Declaración del nivel de privacidad de Evidence.com

Last Updated: September 12, 2018

Esta declaración de privacidad se aplica al uso del servicio Evidence.com y ofertas relacionadas. Los sitios de marketing de Axon y otros sitios web públicos vinculados con el servicio se rigen por la Política de privacidad de Axon. El uso de Axon Citizen se rige por la Política de privacidad de Axon Citizen.

This Privacy Level Statement ("PLS") governs the use of the Evidence.com™ Service Offerings (collectively, "Service Offerings") under the terms of the Evidence.com Master Service Purchasing Agreement ("MSPA") between Axon Enterprise, Inc. (hereinafter referred to as Cloud Service Provider, CSP, Data Processor, Axon, us or we) and users of Service Offerings (hereinafter referred to as Customer, Data Controller, or you). This PLS applies separately to each agency account using the Service Offerings. Unless otherwise provided in this PLS, this PLS is subject to the terms of the MSPA and capitalized terms have the meaning specified in the MSPA. In the event of a conflict between the terms of any agreement(s) between you and Axon and this PLS, the terms of those agreement(s) will control.

Axon complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Axon has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

By using the Service Offerings, you acknowledge that you have read and understand this PLS and you agree to be bound by its terms and conditions. We may occasionally update this PLS. When we post changes, we will revise the "last updated" date at the top of this page.

Definiciones

  • Cloud Service Provider (CSP): Axon Enterprise, Inc., 17800 N 85th Street, Scottsdale, Arizona 85255,
    1-800-978-2737.
  • El Contenido hace referencia al software, los datos, el texto, el audio, el video, las imágenes u otro contenido que el Cliente o alguno de los usuarios finales del Cliente (a) ejecuten
    en los Servicios Evidence.com, (b) hagan interactuar con los Servicios Evidence.com, o (c) carguen a los
    Servicios Evidence.com con la cuenta del Cliente o, de otro modo, transfieran, procesen, utilicen o almacenen en relación con la cuenta del Cliente.
  • Representante del CSP en la UE: Axon Enterprise, B.V., WTC Tower C 17th Floor, Strawinskylaan 1755, 1077 XX,
    Amsterdam, the Netherlands.
  • Controlador de datos hace referencia a la persona física o jurídica, autoridad pública o cualquier otro organismo que, solo o en conjunto con terceros,
    determine los fines y los medios del procesamiento de datos personales.
  • Procesador de datos hace referencia a una persona física o jurídica, autoridad pública u otro organismo que procesa datos personales en nombre
    del controlador.
  • Exportador de datos hace referencia al controlador de datos que transfiere los datos personales.
  • Importador de datos hace referencia al procesador de datos que acepta recibir del exportador de datos información personal destinada al procesamiento en su nombre después de la transferencia de conformidad con el APAS y que no está sujeto al sistema de un tercer país, lo cual garantiza la protección adecuada dentro de lo comprendido por el Artículo 25(1) de la Directiva 95/46/CE.
  • Servicio Evidence.com hace referencia a los servicios web de Evidence.com que ofrece Axon, el sitio Evidence.com, el software EVIDENCE Sync, la aplicación
    EVIDENCE Mobile, la aplicación Axon® Mobile, otro software, mantenimiento, almacenamiento y producto o servicio brindado por
    Axon de conformidad con el APAS para su uso con Evidence.com. Esto no incluye ninguna aplicación de terceros,
    garantías de hardware o los servicios my.evidence.com.
  • Productos hace referencia a todos los equipos, software, servicios en la nube, Documentación y lanzamientos de mantenimiento de software
    y actualizaciones brindadas por Axon conforme al APAS.
  • Servicios hace referencia a los servicios profesionales brindados por nosotros de conformidad con este Acuerdo.
  • Subprocesador hace referencia a cualquier procesador asignado por el importador de datos o por cualquier otro subprocesador del importador de datos que
    acepte recibir del importador de datos o de cualquier otro subprocesador del importador de datos información personal exclusivamente
    destinada a actividades de procesamiento realizadas en nombre del exportador de datos después de la transferencia de conformidad con sus
    indicaciones, los términos de las Cláusulas y los términos del subcontrato celebrado por escrito.

