data uploaded by customers.  Using our Services, customers can view, update, append, and correct Customer Data uploaded to our Services or their own public or private cloud solutions.  Customers requiring assistance accessing and changing such Customer Data via the Services can contact technical support for assistance by chatting with a support representative or completing a support ticket on our website at: https://www.infrascale.com/support/.

Personal Information or Account-Related Information.

If you would like to access Personal Information or Customer Data we may have to support your account, please contact us at team@infrascale.com or by phone at one of the phone numbers at https://www.infrascale.com/support/.

Access to your Personal Information or Customer Data.

You have the right to know what Personal Information and Customer Data about you is included in our databases and to ensure that such Personal Information and Customer Data is accurate and relevant for the purposes for which we collected it. You may review your own Personal Information or Customer Data stored in the databases and correct, erase, or block any data that is incorrect, as permitted by applicable law and our policies. Upon reasonable request and as required by the law, including but not limited to the Privacy Shield principles, we allow you to access your Personal Information and Customer Data, in order to correct or amend such data where inaccurate. In such cases, you may edit your Personal Information or Customer Data by logging into your account profile or by contacting Infrascale by phone or email. In making modifications to your Personal Information or Customer Data, you must provide only truthful, complete, and accurate information. To request erasure of Personal Information or Customer Data, you should submit a written request to us as set forth in Section 14.

Requests for Personal Information or Customer Data.

We will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise: (a) legally binding request for disclosure of Personal Information or Customer Data by a law enforcement authority unless prohibited by law or regulation; or (b) requests received from you. If we receive a request for access to your Personal Information or Customer Data from a third party individual, then, unless otherwise required under law or by contract with such third party individual (and in compliance with this policy), we will not provide any Personal Information or Customer Data but will refer you to the third party individual.

Satisfying Requests for Access, Modifications, and Corrections.

We will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or inactivate Personal Information or Customer Data.

Regarding Children.

• Our Services are not directed to individuals under 13 and we do not knowingly collect Personal Information from children under 13.
• If you become aware that a child has provided us with Personal Information, please contact us at legal@infrascale.com.
• If we become aware that a child under 13 has provided us with Personal Information, we will take steps to delete such information immediately.

Do Not Track Compliance.

Our website does not respond to Do Not Track (“DNT”) signals.

We do not track the users of our website across third party websites to provide targeted advertising directly to those websites.

Contact Information and Resolving Disputes.

If you would like to discuss this Privacy Policy or provide us with feedback, questions, or concerns about our privacy practices regarding Customer Data or Personal Information, please contact us at legal@infrascale.com. You may also contact us by writing to:

Infrascale, Inc.
999 N. Sepulveda Blvd., Suite 100
El Segundo, CA 90245
United States of America
Attn:  Privacy

If you have a complaint about our privacy practices, you may submit a complaint to us at the above contact information. Our privacy team will look into your complaint and provide a response.  You will need to provide sufficient information for us to evaluate your complaint and we may ask you to provide additional information as a condition of evaluating your complaint.

If you do not believe that your complaint or dispute has been resolved, you may contact the International Centre for Dispute Resolution (ICDR) of the American Arbitration Association at: http://go.adr.org/privacyshield.  As set forth above, Infrascale has designated ICDR as its independent recourse mechanism for its participation in the EU-US and Swiss-US Privacy Shield Programs.  The ICDR will provide independent dispute resolution services to resolve complaints or disputes about our privacy practices.  Procedures for contacting ICDR and filing a claim are linked to the website listed above.