ShareVault Privacy Policy

Revision 4.9 (2024/1/12)

At Pandesa Corporation, doing business as ShareVault ("ShareVault"), we strive to protect the privacy of your information. This privacy statement covers the information management practices of ShareVault controlled public websites or permission-based services that link to this privacy statement. These include the following websites:

https://www.sharevault.com

https://www.sharevault.net

ShareVault provides a link to this privacy statement on all pages requesting or controlling personal information.

INFORMATION: WHAT WE COLLECT AND HOW WE USE IT

We collect only the information needed to deliver our service and we use it only to the benefit of our users.

When a website visitor or customer expresses interest in obtaining additional information about ShareVault's services or registers to use a ShareVault service, ShareVault may require the party to provide contact information, such as name, company name, address, phone number, and email address.

When a party purchases a ShareVault service, ShareVault may require billing information, such as organization billing name, billing address, phone number, and credit card number.

When a party utilizes a service, participates in services surveys or requests customer support for a service, ShareVault may collect or request information such as name, company name, email address, and phone number. With the exception of credit card information, the information provided is generally stored electronically in secure ShareVault databases. Certain personal information may be securely transmitted to affiliated parties to support the communication with users and vault owners or facilitate the ongoing functions of the ShareVault application and the supporting infrastructure, including system performance analytics and improvements.

ShareVault's permission-based services are designed to facilitate repeat use by participants involved in multiple business transactions relying upon the services. Key to the security of these services and the business data contained therein is the verification of a user's virtual identity. Participants must provide profile information (name, title, company name, email address, and phone number) in order to utilize and secure the services.

In addition to the profile information collected as described above, ShareVault also collects anonymous information about the use of our public website, including but not limited to a visitor's IP address, the websites from which visitors access the ShareVault website, the type of web browsers used to access the website, the time of the visit, and the pages viewed. This collected information does not personally identify individuals and is required to operate the service, for security, to fulfill certain legal requirements and statistical analysis of website visits to improve our service.

Cookies

In order to collect the anonymous data described above, or to provide a better user experience for repeat users of our permission-based services, we may use "cookies" that remain in the cookies file of your browser at your option. Cookies are a widely utilized mechanism for storing small pieces of text which modern browsers use to interact with websites. Your IP address will not be linked to any personal information unless you provide that information through any form on the website.

We, together with Google, also use cookies whose main objective is to identify and secure users and augment their behavior while on our website. We use information from past visits to tailor the advertisement experience on Google and Google partner sites.

ShareVault Services Usage

In the provision of our permission-based services, ShareVault will maintain a history of participant access to the services and actions taken and make this available to the owner of a respective vault accordingly as part of our detailed user activity reporting / sharing analytics capabilities. ShareVault may also maintain a log of IP addresses from which users access the services to help secure our users.

Use of Personal Information

ShareVault uses the above collected information to inform our product customers and prospective customers about our solutions, to provide services requested by our customers, and to support and secure our customers as they utilize our services. For example, ShareVault may respond to you, if you fill out a "Contact" form on our website, with information about our services. ShareVault may also use data about ShareVault customers for its own marketing purposes, in order to provide information about product upgrades, user best practices, industry news, promotions or events. ShareVault uses credit card information solely to evaluate the financial qualification of prospective customers and to collect payment for services. ShareVault uses website navigational information to operate and secure our websites and to provide personalized information about the company. ShareVault will use personal information to verify a person’s identity when users engage in requests for support to ensure the security of our services and the protection of customer data.

Sharing Information

ShareVault will not share, sell or distribute your personal data to unrelated third parties. All personal data may be disclosed only to third parties who directly support the use cases for personal data as summarized above. Owners of respective vaults are responsible for maintaining the access controls over their data and have access to personal user information and user activity related to their vault. This information is required to securely access and use the ShareVault services but is administered by the owner of each respective vault. ShareVault or a vault owner may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Data Retention

Various personal data related to the use of the service is retained indefinitely by ShareVault for the duration of each respective service contract. ShareVault makes secure backup copies of information which will be systematically destroyed in 30 days after termination of services. The ShareVault owner may have made copies of access data as part of their own respective management and compliance practices and are outside the purview of this policy. Additional information related to financial transactions is retained for a period of seven years.

Commitment to Data Security

To prevent unauthorized access, maintain data integrity, and ensure the correct use of information, ShareVault has instituted a wide array of administrative and technical mechanisms to secure and protect the information we collect or process online. ShareVault strives to comply with all applicable global security and privacy regulations and voluntarily participates in various global and industry security and privacy certifications, frameworks and registries. This includes the vendors which provide various software and services that support ShareVault, whom we select carefully and hold contractually responsible to adhere to the terms within this privacy policy, our security policy, and the same high security and privacy standards. Additional details regarding data security are found in the ShareVault Security Policy.

