eFront has developed certain proprietary technologies, including (but not limited to) software as a service (SaaS), mobile applications, software hosted by the eFront and related professional services (hereafter the “eFront Technology”), which it makes available for use by its clients (hereafter the “Client(s)”).
Our Clients may provide the eFront Technology (including related services) to their own clients (hereafter the “User(s)”). The Users include all natural persons or individuals authorized by the Client who access and/or use the eFront Technology.
2. Collection and Use of Personal Information
Personal information shall be collected by eFront for the purposes of providing hosting services, access to eFront Technology and any professional services for which our Clients use the eFront Technology to provide their own services to the Users.
eFront processes personal information collected through the eFront Technology under the direction of our Clients, and accordingly We have no direct relationship with the Users whose personal information We process on behalf of our Clients. However, We work closely with our Clients to help them provide notices to the Users concerning the purpose for which personal information is collected and processed.
eFront processes the following personal information provided by our Clients and/or the Users:
- contact information such as name, e-mail address, mailing address, phone number
- information regarding the profile, login, content viewing activities and access rights
- unique identifiers such as user name, account number, password
- information about the Client’s and/or User’s business such as company name, company size, business type
- other personal information
Our Clients may use the personal information notably to:
- send the Users requested product or service information related to the Users’ account
- Respond to customer service requests made by the Users
- Administer the Users’ account
3. Assistance of our Clients to comply with data protection legislation
Because we have no direct relationship with the Users whose personal information is collected and processed through the eFront Technology, a User who seeks to access, correct, amend or delete their personal information should direct their query to the Client. The queries can be either handled by the Client on its own, or the Client can request assistance from eFront by sending an email at firstname.lastname@example.org. We will respond to the Client’s request within 30 business days.
4. Service Provider, Sub-Processors/Onward Transfer and other Third Party Sharing
We may disclose personal information to third party companies (such as the hosting service provider ) that help us provide our services to our Clients and make available the eFront Technology to our Clients (the “Sub-processor”). Client has authorized eFront to subcontract the processing of personal information to Sub-processors. eFront is responsible for any breaches of the agreement in place with its Clients caused by its Sub-processors to the extent strictly provided for by mandatory provisions of applicable law.
Whilst We may use Sub-processors for the processing of personal information to the extent necessary to fulfill our contractual obligations under the agreement in place with our Clients, the Sub-processors will use this data solely on behalf of eFront and may not process any personal information for their own purposes. Sub-processors will be bound by the same obligations as eFront does with regard to their processing of Client personal data.
Should We change Sub-processors in place at the time of signing the agreement with our Clients, eFront will notify the Clients. If Client has a legitimate reason that relates to the Sub-processors’ processing of its personal data, Client may object to eFront’s use of a Sub-processor, by notifying eFront in writing within thirty days after receipt of eFront’s notice. If Client objects to the use of the Sub-processor, the parties will come together in good faith to discuss a resolution.
Where eFront engages another Sub-processor for carrying out specific processing activities on behalf of the Client, eFront undertakes to apply the same data protection obligations as set out in the agreement executed between any entity of the eFront and the Client, or as set out in any legislations or regulations.
eFront also reserves the right to disclose the personal information collected as required by law, and when We believe that disclosure is necessary to protect our rights and/or to comply with judicial proceedings, court orders, or other legal proceedings.
The security of the personal information processed through the eFront Technology is a legitimate concern of our Clients and their Users.
While processing is carried out on behalf of the Clients, eFront ensures to implement sufficient guarantees regarding appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
Please be advised, however, that although we have endeavored to create a secure and reliable system for the Clients and Users, the confidentiality of any communication or material transmitted to or from the eFront Technology via the Internet or e-mail cannot be guaranteed.
When disclosing any personal information, Clients and Users should remain mindful of the fact that it is potentially accessible to the public, and consequently, can be collected and used by others without their consent. We have no responsibility or liability for the security of information transmitted via the Internet. Any questions about the security measures applicable in relation to the eFront Technology should be addressed to email@example.com.
6. Data Retention
The eFront Technology will retain the personal information of the Clients and/or Users for as long as our Clients use the eFront Technology and provide their own services to the Users through the eFront Technology.
At the end of the Agreement, eFront will delete all the personal information collected through the eFront Technology, including existing copies. The Client may however request in writing the return of the personal information, in which case such request must be sent by the Client to eFront within 30 business days as of termination of the agreement executed between eFront and the Client. Following such period, the personal information may be deleted by eFront.
We may however need to retain and use the personal information as necessary to comply with our legal obligations.
7. Right of access and rectification
Clients and/or Users have the right to access or correct the personal data being processed by eFront. Should you wish to receive a copy of the data We hold about you, or advise us of corrections to your personal data, please contact us via firstname.lastname@example.org. We may need to verify your identity before we can comply with your request.
8. Compliance of the transfer of data outside EU
eFront may transfer personal information outside EU, subject to the written agreement of the Client.
eFront has implemented appropriate safeguards in this respect, especially the security of the transfer of personal information.
We transfer personal information from the European Union to the United States in compliance with the EU-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States, respectively.
eFront has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit: www.privacyshield.gov.
For any questions or complaints regarding our compliance with the EU-U.S. Privacy Shield Framework, please contact us here. If We do not resolve your complaint, you may submit your complaint free of charge to CNIL, eFront’s designated independent dispute resolution provider.
Under certain conditions specified by the principles of the EU-U.S. Privacy Shield Framework, you may also be able to invoke binding arbitration to resolve your complaint. eFront is subject to the investigatory and enforcement powers of the FTC.