Privacy Notice

When you visit or use the Site and/or Services, we collect and retain information that you, as a customer or potential customer, provide through the Site or Services, as well as information that is automatically or passively collected from you, your device, or your browser.

Information You Provide to Us

We collect information that you provide directly to us. For example, when you manage your user profile, participate in interactive features (such as “Contact Us for Your ECM needs”, request newsletters or other marketing communications, request customer support, enter login information, or otherwise communicate with us.

The types of information we may collect include:

• Contact and profile information, including your name, email address, company information, postal address (including zip or postal code), and telephone number.
• Account and log-in information, including your username, password, login details, and transaction details.
• Billing information, including your payment instrument number (e.g., credit card or debit card number), expiration date, security code as necessary to process any payments, and transaction details (if applicable).
• Correspondence, for example, reporting a problem or submitting queries, concerns or comments regarding the Site, Services, or their respective content.
• Precise geolocation data, such as latitude/longitude. With your consent, we may get access to precise location technologies on your device (such as GPS or Bluetooth) and collect precise location data. We use precise location data for purposes of labeling where you were when you saved the file to track the file’s location.
• Any other content or information you choose to provide, including photos you may upload to the Site or Services.

Information We May Collect Automatically

We automatically collect information about your device and how your device interacts with our Site and the Services for business and commercial purposes. We may use service providers to collect this information. Some examples of information we automatically collect include the following:

• Information about your visits to the Site and use of the Services, the resources you access, any data you download, and information related to the ways in which you interact with the Site or the Services.
• IP addresses, including the general information in such address, such as city, state and zip or postal code, your device’s regional settings, unique device identifiers, other information about your mobile phone or other mobile device(s), browser types, and browser language.
• Referral pages and links, URLs, number of clicks, pages viewed, how long you are on a page, your search queries, and results.
• Information about your device, computer and/or browser you use, as well as the device’s operating system, such as device hardware model, operating system version, or mobile network information.
• Non-precise location data, including your device’s location derived from an IP address or data that indicates a city or zip or postal code.

We use various technologies to collect this information (“Tracking Technologies”), as further discussed below under the
“Cookies, Other Tracking Technologies, Interest-Based Advertising, And Choices Regarding the Same” heading.

Information We Collect from Customers

We provide products and services to our customers and collect and process information about individuals (including personal information) (including through Tracking Technologies) at the direction of and on behalf of our customers (“Customer Data“). Customer Data has historically included contact data, demographic data, content, service use data, device connectivity and configuration data, and precise and non-precise location data, among other information. Our processing of Customer Data is governed by the terms of our Cloud Subscription Agreement with each customer. To the extent we combine Customer Data with information (including personal information) we have collected about you through the Site, we will treat the combined information in accordance with the practices described in this Notice, plus any additional restrictions imposed by our customers. We are not responsible for how our customers treat the information we collect on their behalf as a processor or service provider. With respect to our customer’s use and disclosure of your personal information, we recommend you review the applicable customer’s own privacy notice. For more information on your rights and choices regarding your personal information comprised in Customer Data, please see the “Your Privacy Rights” heading below.

Information We Collect From Other Sources

We may obtain information from other third-party sources that we combine with your personal information collected through the Site. These third-party sources vary over time, but include:

• Data brokers from which we purchase demographic data to supplement the data we collect.
• Social networks when you reference our Service or grant permission to Laserfiche to access your data on one or more of these social networks.
• Partners with which we offer co-branded services, sell or distribute our products, or engage in joint marketing activities.
• Publicly available sources, such as open government databases or other data in the public domain.

For example, if you log into a social media website through our Site, we may have access to certain information from that website, in accordance with the procedures and practices of that social media website. You should carefully review the privacy notices and terms of use of these third parties.

Information We Infer

We infer information from other information we collect, including to generate information about your likely preferences or other characteristics.

Sensitive Information

Some of the personal information we collect may be considered sensitive under applicable law. See additional disclosures in your region for details.

Use of Information Collected

Laserfiche collects and uses the personal information you provide in connection with our Site and Services for a variety of purposes, in accordance with the practices described in this Notice, which may include:

