Effective: October 12th, 2021
We will only process your personal data in accordance with applicable data protection and privacy laws. For the purpose of UK and European Union (“EU”) data protection legislation, the data controller is Nitro Software, Inc. of 150 Spear St STE 1850, San Francisco CA 94105.
Nitro collects personal data from users to provide services. Throughout standard use of the Site or Services, we collect some or all of the following:
- Account Data: Name, business name, title, phone number, billing address, email, password, and avatar
- Financial Data: Credit card data (number, expiration, and security code)
- Single Sign-On: Nitro supports enterprise SSO with SAML 2.0-enabled identity providers. If your users log in through enterprise SSO, we collect data from the SAML provider regarding your account (with your express consent)
Nitro does not require or use sensitive data like: racial or ethnic origin, political affiliation or opinions, religious or philosophical beliefs, trade union membership, health data, sexual orientation, criminal convictions, or genetic or biometric data. Subject to the following paragraph, we ask that you not send us, and/or disclose, any such sensitive personal data.
If you send or disclose any sensitive personal data to us when you submit user generated content to our Services, you consent to our processing and use of such sensitive personal data in accordance with this Policy. If you do not consent to our processing and use of such sensitive personal data, you must not submit such user generated content to our Services.
The Sites, Software, and Services provide capabilities to users to upload and manipulate documents. The user is responsible for and owns the content of the documents. Nitro does not alter the content of documents. By content, we are referring to text, graphics, and/or images within the document that are human readable and convey the meaning of the document to a person reading it. Occasionally, we will have to alter the formatting of the document to show it on the Sites (i.e. on Mobile devices) or in the Software, but there will be no material change to the content within the document.
You are responsible for who you choose to share documents with via the Site, Software, and/or Services’ collaboration functionality. When collaborating on documents, users you grant access to will be able to view that content and download the document (even if you delete that document at a later date). Additionally, if a collaborator signs, reviews, or marks-up the document, that collaborator owns a different version of that document which contains the collaborator's changes. If you access or collaborate on a document owned by another individual, you are responsible for the content you provide on or about the document. Also, by sharing documents with other parties, those parties own a version of the document which mean they may then share and retain the document even after the original owner deletes the document.
When storing documents on the Sites, Software, and Services, Nitro collects the following data:
- Document Metadata: Name, size, email address of user uploading document, meta data about the structure of the document, and standard metadata provided by the standard used to create the document (PDF, DOC, XLS, etc.).
- Document Sharing: E-mail address and name of users who you wish to share the document.
- Document Content: The contents of documents stored in the Site, Software, or Services.
User Generated Content
You may share personal data with us when you submit user generated content to our Services, including via our forums, message boards and blogs on our Sites. Please note that any information you post or disclose on our Site will become public information, and will be available to other users of our Site and to the general public. We urge you to be very careful when deciding to disclose your personal data, or any other information, on our Site. Such personal data and other information will not be private or confidential once it is published on our Site.
Use of Data
Nitro uses data provided through the use of our Sites, Software, and Services to provide services for which Nitro was engaged. The data may be used for a variety of functions, including:
- Provide, monitor, maintain and improve the Software, Site and Services
- Register for and enable access to the Software, Site and Services
- Purchase services and contact you in case a purchase request cannot be fulfilled
- Manage documents (including upload, download, convert, and edit)
- Collaborate and share files with others you designate which involves the Site sending emails on your behalf
- Deliver services you request
- Provide audit data to you and others who you grant access to via document collaboration
- Recommend actions to you based on usage activity and document content; including testing and training algorithms used to provide these services
- With your consent, personalize and customize the Site and Services by improving content, features, and/or advertisements based on your interests and preferences
- Send push notifications that update you on activities initiated within the Site and Services
- Send you related data (including confirmation of services requests and/or purchases)
- Provide customer support (comments, questions, and requests for support along with support responses)
- With your consent, provide data about services (newsletters, surveys, offers, promotions, contests, events, customer testimonials, case studies, and data about Nitro)
- Monitor and analyze trends in connection with the Site and Services for marketing and advertising purposes
- Investigate potential illegal activities (fraudulent transactions, unauthorized access, and/or other illegal activities)
- With your consent, link or combine with other data from 3rd Parties to understand your needs and preferences
- Diagnose unexpected issues that occur within the Site and Services
Activity Data includes data about how users interact with our Site, Software, or Services. Data in this category includes:
- Browser Technologies: Cookies, beacons, tags and scripts
- Device Data: Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. For mobile devices, we may additionally collect device identifiers. If printing, we may collect device data about the printer like: Driver, Printer ID, Brand, Make, Model, and other data accessible through the print driver. We may collect this information about you using cookies. Please refer to the sections on Cookies and Pixel Tags below.
