1 Words used in the HDD.to Terms of Service ("Terms") have the same meaning in this Policy. Where there is any inconsistency between this Policy and those Terms, the Terms prevail. Your information we collect Personal information
2 We keep the following personal information:
2.1 When a user signs up for particular services on our website they may need to give us the details required in our registration form and will need to keep that information up to date, including any payment account details (e.g. online payment provider account information);
2.2 IP address and other information automatically provided via a browser when a person visits our website;
2.3 Data generated when a user uses our services, including the following:
2.3.1 The activity log with respect to the user's account (e.g. showing the time and date when a file has been uploaded or shared or a folder created);
2.3.2 Any files uploaded (which will be encrypted and the contents unable to be accessed by HDD.to or anyone else unless the user provides the decryption key, which the user may do may using HDD.to's system to generate a link to the file with the decryption key included in that link);
2.3.3 Metadata about each file, such as its size and the type of file (e.g. whether it is an image file);
2.3.4 The email address of anyone that the file has specifically been offered to be shared with using HDD.to's system. Note that files can be shared privately by invitation to specified email addresses or shared publicly;
2.3.5 IP addresses of the computer from which a file has been uploaded and of any other devices that have accessed the file;
2.3.6 Account and payment information including a record of all transactions on a user's account; and
2.3.7 Direct communications between a particular user and HDD.to.
3 Access to data is by way of nominated email address and password and it is a user's responsibility to keep these safe and secure as HDD.to stores the email address but does not store the password. Cookies
5 Users can usually remove or block cookies (such as by using the settings in your browser), but it may affect their ability to use the website.
6 We may keep non-personal information about visits to the website or information which is obtained via cookies or other similar technology. In doing so, we may:
6.1 join that information with other users' information and give it to advertisers in a way which doesn't personally identify any particular user;
6.2 analyse and use this information for marketing or statistical purposes as well as to improve the way we do business with our users;
7 We will collect and keep personal information about users and other visitors to our website to provide services and support to them related to the website and our services, to sell services to them and also for dealing with other user activities, market and product research and to be able to give users promotional material on our other services and special offers. How long we keep your information
8 We keep a user's data and personal information while they are subscribed to our services but subject to our suspension and termination rights set out in our Terms.
9 We may, but shall not be obliged to, keep data and information after a user's account has been suspended or terminated. In particular, we may but shall not be obliged to, keep data and information where we consider it necessary for evidential purposes relating to a breach of our Terms or with respect to current or anticipated action by any competent enforcement authority or other third party. With respect to release of such data and information to competent enforcement authorities and third parties, see our Takedown Guidance Policy. Disclosure
10 A user's data is encrypted by the user before upload to our system and therefore we do not and cannot access that content unless we are provided with the decryption key. A user may give access to others by providing them with a link and decryption key and shall be responsible for their compliance with this Policy.
11 If we think it is necessary or we have to by law in any jurisdiction then we are entitled to give a user's information to competent authorities. We reserve the right to assist any law enforcement agency with investigations, including disclosure of information to them or their agents. We also reserve the right to comply with any legal processes, including but not limited to subpoenas, search warrants and court orders initiated by enforcement authorities or other third parties. We may disclose a user's information to enforce or apply our Terms or any other agreement we have with that user; or to protect the rights, property, or safety of us or our other users, third parties or the operation of our services and the website. For more detail on disclosure to competent enforcement authorities and other third parties, see our Takedown Guidance Policy.
12 The contract a user has for our services is with HDD.to but those services (including payment and personal data processing) may be provided by HDD.to's related or affiliated entities and by authorised resellers, in other jurisdictions, subject to applicable laws. Each user authorises HDD.to and each of those related or affiliated entities and resellers to share and store that user's personal information among themselves, as necessary to provide the services, subject to applicable laws.
13 Other than as set out above, we will not sell or otherwise provide users' personal information to a third party, or make any other use of personal information for any purpose which is not specifically allowed under this Policy or our Terms or is not incidental to the normal use of our services.
14 We strongly urge users to use best practices for ensuring the safety of their systems and devices (e.g. via security upgrades, firewall protection, anti-virus software, securing devices). HDD.to will never send an email asking for a user's password or suggesting that a user click a link to login to his or her account, so do not be fooled by any such email since it will not be from us. We cannot guarantee the security of computers or devices nor of transmission from and to a user's computer over the Internet and thus cannot guarantee there will be no unauthorised access. Also, if a user loses or otherwise allows access to their encryption keys, the user will lose the security of their data. In addition if a user misplaces or forgets their encryption keys we have no ability to recover them and all access to data will be lost. Communications
15 We may send bills, service updates and various other notices by email to the email address listed in a user's account details or using any internal messaging system we may provide as part of our service.
16 If appropriate, some of those notices will contain unsubscribe information so a user can opt out of further receipt. We will abide by any e-mail unsubscription request (other than those we need to send for billing, security or other service provider purposes). Access to information
17 Users can request access to all personal information we hold about them and request correction if it is considered incorrect, in accordance with the New Zealand Privacy Act 1993. To request any information we may be holding or a correction, please contact our Privacy Officer by emailing email@example.com. Any access request may be subject to a reasonable fee as permitted by law to meet our costs in providing information. Law
19 Questions and comments regarding this Policy are welcomed and should be addressed to the Privacy Officer at firstname.lastname@example.org. Changes to our Policy
20 We may make changes to this Policy in the future. Any changes will be posted on website.