Echoleaf Privacy Policy

Last updated on August 5, 2024

This EchoLeaf Privacy Policy (the “Privacy Policy”) is effective as of the date shown above and describes how EchoLeaf Systems, Inc., a Delaware corporation (“EchoLeaf,” “we,” “our,” or “us”), handles your information when you access, use, or otherwise engage with any of the following products, services, or offerings made available by EchoLeaf (collectively, the “Services,” and each, a “Service”):

• Our website (www.echoleafsystems.com), subdomains, applications, and plugins (the “Websites”).
• The content, products, services, and other materials or offerings that we make available on or through the Websites.
• Our email newsletters.
• Our pages on social media networks, such as, but not limited to, Facebook and LinkedIn.
• Any Service where this Privacy Policy is posted.

Our Services are designed and intended for commercial use by businesses and their representatives. We do not offer products, services, or materials for use by individuals for personal, family, household, or other non-commercial purposes. Accordingly, we treat all information we handle as pertaining to individuals in their capacities as representatives of their respective businesses and not in their individual capacities. How we handle information about you may differ based on the Service(s) you access, use, or engage with, and how you access, use, or engage with such Service(s). Some Services may have additional terms that supplement this policy.

We provide a data management, archiving, storage, and recovery solution and related services to our business customers and a license to our software that assists business customers in implementing such solutions. This Privacy Policy does not apply to information that we may process on behalf of our business customers in our capacity as a service provider, nor does it apply to activities undertaken by us in relation to such services or use of our software by business customers. Any potential processing or other handling of information in our capacity as a service provider or by our software may be governed by our respective agreements with each of our business customers. If you have questions or concerns regarding information that we process on behalf of a business customer or wish to exercise any rights you may have regarding such information, please contact the business customer directly.

We may change this Privacy Policy from time to time. If we make any changes, we will notify you by revising the date at the top of the policy; in some cases, we may provide you with additional notice (such as adding a statement to the homepage of a Website or sending you an email notification). We encourage you to review the Privacy Policy whenever you access, use, or engage with the Services or otherwise interact with us to stay informed about our information practices and the choices available to you. If you object to any change, you can stop using our Services. After we post any changes to this Privacy Policy, your continued use of our Services will be subject to the updated Privacy Policy.

1. Information We Collect From And About You

1.1. Information Collected Through the Services

A. Information You Voluntarily Provide

• Request for More Information; Registration for Newsletters: When you complete our Contact Us form to request additional information about our Services or sign up to receive newsletters from us (both of which can be done at www.echoleafsystems.com/contact-us/ ), we may collect your name, email address, phone number, billing address, and other information necessary to facilitate your request and/or which you voluntarily provide to us.
• Account Creation: If you establish an account in connection with one or more Services, we may collect your name, company name, email address, phone number, billing address, and other information necessary to support your access to, use of, or engagement with the applicable Service(s).
• Contact, Support, and Surveys: When you voluntarily contact us (e.g., to submit questions about the Services via phone, email or any chat function made available in connection with our Services, to provide information to our sales or support teams, or to respond to our surveys and polls), we collect your name, email address, information reasonably necessary to support your and/or other users’ interest in or use of the relevant Service(s) (e.g., demographic information), and any other information you choose to provide.
• Engagement with Social Media: When you engage with us on social media, we may receive information from you when you interact with our pages, groups, accounts, or posts. This may include aggregate data on our followers (e.g., age, gender, and location), engagement data (e.g., “likes,” comments, shares, reposts, and clicks), awareness data (e.g., number of impressions and reach), and individual public profiles.
• Billing: To the extent we process payments, we may collect and use your payment information. We may engage third-party service providers to process your payments. Information collected in relation to payment processing may include your name, email address, phone number, billing address, credit or debit card information, and any other information relevant or necessary to process a payment made by you.

B. Information Collected Automatically

When you access, use, or engage with the Services, we may collect certain information from you automatically. The technologies we use to collect this information may include, but is not limited to, cookies, web beacons, scripts, and tags (“Technologies”). We use these Technologies on our digital properties, including our Websites, as well as in our email communications and newsletters.

