Privacy Policy (Including EU- GDPR provisions)
ePRINTit™ is committed to respecting your privacy through the protection of your personal information. When we collect your personal information, you can be confident that we handle and store it in a secure manner to protect your information from unauthorized access or disclosure. We only collect your personal information for the purposes specified in this Privacy Policy, and we will not sell your personal information to others.
Our postal address is ePRINTit™, 7820 S Quincy Street, Willowbrook IL 60527
We can be reached via e-mail at [email protected] or you can reach us by telephone Toll Free in NA | (877) 494-0443
Nothing in this Privacy Policy, or otherwise, will create, or add to, any right or claim (whether legal, equitable or otherwise) that any individual or person may have at law, or otherwise, against any of the ePRINTit’s™ respective directors, officers, employees, agents or representatives; nor will the existence of this Privacy Policy or its application impose any obligations or liability upon ePRINTit™ Representatives, or add to any such obligation or liability, that ePRINTit™ Representatives do not already otherwise have to any individual or person at law or otherwise.
This Web site Privacy Policy may be updated from time to time so please check back periodically.
External Links Disclaimer: In some cases, we link to other sites created and maintained by other public and/or private sector organizations. We provide these links solely for your information and convenience. When you link to an outside Web site, you are leaving the ePRINTit™ Web site and our information management policies no longer apply.
Your Consent
BY SUBMITTING PERSONAL INFORMATION TO ePRINTit™ VIA OUR WEB SITE, YOU CONSENT TO OUR COLLECTION, USE AND DISCLOSURE OF SUCH PERSONAL INFORMATION FOR THE PURPOSES DESCRIBED IN THIS PRIVACY POLICY AND AS PERMITTED OR REQUIRED BY LAW.
Subject to legal and contractual requirements, you may opt out of receiving communications from ePRINTit™ Representatives by setting your communications preferences in the “Your Profile” section of the Web site or by calling | (877) 494-0443 and asking for assistance on how you may opt out of receiving online communications. Your personal information may be retained in the database to ensure that we honor your privacy requests to opt-out of certain communications, for record keeping purposes, for internal research and analysis, and the other purposes described in this Privacy Policy. To be completely removed from all data Bases, please indicate this in your email header line from your registered email address that you wish to have your contact information completely removed. If you provide us with personal information concerning another individual, you represent and warrant that you have all necessary authority and/or have obtained all necessary consents from such individual to enable us to collect, use and disclose such personal information for the purposes set forth in this Privacy Policy.
What information do we collect?
When you browse or download information from the ePRINTit™ Web site, our servers automatically collect limited amounts of standard information for traffic monitoring and statistical purposes. The information is analyzed for operational trends, performance, and for ways to improve our site. ePRINTit™ cannot identify you from this information. Example information includes, but is not limited to: Internet Protocol (IP) addresses of the computers being used to access our site; the operating systems and the types and versions of browsers used to access our site; the Internet Service Providers used by visitors to our site; the dates and times users access our site; the pages visited; and the names and sizes of files requested.
In addition to this anonymous information, ePRINTit™ may also collect information that is about an identifiable individual, referred to within as personal information. Personal information includes information that tells us specifically who you are. When registering on our site, as appropriate, you may be asked to enter your name, e-mail address, mailing address, and phone number.
You can access our Web site home page and browse public pages of our site without disclosing your personal information.
Children
The ePRINTit™ Web site is a general audience site which is neither designed nor intended to collect personal information from children who are under the age of 13. In order to ensure compliance with the provisions of the Children’s Online Privacy Protection Act (COPPA), children under the age of 13 should not provide any personal information to this site. We request that parents and guardians supervise their children’s online activities.
ePRINTit™ REGISTRATION
The ePRINTit™ Web site contains a forum which permits individuals to interact online. Any information you transmit online in this forum will be KEPT PRIVATE by ePRINTit™ and will never be shared with third parties. All data sent for document processing by ePRINTit™ can be completely destroyed by Customer and all data is automatically destroyed in its encrypted form within 8-days of submission. Customer receives notice of this destruction and data expiry in their mobile APP and Private Web portals. All documents are provided with a count-down clock indicating this expiry and destruction date.
