RangeForce Inc. Privacy Notice

Why we process Service Data

RangeForce processes Service Data for the following purposes:
 
•    Provide our Services you request – we use Service Data primarily to deliver our Services that you and our customers request. This includes processing Service Data as needed to conduct checks before extending credit to certain customers, to bill for our Services used, to ensure those services are delivered or working as intended, to detect and avoid outages or other technical problems, and to secure your data and services.
•    Make recommendations to optimize use of our Services – we use Service Data to provide you and our customers with recommendations (for example, suggesting ways to better secure your account or data, reduce service charges or improve performance, or optimize your configurations), and to provide information about new or related products and features.  We also evaluate your responses to our recommendations and other feedback (if you choose to provide it).
•    Maintain and improve our Services – we evaluate Service Data to help us improve the performance and functionality of our Services.  As we improve our Services for you, this will improve them for our customers, and vice versa.
•    Provide and improve other services you request – we use Service Data to deliver and improve other services that you and our customers request, including RangeForce or third-party services that are enabled via our Services, administrative consoles, application programming interfaces (APIs) or command line interfaces (CLIs).
•    Assist you – we use Service Data to provide technical support for our Services that you and our customers request, and to assess whether we have met your needs.  We also use Service Data to improve our technical support, inform you and our customers about updates to our Services and send other notifications relating to our Services.
•    Protect you, our users, customers, the public, and RangeForce – we use Service Data to detect, prevent and respond to fraud, abuse, security risks, and technical issues that could harm you, other users, our customers, the public, or RangeForce.  This helps make our services safer, more reliable, and more secure.
•    Comply with legal obligations – we use Service Data to comply with our legal obligations (for example, where we’re responding to legal process or an enforceable governmental request, or meeting our financial record-keeping obligations).

To achieve these processing purposes, we use algorithms to recognize patterns in Service Data, manual review of Service Data (such as when you interact directly with our billing or support teams), aggregation or anonymization of Service Data to eliminate personal information, and combination of Service Data with information from other RangeForce products and services. We also use Service Data for internal reporting and analysis of applicable product and business operations.

Where Service Data is stored

Our Services are provided on our own servers and servers hosted by third party cloud service providers such as Google, Amazon, Microsoft Azure, IBM Bluemix, Rackspace, etc.  Service Data may be processed on servers located outside of the country where our users and customers are located because Service Data is typically processed by centralized or regionalized operations like billing, support, and security.
 
Regardless of where Service Data is processed, we apply the same protections described in this Privacy Notice. When transferring Service Data outside of the European Economic Area, the UK or Switzerland, we comply with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks.

How we secure Service Data

We build our Services with strong security features to protect your data.  The insights we gain from providing our services help us detect and automatically block security threats from ever reaching you.
 
We work hard to protect the Service Data we hold from unauthorized access, alteration, disclosure, or destruction, including by:
 
•    Encrypting Service Data at rest and while in transit between our facilities.
•    Regularly reviewing our Service Data collection, storage, and processing practices, including our physical security measures, to prevent unauthorized access to our systems; and
•    Restricting access to Service Data to RangeForce employees, contractors, and agents who need it in order to process Service Data for us.  Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

How we share Service Data

We instruct our affiliates to process Service Data for the purposes listed under “why we process Service Data” above, in compliance with this Privacy Notice and appropriate confidentiality and security measures. 

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless it is necessary for providing the services or required by law except in the following cases:
 
