Privacy Notice

NOTICE: This Privacy Notice is effective as of August 24, 2023.

Compulink Management Center, Inc. operating as Laserfiche and its affiliates (“Laserfiche”, “we”, “us”, “our”) respect your privacy and understand that you care about how your personal information is collected and used. This Privacy Notice (“Notice”) describes the types of personal information that we process about you, how we use it, how we disclose it, your rights and choices, and how you can contact us about our privacy practices. This Notice applies to our processing of personal information in connection with the delivery of our website at https://www.laserfiche.com/ (the “Site”), and all products and services (including its content and functionality) offered by Laserfiche (collectively, our “Services”). We are committed to taking appropriate steps to help protect the privacy of visitors to our Site or users of our Services.

Some data protection laws make a distinction between organizations that process personal data for their own purposes (known as “controllers” or “businesses”) and organizations that process personal data on behalf of other organizations (known as “processors” or “service providers”). Laserfiche may act as either a controller/business or a processor/service provider in respect of your personal data, depending on the circumstances.

Sometimes Laserfiche operates as a processor or service provider on behalf of a customer (a separate legal entity), which is the data controller or business. For example, Laserfiche provides cloud services to its customers and may process personal data on each customer’s behalf to provide those services. This Notice does not describe the processing of such data. We invite you to visit the applicable customer’s privacy notice for information about their privacy practices. Any questions that you may have relating to such personal data and your rights under data protection law should be directed to the customer as the controller or business, not to Laserfiche.

You may also have additional rights based upon your jurisdiction. For more information, please see the relevant jurisdiction headings at the end of this Notice or please click on the links for your jurisdiction listed below:

When you visit or use the Site and/or Services, we collect and retain information that you, as a customer or potential customer, provide through the Site or Services, as well as information that is automatically or passively collected from you, your device, or your browser.

Information You Provide to Us

We collect information that you provide directly to us. For example, when you manage your user profile, participate in interactive features (such as the Contact Us page ), request newsletters or other marketing communications, request customer support, provide other information in connection with a job opening, enter login information, or otherwise communicate with us.

The types of information we may collect include:

  • Contact and profile information, including your name, email address, company information, postal address (including zip or postal code), and telephone number.
  • Account and log-in information, including your username, password, login details, and transaction details.
  • Billing information, including your payment instrument number (e.g., credit card or debit card number), expiration date, security code as necessary to process any payments, and transaction details (if applicable).
  • Correspondence, for example, reporting a problem or submitting queries, concerns or comments regarding the Site or its content.
  • Job application information, including your resume and related data as necessary to consider you for a job opening if you submit an application to us, including your employment history, transcript, writing samples, and references.
  • Any other content or information you choose to provide, including photos you may upload.

If you post information on the Site, including on a bulletin board, in a chat room, or community forum, it becomes generally available to the public. Laserfiche does not control or limit the use by visitors of the Site. By posting information on the Site, you understand that Laserfiche may use the information in connection with its business. Therefore, you should not post any information you consider private or sensitive.

Information We May Collect Automatically

We automatically collect information for business and commercial purposes about your device and how your device interacts with our Site and the Services. We may use service providers to collect this information. Some examples of information we automatically collect include the following:

  • Information about your visits to the Site and use of the Services, the resources you access, any data you download, and information related to the ways in which you interact with the Site or the Services.
  • IP addresses, including the general information in such address, such as city, state and zip or postal code, your device’s regional settings, unique device identifiers, other information about your mobile phone or other mobile device(s), browser types, and browser language.
  • Referral pages and links, URLs, number of clicks, pages viewed, how long you’re on a page, your search queries, and results.
  • Information about your device, computer and/or browser you use, as well as the device’s operating system, such as device hardware model, operating system version, or mobile network information.
  • Non-precise location data, including your device’s location derived from an IP address or data that indicates a city or zip or postal code.
  • We use various technologies to collect this information (“Tracking Technologies”), as further discussed below under the “Cookies, Other Tracking Technologies, Interest-Based Advertising, And Choices Regarding the Same” heading.

    Information We Collect from Customers

    We provide products and services for our customers and collect and process information about individuals (including through Tracking Technologies) at the direction of and on behalf of our customers (“Customer Data“). Customer Data has historically included contact data, demographic data, content, service use data, device connectivity and configuration data, and non-precise location data, among other information. Our processing of Customer Data is governed by the terms of our Cloud Subscription Agreement with each customer. To the extent we combine Customer Data with information we have collected about you through the Site, we will treat the combined information in accordance with the practices described in this Notice, plus any additional restrictions imposed by our customers. We are not responsible for how our customers treat the information we collect on their behalf as a processor or service provider, and we recommend you review each customer’s own privacy notice. For more information on your rights and choices regarding Customer Data, please see the “Your Privacy Rights” heading below.

