Data protection is important to us.
eFront is committed to respecting and protecting your privacy in the framework of the common trust relationship we have established with you.
In accordance with the Privacy Shield program, eFront maintains the following Privacy Shield notice (the “Privacy Shield Notice”) which describes how and why we collect and process your Personal Data.
For the purposes of this Privacy Shield Notice, the terms used in capital letters which are not defined herein shall have the meaning given in the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”).
The Privacy Shield Notice applies to eFront, which includes all our affiliates, which are bound by the terms of this Privacy Shield Notice and will treat your Personal Data accordingly (hereafter “eFront, “We” or “Us”).
eFront has developed certain proprietary technologies, including (but not limited to) software hosted by eFront or not (the “eFront Software”), software as a service (SaaS) (the “eFront Service”), mobile applications and related maintenance, support and professional services (the “Associated Services”), which it makes available for use by its clients (hereafter the “Client(s)”).
Clients may provide access to the eFront Service or eFront Software to natural persons or individuals authorized by Client to access and/or use such eFront Service or eFront Software (hereafter the “User(s)”).
This Privacy Shield Notice covers:
This Privacy Shield Notice covers all the processing operations which We perform with regards to the Personal Data of the Clients and/or the Users (including the recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, disclosure, dissemination, alignment, combination, restriction, erasure or destruction).
The Personal Data collected by eFront is provided and/or entered by the Clients and/or Users through the eFront Service or eFront Software, and/or generated through the eFront Service or eFront Software.
Apart from non-personal information (such as for instance financial information), the types of Personal Data processed by eFront is the following, depending on the type of service provided to the Client:
Clients may use the Personal Data notably to:
Personal Data is collected by eFront for the purposes of (i) granting access to and making the eFront Service available to the Client, (ii) providing hosting services (as regards the eFront Services and hosted eFront Software), (iii) providing maintenance and support services (for eFront Software) and/or (iv) providing any related professional services as the case may be, in accordance with the terms of the agreement executed with the Client.
Clients and/or Users have the right to access, rectify, erase and restrict their Personal Data and the right to object to the processing of their Personal Data or exercise their right to portability, all in accordance with the GDPR.
We have no direct relationship with the Users whose Personal Data is collected and processed through the eFront Service or eFront Software. Therefore, a User who seeks to exercise the rights granted by the GDPR should direct their query to the Client. The queries can be either handled by the Client on its own.
However, We work closely with our Clients to help them responding to requests from Users. As a consequence, the Client can request assistance from eFront by sending an email at GroupPrivacy@BlackRock.com. We will respond to the Client’s request within thirty (30) business days.
We may disclose Personal Data to third party companies (such as our hosting service provider) that help us provide our services to our Clients and make available the eFront Service and hosted eFront Software to our Clients.
eFront may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Should a law enforcement agency send a request to eFront or any sub-processors regarding the Client Personal Data, eFront will attempt to redirect the law enforcement agency’s request to the Client. However, eFront also reserves the right to disclose the Personal Data collected as required by law, and when We believe that disclosure is necessary to protect our rights and/or to comply with judicial proceedings, court orders or other legal proceedings.
Where eFront engages another sub-processor for carrying out specific processing activities on behalf of the Client, eFront undertakes to apply the same data protection obligations as set out in the agreement executed between any eFront entity and the Client, or as set out in applicable legislations or regulations.
eFront remains in any event liable in case of onward transfer to a third party.
eFront, either as Data Controller or as Data Processor, may transfer Personal Data outside the EEA, subject to the written agreement of the Client.
eFront has implemented appropriate safeguards in this respect, especially the security of the transfer of Personal Data.
We transfer Personal Data from the EEA to the United States in compliance with the EU-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EEA to the United States, respectively.
The eFront group’s entities adhering to the Privacy Shield Principles are the following:
eFront has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
For any questions or complaints regarding our compliance with the EU-U.S. Privacy Shield Framework, please contact us at GroupPrivacy@BlackRock.com. If We do not resolve your complaint, you may submit your complaint free of charge to the French Supervisory Authority (CNIL), eFront’s designated independent dispute resolution provider. eFront has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred outside the EU
eFront undertakes to cooperate with EU Supervisory Authorities. eFront shall comply with the instructions provided by such authorities as regards Personal Data transferred outside the EU.
Under certain conditions specified by the principles of the EU-U.S. Privacy Shield Framework, you may also be able to invoke binding arbitration to resolve your complaint. eFront is subject to the investigatory and enforcement powers of the FTC.
Should any conflict occur between the terms of this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall take precedence.