Last updated: May 21, 2022
- UPDF websites;
- Desktop apps and mobile apps (both referred to as "apps") that include a reference to this policy; and
- UPDF's marketing, sales, and advertising practices.
The terms "us", "we", and "our" refer to UPDF , Our website (updf.com), the owner of this Website.
2. Collecting and Using Your Personal Data
2.1 Information We Collect
a. UPDF apps and websites
We collect information about how you use our apps and websites, including but not limited to launch data, feature usage, page clicks, sign-in information. Depending on the app or website, this information may be associated with your device or browser or it may be associated with your UPDF account. It includes:
- IP address;
- Type of browser and device;
- Webpage that led you to UPDF website;
- Search terms entered into a search engine which lead you to UPDF website;
- Use and navigation of websites and apps (collected through cookies and similar technologies, or by UPDF servers when you are logged in to the app or website.)
b. Registration and customer support
When you register to use a UPDF app or website, create UPDF account, or contact us for support or other offerings, UPDF collects information that identifies you. This includes:
- Email address;
- Content of customer support communications.
c. UPDF app activation and updates
When you activate your UPDF app or when you install updates to the app, we collect information about:
- Your device (manufacturer, model, IP address);
- The UPDF app (version, date of activation, successful and unsuccessful updates);
- Your sign-in account information (where this is required before you can start using your product).
d. UPDF online advertising
- Which ads are displayed;
- Which ads are clicked on; and
- Where the ad was displayed.
e. Buttons, tools, and content from other companies
f. UPDF sign-on services
You can sign in to some UPDF apps or websites using Apple mail, Gmail, or other emails. Where you give appropriate permissions, we will receive information about you from your apple mail or gmail account, such as name, location, and basic demographic information.
g. UPDF acting on your behalf
In certain instances, UPDF is acting only on your behalf for personal information collected and processed by our services (for example, for the address book contacts shared by users when entering recipient information). In such cases, UPDF is acting only on your instructions in order to facilitate the service requested by you, and you will be responsible for the information shared. In these instances, we will inform you through in-app notifications or other in-time communications.
2.2 Use of Personal Information
UPDF uses data provided through the use of our Sites, Software, and Services to provide services for which UPDF was engaged. The data may be used for a variety of functions, including:
- Provide, monitor, maintain and improve the Software, Site and Services
- Register for and enable access to the Software, Site and Services
- Purchase services and contact you in case a purchase request cannot be fulfilled
- Collaborate and share files with others you designate which involves the Site sending emails on your behalf
- Deliver services you request
- Provide audit data to you and others who you grant access to via document collaboration
- With your consent, personalize and customize the Site and Services by improving content, features, and/or advertisements based on your interests and preferences
- Send push notifications that update you on activities initiated within the Site and Services
- Send you related data (including confirmation of services requests and/or purchases)
- Provide customer support (comments, questions, and requests for support along with support responses)
- With your consent, provide data about services (newsletters, surveys, offers, promotions, contests, events, customer testimonials, case studies, and data about UPDF)
- Monitor and analyze trends in connection with the Site and Services for marketing and advertising purposes
- Investigate potential illegal activities (fraudulent transactions, unauthorized access, and/or other illegal activities)
- With your consent, link or combine with other data from 3rd Parties to understand your needs and preferences
- Diagnose unexpected issues that occur within the Site and Services
2.3 Sharing Personal Information
We may provide your personal data to companies that provide services to help us with our business activities, such as shipping your order or offering customer service. These companies are authorized to use your personal data only as necessary to provide these services to us. We may disclose personal data when the disclosure:
- is required by law; or
- has been consented to by you.
Other ways UPDF shares personal data are:
- Collaboration and Sharing: UPDF offers collaboration features built into the Site and Apps which allow you to share documents (read-only or full edit capabilities) with others you explicitly choose. Collaboration and sharing allows others to view the content of the document you choose to share in addition to the activity data pertaining to the shared document (views, edits, etc.). You can set permissions and revoke access through your UPDF account. If you share a document with another party, that party can download the document as long as they have access to it. Additionally, you may choose to create a public link and send that link to others. If you create a public link, anyone with that link can access in read-only mode and download it.
- Business Accounts: If you are an individual user and the domain of your e-mail address associated with your account is owned by your employer and that employer has established a UPDF Business account, the data concerning use of your individual account (including access to personal data, usage data and document content) are accessible to that organization.
We will take reasonable precautions to protect your personal data from loss, misuse or alteration. This includes both physical and technological security measures. We follow generally accepted industry standards (e.g. encryption at rest and in transit, access control policies, etc.) to protect the personal data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security and you agree that you submit data to us at your own risk. When you enter personal data on our order forms, we encrypt the transmission of that data using transport layer security (TLS).
2.5 Storage of Personal Information
As a matter of principle, we store personal data only as long as necessary to fulfill the contractual or legal obligations to which we have collected the data. Thereafter, we delete the data immediately, unless we need the data until the expiration of the statutory limitation period for evidence for civil claims or for statutory storage requirements.