Función del Proveedor de servicios en la nube (CSP)

El CSP es un Procesador de datos: los Clientes controlan y tienen plena titularidad sobre su Contenido, y el CSP no recibe ningún derecho sobre este. El Cliente es el único responsable de cargar, compartir, retirar, gestionar y eliminar el Contenido del cliente. El Cliente autoriza el acceso limitado del CSP al Contenido del cliente únicamente a los fines de brindar los Servicios Evidence.com y soporte al Cliente y a los usuarios finales del Cliente. El Cliente declara que es titular de su Contenido y que ningún Contenido del cliente ni el uso que los usuarios finales del Cliente hagan del Contenido del cliente o de los Servicios Evidence.com infringirá esta DNP ni las leyes y normas vigentes en cuanto a protección de datos.

Procesamiento de datos

El CSP es un procesador de los Datos del cliente. El CSP también puede recopilar y procesar Datos de la cuenta y Datos de soporte. El CSP recopila y procesa los datos para brindar el Servicio Evidence.com y brindar soporte para el suministro general de los productos y servicios de Axon. El CSP puede analizar e informar datos combinados y sin identificación para comunicarse con partes interesadas a nivel externo e interno.

Customer Data (Customer Content, Agency Content)

Los Datos del cliente hacen referencia a información cargada, procesada o generada en el Servicio Evidence.com con una cuenta de Cliente. El Contenido se utilizará únicamente para prestar el Servicio Evidence.com al Cliente, incluidos aquellos fines que sean compatibles con la prestación de dichos servicios. El CSP no utilizará el Contenido del cliente ni derivará información de este con fines de publicidad o fines comerciales similares.

El Servicio Evidence.com es actualizado periódicamente para proporcionar a los clientes nuevas funciones y mejoras. Los cambios realizados en el Servicio Evidence.com se comunicarán a los clientes una semana antes de su lanzamiento mediante los Avisos de lanzamiento de Evidence.com. Los cambios realizados en el servicio pueden mejorar las capacidades del servicio y las formas en las que se utilizaré el Contenido del cliente.

Datos de la cuenta

Los Datos de la cuenta hacen referencia a información brindada al CSP durante el registro, la compra o la administración de los Servicios Evidence.com. Los Datos de la cuenta incluyen nombre, domicilio, número de teléfono y dirección de correo electrónico indicados por el Cliente, así como información de uso combinada que se relacione con la cuenta del Cliente y los datos administrativos vinculados con la cuenta. El CSP utiliza los Datos de la cuenta para brindar el servicio Evidence.com, gestionar las cuentas del Cliente y comunicarse con los Clientes.

El CSP puede usar los Datos de la cuenta para comunicarse con el Cliente a fin de brindarle información sobre su cuenta, suscripciones, facturación y actualizaciones del servicio Evidence.com, incluida información sobre nuevas funciones, seguridad y cuestiones técnicas. El Cliente no podrá darse de baja de estas comunicaciones sin fines promocionales.

Datos de soporte

Los Datos de soporte hacen referencia a la información que recolecta el CSP cuando el Cliente se comunica con el CSP para solicitar soporte. Incluyen información que el Cliente envía en una solicitud de soporte o comunicación con el CSP. También puede incluir información sobre hardware, software y otros detalles recopilada en relación con el incidente de soporte, como información de contacto o autenticación, personalización de las sesiones de chat, información sobre el estado del equipo y la aplicación cuando se produjo la falla y durante el diagnóstico, datos del sistema y de registro sobre las instalaciones del software y las configuraciones del hardware, y archivos de rastreo de errores. Además de utilizar los Datos de soporte para resolver su incidente de soporte, el CSP utiliza los Datos de soporte para operar, mejorar y personalizar los Productos y servicios ofrecidos.

El soporte puede brindarse por teléfono, correo electrónico o chat en línea. Con permiso del Cliente, el CSP puede usar un Acceso como invitado ("AI") para explorar temporariamente la cuenta de Evidence.com del Cliente a fin de visualizar datos de diagnóstico para poder resolver un incidente de soporte. Las conversaciones telefónicas, las sesiones de chat en línea o las sesiones de AI con los profesionales de soporte pueden ser grabadas o monitoreadas.

