Cloud Genic

Privacy and Data Policy

INTRODUCTION

1. This Policy governs our processing of your personal information and the way in which we deal with other data that is not personal information. “Personal information” is the Romanian term for “personal data” as defined in the European Union’s General Data Protection Regulation EU2016/679 (“GDPR”). The term “processing” is used as defined in the GDPR. It includes collection, storage, and all of the ways we use, and allow you to use, personal information, when we provide our services. You are the data controller under the GDPR of the personal information you provide to us as part of your Account Data (see below). CloudGenic Network , also known as ("CloudGenic", "we", "us") is the data controller under the GDPR of all other personal information.

2. This Policy is divided into five sections to make it easier for you to see which provisions apply to different types of data. Words and phrases which are defined in our Terms of Service (“ToS”) have the same meanings when they are used in this Policy.

3. The sections of this Policy are:

- This Introduction section.

- The “Your Files” section. This covers the actual files that you upload, access and share using our services.

- The “Account Data” section. This covers the metadata that is collected and generated by our systems when you use our services, and the information that you provide to us when you register and communicate with us.

- The “Website Usage Data” section. This covers the data that is collected and generated by our systems when anyone browses our website.

- The “General Terms” section, which applies to all our services and all types of data.

4. The GDPR provides rights to European users, but, as a leading privacy company, we make the GDPR protections and rights available to all our users globally in respect of their personal data (or “personal information” as we refer to it in Romania), wherever you may live.

Your Files

5. This is the section of this Policy that covers the actual files that you upload, access and share using our services (“Your Files”). The following specific terms apply:

5.1. When you upload a file, we do not know whether it is personal to you or someone else, relates to a business or some other organisation, or what it contains. We also in some cases generate and store previews of images, videos and certain other types of file. We gather a small amount of metadata about the type of file, but that does not disclose the content or information that the file contains. In relation to metadata, see the section of this Policy specifically covering Account Data.

5.2. All Your Files remain encrypted at all times while they are on our system, if you upload them encrypted. They are never received, stored or otherwise dealt with by us in unencrypted form because any decryption takes place only on your device or that of another user to whom you have provided the file/folder links and keys that are created when you give them access. Your Files are therefore not personal data under the GDPR (or “personal information”) since they are never held by CloudGenic Network in a form that is information about an identified or identifiable natural person.

5.3. We collect Your Files because that is necessary for us to provide our cloud storage and collaboration services that you contract for when you agree to our ToS.

5.4. Although Your Files are not personal information within our system because you have encrypted them, you should know that we store Your Files and make them available from servers that are owned and controlled by us, in secure facilities in Europe or in countries that the European Commission has determined to have an adequate level of protection under Article 45 of the GDPR, depending where you are based. None of Your Files are stored in, or made available from, the United States of America.

5.5. We keep Your Files while you are subscribed to our services but subject to our suspension and termination rights set out in our ToS. You must maintain copies of Your Files. We do not make any guarantees that there will be no loss of data or the services will be bug free. You should download Your Files prior to termination of services including where the administrator of a business account, within which you have used the services.

5.6. When you delete one of Your Files it will be made inaccessible, marked for deletion and removed when the next appropriate file purging process is run, subject to any retention specifically allowed under this Policy or our ToS. After account termination, all Your Files will be marked for deletion and removed when the next appropriate file purging process is run, subject to any retention specifically allowed under this Policy or our ToS.

5.7. The deletion process specified in 5.6 will not apply to a deduplicated file that is associated with another user (see our ToS).

5.8. We may, but shall not be obliged to, keep Your Files after your account has been suspended or terminated. In particular, we may, but shall not be obliged to, keep Your Files where we consider it necessary for evidential purposes relating to a breach of our ToS or with respect to current or anticipated action by any competent enforcement authority or other third party. With respect to release of Your Files to competent enforcement authorities and third parties, see our Takedown Guidance Policy.

5.9. See also the General Terms section of this Policy which applies to all types of data, including Your Files.

Account Data

7. This is the section of this Policy that covers account information you give us, and metadata that we generate in relation to Your Files and your account. The following specific terms apply:

7.1. When you sign up for particular services on our website you may need to give us the details required in our registration form and will need to keep that information up to date, including any payment account details (e.g. online payment provider account information).

7.2. You do not need to give us any information other than an email address to use a free CloudGenic Network account, but some functionality features are limited with such accounts. Where you wish to access greater storage and other functionality under a paid plan, you will need to give us (including our related or affiliated entities, payment processors and resellers) the information (such as tax identification and payment information) that is required under the particular plan and our ToS in relation to those services. For paid plans CloudGenic Network, and its related or affiliated entities, payment processors and resellers that you use to make payments, retain account and payment information including a record of all transactions on your account.

7.3. When you use our services, our systems retain the following metadata in unencrypted form:

- Browser type and operating system of the devices from which you have logged in to CloudGenic Network

- IP address and port information for logins, API usage, file uploads, folder creations and link exports

- The country that we expect you are accessing our services from (inferred by matching your IP address to a public IP address database).

- File sizes, versioning order, timestamps and parent-child file relationships.

