Acronis Privacy Statement

Effective Date: May 24, 2018

This Acronis Privacy Statement (" Privacy Statement") describes how Acronis International GmbH and its affiliates (together, " Acronis" or " we") collects and processes your information.

We appreciate that you trust us when you provide us with your information. Protection of information is our top priority because we want to keep your trust.

We design all of our products and services with data protection in mind. We work hard to keep your information secure. We have teams dedicated to keeping your information safe and secure. We constantly update our security practices and invest in our security efforts to enhance your privacy.

Please read this Privacy Statement carefully. When you submit information to us, you consent to the processing of your information as described in this Privacy Statement. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY STATEMENT, THEN PLEASE DO NOT USE THE SERVICES.

1. WHO WE ARE

The data controller for the information you provide or that we collect on acronis.com and its subdomains is Acronis International GmbH, Rheinweg 9, 8200 Schaffhausen, Switzerland. For information transferred from the EU or Switzerland to the US, then Acronis, Inc., 1 Van de Graaff Drive #301, Burlington, Massachusetts 01803 USA is the data controller under Privacy Shield (described in Section 3 below).

2. WHERE THIS PRIVACY STATEMENT APPLIES

This Privacy Statement applies to use of public portions of acronis.com and registered users of Core Products ( https://www.acronis.com/personal/, https://www.acronis.com/business/) and Acronis Data Cloud ( https://www.acronis.com/cloud/) services (collectively, " Services"). If a particular part of the Services posts its own privacy policy (such as the Privacy Statement for the Acronis Customer Experience Program), then that policy -- not this Privacy Statement -- applies when inconsistent.

Our right to process information also is described in our agreements with our business customers (" Customer Agreements"). Acronis is contractually prohibited from accessing the personal data that customers store and otherwise process through Acronis’ products and services. If a provision of a Customer Agreement conflicts or otherwise is inconsistent with a provision of this Privacy Statement, then the term of the Customer Agreement will prevail to the extent of the conflict or inconsistency.

This Privacy Statement does not apply to information that is collected by any third-party website or service that you access through the Services.

In this Privacy Statement, to " process" information means to perform any operation on the information, whether or not by automated means, such as collection, recording, organizing, storing, adapting, use, disclosure, combining, erasing or destroying.

3. PRIVACY SHIELD & CROSS-BORDER DATA TRANSFERS

Sharing of information sometimes involves cross-border data transfers. We use lawful mechanisms to legitimize data transfers from the EEA to other countries, including the EU-US Privacy Shield Framework and Swiss-U.S. Privacy Shield Frameworks administered by the US Department of Commerce (together, " Privacy Shield"). If you are a resident of the European Union or Switzerland, please see our Privacy Shield Policy ( https://www.acronis.com/company/privacy-shield/) for information about our data protection practices for personal data that we receive from European Union member countries and Switzerland pursuant to their respective Privacy Shield frameworks.

4. CHANGES TO THIS PRIVACY STATEMENT

The Effective Date of this Privacy Statement is set forth at the top of this webpage. As we add new features to the Services, we may amend this Privacy Statement. If we make a material change to this Privacy Statement that reduces your privacy rights, we will notify you in advance through the Services. Your continued use of the Services after the Effective Date constitutes your acceptance of the amended Privacy Statement. The amended Privacy Statement supersedes all previous versions.

5. INFORMATION WE COLLECT

When you use the Services, we collect the information you give us when using the Services. This includes:

  • When you create an account, you provide us with at least a user name and password, business information, such as name, business name, business address, email address, business phone number and any other information that you provide us.
  • When you make a purchase, you provide us or the payment processor with payment information, such as your debit or credit card number.
  • When you participate in surveys or focus groups, you give us your insights into our products and services
  • If you contact our customer service team, we collect the information you give us during the interaction. Sometimes, we monitor or record these interactions for training purposes and to ensure a high quality of service.

Information we receive from others
We receive information about you from others, including our vendors, our Service Providers and Resellers and our other business partners. We also receive information about you from the third parties that help us operate the Services, such as for fraud detection, digital forensics, and similar functions.