For evidence, we must retain contract information for three years from the end of the year in which the business relationship ends with you. Any claims become statute-barred after the legal limitation period at the earliest.
Even after that, we sometimes have to save your data for accounting reasons. We are obliged to do so because of legal documentation obligations which may arise from legal obligations. The deadlines for storing documents are two to ten years.
2.6 Transfer Personal Information
Your information, including personal data that we collect from you, may be processed and transferred within and to the United States and other countries and territories which may have different privacy laws from your country of residence. UPDF is compliant with the EU General Data Protection Regulation (GDPR).
UPDF adheres to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, although UPDF does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of personal data in light of the judgment of the Court of Justice of the EU in Case C-311/18. Nor do we rely on the Swiss-U.S. Privacy Shield Framework in light of the policy paper of the Swiss Federal Data Protection and Information Commissioner of September 8, 2020. To learn more, visit the U.S. Department of Commerce's Privacy Shield website.
UPDF takes data privacy seriously and monitors the regulatory landscape with regards to data privacy. As new regulations evolve, UPDF will evaluate those regulations and, in good faith, evolve our Data Privacy procedures appropriately.
2.7 Withdrawal and Rights
You have the right to object to the processing of your personal data provided that there are reasons for this arising from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right of objection, which is implemented by us without specifying any particular situation.
You also have the right to revoke a consent once given to us at any time. As a result, we will not continue the data processing based on this consent for the future. By the revocation of the consent, the legality of the processing on the basis of the consent until the revocation is not affected.
If you would like to exercise your right to revocation or objection, please send an email to support[at]superace.com.
2.8 Your California Privacy Rights
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or "CCPA."
For more details about the personal information we have collected over the last 12 months, including the categories of sources, please see Section 2 above, titled "General collection, processing and use of personal data in the context of the use of the website," along with relevant other sections. We collect this information for the business and commercial purposes described above. We share this information with the categories of third parties described above (as such term is defined in the CCPA) the personal information we collect. We do not sell your personal information; and will not sell your personal information without providing you the ability to opt out. Please note that we do use third-party cookies for our advertising purposes as further described above.
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any "sales" of their personal information that may be occurring, and to not be discriminated against for exercising these rights.
UPDF has a range of privacy and security controls across its organizations to ensure compliance with the General Data Protection Regulation (GDPR), including, but not limited to:
- GDPR-compliant data protection agreements with all customers for whom UPDF Processes Personal Data;
- A PIA driven process to ensure that all products and services are built with Privacy By Design;
- An extensive, on-going training program for its employees, with data privacy and protection education upon hiring and then again at least on an annual basis;
- State-of-the-art technical and security measures, including data encryption at rest and in transit;
- Records of processing which include mapped storage and transfer of Personal Data throughout UPDF's product-lines;
- Appropriate access right limitations;
- Company-wide systems for protecting Data Subject rights, ensuring that individual access/portability/right-to-be-forgotten rights are respected; and
- Appointment of a Data Protection Officer.
Whenever UPDF transfers personal information beyond the country of origin, we will do so in accordance with applicable laws. In the context of its European operations, UPDF may transfer Personal Data abroad to other states in the European Economic Area or to third countries. With the decision by the Court of Justice of the European Union in the Schrems II case, UPDF has evaluated the data transfers necessary for its multinational operations. In light of Schrems II, UPDF will ensure that importers of any Personal Data offer an adequate level of protection, whether through an adequacy decision or appropriate safeguard under Article 46.
To the extent Personal Data processed by UPDF would be transferred to a country outside the EEA not deemed to ensure an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of Personal Data, UPDF has in place requirements relating to such international data transfers. For example, where data is transferred: (i) between UPDF affiliates, this is done pursuant to an agreement based on the EU's Data Export Contractual Clauses, and (ii) to third parties, UPDF uses standard contractual clauses designed to ensure those third parties respect the confidentiality of personal data and use it only in connection with provision of specific services and in compliance with applicable data privacy laws. The EU Standard Contractual Clauses can be viewed on the European Commission's website here. https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en(Open a new window). As per the guidance of the European Data Protection Board, UPDF has implemented programs to review such data transfers and to employ additional safeguards when appropriate for the data processing required by law and our customer contracts.
With respect to personal data received or transferred, UPDF and its U.S. Subsidiaries are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
By using our cookies, we want to optimize your experience on our website. These services are based on our aforementioned legitimate interests, which at the same time represents the legal basis for the data processing described here.