Usage and Installation of the Evidence.com Service

Customer access to the Evidence.com Service is through a web interface accessed via standard web browsers. CSP offers local software for desktop and mobile devices to interface with the Evidence.com Service, including the EVIDENCE Sync software, EVIDENCE Mobile App, Axon® Mobile App. These systems are used to capture and transfer data from devices into Evidence.com or may be used to enhance the Evidence.com Services. At Customer’s discretion, the Evidence.com Service and the local software may transmit (i) data, which may include Customer Content, from a device or appliance to or from the online services; or (ii) logs or errors reports to CSP or Sub-processors for troubleshooting purposes. The Evidence.com Service and the local software may also collect Support Data including information about the use and performance of the local software or the Evidence.com Service that may be transmitted to CSP and analyzed to improve the quality, security, and integrity of the Products and Services offered. Customers can opt-out of tracking on Evidence.com by disabling cookies or preventing your browser from accepting new cookies. 

SERVIDOR Y UBICACIÓN DE LOS DATOS

Datos del cliente

Evidence.com se ofrece en distintas regiones geográficas. El Cliente determina qué implementación regional de Evidence.com desea utilizar antes de la creación de la agencia en Evidence.com. La elección del Cliente determina el lugar donde se almacenará el Contenido.

Código de la regiónÁrea económica 3rd Party Infrastructure Sub-processors Ubicaciones de los centros de datos
AU

Sudeste Asiático

Microsoft Azure y Amazon Web Services

Sídney, Victoria y Nueva Gales del Sur (Australia)

BR

Sudamérica

Amazon Web Services

San Pablo (Brasil)

California

Canadá

Microsoft Azure y Amazon Web Services

Toronto, ciudad de Quebec y Montreal

EU

Unión Europea

Amazon Web Services

Irlanda

UK

Reino Unido

Microsoft Azure y Amazon Web Services

Londres y Durham (Inglaterra) y Cardiff (Gales)

US

Estados Unidos

Microsoft Azure y Amazon Web Services

Texas y Virginia (Estados Unidos)

US

Estados Unidos (región federal)

Microsoft Azure

Texas y Virginia (Estados Unidos)

CSP garantiza que todo el Contenido del cliente en Evidence.com permanecerá dentro de la región seleccionada, incluidos los datos de las copias de seguridad, los sitios de replicación y los sitios de recuperación ante desastres. Las regiones seleccionadas por el cliente pueden determinarse al revisar la URL de Evidence.com de la agencia. Las URL de la agencia se ajustan al esquema <youragency>.<regioncode>.evidence.com, con la excepción de los clientes de Estados Unidos, cuyo esquema puede excluir el código de región, y es <youragency>.evidence.com. Los clientes federales estadounidenses se ajustan al esquema <youragency>.us.evidence.com

Datos de la cuenta y Datos de soporte

Los Datos de la cuenta y de soporte se alojan en los Estados Unidos.

Transferencia de datos

Los Datos del cliente permanecerán dentro de la región seleccionada en todas las copias de seguridad, la replicación y la recuperación ante desastres. Los Datos del cliente serán transferidos fuera de la región designada solo en circunstancias requeridas por la ley, tales como una citación judicial válida o una orden judicial. Los Datos de la cuenta y de soporte se transfieren y se retienen en los Estados Unidos.

Divulgación de información

CSP may transfer data with its subsidiaries and Sub-processors including service providers and other partners to support the overall delivery of Axon products and services as described in “Data Processing” section of this PLS.

CSP uses commercially reasonable practices in conjunction with contractual obligations to ensure its Sub-processors are compliant with all applicable data protection laws and regulations surrounding the Sub-processors access and scope of work in connection with Customer’s Content.

Customer consents to the transfer of its Content to CSP's Sub-processors for the purpose of storing Customer’s Content. The Sub-processors responsible for storing Customer Content are contracted by CSP for data storage services. Ownership of Customer Content remains with Customer.

CSP may hire Sub-processors to provide or enhance Services on its behalf. Any such Sub-processors will only be permitted to obtain data from the Evidence.com Service to deliver the retained and will be prohibited from using data for any other purpose.

Prior to onboarding Sub-processors, CSP conducts an audit of the security and privacy practices of Sub-processors to ensure Sub-processors provide a level of security and privacy appropriate to its access to data and scope of services. CSP performs periodic due diligence of Sub-processors to ensure security and privacy expectations are being met.