    Information We Collect From Other Sources

    We may obtain information from other third-party sources that we combine with information collected through the Site. These third-party sources vary over time, but include:

    • Data brokers from which we purchase demographic data to supplement the data we collect.
    • Social networks when you reference our Service or grant permission to Laserfiche to access your data on one or more of these social networks.
    • Partners with which we offer co-branded services, sell or distribute our products, or engage in joint marketing activities.
    • Publicly available sources, such as open government databases or other data in the public domain.

    For example, if you log into a social media website through our Site, we may have access to certain information from that website, in accordance with the procedures and practices of that social media website. You should carefully review the privacy policies and terms of use of these third parties.

    Use of Information Collected

    Laserfiche collects and uses the information you provide in connection with our Site and Services for a variety of purposes, in accordance with the practices described in this Notice, which may include:

    • Providing our Services to you: We use your information to operate and manage our Site and Services, including your registration process and user account.
    • Improving and developing our Services and Site: We may use your information to understand how you use our products, Services, and Site, and how we can improve them, and to obtain insight and analysis. For example, the information collected may assist with customer service improvements and technical improvements to our products.
    • Providing customer and user support: We may use your information to troubleshoot and diagnose product problems, provide support or technical assistance, investigate security incidents, and to perform services requested by you, such as to respond to your comments, questions, and requests.
    • Sending marketing communications: Depending on your marketing choices, we may use your information to keep you informed about Laserfiche and our software and Services and promote certain Services and features that you may be interested in, such as communications about third-party products, updates, special offers, promotions, rewards, and events. We may also contact you for market research and to survey your satisfaction with Laserfiche software and Services, encourage you to participate in our user groups, and invite you to events that may be of interest, including trainings, webinars, and conferences.
    • Sending administrative communications: We may use your information to send you technical notices, updates, security alerts, information regarding changes to our policies, and other support and administrative messages regarding your account with us.
    • Securing our Services: We may use your information for maintaining the safety and security of our Services, investigating suspicious activity, detecting, and preventing fraudulent or unauthorized use of the Services, and identifying and troubleshooting any problem.
    • Complying with our legal obligations: We may process your information in order to cooperate with public and government authorities, courts, or regulators, including to comply with legal orders or judicial proceedings, or to respond to lawful requests and otherwise comply with our legal, regulatory and reporting obligations under applicable laws. Additionally, we may process your information, to protect, defend or exercise our legal rights and to ensure the continuity and integrity of our Services, including where we seek to pursue remedies available to us and or in order to limit damages. We will make reasonable efforts to notify our customers and users of any disclosure of their information, unless we are prohibited by law, court order, or exigent circumstances prevent us from doing so.
    • Statistics and analysis: We may aggregate and anonymize your information in such a way as to prevent the information from being reassociated or identified with an account, user, or individual. We may use aggregated and anonymized information for a variety of statistical and analytical purposes, which may entail providing this information to an agent acting on Laserfiche’s behalf to assist in data analytics.

    We also use information about you for the following purposes:

    • Serve personalized advertising tailored to your interests on our Site and/or Service, and third-party Services (where applicable), to the extent it is necessary for our legitimate interest in advertising our Site and Services, or where necessary, to the extent you have provided your prior consent.
    • Fulfill any purpose at your direction.
    • With your consent, fulfill any other purpose disclosed to you.

    For more information about how we use and disclose your information for personalized advertising, please see the “Cookies, Other Tracking Technologies, Interest-Based Advertising, and Choices Regarding the Same” heading below.

    We may use publicly available information (as that term is defined by applicable law) or information that does not identify you (including information that has been de-identified or aggregated, as those terms are defined by applicable law), for any purpose without obligation to you except as prohibited by applicable law.

    Disclosure of Information Collected

    Laserfiche will disclose information we have collected about you in accordance with the practices described in this Notice. The types of persons to whom we disclose information include, but are not limited to, the following:

    Disclosing to Service Providers

    We will occasionally hire service providers or contract with third-party consultants to provide limited services on our behalf. Laserfiche will only provide those service providers and other third-party consultants the information they need to deliver services, and, to the extent required by law. They are prohibited from using that information for any other purpose. We may permit these service providers or third-party consultants to use publicly available information (as that term is defined by applicable law) or information that does not identify you (including information that has been de-identified or aggregated, as those terms are defined by applicable law) to the extent permitted by applicable law.