• Providing our Services to you: We use your information to operate and manage our Site and Services, including your registration process and user account.
• Improving and developing our Services and Site: We may use your information to understand how you use our products, Services, and Site, and how we can improve them, and to obtain insight and analysis. For example, the information collected may assist with customer service improvements and technical improvements to our products.
• Providing customer and user support: We may use your information to troubleshoot and diagnose product problems, provide support or technical assistance, investigate security incidents, and to perform services requested by you, such as to respond to your comments, questions, and requests.
• Sending marketing communications: Depending on your marketing choices (see the Your Privacy Rights heading and the “Cookies, Other Tracking Technologies, Interest-Based Advertising, And Choices Regarding the Same” headings below), we may use your information to keep you informed about Laserfiche and our software and Services and promote certain Services and features that you may be interested in, such as communications about third-party products, updates, special offers, promotions, rewards, and events. We may also contact you for market research and to survey your satisfaction with Laserfiche software and Services, encourage you to participate in our user groups, and invite you to events that may be of interest, including trainings, webinars, and conferences.
• Sending administrative communications: We may use your information to send you technical notices, updates, security alerts, information regarding changes to our policies, and other support and administrative messages regarding your account with us.
• Securing Our Services: We may use your information for maintaining the safety and security of our Services, investigating suspicious activity, detecting, and preventing fraudulent or unauthorized use of the Services, and identifying and troubleshooting any problem.
• Complying with our legal obligations: We may process your information in order to cooperate with public and government authorities, courts, or regulators, including to comply with legal orders or judicial proceedings, or to respond to lawful requests and otherwise comply with our legal, regulatory and reporting obligations under applicable laws. Additionally, we may process your information, to protect, defend or exercise our legal rights and to ensure the continuity and integrity of our Services, including where we seek to pursue remedies available to us and or in order to limit damages. We will make reasonable efforts to notify our customers and users of any disclosure of their personal information, unless we are prohibited by law, court order, or exigent circumstances prevent us from doing so.
• Statistics and analysis: We may aggregate and/or de-identify your information in such a way as to prevent the information from being reassociated or identified with an account, user, or individual. We may use aggregated and/or de-identified information for a variety of statistical and analytical purposes, which may entail providing this information to an agent acting on Laserfiche’s behalf to assist in data analytics.

We also use your personal information for the following purposes:

• Serve personalized advertising tailored to your interests on our Site and/or Service, and third-party Services (where applicable), to the extent it is necessary for our legitimate interest in advertising our Site and Services, or where necessary, to the extent you have provided your prior consent.
• Fulfill any purpose at your direction.
• With your consent, fulfill any other purpose disclosed to you.

For more information about how we use and disclose your personal information for personalized advertising, please see the
“Cookies, Other Tracking Technologies, Interest-Based Advertising, And Choices Regarding the Same” heading below.

We may use publicly available information (as that term is defined by applicable law) or information that does not identify you (including information that has been de-identified or aggregated, as those terms are defined by applicable law), for any purpose without obligation to you except as prohibited by applicable law.

Disclosure of Information Collected

Laserfiche will disclose personal information we have collected about you in accordance with the practices described in this Notice. The types of persons to whom we may disclose your personal information include, but are not limited to, the following:

Disclosing to Service Providers

We will occasionally hire service providers or contract with third-party consultants to provide limited services on our behalf. Laserfiche will only provide those service providers and other third-party consultants your personal information as reasonably needed to deliver services, and, to the extent required by applicable law. Laserfiche service providers and third-party consultants are prohibited from using that information for any other purpose. We may permit these service providers or third-party consultants to use publicly available information (as that term is defined by applicable law) or information that does not identify you (including information that has been de-identified or aggregated, as those terms are defined by applicable law) to the extent permitted by applicable law.

Disclosing to Others

We also disclose personal information about you to the following categories of recipients:

• Affiliates: We may disclose your information to our affiliated and related entities including our subsidiaries. For example, we may disclose your information to our affiliates for customer support, marketing, and technical operations.
• Customers: We may disclose your information to our customers in connection with us processing your information on their behalf. For example, we may disclose your information to our customers in order to facilitate your orders, maintain and administer your online accounts, respond to your questions and comments, comply with your requests, market, and advertise to you, and otherwise comply with applicable law.
• Business Partners: We may disclose your information to our business partners in connection with offering you co-branded services, selling, or distributing our products, or engaging in joint marketing activities. For example, we may disclose information about you to a retailer for purposes of providing you with product support. We may also disclose your information to approved third parties for marketing purposes; this may include our authorized resellers, user group training partners, and cloud solution providers.
• Promotions:Our promotions may be jointly sponsored or offered by third parties. If you voluntarily choose to enter a promotion, we may disclose your information to third parties as set forth in the official rules that govern the promotion as well as for administrative purposes and as required by law (e.g., on a winners list). By entering any such promotion, you agree to the official rules that govern that promotion, and may, except where prohibited by applicable law, allow the sponsor and/or other third parties to use your name, voice and/or likeness in advertising or marketing materials.
• User Group, Training, and Events: Our events may be jointly sponsored or offered by third parties. If you voluntarily sign-up for an event through Laserfiche, we may disclose your contact details or information that you provide to the sponsor, facility, or any other organization who we schedule you to meet with at that event in order to fulfill your event registration and/or inform you of future events organized by the sponsor, which we believe you may be interested in.
• Tracking Technologies: Some information about your use of the Site and Services and certain third-party services may be collected using Tracking Technologies across time and Services and used by us and third parties for business and/or commercial purposes such as to associate different devices you use, and deliver relevant ads and/or other content to you on the Site, Services, and certain third-party services, as explained further under the “Cookies, Other Tracking Technologies, Interest-Based Advertising, And Choices Regarding the Same” heading.
• Third Parties: We may disclose your information to third parties for the purposes of facilitating your requests (such as when you choose to disclose information with a social network about your activities on the Site or Services) and in connection with tailoring advertisements, measuring, and improving our Service and advertising effectiveness, and enabling other enhancements, subject to your preferences (where applicable).
• Consent or another lawful purpose: We may disclose your information for any other lawful purpose and/or with notice to you and with your consent.

