View OwnBackup’s response to the EU Court of Justice’s decision invalidating the EU-US Privacy Shield:
Effective Date: February 7, 2023
Last Reviewed: February 7, 2023
At OwnBackup, one of our key company values is building trust through transparency. We know that you care how information about you is used and shared. With this Privacy Notice, we aim to provide you transparency into the types of data we collect about you and what we do with it.
OwnBackup provides cloud-based solutions that help businesses, organizations and government agencies protect against data loss and corruption (the “Services”). The Services include backup, comparison, recovery, archiving, and management of large, complex SaaS-based data sets.
This Privacy Notice applies to the processing of information relating to an identified or identifiable natural person (“Personal Data”), collected by OwnBackup for its own purposes and in the context of operating any of the OwnBackup websites, including www.ownbackup.com and resilience.work as well as any other sites, applications, and third party plugins that may be used to access the service (the “Website”). This Privacy Notice does not cover the use of your Personal Data by OwnBackup on behalf of OwnBackup’s customers (e.g., when OwnBackup processes your Personal Data in the context of the Services) or by third parties on other OwnBackup branded websites. To learn more about the privacy practices of OwnBackup’s customers, please visit their respective websites.
This Privacy Notice describes the types of Personal Data we collect, the purposes for which we collect that Personal Data, the other parties with whom we may share it and the measures we take to protect the security of the data. It also tells you about your rights and choices with respect to your Personal Data, and how you can contact us to update your contact information or get answers to questions you may have about our privacy practices.
How We May Use Your Personal Data
How We Share Your Personal Data
How We Protect Your Personal Data
Features and Links to Other Websites
Updates to This Privacy Notice
We may collect the following Personal Data:
We obtain Personal Data relating to you from various sources described below.
Where applicable, we indicate whether and why you must provide us with your Personal Data, as well as the consequences of failing to do so. If you do not provide Personal Data when requested, you may not be able to use the relevant service or submit your job application with OwnBackup if that information is necessary or if we are legally required to collect it.
a. Personal Data Obtained from Your Interaction with the OwnBackup website
A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to “remember” your actions or preferences over time. Most browsers support cookies, but users can set their browsers to decline them and can delete them whenever they like.
When you use the Website, we may collect certain information by automated means (e.g., via cookies, plugins, and similar technologies), including for example IP address, browser type, operating system, referring URLs and information on actions taken or interaction with our Website, and other mobile trackers. We may use third-party plugins and/or web analytics services on our Website. The providers that administer these services use technologies such as cookies and web beacons to help us communicate with visitors and analyze how visitors use our Website.
We use this information to improve our Website by assessing how many users access or use our Website, which content, products, and features most interest our visitors, what types of offers our customers like to see, and how our service performs from a technical point of view.
b. Personal Data We Obtain when You Apply for a Job with Us
If you are applying for a job at OwnBackup, we may collect certain Personal Data from your job applications, such as your contact information (including name, postal address, email address and phone number), job history, resume or CV, contact details of your references and any other Personal Data you choose to submit along with your application.
c. Personal Data We Obtain in the context of the Services
i) We may obtain Personal Data about you when we (as a Data Processor) process data uploaded by our customers (as Data Controllers) for use in the Services (“Customer Owned Data”). The Data Controller which collected your data can provide you with information as to why they use our service.
This information typically may include, the following elements:
ii) We may obtain Personal Data about you when we (as a Data Controller) collect data from you for the purpose of providing certain components of the Services, for example, when you sign up as an administrator during the service onboarding process.
d. Personal Data We Collect in the Context of our Business Relationship with Customers
We may collect Personal Data from individuals working for one of our customers, partners or suppliers, including name, job title, department and name of organization, business email address, business postal address and business telephone number. We may use this information to manage our business relationships, for marketing and to comply with applicable law, as well as for accounting, auditing and billing purposes.
