Personal Information means any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address and an email address or other contact information, whether at work or at home. In general, you can visit Annex.com’s Web pages without telling us who you are or revealing any Personal Information about yourself.
Privacy Shield Frameworks
11 Cushing, Suite 100
Irvine, CA 92618-4220
Annex.com has further committed to refer unresolved Privacy Shield complaints to the International Centre for Dispute Resolution of the American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit www.adr.org for more information or to file a complaint. The services of the American Arbitration Association are provided at no cost to you.
EU General Data Protection Regulation (GDPR)
Annex.com also complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 which is a regulation in the European Union (EU) on data protection and privacy for all individuals within the EU. It safeguards the export of personal data and is designed to give EU citizens control over their personal data being held outside the EU.
Annex.com generally only collects Personal Information on the web for current Annex.com clients, or, those who have an interest in our products and services. We use personal information to establish an account or to contact you in regards to your interest of our products.
If you choose to have a relationship with Annex.com, such as a contractual or other business relationship or partnership, we will naturally continue to contact you in connection with that business relationship.
Third Party Disclosure
Third parties provide certain services available on the Annex.com web site on Annex.com’s behalf. Annex.com may provide information, including Personal Information that Annex.com collects on the Web to third-party service providers to help us deliver programs, products, information, surveys or other services. Service providers are also an important means by which Annex.com maintains our Web site and mailing lists. Annex.com will take reasonable steps to ensure that these third-party service providers are obligated to protect Personal Information on Annex.com’s behalf and will use this shared personal information only as necessary to provide these services to us. In the case of onward transfer to Third Parties, Annex.com may be liable if the data is misused unless we can prove we were not responsible for the event leading to the damage.
In the specific case of our forms supported by Formstack (formstack.com), any data entered into these forms is encrypted. Formstack’s policy is to not distribute or sell any data, to 3rd party companies.
To the extent that you do provide us with Personal Information, Annex.com will provide you access to your Personal Information. Where we collect Personal Information from you, our goal is to provide a means of contacting Annex.com should you need to update, delete or correct that information. If for any reason those means are unavailable or inaccessible, you may send updates, deletions and corrections about your Personal Information to firstname.lastname@example.org and we will make reasonable efforts to incorporate the changes in your Personal Information that we hold as soon as practical. We will respond to your request to access within 30 days.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. Out of respect for your privacy, you may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, accessing the email preferences in your account settings page or you can contact us at email@example.com.
Lawful Requests for Information Disclosure
We may also disclose your personal information as required by law, such as to comply with a subpoena, or similar legal process and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
We seek to maintain reasonable security measures in order to attempt to protect against the loss or misuse of personally identifying information under our control. When you login into our platform, we encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted standards to protect information submitted to us, both during transmission and once we receive it. Unfortunately, there is no such thing as perfect security. As a result, although we strive to protect personally identifying information, we cannot ensure or warrant the security of any information transmitted to us through or in connection with our website, the O’Neil Cloud platform, or that we store on our systems or that is stored on our service providers’ systems.
Wherever your Personal Information may be held within Annex.com or on its behalf, we intend to take reasonable and appropriate steps to protect the Personal Information that you share with us from unauthorized access or disclosure. If you have any questions about security on our Web site, you can contact us at firstname.lastname@example.org.
Technologies such as: cookies, beacons, tags and scripts are used by Annex.com and our partners (e.g. marketing partners), affiliates, or analytics or service providers (e.g. Google Analytics, etc.). These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
As is true of most web sites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We do not link this automatically collected data to other information we collect about you. Any information via tracking technologies is used to improve the services we offer you, to improve marketing, analytics, or site functionality.
We partner with a third party to manage our advertising on other sites. Our third-party partner may use technologies such as cookies to gather information about your activities on that site in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of an interest-based ad, you may opt-out by emailing Marketing at email@example.com. Please note this does not opt you out of being served ads. You will continue to receive generic ads.
Social Media Features and Widgets
Processor on Behalf (O’Neil Cloud)
Annex.com provides cloud-based web services, which includes the storage of data, in an online repository known as the O’Neil Cloud. These services are designed to help companies manage their off-site records stored at commercial record centers utilizing Annex.com software. Annex.com provides this cloud-based service though its’ customers comprising a large geographic coverage of more than 90 countries worldwide. We collect information under the direction of our clients, and we have no direct relationship with the data we process. If you are a customer of one of our clients and would no longer like to be contacted by one of our clients that use our service, please contact the client that you interact with directly. Annex.com does not own or control any of the information stored or processed by any customer, including by or on behalf of any customer’s client(s). Only our customers and their clients are entitled to process, store, access, and retrieve such information. Annex.com has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, who seeks to correct, amend, delete inaccurate data or withdraw consent to further contact should direct his/her query to the Annex.com client (the data controller). If the client requests Annex.com to remove the data, we will respond to their request within 30 days.
Annex.com will retain personal data we process on behalf of our clients for as long as needed to provide services to our client. Annex.com will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Through careful analysis of specific business requirements, Annex.com’s customers may recommend that their clients are better served by utilizing the O’Neil Cloud web services. Annex.com customers recommending this service to their clients must clearly explain that the client(s) information that originates in the EU will be stored on Amazon servers located in the U.S., Australia, and Ireland, and which is accessible over the Internet only by our customer or our customer’s client(s).