We will disclose your personal information to respond to duly authorized requests from governmental authorities as required by law, or in circumstances in which we believe disclosure is necessary or reasonably appropriate to protect the rights, property, or safety of us or others. Please note that Laserfiche is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Laserfiche also discloses your personal information when: (a) we are required to do so by law, regulation, warrant, subpoena or court order, (b) we are required in urgent circumstances to protect the personal safety of Laserfiche employees, users of Laserfiche products or services, or members of the public, (c) it is necessary to enforce our Terms of Use, or to exercise, establish or defend our legal rights (including contractual rights), or (d) such disclosure may be part of a sale of all (or substantially all) of the assets of Laserfiche or an affiliated entity where Customer Data might be included among the transferred assets.

Disclosing to third party websites

Some of the hyperlinks on our Site may lead to third-party services that are not controlled by or affiliated with Laserfiche. These links are provided solely as a convenience to you and not as an endorsement by Laserfiche of the content on such third-party services. Third-party services are subject to the terms of use and privacy notices of each applicable third-party entity, including what information they disclose to us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. For example, Office Online is a Microsoft service and use of Office Online is subject to Microsoft’s terms of use and privacy notice. Laserfiche is not responsible for and does not endorse, guarantee or monitor the content, availability, viewpoints, products or services that are offered or expressed through any third-party services and does not make any representations or warranties regarding the content or accuracy of any content on these third-party websites, including third-party privacy policies. We encourage you to familiarize yourself with and consult each applicable third-party entity’s terms of use and privacy policies.

Without limiting the foregoing, in our sole discretion, we may disclose aggregated information which does not identify you or de-identified information (as those terms are defined under applicable law) about you with third parties or affiliates for any legitimate business purpose or with your consent, except as prohibited by applicable law.

Do-Not-Track (“DNT”) is a preference that can be set in your browser to notify websites you visit that you do not want them to collect certain information about you. Laserfiche does not respond to DNT signals at this time and will not do so unless and until the law is interpreted to require such response. As discussed in this Notice, we and third parties may track your visits to our Site or use of our Services for purposes such as to provide Interest-based Advertising. To the extent you have specific rights in your region with respect to certain preference signals, such as Global Privacy Control, please see your region-specific terms for details.

Please see our Cookie Statement for more information about how we use cookies and similar tracking technologies. In addition to the technologies listed in our Cookie Statement, we use the following to collect information:

• Pixels/Web Beacons: Pixels or web beacons are code which is embedded in our Site or Services that send information about your use to a server. There are various types of pixels/web beacons, including image pixels (e.g., small graphic images) and JavaScript pixels (e.g., containing JavaScript code). When you access a Service that contains a pixel, the pixel may permit us or a separate entity to drop or read cookies on your browser or collect other information about your visit to our Site or use of our Services. We utilize pixels (some of which are provided by separate entities) that allow us to track our conversions with you, bring you advertising, and provide you with additional functionality with our Site or Services.
• Device Fingerprinting: Device fingerprinting is the process of analyzing and combining sets of information elements from your device’s browser, such as JavaScript objects and installed fonts, in order to create a “fingerprint” of your device and uniquely identify your device and apps.
• Precise Geolocation Data: Precise location data includes latitude and longitude and is used for purposes of labeling where you were when you saved the file to track the file’s location. You can stop collection of precise location data through your browser or device settings or by uninstalling the app.

As discussed in our Cookie Statement, we also work with ad serving services, advertisers, and other third parties to serve advertisements on the Site, Services, and/or on third-party services. These third parties may use Tracking Technologies on our Sites, Services, and third-party services (including in emails and advertisements) to track your activities across time and services for purposes of associating the different devices you use and delivering relevant ads and/or other content to you on the Site, Services, and third-party services or third-party devices after you have left the services (“Interest-based Advertising”).