We may use your Personal Data to:
We may use Personal Data we obtain about you for the purposes set below. Depending on the country in which you are located, we will only process your Personal Data, when we have a legal basis for processing as listed below:
|Processing activity||Legal Basis for Processing (where required under applicable law)|
|Operate, evaluate, develop and improve our Services (including providing customer support; developing new products and services; manage our communications; determine the effectiveness of and optimizing our advertising; analyzing our products, services and websites).||• You consented to the use of your Personal Data; or • The processing is necessary for entering into, or performance of a contract to which you are party; or • We, or a third party, have a legitimate interest in using your Personal Data for the purpose of providing improved products and communications.|
|Perform accounting, bookkeeping, auditing, and billing activities.||• The processing is necessary for entering into, or performance of a contract to which you are party; or • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or • We, or a third party, have a legitimate interest in using your Personal Data for the purpose of providing accounting, auditing, billing, reconciliation activities, and claims management functions.|
|Anonymize Personal Data, prepare and furnish aggregated data reports showing anonymized information (including, but not limited to the following: compilations, analyses, analytical and predictive models and rules, and other aggregated reports) for the purpose of advising our current and prospective customers, partners, investors and the public about trends, patterns and other insights that may be extracted from this data.||• We, or a third party, have a legitimate interest in using your Personal Data for the purposes of anonymising Personal Data and preparing and furnishing aggregated data reports.|
|Evaluate your interest in employment and contact you regarding possible employment.||• You consented to the use of your Personal Data; or • The processing is necessary for entering into, or performance of a contract to which you are party; or • We, or a third party, have a legitimate interest in using your Personal Data for the purposes of evaluating your interest in employment and contacting you regarding possible employment.|
|Enforce our Terms and Conditions (Including our Master Subscription Agreement) or other legal agreements or rights, where necessary.||• The processing is necessary for entering into, or performance of a contract to which you are party; or • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or • We, or a third party, have a legitimate interest in using your Personal Data for the purposes of enforcing Terms and Conditions (Including our Master Subscription Agreement) and establishing, exercising and defending legal rights.|
|As may be required by applicable laws and regulations, government disclosure obligations, or requested by any judicial process or governmental agency having or claiming jurisdiction over OwnBackup or OwnBackup’s affiliates.||• The processing is necessary for compliance with a legal obligation or other regulatory obligations; or • We, or a third party, have a legitimate interest in using your Personal Data for the purposes of responding to a judicial process, law enforcement or governmental agency.|
|Comply with applicable legal requirements and industry standards and our policies.||• You consented to the use of your Personal Data; or • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or • We, or a third party, have a legitimate interest in using your Personal Data for the purposes of complying with legal requirements and industry standards and our policies.|
We may share Personal Data with:
We do not share or otherwise disclose Personal Data we collect about you, except as described in this Privacy Notice or otherwise disclosed to you at the time the data is collected. Additionally, we do not sell the Personal Data we collect about you, as defined by the California Consumer Privacy Act (CCPA).
We share Personal Data with our affiliates and partners, subject to the terms of this Privacy Notice or as otherwise disclosed to you at the time the data is collected.
We also may share Personal Data with our service providers who perform services on our behalf and in relation to the purposes described in this Privacy Notice. We require these service providers by contract to only process Personal Data in accordance with our instructions and as necessary to perform services on our behalf or comply with legal requirements. We also require them to safeguard the security and confidentiality of the Personal Data they process on our behalf by implementing appropriate technical and organizational security measures and confidentiality obligations binding employees accessing Personal Data.
We also may disclose data about you: (i) if we are required to do so by law or legal process, (ii) in response to a request from a court, law enforcement authorities, or government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
We also reserve the right to transfer Personal Data we have about you in the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use Personal Data you have provided to us in a manner that is consistent with this Privacy Notice. Following such a sale or transfer, you may contact the entity to which we transferred your Personal Data with any inquiries concerning the processing of that information.
Subject to applicable law(s), you have the right to:
You may also submit a request as described in the “How to Contact Us” section.
Subject to applicable law(s), you have certain rights regarding the Personal Data we maintain about you and certain choices about what Personal Data we collect from you, how we use it, and how we communicate with you. Those include your rights to:
Additionally, if you are located in California, we will not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights, except where the different price or level of quality of good or service is reasonably related to the value of the data that we receive from you. In some instances, we may not be able to provide you with the good or service that you request if you choose to exercise certain rights.
If you are located in California, you may also choose to exercise the following right(s):
The above rights may be limited in some circumstances by local law requirements.