Commitment to Data Privacy

As a citizen or resident of a specific country, state, or other jurisdiction, your personal data may be protected by the terms of specific regulations. In order for ShareVault and ShareVault's customers to comply with these, you are required to grant consent (opt-in) in order to gain access to ShareVault services and to exercise additional privacy rights. By using our opt-in acknowledgement features in our websites and/or services, you affirm your agreement to this privacy policy and ShareVault agrees to maintain your Data Privacy Rights (see below).

Regardless of your geographic location, or the country where your data is stored, we honor your privacy rights consistently as described in this document.

Information Location

Customers may select to locate their ShareVault account and data within a country of their choice from available AWS data center regions. Accounts are controlled and operated within the country where data is located. Users who are invited to access data will have their personal information stored in the country where the data is located. A user who has access to data stored in multiple countries will result in a synchronized copy of the user’s personal data in each of those countries.

If you access our Services from outside the selected region, we may transfer the information collected from you to data centers outside of your home country or jurisdiction. In particular, your information will be transferred to and processed in the region where we or our service providers operate, where data protection and other laws may not be equivalent to those in your jurisdiction. By opting-in and using the ShareVault Services, you agree that your information can be transferred to and used in that region for the purposes described within this Privacy Policy.

Correcting, Updating, or Requesting Action on Your Information

  • Any user contacting ShareVault must verify their identity before ShareVault can disclose any personal information or provide assistance related to personal information. ShareVault will use your personal information to make this verification to protect your identity and your access to sensitive information within a ShareVault that you may have access to.
  • Organizations seeking to update information, to discontinue their ShareVault account, to have their private information returned to them should email, support@sharevault.net or call (800) 380-7652, or (408) 717-4955.
  • Users of ShareVault permission-based services may view, update or change their personal profile information by logging into the service, selecting the "Preferences: Profile" page, and updating information using the online interface.
  • Users requesting any action related to your Data Privacy Rights (see below), should email, support@sharevault.net or call (800) 380-7652, or (408) 717-4955:
  • Any user or organization with privacy related questions, or needing help should contact ShareVault by sending an email to privacy@sharevault.com, or call (800) 380- 7652, or (408) 717-4955, and ask for the Data Privacy Officer.
  • Users wishing to decline receiving mail or email from ShareVault that does not directly relate to their access to or use of ShareVault permission-based services should visit our unsubscribe page and fill out the form to opt out of future mail or email.

EU-U.S., UK-U.S., and Swiss-U.S. Privacy Shield

ShareVault understands that currently there are legal issues with the EU-U.S., the UK-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the UK and Switzerland to the United States. ShareVault utilizes the alternative contractual clauses to provide the same privacy rights and ShareVault, as a U.S. company, is still certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern or alternatively the contractual clauses are applicable. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

ShareVault is still subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and assumes liability for protection of your personal information in cases of onward transfers to third parties.

ShareVault commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.

In compliance with the Privacy Shield Principles, ShareVault commits to resolve complaints about our collection or use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our Privacy policy should first contact ShareVault at privacy@sharevault.com or by calling (800) 380-7652.

ShareVault has further committed to refer unresolved Privacy Shield complaints to the United States Council for International Business. Alternatively, you may use JAMS. JAMS is the independent organization also responsible for reviewing and resolving complaints about our Privacy Shield compliance. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield or United States Council for International Business at https://www.uscib.org/privacy-shield/. The services of JAMS are provided at no cost to you or you can visit https://www.privacyshield.gov/ for more information or to file a complaint.

General Data Protection Regulation (GDPR)

The GDPR provides the data rights for individual citizens or residents of the EU. These rights are acknowledged and incorporated within the Data Privacy Rights.

Data Privacy Rights

Most data protections extended under the various regulations are described in the statements above with additional options and rights described below. Some of these regulations are explicitly identified in this policy in compliance with those regulations but all of the Data Privacy Rights are extended by ShareVault to all citizens of all countries who opt-in to use our services to the extent allowed by respective laws or regulations.

1. The Right to Be Informed

Should there be a breach of private information, you will be notified using the contact information in your user profile. ShareVault users have the right to request a list of who any personal information was shared with over the last 12 months. You have the right to be informed when your information is being collected, what information we collect from you and how it is used. Should there be a breach of private information, you will be notified using the contact information in your user profile. We will also notify the appropriate privacy authority for your home country.

