Updated July 2020
Cocoon Data recognizes that privacy is a basic and fundamental human right. Cocoon Data further recognizes the importance of privacy, security and data protection to all our customers and partners worldwide. As a global organization, with corporate entities, business processes and technical systems that cross international borders, we strive to provide protections across all our operations that exceed legal minimums and to deploy consistent, rigorous policies and procedures
Why this policy exists
This Privacy Statement applies to all Cocoon Data companies as well as Cocoon Data-owned websites, domains, services, applications, subscriptions and products, and those of our subsidiaries (collectively “Cocoon Data Services”). In most cases, Cocoon Data will be the Data Controller. In some cases, Cocoon Data will be the Data Processor.
OUR PRIVACY PRINCIPLES
We are committed to the following principles, which are based on internationally-recognized frameworks (including specifically the articles of the EU General Data Protection Regulation or GDPR and the Swiss Data Protection Act or DPA) and to principles of privacy and data protection including the:
Legal, fair and transparent
We process personal data in accordance with law and with transparency and fairness to you. Our data processing activities are conducted: 1) with your consent; 2) to fulfil our obligations to you; 3) for the legitimate purposes of operating our business, advancing innovation and providing a seamless customer experience; or 4) otherwise in accordance with law.
Notification and choice
We are transparent and provide clear notice and choice to you about the types of personal data collected and the purposes for which it is collected and processed. We will not use personal data for purposes that are incompatible with these Principles, our Privacy Statement as a whole, or specific notices associated with specific Cocoon Data Services.
We provide you with reasonable access along with the ability to review, correct, amend or delete the personal data you have shared with us.
Integrity and limits on use
We only use personal data for the purposes described at the time of collection or for additional compatible purposes in accordance with law and for the purposes of conducting legitimate business activities. We take reasonable steps to ensure that personal data is accurate, complete and current and we only collect personal data which is relevant and limited to what is necessary for the purposes for which it is collected. We will keep personal data for no longer than is necessary for the purposes for which it was collected and then we will securely delete or destroy it.
To protect personal data against unauthorized use or disclosure we implement strong information security controls in our own business operations, and we make use of our own solutions and products with high levels of data security protection.
Accountable for onward transfer
We acknowledge our potential liability for transfers of personal data among Cocoon Data entities or to third parties. Personal data will only be shared when third parties are obligated by contract to provide equivalent levels of protection.
Oversight and enforcement
We are committed to resolving any concerns regarding your personal data.
As a global company, it is possible that any information you provide may be transferred to or accessed by Cocoon Data entities worldwide in accordance with this Privacy Statement and based on the following International Privacy Program:
EU-US and Swiss-US Privacy Shield
In compliance with the Privacy Shield Principles, Cocoon Data commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact our DPO at email@example.com, or write to us at the address below:
Data Protection Officer
Cocoon Data Limited
Level 19, 2 Chifley Square
Sydney, NSW, 2000, Australia
The same process/mechanism applies for internal complaints and these can also be directed to our DPO.
Cocoon Data has further committed to cooperate with the panel established by the EU and Swiss Federal Data Protection and Information Commissioner (FDPIC), regarding unresolved Privacy Shield complaints concerning data transferred from the EU or Switzerland and to comply with the advice given by such authorities.
HOW WE USE DATA
We collect and use personal data to manage your relationship with Cocoon Data and to better serve you when you are using Cocoon Data Services by personalizing and improving your experience.
Examples of how we use data include:
Providing you with a seamless customer experience by maintaining accurate contact and registration data, delivering comprehensive customer support, offering products, services, subscriptions and features that may interest you and enabling you to participate in contests and surveys.
Assisting you in completing transactions and orders of our products or services, administering your account, processing payments, arranging shipments and deliveries.
Product support & improvement
Improving the performance and operation of our products, solutions, services and support, including warranty support and timely software updates and alerts to ensure the continued operation of the device or services.
Communicating with you about Cocoon Data Services. Examples of administrative communications may include responses to your inquiries or requests, warranty-related communications, communications required by law or applicable corporate updates related to mergers, acquisitions or divestitures.
Maintaining the integrity and security of our websites, products, features and services and preventing and detecting security threats, fraud or other criminal or malicious activity that might compromise your information. When you interact with us, we will also take reasonable steps to verify your identity, such as requiring a password and user ID, before granting access to your personal data. We may also maintain additional security measures, such as CCTV, to safeguard our physical locations.
