Last Modified: May 7, 2018 (“Effective Date”)
Users can access the Service through our website located at https://docsend.com (“Site”), applications on Devices, through APIs, and through third-parties. A “Device” is any computer used to access the DocSend Service, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device.
While providing our Service, we collect information related to Viewers on behalf of our Users. Our use of information on behalf of our Users is governed by our contract with the applicable User and the User’s own privacy policies. We are not responsible for the privacy policies or privacy practices of Users or other third parties.
1. Information We Collect
When you interact with the Site or the Service and in connection with our events, and sales and marketing activities, we collect information that alone or in combination with other information could be used to identify you (“Personal Data”), as described below:
A. Information You Provide as a User
When you register an account as a User, you may be asked to provide Personal Data including without limitation, your name, phone number, email address, home address or business address.
You may also choose to submit Personal Data to us when you send us an email or use any interactive features that we may make available on the Service. For example, you may ask us to: (a) import your contacts by giving us access to your third party services (such as your email account) or (b) use your social networking information if you give us access to your account on social network connection services.
You may also provide us with your contacts’ email addresses when sharing folders or files with them or if you invite them to join DocSend. In addition, if you sign up for our paid Service, you may be asked to provide additional information, including your credit card information, as described below.
We may also collect data from you including without limitation when you attend one of our events, during phone calls with sales representatives, or when you contact customer support.
C. Employment Applications
When you apply for employment through the Site, our provider of recruiting services will collect your resume and any additional information that you elect to provide to us, including but not limited to your employment history and education. In addition, where permitted by law, we may use a third party to carry out a background check to determine your suitability for a position.
D. Information We Receive from Viewers
If you are a Viewer, a User may request that you provide them with information (including Personal Data) via the Service in order to view that User’s Content. In particular, in order to access Content that a User wants to share with Viewers, a Viewer may be asked to provide his or her email address upon opening a DocSend User’s link (or Viewers’ email address may be provided by the User). DocSend stores this information on behalf of our Users. In the event you as a Viewer provide a User with this information, you do so in accordance with that User’s privacy practices and policies. DocSend is not responsible for the privacy practices of its Users, and does not access this information except with a User’s permission, in order to provide the Service and related support and assistance. If you are a Viewer of one of DocSend’s Users and would no longer like to be contacted by such User that uses DocSend’s Service, please contact the User that you interact with directly.
In providing the Service, we process on behalf of Users information included in the Content that Users (and as appropriate Users’ representatives, employees or other data subjects as elected by Users) upload, download, or access with, share, or send through the Service (“Content”). If you add Content to your account that has been previously uploaded by you or another user, we may associate all or a portion of the previous Content with your account rather than storing a duplicate.
F. Information We Receive from Third Parties
We may also receive Personal Data (such as your email address) through other Users, for example if they have tried to share something with you or tried to refer DocSend to you. We may supplement the information that we collected from Users and Viewers (such as an email address) with additional information obtained from publicly available and third-party databases or services that provide information about business people and companies (including an individual’s name, job title, business contact information, and company information), and display this information to our Users as a part of our Services.
G. Automatically Collected Information
i. Log Data.
When you use the Service, we automatically record information from your Device, its software, and your activity using the Service. This includes the Device’s Internet Protocol (IP) address, operating system, browser type, the web pages you visited before you came to the Site, the web pages you view immediately after leaving our Site, information you search for on the Site, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning the Content, and other interactions with the Content and the Service.
We collect this information in order to deliver the Service and to provide our Users with reporting and analytics relating to the use of the Service. This information is made available to Users via the Service (for example, we provide Users with information on a Viewer’s location based on that Viewer IP address) and may be associated with other information about the User and its Viewers (including Personal Data) that Users provide us.
If you are a Viewer who views Content you receive from a User via the Service, we automatically collect information about your interaction with such Content and our Service. The information we collect includes:
- Whether or not a you have viewed or are viewing Content;
- Date and time you viewed the Content;
- Number of times and length of time Content was viewed;
- Which portions of the Content were viewed; and
- Your IP address and location.
ii. Cookies And Other Tracking Technologies.
