Privacy Policy

1. What is covered with this document?

Folderit (“we”, “us” or “our”) respects the privacy rights of its users and understands the importance of protecting and handling information collected about you in accordance with both the law and best practice.

Privacy Notice has been composed for providing you with the information that you are entitled to (in case you are a private person, i.e. a data subject) according to Article 13 and Article 14 of EU General Data Protection Regulation, i.e., Regulation (EU) 2016/679 (“GDPR”).

In Privacy Notice we explain to you how your information, including your personal data, is collected, used, stored and disclosed by Folderit as well as provide you with information about your rights regarding your personal data and its processing by Folderit.

Privacy Notice applies also to information that we receive when you use or access our services available at our website www.folderit.com (“Site”), products, services or applications (collectively, the “Services”), or when you otherwise interact with us.

Privacy Notice also includes information on the use of cookies (see Section 9).

2. Data controller name and contacts

If you have an individual (personal) user account with us, then the controller of your personal data is Folderit OÜ with registered address at Laki 32, Tallinn, Republic of Estonia (company registration number 12653434; e-mail: privacy@folderit.com).

Please be aware that where Folderit provides services to an enterprise, then the relevant enterprise, who has created a Folderit account for you, shall be regarded as the controller and responsible for ensuring compliance with data protection laws and regulations. Please contact the relevant enterprise for further information.

3. Categories and sources of processed data

For reasons of clarity we have grouped the data that we process into the following categories:

We receive the above listed data mainly from you, when you register an account with us, upgrade your subscription into a paid plan as well as when you change your user profile data.

Some of the information we get automatically while you are using our services or visiting our website. We use various tracking technologies (e.g. cookies) to collect information and distinguish you from other users of our Site. For more information about cookies and other tracking technologies please see the Cookies section below.

Folderit does not intentionally collect or process special categories of personal data such as data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning your sex life or sexual orientation.

In case you yourself provide us such delicate data, we cannot take responsibility for processing this information differently from your usual personal information

4. Legal bases and purposes for data processing

Any processing of personal data must be legal, that is, there must be a legal basis for the processing of data. We process your personal data on legal bases listed below. Under each basis, we explain what kind of data is processed on that basis and for what purposes.

Processing your data on the basis of your consent / GDPR Article 6 (1a)

Considering the categories of the processed data as well as the nature of our processing activities, we usually do not need your consent for processing your data (i.e. processing is performed on other bases provided in Article 6 of GDPR).

We do need your consent for sending you direct marketing e-mails. When we have your consent we will inform you periodically about our services and features, newsletters, offers, events and other news or information about us and our partners.

Please be informed that we can send you information about our services and features that are similar to the ones that you have already ordered from us without your consent on the basis of legitimate interests.

You have the right to withdraw your consent as well as to object to processing of your data for direct marketing purposes any time. For further information about using these rights please see Section 10.

Processing your data for the performance of a contract / GDPR Artice 6 (1b)

This is the main reason why we collect and preserve your data and it affects your e-mail address, your profile data, subscription data, billing information and data on your accounts and account usage (see also list of data categories in Section 3). Without these data we
cannot provide you the Services. Therefore, when these data is requested from you, you are expected to provide them to us. Otherwise we cannot give you access to the desired Service.

We use this data in order to identify you and authorize your access to the Site and the Services, to perform our obligations arising from the Contract, enable you to use features of our Service as well as to communicate with you regarding the Services and the Contract (e.g. to send you technical notices, updates, security alerts, support and administrative messages, purchase confirmations and invoices, respond to your comments, questions, and requests and provide customer service and support).

Processing your data for compliance with a legal obligation / GDPR Article 6 (1c)

We must comply with several laws and regulations, including the ones that concern taxation, accounting, financial reporting, prevention of money laundering and terrorism, or judicial or administrative process. In some cases we are also under obligation to provide information to state officials and authorities upon their lawful requests. The data that needs to be processed for complying with the legal obligation, depends on that obligation (e.g. what kind of information has been requested by the relevant authority).

Processing your data for the purposes of the legitimate interests / GDPR Article 6 (1f)

We also use your personal data listed in Section 3 for the purposes of our legitimate interests, where according to our evaluation we see that our interests are not excessive towards you and are not overridden by your interests or fundamental rights and freedoms.

As a result of this evaluation we process your data for our legitimate interests for:

sending e-mail messages on upcoming important events regarding your subscription (e.g. when trial period or ordered subscription is about to end), if these reminders are not explicitly agreed in the Contract,

5. Storing and transfer of information (including transfers outside of EEA)

Folderit is based in the Republic of Estonia, but in order to provide you with the Services, we may store and process your personal data and content in other locations within European Economic Area (EEA) or in the country of your origin.

When using our services your account content will be stored with triple server-side back-up on Amazon datacenter in Ireland.

We can also transfer your personal data from the EEA to third countries outside EEA due to the use of some of the service providers mentioned in Section 6. In this case we will take adequate protection measures that also recipients outside EEA are ensuring a level of protection of personal data that is essentially equivalent to the one guaranteed under the GDPR.