•    We may use third party authorized processors to process your data, for example store your data in servers hosted by third party cloud service providers such as Google, Amazon, Microsoft Azure, IBM Bluemix, Rackspace, etc. For user registration we may use Auth0 services (Auth0, Inc.). The data stored by such data processors is encrypted, secured and cannot be accessed by any third parties. Any such authorized processor shall be obliged to adhere to the terms set forth in this document. In case you have been assigned to use the RangeForce services by your employer, we may transmit your performance data to your employer.
•    We may identify and contact users with outstanding performance results for the purposes of entering them into our talent database from where we may transmit the performance data, name and e-mail of such person to potential employers. Your data will not be forwarded to potential employers unless you have given us explicit permission to do so.
•    When you procure third-party services
We share Service Data outside of RangeForce when you or our customer choose(s) to procure a third-party service through our Services Platform, or use a third-party application that requests access to your Service Data.
•    With your consent
We’ll share Service Data outside of RangeForce where we have obtained your consent.
•    With your administrators and authorized resellers.
When you use our Services, your administrator and resellers authorized to manage your or your organization’s account will have access to certain Service Data. F or example, they may be able to:
o    View account and billing information, activity and statistics
o    Change your account password
o    Suspend or terminate your account access
o    Access your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request
o    Restrict your ability to delete or edit your information or your privacy settings
•    For external processing
We do not sell your Service Data to any third parties.
We share Service Data with trusted third party providers to process it for us as we instruct them and in compliance with this Privacy Notice and appropriate confidentiality and security measures.  In particular, we share Service Data with our third party providers when you request technical support services (we share the information you provide in the support ticket, and those providers may communicate with you or your administrator in that ticket, including providing updates and closing the ticket) and professional services (we share your contact details to enable communication and collaboration).
•    For legal reasons
We share Service Data outside of RangeForce when we have a good-faith belief that access to, or disclosure that Service Data is reasonably necessary to:
o    Comply with applicable law, regulation, legal process, or enforceable governmental request.
o    Enforce applicable agreements, including investigation of potential violations.
o    Detect, prevent, or otherwise address fraud, security, or technical issues.
o    Protect against harm to the rights, property or safety of RangeForce, our customers, users, and the public as required or permitted by law.
•    In connection with a merger, consolidation or other corporate reorganization in which RangeForce participates, or to a purchaser or acquirer of all or substantially all of RangeForce’s business or assets, including a successor in bankruptcy. If RangeForce is involved in a reorganization, merger, acquisition, or sale of assets, we’ll give affected users notice before Service Data becomes subject to a different privacy policy.

Access to Service Data

Your organization may allow you to access and export your data in order to back it up or transfer it to a service outside of RangeForce.  Our Services enable you to directly access and download the data you have stored in the services, as further described in our Agreement with your organization and related guidelines that explain how you or your organization may use various tools to access, control, and export your data.
 
You and your organization’s administrator can access several types of Service Data directly from our Services, including your account information, billing contact information, payment and transaction information, as well as product and communication settings and configurations.
If you’re otherwise unable to access your Service Data, you can always request it through our Services Platform.

Retention and Deletion of Services Data

We retain Service Data for different periods of time depending on the type of data, how we use it, and how you configure your settings. When we no longer need Service Data, we delete or anonymize it.
 
For each type of Service Data and processing operation, we set retention timeframes based on the purposes for which we process it, and ensure that the Service Data is kept for no longer than necessary.  We retain most types of Service Data for a set period of up to 180 days (the exact number depends on the specific type of data).  However, some Service Data may be kept for longer periods where there is a business need.  We generally have longer retention periods (which can be over a year) for Service Data that is kept for the following purposes:
 
•    Security, fraud and abuse prevention – we retain Service Data when it is necessary to protect against fraudulent attempts to gain access to user accounts, or to investigate violations of our applicable Services agreements.  Usually, the Service Data retained where there is reason to suspect fraud or abuse would include device identifiers, identifiers from cookies or tokens, and IP addresses, as well as log data about usage of our Services. 
•    Complying with legal or regulatory requirements – we retain Service Data when required by an enforceable legal process, such as when RangeForce receives a lawful subpoena. 
•    Complying with tax, accounting or financial requirements – when RangeForce processes a payment for you, or when you make a payment to RangeForce, we retain Service Data about those transactions (including billing information), typically for a minimum of five years, as required for tax or accounting purposes, or to comply with applicable financial regulations.

At the end of the applicable retention period, we follow detailed protocols to make sure that the Service Data is securely and completely deleted from our active systems (the servers RangeForce uses to run applications and store data) or retained only in anonymized form. After completion of these steps, copies of Service Data will remain for a limited period in our encrypted backup systems (which we maintain to protect Service Data from accidental or malicious deletion and for outage and disaster recovery purposes), before being overwritten by new backup copies.

Tracking Disclosure 

RangeForce tracks users’ use of the Services but does not track users across third-party websites. We do not respond to Do Not Track (DNT) signals.

European Privacy Standards and GDPR

Exercising your data protection rights

If EU, UK or Swiss data protection law applies to the processing of Service Data relating to you, you have certain rights, including the rights to access, correct, delete and export your Service Data, and to object to or request that we restrict processing of your Service Data.
 
