Koofr Privacy policy
Your privacy is our mission
1. Introduction
This privacy policy governs your use of the software application Koofr (“Service”) for various devices that was created by Koofr d.o.o. By using this Service users can store, access, edit and share their files in a secure and efficient way. Koofr is a hybrid storage platform, which enables users to aggregate different storage types into single interface, thus enabling easy and secure access to users’ data.
By downloading and/or accessing this Service you agree to these terms. If you wish to stop the collection of Data specified in this Privacy Policy, you can do so by deleting your account as specified in this Privacy Policy.
2. Personal data
Personal data is any information that relates to an identifiable natural person. Examples of personal data are a name and a surname, a home address, an email address such as name.surname@company.com, location data, an Internet Protocol (IP) address, a cookie ID etc. Personal data is any data that can personally reference you. The words "you" and "your" in this privacy policy may refer to the following types of users:
Visitor: Any individual visiting our websites who has not registered an account.
Member: An individual who has registered an account on our Service.
User: A collective identifier that refers to either a Visitor or a Member.
This Privacy Policy describes which personal data we collect at different levels of your engagement with us. This Privacy Policy also describes where your personal data is stored and the security measures we use to protect it.
3. Controller and Processors
The Koofr products and services are developed by Koofr d.o.o., which is a software engineering company headquartered in the European Union. The legal person who solely determines the purposes and means of the processing of personal data when using the Koofr products and services ("Controller") is:
Koofr d.o.o.
Stegne 23A
SI-1000 Ljubljana
Slovenia, European Union
support@koofr.net
The processor of personal data may be:
a) the controller,
b) third parties: external contractual service providers that we use in connection with specific functions of our business
process, e.g. accounting, billing.
4. Consent and Limits to Use
By giving us your consent and providing your personal data to Koofr you indicate that we may collect, process, store or use the provided personal information for the legitimate purpose of enabling you to access our products and services and for related business activities, which may include contacting you, processing your requests and orders, answering your sales or technical support inquiries. Your personal data will not be used for any other purpose. You may withdraw your consent at any time.
5. Children
It is our belief that children have no requirements for our software and we do not verify age or obtain parental or guardian consent for any data processing activity and we will not knowingly store any data regarding a child under the age of 16. The software has no age sensitive material nor should pose any risk to children.
6. Data Protection
All your data are encrypted in transit and at rest and redundantly stored on our servers. Decryption keys and metadata are kept separately from the content. The servers are solely managed by our operations team with strict physical and logical access controls in place to safeguard your privacy and the integrity of your data.
We use the latest technologies and administrative procedures to safeguard your personal data. Koofr servers are hosted by professional, industry-proven, ISO 27001-certified data centers in the European Union with modern facilities and equipment such as redundant or backup power supplies, redundant data communication connections, environmental controls (e.g. air conditioning, fire suppression) and security devices.
7. Integrated Third Party Website Services
In order to provide the services and improve our application, we may engage the services of third-party vendors such as Headway. In the process of supplying such website services through our official website, these third-party vendors may collect your IP address provided by your web browser.
8. Data collected from Visitors
When you visit our website or a link someone sent you through our application, we receive a limited scope of personal data transmitted to us by your browser. This enables you to access our website.
The data transmitted by your browser include your personal data such as your IP address and meta data such as timestamp, technology used (operating system, browser, network etc.), referrals (website from which the request comes), language and the country of origin. Some of these data may be stored by our servers in server logs.
Logs are regularly automatically deleted.
If any of these data should be used to improve our service, it will be anonymized.
Our website has no cookies for users that do not login. Because we are awesome that way.
9. Data collected from Members
If you decide to sign up for a free Koofr account, we will ask you to provide the following personal information:
Full name
Email address
You are only required to provide your real email address during the registration process.
The email address is used only as a unique username for our service. We may send service related notifications such as account expiration, invoice, and changes to privacy policy. We will never send promotional or marketing emails or newsletters.
