Collectively, the Site and the services provided through the Site are referred to as the “Services”.
Evidencity is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
You may browse our Site without providing us with any personal data.
In order to register for an account on our Site and to use our Services, we require you to submit your personal data to us. When you register for an account on our Site and to use our Services, you are required to provide us with personal data such as your first name, last name, password, email address, phone number, business address, username, and password.
If you use our Services, you may place online orders. In conjunction with your use of the Services, we will collect information about your online orders and related public documents and information that you order. We store a record of the public documents you ordered in our databases but with no identification as to which individual requested such documents (e.g. they are identified by a numerical order number only). Thus, we collect the personal data in any record that you have ordered.
When you make a purchase through the Services, you will be required to submit a credit card or ACH information for billing purposes. Our third party payment processor will process your payment.
Providers, clients and the Evidencity case manager for an order may correspond with each other through the Services regarding the order. The Evidencity case manager monitors and approves such messages prior to any messages are viewed by the provider and/or client, as applicable. These messages are not publicly viewable through the Services. We will collect any personal data that you include in these messages. If you are a provider, the client receiving the message will view any personal data that you include in an approved message. If you are a client, the provider receiving the message will view any personal data that you include in an approved message.
If you contact us, we will collect any personal data that you include in your communications to us.
We use your personal data for the following purposes and rely on the following lawful bases to process your personal data:
• Where we need to perform the contract we are about to enter into or have entered into with you. For example, when you make a purchase through our Services, that’s a contract.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, when we send you notices about updates to our Services, when we collect public documents containing personal data for our customers and to carry out fraud screening.
• Where we need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance.
• Where we have your consent such as for certain cookies. Where our legal basis is consent, you have the right to withdraw consent any time.
Specifically, we use your personal data to:
• deliver you our Services and information, records, documents and reports you have requested
• provide you with support
• detect fraud, illegal activities or security breaches
• provide notices regarding items or services you have purchase or that you may wish to purchase and for targeted marketing
• verify your authority to enter certain password protected areas of the Services
• improve the content and general administration of our Services
If you are a user of our Services, we store a record of the public documents you ordered in our databases but with no identification as to which individual requested such documents (e.g. they are identified by a numerical order number only) and you may contact us in relation to a particular order by referring to the order number.
We use small text files called cookies to improve overall experience on the Site. A cookie is a piece of data stored on the user's hard drive containing information about the user. Cookies generally do not permit us to personally identify you. We generally use session cookies to authorize each request to use the Site and such cookies expire when you exit the Site.
Evidencity does not track users over time or over multiple websites. Evidencity does respond to browser do not track signals.
Evidencity recognizes the privacy interests of children and we encourage parents and guardians to take an active role in their children's online activities and interests. The Site and Services are not directed to children under the age of 16. Evidencity does not target its Services to children under 16. Evidencity does not knowingly collect personal data from children under the age of 16. If we learn that a child under the age of 16 provided us with personal data, we will delete that information. If your child has provided personal data, please contact us so we can delete it. If you are under the age of 16, please do not provide us with any personal data.
We provide your personal data and the data generated by cookies and the aggregate information as follows.
We provide your personal data to the vendors and service agencies that we engage to assist us in providing our services to you. For example, we may use a third party payment processor, to process payments for our Services. Such third party entities are obligated to use your personal data solely to provide the services to us.
We will not sell your personal data to any company or organization except we may transfer your personal data in conjunction with a transaction such as a financing or to a successor entity upon a merger, consolidation or other corporate reorganization in which Evidencity participates or to a purchaser of all or substantially all of Evidencity’ assets to which the Services relate or in the event of a bankruptcy or related or similar proceedings.
Evidencity’s accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Evidencity remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Evidencity proves that it is not responsible for the event giving rise to the damage.
We employ procedural and technological measures that are reasonably designed to help protect your personal data from loss, unauthorized access, disclosure, alteration or destruction. Evidencity uses secure socket layer, firewalls, password protection and other security measures and policies to help prevent unauthorized access to your personal data.
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers, such as payment data, generally for seven years after they stop being customers for tax purposes. Please note that we may retain information that is otherwise deleted in anonymized and aggregated form, in archived or backup copies as required pursuant to records retention obligations, or otherwise as required by law.
In some circumstances you can ask us to delete your data; see Updating and Deleting Personal Data and Your Rights below for further information.
Evidencity provides you with the ability to review, update and/or delete certain contact information that you provide to us by accessing your account. Your right to access your personal data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or when the rights of persons other than you would be violated by the provision of such access. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have. If you are located in the European Union, you have other rights as set forth in the Your Rights Section below.
If the General Data Protection Regulation applies to you because you are in the European Union, you have rights under data protection laws in relation to your personal data:
• The right of access – that’s a right to make what’s known as a ‘data subject access request’ for copy of the personal data we hold about you;
• The right to rectification – that’s a right to make us correct personal data about you that may be incomplete or inaccurate;
• The right to erasure – that’s also known as the ‘right to be forgotten’ where in certain circumstances you can ask us to delete the personal data we have about you (unless there’s an overriding legal reason we need to keep it);
• The right to restrict processing – that’s a right for you in certain circumstances to ask us to suspend processing personal data;
• The right to data portability – that’s a right for you to ask us for a copy of your personal data in a common format (for example, a .csv file);
• The right to object – that’s a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
• Rights in relation to automated decision making and profiling – that’s a right you have for us to be transparent about any profiling we do, or any automated decision making.
These rights are subject to certain rules around when you can exercise them.
If you wish to exercise any of the rights set out above, please contact us at email@example.com.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Evidencity has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. Finally, as a last resort and in limited situations, EU and Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
You also have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us in the first instance as set forth above.