Introduction

This privacy policy applies to www.oneilsoft.com owned and operated by O'Neil Software, Inc ("O'Neil"). We at O'Neil Software, Inc. and our affiliated companies worldwide ("O'Neil") are committed to respecting your online privacy and recognize your need for appropriate protection and management of any personally identifiable information ("Personal Information") you share with us on our Web site www.oneilsoft.com, and our oneilCloud® platform.

O'Neil has established this Online Privacy Policy so that you can understand the care with which we intend to treat your Personal Information. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.

Personal Information means any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address and an email address or other contact information, whether at work or at home. In general, you can visit O'Neil's Web pages without telling us who you are or revealing any Personal Information about yourself.

Privacy Shield Frameworks

O'Neil complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union member countries and Switzerland to the United States. O'Neil Software Inc. has certified to the Department of Commerce that it adheres to the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Principles. If there is any conflict between the terms of this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

In compliance with the Privacy Shield Principles, O'Neil Software Inc. commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Policy should first contact O'Neil Software Inc. at:

Mike Jacobs - VP of Marketing
O'Neil Software Inc.
11 Cushing, Suite 100
Irvine, CA 92618-4220
949.268.7285
mike.jacobs@oneilsoft.com

O'Neil Software Inc. has further committed to refer unresolved Privacy Shield complaints to the International Centre for Dispute Resolution of the American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit www.adr.org for more information or to file a complaint. The services of the American Arbitration Association are provided at no cost to you.

Individuals with unresolved claims regarding the O'Neil Privacy Policy, may, in some cases, invoke binding arbitration as a dispute resolution means.

EU General Data Protection Regulation (GDPR)

O'Neil also complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 which is a regulation in the European Union (EU) on data protection and privacy for all individuals within the EU. It safeguards the export of personal data and is designed to give EU citizens control over their personal data being held outside the EU.

Choice

O'Neil generally only collects Personal Information on the web for current O'Neil clients, or, those who have an interest in our products and services. We use personal information to establish an account or to contact you in regards to your interest of our products.

You may choose whether or not to provide Personal information to O'Neil. This privacy policy on how O'Neil collects and uses Personal Information should help you make this choice. If you choose not to provide the Personal Information we request, you can still visit the O'Neil Web site, but you may be unable to access certain options, offers, and services that involve our interaction with you.

If you choose to have a relationship with O'Neil, such as a contractual or other business relationship or partnership, we will naturally continue to contact you in connection with that business relationship.

Third Party Disclosure

Third parties provide certain services available on the O'Neil web site on O'Neil's behalf. O'Neil may provide information, including Personal Information that O'Neil collects on the Web to third-party service providers to help us deliver programs, products, information, surveys or other services. Service providers are also an important means by which O'Neil maintains our Web site and mailing lists. O'Neil will take reasonable steps to ensure that these third-party service providers are obligated to protect Personal Information on O'Neil's behalf and will use this shared personal information only as necessary to provide these services to us. In the case of onward transfer to Third Parties, O'Neil may be liable if the data is misused unless we can prove we were not responsible for the event leading to the damage.

In the specific case of our forms supported by Formstack (formstack.com), any data entered into these forms is encrypted. Formstack's policy is to not distribute or sell any data, to 3rd party companies.

Access Rights

To the extent that you do provide us with Personal Information, O'Neil wishes provide you access to your Personal Information. Where we collect Personal Information from you, our goal is to provide a means of contacting O'Neil should you need to update, delete or correct that information. If for any reason those means are unavailable or inaccessible, you may send updates, deletions and corrections about your Personal Information to marketing@oneilsoft.com and we will make reasonable efforts to incorporate the changes in your Personal Information that we hold as soon as practical. We will respond to your request to access within 30 days.

We will retain your information for as long as your account is active or as needed to provide you services.  We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. Out of respect for your privacy, you may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, accessing the email preferences in your account settings page or you can contact us at marketing@oneilsoft.com.

Lawful Requests for Information Disclosure

O'Neil does not intend to transfer Personal Information without your consent to third parties who are not bound to act on O'Neil's behalf unless such transfer is legally required. We will share your personal information with third parties only in the ways that are described in this privacy policy. We do not sell your personal information to third parties.

We may also disclose your personal information as required by law, such as to comply with a subpoena, or similar legal process and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Security

We seek to maintain reasonable security measures in order to attempt to protect against the loss or misuse of personally identifying information under our control. When you login into our platform, we encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted standards to protect information submitted to us, both during transmission and once we receive it. Unfortunately, there is no such thing as perfect security. As a result, although we strive to protect personally identifying information, we cannot ensure or warrant the security of any information transmitted to us through or in connection with our website, the oneilCloud platform, or that we store on our systems or that is stored on our service providers' systems.

