Data Privacy Framework Policy

DPF Policy | DriveHQ GDPR FAQ | Resources for Businesses | DriveHQ Security Documents

Last updated Aug 23, 2024

Drive Headquarters Inc. ("DriveHQ", “we”, “our” and “us”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. DriveHQ has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. DriveHQ has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Definitions

Data Subject: The EU, UK and/or Swiss individual who uses DriveHQ or CameraFTP's cloud service and is covered by this Policy.
Personal Data: Information relating to an individual in the EU / UK / Switzerland that can be used to identify that individual directly or in combination with other readily available data.
DriveHQ Services: DriveHQ offers Cloud IT service and Cloud Recording service from our websites (www.DriveHQ.com and www.cameraftp.com, etc.); Any DriveHQ or CameraFTP software, products, cloud-based services or applications are collectively called the "DriveHQ Services").

Scope and Responsibility

This Policy applies to Personal Data transferred from EU member countries, UK and Switzerland to DriveHQ in the United States in compliance with the Data Privacy Framework and does not apply to Personal Data transferred under Special Contractual Clauses. Some Personal Data may be subject to other privacy-related requirements and policies. For example: Personal Data received from a client is also subject to any special agreement with, or notice to, the client, as well as additional applicable laws and professional standards.

Information Collected

(a) Information You Provide To Us. We collect information you provide directly to us. For example, we collect information when you register with DriveHQ for an account, create or modify your profile and online account, access and use the DriveHQ Services (including but not limited to when you upload, download, collaborate on or share files or other information), participate in any interactive features of the DriveHQ Services, participate in a survey, contest, promotion, sweepstakes, activity or event, make a purchase, apply for a job, request customer support, communicate with us via third-party social media sites or otherwise communicate with us.

The types of information we collect directly from you may include:

  • Your name
  • Username
  • Email address
  • Home or business address (optional)
  • Your picture (optional)
  • Phone numbers (optional)
  • Employer's name (optional)
  • Job title (optional)
  • (For paid members only) DriveHQ orders and transaction info (including services purchased or subscribed to, payment method and billing address, etc.)
  • Files, folders or other content you upload or provide to DriveHQ cloud system as part of using our service
  • Other information that you may choose to provide (optional)

(b) Information We Collect Automatically When You Use the DriveHQ Services. When you access or use the DriveHQ Services, we may automatically collect information about you, including:

  • Usage Information: We monitor user activity in connection with the DriveHQ Services and may collect information about the applications and features you use, the web pages you visit, the sizes and names of the files or folders you upload, download, share or access while using the DriveHQ Services, the Content you access and any actions taken in connection with the access and use of your Content in the DriveHQ Services.
  • Log Information: We may log information about you when you access and use the DriveHQ Services including your Internet Protocol ("IP") address, access times, browser type and language, Internet Service Provider ("ISP"), the Web pages that you visit, the Content you use and the URL of the Web page you visited before navigating to the DriveHQ Services.
  • Device Information: If you access the DriveHQ Services from a mobile device, we collect information about the device, including the hardware model, operating system and version, unique device identifiers, mobile network information (as allowed by the mobile network) or platform information (as allowed by the specific platform type).
  • Information Collected by Cookies and Other Tracking Technologies: We use various technologies to collect information, which may include saving cookies to your computer or mobile device. Cookies are small data files stored on your hard drive or in device memory that help us to improve the DriveHQ Services and your experience, customize your experience and preferences, allow you to access and use the DriveHQ Services without re-entering your user ID and/or password, understand which areas and features of the DriveHQ Services are most popular and count visits. We may also collect information using web beacons (also known as "tracking pixels"). Web beacons are digital images that may be used in the DriveHQ Services or in emails that help us to deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon. For more information about cookies and how to disable them, please see "Your Choices" below.
  • Third party cookies: the use of cookies by third parties you may sign-in from into the DriveHQ Services and/or third party applications, is not covered by our privacy policy. We do not have access or control over such cookies.
  • Third Party clear gifs: Our third party partners may employ clear gifs (a.k.a. Web Beacons/Web Bugs), images, and scripts that help them better manage content on our site. We do not tie the information gathered to our Customers’ or Users’ personal information.
  • Google AdSense: We may use Google AdSense to publish ads on this site. When you view or click on an ad a cookie will be set to help better provide advertisements that may be of interest to you on this and other Web sites. You may opt-out of the use of this cookie by visiting Google’s Advertising and Privacy page: https://policies.google.com/technologies/ads
  • Advertising Cookies: We may partner with third parties to manage our advertising on other sites. Our third parties may use technologies such as cookies to gather information about your activities on this site and other sites you visit in order to provide you advertising based upon your browsing activities and interests.