Information collected when you use the Services
When you use the Services, we collect information about which features you use and how you use them and the computer, tablet or mobile telephone (" Device") that you use to access the Services (collectively, " Usage Data"), which includes:

  • Server Logs
    We collect information about your activity on the Services, such as features you use through our server logs. A server log is a list of the activities that a server performs. Acronis’ servers automatically collect and store in server logs your search queries, Internet Protocol (IP) address, browser type and language, time zones, the date and time of your request and referral URL and certain cookies that identify your browser or Acronis account.
  • Device information
    We collect information from and about the Device that you use to access the Services, including:
    • hardware and software information such as Device ID and type, Device-specific settings and characteristics, operating system, identifiers associated with cookies or other technologies that may uniquely identify your Device or browser; and
    • information on your wireless and mobile network connection, like your internet vendor and signal strength.

We may link personal data and Usage Data or different types of Usage Data. We also may link publically-available personal data, such as personal data available in public databases. If the linked information may identify an individual person, we treat it as personal data.

Information collected through Data Collection Technology
We use cookies, pixel tags (also known as web beacons, flash cookies, and clear GIFs) and similar technology (" Data Collection Technology") to automatically collect information about you when you use the Services. Please read below to learn more about how Acronis uses Data Collection Technology.

Other information with your consent
We collect other information when you give us permission at the time of collection, such as when you choose to participate in the Acronis Customer Experience Program (CEP).

6. COOKIES AND OTHER DATA COLLECTION TECHNOLOGY

Cookies are small text files that are sent to or accessed from your web browser or your computer's hard drive. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the "lifetime" of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier. A cookie also may contain information about your computer, such as user settings, browsing history and activities conducted while using the Services. A web beacon (also called a pixel tag or clear GIF) is a piece of computer code that enables us to monitor user activity and website traffic. To learn more about cookies and web beacons, visit www.allaboutcookies.org.

How We Use Data Collection Technology: Data Collection Technology helps us improve your experience of the Services by, for example, storing your website language preferences, so you do not have to select it each time you use the Services, compiling statistics about use of the Services, helping us analyze technical and navigational information about the Services, and detecting and preventing fraud.

The Services use the following cookies:

  • Strictly necessary cookies, which are required for the operation of the Services. Without them, for example, you would not be able to register or log in for the Services that we may offer.
  • Analytical/performance cookies, which allow us to recognize and count the number of visitors, to learn how visitors navigate the Services and to help us to improve the way Services function.
  • Functionality cookies, which are used to recognize you when you return to the Services.

We also use Google Analytics, which is a Google service that aggregates information about use of the Services and reports website trends. Google Analytics does not directly identify individual users.

Your Control of Cookies: Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your Device. You also may be able to reject Device identifiers by activating the appropriate setting on your Device. Although you are not required to accept cookies or mobile device identifiers, if you block or reject them, you may not have access to all features available through the Services.

Our Statement On Do Not Track Signals: Some web browsers (including Safari, Internet Explorer, Firefox, and Chrome) incorporate a "Do Not Track" ( "DNT") or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain personal data about the browser’s user. Not all browsers offer a DNT option, and DNT signals are not yet uniform. For this reason, many website operators, including Acronis, do not respond to DNT signals.

7. HOW WE PROCESS PERSONAL DATA

Acronis processes personal data:

  • To set up and maintain your account;
  • To communicate with you;
  • To prevent and investigate fraud and other misuses of the Services;
  • To protect our rights and property;
  • To operate, manage, secure and improve the Services;
  • To respond to your questions and to try to resolve problems with one of our products;
  • To complete transactions requested by you;
  • To improve the performance and reliability of our products and services using information collected through the Acronis Customer Experience Program (CEP); and
  • To help us improve our customer service.

Acronis processes Usage Data:

  • To analyze trends and statistically monitor how many people are using the Services;
  • To develop, improve and protect the Services;
  • For customer preferences research;
  • To audit and analyze the Services; and
  • To ensure the technical functionality and security of the Services.

To process your information as described above, we rely on the following legal bases:

  • Provide our service to you: Most of the time, the reason we process your information is to perform the contract that you have with us to use the Services.
  • Legitimate interests: We may use your information when we have legitimate interests to do so. For instance, we analyze users’ behavior on the Services to continuously improve our offerings, marketing our new products and features and process information for administrative, fraud detection and legal purposes.
  • Consent: From time to time, we may ask for your consent to use your information for certain specific reasons. You may withdraw your consent at any time by contacting us at using the contact information provided at the end of this Privacy Statement.