- Deletion timestamps.

- The email address of anyone you have specifically made a contact using CloudGenic Network's systems. Note that Your Files and folders can be shared privately by invitation to specified email addresses or shared more generally by creating a file or folder link.

- Contact email addresses of chat participants, chat commencement time and chat duration, and moderation activity.

- Takedowns and account suspensions.

- Our communications with you.

- Your personal account settings, including any avatar picture.

- Details of referrers and people they have referred, together with commission balances and payments, for the purposes of the CloudGenic Network referral programme

7.4. From time to time we may need to communicate with each other directly. We will use the email address you have included in the settings information in your account. Any communication to you will be deemed to be received by you, no matter whether you are actively monitoring the account or its email address or not. You can communicate with us using the appropriate address on our contacts page and your email will be deemed to be received by us. All communications must be in English, no matter what is your native language or your location. Examples of direct communications include copyright or other enforcement emails, notifications under our Takedown Guidance Policy, system update information, data breach notifications, notification of major changes to our ToS or this Policy and billing information.

7.5. Access to your account is by way of nominated email address and password. It is your responsibility to keep these safe and secure as CloudGenic Network stores the email address but does not store the password. If you forget your password you will lose access to all your data unless you reset the password.

7.6. We will collect, store, use and otherwise process Account Data so that we can provide the services you have contracted to obtain from us under our ToS. We also have a legitimate interest in processing Account Data so that we can maintain and improve our systems and services and communicate with you as referenced in this Policy.

7.7. We retain Account Data as long as your account is active. After account suspension or termination including where the administrator of a business account, within which you have used the services, terminates that business account (see clause 12 below), we may, but shall not be obliged to, retain all Account Data if enforcement action is likely or commenced under our ToS or Takedown Guidance Policy or for 12 months, whichever is longer. Users sometimes request that an account be re-activated so we keep Account Data for 12 months for that purpose. Where there is no enforcement action likely or commenced and the 12 month period has expired, Account Data that identifies you will be anonymised, but where you are a contact of, have had a folder shared with you by, or have chatted with, another CloudGenic Network user, those details will continue to be retained to allow services to continue for those other users. See also the General Terms of this Policy with regard to retention.

7.8. You can request correction of Account Data if it is considered incorrect, in accordance with the GDPR. Any requests for access to, or correction of, Account Data that is not available to you when you are logged into your account, or if you cannot log in to your account, should be made to specifying the information in question. The information will be provided promptly, and at least within one month, without charge unless the request is manifestly unfounded or excessive. Corrections will be promptly considered and actioned if appropriate.

7.9. If CloudGenic Network has disclosed the Account Data to any third party (such as a compliance authority), it will inform them of any correction where possible and will also inform the individuals about the third parties to whom the data has been disclosed where lawful and appropriate.

7.10. See also the General Terms section of this Policy which applies to all types of data, including Account Data.

Website Usage Data

8. This is the section of this Policy that covers activity on our website (“Website Usage Data”). The following specific terms apply:

8.1 We may collect data about visits to our website to measure the number of visitors to different parts of the website, to assess user access patterns, to make the website load faster and otherwise to operate the website. We may use cookies or other similar technology for these purposes. It is necessary for us to do this so that we can accelerate login and loading of the encryption functionality of our website that you contract for when you agree to our ToS, so that we can improve the functionality of our website and to provide offers of additional services. By using our website, apps or our services, you specifically consent to our use of cookies and such other technology to collect data.

8.2 Where the website has stored your login session, you can delete or disable that information from browser localStorage, but this will result in longer load times and/or the need to re-enter your account credentials every time you open the website.

8.3 We may:

- Join Website Usage Data with other users' data and give it to advertisers in a way which doesn't personally identify any particular user;

- Analyse and use Website Usage Data for marketing or statistical purposes as well as to improve the way we do business with our users

- Serve advertisements or use third-party advertising companies to serve advertisements on the website and on third party sites, as well as to assist us in analysing our marketing and other business efforts. We and these advertisers may use cookies or other similar technology to collect information about your visits to the website and other sites in order to provide targeted advertisements to you.

8.4. We collect and keep Website Usage Data with your consent to provide services and support related to the website and our services, for market and product research and to be able to give users promotional material and special offers on our services. If you withdraw consent to our processing of Website Usage Data you will have to close your account.

8.5. See also the General Terms section of this Policy which applies to all types of data, including Website Usage Data.

General Terms

9. This is the section of this Policy that covers all types of data.

Basis of processing and dealing with data

10. As noted above, we process your personal information because we have contracted with you to do so under our ToS, this Policy, and our Takedown Guidance Policy. We cannot provide our services without that data. Other data that is not personal information is also dealt with by us in accordance with our ToS, this Policy, and our Takedown Guidance Policy.

Giving access to other users

11. You must ensure that anyone to whom you give access to any of Your Files or your Account Data complies with our ToS, our Takedown Guidance Policy and this Policy. You are responsible for their compliance. This applies particularly where you are the administrator of a business account.

12. For business accounts, to the administrator of that account can see and deal with the files and data associated with all users within that account (including any data and any personal information). In addition:

- if the business account is suspended or terminated, the action will affect the data and personal information of every user within that account.