Some of the third parties that collect information from or about you on the Site or Services in order to provide more relevant advertising to you participate in the Digital Advertising Alliance (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. This program offers a centralized location where users can make choices about the use of their information for online behavioral advertising. To learn more about the DAA and your opt-out options for their members, please visit (i) for website opt-out, https://youradchoices.com; and (ii) for mobile app opt-out, https://youradchoices.com/. In addition, some of these third parties may be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt-out options for their members, please visit https://www.networkadvertising.org/choices/. Please note that if you opt-out of online behavioral advertising using any of these methods, the opt-out will only apply to the specific browser or device from which you opt-out. Further, opting-out only means that the selected members should no longer deliver certain Interest-based Advertising to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). We are not responsible for the effectiveness of, or compliance with, any third parties’ opt-out options or programs or the accuracy of their statements regarding their programs, content, or services.

Most browsers accept cookies by default. You may instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.

Please be aware that if you disable or remove Tracking Technologies some parts of the Services may not function correctly.

For further information about the types of Tracking Technologies we use, why, and how you can control such Tracking Technologies, please see our Cookie Statement.

Portions of our Site or Services may allow you to post information that is publicly available to anyone who may have access to that area (e.g., a “bulletin board”, “community forum”, or interactive “chat room”) (“Public Areas”). Laserfiche is not responsible for the content users post and share in, or through, Public Areas.  If you choose to post information in a Public Area, it becomes available to the public, and Laserfiche has no ability to control or limit the use of information that is available to the public. Laserfiche and its affiliates may utilize any information you post through Public Areas, including in connection with the operation of its business. Laserfiche encourages you not to post any information you consider private or sensitive to, or through, Public Areas. To request removal of your information from Public Areas, please contact us using the contact details provided under the “Contact Us” heading below. In some cases, we may not be able to remove your information, in which case we will let you know if we are unable to and why.

You may have certain rights relating to your personal information, subject to local data protection laws. Depending on the applicable laws these rights may include the right to:

• Access or receive a copy of your personal information held by us;
• Know more about how we process your personal information;
• Rectify inaccurate personal information and, taking into account the purpose of processing the personal information, ensure it is complete;
• Erase or delete your personal information (or right to be forgotten);
• Right to data portability;

Restrict our processing of your personal information.  In some jurisdictions, this right is available where one of the following applies: (a) the accuracy of the personal information is contested, (b) the processing is unlawful, and you oppose the erasure of the personal information and request the restriction of its use instead, (c) Laserfiche no longer needs the personal information for the purposes of processing but is required to keep it for the establishment, exercise, or defense of legal claims, or (d) if you have objected to our processing of your personal information and we are verifying whether you have legitimate ground for such objection;

• Transfer your personal information to another controller or business, to the extent possible;
• Object to any processing of your personal information;
• Complain about our processing of your personal information, including to a data protection authority;
• Opt-out of certain disclosures of your personal information to third parties;
• Know what categories of personal information are shared for delivering advertisements on non-Laserfiche websites, applications, and services and the categories of recipients of such personal information;
• Opt-out of the sharing of your personal information for delivering advertisements on non-Laserfiche websites, applications, and services;
• Withdraw your consent at any time (to the extent we base processing on consent), without affecting the lawfulness of the processing based on such consent before its withdrawal;
• Where we are processing your personal information on the basis of your consent or pursuant to the performance of a contract with you and such processing is carried out by automated means, you may request to receive your personal information in a commonly used, machine readable format (or have that information transmitted to a third party where technically feasible); and
• Not be discriminated against for exercising your rights as described above.

Where we process your personal information for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection.

You may also have additional rights based upon your jurisdiction.

How to exercise your rights

To exercise your rights, as may be applicable for your jurisdiction, please contact us by using our online form available here. Your personal information may be processed in responding to these rights. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 business days and try to respond to your request within 45 days. We may require specific information from you to help us verify your identity and process your request. If you are an employee of a Laserfiche client, we recommend you contact your employer’s system administrator for assistance in correcting or updating your information.

Your rights relating to Laserfiche Cloud “Customer Data”

As described above, we may also process personal information included in Laserfiche Cloud “Customer Data” which is uploaded by a Laserfiche client in which case, we process such personal information as a processor on behalf of our client (and its affiliates) who is the controller of the personal information. If your personal information has been submitted to us in our role as a processor by or on behalf of a Laserfiche client and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable Laserfiche client directly. Because we may only access a client’s data upon their instructions, if you wish to make your request directly to us, please provide us the name of the Laserfiche client who submitted your personal information to us. We will refer your request to that client, and will reasonably support them as needed in responding to your request.

• If you supply Laserfiche with your postal address online, you may receive periodic mailings from us with information on new products and Services, or upcoming events.
• If you supply us with your telephone number online, you may receive telephone calls from us with information regarding orders and/or requests you have placed online – such as a software demonstration request or general business inquiry.
• If you supply us with your email address, then in accordance with your marketing choices, you may receive email messages for marketing purposes, such as providing information on new products and Services, or upcoming events. We may track when you open our email messages or click on the links contained within them.

