Last updated 28th of May, 2021
Shelf is committed to meet all European Union (EU) General Data Protection Regulation (GDPR) and California Consumer Protection Act (CCPA or CaCPA) requirements.
THE INFORMATION WE COLLECT AND RECEIVE
In order to create a Shelf account and use our services, we need to collect and process certain information. We collect and receive this information in a variety of ways and may include:
- Personal Data
Personally identifiable information, such as your name, shipping address, email address, and telephone number, and demographic information, such as your age, gender, hometown, and interests, that you voluntarily give to us when you register with the Site or when you choose to participate in various activities related to the Site, such as online chat and message boards. You are under no obligation to provide us with personal information of any kind, however, your refusal to do so may prevent you from using certain features of the Site.
- Derivative and Usage Data
Information our servers automatically collect when you access the Site, such as your IP address, your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Site; Information about the ways people visit and interact with our Site, in the form of traffic analytics. You can opt out of being included in Google Analytics here.
- Financial Data
Financial information, such as data related to your payment method (e.g. valid credit card number, card brand, expiration date) that we may collect when you purchase, order, return, exchange, or request information about our services from the Site. Shelf partners with Stripe for payment processing and the payment you submit is collected and used by them in accordance with their privacy policies, which are available here. Shelf does not store your payment information apart from the type of credit or debit card, the last four digits of the card, the expiration date of the card, and the name associated with the card.
- Data From Social Networks
User information from social networking sites, such as LinkedIn and Facebook including your first and last name, your social network username, location, gender, birth date, email address, profile picture, and public data for contacts, if you connect your account to such social networks.
- Mobile Device Data
Device information, such as your mobile device ID, model, and manufacturer, and information about the location of your device, if you access the Site from a mobile device.
Communications you send to us (for example, when you ask for support, send us questions or comments, or report a problem); and Information that you submit on or to Shelf in the form of comments, contributions to discussions, or messages to other users.
USE OF YOUR INFORMATION
Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Site to:
Assist law enforcement and respond to subpoena.
Compile anonymous statistical data and analysis for use internally or with third parties.
Create and manage your account.
Email you regarding your account or order.
Enable user-to-user communications.
Fulfill and manage purchases, orders, payments, and other transactions related to the Site.
Generate a personal profile about you to make future visits to the Site more personalized.
Increase the efficiency and operation of the Site.
Monitor and analyze usage and trends to improve your experience with the Site.
Notify you of updates to the Site.
Perform other business activities as needed.
Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
Process payments and refunds.
Request feedback and contact you about your use of the Site.
Resolve disputes and troubleshoot problems.
Respond to product and customer service requests.
DISCLOSURE OF YOUR INFORMATION
We may share information we have collected about you in certain situations. Your information may be disclosed as follows:
By Law or to Protect Rights
If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.
Third-Party Service Providers
We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance, etc.
Third-Party Subprocessors list
|Subprocessor||Address of subprocessor||Country||Purpose of Use|
|Amazon Web Services||410 Terry Avenue N, Seattle, WA 98109||USA||IaaS Cloud Platform that is used by Shelf for hosting and maintaining Shelf infrastructure and other AWS services, such as Dynamo DB, etc.|
|Auth0||10900 NE 8th Street, Bellevue, WA 98004||USA||Identity management services that Shelf uses to authenticate and authorize users to the Shelf application.|
|MongoDB||1633 Broadway, 38th Floor, New York, NY 10019||USA||The Database-as-a-Service solution is used by Shelf to store metadata of user’s documents, events, and other client-related information.|
|Elastic Cloud||800 West Camino Real, Suite 350, Mountain View, CA 94040||USA||Shelf uses the vendor services to host ElasticSearch clusters, which therefore provide users with advanced search capabilities within the Shelf application.|
|Intercom||55 Second Street, Suite 400, San Francisco, CA 94105||USA||Customer Support platform that is used by Shelf Marketing and Sales teams to maintain communication with clients.|
|Stripe||185 Berry Street #550, San Francisco, CA 94107||USA||Shelf uses the vendor services to be compliant with the PCI DSS standard to process payments securely.|
|Google Analytics||1600 Amphitheatre Parkway, Mountain View, CA 94043||USA||Web Analytics services that Shelf uses to track web traffic on Shelf’s website.|
|DataDog||620 8th Avenue, 45th Floor, New York, NY 10018||USA||Monitoring and centralized logging solution that Shelf uses to determine performance metrics as well as event monitoring for infrastructure and cloud services|
|Atlassian||341 George Street, Sydney, NSW 2000||Australia||Shelf uses the vendor services for Asset Management and Team Collaboration.|
The Landmark at One Market,
San Francisco, CA 94105
|USA||Marketing Automation solution that Shelf uses for creating marketing strategies, automating newsletters, and engagement tracking.|
|Iubenda||Via Torino, 2 – 20123 Milan||Italy||Shelf uses the vendor services to be compliant with GDPR regulation and provide EU residents with cookie consent solution on the Shelf’s website.|
|Mixpanel||405 Howard Street San Francisco, CA 94105||USA||Application Analytics services that Shelf uses to track Product metrics, such as most visited features, etc.|
With your consent, or with an opportunity for you to withdraw consent, we may share your information with third parties for marketing purposes, as permitted by law. Marketing emails from Shelf give you the ability to “opt out”. If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you that are necessary for fulfilling our obligations to our customers.