2. How We Use Information
A. Provide Information; Respond to Requests
When you ask for information about the Service (for example, when you request a demo or ask us to send you offers or price information), or register to a webinar or an event, we will use your contact information to respond to your request. For EU data subjects, such use is necessary to respond to or implement your request.
B. Provide the Service to Users
We use account-related data provided by Users in connection with the purchase, sign-up, use, or support of the User account (such as usernames, email address and billing information) to provide you with access to the Service and/or the Site, contact you regarding your use of the Service and/or the Site, or to notify you of important changes to the Service and/or the Site. For EU data subjects, such use is necessary for the performance of the contract between you and us.
We process Personal Data relating to Viewers and your Content on your behalf for the purpose of providing the Service and to provide our Users with reporting and analytics relating to your interaction with your Content and our Service, in accordance with the applicable User contract. Data relating to Viewers that we receive through the Service will be made available to Users who communicate with Viewers via the Service, and may be associated by Users with other information about Viewers (including Personal Data) that Users have provided us or that Viewers have provided to Users via the Service. DocSend does not use or access Viewers’ Personal Data collected by its Users through their use of the Service except with a User’s permission, in order to provide the Service, and to provide related support and assistance.
C. Sending Users Marketing Communications and Other Announcements
We will use your email or mail address to send you information (as applicable) by email and post about new products and services, upcoming events or other promotions. You may opt out of receiving such emails by following the “unsubscribe” instructions in each promotional email we send you. Please note that if you opt out from marketing communications, we may still contact you regarding issues related to our Service and to respond to your requests. Our sales representatives may also use your phone number to contact you directly by phone, in connection with such new products and services, upcoming events or other promotions.
Where required by applicable law (for example, if you are an EU data subject), we will only send you marketing information by email or mail, or contact you by phone, if you consent to us doing so at the time you provide us with your Personal Data. When you provide us with your consent to be contacted for marketing purposes, you have the right to withdraw your consent at any time by following the instructions to “opt-out” of receiving marketing communication in each marketing email we send you. In addition, if at any time you do not wish to receive future marketing communications or wish to have your name deleted from our mailing or calling lists, please contact us at firstname.lastname@example.org. Please note that if you opt out from marketing communications, we may still contact you regarding issues related to our Service and to respond to your requests.
D. For Legitimate Business Interests
We use data relating to your use of and interaction with the Site and the Service, including information that we receive through cookies and similar technologies, for certain legitimate business interests, which include the following:
- to provide, administer, and support the Site and the Service;
- to personalize and improve your access to and use of the Site and the Service (including to increase
our Service’s functionality, product features, and user-friendliness);
- to verify Users have the authorization needed for the Service to process their requests;
- to inform our marketing strategy and personalize our communications with you (including providing or offering software updates, information on our features and other marketing and service-related announcements relevant to the content and features you engage with);
- to conduct analytics and report on industry trends on content usage and performance;
- to meet our corporate and social responsibility objectives;
- if you ask us to delete your data or to be removed from our marketing lists and we are required to fulfil your request, we will keep basic data to identify you and prevent further unwanted processing;
- for internal business/technical operations, including troubleshooting, data analysis, testing, to prevent fraud or criminal activity, misuses of our products or services and ensure the security of our IT systems, architecture, and networks.
3. Information Sharing and Disclosure
A. Your Use
We will display your Personal Data on your profile page and elsewhere on the Service according to the preferences you set in your account. You may access and change these preferences at any time as described in Section 4. Any Personal Data you choose to provide should reflect how much you want others to know about you.
When Viewers receive Content from Users, we show a User’s name to the relevant Viewer. We also give our Users the ability to provide their contact information within the document viewer to the relevant Viewers. We show a Viewer’s email address and name to the User who sent the Content through our Service, if the Viewer has provided his or her email address.