The types of information we collect automatically through these Technologies include:

• Identifiers and Device Information: IP address, cookie identifiers, your operating system and browser (e.g., type, version, and configuration), your browser language, device identifiers (such as MAC address), and advertising identifiers.
• Usage Data: Internet and network activity on the Services, including your interactions with our Websites, such as the URLs of any pages you visit on our Websites, the URL of the website from which you came to our Websites, the length of time you spent on a particular page, access times, search queries, and other details about your use of and actions in connection with the Services. Usage data also includes information about your interactions with advertisements and other marketing or promotional content on the Services. We may use usage data to personalize or customize content for you or for other similar purposes. We may also use it to improve our Services.

The Technologies outlined above may set, change, alter, or modify settings or configurations on your device. Please be aware that we do not control the Technologies used by third parties on the Services and we are not responsible for them.

1.2. Information Collected From Third Parties

We collect information about you from third parties, including but not limited to data analytics providers, marketing or advertising providers, fraud prevention service providers, and vendors that provide services to us. We may supplement the information we directly collect from you with information received from third parties for a variety of purposes, including to help us correct or supplement our records, enhance our ability to serve you, to help prevent or detect fraud, to tailor our content and advertisements to you, and to offer you opportunities that may be of interest to you.

The Services may include functionality that allows certain kinds of interactions between the Services and your account on a third-party service or application. The use of such functionality may involve the third-party providing information to us. If we offer and you choose to use this functionality, the third-party service may send information about you to us.

The Services may also contain links to third-party websites that are not controlled or operated by us. This Privacy Policy does not apply to such third-party websites, and we are not responsible for the privacy practices of such third parties. Therefore, we encourage you to review the privacy policies of any third parties upon visiting such third parties’ websites and/or before disclosing your information to such third parties.

2. How We Use the Information We Collect About You

We use your information for a variety of purposes, including:

• Provisioning of Our Services to You: We use your information to provide our Services to you, which includes: (a) enabling you to create and manage an account in connection with your interaction with the Services; (b) facilitating your access to, use of, and engagement with the Services; (c) sending you notifications in relation to your account and engagement with the Services; and (d) performing other related business or operational functions.
• Communications With You: We use your information to engage in communications with you for various purposes, including responding to your requests, inquiries, or feedback, and providing customer care and support.
• Marketing and Advertising: We use your information for marketing and advertising purposes, including sending marketing, advertising, and promotional communications to you by email, text message, or postal mail. We may also use your information to show you advertisements for our Services.
• Analytics and Personalization: We use your information to conduct research and analytics for various purposes, including improving our Websites and Services; understanding your interaction with our Websites, Services, communications, and advertisements; personalizing your experience as a user of our Services; better understanding your needs as a user of our Services; and providing personalized recommendations for our Services.
• Security and Fraud Prevention: We use your information to detect, investigate, prevent, or take action regarding possible malicious, deceptive, fraudulent, or illegal activity, including fraudulent transactions. We also use your information to enforce our terms and procedures, prevent security incidents, and prevent harm to other users of our Services.
• Legal Obligations: We use your information to comply with our legal and regulatory obligations, to establish and exercise our rights, and to defend against legal claims.
• Business Functions: We use your information to support our core business functions, including maintaining records related to business management, loss prevention, and collection of amounts owed, and identifying and repairing errors or problems in our Websites or Services.

Sometimes we aggregate or de-identify information so that it can no longer identify you. Unless prohibited by applicable law, we may use and disclose such aggregated or de-identified information for any purpose.