8. HOW WE SHARE INFORMATION

Acronis may share personal data collected through the Services as follows:

  • Vendors: We share information with our vendors that help us operate the Services, such as by providing customer service, helping us with marketing or testing our security measures. Acronis will ensure that any vendor with which we share personal data agrees to use commercially reasonable measures to safeguard it
  • Resellers: We share information with our resellers and other third parties that promote, resell and/or white-label the Services.
  • Corporate Transaction: We may share and transfer personal data if we are involved in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control by Acronis or any affiliated company (in each case, whether in whole or in part).
  • When Required by Law: Applicable law may require Acronis to disclose your personal data if: (i) reasonably necessary to comply with legal process (such as a court order, subpoena or search warrant), government investigation or other legal requirements or (ii) necessary for the prevention or detection of crime (subject in each case to applicable law).
  • Other Lawful Disclosures: We also share information if (i) disclosure would mitigate Acronis’ liability in an actual or threatened lawsuit; (ii) as necessary to protect legal rights of Acronis, users, customers, vendors, business partners or other interested parties; (iii) to pursue available remedies or limit the damages; (iv) to enforce our agreements; and (v) to respond to an emergency.

Acronis may aggregate information collected through the Services and remove identifiers so that the information no longer identifies or can be used to directly identify an individual (" Aggregated Information"). Acronis shares Aggregated Information with third parties and does not limit third parties' use of the Aggregated Information.

9. YOUR CHOICES ABOUT YOUR PERSONAL DATA

  • The right to know what personal data we hold about you: If you would like to know the personal data that Acronis maintains about you, please contact us in writing using the contact information below. If you are a registered user, you can review certain personal data that you provided to Acronis by logging in to your account. If you are not a registered user, Acronis may take reasonable steps to verify your identity before providing access to personal data.
  • The right to correct or delete personal data: The easiest way to correct or delete certain personal data that you have provided to the Services is to log in to your account and enter the necessary changes in your profile settings. If you have additional questions regarding the correction or deletion of the personal data we hold about you, please contact us using the contact information below. Please be reminded that we will review your request but may be restricted in our ability to change or delete your personal data. If the Services are made available to you by a corporate customer that is sponsoring your use of the Services, your eligibility to receive Incentives and Rewards from such parties, if any are offered, may be adversely affected by your election to remove personal data about you from the Services. You must contact the corporate customer directly for further information.
    We may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or privacy rights of a third party.
  • Accountability. In certain countries, including in the European Union, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we process your personal data.
  • Marketing Emails. If you do not wish to receive marketing-related emails from us, please click the unsubscribe link in one of our marketing emails or:

Notice to California Residents: California Civil Code Section 1798.83 permits individual California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please contact us at privacy@acronis.com

10. LINKS TO OTHER WEBSITES AND SERVICES

The Services may include links to third-party websites and services that are not operated by us. When you click these links, you will be directed away from the Services. A link to a third-party website or service does not mean that we endorse it or the quality or accuracy of information presented on it. If you decide to visit a third-party website or service, you are subject to its privacy practices and policies, not ours. This Privacy Statement does not apply to any personal data that you provide to these other websites and services.

11. PROTECTION & RETENTION OF PERSONAL DATA

We take precautions intended to help protect personal data that we collect and store. For example, we protect the information transmitted from your browser to the Services using Secure Sockets Layer (SSL) software or similar encryption technology. Any transmission is at your own risk. We expect that you will use appropriate security measures to protect your information.

We may suspend your use of all or part of the Services without notice if we suspect or detect any breach of security. If you believe that information you provided to us is no longer secure, please notify us immediately using the contact information provided below.

We keep your personal data only as long as we need it for legitimate business purposes and as permitted by applicable law. In practice, this means that we delete or anonymize your account after three (3) years of continuous inactivity unless we must keep it to comply with applicable law; because an issue, claim or dispute has not yet been resolved; or the information must be kept for our legitimate business interests, such as fraud prevention and enhancing users' safety and security. Please note that, although our systems are designed to carry out data deletion processes, we cannot promise that deletion will occur within a specific timeframe due to technical constraints.

12. CHILDREN’S PRIVACY

The Services are not directed to or intended for use by minors. Consistent with the requirements of the Children’s Online Privacy Protection Act, if we learn that we have received any information directly from a child under age 13 without his or her parent’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Services.

HOW TO CONTACT US

Please contact our Data Protection Officer at privacy@acronis.com.

Other versions:
Effective 20.05.2016