You have the right to opt-out of marketing communications from us at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you, or by emailing us at the email address set forth in the section entitled “Contact Us” below with the word UNSUBSCRIBE in the subject field of your email. Please note this opt-out will not apply to non-promotional emails, such as those about your account, transactions, servicing, or Laserfiche’s ongoing business relations.

You can also opt out of receiving calls to your phone number at any time by requesting to opt-out during any call you receive from us or contacting us as set out in the “Contact Us” heading below and specifying you would like to opt-out of calls.

To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details under the “Contact Us” heading below.

Please note that by opting in to allow Laserfiche and its event sponsors/industry partners to receive your contact information through an event in accordance with this Notice, you will be subject to each event sponsor/industry partner’s communications and privacy notice and must opt-out with them directly.

We have implemented and maintain reasonable industry standard controls, intrusion detection network monitoring, and reasonable security measures designed to protect the personal information that you submit through the Services and Site (subject to our disclosure regarding Public Areas). These measures include physical access controls, access authorization controls, and firewalls. We also periodically review our information collection, storage, and processing practices to help prevent loss, misuse, unauthorized access, alteration, or other destruction of personal information we collect. When accessing secure sections of the Site, we use Transport Layer Security (TLS) encryption to secure the communication of personal information passing between your browser and our servers. Additionally, only authorized administrators, Laserfiche employees and third-party contractors have access to systems containing personal information.

Although we take reasonable security measures to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Site. The transmission of information via the internet is never 100% secure, and we cannot ensure or warrant the security of any information (including personal information) you transmit to us. We are not responsible for circumvention of any privacy settings or security measures contained on the Site.

The safety and security of your information (including personal information) also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of the Site, products, or Services, you are responsible for keeping this password confidential. Please do not share your password with anyone.

Laserfiche is headquartered in the United States. Data centers for Laserfiche Cloud Services are located in the United States, Canada, and Ireland, respectively. Operationally, we have on-premises computer facilities in the United States, Canada, Hong Kong and other regions. Our affiliated subsidiaries, third-party service providers, and partners operate around the world. This means that when we collect your personal information, we may process it in any of these jurisdictions. The laws governing our processing of personal information in such jurisdictions may differ from those in the jurisdictions in which you are located. Regardless of where your personal information is processed, we will treat all personal information in accordance with applicable data protection laws and this Notice.

If you are located in the EEA, United Kingdom or Switzerland, we will protect your personal information when it is transferred outside of such locations by processing it in a country that provides an adequate level of protection (click here for a list of countries deemed adequate by the European Commission) or by implementing appropriate safeguards to protect your personal information, including through the use of standard contractual clauses or another lawful transfer mechanisms approved by the European Commission and/or the United Kingdom or Swiss authorities (as applicable). For more information about the lawful transfer mechanisms we rely on, please contact us using the contact details under “How to Contact Us” within the “European Economic Area, Switzerland, and United Kingdom” section below.

Laserfiche complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK Data Bridge“), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and Switzerland to the United States. Laserfiche has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (the “Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF, from the United Kingdom (and Gibraltar) in reliance on the UK Data Bridge, and from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Notice and the Principles, the Principles shall govern personal data processed in reliance of the Data Privacy Framework (“DPF”). To learn more about the DPF, and to view our certification, please visit https://www.dataprivacyframework.gov/s/participant-search.

Laserfiche’s responsibility for personal data it receives in reliance on the DPF and subsequent transfers of that personal data to third parties is detailed in the Principles. Where Laserfiche relies on the Principles for onward transfers from the EU, UK and Switzerland, including the onward transfer liability provisions, Laserfiche remains responsible under the Principles for third-party agents processing personal data on its behalf.

With respect to personal data received or transferred pursuant to the DPF, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Laserfiche commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.

Laserfiche commits to resolving complaints about your privacy and our collection and use of your personal data in reliance on the DPF within 45 days of receiving your complaint. Individuals with questions or complaints regarding this Notice should first submit inquiries by contacting us using the contact details provided under the “Contact Us” heading below. Laserfiche has further committed to refer unresolved complaints regarding personal data transferred in reliance on the DPF to the American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact, or visit the American Arbitration Association for more information or to file a complaint. When filing by mail or email, please complete the appropriate DPF Notice of Arbitration Form located in the link below and forward to the International Centre for Dispute Resolution.

International Centre for Dispute Resolution Case Filing Services
1101 Laurel Oak Road, Suite 100
Voorhees, NJ 08043
United States
Phone: +1.212.484.4181
Email box: casefiling@adr.org

For any questions or for further information about this program, the ICDR’s International Arbitration Rules, or for additional language versions of the ICDR’s International Arbitration Rules, please contact the International Centre for Dispute Resolution at +1.212.484.4181 or by visiting the website https://www.icdr.org/dpf. The services of the American Arbitration Association are provided at no cost to you.