    Disclosing to Others

    We also disclose information about you to the following categories of recipients:

    • Affiliates: We may disclose your information to our affiliated and related entities including our subsidiaries. For example, we may disclose your information to our affiliates for customer support, marketing, and technical operations.
    • Customers: We may disclose your information to our customers in connection with us processing your information on their behalf. For example, we may disclose your information to our customers in order to facilitate your orders, maintain and administer your online accounts, respond to your questions and comments, comply with your requests, market, and advertise to you, and otherwise comply with applicable law.
    • Business Partners: We may disclose your information to our business partners in connection with offering you co-branded services, selling, or distributing our products, or engaging in joint marketing activities. For example, we may disclose information about you to a retailer for purposes of providing you with product support. We may also disclose your information to approved third parties for marketing purposes; this may include our authorized resellers, user group training partners, and cloud solution providers.
    • Promotions: Our promotions may be jointly sponsored or offered by third parties. If you voluntarily choose to enter a promotion, we may disclose your information to third parties as set forth in the official rules that govern the promotion as well as for administrative purposes and as required by law (e.g., on a winners list). By entering any such promotion, you agree to the official rules that govern that promotion, and may, except where prohibited by applicable law, allow the sponsor and/or other third parties to use your name, voice and/or likeness in advertising or marketing materials.
    • User Group, Training, and Events: Our events may be jointly sponsored or offered by third parties. If you voluntarily sign-up for an event through Laserfiche, we may disclose your contact details or information that you provide to the sponsor, facility, or any other organization who we schedule you to meet with at that event in order to fulfill your event registration and/or inform you of future events organized by the sponsor, which we believe you may be interested in.
    • Tracking Technologies: Some information about your use of the Site and Services and certain third-party services may be collected using Tracking Technologies across time and services and used by us and third parties for business and/or commercial purposes such as to associate different devices you use, and deliver relevant ads and/or other content to you on the Site, Services, and certain third-party services, as explained further under the “Cookies, Other Tracking Technologies, Interest-Based Advertising, And Choices Regarding the Same” heading.
    • Third Parties: We may disclose your information to third parties for the purposes of facilitating your requests (such as when you choose to disclose information with a social network about your activities on the Site or Services) and in connection with tailoring advertisements, measuring, and improving our Service and advertising effectiveness, and enabling other enhancements, subject to your preferences (where applicable).
    • Consent or another lawful purpose: We may disclose your information for any other lawful purpose and/or with notice to you and with your consent.

    We will disclose your information to respond to duly authorized requests from governmental authorities as required by law, or in circumstances in which we believe disclosure is necessary or reasonably appropriate to protect the rights, property, or safety of us or others. Please note that Laserfiche is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

    Laserfiche also discloses your personal information when: (a) we are required to do so by law, regulation, warrant, subpoena or court order, (b) we are required in urgent circumstances to protect the personal safety of Laserfiche employees, users of Laserfiche products or services, or members of the public, (c) it is necessary to enforce our Terms of Use, or to exercise, establish or defend our legal rights, or (d) such disclosure may be part of a sale of all (or substantially all) of the assets of Laserfiche or an affiliated entity where customer information might be included among the transferred assets.

    Disclosing to third party websites

    Some of the hyperlinks on our Site may lead to third-party services that are not controlled by or affiliated with Laserfiche. These links are provided solely as a convenience to you and not as an endorsement by Laserfiche of the content on such third-party services. Third-party services are subject to the terms of use and privacy policies of each applicable third-party entity, including what information they disclose with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. For example, Office Online is a Microsoft service and use of Office Online is subject to Microsoft’s terms of use and privacy policy. Laserfiche is not responsible for and does not endorse, guarantee or monitor the content, availability, viewpoints, products or services that are offered or expressed through any third-party services and does not make any representations or warranties regarding the content or accuracy of any content on these third-party websites, including third-party privacy policies. We encourage you to familiarize yourself with and consult each applicable third-party entity’s terms of use and privacy policies.

    Without limiting the foregoing, in our sole discretion, we may disclose aggregated information which does not identify you or de-identified information (as those terms are defined under applicable law) about you with third parties or affiliates for any legitimate business purpose or with your consent, except as prohibited by applicable law.

    Do-Not-Track (“DNT”) is a preference that can be set in your browser to notify websites you visit that you do not want them to collect certain information about you. Laserfiche does not respond to DNT signals at this time and will not do so unless and until the law is interpreted to require such response. As discussed in this Notice, we and third parties may track your visits to our Site or use of our Services for purposes such as to provide Interest-based Advertising. To the extent you have specific rights in your region with respect to certain preference signals, such as Global Privacy Control, please see your region-specific terms for details.