Under Privacy Shield's Onward Transfer Principle, CSP remains responsible for personal information that is shared with CSP's Sub-processors.

Customers and users can transfer data from Evidence.com to third parties. Those third parties are solely responsible for that data.

Divulgaciones obligatorias

We will not disclose Customer Content or any information about you except as compelled by a court or administrative body or required by any law or regulation. We will give you notice if any disclosure request is received for Customer Content so you may file an objection with the court or administrative body.

Customer's Access and Choice

Customer Data
Customers have access to manage Customer Data.

Account Data and Support Data
Within the scope of our authorization to do so, and in accordance with our commitment under the Privacy Shield, Axon will work with Customers to provide access to personal data about them that CSP or Sub-processors holds. Axon also will take reasonable steps to enable Customers to correct, amend, or delete personal data that is demonstrated to be inaccurate.

Medidas de seguridad de los datos

CSP is committed to help protect the security of Customer’s Data. CSP will implement commercially reasonable and appropriate measures designed to secure Customer, Account and Support Data against accidental or unlawful loss, access or disclosure. CSP will maintain a comprehensive Information Security Program that includes appropriate technical and organizational measures intended to protect Customer information against accidental loss, destruction, or alteration; unauthorized disclosure or access; or unlawful destruction. These measures include logical and physical access management, vulnerability management, configuration management, incident monitoring and response, encryption of digital evidence uploaded, security education, risk management, and data protection.

CSP has established and implemented policies, programs, and procedures that are commercially reasonable and in compliance with applicable industry practices, including administrative, technical and physical safeguards to protect the confidentiality, integrity and security of Customer Data against unauthorized access, use, modification, disclosure or other misuse.

CSP will take appropriate steps to ensure compliance with the data security measures by its employees, contractors and Sub-processors, to the extent applicable to the respective scope of performance.

CONFIDENTIALITY

Customer, Account and Support data is encrypted in transit. Customer data is encrypted at rest in all Evidence.com Service regions.

All Customer, Account and Support Data is protected with strong logical access control mechanisms to ensure only users with appropriate business needs have access to data. Access control mechanisms are periodically validated by contracted specialized security firms. Access control lists are reviewed periodically.

INTEGRITY

As customer data is ingested into Evidence.com, a Secure Hash Algorithm (“SHA”) checksum is generated on the upload device and again upon ingestion into Evidence.com. If the SHA checksum does not match, the upload will be reinitiated. Once upload of data is successful, the SHA checksum is retained by Evidence.com and is made viewable by users with access to the evidence audit trail for the specific piece of evidence. Tamper-proof audit trails are created automatically by Evidence.com upon ingestion of any evidence data.

AVAILABILITY

CSP takes a comprehensive approach to ensure the availability of the Evidence.com service. CSP replicates Customer Data over multiple systems to help to protect against accidental destruction or loss. Evidence.com systems are designed to minimize single points of failure. CSP has designed and regularly plans and tests its business continuity planning and disaster recovery programs.

ISOLATION

CSP logically isolates each Customer’s Data. Data for an authenticated customer will not be displayed to another customer (unless Customers explicitly create a sharing relationship between their accounts or shared data between themselves). Centralized authentication systems are used across an Evidence.com Service region to increase uniform data security.
Additional role based access control is leveraged within Customer’s Evidence.com account to define what users can interact with or access Customer Data. Customer solely manages the role based access control mechanisms within its Evidence.com account.

Within the Evidence.com supporting infrastructure, access is granted based on the principle of least privilege. All access must be approved by system owners and undergo at least quarterly user access reviews. Any shared computing or networking resource will undergo extensive hardening and is validated periodically to ensure appropriate isolation of Customer’s Data.

Account and Support Data is logically isolated within information systems such that only appropriate CSP personnel have access.

PERSONNEL

CSP personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, acceptable usage, and professional standards. CSP personnel must complete security training upon hire in addition to annual and role-specific security training.

CSP personnel undergo an extensive background check process to the extent legally permissible and in accordance with applicable local labor laws and statutory regulations. CSP personnel supporting the Evidence.com Service are subject to additional role-specific security clearances or adjudication processes, including Criminal Justice Information Services background screening and national security clearances and vetting.