Under certain limited circumstances, data subjects, as defined by the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, of the European Union, may invoke binding arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please visit https://www.dataprivacyframework.gov/s/.

The Site and Services are intended for a general audience and not directed to children under sixteen (16) years of age. We do not market products or services to children, and we do not knowingly collect personal information from children at any time, including as defined by the U.S. Children’s Privacy Protection Act (“COPPA”).

If you are under the age of 16, please do not provide personal information of any kind whatsoever and please do not use the Site or Services or participate in Laserfiche’s surveys, contests, events, and other promotions. If you are a parent or guardian and believe Laserfiche has collected such information without parental consent, please contact us as set below in the section entitled “Contact Us” and we will remove personal information to the extent required by COPPA or other applicable law.

We retain personal information we collect from you where we have an ongoing legitimate business need to do so. For example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements.

Notice at Collection

The California Consumer Privacy Act (“CCPA“) as amended by the California Privacy Rights Act (“CPRA”) and implementing regulations (collectively referred to as “CCPA“) requires that we detail the categories of personal information that we disclose for certain “business purposes,” such as to service providers that assist us with securing our services or marketing our products, and to such other entities as described under the “How Laserfiche Uses and Discloses the Information We Collect” heading above in this Notice

• Collection. We have collected the following categories of personal information (as that term is defined in the CCPA) in the past 12 months:
  • Identifiers, including your name, postal address, email address, and online identifiers (such as IP address).
  • Consumer records, including your phone number, billing address, and credit or debit card information.
  • Characteristics of protected classifications under California and/or federal law, including your gender.
  • Commercial or transactions information, including records of products or services purchased, obtained, or considered.
  • Internet activity, including browsing your history, search history, and interactions with a website, email, application, or advertisement.
  • Non-precise geolocation data, including your location derived from an IP address.
  • Precise location data
  • Professional, employment or education-related information.
  • Inferences drawn from any of the information identified in this section.
• Disclosure. For more details about the personal information Laserfiche collects from you and the sources from which we obtain personal information, please review the section entitled “How Laserfiche Uses and Discloses the Information We Collect” above.
• Purpose. We collect, use, and disclose this personal information for the business and commercial purposes set out in the section entitled “How Laserfiche Uses and Discloses the Information We Collect” above. Please see this section above for more details.
• Sales and Shares. Laserfiche does not sell personal information as the term “sell” is traditionally understood. However, some of our disclosures of your personal information may be considered a “sale” or a “share” as those terms are defined by the CCPA. A “sale” is broadly defined under the CPRA to include a disclosure for something of value, and a “share” is broadly defined under the CPRA to include a disclosure for cross-context behavioral advertising. We collect, sell, or share the following categories of personal information for commercial purposes: identifiers, characteristics, commercial or transactions information, internet activity, non-precise geolocation data, and inferences drawn. The categories of third parties to whom we sell or share your personal information include, where applicable, vendors and other parties involved in cross-context behavioral advertising. For details about your rights regarding sales and shares, please see the “Do Not Sell or Share My Personal Information” section below. Laserfiche does not knowingly sell or share the personal information of minors under 16 years old who are California residents.
• Sensitive Personal Information. Some of the personal information we collect may be considered sensitive personal information (as described in the CCPA). For further details of the sensitive personal information we collect (if any) and how we obtain this information, please review the section entitled “Information We Collect” above. We collect, use, and disclose sensitive personal information only for the permissible business purposes for sensitive personal information under the CCPA or without the purpose of inferring characteristics about consumers. Further, we do not “sell” or “share” your sensitive personal information as those terms are defined by the CCPA.
• Data Retention. We retain each category of personal information, including sensitive personal information, for the length of time that is reasonably necessary for the purpose for which it was collected, and as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