    Please see our Cookie Statement for more information about how we use cookies and similar tracking technologies. In addition to the technologies listed in our Cookie Statement, we use the following to collect information:

    • Pixels/Web Beacons: Pixels or web beacons are code which is embedded in our Site or Services that send information about your use to a server. There are various types of pixels/web beacons, including image pixels (e.g., small graphic images) and JavaScript pixels (e.g., containing JavaScript code). When you access a service that contains a pixel, the pixel may permit us or a separate entity to drop or read cookies on your browser or collect other information about your visit to our Site or use of our Services. We utilize pixels (some of which are provided by separate entities) that allow us to track our conversions with you, bring you advertising, and provide you with additional functionality with our Site or Services.
    • Device Fingerprinting: Device fingerprinting is the process of analyzing and combining sets of information elements from your device’s browser, such as JavaScript objects and installed fonts, in order to create a “fingerprint” of your device and uniquely identify your device and apps.

    As discussed in our Cookie Statement, we also work with ad serving services, advertisers, and other third parties to serve advertisements on the Site, Services, and/or on third-party services. These third parties may use Tracking Technologies on our Sites, Services, and third-party services (including in emails and advertisements) to track your activities across time and services for purposes of associating the different devices you use and delivering relevant ads and/or other content to you on the Site, Services, and third-party services or third-party devices after you have left the Services (“Interest-based Advertising”).

    Some of the third parties that collect information from or about you on the Site or Services in order to provide more relevant advertising to you participate in the Digital Advertising Alliance (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. This program offers a centralized location where users can make choices about the use of their information for online behavioral advertising. To learn more about the DAA and your opt-out options for their members, please visit (i) for website opt-out, http://www.aboutads.info/choices; and (ii) for mobile app opt-out, http://www.aboutads.info/appchoices. In addition, some of these third parties may be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt-out options for their members, please visit http://www.networkadvertising.org/choices/. Please note that if you opt-out of online behavioral advertising using any of these methods, the opt-out will only apply to the specific browser or device from which you opt-out. Further, opting-out only means that the selected members should no longer deliver certain Interest-based Advertising to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). We are not responsible for effectiveness of, or compliance with, any third parties’ opt-out options or programs or the accuracy of their statements regarding their programs.

    Most browsers accept cookies by default. You may instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.

    Please be aware that if you disable or remove Tracking Technologies some parts of the Services may not function correctly.

    For further information about the types of Tracking Technologies we use, why, and how you can control such Tracking Technologies, please see our Cookie Statement.

    Occasionally, portions of the Site may allow you to post information that other visitors to the Site will be able to access (i.e., a “bulletin board” or interactive “chat”). If you choose to post information on a bulletin board or through a chat session, it becomes available to the public, and Laserfiche has no ability to control or limit the use of information that is available to the public. Laserfiche and its affiliates will utilize any information you post through the Site in connection with the operation of its business. Laserfiche encourages you not to post any information you consider private or sensitive on the Site. To request removal of your information from such bulletin boards or chat sessions, please contact us using the contact details provided under the “Contact Us” heading below. In some cases, we may not be able to remove your information, in which case we will let you know if we are unable to and why.

    Jurisdictional Rights
    Consumers in California, Nevada, Colorado, Connecticut, Utah, and Virginia, and data subjects in the European Economic Area, Switzerland or United Kingdom may have additional rights as set forth in the sections entitled “California Privacy Rights,” “Nevada Privacy Rights,” “Colorado, Connecticut, Utah, and Virginia Privacy Rights,” and “European Privacy Rights” below. For more information about choices regarding Tracking Technologies, see the section on “Cookies, Other Tracking Technologies, Interest-Based Advertising, And Choices Regarding the Same” above.
    Your information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country. Please see the “International Transfers” section below for more information.

    Marketing Communications

    • If you supply Laserfiche with your postal address online, you may receive periodic mailings from us with information on new products and Services, or upcoming events.
    • If you supply us with your telephone number online, you may receive telephone calls from us with information regarding orders and/or requests you have placed online – such as a software demonstration request or general business inquiry.
    • If you supply us with your email address, then in accordance with your marketing choices, you may receive email messages for marketing purposes, such as providing information on new products and Services, or upcoming events. We may track when you open our email messages or click on the links contained within them.

    You have the right to opt-out of marketing communications from us at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you, or by emailing us at the email address set forth in the section entitled “Contact Us” below with the word UNSUBSCRIBE in the subject field of your email. Please note that you cannot opt-out of non-promotional emails, such as those about your account, transactions, servicing, or Laserfiche’s ongoing business relations.

