Pax Cloud (hereinafter “we”) understands the importance of personal data and privacy, and is committed to complying with mainstream global data protection regulations (including but not limited to the European Union‘s General Data Protection Regulation (GDPR), the United States‘ California Consumer Privacy Act (CCPA), Brazil‘s General Data Protection Act (LGPD), and others), to protect the security of your personal information and your legitimate interests. This Privacy Policy aims to clarify our relevant practices for collecting, using, storing, sharing, transferring, and protecting your data. Please read and understand this Policy carefully before using the Pax Cloud Disk Service (hereinafter “this Service”). By using this Service, you fully understand and agree to the full content of this Policy.
1. Definition and scope
1.1 Core Definitions
1.1.1 Personal Data: Means information that can directly or indirectly identify a specific person, including but not limited to name, email address, phone number, device identifier, IP address, file metadata, etc.
1.1.2 Sensitive Personal Data: Referring to special data relating to personal privacy or security, including but not limited to financial information, health data, biometric information, religious beliefs, political opinions, etc.
1.1.3 Data Subject: Means the natural person to whom personal data refers, even users who use this Service.
1.1.4 Data Controller: Means the entity that determines the purpose and manner of processing personal data, i.e., the Pax Cloud operating entity.
1.2 Scope
1.2.1 This Policy applies to all processing activities such as the collection, use, storage, sharing, transfer, and deletion of your personal data during your use of the Pax Cloud Disk Software and related services (including web-side, mobile-side applications, etc.).
1.2.2 This Policy does not apply to related services that third parties access through links or interfaces to this Service. The privacy policies for third-party services are determined by their own discretion and we assume no responsibility.
2. Data Collection and Use
2.1 Sources of Data Collected
2.1.1 Direct Collection: Information that you voluntarily provide when you register and use the Service, including but not limited to the email address, password (encrypted storage), identity information such as your name, and content data such as files and folders that you upload to the Service.
2.1.2 Automatic Collection: During your use of this Service, we automatically collect information through technical means, including, but not limited to, device model, operating system version, browser type, IP address, login time, duration of use, file operation records (uploads, downloads, sharing, deletions, etc.), storage capacity usage, etc.
2.1.3 Third-party sources: With your consent, information obtained from legitimate and compliant third parties, including but not limited to authentication information provided by third-party login platforms (such as Google, Apple ID, etc.), will be used after declassified processing.
2.2 Purposes of Data Use
2.2.1 Provision of Basic Services: Used to realize the core functions of this Service, including but not limited to account creation and login authentication, file storage and management, file uploads and downloads, file sharing and collaboration, etc.
2.2.2 Optimizing the Service Experience: Based on analysis of your usage habits, we optimize the performance and functionality of this Service, improve operational ease, and provide you with personalized service recommendations (such as quick access to commonly used features).
2.2.3 Ensure service security: Used to monitor and prevent security risks such as fraud, malicious attacks, account theft, maintain service order, and protect your account and data security.
2.2.4 Compliance and Legal Obligations: To comply with applicable laws and regulations, judicial decisions or administrative directives, to respond to legitimate inquiries from law enforcement agencies, and to protect us and our users‘ legitimate interests from infringement.
2.2.5 Other Uses with Your Consent: Based on your explicit authorization, you may revoke that authorization at any time for other legal and compliant purposes.
3. Data Storage and Protection
3.1 Data Storage
3.1.1 Storage locations: We store your personal data on cloud servers that comply with international data protection standards, including but not limited to regions such as the European Union, the United States, and Singapore, ensuring that the data storage meets local legal and regulatory requirements.
3.1.2 Retention Period: We will only retain your personal data for the period necessary to achieve the purposes described in this Policy. After the retention period is exceeded, the data will be securely processed through encrypted deletion, anonymizing processing, etc., unless otherwise required by law and regulations or you agree to extend the retention period.
3.2 Security Protection Measures
3.2.1 Technology Assurance: Adopt industry-leading security technologies, including but not limited to data transfer encryption (SSL/TLS), data storage encryption (AES-256), access control permissions management, intrusion detection and defense systems, and regular security vulnerability scanning, to prevent unauthorized access, modification, disclosure, or destruction of data.
3.2.2 Organizational guarantees: Establish a strict data security management system, clarify the responsibilities and rights of each phase of data processing, conduct regular data security training and audits for employees involved in data processing, sign confidentiality agreements, and limit the scope of data access.
3.2.3 Emergency Handling: Establish an emergency response plan for data leakage. If a data security incident occurs, an emergency plan will be immediately initiated, remedial measures will be taken, and affected users and relevant regulatory bodies will be notified within the time required by law and regulations.