How do we use your personal information?
Any of the personal information we collect from you may be used in one of the following ways:
- To improve customer service
- Your information helps us to more effectively respond to your customer service requests and support needs.
- To process transactions
Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.
The e-mail address you provide for order processing and/or information requests, may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news, updates, related product or service information, etc.
Note: If at any time you would like to unsubscribe from receiving future e-mail, we include detailed unsubscribe instructions at the bottom of each e-mail.
What are “cookies” and does ePRINTit™ use them?
A cookie is a small text file containing a unique identification number that is transferred from a Web site to the hard drive of your computer. This unique number identifies your browser, but not the individual, whenever you visit the ePRINTit™ Web site. These cookies will not let a Web site know any personal information about you, such as your name and address. Since these cookies are only text files, they cannot run on your computer, search your computer for other information or transmit any information to anyone. Cookies are used on many major Web sites. Many browsers are initially set up to accept cookies. If you prefer, you can reset your browser either to notify you when you have received a cookie, or to refuse to accept cookies.
To help serve you better, ePRINTit™ uses two types of cookies: session cookies (temporary) and persistent cookies (longer-term continuing use). Session cookies are used to support forms, registration and shopping cart information. They are used only during your online session and expire when you close your browser. Without session cookies, navigating around our Web site would be less convenient. Persistent cookies are stored on your computer’s hard drive for some length of time. They are usually used if you want us to remember information about your Web preferences (e.g. language preference).
Does ePRINTit™ share the information that is collected?
Your information will only be disclosed when legally required to do so, at the request of governmental authorities conducting an investigation, to verify or enforce compliance with the policies governing our Web site and applicable laws or to protect against misuse or unauthorized use of our Web site.
ePRINTit™ does not sell, rent or lease customer lists generated through the ePRINTit™ Web site to third parties. Documents sent to the ePRINTit™ service are automatically destroyed on a 8-day expiry/destruction cycle in their encrypted form and can never be disclosed.
If Customer orders Services via Reseller, Reseller may have Administrator access to Customer’s Account and Customer’s End User Accounts. As between ePRINTit™ and Customer, Customer is solely responsible for: (i) any access by Reseller to Customer’s Account or Customer’s End User Accounts; and (ii) defining in the Reseller Agreement any rights or obligations as between Reseller and Customer with respect to the Services. Resellers have no access to Customer documents, stored data, credit/debit card information and are only provided with such information required to monitor their sales and customer service obligations with end user Customers and Partners.
How can you access, edit or delete your information?
To access or edit your personal information relating to the software activation and licensing functionality currently offered by ePRINTit™, please edit your profile through the ePRINTit™ Web site. To delete your information please submit a written request by e-mail at the address provided above.
What kinds of security procedures are in place to protect against the loss, misuse or alteration of your information?
ePRINTit™ has security measures in place to attempt to protect against the loss, misuse and alteration of your user data under our control. ePRINTit™ attempts to keep such information in secure facilities, protected from unauthorized access and kept only as long as is reasonably required. Only persons who have a need to know your personal information for the purposes described in this Privacy Policy have access to the user data you choose to provide to us. ePRINTit™ has imposed strict rules on ePRINTit™ employees who have access to the databases that store user personal information or to the servers that host our services. While we cannot guarantee that loss, misuse or alteration to data will not occur; we make reasonable efforts to prevent such occurrences. ePRINTit™ is not liable for any use or disclosure of your personal information that is beyond our reasonable control.
ePRINTit™ takes the security of its Web site and the personal information supplied by customers, resellers and distributors very seriously. Unauthorized actions against the ePRINTit™ Web site will be investigated. ePRINTit™ reserves the right to take legal action against offenders.
ePRINTit™ Cloud Platform: Specific GDPR Privacy Policy
Obligations of ePRINTit™
ePRINTit™ agrees and warrants:
-
that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the Data Exporter is established) and does not violate the relevant provisions of that State
-
that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on ePRINTit™ behalf and in accordance with the applicable data protection law and the Clauses;
-
that ePRINTit™ will provide sufficient guarantees in respect of the technical and organisational security measures specified in its product specification sheets available at https://eprintit.com/resources/
-
that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation.