Conducting ordinary business operations, verifying your identity, making credit decisions if you apply for credit, conducting business research and analytics, corporate reporting and management, staff training and quality assurance purposes (which may include monitoring or recording calls to our customer support).
Research & Innovation
Innovating new products, features and services using research and development tools and incorporating data analysis activities.
Advertising & Marketing
Providing promotional offers on Cocoon Data Services or contacting you to provide information on additional Cocoon Data Services that may be of use to you or your company.
Notwithstanding anything to the contrary in this Agreement, the customer hereby authorizes Cocoon Data to make public reference to their selection and ongoing use of SafeShare and the nature of the Services provided. The customer has the right to review and approve public references prior to them being published.
Compliance with law
Compliance with applicable laws, regulations, court orders, government and law enforcement requests, to operate our services and products properly and to protect ourselves, our users and our customers and to resolve any customer disputes.
We acknowledge that in certain circumstances we are subject to the regulatory ad investigatory and regulatory powers of regional regulators such as the US Federal Trade Commission (FTC), the EU member states Information Commissions or the Swiss equivalent, and that our policy and ethos is to comply with their governance.
WHAT DATA WE COLLECT
Personal data is any information that personally identifies you or from which you could be identified either directly or indirectly. We may collect your personal data through your use of Cocoon Data Services or interaction with employees of Cocoon Data.
The personal data we collect from you depends on the nature of your interaction with us or on the Cocoon Data Services you use, but may include the following:
Information you provide directly
Contact Data – We may collect personal and/or business contact information including your first name, last name, mailing address, telephone number, fax number, email address and other similar data.
Payment Data – We collect information necessary for processing payments and preventing fraud, including credit/debit card numbers, security code numbers and other related billing information.
Account Data – We collect information such as how you purchased or signed up for Cocoon Data Services, your transaction, billing and support history, the Cocoon Data Services you use and anything else relating to an account that you create or is created on the behalf of you or your company by our internal processing.
Location Data – We collect geolocation data when you enable location-based services or when you choose to provide location-related information or when interacting with our website.
Security Credentials Data– We collect user IDs, passwords, password hints, and similar security information required for authentication and access to Cocoon Data accounts.
Demographic Data – We collect, or obtain from third parties, certain demographic data including, for example, country, gender, age, preferred language, and general interest data.
Preferences – We collect information about your preferences and interests as they relate to Cocoon Data Services (both when you tell us what they are or when we deduce them from what we know about you) and how you prefer to receive communications from us.
Social Media Data – We may provide social media features that enable you to share information with your social networks and to interact with us on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites you use to make sure you understand the information that is collected, used, and shared by those sites.
Other Unique Identifying Information – Examples of other unique information that we collect from you include product licence numbers, information you provide when you interact in-person, online or by phone or mail with our support, help desks or other customer support channels, your responses to customer surveys or contests or additional information you have provided to us to facilitate delivery of Cocoon Data Services and to respond to your inquiries.
Information automatically collected about your use of our services
Product Usage Data – We collect product usage data such as document types stored, file access history including user and time, user log in history. We do not scan or collect the content of any file or information that might be read or displayed by an application.
Device Data – We collect information about your computer or other devices that is used to access Cocoon Data Services such as such as operating system, firmware, amount of memory, region, language, time zone, model number, device manufacture date, browser version, device manufacturer, connection port, unique device identifiers, advertising identifiers and additional technical information that varies by product.
Application Data – We collect information related to Cocoon Data services and applications such as location, language, software versions, data sharing choices and update details. In cases where we incorporate technologies from third parties, data may be shared between the third party and Cocoon Data, and an appropriate notice will be provided at the application level.
Performance Data – We collect performance metrics from the underlying infrastructure as well as application components, which allow us to ensure that our application/services provide a smooth user experience to all our customers. Data may be shared between Cocoon Data and any 3rdParty that Cocoon Data may use for such a monitoring service.
Website Browsing Data – We collect information about your visits to and your activity on our Cocoon Data websites, applications or websites “powered by” another company on our behalf including the content (and any ads) that you view and interact with, the address of the website from which you arrived and other clickstream behaviour (such as the pages you view or the links you have clicked). Some of this information is collected using Automatic Data Collection Tools which include, cookies, web beacons and embedded web links.