We may also share or disclose your information with your consent, for example if you use a third party application to access your account (see below). Through certain features of the Service, you may also have the ability to make some of your information public. Public information may be broadly and quickly disseminated. Please consider carefully what Personal Data you disclose in your profile page and our Service, and your desired level of anonymity.
B. Employees, Service Providers, Business Partners, and Others
As of the Effective Date, we use Amazon’s S3 storage service to store some of your information (for example, your Content). You can find more information on Amazon’s data security from the S3 site at: http://aws.amazon.com/s3/faqs/ and http://aws.amazon.com/security/. In addition, as noted in Section 8, we may use a third party credit card payment service to collect and process your credit card payments for any Service that you purchase for a fee (a “Purchased Service”). You can find more information on our provider’s privacy practices and other terms at https://stripe.com/us/terms and https://stripe.com/us/privacy.
C. Third-Party Applications
D. Compliance with Laws and Law Enforcement Requests; Protection of DocSend’s Rights
We may disclose to parties outside DocSend files stored in your DocSend account and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation, or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of DocSend or its users; or (d) to protect DocSend’s property rights. If we provide your Content to a law enforcement agency as set forth above, we will remove DocSend’s encryption from the files before providing them to law enforcement. However, DocSend will not be able to decrypt any files that you encrypted prior to storing them on DocSend.
E. Business Transfers
4. Changing or Deleting Your Information
If you are a registered User, you may review, update or correct the Personal Data provided in your registration or account profile by changing your “account settings.” If you would like to delete your account, please contact us as indicated below. If your Personal Data changes, or if you no longer desire our Service, you may update it by making the change on your account settings. In some cases we may retain copies of your information as described in Section 5 below. For questions about your Personal Data on our Service, please contact email@example.com.
5. Data Retention
6. DocSend Team Users
If you’re using DocSend on an account tier that provides account administration (“DocSend Team User”), your administrator may be able to:
- access information in and about your DocSend Team User account;
- disclose, restrict, or access information that you have provided or that is made available to you when using your DocSend Team User account; and
- control how your DocSend Team User account may be accessed or deleted.
Please refer to your organization’s policies if you have questions about your Administrator’s rights.
7. DocSend Community
Our Service may offer publicly accessible community services such as blogs, forums, and wikis. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. Your posts may remain even after you cancel your account. For questions about your Personal Data on our Service, please contact firstname.lastname@example.org.
8. Collection and Use of Information by Third Parties
B. Third Party Collection of Your Credit Card Information
If you choose to subscribe to a Purchased Service payment of which is via credit card, our third party credit card processor (Stripe) will process your credit card. Accordingly, you authorize DocSend to collect, use, retain, and disclose your credit card and other payment information to Stripe and represent and warrant that you have all necessary rights to disclose such information to us. In addition, we may share your personal Data with trusted third parties who are integral to the operation of our Service, including but not limited to financial institutions, payment processors, verification services and credit bureaus, as well as any third parties that you have directly authorized to receive your Personal Data. If you have questions about how Stripe protects the data it receives from DocSend Users, please refer to https://stripe.com/us/terms and https://stripe.com/us/privacy.
DocSend does not receive or store credit card information on our servers. We receive a transaction “token” and a one-time use ID number so we can validate that the transaction has been successfully completed. Areas of this Service that collect your Personal Data use industry standard secure socket layer encryption; however, to take advantage of this your browser must support encryption protection.
C. Other Third Party Collection of Other Information
We may use third party companies including Google, Kissmetrics, and Intercom to provide us with analytics information. These companies may collect Personal Data and other information from you via our Site and Service. You can find out more information about what information Google collects and how it uses and discloses that information here: http://www.google.com/policies/privacy. You can find out more information about what information Kissmetrics collects and how it uses and discloses that information here: https://www.kissmetrics.com/privacy. You can find out more information about what information Intercom collects and how it uses and discloses that information here: http://docs.intercom.io/privacy.