Violación de datos

NOTIFICATION

Any confirmed security incident that affects the protection of the security, availability, integrity, confidentiality, or privacy of Customer Data, Account Data or Support Data or a breach of the data security measures will prompt a notification to relevant authorities and affected customers as applicable.

Notification will be made within three business days to customer Evidence.com administrators. Authorities will be notified through CSP’s established channels.

Portabilidad, migración y asistencia con el retorno de los datos

DATA PORTABILITY

Content uploaded to the Evidence.com Service is retained in original format. Content may be retrieved and downloaded by Customer from the Evidence.com Service to move data to an alternative information system. Content audit trails and system reports may also be downloaded in various industry-standard, non-proprietary formats.

DATA MIGRATION

CSP will not delete any Customer Content as a result of a termination during the 90 days following termination. During this 90-day period Customer may retrieve its Content only if Customer has paid all amounts due (there will be no application functionality of the Evidence.com Services during this 90-day period other than the ability for Customer to retrieve its Content). Customer will not incur any additional fees if Content is downloaded from the Evidence.com Services during this 90-day period. CSP has no obligation to maintain or provide any Customer Content after the 90-day period and will thereafter, unless legally prohibited, delete all Content stored in the Evidence.com Services. Upon written request, CSP will provide written proof that all of Customer Content has been successfully deleted and removed from the Evidence.com Services.

POST-TERMINATION ASSISTANCE

CSP will provide Customer with the same post-termination data retrieval assistance that is generally made available to all customers. Requests for additional assistance to Customer in downloading or transferring Content will result in additional fees and CSP cannot warrant or guarantee data integrity or readability in the external systems.

Retención, restitución y eliminación de los datos

CSP maintains internal disaster recovery and data retention policies in accordance with applicable laws and regulations. The disaster recovery plan relates to CSP’s data and extends to Evidence.com and Customer Data stored within. CSP’s data retention policies relate to CSP’s data, Account Data and Support Data. CSP’s data retention policies instruct for the secure disposal of Account Data and Support Data when such data is no longer necessary for the delivery and support of Axon product and services and in accordance with applicable regulations. As outlined below, the customer is responsible for adhering to its own retention policies and procedures.

CUSTOMER DATA

Customer Data retention periods are defined by Customer within its internal retention policies and procedures. Customers have the ability to establish its retention policies within the Evidence.com Service. Therefore, Customer's control the retention and deletion of its Content within the Evidence.com Service. The Evidence.com system can automate weekly messages summarizing upcoming agency-wide deletions to all customer Evidence.com Administrators. All Customer users will receive a weekly message regarding evidence uploaded within their user account to protect against accidental deletions. Files can be recovered by Customers up to 7 days after being queued for deletion. After the 7 day grace period, deletion of Customer Data is initiated by the Evidence.com Service. Data deletion processing may occur asynchronously across storage systems and data centers. During data deletion processing, Customer Data will not be recovered by any party.

Responsabilidad

As outlined herein, CSP is committed to maintaining compliance with relevant security and privacy standards to ensure the continued security, availability, integrity, confidentiality, and privacy of the Evidence.com Service and Customer Data stored within.

In addition to the security efforts outlined herein, CSP will maintain its ISO/IEC 27001:2013 certification or comparable assurances for the Evidence.com Service. Customers may review the certificate issued in relation to CSP’s ISO 27001 certification on Axon's Website.

Seguro

CSP will maintain, during the term of the MSPA, a cyber-insurance policy and will furnish certificates of insurance upon request.

How to contact Us

CSP commits to resolve complaints about Customer privacy and use of the Evidence.com system. Complaints surrounding this Privacy Level Statement can be directed to your local Axon representative or privacy@axon.com. If you have any questions or concerns regarding privacy and security of Customer Data or our handling of your personal data under Privacy Shield, please contact privacy@axon.com.

If you are an EU citizen and we are unable to satisfactorily resolve any complaint relating to the Privacy Shield, or if we fail to acknowledge your complaint in a timely fashion, you can contact the relevant EU Data Protection Authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner (FDPIC). In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles in each of the Privacy Shield Frameworks. CSP is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).