Anonymous or Aggregated Data – We collect anonymous answers to surveys or anonymous and aggregated information about how our Cocoon Data Services are used. During our operations, in certain cases, we apply a process of de-identification or pseudonymisation to your data to make it reasonably unlikely to identify you by use of that data with available technology.
Information from third-party sources
We collect data from the following third parties:
Data brokers, social media networks and advertising networks – Commercially-available data such as name, address, email address, preferences, interests, and certain demographic data. For example, personal data may be collected when you access our applications through social media or interact with Cocoon Data Services via social media platforms. The basic details we receive may depend on your social network account privacy settings.
Cocoon Data Resellers or Partners – If you purchase Cocoon Data Services from a channel partner, we may receive certain information about your purchase from that partner.
Fraud prevention or credit reporting agencies – Data collected to prevent fraud and in connection with company account credit determinations.
Analytics Providers – We also receive non-personal data, such as aggregated or de-identified demographic/profile data, from third-party sources such as companies that specialize in providing enterprise data, analytics and software as a service.
To provide certain Cocoon Data Services at a company level, your business contact data may be provided to Cocoon Data by a designated entity within your business or enterprise (such as a member of your IT department) or to an external Cocoon Data channel partner for the purposes of contact.
Where necessary, we may also use information provided by you or your employer, together with information from publicly-available and other online and offline sources, to conduct due diligence checks on business contacts as part of our anti-corruption compliance programs.
We also receive non-personal data, such as aggregated or de-identified demographic/profile data, from third-party sources such as companies that specialize in providing enterprise data, analytics and software as a service.
To ensure data accuracy and offer a superior customer experience by providing you with better personalized services, content, marketing and ads, in some cases we link or combine the information that we collect from the different sources outlined above with the information we collect directly from you. For example, we compare the geographic information acquired from commercial sources with the IP address collected by Automated Data Collection Tools to derive your general geographic area. Information may also be linked via a unique identifier such as a cookie, reference or account number.
Where necessary, we obtain information to conduct due diligence checks on business contacts as part of our anti-corruption compliance programs and in accordance with our legal obligations.
IF YOU CHOOSE NOT TO PROVIDE DATA
You are not required to share any personal data that we request, however, if you choose not to share the information, in some cases we will not be able to provide you with Cocoon Data Services, certain specialized features or be able to effectively respond to any queries you may have.
Cocoon Data does not knowingly collect information from children as defined by local law and does not target its websites, services, applications, software or mobile applications to children.
HOW WE KEEP YOUR DATA SECURE
To prevent loss, unauthorized access, use or disclosure and to ensure the appropriate use of your information, we utilize reasonable and appropriate physical, technical, and administrative procedures to safeguard the information we collect and process.
Cocoon Data retains data as required or permitted by law and only while the data continues to have a legitimate business purpose.
When collecting, transferring or storing sensitive information such as financial or commercial information we use a variety of additional security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure.
When we transmit highly-confidential information (such as credit card numbers or passwords) over the internet, we protect it using encryption, such as modern versions of the Transport Layer Security (“TLS”) protocol or other equally secure transport methods.
HOW WE SHARE DATA
We will only share your personal data as follows and, when applicable, only with the appropriate contractual obligations in place:
Sharing with service providers & partners
We engage service providers or Partners to manage or support certain aspects of our business operations on our behalf. These service providers or partners may be located in the EU, US or Australia, or in other global locations and may provide services such as credit card processing and fraud management services, customer support, sales pursuits on our behalf, order fulfilment, content personalization, advertising and marketing activities (including digital and personalized advertising), IT services, email service providers, data hosting, debt collection and management or support of Cocoon Data websites.
Our service providers and partners are required by contract to safeguard any personal data they receive from us and are prohibited from using the personal data for any purpose other than to perform the services as instructed by Cocoon Data.
We also take steps to provide adequate protection for any transfers of your personal data in accordance with applicable law such as signing EU or Swiss Standard Contractual Clauses with the service provider or partner, relying on their Privacy Shield certification, other approved codes of conduct or certification mechanisms or binding and enforceable commitments of the service provider.