We may also allow you to log in to our Service using third party accounts such as LinkedIn and Google. If you use these services, they may collect Personal Data from you via our Site and Service. You can find out more information about what information LinkedIn collects and how it uses and discloses that information here: http://www.linkedin.com/legal/privacy-policy.
9. EU Data Subjects
B. Data Controller
DocSend is the data controller for processing of your Personal Data, but we act as a data processor for Personal Data that we process on behalf of our Users. Please see the “Contacting Us” section below to find out how to contact us.
C. Your Rights
Subject to applicable EU law, you have the following rights in relation to your Personal Data:
- Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it. We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
- Right to data portability: Effective 25 May 2018, you have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
- If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing or
- If we are processing your Personal Data for direct marketing.
- Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing of your data before we received notice that you wished to withdraw your consent.
- Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.
You may exercise your rights by contacting us as indicated under “Contacting Us” section below.
D. Legitimate Interest
E. Data Transfers
We rely on the EU-U.S. and Swiss-U.S. Privacy Shield certification to transfer Personal Data and other information that we receive from the EU and Switzerland to DocSend in the U.S. (for more information, please read the “Privacy Shield” section below).
10. Privacy Shield
We rely on our Privacy Shield certification to transfer Personal Data and other information that we receive from the EU and Switzerland to DocSend in the U.S. and we process such in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (“Privacy Shield Principles”), as described below.
B. Notice And Choice
This Policy provides notice of the Personal Data collected and transferred under the Privacy Shield and the choice that you have with respect to such data. It also provides information about other Privacy Shield Principles that are set forth below.
C. Accountability for Onward Transfers
We may be accountable for the Personal Data we receive under the Privacy Shield that we may transfer to third-party service providers (as described in the “Information Sharing and Disclosure” section above) if they process Personal Data in a manner inconsistent with the Privacy Shield Principles and we are responsible if they do so and for the harm caused.
We maintain security measures to protect Personal Data as described in the “Security” section of this Policy.
E. Data Integrity and Purpose Limitation
You have certain rights to access, correct, amend, or delete Personal Data where it is inaccurate, or has been processed in violation of the Privacy Shield Principles. Please see the “EU Data Subject” section above for more information on rights of EU data subjects (and, to the extent applicable, data subjects in Switzerland). When we process Personal Data on behalf of our Users, we will process such requests pursuant to our contract with that User.
G. Recourse, Enforcement, Liability
In compliance with the Privacy Shield Principles, DocSend commits to resolve complaints about our processing of your Personal Data. European Union and Swiss individuals with inquiries or complaints regarding this Private Shield Policy should first contact DocSend as follows:
- Email: email@example.com
- Attention: Privacy
- Postal Mail: 351 California St., STE 1200, San Francisco, California, 94104, United States of America
We have further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider JAMS (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield. DocSend will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website at https://www.jamsadr.com/international-mediation-rules.
If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Privacy Shield Panel. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
We are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to Personal Data received or transferred pursuant to the Frameworks.
The security of your information is important to us. We follow generally accepted standards to protect the Personal Data submitted to us, both during transmission and once we receive it. No method of electronic transmission or storage is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Site, you can contact us at firstname.lastname@example.org.
12. Our Policy Toward Children
Our Service is not directed to persons under 13. We do not knowingly collect Personal Data from children under 13. If a parent or guardian becomes aware that his or her child has provided us with Personal Data without their consent, he or she should contact us at email@example.com and we will endeavor to delete it.
13. Online Tracking
14. Your California Privacy Rights
Under California’s “Shine the Light” law, California residents who provide personal information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g., requests made in 2017 will receive information regarding 2016 sharing activities).
To obtain this information, please send an email message to firstname.lastname@example.org with “Request for California Privacy Information” on the subject line and in the body of your message. We will provide the requested information to you at your e-mail address in response.
Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.
16. Contacting Us
351 California St., STE 1200
San Francisco, California, 94104
United States of America
If you are an individual in the European Union, you can also contact VeraSafe, who has been appointed as DocSend’s representative in the European Union pursuant to Article 27 of the General Data Protection Regulation, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative.
Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road