    You can also opt out of receiving calls to your phone number at any time by requesting to opt-out during any call you receive from us or contacting us as set out in the “Contact Us” heading below and specifying you would like to opt-out of calls.
    To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details under the “Contact Us” heading below.

    Please note that by opting in to allow Laserfiche and its event sponsors/industry partners to receive your contact information through an event in accordance with this Notice, you will be subject to each event sponsor/industry partner’s communications and privacy policy and must opt-out with them directly.

    We have implemented and maintain reasonable industry standard controls, intrusion detection network monitoring, and reasonable security measures designed to protect the personal information that you submit through the Services and Site. These measures include physical access controls, access authorization controls, and firewalls. We also periodically review our information collection, storage, and processing practices to help prevent loss, misuse, unauthorized access, alteration, or other destruction of information we collect. When accessing secure sections of the Site, we use Transport Layer Security (TLS) encryption to secure the communication of information passing between your browser and our servers. Additionally, only authorized administrators, Laserfiche employees and third-party contractors have access to systems containing such information.

    Although we take reasonable security measures to protect your information, we cannot guarantee the security of your personal information transmitted to the Site. The transmission of information via the internet is never 100% secure, and we cannot ensure or warrant the security of any information you transmit to us. We are not responsible for circumvention of any privacy settings or security measures contained on the Site.

    The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of the Site, products, or Services, you are responsible for keeping this password confidential. Please do not share your password with anyone.

    Laserfiche is headquartered in the United States. Data centers for Laserfiche Cloud Services are located in the United States, Canada, and Ireland, respectively. Operationally, we have on-premises computer facilities in the United States, Canada, Hong Kong and other regions. Our affiliated subsidiaries, third-party service providers, and partners operate around the world. This means that when we collect your personal information, we may process it in any of these jurisdictions. The laws governing our processing of personal information in such jurisdictions may differ from those in the jurisdictions in which you are located. Regardless of where your personal information is processed, we will treat all personal information in accordance with applicable data protection laws and this Notice.
    If you are located in the EEA, United Kingdom or Switzerland, we will protect your personal information when it is transferred outside of such locations by processing it in a country that provides an adequate level of protection (click here for a list of countries deemed adequate by the European Commission) or by implementing appropriate safeguards to protect your personal information, including through the use of standard contractual clauses or another lawful transfer mechanisms approved by the European Commission and/or the United Kingdom or Swiss authorities (as applicable). For more information about the lawful transfer mechanisms we rely on, please contact us using the contact details under “How to Contact Us” within the “European Economic Area, Switzerland, and United Kingdom” section below.

    Laserfiche complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and Switzerland to the United States. Laserfiche has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF, from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF, and from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Notice and the Principles, the Principles shall govern personal data processed in reliance of the Data Privacy Framework (“DPF”). To learn more about the DPF, and to view our certification, please visit https://www.dataprivacyframework.gov/s/participant-search.

    Laserfiche’s responsibility for personal data it receives in reliance on the DPF and subsequent transfers of that personal data to third parties is detailed in the Principles. Where Laserfiche relies on the Principles for onward transfers from the EU and Switzerland, including the onward transfer liability provisions, Laserfiche remains responsible under the Principles for third-party agents processing personal data on its behalf.

    With respect to personal data received or transferred pursuant to the DPF, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

    Laserfiche commits to resolving complaints about your privacy and our collection and use of your personal data in reliance on the DPF within 45 days of receiving your complaint. Individuals with questions or complaints regarding this Notice should first submit inquiries by contacting us using the contact details provided under the “Contact Us” heading below. Laserfiche has further committed to refer unresolved complaints regarding personal data transferred in reliance on the DPF to the American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact, or visit the American Arbitration Association for more information or to file a complaint. When filing by mail or email, please complete the appropriate DPF Notice of Arbitration Form located in the link below and forward to the International Centre for Dispute Resolution.

    International Centre for Dispute Resolution Case Filing Services
    1101 Laurel Oak Road, Suite 100
    Voorhees, NJ 08043
    United States
    Phone: +1.212.484.4181
    Email box: casefiling@adr.org

    For any questions or for further information about this program, the ICDR’s International Arbitration Rules, or with additional language versions of the ICDR’s International Arbitration Rules, please contact the International Centre for Dispute Resolution at +1.212.484.4181 or by visiting the website https://www.icdr.org/dpf. The services of the American Arbitration Association are provided at no cost to you.

    Under certain limited circumstances, data subjects, as defined by the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, of the European Union, may invoke binding arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please visit https://www.dataprivacyframework.gov/s/.