Sharing other information with advertisers
We may also transfer information about you to advertising partners (including ad networks, ad-serving companies, and other service providers they may use) so that they may recognize your devices and deliver interest-based content and advertisements to you. The information may include your name, postal address, email, device ID, or other identifier in encrypted form. The providers may process the information in hashed or de-identified form. These providers may collect additional information from you, such as your IP address and information about your browser or operating system and may combine information about you with information from other companies in data sharing cooperatives in which we participate.
Circumstances may arise where, whether for strategic or other business reasons, Cocoon Data decides to sell, buy, merge or otherwise reorganize businesses. In such transactions, we may disclose or transfer your personal data to prospective or actual purchasers or receive personal data from sellers. Our practice is to seek appropriate protection for your personal data in these types of transactions.
COMPLIANCE WITH LAW
We may also share your personal data when we believe, in good faith, that we have an obligation to: (i) respond to duly authorized information requests of law enforcement agencies, regulators, courts and other public authorities, including to meet national security or other law enforcement requirements; (ii) comply with any law, regulation, subpoena, or court order; (iii) investigate and help prevent security threats, fraud or other criminal or malicious activity; (iv) enforce/protect the rights and properties of Cocoon Data or its subsidiaries; or (v) protect the rights or personal safety of Cocoon Data, our employees, and third parties on or using Cocoon Data property when allowed and in line with the requirements of applicable law.
HOW WE USE AUTOMATIC DATA COLLECTION TOOLS
You can find more information about Automatic Data Collection Tools at: www.allaboutcookies.org.
Online automatic data collection tools
When you visit any Cocoon Data website, it may store or retrieve information on your browser, mostly in the form of cookies, which are text files containing small amounts of information. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you.
Cocoon Data uses Automatic Data Collection Tools for the following reasons:
Strictly Necessary Tools: These are necessary for the website to function and cannot be switched off. Without these, the website or service you are requesting would be impossible to provide because we cannot enable appropriate content based on the type of device you are using. For example, this might be information such as the browser type to permit the correct rendering of sized graphical content for you to view properly during your visit to our site.
Performance and Analytics Tools: These tools collect aggregated, anonymous, statistical-type information to enable Cocoon Data to measure, optimize and improve the content, quality and performance of its websites.
We use our own and/or third-party Automatic Data Collection Tools to see how you use our websites and services to enhance their performance and develop them according to the preferences of our customers and visitors. For example, Automatic Data Collection Tools may be used to: test different designs and to ensure that we maintain a consistent look and feel across our websites; track and provide trend analysis on how our users interact with our websites and communications; track errors and measure the effectiveness of our promotional campaigns. We use Net-Results (run by Net-Results Inc.) & Google Analytics, (run by Google Inc.), for example, to track website visits, usage and activity.
The data collected will generally be aggregated to provide trends and usage patterns for business analysis, site/platform improvement and performance metrics. Our Automatic Data Collection Tools or the resulting analysis may be also shared with our business partners. The type of information we collect includes how many visitors visit our websites, how many customers log in, when they visited, for how long and which areas of our websites and services but is generally not used to identify you individually. We may also receive similar information about visitors to our partner websites.
Personalization Tools: These allow us to remember choices you make on our websites (such as your preferred language or the region you are in) and provide enhanced, more personalized features. These can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information collected may be anonymized and they cannot track your browsing activity on other websites.
Please note that the above is not an exhaustive list and may be updated by us from time to time.
If you are a registered user, the information collected from our websites is not anonymous and we may use this information along with other information we know or infer about you including your preferences to tailor content, services, advertising and offers for you.
Automatic Data Tools that are Strictly Necessary or used for Performance & Analytics or Personalization are set to expire after 364 days.
When you share information using a social media sharing button on Cocoon Data websites, the social network will record that you have done this. This information may be linked to targeting/advertising activities. The types of tools used by these third parties and how they use the information generated by them will be governed by those companies’ privacy policies.
Other automatic data collection tools
We may use Automatic Data Collection Tools such as web beacons, which are typically a transparent graphic image (usually 1-pixel x 1 pixel), to compile information about your interaction with email or other communications. A web beacon can be embedded in Cocoon Data subscription or marketing communications to determine whether our messages have been opened or acted upon and whether our mailing tools are working correctly.