6. Sharing and disclosing of information

We do not share or disclose your personal data to third persons, unless disclosure of the data is allowed by legal bases described in Section 4.

Otherwise you yourself are in control of the information that you choose to disclose or share with other users or third persons.

When you use our collaboration features that support sharing information with third parties, we will disclose and share your information (including your name, email address and other profile information, content that you decide to share), to the persons that you collaborate with. Please consider that persons collaborating with you may also modify and supplement the content that you have shared with them, but also share such content outside our Services and provide other third parties with rights to view the content you have shared.

We may use service providers to carry out or to assist us with some of our activities; that is for providing, maintaining, developing, protecting and promoting our Services and website (e.g. companies providing website hosting, e-mail services, marketing, customer support and communication software services, analyses related to the service or a website, payment service providers, debt collection services, auditing, legal and other consulting services). In the process of using these services we may need to transfer to them some of your data, including your personal data. These third parties will receive information only on “need to know” basis and only for purposes of providing the ordered services or for otherwise performing the concluded service contract.

We also use affiliate reseller partner program for marketing and selling our Services. Our reseller partners are committed to assist customers in the process of registering as a Folderit user and provide customer support and information about our Services and payment plans. They are entitled to receive commission for each successful sale that they have initiated. For these reasons our reseller partners have access to the customer data such as profile data, contact details, subscription data, billing data) that is necessary in order to perform their obligations as well as to have an understanding about the commission calculations.

We may also disclose your information to any member of our group, which means any company which controls, is controlled by or is under common control with Folderit.

We may share your personal information with third parties for marketing purposes only if this is in accordance with your marketing preferences.

We may share your information with a third party application, if you have chosen to access our Services through such application or give such application access to your information and account. In this case, please make sure that you trust this application and that it’s privacy terms are acceptable for you, as we are not responsible for your data processing by a third party application.

7. Security

We take reasonable efforts and measures (incl. SSL encrypted connections) to safeguard your personal data, but we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. Therefore, we recommend you to take any measures you feel appropriate and necessary to secure your Account, its content and transmission of your data (e.g. encrypting your data and using secure encrypted connection to communicate with the Services). Also, it is your responsibility to keep your password and any other identification mean confidential and not to disclose them to any other person.

Additionally, you must always logout and close your browser when you finish your session. Please note that we will never ask you to disclose your password in an unsolicited phone call or email.

You should notify us immediately of any unauthorized use of your password or Account or any other breach of security that is known or suspected by you (privacy@Folderit.com).

8. Period of storing your data

We only store your data for as long as necessary for the purposes for which the data were collected or longer, if so required by law (e.g. we are required to keep invoices and other accounting documents for seven years even if the contract has already ended).

Concerning data that we process for performance of the contract we apply the rule that data is preserved throughout the limitation period prescribed by applicable laws for submitting claims, that is three years after the termination of contractual relations.

If you have given us your consent to use your information for direct marketing (e.g. for sending newsletters and other offers via email), we will use this data for such purpose until you withdraw your consent (see Section 4 and 10 of the Privacy Notice).

It should be taken into account that, in some cases, we have a legitimate interest to preserve your data longer that described above. For example, if you have failed to perform your payment obligations duly, we have a legitimate interest to continue processing your profile, subscription and billing data for debt collection purposes.

We do not abide to these rules of storage periods in case of anonymous data, as in this case they are no longer considered to be your personal data (i.e. they cannot be linked to you directly or indirectly).

9. Cookies

Cookies are small data files sent to your browser and stored on a hard drive of your computer
when you visit a website.

We use functionality cookies to enable the Site work the way you expect. Some functionality
cookies are necessary to enable you to move around our Site and to use the Services. Other
functionality cookies help us recognize and remember you and your preferences (such as your
language and region or logged in state).

We use analytics cookies to help us to understand how you use our Site. Analytics tools do
not provide us with any personal information that reveals your actual identity. They tell us
things like how you arrived at our Site, if you have visited before, how long you stay on the
Site, and which pages on the Site you visited. They can also provide us with general
information about where in the world a user may be located.

You can prevent saving cookies to your device, by changing privacy settings of your web
browser.

Please consider that blocking all cookies may help protecting your privacy, but at the same
time this may limit your ability to use our Services.

10. Your rights regarding personal data processing

If you are an individual user (a private person), you as a data subject have certain rights guaranteed by GDPR.

This section does not exclude any other rights of a data subject that might be provided in applicable laws.

You can exercise some of your data subject rights (such as the ‘right of access’ and the ‘right to rectification’) through your user account. If you are unable to do so or if the right in question cannot be thus exercised, then please use the contact details in Section 2 of the Privacy Notice to contact us and we will do what we reasonably can to facilitate the exercise of your rights.

11. Changes to the Privacy Notice

We may change this Privacy Notice from time to time. The most current version of the Privacy Notice is available on our Site together with the date of last update. In case of material changes we will notify our users about the upcoming changes through our Site and/
or via e-mail.

If you are not happy with the modified Privacy Notice, you should discontinue the use of our Services and cancel the Contract by sending an e-mail notice to privacy@folderit.com.