PRODUCT PRIVACY STATEMENT

Last Updated: June 17, 2020

Introduction

Evisort Inc. (“Evisort”) provides its contract management platform (“Product”) that leverages advanced artificial intelligence to extract, classify and track key provisions in your documents to its business customers (any, a “Customer”).  This Product Privacy Statement (“Privacy Statement”) explains how we collect, use, disclose and otherwise personal information on our Customers’ behalf in connection with the Product (collectively, the “Services”).  As a service provider and data processor, Evisort provides the Services to Customers.  Evisort’s Customers are the data owners and data controllers with respect to such information processed through the Services.  This Privacy Statement does not apply to any websites or other online services that do not link to this Privacy Statement.  To the extent Evisort shares information with the Customer as this Privacy Statement describes, this Privacy Statement does not apply to the Customer’s subsequent use of that information.

Evisort’s processing of information in connection with the Services is governed by this Privacy Statement and the relevant Customer agreement.  In the event of any conflict between this Privacy Statement and the relevant Customer agreement, the relevant Customer agreement will control to the extent permitted by applicable law.

This Privacy Statement is not a substitute for any privacy notice that the relevant Customer may be required to provide to its employees, authorized users or other individuals.

Information We Collect

Information collected via the Services.  The Customer is responsible for determining the scope of information that Evisort may collect.  The Services process information through scanning tools analyzing the Customer’s documents and augmented by Evisort’s artificial intelligence tools that are fed through data providers and other publicly-available sources.  Such information may include personal information, including information that may be deemed sensitive under applicable laws (including, without limitation, financial information, health information, and information about children).

Information collected about authorized users.  We collect information about the Customer’s “authorized users” — the individuals (typically personnel) that Customer authorizes to create an account access to view the dashboards, reports and other items produced by the Services.  The information we collect about authorized users includes:

  • Information provided to us by the Customer about its authorized users. This may include business contact information, such as name, email address, and phone number.
  • Information provided to us by authorized users. This may include personal information that end users provide when they register for an account or create a user profile (such as name, email address, telephone number), contact customer support, or otherwise correspond with us by phone, email, or other means.
  • Information about authorized users’ use of the Services.  This may include information about authorized users’ use of the Services, including computer or mobile device operating system type and version number, manufacturer and model, device identifier, browser type, screen resolution, IP address, general location information such as city, state or geographic area; and information about authorized users’ use of and actions on the Services, such as pages you viewed, how much time was spent on a page, navigation paths between pages, information about activity on a page, access times, and length of access. This information is collected using cookies and similar technologies.

How We Use Information

We use the information we collect at the instruction of the relevant Customer and in accordance with the relevant Customer agreement, to provide the Services and for related internal purposes, such as:

  • To maintain the Services;
  • To provide information about the Services, such as important updates or changes to the Services;
  • To measure performance of and improve the Services and develop new products and services;
  • To create anonymous, aggregated or deidentified data that Evisort may then use to analyze patterns to enhance Evisort’s products and services and develop new ones; and
  • To respond to inquiries, complaints and requests for Customer support.

We may also use information as we believe necessary or appropriate to (a) comply with applicable law; (b) enforce the terms and conditions that govern the Services; (c) protect our rights, privacy, safety or property and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

How We Share Information

We share the information we collect:

  • With the relevant Customer from which we obtained the information;
  • With such third parties as the relevant Customer may direct;
  • With third-party service providers that help us manage and improve the Services; and
  • With Evisort subsidiaries and corporate affiliates for the purposes described in this Privacy Statement or in the relevant Customer agreement.

We may also share information with government, law enforcement officials or private parties as required by law, when we believe such disclosure is necessary or appropriate to (a) comply with applicable law; (b) enforce the terms and conditions that govern the Services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

We may sell, transfer or otherwise share some or all of Evisort’s business or assets, including information that we process as part of the Services, in connection with a business transaction (or potential business transaction) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy.

Information Security

Evisort uses commercially reasonable physical, electronic, and procedural safeguards designed to protect information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction, in accordance with applicable law.  We cannot, however, guarantee that any safeguards or security measures will be sufficient to prevent a security problem.  We recommend that Customer take steps to protect against unauthorized access to any devices or networks used to access the Services.  See the relevant Customer agreement for additional information regarding Evisort’s information security practices.

Data Subject Rights

The relevant Customer is the data controller/data owner of end users or others’ personal information processed through the Services. As the data controller/data owner, the relevant Customer is responsible for receiving and responding to end users and others’ requests to exercise any rights afforded to them under applicable data protection law.  Evisort will assist its customers in responding to such requests as set forth in the relevant Customer agreement.

