Carbonite^SM Privacy Policy

Updated and Effective as of November 16, 2009

This Privacy Policy applies to Carbonite, Inc.'s collection and use of personally identifying information ("Personal Information") that we may gather when you visit our Website, purchase, license, or Use Carbonite Products or Services, or contact us. By Using Carbonite Products or Services, you expressly consent to the collection, processing, and use of your Personal Information according to this Privacy Policy.

Our Terms and Conditions of Use discuss how we handle, encrypt, and protect the data you choose to store on our servers (and any related data) ("Backup Data"), as well as other matters. All provisions of the Terms and Conditions of Use are incorporated into this document by reference.

Definitions

All of the terms used in this Privacy Policy have the same meanings as are defined in our Terms and Conditions of Use

Why Carbonite Collects Personal Information

Carbonite collects your Personal Information at a variety of points, including when you place an order, download a new product or update, register a license, request services, store Backup Data, confer with one of our customer support technicians, or take part in other activities on our Website. During these interactions we will collect Personal Information relevant to your transaction with Carbonite, such as your name, mailing address, phone number, e-mail address, employment information, and credit card, banking or billing information, along with information about the Carbonite Products or Services you license, such as the activation code, date of purchase, and information relating to a support issue. Carbonite will use your Personal Information to send you messages through desktop alerts, SMS/Text messaging, email, etc. concerning updates to Carbonite Products or Services. Please be aware that if you choose not to provide us with your Personal Information, we may not be able to, or may choose not to, make Carbonite Products or Services available to you.

Regarding Children

Carbonite Products or Services are not marketed to or intended for use by individuals who cannot legally bind a contract. Accordingly, Carbonite does not intentionally gather any Personal Information about visitors or customers who are under the age of 18. If you are under the age of 18 or otherwise lack the capacity to enter into a binding contract, do not use our Website or services yourself. Please ask an adult to establish an account with us instead.

Cookies and Other Technologies

Carbonite uses "cookies" and other technologies to collect data that enable us to better understand and improve the usability, performance and effectiveness of our Website. Cookies are files sent to your browser and stored on your computer. If you do not want Carbonite to send cookies to your browser, you can set your browser options to reject cookies or to notify you when a Website tries to put a cookie into your browser software. Rejecting cookies may affect your ability to use some features of Carbonite Products or Services.

Carbonite gathers general information about visits to our Website, the files you have marked for backup, the configuration of your computer and your computer's interaction with Carbonite, and stores this information in log files. Carbonite uses this information to understand traffic and downloads on our Website, enabling us to improve the site, provide the best online experience possible, and improve our ability to serve our customers.

To install Carbonite Products or Services on your computer, you must be an "Authorized Administrator." By installing Carbonite Products or Services on your computer, you grant Carbonite the right to back-up any and/or all of the files on the computer regardless of who might be the creator, originator, editor, or otherwise the owner of those files. You assume sole responsibility for Carbonite receiving access to and backing-up those files.

Sharing Your Personal Information

Carbonite will not provide unaffiliated third parties with access to your email address or other contact information. Carbonite or the Carbonite Affiliates may, from time to time, share with you information about other products and services that we think you may find to be of interest. If you wish to change the types of communications you receive from us, you may do so by modifying your profile at www.carbonite.com/avg, by emailing your request to us at sgwebsupport_en@carbonite.com, or by clicking on an appropriate link in any Carbonite email communication to you.

Carbonite may disclose your Personal Information to third parties if we believe that such action is necessary to (1) comply with a law, regulation, or governmental or judicial warrant, rule, or order; (2) protect and defend the rights or property of Carbonite; (3) enforce the Carbonite Terms and Conditions of Use and/or this Privacy Policy. Carbonite may also provide access to your Backup Data to government authorities if Carbonite suspects or believes that the data contain child pornography or other prohibited data, or that the data or the Carbonite Products or Services are being used for illegal purposes. Carbonite will provide access to your Backup Data to your surviving spouse and/or your executor upon presentation of a death certificate and identification which Carbonite reasonably believes to be valid and sufficient, or in response to a court order, warrant, subpoena or other judicial or administrative legal process.

How We Communicate with You

Carbonite may, from time to time, send you emails, or desktop alerts or other communications containing the following types of information: notifications of detected problems with your service; notifications concerning the expiration of your account; activity status reports; service and software upgrade notices; notices concerning new or related products or services from Carbonite or other providers, enhancements, and price changes, notifications regarding suspected unlawful or inappropriate use, and requests for feedback on your Carbonite Products or Services.

Security for Your Personal Information

Carbonite has security measures in place to protect against the loss, misuse, and alteration of your Personal Information in our customer database. Personal Information provided to Carbonite is stored in secure facilities with access restricted to authorized personnel only. Although we make good faith efforts to store the Personal Information we collect in a secure operating environment that is not accessible to unauthorized users, we cannot guarantee complete security.

To provide secure credit card processing when ordering from us, orders placed on our Website are processed through a payment gateway which operates under its own privacy policy. If you choose to purchase or license Carbonite Products or Services online using a credit card, the credit card information is sent to Carbonite using SSL (Secure Socket Layer) encryption, an industry-standard method for protecting data as it travels over the Internet, or a similar encryption technology that may become accepted as an industry standard or better encryption method, in the future ("Transmission Encryption"). To learn more about our credit card processing vendors and their respective privacy and other policies (which are incorporated by reference into the Carbonite Privacy Policy and Terms or Use by reference) email us at sgwebsupport_en@carbonite.com.

Carbonite encrypts the files that we process before they leave your computer. Carbonite uses SSL or similar Transmission Encryption technology before sending your files to our data centers. Your encrypted backup files transmitted to our servers are stored in facilities with access restricted to authorized personnel only. Carbonite does not encrypt the file names or file type information.