Privacy Rights

• Right to Know, Correct, and Delete.
  • Know. You have the right to know certain details about our data practices. In particular, you may request the following from us:
    • The categories of personal information we have collected about you.
    • The categories of sources from which the personal information was collected.
    • The categories of personal information about you that we disclosed for a business purpose or sold or shared.
    • The categories of third parties to whom the personal information was disclosed for a business purpose or sold or shared.
    • The business or commercial purpose for collecting or selling or sharing the personal information.
    • The specific pieces of personal information we have collected about you.
  • Correct. You have the right to correct inaccurate personal information we maintain about you.
  • Delete. You have the right to delete personal information that we have collected about you.
  • These rights are subject to certain exceptions and also apply to sensitive personal information. To exercise any of these rights, California consumers should submit a request through our online form available here or call our toll free number at 800-985-8533.
• Do Not Sell or Share My Personal Information. To the extent that using third party cookies and other tracking technologies to serve retargeted or interest-based advertising constitutes a “sale” or “share” of personal information under the CCPA, you may opt-out of such “sales” or “shares” by clicking Cookie Settings to manage your technology preferences or by turning on a recognized opt-out preference signal in your browser or extension such as Global Privacy Control. When you submit an opt-out through any method, the opt-out will only apply to sales and shares from the specific browser from which you sent the signal because the connection between your browser identifier and other personal information we have about you is not known to us. If you delete or reset your cookies, or use a different browser or device, you will need to reconfigure your settings. If you want the opt-out to apply to information we have about you in our systems, such as your email address, please also submit a request through our form here (specifying the right you wish to exercise).
• Shine The Light Customer Rights
  Consumers in the State of California may request a list of categorized third parties and in some cases affiliates to whom we may have disclosed their personal information specifically for those third parties’ and/or affiliates’ own marketing purposes, as well as the type of personal information disclosed to those parties. If you are a California resident and would like to request this information, please submit a written request to the email or address provided in the section entitled “Contact Us” above. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that any response to requests made by means other than through the provided e-mail address or mail address may be seriously delayed.

Exercising Your Privacy Rights (California).

To exercise any rights available under California law regarding your personal information for which Laserfiche is the business, you should submit a request through our online form available here or call our toll free number at 800-985-8533. In the request, please specify which right you are seeking to exercise and the scope of the request. Any requests with respect to personal information for which Laserfiche is a service provider, should be directed to the applicable Laserfiche client that is the applicable business and controller.

Authorized Agent

You may also designate an authorized agent to submit such requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.

Data Practices

This section applies to residents of certain U.S. states which also have an applicable data privacy law currently in effect. Information regarding the collection, use, disclosure, and retention of your personal information are set out above in this Notice.

Some of our disclosures of personal data may be considered a “sale” under applicable law, which is often defined to include a disclosure for something of value. We also may process your personal data for purposes of targeted advertising. We do not process personal data for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers.

Some of the personal data we collect may be considered sensitive personal data under applicable law. We collect sensitive personal data with your consent.

Sales and Targeted Advertising

To the extent that using third party cookies and other tracking technologies to serve retargeted or interest-based advertising constitutes a “sale” under certain applicable US state data privacy laws, you have the right to opt-out of us “selling” your personal data or processing your personal data for purposes of targeted advertising. To exercise this right, please submit a request through our online form available here or turn on a recognized opt-out preference signal, such as Global Privacy Control. When you submit an opt-out, the opt-out will only apply to the specific browser from which you sent the signal because the connection between your browser identifier and other personal information we have about you is not known to us. If you want the opt-out to apply to personal information we have about you in our systems, such as your email address, please also submit a request through our form here (specifying the right you wish to exercise).

Consent

You have the right to revoke consent previously given to us for the processing of your personal data. To revoke consent, write us at the email or postal address set out in the “Contact Us” section below (specifying the consent you wish to withdraw). If you withdraw consent, you may not be able to receive certain Services related to that consent.

Exercising Your Privacy Rights (US States other than California)

To exercise any rights available under the applicable U.S. state law regarding your personal information for which Laserfiche is the controller, please submit a request through our online form available here.  In the request, please specify which right you are seeking to exercise and the scope of the request. Any requests with respect to personal information for which Laserfiche is a service provider, should be directed to the applicable customer that is the controller.

Authorized Agents

You can designate an authorized agent to submit requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.

Right to Appeal

If we refuse to take action on your request, you may appeal our decision within a reasonable period of time by contacting us at privacy@laserfiche.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to your state’s attorney general office.

For the purpose of this Notice, “Europe” means the European Economic Area (“EEA“), Switzerland, and the United Kingdom.

Legal basis for processing personal information

Our legal bases for processing your personal information include: (a) you have given consent to the processing for one or more specific purposes; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation, for example when providing personal information to a law enforcement agency or where we have an accounting or tax obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests.

If you are a visitor from Europe, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

In rare situations, we may also need to share your personal information with others to protect your vital interests or those of another person.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

Please see the “How Laserfiche Uses and Discloses the Information We Collect in this Notice” for more details about the purposes for which we process your personal information.  More information about the legal basis on which we rely in connection with each of our processing purposes, is set out below.

Purpose and legal basis for processing

Providing our Services to you

• Necessary for our legitimate interests (successful management of our customer and user relationship, and fulfillment of our contractual or other obligations to you).

Improving and developing our Services

• Necessary for our legitimate interests (to improve and develop our Services in order to deliver high quality Services to customers and users, and to ensure the security and efficiency of our Services).

Providing customer and user support

• Necessary for our legitimate interests (successful management of our customer and user relationship, and to promote our business through the delivery of quality Services).

Sending marketing communications

• With your consent, where legally required.
• Necessary for our legitimate interests (promotion of our business and Services to customers and users).

