Dataroom, virtual data room

ETHOSDATA PRIVACY POLICY

This privacy policy explains how we use any personal information we collect about you when you use EthosData platform and website.

Contents

Applicability of this privacy policy

This Privacy Policy applies to EthosData’s online platform and other interactions (e.g., customer service inquiries, support, etc.) you may have with EthosData.

What information do we collect about you?

EthosData may collect and receive User Personal Data and other information and data (“Other Information”) in a variety of ways:

ID Description Purpose of processing
First Name First name of the use We use is to easily identify the user within the application. This field is mandatory
Last Name Last name of the user We use is to easily identify the user within the application. This field is mandatory
Email Email address of the user It is an essential part of an user ID. It is used as username to access the platform (credential), track the user’s activity, permissions, reporting and auditing. This field is mandatory
Phone Contact phone number of the user It is used to register a direct way of contact for support purposes. This field is mandatory
Mobile Mobile phone number of the user It is an essential part of User ID security (Two-Step verification). It is used as second factor of user authentication upon login into the Platform by sending a temporal verification code via SMS. This field is mandatory
Company Company name which the user if working fo It is used to associate a user with a group of users with the same email domain. This is how our platform organize the users list in the database. This field is mandatory
Security questions and answers Personal questions and answers setup by the user when activating their account They are used as part of the security checks to reset user’s accounts. These questions will be asked to the user upon reset password process to guarantee the identity of the user’s owner. The user will need to set the correct answers set when creating the account. These fields are mandatory
Password Personal password for user account It is an essential part of an user ID. It is used as password to access the platform (credential) and security validation of the user’s account. This field is mandatory
Timezone Timezone associated to user’s account It is used to show the time stamps on documents activities visible by the user according to the timezone selected. By default is set to GMT. This field is mandatory
Language Language associated to user’s account It is used to show the application interface in the selected language by the user. By default is set to English. This field is mandatory


Other Information. EthosData also collects, generates and/or receives Other Information:
  • Usage Information
    • Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our platform and record it in log files. This log data may include the Internet Protocol (IP) address, browser type and settings, the date and time the platform were used, information about browser configuration and plugins, language preferences and cookie data.
    • Device information. EthosData collects information about devices accessing the platform, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this Other Information often depends on the type of device used and its settings.
    • Platform audit data. The Platform also maintain an log trail of your access to the Projects together with information such us (but not limited to) your IP address, data, pages visited, browser configuration and duration of session (“Audit Information”). This information might be used to troubleshoot or solve access issues, monitor performance, provide high-level anonymous statistical data and ensure security. The Audit Information will also be accessible to the manager and administrator of the Projects.
    • Cookie Information. EthosData uses cookies and similar technologies in our Platform that help us collect Other Information. These cookies might be used to track access or usage to the Platform and for other communications. We might also use this information from these cookies to contact about new product features, promotional communications or other news about EthosData. These are marketing messages so you can control whether you receive them easily in the “Profile” section of your account.
    • Web Beacons: Pixel tags and web beacons (also known as tracking pixels) are small images placed on webpages or in emails. Using these tools, we can identify whether you performed a particular action. When activated, the pixel tags and web beacons generate a notice of action. We use the information provided by web beacons to develop a better understanding of how the visitors use the Platform, and to facilitate those visitors’ interactions with the Platform. We also use them to deliver advertisements and track their performance and enable advertising networks to deliver advertisements that may be relevant to you based on your activities on the Platform.

How we use the information about you?

  • User Personal Data will be used by EthosData in accordance with Customer’s instructions, including any applicable terms in the Customer’ Service Agreement and as required by applicable law. EthosData is a processor of User Data and Customer is the controller. Customer may, for example, use the Services to grant and remove access to a Project, assign roles and configure permissions, access, modify, export, share and remove User Personal Data and otherwise apply its policies to the Services. EthosData uses Other Information in furtherance of our legitimate interests in operating our Services, Platform and business. More specifically, EthosData uses Other Information:
    • As part of our Service. You may receive certain emails relating to your use of the Platform, such as email alerts related to Projects on which you are a participant, managements account and ot her email communications relating to the Platform. You may receive messages via SMS with verification codes when trying to log in into the Platform as part of EthosData's Two-Step Verification system.
    • To provide, update, maintain and protect our Services, Platform and business. This includes use of Other Information to support delivery of the Services under a Customer Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at an Authorized User’s request.
    • As required by applicable law, legal process or regulation.
    • To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Other Information to respond.
    • To develop and provide search, learning and productivity tools and additional features. EthosData tries to make the Services as useful as possible for specific Projects and Authorized Users. For example, we may improve contextual help functionality by using Other Information to help determine and rank the relevance of content, make Services suggestions based on historical use and predictive models, identify organizational trends and insights, to customize a Services experience or create new productivity features and products.
    • To send emails and other communications. We may send you service, technical and other operational emails or phone calls. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about EthosData. These are marketing messages so you can control whether you receive them in the “Profile” section of your account.
    • For billing, account management and other administrative matters. EthosData may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, EthosData may use it for any business purpose. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Data.”