    The Site and Services are intended for a general audience and not directed to children under sixteen (16) years of age. We do not market products or services to children, and we do not knowingly collect personal information from children any time, including as defined by the U.S. Children’s Privacy Protection Act (“COPPA”).

    If you are under the age of 16, please do not provide personal information of any kind whatsoever and please do not use Laserfiche Site and Services or participate in Laserfiche’s surveys, contests, events, and other promotions. If you are a parent or guardian and believe Laserfiche has collected such information without parental consent, please contact us as set below in the section entitled “Contact Us” and we will remove such data to the extent required by COPPA or other applicable law.

    We retain personal information we collect from you where we have an ongoing legitimate business need to do so. For example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements.

    Laserfiche may change this Notice from time to time, at Laserfiche’s sole discretion. When we update our Notice, we take appropriate measures to inform you, consistent with the significance of the changes we make. If the changes are material, we will notify you or offer you choice if and to the extent this is required by applicable data protection laws. You can see when this Notice was last updated by checking the “effective” date displayed at the top of this Notice. Laserfiche recommends that you review this Notice regularly for any revisions. Your continued use of the Site or Services after such revisions will constitute your acknowledgement of the amended Notice.

    If you have any concerns or questions about the information provided in this Notice, or want to exercise your data protection rights, please contact us using the following details:

    By mail:

    Compulink Management Center, Inc. d/b/a Laserfiche
    ATTN: Data Protection Officer
    3443 Long Beach Blvd.
    Long Beach, CA 90807
    USA

    By email: privacy@laserfiche.com

    California provides additional rights to California residents, including rights through the California Consumer Privacy Act as replaced by the California Privacy Rights Act (“CPRA”). This section addresses those additional rights and only applies to California residents.

    Additionally, we acknowledge that you may have rights under California law in connection with the personal information we process on behalf of our customers. If personal information about you has been processed by us as a service provider on behalf of a customer and you wish to exercise any rights you have with such personal information, please inquire with our customer directly. If you wish to make your request directly to us, please provide the name of our customer on whose behalf we processed your personal information. We will refer your request to that customer and will support them to the extent required by applicable law in responding to your request.

    • Shine The Light Customer Rights
      Consumers in the State of California may request a list of categorized third parties and in some cases affiliates to whom we may have disclosed their personal information specifically for those third parties’ and/or affiliates’ own marketing purposes, as well as the type of personal information disclosed to those parties. If you are a California resident and would like to request this information, please submit a written request to the email or address provided in the section entitled “Contact Us” above. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are not required to respond to requests made by means other than through the provided e-mail address or mail address.

    • California Consumer Rights Under The CCPA/CPRA
      Notice of Collection.
      We have collected the following categories of personal information (as that term is defined in the CPRA) in the past 12 months:

      • Identifiers, including your name, postal address, email address, and online identifiers (such as IP address).
      • Consumer records, including your phone number, billing address, and credit or debit card information.
      • Characteristics of protected classifications under California and/or federal law, including your gender.
      • Commercial or transactions information, including records of products or services purchased, obtained, or considered.
      • Internet activity, including browsing your history, search history, and interactions with a website, email, application, or advertisement.
      • Non-precise geolocation data, including your location derived from an IP address.
      • Professional, employment or education-related information.
      • Inferences drawn from any of the information identified in this section.
      • For more details about the personal information Laserfiche collects from you and the sources from which we obtain personal information, please review the section entitled “How Laserfiche Uses and Discloses the Information We Collect” above.

        Additionally, we collect, use, and disclose this personal information for the business and commercial purposes set out in the section entitled “How Laserfiche Uses and Discloses the Information We Collect” above. Please see this section above for more details.

        Laserfiche does not sell personal information as the term “sell” is traditionally understood. However, some of our disclosures of your personal information may be considered a “sale” or a “share” as those terms are defined by the CPRA. A “sale” is broadly defined under the CPRA to include a disclosure for something of value, and a “share” is broadly defined under the CPRA to include a disclosure for cross-context behavioral advertising. We collect, sell, or share the following categories of personal information for commercial purposes: identifiers, characteristics, commercial or transactions information, internet activity, non-precise geolocation data, and inferences drawn. The categories of third parties to whom we sell or share your personal information include, where applicable, vendors and other parties involved in cross-context behavioral advertising. For details about your rights regarding sales and shares, please see the “Do Not Sell or Share My Personal Information ” section below.

        Laserfiche does not knowingly sell or share the personal information of minors under 16 years old who are California residents.