2.12 Use of Web Analytics and Additional Services
Web analytics and the other named services in this section are used for the continuous optimization of our website. The tracking provides a statistically record of the use of our website and to evaluate it for the purpose of optimizing our offer to you. From time to time, we employ data processing and collection services and tools to help us provide you with the best services available. Examples of at least some of the data collection and/or processing services are found in the corresponding list below. Note that the list may change from time to time and is provided solely as examples of how we collect data. The legal basis for the data processing described in the following section is our authorized interest in the needs-based design and continuous optimization of our website.
a. Google Analytics
For the purpose of the customized design and continuous improvement of our website we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.com) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; in following "Google"). In this context, pseudonymised usage profiles are created and cookies (see point 5) are used. Information generated by the cookies about your use of this website include:
- Browser type / version;
- Operating system;
- Referrer URL (the previously visited page);
- IP address of the accessing computer;
- Time of server request;
- Pages visited.
This information is transmitted to a Google server in the United States and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and tailor-made website design. This information may also be transferred to third parties if required by law or if third parties process this data in the order. The data accumulated in this context is transmitted by Google for evaluation to a server in the USA and stored there. In the event that personal data is transferred to the USA, Google is subjected to the EU-US Privacy Shield. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized, so that an assignment is not possible.
You can prevent the installation of cookies by setting the browser software accordingly; however, we point out that in this case not all features of this website may be fully exploited. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics. An opt-out cookie will be set which will prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must reset the opt-out cookie again. For more information about privacy related to Google Analytics, see the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en).
b. Google AdWords Conversion Tracking
To statistically record the use of our website and to optimize and evaluate it, this website also uses the Google Conversion Tracking tool (Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google")). Here, Google AdWords sets a cookie on your computer if you have reached our website via a Google advertisement. After 30 days these cookies lose their validity and are not used for personal identification. If the user visits certain pages of the website of the AdWords customer and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.
This website also uses web analytics software from Hotjar Ltd. (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta) to collect statistical information about the use of our web site. With the help of this tool, visitor information is collected and transmitted to Hotjar servers. The technology enables the activities of the user to be collected while visiting our website, to analyze and visualize. For example, we can use a "heat map" to identify which areas of our website are the most visited and clicked. For this are appropriate Cookies sent to Hotjar. Hotjar Ltd. may impose data collection and storage on certain browser settings. Hotjar's data collection may be disabled by any opt-out on any of our or other websites operated using Hotjar. Further explanations as well as a function to explain your opt-out can be found on the opt-out page of Hotjar. In addition, Hotjar supports the so-called Do-Not-Track function of your browser. If you enable it in your browser, Hotjar will not collect any data. Instructions for the various browsers can be found on the Hotjar website.
For further information regarding Hotjar, visit https://www.hotjar.com/legal/compliance/gdpr-commitment as well as https://www.hotjar.com/privacy.
2.13 Advertising,Promotional and Newsletters
Generally. We may use other companies to serve third-party advertisements when you visit and use the Services. These companies may collect and use click stream information, browser type, time and date, subject of advertisements clicked or scrolled over during your visits to the Services and other websites in order to provide advertisements about goods and services likely to be of interest to you. These companies typically use tracking technologies to collect this information. Other companies' use of their tracking technologies is subject to their own privacy policies.
Targeted Advertising. In order to serve offers and advertisements that may interest you, we may display targeted advertisements on the Services, or other digital properties or applications in conjunction with our content based on information provided to us by our users and information provided to us by third parties that they have independently collected. We do not provide personal data to advertisers when you interact with an advertisement.
Your Ad Choices. Some of the third-party service providers and/or Advertisers may be members of the Network European Interactive Digital Advertising Alliance ("EDAA") Self-Regulatory Program for Online Behavioral Advertising. To learn more, visit http://www.edaa.eu/edaa-for-users which provides information regarding targeted advertising and the "opt-out" procedures of EDAA members.
Mobile. We may, from time to time, offer certain location or pinpoint based services, such as location assisted navigation instruction. If you elect to use such location-based services, we must periodically receive your location in order to provide such location-based services to you. By using the location-based services, you authorize us to: (i) locate your hardware; (ii) record, compile and display your location; and (iii) publish your location to third parties designated by you by means of location publication controls available within the applications (for example, settings, user preferences). As part of the location-based services, we may also collect and store certain information about the users who elect to use such location-based services, such as a device ID. This information will be used to provide you the location-based services. We may use third-party providers to help provide location-based services through mobile systems and we may give the information to such providers to enable them to provide their location-based services, provided that such providers use the information in accordance with this Policy.
b. Promotional and Newsletters
We provide you the opportunity to consent to having your personal data used for certain purposes when we ask for this data. We will also give you the opportunity to 'opt-out' at any time. For example, if you purchase a product/service but do not wish to receive any additional marketing material from us, you can initially choose not to accept direct marketing from us, and at a later stage provide consent.
If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by following the instructions included in each newsletter.
3. Children's Privacy
We do not knowingly collect personal data from children under the age of 16. By using the Site, Software, and/or Services, the user asserts they are over 16 years of age. If we become aware that we have inadvertently received personal data from a child under the age of 16, we will delete such data from our records.
5. Contact Us
If you have any questions or comments, or if you have a concern about the way in which we have handled any privacy matter, please send an email to support[at]superace.com.