Annex.com does not own or otherwise disclose or make available to third parties the data that is stored through use of its O’Neil Cloud web service by our customers or our customer’s client(s), and such data is considered owned or controlled only by that customer’s client(s) or our customer, including if acting on behalf of the customer or the customer’s client. Annex.com does not actively process the data stored on its server under the O’Neil Cloud web service. Furthermore, under no circumstances may Annex.com independently cause our customer’s data or our customer’s client(s) data to be transferred to any third party, such action being limited to either our customer or our customer’s client(s). Also, Annex.com’s standard operating policy in this case is not to directly cause a transfer of any such data other than to return it to the applicable customer. In this capacity, Annex.com should be considered only as a processor on behalf as to any personal data that may be considered transferred from the EU to the U.S. subject to the requirements of the Framework and or GDPR. As such, either our customer or, more particularly, our customer’s client(s) is (are) the Data Controller as they or one of them have the actual control over the way any personal data is collected and used as well as the determination of the purposes and means of the processing of such data. Annex.com is not responsible for the content of the information stored on its server by our customers or our customer’s client(s) nor is Annex.com responsible for the way our customers or our customer’s client(s) treat such information.
Data Controller (O’Neil Cloud)
The EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Principles require that those who collect and determine the purposes and the means of the processing of personal data to fulfill very specific requirements related to compliance with the Framework. The specific functions of a Data Controller will depend on the specific laws of each EU member state. However, since Annex.com is not the collector or in control of any personal data, because it, neither alone nor jointly with others, will determine the purposes and means of collecting and the processing and uses of such data, it should not be considered as acting in the capacity of Data Controller with attendant responsibilities under the Privacy Shield Framework. Although Annex.com, without its actual knowledge, may be provided data or information subject to the Framework by customers by means other than use of the O’Neil Cloud web services in order to aid in the resolution of a technical issue, it should not be considered a data collector or Data Controller as to such data. Furthermore, Annex.com strongly recommends that our customers and our customer’s clients(s) do not include personal data in such transmittal to it, and it may reject and return such data to the sender if it becomes aware that such data is not in compliance with such requirement.
Web Services License Agreement (O’Neil Cloud)
Annex.com and our customers enter into a contract with regards to the O’Neil Cloud web service and this includes that each party understands its role in complying with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Principles. Any data considered processed or stored by Annex.com on behalf of our customer or any customer’s client(s) will not be further disclosed to third parties, except as directed or required by our customer or customer’s client(s), each acting only in compliance with the Framework.
The contract with our customer also will specify that our customer is responsible for implementing and maintaining reasonable security measures relating to our customer or customer’s client(s) access to the data stored within the O’Neil Cloud, including assignment and administration of all identification codes and passwords authorizing such access. Our customer or our customer’s client(s), as applicable, is responsible for all security measures relating to such identification codes and passwords. Annex.com has in place commercially reasonable measures to protect data on its network from loss, misuse, unauthorized access, disclosure and alteration and destruction.
As merely a processor on behalf of our customer or our customer’s client(s) (who is considered the EU Data Controller), Annex.com is not required to apply other EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield Principles to personal information subject to the Framework and considered received for processing (i.e., storage) from our customers or customer’s client(s).
Notice (O’Neil Cloud)
Annex.com requests that our customers comply with their respective obligations and our customers understand that Annex.com recommends that any data being managed under O’Neil Cloud is non-confidential, nor do we recommend the use of our web services for the management of Personal Information.
Data Integrity (O’Neil Cloud)
Annex.com is entirely dependent on our customer’s contractual compliance in connection with any authorization for access to such customer’s or customer’s client(s) data in the O’Neil Cloud as well as its nature and content. Annex.com has no requirement to access data located on its O’Neil Cloud other than as expressly permitted or directed by our customers and, in no case, will Annex.com be involved in the further processing or manipulation of such data. Annex.com takes reasonable steps to assure that any data that is considered transferred from the EU to the U.S. is maintained in a reliable, accurate and complete state, subject always to any deficiencies in the state in which it was received that may have been caused by others.
Security (O’Neil Cloud)
As noted above, the control of access to data stored on the O’Neil Cloud web services is under the direct and primary control of and subject to the security measures undertaken by the Annex.com customer base. Annex.com has made provisions that all data “at rest” and stored in the O’Neil Cloud system is encrypted to better assure the protection and confidentiality of such data. Annex.com has in place security procedures and commercially reasonable security measures to protect all information stored on the utilized servers from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Annex.com’s customers will be notified of any breach of the security measures implemented by Annex.com that Annex.com becomes aware of, and our customer is responsible for notifying our customer’s customer(s) of such breach. Any measures or actions required to be undertaken by our customers or customer’s client(s) in connection with such breach are solely the responsibility of our customers, as applicable. If Annex.com receives a request to download data stored in the O’Neil Cloud by our customer onto archival media, Annex.com will do so only upon receipt of a written request and directions (including by email) therefore from the requesting customer, as applicable, and such media will be sent via a reliable carrier or courier, as authorized by the customer. Upon its delivery to such carrier or courier, Annex.com shall have no further obligation thereafter for the security or safety of the data included on such media.
Federal Trade Commission (FTC)
Annex.com is subject to the jurisdiction, investigatory, and enforcement powers of the U.S. Federal Trade Commission. Individual may also contact the Federal Trade Commission regarding Annex.com at the following address:
Federal Trade Commission
600 Pennsylvania Avenue NW
Washington, D.C. 20580