Last Modified: 06/01/2020
Last Reviewed: 06/01/2020
Our website address is: https://viewdox.com
You may have heard a lot of buzz around the GDPR (General Data Protection Regulation). The GDPR is a series of laws approved by the European Union (“EU”) Parliament to align legislation with the way data is used today. The GDPR’s intent is to allow individuals greater control over their data. With the GDPR come several requirements of companies like ViewDox. You can learn more about the GDPR here: www.privacytrust.com/gdpr/. Now, excuse us while we get some legalize out of the way.
PRIVACY SHIELD POLICY:
The terms set forth in this Privacy Shield Policy portion of the Agreement (“Privacy Shield Policy”) extend to ViewDox’s collection, use and retention of Personal Data transferred from European Union member countries to the United States (“EU Personal Data”) and supplements the terms set forth elsewhere in the Terms and Conditions with respect to such EU Personal Data. The Federal Trade Commission has jurisdiction and enforcement authority over ViewDox’s compliance with this Privacy Shield Policy and the EU-U.S. Privacy Shield Framework.
Compliance with EU-US Privacy Shield Framework:
ViewDox complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union to the United States. ViewDox has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. ViewDox, in reliance on the Privacy Shield, commits to subject all EU Personal Data to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov. The Privacy Shield List is available at www.privacyshield.gov/list.
Inquiries and Complaints (EU-US Privacy Shield):
Chief Legal Officer
1321 W. 12th Street
Los Angeles, CA 90015
ViewDox has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to Privacy Trust, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.privacytrust.com/privacyshield/disputeresolution for more information and to file a complaint. This body is designated to address complaints and provide appropriate recourse free of charge to affected individuals.
EU Personal Data Collection, Use, and Disclosure:
The EU Personal Data we receive may include, but is not limited to, your email address, name, phone number, postal address, and other information. We will only process EU Personal Data in ways that are compatible with the purpose for which we collected it, or for purposes the individual later authorizes. We process sensitive EU Personal Data for the following purposes: forensic collections, eDiscovery processing, hosting, review, and traditional litigation support services. When we collect sensitive EU Personal Data, we will obtain your opt-in consent where the Privacy Shield requires, including if we disclose your sensitive EU Personal Data to non-agent third parties, or before we use your sensitive EU Personal Data for a different purpose than we collected it for or than you later authorized.
ViewDox acknowledges that EU individuals have the right to access their Personal Data that we maintain about them. ViewDox will also provide an individual opt-out choice before we share their Personal Data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate EU Personal Data, or who wishes to limit the use and disclosure of their Personal Data, should direct their questions to email@example.com. If requested to remove Personal Data, we will respond within a reasonable time-frame.
ViewDox limits disclosure of Personal Data to employees and other trusted third party business advisory and expert services firms that provide bibliographic coding, human/machine language translation, backup tape restoration, forensic collections/analysis, traditional litigation support, contract attorney review services and quality control services in whole or in part, on our behalf and who have a specific business purpose for collecting, maintaining, reviewing and processing such Personal Data. Where required by the Privacy Shield Policies, we enter into written agreements with those third-party agents and service providers requiring them to provide the same level of protection the Privacy Shield Policies require and limiting their use of the EU Personal Data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process EU Personal Data in accordance with our Privacy Shield obligations and to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of EU Personal Data that we transfer to them.
Data We Collect and How We Collect It:
For personal information of individuals received from the EU, ViewDox is committed to handling such personal information in accordance with Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.
ViewDox Collects and Processes personal data of the following:
- Business Clients: client representatives who act as a point of reference for business matters within the company who use ViewDox services – data is collected from ViewDox business clients during the contract phase and when provided access to software platforms hosted by ViewDox;
- Targeted Persons: clients’ employees and other persons whose data is accessed by ViewDox for the fulfillment of business clients’ instructions – data is collected by ViewDox under the direction of its clients via forensic collection;
- Website Users: ViewDox website users who contact ViewDox, register for webinars and request White Papers, Practice Guides and links to recorded webinars via the ViewDox website – data is collected when users request to register for a webinar or request access to other ViewDox material;
- Website Visitors: ViewDox website visitors who access the website and are tracked by cookies – data is collected via cookies and Google analytics; and,
- Social Media Users: Twitter and LinkedIn users who interact on ViewDox social media sites – data are collected when provided via interactions with ViewDox on social media sites.
When ViewDox collects data from business clients, website users and visitors, and social media users, it acts in a role of a data controller. However, ViewDox also acts in a role of a data processor when ViewDox processes personal data from targeted persons at the direction of ViewDox’s clients.
The data that ViewDox collects can include names, email addresses, home addresses, telephone numbers, state/province, country, information about products/services of interest, comments, organization name, job title, Venio & Relativity login credentials, Venio & Relativity access and usage analytics data, IP address and location, cookie ID, device ID, browser type and version, time zone, browser plug-in types and versions, operating system and platform, social media photos, social media comments and messages, and, other information disclosed in the course of general business practice.
With regard to data collected from Targeted Persons at the direction of an ViewDox client, ViewDox retains that data until advised to return or delete the data. ViewDox will not destroy or return data until a client completes a data destruction form.