        Sensitive Personal Information.
        Some of the personal information we collect may be considered sensitive personal information (as described in the CCPA). For further details of the sensitive personal information we collect (if any) and how we obtain this information, please review the section entitled “Information We Collect” above.

        We collect, use, and disclose sensitive personal information only for the permissible business purposes for sensitive personal information under the CPRA or without the purpose of inferring characteristics about consumers. Further, we do not “sell” or “share” your sensitive personal information as those terms are defined by the CPRA.

        Data Retention.
        We retain each category of personal information, including sensitive personal information, for the length of time that is reasonably necessary for the purpose for which it was collected, and as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

        Right to Know, Correct, and Delete.
        You have the right to know certain details about our data practices. In particular, you may request the following from us:

        • The categories of personal information we have collected about you.
        • The categories of sources from which the personal information was collected.
        • The categories of personal information about you that we disclosed for a business purpose or sold or shared.
        • The categories of third parties to whom the personal information was disclosed for a business purpose or sold or shared.
        • The business or commercial purpose for collecting or selling or sharing the personal information.
        • The specific pieces of personal information we have collected about you.

        In addition, you have the right to correct or delete the personal information we have collected from you. These rights are subject to certain exceptions and also apply to sensitive personal information.

        To exercise any of these rights, California consumers should submit a request through our online form available here or call our toll free number at 800-985-8533. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 business days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know, correct, or delete.

        Do Not Sell or Share My Personal Information.
        To the extent that using third party cookies and other tracking technologies to serve retargeted or interest-based advertising constitutes a “sale” or “share” of personal information under the CPRA, you may opt-out of such “sales” or “shares” by visiting our cookie consent platform at the button below and opting out of any third party advertising cookies, or by clicking on the “Do Not Sell or Share My Personal Information” button below.

        You may also submit a request by turning on a recognized opt-out preference signal in your browser or extension. At this time, we recognize the Global Privacy Control signal. When you submit an opt-out, the opt-out will only apply to sales and shares from the specific browser from which you sent the signal because the connection between your browser identifier and other personal information we have about you is not known to us.

        Authorized Agent
        You may also designate an authorized agent to submit such requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.

        Right to Non-Discrimination
        You have the right not to receive discriminatory treatment by us for the exercise of any of your rights.

    Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please submit a request through our online form available here.

    These additional rights and disclosures apply only to residents of Colorado, Connecticut, Utah, and Virginia. Terms have the meaning ascribed to them in the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), and the Virginia Consumer Data Protection Act (“VCDPA”), as applicable.

    You have the following rights under applicable law:

    • To confirm whether or not we are processing your personal data.
    • To access your personal data.
    • To correct inaccuracies in your personal data.
    • To delete your personal data.
    • To obtain a copy of your personal data that you previously provided to us in a portable and readily usable format.
    • To opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

    To exercise any of these rights, please submit a request through our online form available here. Please note these rights are subject to exceptions. We will respond to your request within 45 days. We may require specific information from you to help us confirm your identity and process your request. If personal data about you has been processed by us as a processor on behalf of a customer and you wish to exercise any rights you have with such personal data, please inquire with our customer directly. If you wish to make your request directly to us, please provide the name of our customer on whose behalf we processed your personal data. We will refer your request to that customer and will support them to the extent required by applicable law in responding to your request.

    You also may have the right to opt-out of the processing of personal data for purposes of targeted advertising or the sale of personal data through a recognized opt-out preference signal, such as Global Privacy Control. When you submit an opt-out, the opt-out will only apply to the specific browser from which you sent the signal because the connection between your browser identifier and other personal information we have about you is not known to us.

    You can designate an authorized agent to submit requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.

    If we refuse to take action on your request, you may appeal our decision within a reasonable period of time by contacting us at privacy@laserfiche.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows:

    For the purpose of this Notice, “Europe” means the European Economic Area (“EEA“), Switzerland, and the United Kingdom.

    Legal basis for processing personal information
    Please see the “How Laserfiche Uses and Discloses the Information We Collect” section above for more details about the purposes for which we process your personal information.

    Data protection laws in Europe require a legal basis for processing personal information. Our legal bases include: (a) you have given consent to the processing for one or more specific purposes; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation, for example when providing personal information to a law enforcement agency or where we have an accounting or tax obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests.

    If you are a visitor from Europe, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
    In rare situations, we may also need to share your personal information with others to protect your vital interests or those of another person.

    If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

    Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

    More information about the legal basis on which we rely in connection with each of our processing purposes (described in the section “How Laserfiche Uses and Discloses the Information We Collect” above), is set out below.

    Purpose and legal basis for processing

    Providing our Services to you

    • Necessary for our legitimate interests (successful management of our customer and user relationship, and fulfillment of our contractual or other obligations to you).