Wherever your Personal Information may be held within O'Neil or on its behalf, we intend to take reasonable and appropriate steps to protect the Personal Information that you share with us from unauthorized access or disclosure. If you have any questions about security on our Web site, you can contact us at marketing@oneilsoft.com.

Tracking Technologies/Cookies

Technologies such as: cookies, beacons, tags and scripts are used by O'Neil and our partners (e.g. marketing partners), affiliates, or analytics or service providers (e.g. Google Analytics etc]. These technologies are used in analyzing trends, administering the site, tracking users' movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

We use cookies to remember users' settings and for authentication. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.

As is true of most web sites, we gather certain information automatically and store it in log files.  This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We do not link this automatically collected data to other information we collect about you. Any information via tracking technologies is used to improve the services we offer you, to improve marketing, analytics, or site functionality.

We partner with a third party to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on that site in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of an interest-based ad, you may opt-out by emailing Marketing at marketing@oneilsoft.com. Please note this does not opt you out of being served ads. You will continue to receive generic ads.

Social Media Features and Widgets

Our Web site includes social media features, such as the Facebook Like button and widgets, such as the ShareThis button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our web site. Your interactions with these features are governed by the privacy policy of the company providing it.

Consent

By using any of the O'Neil web site, you consent to the terms of our Online Privacy Policy and to O'Neil's processing of Personal Information for the purposes given as well as those explained where O'Neil collects Personal Information on the Web. Should the Online Privacy Policy change, we intend to take every reasonable step to ensure that these changes are brought to your attention by posting all changes prominently on our web site for a reasonable period of time. If we make any material changes we will notify you by email or by means of a notice on this site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Processor on Behalf (oneilCloud)

O'Neil provides cloud based web services, which includes the storage of data, in an online repository known as the oneilCloud. These services are designed to help companies manage their off-site records stored at commercial record centers utilizing O'Neil software. O'Neil provides this cloud based service though its' customers comprising a large geographic coverage of more than 90 countries worldwide. We collect information under the direction of our clients, and we have no direct relationship with the data we process. If you are a customer of one of our Clients and would no longer like to be contacted by one of our clients that use our service, please contact the client that you interact with directly. O'Neil does not own or control any of the information stored or processed by any customer, including by or on behalf of any customer's client(s). Only our customers and their clients are entitled to process, store, access, and retrieve such information. O'Neil has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, who seeks to correct, amend, delete inaccurate data or withdraw consent to further contact should direct his/her query to the O'Neil Client (the data controller). If the Client requests O'Neil to remove the data, we will respond to their request within 30 days.

O'Neil will retain personal data we process on behalf of our Clients for as long as needed to provide services to our Client. O'Neil will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Through careful analysis of specific business requirements, O'Neil's customers may recommend that their clients are better served by utilizing the oneilCloud web services. O'Neil customers recommending this service to their clients must clearly explain that the client(s) information that originates in the EU will be stored on Amazon servers located in the U.S., Australia, and Ireland, and which is accessible over the Internet only by our customer or our customer's client(s).

O'Neil does not own or otherwise disclose or make available to third parties the data that is stored through use of its oneilCloud web service by our customers or our customer's client(s), and such data is considered owned or controlled only by that customer's client(s) or our customer, including if acting on behalf of the customer or the customer's client. O'Neil does not actively process the data stored on its server under the oneilCloud web service. Furthermore, under no circumstances may O'Neil independently cause our customer's data or our customer's client(s) data to be transferred to any third party, such action being limited to either our customer or our customer's client(s). Also, O'Neil's standard operating policy in this case is not to directly cause a transfer of any such data other than to return it to the applicable customer. In this capacity, O'Neil should be considered only as a processor on behalf as to any personal data that may be considered transferred from the EU to the U.S. subject to the requirements of the Framework and or GDPR. As such, either our customer or, more particularly, our customer's client(s) is (are) the Data Controller as they or one of them have the actual control over the way any personal data is collected and used as well as the determination of the purposes and means of the processing of such data. O'Neil is not responsible for the content of the information stored on its server by our customers or our customer's client(s) nor is O'Neil responsible for the way our customers or our customer's client(s) treat such information.