Cross Border Data Transfer

Evisort may transfer information collected through the Services outside of the country from which it originated, including to the United States.  See the relevant Customer agreement for additional information regarding how Evisort safeguards the information it transfers across borders.

Data Retention

Evisort may retain information for as long as necessary to (a) provide the Services; (b) comply with legal obligations; (c) resolve disputes; and (d) enforce the terms of its Customer agreements.  See the relevant Customer agreement for additional information regarding Evisort’s data retention practices.

Third Party Products and Services

The Services may integrate with or enable access to third party tools.  End users that register, install or access any third party tools may be required to accept privacy notices provided by those third parties.  Please review those notices carefully, as Evisort does not control and cannot be responsible for these providers’ privacy or information security practices.

Changes to this Privacy Statement

Evisort reserves the right to modify this Privacy Statement at any time.  Similar to Evisort’s Services, laws, regulations and industry standards may evolve which may make changes to this Privacy Statement appropriate.  Evisort will post the changes to this page.  Evisort encourages you to review the Privacy Statement to stay informed.  In accordance with applicable law, Evisort will notify you of any material changes in its collection, use, or disclose of your information by posting a notice on its website.  Any material changes to this Privacy Statement will be effective thirty (30) calendar days following notice of the changes on the website.  These changes will be effective immediately for new users of the Services.  If you object to any such changes, you must notify Evisort prior to the effective date of such changes that you wish to deactivate your account.  Continued use of the Services following the effective date of such changes indicates your agreeing to such changes.

Privacy Shield Compliance Statement:

INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
Evisort is based in the United States of America. If you are from a country outside of the United States of America with laws governing data collection, use, and disclosure that may differ from U.S. law and you provide personal information to us, please note that any personal information that you provide to us may be transferred to the United States of America. By providing your personal information, where applicable law permits, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein or in the Terms and Conditions related to the use of and access to the Platform.

Transfer Mechanisms. Evisort safeguards and enables the global transfer of personal information in a number of ways. The following describes some of the protections that are taken with regard to data originating from certain countries:

  • EU-US and Swiss-US Privacy Shield Framework: Evisort adheres to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Framework concerning the transfer of personal information from the European Union and Switzerland to the United States. Accordingly, we follow the EU-U.S. Privacy Shield Principles published by the U.S. Department of Commerce (“Privacy Shield Principles”) with respect to all such data. We comply with the Privacy Shield Principles for all onward transfers of personal information from the EU and Switzerland, including the onward transfer liability provisions. We specify in contracts with service providers that handle personal information collected by us that the information may only be processed for limited and specified purposes consistent with the purposes laid out in this Privacy Policy. Those third parties agree to provide the same level of protection as the Privacy Shield Principles. In certain situations, if a third party that receives personal information from us takes an action that is contrary to the Privacy Shield Principles, we will be liable for those actions unless we can prove that we are not responsible for causing such liability. If we received your information pursuant to the EU-U.S. Privacy Shield Framework or the Swiss-U.S. Framework, you have the right to access your personal information and opt-out of (a) disclosures of your personal information to third parties not identified at the time of collection or subsequently authorized, and (b) uses of your personal information for purposes materially different from those disclosed at the time of collection or subsequently authorized. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. Compliance with the Privacy Shield Principles may be limited, however, in certain cases to the extent necessary to meet national security, public interest, or law enforcement requirements. To learn more about the EU-U.S. and Swiss-U.S. Privacy Shield Framework, and to view our certification, please visit https://www.privacyshield.gov. A violation of our commitment to EU-U.S. and Swiss-U.S. Privacy Shield Framework may be investigated by the Federal Trade Commission. With respect to personal information received or transferred pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield Framework, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

Dispute Resolution. In compliance with the Privacy Shield Principles, Evisort commits to resolve complaints about your privacy and our collection or use of your personal information. EU individuals with questions or concerns about our use of personal information or our Privacy Policy should submit a written request to us using the contact information below.

If your question or concern is not satisfied through this process we are further committed to refer unresolved Privacy Shield complaints to JAMS, an independent dispute resolution provider located in the United States. Information about how to file a complaint with JAMS related to our Privacy Shield program can be found at https://www.jamsadr.com/eu-us-privacy-shield. The services of JAMS are provided at no cost to you. Under certain circumstances, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.

Contact Us

If you have any question about this Privacy Statement, you can contact our privacy team at [email protected]

Menu

Schedule an Evisort Demo

Experience the next generation of contract management for yourself and see why everyone from startup companies to the Fortune 100 are leaning on Evisort for their contract management needs!