With regard to business clients’ and website/social media users’ data, ViewDox maintains personal data indefinitely or until a user rescinds consent for the retention of or use of the data.
Use of Personal Data:
ViewDox will only use data in a way that is compatible with the reason for which it was collected and authorized by our client. Further:
- We do not knowingly collect information from people under the age of 16.
- Any changes to this policy will be posted on our website: viewdox.com
- We do not collect payment information via our website.
- In the event of a merger, the new entity will control the data covered by this policy.
Legal basis for processing Personal Information (EU visitors only):
If you are a visitor/client located in the EU, ViewDox is the data controller of your personal information. ViewDox’s data protection personnel can be contacted at firstname.lastname@example.org.
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, in compliance with a legal obligation, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
- What we do:
- ViewDox uses Google Analytics to track website traffic on the ViewDox website (viewdox.com). Adhering to and using programming code provided directly by Google Analytics, all web pages contain tracking pixels/programming code or “cookies,” all of which tracks visitor information across multiple pages and categories. Cookies are small files which are stored on a user’s computer. They are designed to hold a modest amount of data specific to a particular client and website, and can be accessed either by the web server or the client computer.
- What we did to comply with GDPR:
- Once clicked, the slide in window notification will disappear and not reappear again; and,
- Regardless of where you enter the site, you will view the slide in window accordingly.
How to Unsubscribe from ViewDox Marketing Communications:
ViewDox communicates with customers and prospects via email marketing campaigns on a periodic basis to share educational content and service information. Campaigns are sent via an email services provider and you always have the option to unsubscribe or opt-out. You may unsubscribe by clicking on the “unsubscribe” link located on the bottom of our emails. You may also rescind your consent to receive marketing communications by sending us an email at email@example.com, or by post to ViewDox LLC, 1321 W. 12th Street, Los Angeles, CA 90015.
Notice and Choice:
To the extent permitted by the EU-U.S. Privacy Shield, ViewDox reserves the right to process personal information in the course of providing professional services to our clients without the knowledge of individuals involved. Where we collect, at the direction of our clients, personal information directly from individuals in the E.U. it remains the responsibility of our client to inform the individual of the purposes for which we collect and use it and the types of non-agent third parties to which the information is disclosed. It remains the responsibility of our client to inform those individuals about the choices and means, if any, offered the individuals for limiting the use or disclosure of their information.
How Can You Access This Information?
ViewDox collects and processes data under the instruction and direction of our clients. If an individual becomes aware that information we maintain about that individual is inaccurate, or if an individual would like to update or review his or her information, the individual must contact and coordinate with our client and proceed according to that client’s personal information policy.
Will We Share Personal Information With Third Parties?
ViewDox will not disclose an individual’s personal information to third parties unless directed by our client or when one or more of the following conditions are true:
- We have the individual’s permission to make the disclosure;
- The disclosure is required by law or professional standards;
- As ViewDox is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement standards;
- The disclosure is reasonably related to the sale or disposition of all or part of our business;
- The information in question is publicly available;
- The disclosure is reasonably necessary for the establishment or defense of legal claims;
- The disclosure is to another ViewDox entity or to persons or entities providing services on our or our client’s behalf (“transferee”), consistent with the purpose for which the information was obtained, if the transferee, with respect to the information in question:
- is subject to law providing an adequate level of privacy protection;
- has agreed in writing to provide an adequate level of privacy protection; or,
- subscribes to the EU-U.S. Privacy Shield Principles.
Compliance with Law Enforcement:
ViewDox may be required to disclose EU Personal Data in response to a lawful request by public authorities, including the need to meet national security or law enforcement requirements.
ViewDox’s intent is to strictly protect the security of your personal information, honor your choice for its intended use, and carefully protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction. We have taken appropriate steps to safeguard and secure information we collect online including the use of encryption when collecting personal information.
ViewDox has policies, procedures, and processes to protect client data, which includes encryption of data at rest, transit and logical segregation. All data is stored within our secured datacenter with redundant firewalls and network security systems utilizing threat intelligence. All external ports are disabled except for necessary 443 ports for encrypted channel communications and DMZ utilized for external facing web servers. Along with systems security, we have implemented annual security awareness training which includes GDPR awareness. Our incident response policy will include details necessary to ensure minimal disruption of corporate workflow and operations in the event of a major natural disaster, major systems interruption or other designated major corporate emergency.
If ViewDox transfers your information to a third-party (e.g. analytics or web hosting vendors), ViewDox will attempt to ensure the third-party maintains the same level of security as us. We can actively monitor their compliance using TrustBase. ViewDox is a participant in the U.S. Department of Commerce’s EU-U.S. Privacy Shield and has certified that we adhere to the EU-U.S. Privacy Shield Principles. ViewDox is subject to the investigatory and enforcement powers of the Federal Trade Commission.
ViewDox welcomes your comments and/or questions regarding this privacy statement; please contact us by sending us your feedback to firstname.lastname@example.org, or writing to:
1321 W. 12th Street
Los Angeles, CA 90015
If however you are unhappy with our response to your concerns you can raise an issue with Privacy Trust, an independent third party dispute resolution service.
If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, you can also submit your complaint to Privacy Trust, an independent third party. Visit www.privacytrust.com to file a complaint.
Finally, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.