Interactions with Other Users
If you interact with other users of the Site, those users may see your name, profile photo, and descriptions of your activity, including sending invitations to other users, chatting with other users, liking posts, following blogs.
We may use third-party advertising companies to serve ads when you visit the Site. These companies may use information about your visits to the Site and other websites that are contained in web cookies in order to provide advertisements about goods and services of interest to you.
We may share your information with our business partners to offer you certain products, services or promotions.
Other Third Parties
We may share your information with advertisers and investors for the purpose of conducting general business analysis. We may also share your information with such third parties for marketing purposes, as permitted by law.
Sale or Bankruptcy
We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails or other communications from third parties, you are responsible for contacting the third party directly.
Shelf securely stores your data at AWS file system storage and databases, which are encrypted by Transparent Data Encryption standard (TDE) and Advanced Encryption Standard (AES) technologies in accordance.
We will retain your personal information for no longer than is necessary to fulfill the purposes for which the information was originally collected unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other legitimate and lawful business purposes.
Where we have no ongoing legitimate business need to process your personal information, we will either delete, aggregate or otherwise anonymize it.
- Cookies and Web Beacons
- Website Analytics
You should be aware that getting a new computer, installing a new browser, upgrading an existing browser, or erasing or otherwise altering your browser’s cookies files may also clear certain opt-out cookies, plug-ins, or settings.
- Third-party websites
SECURITY OF YOUR INFORMATION
We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps, including contractual restrictions and physical, electronic and administrative safeguards such as firewalls, data encryption, SSL and other up-to-date technologies, to secure the personal information you provide to us.
Please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.
Regardless of that, Shelf takes reasonable and appropriate measures to protect data from loss, misuse and unauthorized access, disclosure, alteration and destruction.
POLICY FOR CHILDREN
We do not knowingly solicit information from or market to children under the age of 16. If you become aware of any data we have collected from children under age 16, please contact us using the contact information provided below.
CONTROLS FOR DO-NOT-TRACK FEATURES
OPTIONS REGARDING YOUR INFORMATION
- Account Information
You may at any time review or change the information in your account or terminate your account by:
Logging into your account settings and updating your account
Contacting us using the contact information provided below
- Emails and Communications
If you no longer wish to receive correspondence, emails, or other communications from us, you may opt-out by:
Logging into your account settings and updating your preferences.
Contacting us using the contact information provided below.
If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.
- Personal Information
You may send requests about personal information email@example.com. You can request to change contact choices, opt-out of our sharing with others, and update your personal information.
We strive to provide you the tools to update your personal information. If you are unable to correct inaccurate information on your own, you may request our assistance to update such information by contacting firstname.lastname@example.org.
Shelf is relying on SCCs (Standard Contractual Clauses) as a framework for allowing lawful export of personal data from European Economic Area, Switzerland and the U.K. to the U.S.
You can obtain Shelf’s current Data Protection Agreement, including the Standard Contractual Clauses by sending an email to email@example.com. If you need to have a DPA signed, please reach out to the very same address noted above. Please allow up to 45 hours for us to respond to your request.
Shelf continues to closely monitor the situation in the EU with regard to personal data transfers.
EU-U.S AND SWISS PRIVACY SHIELD PARTICIPATION
Since security and data integrity and openness of data usage are important to Shelf, the company complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Shelf will do its best to ensure accuracy and to protect personal information from loss, misuse, or unauthorized access or disclosure.
The Privacy Shield Framework consists of such Privacy Shield Principles.
CHOICE: You, as an individual, is the owner of your Personal Information. Shelf offers individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
ACCOUNTABILITY FOR ONWARD TRANSFER: Shelf remains accountable for Personal Data that it receives under the Privacy Shield and subsequently transfers to a third party agent or controller.
In particular, Shelf remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless Shelf proves that it is not responsible for the event giving rise to the damage.
ACCESS: Shelf users have access to personal information about them that Shelf holds and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
DATA INTEGRITY: Shelf will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual.
Shelf will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
RECOURSE, ENFORCEMENT AND LIABILITY: To comply with the Privacy Shield Principles, Shelf commits to resolve complaints about the collection or usage of your Personal Information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Shelf at: firstname.lastname@example.org. Please allow us up to 45 hours to respond to your request.
Shelf has committed to cooperate with the panel established by the EU data protection authorities (DPAs) for referring unresolved privacy complaints under the Privacy Shield Principles. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.html for more information and to file a complaint. Also, Shelf cooperates with Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from Switzerland, please visit https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/task.html for details. More importantly, DPAs and FDPICs services are provided at no cost to you.
Under certain circumstances, EU individuals may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of their complaint. This procedure will be held through The Privacy Shield Framework and Annex I. More information on the binding arbitration procedure can be obtained from here.
For further information, please see the Privacy Shield website https://www.privacyshield.gov/welcome. To learn more about the Privacy Shield Framework, please visit https://www.privacyshield.gov/EU-US-Framework. In addition, to find out more about the arbitration procedure, you can read the Annex I https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Shelf is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Shelf complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.