You may opt out of third party tracking by cookies. Usually you can log on to their website and set a security option, e.g.: Google AdSense: https://www.google.com/policies/technologies/ads/

(c) Information We Collect From Other Sources: We may also obtain information from third parties and combine that with information we collect through the DriveHQ Services. For example, we may have access to certain information from a third-party social media service if you create or log into your online account through the service or otherwise provide us with access to information from the service. Any access that we may have to such information from a third-party social media service is in accordance with the authorization procedures determined by the social media service.

Use of the Information; Why We Collect the Information

We may use the information we collect about you for a variety of purposes, including to:

  • - Enable you to access and use the DriveHQ Services securely, including uploading, downloading, collaborating on and sharing Content;
  • - Provide and deliver the services and features you request, process and complete transactions, and send you related information, including purchase confirmations and invoices;
  • - Respond to your comments, questions, and requests and provide customer service and support;
  • - Communicate with you about services, features, surveys, newsletters, offers, promotions, contests and events, and provide other news or information about DriveHQ and our select partners;
  • - Send you technical notices, updates, security alerts, support and administrative messages;
  • - Monitor and analyze trends, usage, and activities in connection with the DriveHQ Services and for marketing or advertising purposes;
  • - Investigate and prevent fraudulent transactions, unauthorized access to the DriveHQ Services, and other illegal activities;
  • - Personalize and improve the DriveHQ Services, and provide content, features, and/or advertisements that match your interests and preferences or otherwise customize your experience on the DriveHQ Services;
  • - Link or combine with other information we receive from third parties to help understand your needs and provide you with better service;

Data Privacy Framework Principles

DriveHQ commits to subject to the DPF Principles all Personal Data received by DriveHQ from EU member countries, UK and Switzerland in compliance with the DPF framework.

1. Notice

DriveHQ notifies Data Subjects about its data practices regarding Personal Data received by DriveHQ from EU member countries, UK and Switzerland in compliance with the respective Data Privacy Framework, including the types of Personal Data it collects about them, the purposes for which it collects and uses such Personal Data, the third parties to which it discloses such Personal Data and the purposes of such disclosure, the rights of Data Subjects to access their Personal Data, the choices and means that DriveHQ offers for limiting its use and disclosure of such Personal Data, the way that DriveHQ’s obligations under the DPF is enforced, and DriveHQ's contact info with regard to any such inquiries or complaints.

2. Choice

If Personal Data covered by this Policy is to be used for a materially different purpose from what the Personal Data was originally collected for or subsequently authorized, or is to be disclosed to a third party, DriveHQ will provide Data Subjects with an opportunity to choose whether to have their Personal Data so used or disclosed. Requests to opt out of such uses or disclosures of Personal Data should be sent to: privacy@drivehq.com

If Sensitive Personal Data covered by this Policy is to be used for a different purpose from what the Personal Data was originally collected for or subsequently authorized, or is to be disclosed to a third party, DriveHQ will obtain the Data Subject’s explicit consent prior to such use or disclosure.

3. Accountability for Onward Data Transfer (Sharing with Third Parties)

DriveHQ may share certain limited amount of Personal Data with a few 3rd party organizations, including:
- Our payment processors (e.g. PayPal and Bank of America);
- Our resellers;
- Our CPA firm(s);
- Our consulting service providers.

