ACRONIS PRIVACY SHIELD POLICY

Effective: May 25, 2018

Acronis, Inc. («Acronis,» «our,» «we» or «us») complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Frameworks (together «Privacy Shield») as set forth by the U.S. Department of Commerce regarding the collection, use and retention of Personal Data (as defined below) transferred from European Union member countries and Switzerland to the United States. Acronis has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Acronis is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

Please also see the Acronis Privacy Statement for more information regarding our data handling practices.

Definitions

In this Acronis Privacy Shield Policy:

  • «Personal Data» means any information relating to a User that identifies or can be used to identify that User, either separately or in combination with other readily available data that is received by Acronis in the U.S. from the EEA or Switzerland in connection with the Services, including information provided offline, including Sensitive Personal Data.
  • «Sensitive Personal Data» means Personal Data regarding an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, physical or mental health, or sexual life.
  • «Services» means Acronis’ websites, hosted applications and related support services.
  • «User» means an individual who accesses and uses the Services and who resides in the EU or Switzerland.

Scope

Acronis commits to comply with the Privacy Shield Principles with respect to Personal Data received from Users in connection with the use of the Services. This Acronis Privacy Shield Policy does not apply to Personal Data transferred under Standard Contractual Clauses or any approved derogation under EU data protection law.

Privacy Shield Principles

Acronis commits to processing Personal Data in accordance with the Privacy Shield Principles as follows:

1. Notice

Acronis’ Privacy Policy notifies Users covered by this Acronis Privacy Shield Policy about the categories of Personal Data that Acronis collects and the purposes for collection and use of their Personal Data. Acronis will only process Personal Data in ways that are compatible with the purpose for which Acronis collected it or for purposes later authorized.

The types of Personal Data the Acronis collects from Users depends on the purpose for which each User chooses to use the Services.

  • When a User creates an account to use the Services, Acronis collects name, email address, and zip code. Acronis also collects billing and shipping information.
  • When a User submits a request for support, Acronis may collect the following types of Personal Data (some of which is Personal Data) name, telephone number, email address and other information that the User chooses to give us to respond to the support request.
  • Acronis automatically collects the date and time of the User’s access to the Services. Depending on the settings of a User’s computer or mobile device ("Device"), Acronis also automatically collects: Internet Protocol (IP) address; MAC address; Device make, model and operating system version; mobile network information; internet service provider; browser type and language; country and time zone in which the Device is located; and metadata stored on the Device.
  • Acronis shares Personal Data collected through the Services with third parties that Acronis engages to provide marketing, billing and similar administrative services.

All Personal Data is collected to operate, manage and improve the Services and ensure the technical functionality and security of the Services. Before Acronis uses Personal Data for a purpose that is materially different from the purpose for which Acronis collected it or that was later authorized, Acronis will provide Users with the opportunity to opt out.

PLEASE SEE THE ACRONIS PRIVACY STATEMENT FOR MORE INFORMATION.

2. Choice

If Acronis collects Personal Data, we will obtain opt-in consent whenever Privacy Shield requires, including if we disclose Personal Data to third parties or before Personal Data is used for a different purpose than that purpose for which it was collected or later authorized.

Please send requests to limit the uses or disclosures of Personal Data to privacy-shield@acronis.com.

3. Accountability for Onward Transfer

Acronis may share personal data collected through the Services as follows:

  • Vendors: We share information with our vendors that help us operate the Services, such as by providing customer service, helping us with marketing or testing our security measures. Acronis will ensure that any vendor with which we share personal data agrees to use commercially reasonable measures to safeguard it
  • Resellers: We share information with our resellers and other third parties that promote, resell and/or white-label the Services.
  • Corporate Transaction: We may share and transfer personal data if we are involved in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control by Acronis or any affiliated company (in each case, whether in whole or in part).

PLEASE SEE THE ACRONIS PRIVACY STATEMENT FOR MORE INFORMATION.

If Acronis transfers Personal Data covered by this Acronis Privacy Shield Policy to a third party, Acronis takes reasonable and appropriate steps to ensure that each third party transferee processes Personal Data transferred in a manner consistent with Acronis’s obligations under the Privacy Shield Principles. Acronis will ensure that each transfer is consistent with any notice provided to Users and any consent they have given. Acronis requires a written contract with any third party receiving Personal Data that ensures that the third party (i) processes the Personal Data for limited and specified purposes consistent with any consent provided by Users, (ii) provides at least the same level of protection as is required by the Privacy Shield Principles, (iii) notifies Acronis if it cannot comply with Privacy Shield; and (iv) ceases processing Personal Data or takes other reasonable and appropriate steps to remediate.

Under certain circumstances, Acronis may be required to disclose Personal Data in response to valid requests by public authorities, including for national security or law enforcement requirements.

Acronis remains liable under the Privacy Shield Principles if an agent processes Personal Data covered by this Acronis Privacy Shield Policy in a manner inconsistent with the Principles unless Acronis is not responsible for the event giving rise to the damage.

4. Security

Acronis takes appropriate measures to protect Personal Data covered by this Acronis Privacy Shield Policy from loss, misuse and unauthorized access, disclosure, alteration, unavailability and destruction. In determining these measures, Acronis takes into account the risks involved in the processing and the nature of the Personal Data.

5. Data Integrity and Purpose Limitation

Acronis takes reasonable steps to ensure that such Personal Data is reliable for its intended use, accurate, complete and current. Acronis adheres to the Privacy Shield Principles for as long as it retains Personal Data in identifiable form.  Acronis takes reasonable and appropriate measures to comply with the requirement under the Privacy Shield to retain Personal Data in identifiable form only for as long as it serves a purpose of processing.

Acronis limits the collection of Personal Data covered by this Acronis Privacy Shield Policy to information that is relevant for processing. Acronis does not process Personal Data in a way that is incompatible with the purpose for which it was collected or subsequently authorized by a User.

6. Access

A User whose Personal Data is covered by this Acronis Privacy Shield Policy has the right to access his or her Personal Data and to correct, amend, limit use of or delete the Personal Data if the Personal Data is inaccurate or processed in violation of the Privacy Shield Principles. Acronis is not required to grant the rights to access, correct, amend and delete Personal Data if the burden or expense of providing access, correction, amendment or deletion is disproportionate to the risks to the User’s privacy or if the rights of persons other than the User are or could be violated.

Please submit requests for access, correction, amendment or deletion to privacy-shield@acronis.com.

7. Recourse, Enforcement, and Liability

In compliance with the Privacy Shield Principles, Acronis commits to resolve complaints about your privacy and our collection or use of your Personal Data transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact Acronis at privacy-shield@acronis.com.

Acronis has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Acronis commits to periodically review and verify its compliance with the Privacy Shield Principles and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. Acronis acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Privacy Shield participants.

Changes to this Acronis Privacy Shield Policy

Acronis may amend this Acronis Privacy Shield Policy consistent with the requirements of the Privacy Shield, including notice about any amendment.

How to Contact Acronis

If you have any questions about this Acronis Privacy Shield Policy or would like to request access to your Personal Data, please contact us as follows:

Acronis, Inc.
1 Van de Graaff Drive, Suite 301
Burlington, MA, 01803
Attention: Data Protection Officer
Contact: privacy-shield@acronis.com