If we fall short of your expectations in processing your Personal Data or you wish to make a complaint about our privacy practices, please tell us because it gives us an opportunity to fix the problem. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time and, in any event, within the legal time limit for responding, where applicable.
We maintain appropriate security safeguards to protect your Personal Data and only retain it for a limited period.
We maintain appropriate administrative, technical, and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. We use SSL encryption on our Website and restrict access to your Personal Data to only those employees who need access to that data, in accordance with this notice.
We also take measures to delete your Personal Data or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we processed it or when you request their deletion, unless we are required by law to keep the information for a longer period. We complete periodic reviews of our databases, and have established specific time limits for data deletion, taking into account the type of data collected, the type of services provided, and the length of the customer relationship, possible re-enrollment with the Services, mandatory retention periods, regulatory requirements and the statute of limitations.
OwnBackup is a global business. We may transfer your Personal Data to the United States and other countries which may not have the same data protection laws as the country in which you initially provided the information, but we will protect your Personal Data in accordance with this Privacy Notice, or as otherwise disclosed to you.
If you are located in the EEA, the UK or Switzerland, we will transfer your Personal Data in accordance with this Privacy Notice and make use of accepted data transfer mechanisms, such as data transfer agreements that incorporate Standard Contractual Clauses approved by the European Commission or the corresponding mechanisms applied under UK and Swiss data protection laws.
OwnBackup is a global business. We may transfer or disclose Personal Data we collect about you to recipients in countries other than your country, including to the United States. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer or disclose your Personal Data to other countries, we will protect that information in compliance with applicable laws as described in this Privacy Notice.
We comply with applicable legal requirements providing adequate safeguards for the transfer of Personal Data to countries other than the country where you are located. We may also transfer Personal Data to countries for which adequacy decisions have been issued, and use contractual protections for the transfer of Personal Data to third parties, such as the European Commission’s Standard Contractual Clauses (SCCs). You may contact us as specified in the “How to Contact Us” section below to obtain a copy of the safeguards we use to transfer Personal Data outside of the EEA, UK and Switzerland.
You may choose to use certain features for which we partner with other entities that operate independently from OwnBackup.
On our Website, you may choose to use certain features that can be accessed through, or for which we partner with, other entities that are not otherwise affiliated with OwnBackup. These features, which may include, social networking, geo-location, security, and spam filtering tools, are operated by third parties, including social networks, and are clearly identified as such. These third parties may use or share Personal Data in accordance with their own privacy policies. We strongly suggest you review these third parties’ privacy policies if you use these features.
OwnBackup’s products and services are not directed to or intended for children.
OwnBackup does not offer services to minors and does not knowingly collect Personal Data from children under the age of 13. If you believe we have collected information from your child in error or have questions or concerns about our practices relating to children, please notify us using our contact details below.
While no longer considered a valid transfer mechanism in the wake of Schrems II, OwnBackup nonetheless still subscribes to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
In compliance with the Privacy Shield Principles, OwnBackup commits to:
a) resolve questions or complaints about our collection or use of your personal information under the Privacy Shield Frameworks by following the Dispute Resolution process set out here;
b) cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland;
c) submit to binding arbitration before the Privacy Shield Panel if this option has been invoked by you, as is your right under certain circumstances;
d) cooperate with the DPAs and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of any applicable employment relationship; and
e) accept responsibility (including any potential liability) for onward transfers of personal data to third parties.
In addition, it is important for you to be aware that, with respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, OwnBackup is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission and U.S. Department of Transportation.
This Privacy Notice may be updated periodically to reflect changes in our privacy practices.
This Privacy Notice may be updated periodically to reflect changes in our Personal Data practices. We will notify you of any significant changes to our Privacy Notice by indicating at the top of the notice when it was most recently updated. If we update this Privacy Notice, in certain circumstances, we may seek your consent. This Privacy Notice will be reviewed at least once every twelve months and accordingly we will indicate at the top of this notice the last time that this review occurred, even if that review did not result in a change to the Privacy Notice.
You can e-mail us at email@example.com with any questions, comments, or concerns around our privacy practices and policies.
You may submit a request to exercise your rights or share any questions, comments, or complaints about this Privacy Notice or our privacy practices by e-mailing us at firstname.lastname@example.org, or at the contact below:
940 Sylvan Ave
Englewood Cliffs, NJ 07632