- Local Shared Objects: Cookie Preferences
- Usage Data: We monitor user activity and collect data about the features you use
- Information We Get from Others. We may also get information about you from other sources, for example, if you have agreed to share information with one of our partners or other third parties, we may add this to information we get from our Services.
What are cookies?
We may collect information using “cookies”. Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Services.
We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when it revisits our Services; and (2) third party cookies, which are served by service providers on our Services, and can be used by such service providers to recognize your computer or mobile device when it visits other websites.
Cookies we use
Our Services uses the following types of cookies for the purposes set out below:
|Type of cookie||Purpose|
|Essential Cookies||These cookies are essential to provide you with services available through our Services and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Services and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.|
|Functionality Cookies||These cookies allow our Services to remember choices you make when you use our Services, such as remembering your language preferences, remembering your login details and remembering the changes you make to other parts of our Services which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Services.|
|Analytics and Performance Cookies|
These cookies are used to collect information about traffic to our Services and how users use our Services. The information gathered does not identify any individual visitor. The information is aggregated and therefore anonymous. It includes the number of visitors to our Services, the websites that referred them to our Services, the pages that they visited on our Services, what time of day they visited our Services, whether they have visited our Services before, and other similar information. We use this information to help operate our Services more efficiently, to gather broad demographic information and to monitor the level of activity on our Services.
We use Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how our Services works. You can find out more information about Google Analytics cookies here:
You can find out more about how Google protects your data here
You can prevent the use of Google Analytics relating to your use of our Services by downloading and installing the browser plugin available via this link:
|Targeted and advertising cookies|
These cookies track your browsing habits to enable us to show advertising which is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, and with our permission, third party advertisers can place cookies to enable them to show adverts which we think will be relevant to your interests while you are on third party websites.
You can disable cookies which remember your browsing habits and target advertising at you by visiting http://www.youronlinechoices.com/. If you choose to remove targeted or advertising cookies, you will still see adverts but they may not be relevant to you. Even if you do choose to remove cookies by the companies listed at the above link, not all companies that serve online behavioral advertising are included in this list, and so you may still receive some cookies and tailored adverts from companies that are not listed.
|Social Media Cookies||These cookies are used when you share information using a social media sharing button or “like” button on our Services or you link your account or engage with our content on or through a social networking website such as Facebook, Twitter or Google+. The social network will record that you have done this.|
At this time, Nitro does not recognize "do not track" (DNT) signals.
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings”, “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com.uk.
If you do not accept our cookies, you may experience some inconvenience in your use of our Services. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Services.
We may also use pixel tags (which are also known as web beacons and clear GIFs) on our Services to track the actions of users on our Services. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of the Services, so that we can manage our content more effectively. The information we collect using pixel tags is not linked to our users’ personal data.
Generally. We may use other companies to serve third-party advertisements when you visit and use the Services. These companies may collect and use click stream information, browser type, time and date, subject of advertisements clicked or scrolled over during your visits to the Services and other websites in order to provide advertisements about goods and services likely to be of interest to you. These companies typically use tracking technologies to collect this information. Other companies' use of their tracking technologies is subject to their own privacy policies.
Targeted Advertising. In order to serve offers and advertisements that may interest you, we may display targeted advertisements on the Services, or other digital properties or applications in conjunction with our content based on information provided to us by our users and information provided to us by third parties that they have independently collected. We do not provide personal data to advertisers when you interact with an advertisement.
Your Ad Choices. Some of the third-party service providers and/or Advertisers may be members of the Network European Interactive Digital Advertising Alliance ("EDAA") Self-Regulatory Program for Online Behavioral Advertising. To learn more, visit http://www.edaa.eu/edaa-for-users which provides information regarding targeted advertising and the "opt-out" procedures of EDAA members.