-
that it will ensure compliance with the security measures;
-
that, if the transfer involves special categories of data, the Data Subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
-
to make available to the Data Subjects upon request a copy of the Clauses, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
-
that, in the event of sub-processing, the processing activity is carried out by a Sub-processor providing at least the same level of protection for the personal data and the rights of Data Subject as the Data Importer under the Clauses; and
-
that it will ensure compliance with Clause (a) to (i).
Obligation after the termination of personal data processing services
-
The parties agree that on the termination of the provision of data processing services, ePRINTit™ and the Sub-processor shall, at the choice of the Data Subject, return all the personal data transferred and shall destroy all the personal data and certify to the Data Subject that it has done so, unless legislation imposed upon the ePRINTit™ and the Sub-processor prevents it from returning or destroying all or part of the personal data transferred. In that case, ePRINTit™ and the Sub-processor warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
-
ePRINTit™ and the Sub-processor warrant that upon request of the Data Subject and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
Processing operations
The personal data transferred will be subject to the following basic processing activities:
- Scope of Processing. The Clauses reflect the parties’ agreement with respect to the processing and transfer of personal data specified in this Appendix pursuant to the provision of the Services. Personal data may be processed only to comply with Instructions (as defined in the Data Processing and Security Terms).
- Term of Data Processing. Data processing will be for the period specified. Such period will automatically terminate upon the deletion by the End User Data Subject or automatically by ePRINTit™ as specified within the clients Mobile APP or Web Portal, of all data as described.
- Data Deletion. During the term of the Services Agreement, ePRINTit™ will provide its Partners with the ability to delete the Data Subjects personal data from the Services in accordance with the Services Agreement. After termination or expiry of the Services Agreement, the ePRINTit™ will delete the personal data in accordance with its Security Terms.
- Sub-processors. ePRINTit™ may engage Sub-processors to provide parts of the Services and TSS (as defined in the Services Agreement with Partner or Sub-Processors). ePRINTit™ will ensure Sub-processors only access and use ePRINTit™ personal data to provide the Services and TSS and not for any other purpose.
- Network Security.
-
-
Data Centers.
Infrastructure. ePRINTit™ maintains geographically distributed data centers in the Microsoft® Azure© Network. ePRINTit™ stores all production data in physically secure data centers in an encrypted form 256bit SHA2.
Redundancy. Infrastructure systems have been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. Dual circuits, switches, networks or other necessary devices help provide this redundancy. The Services are designed to allow ePRINTit™ to perform certain types of preventative and corrective maintenance without interruption.
Power. The data center electrical power systems are designed to be redundant and maintainable without impact to continuous operations, 24 hours a day, 7 days a week. In most cases, a primary as well as an alternate power source, each with equal capacity, is provided for critical infrastructure components in the Microsoft Azure© data center. Backup power is provided by various mechanisms such as uninterruptible power supplies (UPS) batteries, which supply consistently reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and out-of-tolerance frequency conditions. If utility power is interrupted, backup power is designed to provide transitory power to the data center, at full capacity, for up to 10 minutes until the diesel generator systems take over. The diesel generators are capable of automatically starting up within seconds to provide enough emergency electrical power to run the data center at full capacity typically for a period of days.
Server Operating Systems. ePRINTit™ servers use a Linux based implementation customized for the application environment. Data is stored using proprietary algorithms to augment data security and redundancy. ePRINTit™ employs a code review process to increase the security of the code used to provide the Services and enhance the security products in production environments.
Businesses Continuity. ePRINTit™ replicates data over multiple systems to help to protect against accidental destruction or loss. ePRINTit™ has designed and regularly plans and tests its business continuity planning/disaster recovery programs.
-
Networks and Transmission.
Data Transmission. Data centers are typically connected via high-speed private links to provide secure and fast data transfer between data centers. This is designed to prevent data from being read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media. ePRINTit™ transfers data via Internet Https:// or TLS 1.2 (Mobile) standard protocols.
External Attack Surface. ePRINTit™ employs multiple layers of network devices and intrusion detection to protect its external attack surface. ePRINTit™ considers potential attack vectors and incorporates appropriate purpose-built technologies into external facing systems.