RangeForce OÜ (Estonian registration 12735735) will be the data controller responsible for your Service Data.  However, where our customer has entered into an agreement covering our Services with a different RangeForce affiliate, that affiliate will be the data controller responsible for processing your Service Data in connection with billing for our Services only.
 
If you want to exercise your data protection rights with regard to Service Data we process in accordance with this Privacy Notice, and you are not able to do so via the tools available to you or your organization’s administrator, you can contact dpo@rangeforce.com 
 
We comply with the principles according to the Data Privacy Framework program.  You can always contact your local data protection authority if you have concerns regarding your rights under local law.

Our legal grounds for processing Service Data

We process Service Data where necessary for our legitimate interests in:
 
•    Fulfilling the contractual obligations which we owe to our customer to provide our Services.
•    Offering the best service we can, and ensuring our customers know how to get the most out of our Services.
•    Continuing to improve our Services to meet our customers’ needs.
•    Protecting against harm to the rights, property and safety of RangeForce, and where necessary for RangeForce’s and third parties’ legitimate interests to protect against harm to our users, our customers and the public, including criminal acts and rights violations.
•    When we have a legal obligation to do so.  For example, where we’re responding to legal process or an enforceable governmental request, or retaining information relating to your purchases and communications to meet our record-keeping obligations.
 
Contact Information. If you have any questions about this RangeForce Privacy Notice or privacy practices, please contact our Privacy and Data Protection Officer (email: info@rangeforce.com).

Children

Our Services are not targeted to children under age 16 and we do not knowingly collect personal data from individuals under age 16.

EU-US Data Privacy Framework

Rangeforce complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Rangeforce has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Rangeforce commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact Rangeforce] at:  info@rangeforce.com

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Rangeforce commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

Rangeforce may share data with third party providers of cloud servers where necessary for localized or regionalized networking and support.
 
You may choose to opt out by contacting dpo@rangeforce.com if your personal information is 
(i)    to be disclosed to a third party or 
(ii)    to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you
 
Rangeforce LLC is subject to the investigatory and enforcement power of the Federal Trade Commission.
    
You may invoke binding arbitration by delivering notice to Rangeforce and following the procedures and subject to the conditions set forth in the DPF Principles Arbitration Procedures [https://www.dataprivacyframework.gov/framework-article/G%E2%80%93Arbitration-Procedur]

Rangeforce may be required to disclose personal information in response to lawful requests by public authorities, including to meet nation security or law enforcement requirements.
 
Rangeforce has a responsibility for the processing of personal information it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf.  The Rangeforce remains liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

DATA SHARING: Under no circumstance do we share personal information for any commercial or marketing purpose unrelated to the delivery of Rangeforce services without asking you first. We do not rent or sell our customer lists.

The following are the limited situations where we may share personal information:
•    With your permission: We may share personal information when we have your permission. One example of this would be if you sign up for programs offered by our partners If you do this, we may share certain information with the partner. This could include things like your enrollment information Rangeforce will request your consent to these exchanges on your behalf and you can change your mind at any time. When you use third-party services integrated with Rangeforce services, their own terms and privacy policies will govern those services.
•    As part of business transitions: Upon the sale or transfer of the company and/or all or part of its assets, your personal information may be among the items sold or transferred. We will request a purchaser to treat our data under the privacy statement in place at the time of its collection.
•    For legal reasons: We may provide information to a third party if we believe in good faith that we are required to do so for legal reasons. For example, to respond to legal process, or comply with state and federal laws (or the applicable laws of foreign countries other than the United States).

We may share non-personal information (for example, aggregated or anonymized customer data) publicly and with our partners to raise awareness about safety issues, or help us generally improve our system. We may also share non-personal information with our partners, for example, if they are interested in providing demand-response services or other incentive programs. We take steps to keep this non-personal information from being associated with you and we require our partners to do the same.

Your personal information may be collected, processed and stored by Rangeforce in the United States and other countries outside the European Union where our servers reside. As a result, your personal information may be subject to legal requirements, including lawful requirements to disclose personal information to government authorities, in those jurisdictions.

Updates to this Privacy Notice

We may update this Privacy Notice from time to time.  We will not make any significant changes without notifying you in advance by posting a prominent notice on this page describing the changes or by sending you a direct communication.  We encourage you to regularly review this Privacy Notice, and we will always indicate the date the last changes were published.