Mobile. We may, from time to time, offer certain location or pinpoint based services, such as location assisted navigation instruction. If you elect to use such location-based services, we must periodically receive your location in order to provide such location-based services to you. By using the location-based services, you authorize us to: (i) locate your hardware; (ii) record, compile and display your location; and (iii) publish your location to third parties designated by you by means of location publication controls available within the applications (for example, settings, user preferences). As part of the location-based services, we may also collect and store certain information about the users who elect to use such location-based services, such as a device ID. This information will be used to provide you the location-based services. We may use third-party providers to help provide location-based services through mobile systems and we may give the information to such providers to enable them to provide their location-based services, provided that such providers use the information in accordance with this Policy.
International Data Transfer
Your information, including personal data that we collect from you, may be processed and transferred within and to the United States and other countries and territories which may have different privacy laws from your country of residence. Nitro is compliant with the EU General Data Protection Regulation (GDPR).
Nitro adheres to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, although Nitro does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of personal data in light of the judgment of the Court of Justice of the EU in Case C-311/18. Nor do we rely on the Swiss-U.S. Privacy Shield Framework in light of the policy paper of the Swiss Federal Data Protection and Information Commissioner of September 8, 2020. To learn more, visit the U.S. Department of Commerce’s Privacy Shield website.
Nitro takes data privacy seriously and monitors the regulatory landscape with regards to data privacy. As new regulations evolve, Nitro will evaluate those regulations and, in good faith, evolve our Data Privacy procedures appropriately.
Sharing and Disclosure
We may provide your personal data to companies that provide services to help us with our business activities, such as shipping your order or offering customer service. These companies are authorized to use your personal data only as necessary to provide these services to us. We may disclose personal data when the disclosure:
- is required by law; or
- has been consented to by you.
Other ways Nitro shares personal data are:
- Collaboration and Sharing: Nitro offers collaboration features built into the Site and Services which allow you to share documents (read-only or full edit capabilities) with others you explicitly choose. Collaboration and sharing allows others to view the content of the document you choose to share in addition to the activity data pertaining to the shared document (views, edits, etc.). You can set permissions and revoke access through your Nitro account. If you share a document with another party, that party can download the document as long as they have access to it. Additionally, you may choose to create a public link and send that link to others. If you create a public link, anyone with that link can access in read-only mode and download it.
- Business Accounts: If you are an individual user and the domain of your e-mail address associated with your account is owned by your employer and that employer has established a Nitro Business account, the data concerning use of your individual account (including access to personal data, usage data and document content) are accessible to that organization.
- Business Transfers: In the event Nitro goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personal data will likely be among the assets transferred. You will be notified via email (sent to the e-mail address specified in your account) or prominent notice on our Site of any such change in ownership or control that affects your personal data.
- Aggregated and Anonymized Data: We also share aggregated and anonymized data with partners which does not directly identify individuals. We may create anonymous data from the personal data we receive about you and other individuals whose personal data we collect. Anonymous data might include analytics information and information collected by us using cookies. We make personal data into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyse usage patterns in order to make improvements to our Services.
We will take reasonable precautions to protect your personal data from loss, misuse or alteration. This includes both physical and technological security measures. We follow generally accepted industry standards (e.g. encryption at rest and in transit, access control policies, etc.) to protect the personal data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security and you agree that you submit data to us at your own risk. When you enter personal data on our order forms, we encrypt the transmission of that data using transport layer security (TLS).
Consent and Opt-out
Promotional and Newsletters
We provide you the opportunity to consent to having your personal data used for certain purposes when we ask for this data. We will also give you the opportunity to 'opt-out' at any time. For example, if you purchase a product/service but do not wish to receive any additional marketing material from us, you can initially choose not to accept direct marketing from us, and at a later stage provide consent.
If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by following the instructions included in each newsletter.
If you wish to not have data used for the purpose of serving you targeted ads, you may initially withhold your consent to being subject to such ads, and at a later stage opt-out by contacting email@example.com (or if located in the European Union click here). Please note this does not opt you out of being served advertising. You will continue to receive generic ads.
Nitro provides promotional sites (commonly referred to the "conversion sites") that provide services to convert documents from one format to another. By using the conversion sites, you allow Nitro to store, retain, and use personal data, document data, and document metadata per the 'Use of Data' section above. If you do not wish to provide this personal data, document data, and document metadata, then refrain from using the conversion sites.
Services and Software Documents
Outside of the conversion sites (above), you may delete your documents at any time from within the Services or Software via the User Interface. Any document you have shared explicitly with another user (via a sign, share, or review request) will still be available to that user with whom the document was shared if they downloaded it, copied it to a storage service like (Box, Dropbox, Google Drive, OneDrive, etc.), or added the document to the shared users' Nitro account.
