Data protection is important to us.

eFront is committed to respecting and protecting your privacy in the framework of the common trust relationship we have established with you.

In accordance with the Privacy Shield program, eFront maintains the following Privacy Shield notice (the “Privacy Shield Notice”) which describes how and why we collect and process your Personal Data.

For the purposes of this Privacy Shield Notice, the terms used in capital letters which are not defined herein shall have the meaning given in the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”).

1. What is the scope of this Privacy Shield Notice?

The Privacy Shield Notice applies to eFront, which includes all our affiliates, which are bound by the terms of this Privacy Shield Notice and will treat your Personal Data accordingly (hereafter “eFront, “We” or “Us”).

eFront has developed certain proprietary technologies, including (but not limited to) software hosted by eFront or not (the “eFront Software”), software as a service (SaaS) (the “eFront Service”), mobile applications and related maintenance, support and professional services (the “Associated Services”), which it makes available for use by its clients (hereafter the “Client(s)”).

Clients may provide access to the eFront Service or eFront Software to natural persons or individuals authorized by Client to access and/or use such eFront Service or eFront Software (hereafter the “User(s)”).

This Privacy Shield Notice covers:

  • our collection and processing as Data Controller of Personal Data relating to Clients in order to perform our contractual obligations pursuant to the agreement executed with each Client;
  • our collection and processing, as Data Processor on behalf and under the documented instructions of the Client, of Personal Data in order to make the eFront Service available to Clients or to host the eFront Software and to provide related maintenance and support services.

This Privacy Shield Notice covers all the processing operations which We perform with regards to the Personal Data of the Clients and/or the Users (including the recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, disclosure, dissemination, alignment, combination, restriction, erasure or destruction).

2. How is your Personal Data collected?

2.1. Personal Data collected by eFront as Data Controller

For more information about the collection and processing of Client Personal Data by eFront as Data Controller, please refer to the eFront Privacy Policy available at http://www.efront.com/privacy-policy/.

2.2. Collection of Personal Data as Data Processor

(a) Types of Personal Data collected

The Personal Data collected by eFront is provided and/or entered by the Clients and/or Users through the eFront Service or eFront Software, and/or generated through the eFront Service or eFront Software.

Apart from non-personal information (such as for instance financial information), the types of Personal Data processed by eFront is the following, depending on the type of service provided to the Client:

  • contact information such as name, e-mail address, mailing address, phone number;
  • information regarding the profile, login, content viewing activities and access rights;
  • unique identifiers such as user name, account number, password;
  • information about the Client’s and/or User’s business such as company name, company size, business type;
  • other Personal Data.

Clients may use the Personal Data notably to:

  • send the Users requested product or service information related to the Users’ account;
  • respond to customer service requests made by the Users;
  • administer the Users’ account.

(b) Purposes of the collection of Personal Data

Personal Data is collected by eFront for the purposes of (i) granting access to and making the eFront Service available to the Client, (ii) providing hosting services (as regards the eFront Services and hosted eFront Software), (iii) providing maintenance and support services (for eFront Software) and/or (iv) providing any related professional services as the case may be, in accordance with the terms of the agreement executed with the Client.

(c) Clients and User rights

Clients and/or Users have the right to access, rectify, erase and restrict their Personal Data and the right to object to the processing of their Personal Data or exercise their right to portability, all in accordance with the GDPR.

(d) Assistance of Clients as regards inquiries or complaints from Data Subject

We have no direct relationship with the Users whose Personal Data is collected and processed through the eFront Service or eFront Software. Therefore, a User who seeks to exercise the rights granted by the GDPR should direct their query to the Client. The queries can be either handled by the Client on its own.

However, We work closely with our Clients to help them responding to requests from Users. As a consequence, the Client can request assistance from eFront by sending an email at GroupPrivacy@BlackRock.com. We will respond to the Client’s request within thirty (30) business days.

(e) Disclosure of Personal Data to third parties

We may disclose Personal Data to third party companies (such as our hosting service provider) that help us provide our services to our Clients and make available the eFront Service and hosted eFront Software to our Clients.

eFront may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Should a law enforcement agency send a request to eFront or any sub-processors regarding the Client Personal Data, eFront will attempt to redirect the law enforcement agency’s request to the Client. However, eFront also reserves the right to disclose the Personal Data collected as required by law, and when We believe that disclosure is necessary to protect our rights and/or to comply with judicial proceedings, court orders or other legal proceedings.

(f) Sub-processing

Where eFront engages another sub-processor for carrying out specific processing activities on behalf of the Client, eFront undertakes to apply the same data protection obligations as set out in the agreement executed between any eFront entity and the Client, or as set out in applicable legislations or regulations.

eFront remains in any event liable in case of onward transfer to a third party.

3. Compliance of the transfers of Personal Data outside the European Economic Area (EEA)

eFront, either as Data Controller or as Data Processor, may transfer Personal Data outside the EEA, subject to the written agreement of the Client.

eFront has implemented appropriate safeguards in this respect, especially the security of the transfer of Personal Data.

We transfer Personal Data from the EEA to the United States in compliance with the EU-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EEA to the United States, respectively.

The eFront group’s entities adhering to the Privacy Shield Principles are the following:

  • the eFront group entity which is self-certified compliant with the Privacy Shield Framework is eFront Financial Solutions, Inc., 55 East 52nd Street, New York NY 10055;
  • the other eFront group entities adhering to the Privacy Shield Principles and which are covered under the above-mentioned self-certification are:
    • eFront DMLT Holdings, LLC: 11 East 44th Street – Suite 900:9th floor – New York – NY10017
    • DMLT East, LLC: 11 East 44th Street – Suite 900:9th floor – New York – NY10017
    • DMLT, LLC: 55 East 52nd Street, New York NY 10055
    • Analytx, LLC: 55 East 52nd Street, New York NY 10055
    • Object Capital Technology, Inc: 1800 82 ND Ave, Suite 206, Vero Beach, FL 32966
    • Analytx Hosting, LLC: 11 East 44th Street – Suite 900:9th floor – New York – NY10017
    • Analytx Software, LLC: 11 East 44th Street – Suite 900:9th floor – New York – NY10017.

eFront has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

For any questions or complaints regarding our compliance with the EU-U.S. Privacy Shield Framework, please contact us at GroupPrivacy@BlackRock.com. If We do not resolve your complaint, you may submit your complaint free of charge to the French Supervisory Authority (CNIL), eFront’s designated independent dispute resolution provider. eFront has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred outside the EU

eFront undertakes to cooperate with EU Supervisory Authorities. eFront shall comply with the instructions provided by such authorities as regards Personal Data transferred outside the EU.

Under certain conditions specified by the principles of the EU-U.S. Privacy Shield Framework, you may also be able to invoke binding arbitration to resolve your complaint. eFront is subject to the investigatory and enforcement powers of the FTC.

Should any conflict occur between the terms of this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall take precedence.