ElephantDrive & Privacy
As a company, we place a high value on privacy and transparency. So, let’s start by making a couple of things clear about how we protect our users’ data:
We collect and process a limited amount of Personal Identifiable Information (PII), and we only collect and process PII that is necessary to provide the services our users sign up for:
We do not sell any of this information! We do not share any of this information!
Our GDPR Compliance Process
We started by becoming an active participant of the Privacy Shield Framework. The Privacy Shield Framework guarantees that data transferred from the EU to the USA benefits from the same level of protection.
We have conducted a thorough internal audit reviewing our practices and our compliance.
The personal data we collect
ElephantDrive only collects “general” PII that is strictly necessary to provide our services to our end-users:
We only host, store, or interact with this PII on secure systems provided by partners that also comply with our standards, including GDPR.
Examples of such providers are our payment processing solution, our customer support ticketing solution, our email delivery solution, and our infrastructure solutions. They share our privacy concerns, comply with GDPR, and we have subscribed to their updated policies put in place to guarantee GDPR compliance.
All other data stored by users in their accounts is encrypted during transit and at rest, and is absolutely private
How we process data
Our service and solution providing partners share our privacy concerns and comply with GDPR. We have subscribed to their updated policies put in place to guarantee GDPR compliance:
How long we keep data
We only store PII as long as strictly necessary, ie as long as you are an active user of our services. Upon cancellation, the (encrypted) user’s data is queued for deletion and purged from our servers within a couple of weeks. We only keep the user’s email address as a cancelled user. Payment information is deactivated as is emailing. No additional processing of personal information is done after cancellation.
How and where we store data
Most of our data is stored and processed in the USA. This is why we enrolled in the Privacy Shield Framework for our EU users to guarantee equivalent levels of data protection. As said before, all our partners who help us store and process data are equally compliant with GDPR requirements.
How to request copy/modification/deletion of personal data
As an ElephantDrive user, you have
the right to:
At all times, users can access their account and review their recorded PII (Name, email, payment information)
At all times, users can access their account and modify their recorded PII (Name, email, payment information)
At all times, users can cancel their accounts. Their data will be queued for deletion within the next couple of days.
Upon request at email@example.com, we can provide copies of the PII stored. We reserve the right to charge an administrative fee in cases of repetitive requests, manifestly unfounded or excessive requests or further copies.
ElephantDrive’s Data Protection Officer
Despite the fact that we only collect and process very limited PII, we have decided to appoint a Data Protection Officer (“DPO”) (mainly on the basis of our number of users and to guarantee maximum confidence for our users).
The office of our DPO can be reached at firstname.lastname@example.org.