We will retain your Personal, Document, and Activity Data for as long as your account is active or as needed to provide you Services. If you wish to cancel your account or request that we no longer use your personal data to provide you Services, please contact firstname.lastname@example.org. However, Nitro will retain and use your Personal, Document, and Activity Data as necessary to comply with our legal or other obligations, resolve disputes, and enforce our rights and agreements. Nitro reserves the right to delete any data for inactive accounts.
Out of Scope
- Frames: Some of our pages utilize framing techniques to serve content from our partners while preserving the look and feel of our Sites. Please be aware that you are providing your personal data to these third parties and not to Nitro.
- Customer Testimonials: We may post customer testimonials/comments/reviews on our Site which may contain personal data. We obtain the customer's consent, prior to posting the testimonial, to post the customer’s name along with the customer’s testimonial. If you would like to have us remove any of your comments, please contact us.
- Forum and Blog Content: Our Site may offer publicly accessible blogs or community forums. You should be aware that any data you provide in these areas may be read, collected, and used by anyone who has access to them. To request removal of your personal data from our blog or community forum, please contact us at email@example.com.
We do not knowingly collect personal data from children under the age of 16. By using the Site, Software, and/or Services, the user asserts they are over 16 years of age. If we become aware that we have inadvertently received personal data from a child under the age of 16, we will delete such data from our records.
Data Subject's Rights
Nitro takes privacy seriously. If you have any concerns regarding our handling of your Personal, Sensitive, or Document Data, we encourage you to contact us (details below in the 'Contact Us' section). Additionally, Nitro acknowledges you have the following rights with regards to your personal data.
- You may raise a complaint to the relevant supervisory authority in your EU Member State (and/or to the EU Data Protection Agency)
- You have the right to object to or restrict the processing of your personal data. If you wish to restrict or object, please follow the procedures stated in the 'Opt-out' section above.
- If consent to process is granted, you may withdraw your consent to process personal data. To withdraw consent follow the steps detailed in the 'Opt-out' section above.
Data Access Rights
Nitro collects a variety of information via the use of the Site, Software, and/or Services at the direction of users. If you have concerns about your personal data being processed, or if you seek access or want to correct, amend, or delete inaccurate data, please contact us at firstname.lastname@example.org and we will work with you to respond to your request in a reasonable timeframe.
If you have concerns or inquiries regarding the handling of your personal, document, and/or activity data, please contact us at email@example.com. Nitro will respond within a reasonable timeframe. If, after contacting us, we fail to adequately address your concern please contact the dispute resolution provider, Data Protection Commissioner of Ireland at www.dataprotection.ie, at no cost to you.
For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in any event, within one month of your request. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion.
Privacy Shield Statements
In compliance with the Privacy Shield Principles, Nitro commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Nitro by going to the "Contact Us" webpage on this Site or contacting us at firstname.lastname@example.org or at the address below.
Nitro Software, Inc
150 California Street, STE 1850
San Francisco, CA 94105
Nitro has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.
- Nitro is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
- In instances where other redress possibilities have been exhausted under EU or Swiss law, or where the complaint has not been resolved by any other means, Nitro will provide EU end users a binding arbitration option before the Privacy Shield Panel. Under certain conditions, EU and Swiss individuals may invoke binding arbitration. Nitro acknowledges that any final decision by the Privacy Shield Panel is a legally binding decision, enforceable in US courts.
- Nitro may disclose data in response to lawful requests by public authorities, and to meet national security or law enforcement requirements.
- If required at some point in the future, to effectively process data on behalf of a client to serve the client's needs, Nitro may need to share that data with certain third parties or sub-processors. In such instances, Nitro will execute any needed contracts, clauses, or addendums to ensure that any third-party agents that it engages to process personal data does so in a manner that is consistent with the Privacy Shield Principles.
Nitro does not currently transfer personal data, received pursuant to the EU-U.S. Privacy Shield Framework or the Swiss-U.S. Privacy Shield Framework, to third party agents. However, if personal information of EU or Swiss individuals is transferred to third parties in the future, Nitro is potentially liable.
If you require more detailed data about our data handling practices please let us know by going to the “Contact Us” webpage on this Site or contacting us at email@example.com or at the address below.
Nitro Software, Inc
150 Spear Street, STE 1850
San Francisco, CA 94105