Data Controller (oneilCloud)

The EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Principles require that those who collect and determine the purposes and the means of the processing of personal data to fulfill very specific requirements related to compliance with the Framework. The specific functions of a Data Controller will depend on the specific laws of each EU member state. However, since O'Neil is not the collector or in control of any personal data, because it, neither alone nor jointly with others, will determine the purposes and means of collecting and the processing and uses of such data, it should not be considered as acting in the capacity of Data Controller with attendant responsibilities under the Privacy Shield Framework. Although O'Neil, without its actual knowledge, may be provided data or information subject to the Framework by customers by means other than use of the oneilCloud web services in order to aid in the resolution of a technical issue, it should not be considered a data collector or Data Controller as to such data. Furthermore, O'Neil strongly recommends that our customers and our customer's clients(s) do not include personal data in such transmittal to it, and it may reject and return such data to the sender if it becomes aware that such data is not in compliance with such requirement.

Web Services License Agreement (oneilCloud)

O'Neil and our customers enter into a contract with regards to the oneilCloud web service and this includes that each party understands its role in complying with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Principles. Any data considered processed or stored by O'Neil on behalf of our customer or any customer's client(s) will not be further disclosed to third parties, except as directed or required by our customer or customer's client(s), each acting only in compliance with the Framework.

The contract with our customer also will specify that our customer is responsible for implementing and maintaining reasonable security measures relating to our customer or customer's client(s) access to the data stored within the O'Neil oneilCloud, including assignment and administration of all identification codes and passwords authorizing such access. Our customer or our customer's client(s), as applicable, is responsible for all security measures relating to such identification codes and passwords. O'Neil has in place commercially reasonable measures to protect data on its network from loss, misuse, unauthorized access, disclosure and alteration and destruction.

As merely a processor on behalf of our customer or our customer's client(s) (who is considered the EU Data Controller), O'Neil is not required to apply other EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield Principles to personal information subject to the Framework and considered received for processing (i.e., storage) from our customers or customer's client(s).

Notice (oneilCloud)

O'Neil requests that our customers comply with their respective obligations and our customers understand that O'Neil recommends that any data being managed under oneilCloud is non-confidential, nor do we recommend the use of our web services for the management of Personal Information.

Data Integrity (oneilCloud)

O'Neil is entirely dependent on our customer's contractual compliance in connection with any authorization for access to such customer's or customer's client(s) data in the oneilCloud as well as its nature and content. O'Neil has no requirement to access data located on its oneilCloud other than as expressly permitted or directed by our customers and, in no case, will O'Neil be involved in the further processing or manipulation of such data. O'Neil takes reasonable steps to assure that any data that is considered transferred from the EU to the U.S. is maintained in a reliable, accurate and complete state, subject always to any deficiencies in the state in which it was received that may have been caused by others.

Security (oneilCloud)

As noted above, the control of access to data stored on the oneilCloud web services is under the direct and primary control of and subject to the security measures undertaken by the O'Neil customer base. O'Neil has made provisions that all data "at rest" and stored in the oneilCloud system is encrypted to better assure the protection and confidentiality of such data. O'Neil has in place security procedures and commercially reasonable security measures to protect all information stored on the utilized servers from loss, misuse, unauthorized access, disclosure, alteration and destruction.

O'Neil's customers will be notified of any breach of the security measures implemented by O'Neil that O'Neil becomes aware of, and our customer is responsible for notifying our customer's customer(s) of such breach. Any measures or actions required to be undertaken by our customers or customer's client(s) in connection with such breach are solely the responsibility of our customers, as applicable. If O'Neil receives a request to download data stored in the oneilCloud by our customer onto archival media, O'Neil will do so only upon receipt of a written request and directions (including by email) therefore from the requesting customer, as applicable, and such media will be sent via a reliable carrier or courier, as authorized by the customer. Upon its delivery to such carrier or courier, O'Neil shall have no further obligation thereafter for the security or safety of the data included on such media.

Federal Trade Commission (FTC)

O'Neil is subject to the jurisdiction, investigatory, and enforcement powers of the U.S. Federal Trade Commission. Individual may also contact the Federal Trade Commission regarding O'Neil Software Inc. at the following address:

Federal Trade Commission
600 Pennsylvania Avenue NW
Washington, D.C. 20580
www.ftc.gov

Commitment

We are committed to privacy and as such, protecting your privacy online is an evolving area; O'Neil's Web sites are constantly evolving to meet these demands. If you have any comments or questions regarding our Online Privacy Policy, please contact us at marketing@oneilsoft.com. While we cannot guarantee privacy perfection, we will address any issue to the best of our abilities as soon as possible.

O'Neil may update this Privacy Policy from time to time to reflect changes in its oneilCloud web services and customer feedback. O'Neil encourages you to periodically review this Privacy Policy to be informed of how it is protecting information stored in connection with its oneilCloud web services. This Privacy Policy was last updated on August 9, 2018.

V.6.3 – August 28, 2018

User Access