Sending administrative communications

• Necessary for our legitimate interests (continuance of a successful customer and user relationship and to provide quality Services).

Securing our Services

• Necessary for our legitimate interests (providing secure Services, ensuring the security of our networks and systems, and creating trust in our Services).

Complying with our legal obligations

• Necessary for compliance with a legal obligation (such as pursuant to a contract).
• Necessary for our legitimate interests (complying with legal obligations, regulatory, contractual, or other obligations).

Your European Privacy Rights

Depending on your location and how you interact with Laserfiche, you may have the rights listed under the “Your Privacy Rights” heading above in this Notice subject to applicable data privacy law.

Laserfiche is committed to cooperating and complying with European data protection authorities’ advice with respect to any human resources data transferred from Europe in the context of the employment relationship.

Data Retention

We will retain your personal information for only so long as we need it in order to fulfill our processing purposes or where we otherwise need to retain it to comply with our legal obligations. The criteria we use to determine retention periods include the nature of the data, the purpose of processing, and terms of any relevant legal requirements. We regularly review our data retention periods to ensure that we are not keeping personal data longer than necessary.

When we have no ongoing legitimate business need or legal reason to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Exercising Your Privacy Rights (Europe)

To exercise any rights under the applicable laws of Europe with respect to your personal information for which Laserfiche is a controller, please submit a request by filling out this form or contact us as set out in the “How to Contact Us” section below and specify which right you are seeking to exercise.  Any requests with respect to personal information for which Laserfiche is a processor, should be directed to the applicable customer that is the controller.

How to Contact Us

If you have any concerns or questions about the information provided in this “European Economic Area, Switzerland, and United Kingdom” section, please do not hesitate to get in touch with us using the following details:

By mail:
Compulink Management Center, Inc. d/b/a Laserfiche
ATTN: Data Protection Officer
3443 Long Beach Blvd.
Long Beach, CA 90807
USA

By email: privacy@laserfiche.com

Data Protection Officer: privacy@laserfiche.com

We are committed to working with you to obtain a resolution of any concern about our privacy practices. If, however, you believe that we have not been able to assist with your concern, you have the right to lodge a complaint with a European data protection authority.

If you are a resident of the European Economic Area, please contact our EU Representative:

By mail:
Laserfiche Ireland Limited
ATTN: Data Protection Officer
D02 R296

Dublin
Ireland
By email: privacy@laserfiche.com

If you are a resident of the UK, please contact our UK Representative:

By mail:
Laserfiche UK Services Ltd

ATTN: Data Protection Officer
Unit 15B Building 6,
Watford
WD18 8YH
UK

By email: privacy@laserfiche.com

Canada

Laserfiche is committed to collecting, using, and disclosing personal data responsibly in accordance with applicable Canadian privacy regulations, including the Personal Information Protection and Electronic Documents Act (PIPEDA). We collect this information from you, through your interaction with the Laserfiche Site and/or Services, or from third parties. For more information about the personal information we collect, click here. We collect this information for the business and commercial purposes described in the “How Laserfiche Uses and Discloses the Information We Collect” section above.

You have the right to revoke consent previously given to us for the processing of your personal data. To revoke consent, write us at the email or postal address set out in the Contact Us section below (specifying the consent you wish to withdraw). If you withdraw consent, you may not be able to receive certain services related to that consent.

Hong Kong

Laserfiche is committed to collecting, using, and disclosing personal information responsibly in accordance with applicable Hong Kong privacy regulations, including the Personal Data Privacy Ordinance.  This section applies if the data controller of your personal data is Laserfiche International Limited, which is established in Hong Kong. We collect this information from you, through your interaction with the Laserfiche Site and/or Services, or from third parties. For more information about the personal information we collect, click here. We collect this information for the business and commercial purposes described in the “How Laserfiche Uses and Discloses the Information We Collect” section above. If you are a Hong Kong resident and have questions or wish to exercise your privacy rights, please refer to the Contact Us section of this Notice.

Laserfiche may change this Notice from time to time, at Laserfiche’s sole discretion. When we update our Notice, we take appropriate measures to inform you, consistent with the significance of the changes we make. If the changes are material, we will notify you or offer you a choice if and to the extent this is required by applicable data protection laws. You can see when this Notice was last updated by checking the “effective” date displayed at the top of this Notice. Laserfiche recommends that you review this Notice regularly for any revisions. Your continued use of the Site or Services after such revisions will constitute your acknowledgement of the amended Notice.

If you have any concerns or questions about the information provided in this Notice, or want to exercise your data protection rights, please contact us using the following details:

By mail:

Compulink Management Center, Inc. d/b/a Laserfiche
ATTN: Data Protection Officer
3443 Long Beach Blvd.
Long Beach, CA 90807
USA

By email: privacy@laserfiche.com