3. When We Share the Information We Collect

We may disclose your information for various purposes, including in the following scenarios:

• Consent: We may disclose your information to any party with your consent, which may be obtained in writing, online, when you accept the terms of service for our Services, orally (either in person or on the phone), or by other means.
• Affiliates: We may disclose your information to our affiliated organizations and/or companies, including IBM.
• Business Partners and Service Providers: We may disclose your information to certain non-affiliated third parties to facilitate your access to, use of, or engagement with our Services, and to provide us with certain business functions. Such third parties may include brand partners, internet service providers, advertising networks, data analytics providers, governmental entities, operating systems and platforms, payment processors, and service providers who provide us with a required service in connection with our provision of the Services to you and other users.
• Legal Process and Protection: We may disclose your information to satisfy any applicable law, regulation, legal process, or governmental request. We may also disclose or share your information where we have a good faith belief that disclosure of such information is reasonably necessary: (a) to enforce or apply agreements to which we are a party; (b) to protect or defend our rights, interests, or property; (c) to protect our Websites or Services; (d) to investigate any violation or potential violation of the law, this Privacy Policy, the terms of service for our Services, or any other obligation related to your access to, use of, or engagement with our Services; (e) to protect the safety of other users of our Services, as well as EchoLeaf personnel and the general public; and (f) in connection with any applicable claim, dispute, or litigation.
• Business Transfer: As with any other business, it is possible that we could sell or buy subsidiaries or business units in the future. In any such transaction, as well as in the event that all or substantially all of our assets are acquired by a third party, personal information collected in connection with our Services will generally be one of the transferred assets. We reserve the right to include, as an asset, your personal information in any transfer of our assets to a third party.

Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated and/or de-identified) for any purpose, except as prohibited by applicable law.

Information collected by or sent to us may be stored and processed in any country in which we and our affiliates or service providers maintain facilities. We reserve the right to transfer your personal information outside of the country where you reside and/or from which you access, use, or engage with our Services. By accessing, using, or engaging with our Services, you consent to any such transfer of information outside of your country.

4. Your Rights and Choices

We provide a variety of ways for you to control the personal information we hold about you, including choices about how we use that information. In some jurisdictions, these controls and choices are enforceable as rights under applicable law. The choices described below are limited to and will be applied only to the specific email address, phone number, or device you use in connection with our Services.

4.1 General

A. Accounts

You may access, update, or remove certain information that you have provided to us through your account by visiting the account’s settings, or by sending an email to the email address set out in the “Contact Us” section below. We may require additional information from you to verify your identity. Please note that we will retain and use information about you as necessary to comply with our legal obligations, resolve disputes, and enforce any agreements to which we are a party.

B. Communications

Email. We offer a variety of commercial emails and email newsletters. You can unsubscribe from emails and email newsletters from EchoLeaf by following the opt-out instructions found at the bottom of our emails. You can also email us at the email address set out in the “Contact Us” section below with the word “UNSUBSCRIBE” in the subject field of the email. Please note that your opt-out is only effective for the email address used to send the opt-out email.

Mail or Telephone Promotions. You can ask to be unsubscribed from our mail or telephone solicitations. To opt out of such solicitations, email us at the email address set out in the “Contact Us” section below with a subject line that reads “UNSUBSCRIBE – MAIL/PHONE” and your account username and/or phone number in the body of the email.

We complete opt-out requests as quickly as we can. An opt-out request will not prohibit us from sending you important non-marketing notices.

4.2. Browser Controls

Cookie Controls. Most web browsers are set to accept cookies by default. If you prefer, you can delete or reject cookies in your browser settings. If you choose to delete or reject cookies, this could affect certain portions or features of the Services. If you choose to delete cookies, certain settings and preferences controlled by those cookies, including advertising preferences, may be deleted and would need to be recreated.

Do Not Track. Some browsers include a “Do Not Track” (“DNT”) setting that can send a signal to the websites you visit to indicate that you do not wish to be tracked. There is currently no common understanding of how to interpret the DNT signal; accordingly, at present, our Services do not respond to browser DNT signals. You may instead use other available tools to control data collection and use, including the cookie controls described above.

Analytics. Google Analytics provides analytics services for all of our Services. More information about out how Google Analytics uses data can be found here; to opt out of Google Analytics, please visit this link.

4.3. Termination of Services

You may choose to terminate our Services and close your account with us. If you terminate our Services and close your account, we will delete you from our registered customer database and remove you from our email marketing and newsletter lists.

5. How Long We Retain Your Information

We will retain your information for as long as reasonably necessary to:

• Provide you with our Services.
• Invoice charges and maintain records until invoices cannot be lawfully challenged and legal proceedings may no longer be pursued.
• Communicate with you regarding other products or services that we may offer.
• Comply with applicable laws, regulations, and court orders.
• Enforce our contractual agreements.
• Fulfill any of the purposes for which we collected your information as set forth in this Privacy Policy.