If you purchase one of our paid plans, we are legally obliged to collect additional information from you such as:
Address
City
Country
Company name and VAT ID (in case of a EU company)
You will also need to provide billing info (credit card or Paypal) to our third party payment processor (Braintree payments - part of Paypal, Inc. group). No billing info is processed or stored by us.
To be able to keep you logged into our service, we will also put a small cookie in your browser, which serves only as a session cookie (keeping you authenticated for a certain period of time). No tracking cookies are used by our service.
10. Automatically collected data from Members
In order to provide you with our service and offer support, we may collect additional information when you use the application. Specifically, we log events such as password change, file upload, file deletion, link creation and similar.
You can always view all the logged events inside the web application under the Menu -> Activity option.
This data is kept for a period of three months and automatically deleted from our servers afterwards.
All the personal data collected from you is always visible and accessible to you through the Application.
11. Sharing with friends
Our service allows you to share files and folders with your friends, coworkers and family. By using this feature, you provide the email addresses of the people you want to share content with. These emails are used to send an invitation and subsequently provide access to the shared content. Since the invitee has not given consent to us to use his email, this information is only used inside your account. Only add people you know.
If the invitee does not respond to the invite request, his email is eventually removed from our database and he will no longer be visible as a person you shared your content with. If the person responds to the share invite, he is converted to a Member as per the usual signup procedure.
12. Third-party cloud connections
As part of our service, users can connect their existing third-party cloud storage accounts (e.g. Dropbox, Google Drive, Onedrive) to their Koofr account.
For connected accounts, Koofr collects and stores metadata information about files, but not the actual files (files residing on those accounts are not stored on Koofr). The metadata is only kept while the third-party account is connected.
Use of third-party services is at users own discretion and not endorsed in any way by Koofr. Please consult the third-party service for their Privacy policy terms and GDPR compliance.
13. Deleting your account and data
You can always request a deletion of your account through our support email. Such deletion also means the deletion of all the data associated with your account except the data that we legally need to store (ie invoices). Any data that may technically not be deleted (like entries in our server logs) is disassociated from you by the act of account deletion since nothing connects it to any specific person any more.
Account deletion is processed not later than 30 days after your official request and is unrecoverable - your data is completely removed from our servers in a non recoverable fashion. Undelete is not possible. If you later create a new account with the same email, it will have no association with any previous information we may have collected in the past, since the data was removed.
Personal data is always kept only for the duration legally necessary or while needed for providing the service to you. After such periods expire and the data is no longer needed, it is securely and irreversibly destroyed.
14. Data Transfer to Third Parties
We limit sharing of your personal information with third parties to the bare essentials. We may share some of your personal data such as your name and address with our Accounting, and our Payment processor and/or Bank as needed due to legal reasons. We strive to be as transparent as possible regarding the transmission of your personal data. You will be asked for consent before your personal data is shared with any third party processors not mentioned here.
15. Additional provisions
Place
The Data is processed at the Data Controller headquarters, unless stated otherwise in the rest of this document.
Legal
Action The User’s Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this Application or the related services.
System Logs and Maintenance
For operation and maintenance purposes, this Application and any third party services may collect files that record interaction with this Application (System Logs) or use for this purpose other Personal Data (such as IP Address). Logs are automatically deleted after 3 (three) months.
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time at its contact information.
The rights of Users
Users have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to the Data Controller at the contact information set out above.
16. Changes to this privacy policy
The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to the Policy, the User must cease using this Application and can request the Data Controller to erase the Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data the Data Controller has about Users.
17. Definitions and legal references
Data Subject
The legal or natural person to whom the Personal Data refers to.
Data Processor
The natural person, legal person, public administration or any other body, association or organization authorized by the Data Controller to process the Personal Data in compliance with this privacy policy.
Cookie
Small piece of data stored in the User’s device.
18. Legal information
This privacy statement has been prepared in accordance with the General Data Protection Regulation (EU) 2016/679, which is a European regulation on data protection and privacy (GDPR).
This privacy policy covers all applications and websites offered by Koofr d.o.o. under the Koofr brand.
This privacy policy is valid from 16. 5. 2018.