Intrusion Detection. Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. ePRINTit™ intrusion detection involves:
- tightly controlling the size and make-up of the Data Importer’s attack surface through preventative measures;
- employing intelligent detection controls at data entry points; and
- employing technologies that automatically remedy certain dangerous situations.
Incident Response. ePRINTit™ monitors a variety of communication channels for security incidents, and The Data Importer’s security personnel will react promptly to known incidents.
Encryption Technologies. ePRINTit™ uses HTTPS encryption (also referred to as SSL or TLS connection). ePRINTit™ servers support 256bit SHA2 key exchange signed with RSA and ECDSA. These perfect forward secrecy (PFS) methods help protect traffic and minimize the impact of a compromised key, or a cryptographic breakthrough. SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA). They are built using the Merkle–Damgård structure, from a one-way compression function itself built using the Davies–Meyer structure from a (classified) specialized block cipher.
SHA-2 includes significant changes from its predecessor, SHA-1. The SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256
-
-
Access and Site Controls.
-
Site Controls.
On-site Data Center Security Operation. The Microsoft Azure© data centers maintain an on-site security operation responsible for all physical data center security functions 24 hours a day, 7 days a week. The on-site security operation personnel monitor closed circuit TV (CCTV) cameras and all alarm systems. On-site security operation personnel perform internal and external patrols of the data center regularly. More information on Microsoft Azure© Security can be found at https://docs.microsoft.com/en-us/azure/security/
Internal Data Access Processes and Policies – Access Policy. ePRINTit’s™ internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. ePRINTit™ designs its systems to: (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. The systems are designed to detect any inappropriate access. ePRINTit™ employs a centralized access management system to control personnel access to cloud production servers, and only provides access to a limited number of authorized personnel. LDAP, Kerberos and a proprietary system utilizing SSH certificates are designed to provide ePRINTit™ with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. ePRINTit™ requires the use of unique user IDs, strong passwords, two factor authentication at registration and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with ePRINTit™ internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength. For access to extremely sensitive information (e.g., credit card data), the Data Importer uses hardware tokens.
-
-
Data.
-
Data Storage, Isolation and Logging.
ePRINTit™ stores data in a multi-tenant environment on the Microsoft Azure© servers contracted by ePRINTit™. The data and file system architecture are replicated between multiple geographically dispersed data centers. ePRINTit™ also logically isolates the Data Exporter’s data, and the Data Exporter will be given control over specific data sharing policies.
-
-
Personnel Security.
ePRINTit™ personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. ePRINTit™ conducts reasonably appropriate backgrounds checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.
Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, ePRINTit™ confidentiality and privacy policies. Personnel are provided with security training. Personnel handling customer data are required to complete additional requirements appropriate to their role (eg., certifications). ePRINTit™ personnel will not process customer data without authorization.
-
Subprocessor Security.
Before onboarding Sub-processors, ePRINTit™ conducts an audit of the security and privacy practices of Sub-processors to ensure Sub-processors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once ePRINTit™ has assessed the risks presented by the Sub-processor, the Sub-processor is required to enter into appropriate security, confidentiality and privacy contract terms.
-
ePRINTit™ Cloud Data Protection Team.
ePRINTit™ Cloud Data Protection Team can be contacted at [email protected] (and/or via such other means as ePRINTit™ may provide from time to time). Subject line to include attention Cloud Data Protection.
-
ePRINTit™ Google Data Use.
ePRINTit™’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
* Mandatory requirements of the national legislation applicable to the data importer which do not go beyond what is necessary in a democratic society on the basis of one of the interests listed in Article 13(1) of Directive 95/46/EC, that is, if they constitute a necessary measure to safeguard national security, defence, public security, the prevention, investigation, detection and prosecution of criminal offences or of breaches of ethics for the regulated professions, an important economic or financial interest of the State or the protection of the data subject or the rights and freedoms of others, are not in contradiction with the standard contractual clauses. Some examples of such mandatory requirements which do not go beyond what is necessary in a democratic society are, inter alia, internationally recognised sanctions, tax-reporting requirements or anti-money-laundering reporting requirements.