2. The Right of Access

In addition to accessing user profile information, your use events may be obtained by contacting the owner of the respective vaults you have access to. Detailed records of technical mechanisms related to enabling those access events are not generally accessible.

3. Right to Rectification

Users of our permission-based services may access and update personal information after signing into the service. All users may access and edit their own information.

4. The Right to Erasure

Users may at any time choose to remove themselves from ShareVault services. For our permission-based services, users should first contact the ShareVault owner / administrator in order to exercise the right to erasure. In the event that the ShareVault owner / administrator cannot be reached, or to request removal from other ShareVault services, users can send an email to privacy@sharevault.com.

5. The Right to Restrict Selling or Processing

ShareVault does not sell, share, or use personal information in any way outside the purposes described in this policy.

6. The Right to Data Portability

Users may request copies of their personal information from a ShareVault owner / administrator, but such requests are subject to the respective rights and control of that owner as may be stated within the privacy policy they have published for that ShareVault.

7. The Right to Object

Users may object to the collection and use of personal information by first contacting the ShareVault owner / administrator. In the event that the ShareVault owner / administrator cannot be reached, users can send an email to privacy@sharevault.com.

8. Right to Opt-Out of Automated Decision Making and Profiling

Automated decision making and profiling is not applicable to the use of ShareVault Services.

9. Right to Non-Discrimination

ShareVault does not discriminate in the treatment of anyone for the exercise of privacy rights.

10. Right to Third Party Service

Organizations or individuals have the right to use qualified third-party services to exercise privacy rights. ShareVault will vet any such requests and restrict action on personal information pending verification of authenticity and authority granted to the third-party service.

11. Right to Independent Resolution

Users whose objections are not resolved by ShareVault and who are eligible may contact the United States Council for International Business as provided under the terms of the EU-U.S., UK-U.S. and Swiss-U.S. Privacy Shield Frameworks (Privacy Shield), where ShareVault is listed as a verified compliant company.

12. Right to Independent Arbitration

Users whose objections are not resolved by any other means, may contact the International Centre For Dispute Resolution to invoke binding arbitration to determine whether ShareVault has violated its obligations to an individual and whether any such violation remains fully or partially unremedied.

Exercising Rights

Users may exercise rights related to the collection and use of personal information per the statements above or by email at privacy@sharevault.com.

After granting consent, users can subsequently change / withdraw their consent to the collection, use and storage of personal information by emailing privacy@sharevault.com.

Legal basis for the collection and use of personal information is detailed in the above statements and generally starts with explicit consent (opt-in) by a user, followed by additional requirements to support the terms of the ShareVault service contracts, support the secure function of the ShareVault service, and as required for legal reasons, specifically to comply with the requirements of the GDPR and various global privacy regulations and specifically US legal statutes.

Data Controllers/Processors

ShareVault provides services to customers who use these services to in turn support their own individual business functions. These ShareVault owners / administrators create users for these services and are considered data controllers for certain types of user data related to their respective vaults. ShareVault is thus the processor for that data. ShareVault customers (owners / administrators) share the responsibility for this category of data and are provided the tools to fulfill that obligation for their users who are eligible for the additional GDPR, HIPAA or other regulated privacy rights.

ShareVault customers share personal information with ShareVault to establish and maintain services, and for this information ShareVault is the Controller and is bound contractually as part of the contract for services.

ShareVault commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.

Affiliated third-party providers who in turn support the ShareVault service also share responsibility as Processors and Sub-Processors in a similar manner.

All parties with support roles or access to applicable personal information within ShareVault are appropriately bound by contract to be compliant with these privacy principles.

Help for Admins / Owners with Privacy Compliance

Privacy regulation compliance is a shared responsibility between ShareVault customers (owners / administrators) and ShareVault. Owners / administrators can request help from ShareVault with privacy regulation compliance, including support for users who wish to exercise any of their privacy rights, by sending an email to privacy@sharevault.com.

Changes to This Privacy Statement

All personal information (defined as any information that identifies or can be used to identify the person to whom such information pertains) that we collect and maintain will be subject to this privacy statement, as amended from time to time. ShareVault may change this privacy statement from time to time at its sole discretion and will provide notice of all changes in this online document and via the footer of the web pages with authorized links to this document. If as a result of such changes you want to alter the ways in which ShareVault is allowed to use your personal information, privacy regulation compliance, including support for users who wish to exercise any of their privacy rights, please send an email to privacy@sharevault.com.