- the administrator of the business account will be able to see and deal with, change or delete the files and data associated with every user within that account (including any of Your Data, Your Chats, Account Data and any of your personal information).

- the administrator of the business account will be able to terminate any user’s account within the business account, restrict or disable usage of the account, change any user’s password and otherwise deny access to the account and you will then lose access to all Your Data, Account Data and all personal information associated with your usage of the business account.

Your own security practices are critical

13. We strongly urge you to use best practices for ensuring the safety of your systems and devices (e.g. via unique passwords, security upgrades, firewall protection, anti-virus software, securing devices). CloudGenic Network will never send an email asking for your password or suggesting that you click a link to login to your account, so do not be fooled by any such email since it will not be from us. We cannot guarantee the security of computers or devices nor of transmission from and to your device over the Internet and thus cannot guarantee there will be no unauthorised access. Also, if you lose or otherwise allow access to your password or encryption keys, you will lose the security of all your data. If you forget your password you will lose access to all your data unless you request a password reset. Using the same password for CloudGenic Network as you have used at other sites can lead to others accessing and taking control of your CloudGenic Network account if one of those other sites is breached or hacked.

Disclosure for civil or criminal enforcement

14. If we think it is necessary or we have to by law in any jurisdiction, then we are entitled to give Your Files, Your Chats, any Account Data and any Website Usage Data to competent authorities. We reserve the right to assist any law enforcement agency with investigations, including disclosure of information to them or their agents. We also reserve the right to comply with any legal processes, including but not limited to subpoenas, search warrants and court orders initiated by enforcement authorities or other third parties. We may disclose Your Files, Your Chats, any Account Data and any Website Usage Data to enforce or apply our ToS or any other agreement we have with you, or to protect the rights, property, or safety of us or our other users, third parties or the operation of our services. For more detail on disclosure to competent enforcement authorities and other third parties, see our Takedown Guidance Policy.

CloudGenic Network and its related or affiliated entities, payment processors and resellers

15. You have a contract with:

but our services (including payment and personal information processing) may be provided by CloudGenic Network's related or affiliated entities, payment processors and resellers, in other jurisdictions, subject to applicable laws. You authorise CloudGenic Network and each of those related or affiliated entities to collect, store, share and otherwise process Your Files, Your Chats, any Account Data and any Website Usage Data among themselves, as necessary to provide the services, subject to applicable laws. All such entities are located in Europe or in countries that the European Commission has determined to have an adequate level of protection under Article 45 of the GDPR.

15.1 You authorise CloudGenic Network and each of those related or affiliated entities, payment processors and resellers to collect, store, share and otherwise process among themselves such Account Data as is necessary to provide payment processing, subject to applicable laws.

No commercial sale of data

16. We will never sell Your Files, Your Chats, any Account Data or any Website Usage Data. We will not disclose or otherwise provide Your Files, Your Chats, any Account Data or any Website Usage Data to a third party, or make any other use of Your Files, Your Chats, any Account Data or any Website Usage Data, for any purpose which is not specifically allowed under this Policy, our ToS or our Takedown Guidance Policy or is not incidental to the normal use of our services.

CloudGenic Network’s data security

17. Data security is very important to CloudGenic Network, whether that is your personal information or any other data. That is why we publish our client-side browser and mobile app software, provide a bug bounty to encourage reporting on any issues, and why we have provided information in this Policy on collection and storage of all data whether or not it is personal information. For more information on our security practices, see our blog.

Communications

18. We may send invoices, security or service updates and various other notices by email to the email address listed in your account or using any of our chat or messaging systems. They will be deemed to be received in accordance with our ToS .

19. If appropriate, some of those notices will contain unsubscribe information so you can opt out of further receipt. We will abide by any email unsubscription request (other than those we need to send for invoicing, security or service updates and other service provider purposes).

20. In some cases a person may receive an email from us asking the person to confirm their new CloudGenic Network account email address, but in fact they haven't tried to open an account - someone else has started the process and used their email address either maliciously or by mistake. In these cases, CloudGenic Network has an ephemeral/incomplete account that might be used to upload files. On request, and after proving ownership of the email address, we will arrange for the account to be deleted.

Law

21. Subject to the rights that those in the European Union have under the GDPR, this Policy and its interpretation and operation are governed solely by Romanian law. Subject to the rights that those in the European Union have under the GDPR, you, CloudGenic Network and all users, submit to the exclusive jurisdiction of the Romanian arbitral tribunals and courts as further described in our ToS and you agree not to raise any jurisdictional issue if we need to enforce an arbitral award or judgment in Romania or another country.

Contact and complaints

22. Questions and comments regarding this Policy are welcomed and should be addressed to the Privacy Officer at . For a comprehensive list of contact details for CloudGenic Network, and each of our related or affiliated entities, payment processors and resellers, together with details of how to contact our privacy officer and data protection officer, see our contacts page.

23. If you are in Europe or otherwise have the right to lodge a complaint with a supervisory authority, you can find contact details for CloudGenic Network’s European Representative and European supervisory authority on our contacts page.