What information do we collect about you?
EthosData may collect and receive User Personal Data and other information and data (“Other Information”) in a variety of ways:
||Purpose of processing
||First name of the use
||We use is to easily identify the user within the application. This field is mandatory
||Last name of the user
||We use is to easily identify the user within the application. This field is mandatory
||Email address of the user
||It is an essential part of an user ID. It is used as username to access the platform (credential), track the user’s activity, permissions, reporting and auditing. This field is mandatory
||Contact phone number of the user
||It is used to register a direct way of contact for support purposes. This field is mandatory
||Mobile phone number of the user
||It is an essential part of User ID security (Two-Step verification). It is used as second factor of user authentication upon login into the Platform by sending a temporal verification code via SMS. This field is mandatory
||Company name which the user if working fo
||It is used to associate a user with a group of users with the same email domain. This is how our platform organize the users list in the database. This field is mandatory
|Security questions and answers
||Personal questions and answers setup by the user when activating their account
||They are used as part of the security checks to reset user’s accounts. These questions will be asked to the user upon reset password process to guarantee the identity of the user’s owner. The user will need to set the correct answers set when creating the account. These fields are mandatory
||Personal password for user account
||It is an essential part of an user ID. It is used as password to access the platform (credential) and security validation of the user’s account. This field is mandatory
||Timezone associated to user’s account
||It is used to show the time stamps on documents activities visible by the user according to the timezone selected. By default is set to GMT. This field is mandatory
||Language associated to user’s account
||It is used to show the application interface in the selected language by the user. By default is set to English. This field is mandatory
. EthosData also collects, generates and/or receives Other Information:
- Usage Information
- Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our platform and record it in log files. This log data may include the Internet Protocol (IP) address, browser type and settings, the date and time the platform were used, information about browser configuration and plugins, language preferences and cookie data.
- Device information. EthosData collects information about devices accessing the platform, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this Other Information often depends on the type of device used and its settings.
- Platform audit data. The Platform also maintain an log trail of your access to the Projects together with information such us (but not limited to) your IP address, data, pages visited, browser configuration and duration of session (“Audit Information”). This information might be used to troubleshoot or solve access issues, monitor performance, provide high-level anonymous statistical data and ensure security. The Audit Information will also be accessible to the manager and administrator of the Projects.
- Web Beacons: Pixel tags and web beacons (also known as tracking pixels) are small images placed on webpages or in emails. Using these tools, we can identify whether you performed a particular action. When activated, the pixel tags and web beacons generate a notice of action. We use the information provided by web beacons to develop a better understanding of how the visitors use the Platform, and to facilitate those visitors’ interactions with the Platform. We also use them to deliver advertisements and track their performance and enable advertising networks to deliver advertisements that may be relevant to you based on your activities on the Platform.
How we use the information about you?
- User Personal Data will be used by EthosData in accordance with Customer’s instructions, including any applicable terms in the Customer’ Service Agreement and as required by applicable law. EthosData is a processor of User Data and Customer is the controller. Customer may, for example, use the Services to grant and remove access to a Project, assign roles and configure permissions, access, modify, export, share and remove User Personal Data and otherwise apply its policies to the Services. EthosData uses Other Information in furtherance of our legitimate interests in operating our Services, Platform and business. More specifically, EthosData uses Other Information:
- As part of our Service. You may receive certain emails relating to your use of the Platform, such as email alerts related to Projects on which you are a participant, managements account and ot her email communications relating to the Platform. You may receive messages via SMS with verification codes when trying to log in into the Platform as part of EthosData's Two-Step Verification system.
- To provide, update, maintain and protect our Services, Platform and business. This includes use of Other Information to support delivery of the Services under a Customer Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at an Authorized User’s request.
- As required by applicable law, legal process or regulation.
- To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Other Information to respond.
- To develop and provide search, learning and productivity tools and additional features. EthosData tries to make the Services as useful as possible for specific Projects and Authorized Users. For example, we may improve contextual help functionality by using Other Information to help determine and rank the relevance of content, make Services suggestions based on historical use and predictive models, identify organizational trends and insights, to customize a Services experience or create new productivity features and products.
- To send emails and other communications. We may send you service, technical and other operational emails or phone calls. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about EthosData. These are marketing messages so you can control whether you receive them in the “Profile” section of your account.
- For billing, account management and other administrative matters. EthosData may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their personal data. These rights and how we comply with them are:
||How we comply
||Users can access and see which personal data is processed at any time by acceding to their Profile section
||Users can modify their personal data at any time by acceding to their Profile section.
|Erasure (right to be forgotten)
||Users are able to execute this right by contacting EthosData support team. Then EthosData will trigger the process to erase the user’s account.
||User accounts can be disabled so personal information will remain stored but no further processing can be done.