4. Data Sharing and Transfer
4.1 Data Sharing
4.1.1 Third-Party Service Providers: To achieve the functionality of this Service, we may share some of your personal data with legitimate and compliant third-party service providers (such as payment service providers, cloud storage infrastructure providers, etc.), but only the minimum amount of data needed to achieve the Service, and sign strict confidentiality agreements with third parties, requiring them to comply with this Policy and relevant laws and regulations, and not to use the data for other purposes.
4.1.2 Sharing as required by law: In compliance with law and regulations, judicial decisions or administrative directives, we may share your personal data as requested by law enforcement agencies and regulatory authorities, and will protect your privacy rights and interests to the best of our legal ability.
4.1.3 Other Sharing Circumstances: Without your explicit consent, we will not share your personal data with any other third party, unless the sharing is for the protection of the safety of your life or that of others, for the protection of significant legitimate interests, or to maintain the proper operation and security of this Service.
4.2 Data Transfer
4.2.1 Cross-border transfers: When it is necessary to transfer your personal data to another country or region, we will ensure that the transfer complies with the relevant legal and regulatory requirements, implementing security measures including but not limited to obtaining your explicit consent, signing a data transfer agreement, adopting standard contractual terms approved by the European Commission, etc., to ensure the security and compliance during the data transfer process.
4.2.2 Subject Change Transfer: If we undergo a subject change such as a merger, acquisition, bankruptcy settlement, etc., involving the transfer of personal data, you will be notified in advance and the new data holders will be required to continue to comply with this Policy, otherwise they will be required to obtain your authorized consent again.
5. Data Subject Rights
5.1 Access rights: You have the right to access your personal data, including but not limited to viewing your account information, the contents of stored files, data processing records, etc., which can be obtained through the account settings feature of this Service or by contacting us.
5.2 Correction Right: If you find that your personal data is inaccurate or incomplete, you have the right to request us to correct or supplement the relevant data, which we will process promptly after verification.
5.3 Right to delete: In accordance with legal and regulatory requirements, you have the right to request us to delete your personal data (including account information, stored files, etc.), which we will delete in a secure manner after verification, unless legal and regulatory requirements require the retention of the data.
5.4 Restriction of processing rights: You have the right to request us to restrict the processing of your personal data (such as in cases where the accuracy of the data is questionable, the processing purpose is illegal, etc.), and we will suspend the related processing activities after verification until the restriction conditions are lifted.
5.5 Data Portability: You have the right to require us to provide your personal data in a structured, common, and machine-readable format, and to transfer that data to other data controllers, and we will cooperate to exercise this right within reasonable periods.
5.6 Right to withdraw consent: You have the right to withdraw your consent to data processing activities under this section of this Policy at any time (but without affecting the legality of data processing conducted based on consent prior to withdrawal), and upon withdrawal of consent, we will stop the relevant data processing activities, but this may affect the normal use of certain service features.
5.7 How to exercise your rights: You can exercise the above rights on your own via the account settings feature of this Service, or by submitting applications to us via the contact details reserved at the end of this Policy. We will respond to your requests within the time limits required by law and regulations, and we will not charge you any unreasonable fees.
6. Child Data Protection
6.1 We do not voluntarily provide this service to children under the age of 18 (or younger as required under applicable laws and regulations). If a child registers and uses this service without the consent of a parent or legal guardian, the parent or legal guardian may contact us. We will delete the relevant data after verification and sign off the account.
6.2 If we need to collect personal data from a child due to special circumstances, we will obtain the explicit consent of their parents or legal guardians in advance and strictly process the data according to the requirements of applicable laws and regulations, ensuring that the privacy of the child is adequately protected.
7. Privacy Policy Updates and Notifications
7.1 We will amend this Privacy Policy at appropriate times in accordance with updates to laws and regulations, changes to service functionality, etc. The revised policy will be published in prominent locations of this Service (such as the login page, the account settings page) and marked with the effective date.
7.2 If modifications to this Policy involve your core rights (such as scope of data collection, purposes of use, method of sharing, etc.), we will notify you in advance via email, application push, etc., and your continued use of this Service will be considered as consenting to the revised privacy policy.
8. Disclaimer
8.1 Although we have taken strict security measures, due to uncontrollable factors such as the openness of the network environment, the limitations of technological development, etc., we cannot fully guarantee the absolute security of your personal data, and if data leakage or loss results from non-our causes such as irresistible forces, third-party attacks, or your own operational errors, we do not assume liability for compensation.
8.2 When you use the Services, the content of files and information you voluntarily upload and share is at your own risk. We are not responsible for the legality, authenticity, or security of such content. If such content violates the rights of third parties or violates laws and regulations, you are responsible.
9. Contact information
9.1 If you have any questions, opinions or suggestions regarding this Privacy Policy, or need to exercise data subject rights, complain or report issues related to data processing, you can contact us at the following contact details:
9.1.1 Contact email: lubos.cibak@outlook.com
9.2 We will respond to and process your contact request within 30 business days after receiving it to ensure that your questions are properly answered and your rights are effectively protected.