Privacy Hosted

We are committed to your privacy. We take great care to protect the privacy of your information when we host your data on our servers.

This Privacy Statement is intended for users of our hosted service. A separate Privacy Policy for Website Visitors addresses the privacy needs of visitors to our website. There is also an Agiloft Contracts Assistant Privacy Statement for users of our hosted service and Agiloft Contract Assistants for Microsoft ® Word and Outlook.

The Hosting Privacy Policy Statement applies to our customers who choose our cloud hosted service. In this document, the term “Customer Information” means information about your end users stored on our servers. The term “Customer” refers to the company (you) that contracts with us for hosted service. This privacy statement should be read in conjunction with the Hosted Service Level Agreement, which contains further provisions relating to Customer Information.

Customers are hosted on secure facilities. For more information about your Hosted Service options, refer to our Hosted Service Datasheet.

We will not use customer information for the purposes of marketing to, or otherwise communicating directly with your end users, or provide customer information to any third party, unless we are required to do so to comply with the law. In short, we will never access customer information at all, unless specifically requested to do so by the customer who owns that information to assist in troubleshooting some problem with the hosted service.


Cookies

A cookie is a small text file containing a unique identification number that is transferred from a web server to the end user’s browser, enabling the serving party to track the website activities of the end user. We do not issue any cookies which enable third parties to track the activities of your end users.


Security

All hosted server environments meet the following physical security requirements:

  • Single point of entry to hosting areas
  • Primary monitored access with additional access for emergency purposes only
  • Surveillance cameras in use
  • Biometric identity check for access validation
  • Access only to people on the Agiloft approved access list

All hosted environments also meet the following electronic security conditions – login validation; secure SSH (encrypted) connections to access servers; servers running behind secure firewall.

All information transmitted to or from Agiloft over the internet is encrypted using SSL.

All hosted data is backed up at least once every 4 hours. These backups are stored separately in two secure locations to assist with preserving data and auditing changes.

All customer data is encrypted at rest.

Agiloft imposes strict internal controls over those of its employees with access to Customer Information. Such access is granted only on a need-to-know basis.


Correction/Updating of Customer Information

Our software is configured to enable you to give your end users the means to access their own personal information for the purposes of deleting it, and/or correcting it.


EU-U.S. Privacy Shield Framework Certification

Agiloft, Inc. complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Please see Agiloft, Inc.’s Notice of Certification Under the EU-U.S. Privacy Shield Framework.


GDPR Compliance

The GDPR codifies the data privacy rights of not just EU citizens but also of anyone whose personal data is collected or processed in the EU. It puts new obligations on anyone who handles EU-based personal data. As a platform that customers may use to store and manage EU-based data, Agiloft meets the data protection standards defined by the GDPR for data processors. Agiloft is committed to clearly defining our responsibilities to our customers under GDPR as well as providing guidance to define customers’ responsibilities to end users while using our platform. For more information, see our GDPR: What You Need to Know whitepaper.


Representation for Data Subjects in the EU

We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact.
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: https://prighter.com/q/19881203804


CCPA Compliance

The California Consumer Privacy Act codifies the data privacy rights of California residents. Agiloft complies with the CCPA and does not ‘sell’ (as defined by the CCPA) any Customer Information.


HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) protects the privacy and security of health information that is held or transferred in electronic form. At Agiloft, we support the requirements and chain of accountability required by HIPAA.


Changes to Privacy Policy

Agiloft will update this policy from time to time. A “last revised” date will always be included on the bottom of the statement. To keep up-to-date with Agiloft’s policy, please check this page periodically.


Contacting Us

If you have any questions about this Statement, or our practices as they affect the privacy of hosted data, please [email protected].

Last revised: 06/28/2021