Users are able to execute this right by contacting EthosData support team.
||This right does not apply under legitimate interest lawful basis.
|Automated decision making and profiling
||We do not process personal data via automated decision making and profiling solely without human interaction for our platform.
You can usually do this using the Profile section on your account. If you cannot use it, contact EthosData support team for additional access and assistance. Please check https://www.ethosdata.com/virtual-dataroom-contact/
for contact information. To the extent that EthosData’s processing of your Personal Data is subject to the General Data Protection Regulation, EthosData relies on its legitimate interests, described above, to process your data. EthosData may also process Other Information that constitutes your Personal Data for direct marketing purposes and you have a right to object to EthosData’s use of your Personal Data for this purpose at any time.
We take the security of your data very seriously at EthosData. As transparency is one of the principles on which our company is built, we aim to be as clear and open as we can about the way we handle security.
If you have additional questions regarding security, we are happy to answer them. Please write to firstname.lastname@example.org and we will respond as quickly as we can.
Our operations require that some employees have access to the systems which store and process Customer Data. For example, in order to diagnose a problem you are having with the EthosData services, we may need to access your Customer Data. These employees are prohibited from using these permissions to view Customer Data unless it is necessary to do so.
Our operations have been audited for processes, technology and security by leading financial institutions and law firms. We also perform regular internal audits to ensure that all points of potential data compromise are minimized.
In addition to layers of technical security, we rigorously screen our staff and have each person sign a non-disclosure agreement. All EthosData employees, from software engineers to account managers, undergo a thorough background check. All members of staff are provided with comprehensive training in Data Privacy (ISMS) and Compliance (according to ISO 27001 and ISO 7799 certification), prior to any involvement in a client transaction.
The environment that hosts the EthosData services maintains multiple certifications for its data centers; which guarantee the compliance and security standards that a Virtual Dataroom provider must have.
Some of the highlighted certificates are:
- SSAE-16 Type 2
- ISAE 3402
- SOC 2 Type 2
Security starts with the application. Over the years, EthosData software engineers have responded to client and regulatory requirements to ensure that our virtual dataroom adheres to the strictest security standards; this allows the content to be safeguarded against unauthorised access. Both the code design and operations have been implemented following the OWASP 10 rules.
EthosData uses the strongest document level protection available. Our document security provides the ability to lock down different file formats: PDF, Office (Word, Excel, Powerpoint), image, AutoCAD, etc. The restricted permissions apply even when the files are opened on Microsoft native applications. The site administrator has authority to control whether users can copy, print, forward or alter a document. The administrator can also add a personalized watermark.
This encryption and locking functionality can be enforced on any supported document posted to the EthosData application and these rules remain enforced even after the document is taken offline (e.g. saved to a user’s desktop PC). EthosData allows you to track, audit usage and even alter permissions after the document has been distributed, enabling you to revoke access even when the document is outside of your corporate firewall.
Infrastructure Managed Security
Maintaining a very high level of security is the foundation of our business. All our managed security services are backed by the certificates (mentioned above) and follows the best practices in the industry:
- Multiple firewalls, VPN and Load Balancer
- Full-managed Server Monitoring.
- Intrusion Detection System (IDS), log and threat management.
- Secondary Site Failover and Disaster Recovery Management.
- Full-managed Server and Data Backup.
Beside this, we follow an on-going risk assessment where we stay aware of new threats and adapt our security measures before they can affect our infrastructure.
How we share and disclose information?
This section describes how EthosData may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and EthosData does not control how they or any other third parties choose to share or disclose Information.
- Customer’s Instructions. EthosData will solely share and disclose Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and in compliance with applicable law and legal process.
- Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business. These third parties may, for example, provide virtual computing and storage services. Additional information about the subprocessors we use to support delivery of our Services is set forth at EthosData Subprocessors https://www.ethosdata.com/subprocessors/
- To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process. Please see the Data Request Policy to understand how EthosData responds to requests to disclose data from government agencies and other sources.
- To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of EthosData or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With Consent. EthosData may share Other Information with third parties when we have consent to do so.
Data protection authority
EthosData Limited is registered with the UK Information Commisioner’s Office under registration reference ZA250702.
Subject to applicable law, you also have the right to lodge a complaint with your local data protection authority or the UK Information Commissioner’s Office (ICO), which is EthosData’s lead supervisory authority in the European Union. If you are a resident of the European Economic Area and believe we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to our lead supervisory authority:
Information Commissioner's Office
Wycliffe Housebr>Water Lane
Tel: 0303 123 1113 or 01625 545 745
Fax: 01625 524 510
Online contact: https://ico.org.uk/global/contact-us/
352-356 Battersea Park Road,
London, SW11 3BY,