As needed, we may retain your personal information even after you terminate our Services and close any account you have with us. Please also note that instead of deleting your information, we may de-identify it by removing identifying details.

6. How We Protect Your Information

We protect your personal information with appropriate organizational, technological, and physical safeguards. Your access and use of the Services is at your own risk. We recommend that you use complex and unique passwords for your EchoLeaf account; do not share your password with anyone. If you have reason to believe your account with us is no longer secure, notify us immediately at the email address set forth in the “Contact Us” section below.

7. Third Parties’ Privacy Practices

Some of our Services may contain links to third-party websites and resources that may offer products or services that you and/or other EchoLeaf customers may be interested in or find useful. These third parties do not provide, and their products and/or services are entirely separate from, EchoLeaf Services. These third parties may independently solicit and/or collect information from and/or about you, and any personal information directly provided by you or automatically collected by them is not covered by this Privacy Policy. These third parties have their own policies and practices with respect to data and privacy, and we do not control and are not responsible for such third-party policies and practices. We encourage you to familiarize yourself with the privacy policies of third parties to whom you choose to provide personal information or with whom you otherwise interact.

8. Contact Us

Please contact us at info@echoleafsystems.com if you have any questions or concerns about this Privacy Policy or wish to exercise your rights and choices as described herein.

9. Additional Disclosures for People in Europe

If you are located in the European Economic Area (the “EEA”), you may also have certain rights under the General Data Protection Regulation (“GDPR”).

Lawful Basis. The GDPR requires a “lawful basis” for processing personal information. Our lawful bases include the following:

• The consent you provide to us at the point of collection of your information.
• The performance of the agreement we have with you under the applicable terms of service for the provision of our Services.
• The compliance of any legal obligations to which we are subject.
• The legitimate interests of EchoLeaf or a third party. “Legitimate interest” means that there are good reasons for the processing of your personal information; it also refers to our use of your information in ways that you would reasonably expect and that have minimal impact on your privacy rights and interests. We have a legitimate interest in gathering and processing personal information to, among other things: (a) understand how our Services are functioning; (b) develop new products and services; (c) ensure that our networks and infrastructure are secure; (d) administer and generally conduct EchoLeaf business; (e) prevent fraud; and (f) conduct our marketing activities. Where we rely on a legitimate interest to process personal information, we carry out a balancing test to weigh the legitimate interest against your right to protection of your personal information.

Retention of Information. Once the purpose of processing is fulfilled, we retain personal information for no longer than the applicable statutory limitation period. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of the personal information, the purposes for which we process the personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. We will delete or de-identify personal information once the applicable retention period has expired.

Data Transfer. If we transfer your data out of the EEA, we implement at least one of the three following safeguards:

• We transfer your information to countries that have been recognized by the European Commission as providing an adequate level of data protection according to EEA standards.
• We take steps to ensure that the recipient is bound by contractual obligations, including EU Standard Contractual Clauses and additional safeguards to protect your personal data.
• We confirm that the service provider to which we are transferring data has an active self-certification under the EU-US Data Privacy Framework.

Data Subject Rights. If you are a “data subject” under the GDPR, subject to certain conditions, you have the right to: (a) access, rectify, or erase any personal information we process about you; (b) data portability (i.e., asking us to transfer your personal information to any third party of your choice); (c) restrict or object to our processing of your personal information; and (d) where applicable, withdraw your consent at any time for any processing of your personal information. You may exercise your rights by submitting a written request to us at the email address set out in the “Contact Us” section above. We will respond to your request within thirty (30) days. We may request certain information from you to help us verify your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will provide you with an explanation, subject to legal restrictions.

Complaints. If you have a complaint about our use of your personal information or our response to your request(s) regarding your personal information, you may submit a complaint to the Data Protection Supervisory Authority in your jurisdiction. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator and welcome you to first direct an inquiry to us at the email address provided in the “Contact Us” section above.