In the context of an onward transfer, DriveHQ has responsibility for the processing of Personal Data it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf. DriveHQ remains liable under the Principles if its agent processes such Personal Data in a manner inconsistent with the Principles, unless DriveHQ can prove that it is not responsible for the event giving rise to the damage.

In case DriveHQ transfers Personal Data covered by this Policy to a third party, we will do so consistent with any notice provided to Data Subjects and any consent they have given, and only if the third party has provided contractual assurances that it will:
(a) process the Personal Data for the specified purposes consistent with any consent provided by the Data Subjects;
(b) provide at least the level of protection as is required by the DPF Principles;
(c) notify DriveHQ if it cannot do so and stop processing of the Personal Data or take other reasonable and appropriate steps to remediate. If DriveHQ finds that a third party is processing Personal Data covered by this Policy in a way that is contrary to the DPF Principles, DriveHQ will take reasonable steps to prevent or stop such processing.

With respect to DriveHQ resellers, we will transfer only the Personal Data covered by this Policy needed for them to deliver the DriveHQ cloud service. A reseller's customer may implicitly or explicitly authorize the reseller to access or manage his/her Personal Data. DriveHQ will offer the same level of security and privacy protection to customers of a reseller. DriveHQ is liable if a data breach happened to a reseller's customer due to DriveHQ's service problem. DriveHQ is not liable if a data breach is caused by a reseller or a customer, except DriveHQ shall help solve the problem. If a reseller's customer does not want the reseller to be able to access his/her Personal Data, the customer should contact the reseller directly or contact DriveHQ at privacy@DriveHQ.com.

We may be required to disclose an individual's personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

4. Security

DriveHQ takes reasonable and appropriate measures to protect Personal Data covered by this Policy from loss, misuse, and unauthorized access, disclosure, alteration and destruction.

5. Data Integrity and Purpose Limitation

DriveHQ limits the collection of Personal Data covered by this Policy to information that is relevant for the purposes of offering DriveHQ's cloud service. DriveHQ does not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the Data Subject.

DriveHQ takes reasonable steps to ensure that such Personal Data is reliable and secure for its intended use. DriveHQ takes reasonable and appropriate measures to comply with the requirement under the DPF to retain Personal Data in identifiable form only for as long as it serves a purpose of offering DriveHQ's cloud service and directly related business purposes, unless a longer retention period is permitted by law.

6. Access

Data Subjects whose Personal Data is covered by this Policy have the right to access such Personal Data and to update or delete such Personal Data. DriveHQ offers multiple tools for accessing Personal Data by Data Subjects. If Data Subjects have any problem accessing their Personal Data, they can contact DriveHQ technical support via email or phone. Please refer to the end of this policy for all contact information.

7. Recourse, Enforcement and Liability

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, DriveHQ commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact DriveHQ at: privacy@DriveHQ.com, or call us at (800)836-0199. You can also contact DriveHQ customer support at support@drivehq.com, or post a message on DriveHQ's support forum: https://www.drivehq.com/Bbs/BbsIndex.aspx/bbsID110.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, DriveHQ commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584-2  

DriveHQ has committed to review and verify its compliance with the DPF Principles periodically; DriveHQ agrees to remedy any issues non-compliant with the DPF Principles. DriveHQ acknowledges that failure to provide an annual self-certification to the U.S. Department of Commerce will result it being removed from the Department’s list of DPF participants. DriveHQ acknowledges that it is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Changes to this Policy

This Policy may be updated from time to time based on the requirements of the DPF Principles. DriveHQ will send appropriate notice regarding such amendments.

Contact Us

You can contact us via email at: privacy@DriveHQ.com, or phone: (925)396-5819, (800)836-0199.
Main Office Address: 6101 Bollinger Canyon Road, Ste 327, San Ramon, CA 94583, USA.