Your Rights

Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their personal data. These rights and how we comply with them are:

Rights How we comply
Be informed Users can access to the Privacy Policy and Terms of User at any time on their Profile section and on our login page. Additionally it is explicitly show in the first step when setting up the user’s accounts.
Access Users can access and see which personal data is processed at any time by acceding to their Profile section
Rectification Users can modify their personal data at any time by acceding to their Profile section.
Erasure (right to be forgotten) Users are able to execute this right by contacting EthosData support team. Then EthosData will trigger the process to erase the user’s account.
Restrict processing User accounts can be disabled so personal information will remain stored but no further processing can be done. Users are able to execute this right by contacting EthosData support team.
Data portability This right does not apply under legitimate interest lawful basis.
Object Users have the option to execute this right in the first step of setting up the user’s accounts.Additionally it is explicitly shown in the Privacy Policy (as well as for all other individual rights).
Automated decision making and profiling We do not process personal data via automated decision making and profiling solely without human interaction for our platform.


You can usually do this using the Profile section on your account. If you cannot use it, contact EthosData support team for additional access and assistance. Please check https://www.ethosdata.com/virtual-dataroom-contact/ for contact information. To the extent that EthosData’s processing of your Personal Data is subject to the General Data Protection Regulation, EthosData relies on its legitimate interests, described above, to process your data. EthosData may also process Other Information that constitutes your Personal Data for direct marketing purposes and you have a right to object to EthosData’s use of your Personal Data for this purpose at any time.

Data Security

We take the security of your data very seriously at EthosData. As transparency is one of the principles on which our company is built, we aim to be as clear and open as we can about the way we handle security.

If you have additional questions regarding security, we are happy to answer them. Please write to privacy@ethosdata.com and we will respond as quickly as we can.

Confidentiality

Our operations require that some employees have access to the systems which store and process Customer Data. For example, in order to diagnose a problem you are having with the EthosData services, we may need to access your Customer Data. These employees are prohibited from using these permissions to view Customer Data unless it is necessary to do so.

Our operations have been audited for processes, technology and security by leading financial institutions and law firms. We also perform regular internal audits to ensure that all points of potential data compromise are minimized.

Personnel Security

In addition to layers of technical security, we rigorously screen our staff and have each person sign a non-disclosure agreement. All EthosData employees, from software engineers to account managers, undergo a thorough background check. All members of staff are provided with comprehensive training in Data Privacy (ISMS) and Compliance (according to ISO 27001 and ISO 7799 certification), prior to any involvement in a client transaction.

Compliance

The environment that hosts the EthosData services maintains multiple certifications for its data centers; which guarantee the compliance and security standards that a Virtual Dataroom provider must have.

Some of the highlighted certificates are:

Application Security

Security starts with the application. Over the years, EthosData software engineers have responded to client and regulatory requirements to ensure that our virtual dataroom adheres to the strictest security standards; this allows the content to be safeguarded against unauthorised access. Both the code design and operations have been implemented following the OWASP 10 rules.

EthosData uses the strongest document level protection available. Our document security provides the ability to lock down different file formats: PDF, Office (Word, Excel, Powerpoint), image, AutoCAD, etc. The restricted permissions apply even when the files are opened on Microsoft native applications. The site administrator has authority to control whether users can copy, print, forward or alter a document. The administrator can also add a personalized watermark.

This encryption and locking functionality can be enforced on any supported document posted to the EthosData application and these rules remain enforced even after the document is taken offline (e.g. saved to a user’s desktop PC). EthosData allows you to track, audit usage and even alter permissions after the document has been distributed, enabling you to revoke access even when the document is outside of your corporate firewall.

Infrastructure Managed Security

Maintaining a very high level of security is the foundation of our business. All our managed security services are backed by the certificates (mentioned above) and follows the best practices in the industry:

Beside this, we follow an on-going risk assessment where we stay aware of new threats and adapt our security measures before they can affect our infrastructure.

How we share and disclose information?

This section describes how EthosData may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and EthosData does not control how they or any other third parties choose to share or disclose Information.

Changes to our privacy policy

EthosData may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, EthosData will provide additional notice, such as via email or through the Services. If you disagree with the changes to this Privacy Policy, contact the Customer if you wish to request the removal of Personal Data under their control.

Data protection authority

EthosData Limited is registered with the UK Information Commisioner’s Office under registration reference ZA250702.

Subject to applicable law, you also have the right to lodge a complaint with your local data protection authority or the UK Information Commissioner’s Office (ICO), which is EthosData’s lead supervisory authority in the European Union. If you are a resident of the European Economic Area and believe we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to our lead supervisory authority:

Information Commissioner's Office
Wycliffe Housebr>Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom

Tel: 0303 123 1113 or 01625 545 745
Fax: 01625 524 510
Online contact: https://ico.org.uk/global/contact-us/

Contacting EthosData

Please also feel free to contact EthosData if you have any questions about this Privacy Policy or EthosData’s practices, or if you are seeking to exercise any of your statutory rights. You may contact us at privacy@ethosdata.com or at our mailing address below:

EthosData Limited
Penhurst House,
352-356 Battersea Park Road,
London, SW11 3BY,
United Kingdom