    Improving and developing our Services

    • Necessary for our legitimate interests (to improve and develop our Services in order to deliver high quality Services to customers and users, and to ensure the security and efficiency of our Services).

    Providing customer and user support

    • Necessary for our legitimate interests (successful management of our customer and user relationship, and to promote our business through the delivery of quality Services).

    Sending marketing communications

    • With your consent, where legally required.
    • Necessary for our legitimate interests (promotion of our business and Services to customers and users).

    Sending administrative communications

    • Necessary for our legitimate interests (continuance of a successful customer and user relationship and to provide quality Services).

    Securing our Services

    • Necessary for our legitimate interests (providing secure Services, ensuring the security of our networks and systems, and creating trust in our Services).

    Complying with our legal obligations

    • Necessary for compliance with a legal obligation.
    • Necessary for our legitimate interests (complying with legal obligations, regulatory, contractual, or other obligations).

    If you have questions or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to Contact Us” heading below.

    Your European Privacy Rights
    Depending on your location and how you interact with Laserfiche, you may have the following rights regarding the personal information we collect and use about you on our Site and Services:

    • Right of Access: You have the right to know what personal Information we hold about you, and to obtain a copy of such personal information.
    • Right to Correct: If you find out that your personal information is inaccurate or incomplete, you can request that we correct it.
    • Right to be forgotten: You may require that we erase your personal information where certain grounds apply (including where we no longer require the personal information for the purpose for which it was collected or where we relied upon your consent to process the personal information and you have withdrawn that consent, among other things).
    • Right to Restrict: You have the right to request that we suspend our processing of your personal information if:
      • The accuracy of the personal information is contested;
      • The processing is unlawful, and you oppose the erasure of the personal information and request the restriction of its use instead;
      • Laserfiche no longer needs the personal information for the purposes of processing but is required to keep it for the establishment, exercise, or defense of legal claims; or
      • You have objected to our processing of your personal information (see below) and we are verifying whether you have legitimate ground for such objection.
    • Right to complain: You can contact us at any time if you wish to make a complaint about our processing of your personal information. Additionally, you have the right to complain to a data protection authority.
    • Right to withdraw consent: Where we process your personal information on the basis of your consent, you may withdraw such consent at any time, and we will no longer process your personal information. Such withdrawal of consent shall not affect the lawfulness of our processing prior to the time that such withdrawal was made but can affect the ability you have to receive our Services (or services provided by third parties) going forward.
    • Right to object: Where we process your personal information on the basis of legitimate interests you may object to our processing based on grounds relating to your situation. Where we process your personal information for direct marketing purposes you may object at any time, and we will cease our processing for such purposes.
    • Right to data portability: Where we are processing your personal information on the basis of your consent or pursuant to the performance of a contract with you and such processing is carried out by automated means, you may request to receive your personal information in a commonly used, machine readable format (or have that information transmitted to a third party where technically feasible).
    • Laserfiche is committed to cooperating and complying with European data protection authorities’ advice with respect to any human resources data transferred from Europe in the context of the employment relationship.

      To exercise any of these rights, please fill out this form or contact us as set out in the “How to Contact Us” section below and specify which right you are seeking to exercise. We will respond to your request within a month of receipt of your request. If we require more time, we will inform you of the reason and extension period in writing. We may require additional information from you to allow us to confirm your identity and process your request.

      If personal information about you has been processed by us as a processor on behalf of a customer (acting as a controller) and you wish to exercise any rights you have in connection with such personal information, please inquire with our customer directly. If you wish to make your request directly to us, please provide the name of the customer on whose behalf we processed your personal information. We will refer your request to that customer and will support them to the extent required by applicable law in responding to your request.

      Data Retention
      We will retain your personal information for only so long as we need it in order to fulfil our processing purposes or where we otherwise need to retain it to comply with our legal obligations.

      When we have no ongoing legitimate business need or legal reason to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

      How to Contact Us
      If you have any concerns or questions about the information provided in this “European Economic Area, Switzerland, and United Kingdom” section, please do not hesitate to get in touch with us using the following details:

      By mail:
      Compulink Management Center, Inc. d/b/a Laserfiche
      ATTN: Data Protection Officer
      3443 Long Beach Blvd.
      Long Beach, CA 90807
      USA

      By email: privacy@laserfiche.com

      Data Protection Officer: privacy@laserfiche.com

      We are committed to working with you to obtain a resolution of any concern about our privacy practices. If, however, you believe that we have not been able to assist with your concern, you have the right to lodge a complaint with a European data protection authority.