CHOOSING YOUR PRIVACY SETTINGS
You can make or change your choices regarding Automatic Data Collection Tools, as well as receiving either subscription or general communications at the data collection point or by using other methods, which are described in the following sections.
These options do not apply to communications primarily for administering order completion, contracts, support, product safety warnings, driver updates, or other administrative and transactional notices where the primary purpose of these communications is not promotional in nature.
Marketing & subscription communications
Cocoon Data marketing communications provide information about products, services, and/or support and you can select how these communications are delivered – e.g., via postal mail, email, telephone, fax or mobile device. Marketing communications may include new product or services information, special offers, personalized content, targeted advertising or invitations to participate in market research or compliance reviews. Subscription communications include email newsletters, software updates, etc. that may be expressly requested by you or which you consented to receive.
You may opt out of receiving these general communications by using one of the following methods:
Select the email’s “Opt-out” or “Unsubscribe” link, or follow the instructions included in each email subscription communication.
To unsubscribe from messages delivered to mobile devices, reply to the message with the words “STOP” or “END.”
Contact our Data Protection Officer through the email address firstname.lastname@example.org. Be sure to provide your name, contact information, and specific relevant information about the Cocoon Data subscriptions or marketing that you no longer wish to receive.
Cocoon Data ads and offerings on third-party websites
Cocoon Data contracts with service providers to place ads on websites owned by third parties. Sometimes this will be achieved by sharing some personal data as described in the section on Third-Party Advertising Cookies and Social Media Cookies.
Automatic data collection tools (Online)
When you visit Cocoon Data sites, you have the option to accept or adjust what cookies you allow us to place on your browser. You can modify these settings at any time by visiting Security or Cookie Settings in your browser.
If you don’t want to allow cookies at all, please refer to your browser settings. Note that by disabling certain categories of cookies, you may be prevented from accessing some features of our sites or certain content or functionality may not be available. Certain browsers allow you to navigate websites in an incognito or private mode. Once the browser session is closed, typically all cookies collected during the session are automatically destroyed.
To opt out of being tracked by Google Analytics across our website visit tools.google.com/dlpage/gaoptout.
Even if you opt-out of Performance & Analytics tracking and Targeting, you might continue to see non-personalized advertisements from Cocoon Data via our partners without targeted placement.
If you are in the EU or Switzerland and would like to opt out of third party cookies relating to interest based advertising, please go to www.youronlinechoices.eu or http://www.youronlinechoices.com/ch-fr/.
Some newer web browsers incorporate “Do Not Track” features. Currently, no industry standard exists for handling “Do Not Track” requests, therefore at this time, our websites may not respond to “Do Not Track” requests or headers from these browsers.
Automatic data collection tools (Cocoon Data emails & marketing communication)
You can disable automatic data collection tools, such as web beacons, in email messages by not downloading images contained in messages you receive (this feature varies depending on the email software used on your personal computer).
However, doing this may not always disable Automatic Data Collection Tools in the email message due to specific email software capabilities. For more information about this, please refer to the information provided by your email software or service provider.
EXERCISING YOUR RIGHTS & CONTACTING US
You have the right to ask us for a copy of any personal data that you have provided to us or that we maintain about you and to request an explanation about the processing.
In addition, you have the right to withdraw any consent previously granted or to request correction, amendment, restriction, anonymization or deletion of your personal data; and to obtain the personal data you provide with your consent or in connection with a contract in a structured, machine readable format and to ask us to transfer this data to another data controller.
You also have the right to object to the processing of your personal data in some circumstances, when we are using your data for direct marketing or to create a marketing profile. In certain cases, these rights may be limited, for example if fulfilling your request would reveal personal data about another person or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests to keep.
In certain circumstances and dependent on the region in which you reside and whose legislation under which you are protected, you have the rights to seek redress through the documented processes of governmental or legislative bodies, up to and including, binding arbitration or legal action.
Data Protection Officer
Cocoon Data Limited
Level 19, 2 Chifley Square
Sydney, NSW, 2000, Australia
Our indicative service levels are that we will make all reasonable attempts to respond to your requests within:
- For copies of your personal data: 30 days
- For deletion of your personal data: 7 days
- For explanations and general inquiries: 30 days
- For complaints about misuse of personal data: 3 days
From receipt of a valid request.