CaféX Spaces Privacy Policy

Last Updated: November 2018

CaféX Communications Inc. and its affiliates value your privacy. This Privacy Policy explains when and why we collect personal information about people who use our CaféX Spaces service (the “Service”), how we use it, the conditions under which we may disclose it to others and how we keep it secure. It also describes the choices available to you regarding the use of, your access to, and how to update and correct your personal information.

We may change this Privacy Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using CaféX Spaces, you’re agreeing to be bound by this Privacy Policy.

Any questions regarding this Privacy Policy and our privacy practices should be sent by email to compliance@cafex.com or by writing to CaféX Communications Inc., 135 West 41st Street, Suite 05-108, New York, NY 10036 , Attn: Information Security and Compliance Officer, or CaféX Communications Limited, Building 3, The Eastern Business Park, Wern Fawr Lane, St Mellons Cardiff, CF3 5EA, UK, Attn: Information Security and Compliance Officer. This Privacy Policy does not apply to visitors to the CaféX website at www.cafex.com. For privacy terms applicable to those visitors, please click on https://www.cafex.com/privacy.php.

Who are we?

CaféX creates software that makes it amazingly simple for people to collaborate in ways that work best for them.

In this policy “CaféX”, 'we', 'us' or 'our' means;

CaféX Communications Inc.,135 West 41st Street, Suite 05-108, New York, NY 10036  

CaféX Communications Limited, Building 3, The Eastern Business Park, Wern Fawr Lane, St Mellons Cardiff, CF3 5EA, UK,

How do we collect information from you?

We obtain various kinds of information about you when you use the Service. Some of this information you provide directly to us, such as when you sign up or submit feedback. Some of it we get by observing how you use the Service.

What types of information are collected from you?

Voluntary Information.

If you are a Customer, when you set up to use the Service and create an account, we collect personal information about you, including your name, email address and password. We may also collect other personal information from you when, for example, you request technical support or participate in one of our communities or message boards, etc.

Automatic Information.

As you use the Service, we may automatically collect certain information about your connection to our servers, your operating system, your IP address and your browser. We also collect personal information such as an IP address from any individual that our customer authorizes to utilize the Service. This information is collected to aid in diagnostics and auditing.

Cookies (or browser cookies).

The technologies we use for automatic data collection for the Service includes cookies. A cookie is a small file sent to and stored on your computer or device. These cookies are used to store your application preferences and settings. If you do not have an account (i.e., if you are using the Service as a guest of a Customer), these cookies are used as a temporary authentication token which will enable you to access the Service.

You have a variety of tools to control cookies, including browser controls to block and delete cookies. If you select browser settings that refuse cookies, you may not be able to obtain all or any of the Services intended.

How is your information used?

We use information that we collect about you or that you provide to us, including any personal information, for the following purposes:

  • to manage your account;
  • to provide you with information, products or services that you request from us;
  • to fulfil any other purpose for which you have provided the information;
  • to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
  • to notify you about changes to our products or services;
  • in any other way we may describe when you provide the information;
  • to assist in debugging issues with third party service providers with respect to our service(s);
  • to provide information specified by court or other legally binding order to the appropriate legal authorities; and
  • for any other purpose with your permission.

How do we share your information?

We will not sell or rent your personal information to third parties, and we will not share your personal information with third parties for marketing purposes.

We share your personal information with your consent or as necessary to complete any transaction or provide the service you have requested or authorized. We also share data (i) with our subsidiary, (ii) with vendors working on our behalf, such as third party service providers (for example, but not limited to, data storage by Microsoft Azure or Amazon Web Services) who assist us in making the Service available, (iii) when required by law or to respond to legal process, (iv) to protect our customers, (v) to maintain the security of our products and services, and (vi) to protect our rights and property.

How long do we retain your information?

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example, to comply with obligations relating to invoicing and taxes). We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is specified in any relevant contract between you and us.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not reasonably possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information on hardened servers that are hosted on highly secure data centers, and isolate it from any further processing until deletion is possible.

Your choices.

We will not contact you for marketing purposes by email or phone except (i) as necessary to enter into a contract or fulfil our obligations under a contract, (ii) with your permission, or (iii) for legitimate purposes permitted by applicable law. We will provide an unsubscribe option on all marketing emails you receive from us. You may also contact us at compliance@cafex.com to unsubscribe or if you have any other questions or concerns regarding your receipt of marketing materials from us.

Accessing and correcting your information.

You may contact us at compliance@cafex.com with any request to access, correct or delete any personal information that you have provided to us. We make good faith efforts to honor reasonable requests to access, correct or delete your personal information. If you request that we delete your personal information, your Service account information may also be removed. We may not accommodate a request to remove personal information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

Data security.

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. All information you provide to us is stored on our secure servers behind firewalls.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of the Service or our website, you are responsible for keeping this password confidential. We urge you to be careful about giving out information in public areas of our website like message boards. The information you share in public areas may be viewed by any user of our website.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Service. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Service.

Children’s privacy.

We encourage parents and guardians to take an active role in their children's online activities. We do not knowingly collect personal information from children without appropriate parental or guardian consent. If you believe that we may have collected personal information from someone under the applicable age of consent in your country without proper consent, please contact us at compliance@cafex.com and we will take appropriate measures to investigate and address the issue promptly.

Consent to transfer, process and store personal information.

As CaféX is a global organization, we may transfer your personal information to CaféX in the United States, to our subsidiary in the United Kingdom, or to third parties and business partners as described above that are located in various countries around the world. By using the Service or providing any personal information to us, where applicable law permits, you consent to the transfer, processing, and storage of such information outside of your country of residence where data protection standards may be different.

We safeguard and enable the transfer of personal information from the European Union (EU) to the US by participating in, and certifying our compliance with, the EU-US Privacy Shield Framework and Principles as set forth by the US Department of Commerce, which relates to the collection, use, and retention of personal information transferred from the EU to the US. CaféX is committed to subjecting all personal data received from EU member countries, in reliance on the EU-US Privacy Shield Framework, to the Framework’s applicable Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about these Privacy Shield Frameworks, visit the US Department of Commerce's Privacy Shield site at https://www.privacyshield.gov.

CaféX is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the US-EU Privacy Shield Principles, we commit to resolve complaints about privacy and our collection or use of the personal information of EU individuals. If you believe we retain your personal data within the scope of our Privacy Shield certification, you may direct any queries or complaints regarding our Privacy Shield certification or compliance to the address above. We will respond to any inquiries or complaints within 45 days at no cost to you.

If you feel we failed to provide an adequate response, you may contact JAMS (https://www.jamsadr.com), which provides an independent third-party dispute resolution mechanism. Under certain conditions more fully described on the Privacy Shield website (https://www.privacyshield.gov), you may be entitled to invoke binding arbitration through the Privacy Shield Panel when other dispute resolution procedures have been exhausted.

We are subject to the investigatory and enforcement powers of the US Federal Trade Commission with respect to personal data received or transferred pursuant to the EU-US Privacy Shield Framework.

You can also download a copy of this Policy here