By Using the Carbonite Product that permits you to download your backed up files to any computer that has a connection to the Internet you understand that Carbonite will be decrypting these files before they leave Carbonite's servers and that once decrypted these files can be reviewed by anyone who may be able to access them.

Carbonite will not decrypt your files unless i) it reasonably believes that it must do so to troubleshoot problems with the Carbonite Products or Services or ii) it reasonably believes it must do so in order to comply with a law, subpoena, warrant, order, or a certification requirement, such as the requirements of 18 U.S.C. § 2703.

However, if you elect to Use Carbonite Products or Services that permit you to access Backup Data from an Internet enabled computer other than by using Carbonite Software on your registered computer, then your Backup Data will be decrypted by Carbonite in its data center and sent to you in a decrypted form via public infrastructure. You election to use such products or services may make the contents of these files to accessible to individuals or entities other than you and those you intend. By using such products and services, you knowingly accept this risk.

How You Can Access Or Correct Your Personal Information

You can access selected Personal Information that we collect online by selecting the "My Account" tab on our home page and logging in. We use this procedure to better safeguard your information. You can correct factual errors in your Personal Information on our Web site or by sending a request (to sgwebsupport_en@carbonite.com) that credibly shows error. To protect your privacy and security, we take commercially reasonable steps to verify your identity before granting access or making corrections.

European Personal Identifiable Information

The Personal Information we collect from individuals or equipment located in the European Economic Area ("European Personal Information") may be processed on servers in the United States.

Carbonite has selected the Safe Harbor mechanism as the means for complying with its obligations under the EU Data Privacy Directive 95/46/EC and Member State implementing legislation to provide adequate safeguards for the privacy and security of European Personal Information transferred out of the European Economic Area.

Definitions Applicable to European Personal Information

The following definitions apply to Carbonite's policies pertaining to protection of privacy and security interests in European Personal Information.

"Carbonite" means Carbonite, Inc., its subsidiaries and its predecessors and successors.

"Personal Information" means any information or set of information that identifies or could readily be used by Carbonite or its agents to identify an individual. Personal Information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Information.

"Sensitive European Personal Information" means European Personal Information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life.

Privacy Principles Applicable to European Personal Information

Carbonite will process European Personal Information in accordance with the following principles:

1. NOTICE. Where Carbonite collects Personal Information directly from individuals in the EEA, we will inform them about the purposes for which we collect and use their Personal Information, the types of non-agent third parties to which Carbonite may disclose that information, and the choices and means, if any, Carbonite offers individuals for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to Carbonite, or as soon as practicable thereafter, and in any event before Carbonite uses the information for a purpose other than that for which it was originally collected.

2. CHOICE. Where Carbonite collects Personal Information directly from individuals in the EEA, Carbonite will offer individuals the opportunity to choose (opt-out) whether their Personal Information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, Carbonite will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Carbonite will provide individuals with commercially reasonable mechanisms to exercise their choices.

3. ONWARD TRANSFERS TO AGENTS. Carbonite will obtain assurances from its agents that they will safeguard Personal Information through measures consistent with this Privacy Policy. Examples of appropriate assurances that may be provided by agents include: a contract obligating the agent to provide at least the same level of protection as is required by the relevant Safe Harbor Principles, the agent registering to participate in the Safe Harbor mechanism, or another method of assurance deemed adequate by the European Commission. Where Carbonite has knowledge that an agent is using or disclosing Personal Information in a manner contrary to this Privacy Policy, Carbonite will take commercially reasonable steps to prevent or stop the unauthorized use or disclosure.

4. SECURITY. Carbonite will take commercially reasonable steps to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

5. DATA INTEGRITY. Carbonite will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Carbonite will take commercially reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete, and current to the extent appropriate for its intended use.

6. ACCESS. Upon request, Carbonite will grant individuals commercially reasonable access to Personal Information that it holds about them. In addition, Carbonite will take commercially reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.

7. ENFORCEMENT. Carbonite will conduct compliance audits of its practices to verify adherence to this Privacy Policy. Any employee that Carbonite determines is in violation of this Privacy Policy will be subject to disciplinary action up to and including termination of employment.

Dispute Resolution

Any questions or concerns regarding the use or disclosure of Personal Information should be directed to Carbonite at the address given below. Carbonite will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the principles contained in this Privacy Policy. In order to comply with the European Union’s Safe Harbor Principles, Carbonite commits to the resolution of complaints about your privacy and our collection or use of your personal information. We have committed to resolve any complaints by European Union citizens relating to this policy, which cannot be resolved directly with our company, through BBB EU Safe Harbor, a dispute resolution procedure administered by the Council of Better Business Bureaus, Inc.

If you have any questions regarding this policy, please contact Carbonite at the address given below.

If you do not receive acknowledgment of your complaint or your complaint is not satisfactorily addressed by Carbonite, you should then contact:
Council of Better Business Bureaus, Inc.
BBB EU Safe Harbor
4200 Wilson Boulevard, Suite 800
Arlington, VA 22203
Phone: 703-276-0100
Web: www.bbb.org
Email: eusafeharbor@council.bbb.org

Severability

This Privacy Policy shall apply to the fullest extent permitted by applicable law. If for any reason any provision of this Privacy Policy is held to be invalid or unenforceable to any extent under applicable law, then (i) such provision will be interpreted, construed, or reformed to the extent reasonably required to render it valid, enforceable, and consistent with the original intent underlying such provision and (ii) such invalidity or unenforceability will not affect the validity or enforceability of any other provision of this Privacy Policy and all such provisions shall remain in full force and effect.