Privacy Shield Notice

Effective Date: July 30, 2018

AppRiver Privacy Shield Notice


AppRiver, LLC (“AppRiver”, “we”, “our” or “us”) have created this Privacy Shield Notice (“Notice”) to describe our standards and procedures for handling Personal Information in accordance with both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”).

AppRiver has certified to and will adhere to both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks by adopting and implementing the Privacy Shield Principles (“Principles”). More information about the Privacy Shield can be found at Our Privacy Shield certification can be found at

This Notice supplements our AppRiver Privacy Policy. Unless specifically defined in this Notice, the terms in this Notice have the same meaning as in our Privacy Policy. In case of conflict between the Privacy Policy and this Notice, this Notice prevails. In case of conflict between this Notice and the Principles, the Principles will govern.


How we obtain Personal Information

We obtain and Process Personal Information from the European Economic Area (“EEA”) and Switzerland in different capacities:

  • We collect and Process EEA and Swiss Personal Information directly from individuals, either via our publicly available websites, including, or in connection with our customer, reseller, partner, and vendor relationships.
  • In connection with our Services, we obtain and Process EEA and Swiss Personal Information on behalf of and under the instructions of our customers. In that context, customers are the Data Controllers.

AppRiver commits to subject to the Principles all Personal Information received from the EEA and Switzerland in reliance on the Privacy Shield (which includes both types of activities).



1. Notice. Our Privacy Policy in combination with this Notice describes our privacy practices. When providing our Services, our customers determine the categories of Personal Information we Process and the purposes of the processing. Accordingly, our customers are responsible for providing notice to individuals.


2. Data Integrity and Purpose Limitation. Any Personal Information we receive may be processed by AppRiver for the purposes indicated in our Privacy Policy or as otherwise notified to you. We will not process Personal Information in a way that is incompatible with these purposes unless subsequently authorized by you.

We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the purposes for which it was and to ensure that such Personal Information is reliable, accurate, complete and current. Individuals are encouraged to keep their Personal Information with AppRiver up to date and may contact AppRiver as indicated below or in the Privacy Policy to request that their Personal Information updated or corrected.

We will adhere to the Principles for as long as we retain the Personal Information collected under the Privacy Shield.

When providing our Services as a Data Processor, we Process and retain Personal Information as necessary to provide our Services as permitted in our Agreements, or as required or permitted under applicable law.


3. Accountability for Onward Transfer of Personal Information. AppRiver may transfer Personal Information as described in the Privacy Policy. When providing our Services, we disclose Personal Information as provided in our agreement with customer, resellers or partners. We may disclose Personal Information as follows:

A. To Enforce our Agreements. We may disclose the information in a good faith effort to enforce our agreements, such as our subscription agreements.

B. To Enforce Compliance with Applicable Law. We may disclose the information in a good faith effort to enforce compliance with applicable law.

C. To Provide Services. We may disclose the information to third party service providers to provide, manage, maintain and improve our Services, including improving our algorithms, and to provide customer support.

D. To Bill and Collect Sums Owed to Us. We may disclose the information to bill and in a good faith effort to collect sums owed to us.

E. To Provide Information Information to Our Representatives and Advisors. We may disclose the information to our representatives and advisors, such as attorneys and accountants, to help us comply with legal and other requirements.

F.  To Protect the Rights and Safety of Us and Others: We may use the information in a good faith effort to protect the rights and safety of us, our clients, our employees, our Users and others.

G. To Meet Legal Requirements. We may disclose the information in a good faith effort to meet legal requirements, such as complying with court orders and subpoenas and to prosecute or defend a court, arbitration or similar proceeding, and in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

H. Consent. We may disclose the information for any other purpose provided we have consent of the individual who is the subject of the information.

We remain responsible for the Processing of Personal Information received under the Privacy Shield and subsequently transferred to a third party acting as an agent if the agent Processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.


4. Security. AppRiver takes reasonable and appropriate precautions, taking into account the risks involved in the Processing and the nature of the Personal Information, to help protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.


5. Access and Choice. If we intend to use your Personal Information for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized, or if we intend to disclose it to a third party acting as a controller not previously identified, we will offer you the opportunity to opt-out of such uses and/or disclosures where it involves non-sensitive information or opt-in where sensitive information is involved.

Where appropriate, you have the right to access to the Personal Information we maintain about you and to correct, amend or delete that information when it is inaccurate or has been processed in violation of the Principles by sending a written request as indicated in “Contact Information” below. We will review your request in accordance with the Principles, and may limit or deny access to Personal Information as permitted by the Principles.

When providing our Services as a Data Processor, we only Process and disclose the Personal Information as specified in our Agreements. Our customers control how Personal Information is disclosed to us and processed, and how it can be modified. Accordingly, if you want to request access, or to limit use or disclosure of your Personal Information, please contact the company to whom you submitted your Personal Information and that uses our Services. If you provide us with the name of the company to whom you provided your Personal Information and who is our customer, we will refer your request to that customer and support them in responding to your request.


6. Recourse, Enforcement Liability. We conduct an annual self-assessment of our practices regarding Personal Information intended to verify that the assertions we make about our practices are true and that such practices have been implemented as represented.

If you have any questions or concerns, we encourage you to first write to us as indicated below.  We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.

In compliance with the Privacy Shield Principles, AppRiver commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact AppRiver at or through postal at:

AppRiver, LLC
Privacy Department
1101 Gulf Breeze Pkwy, Suite 200
Gulf Breeze, FL 32561

AppRiver has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.

AppRiver is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).

In addition, under certain circumstances, you may invoke binding arbitration.


How is this Notice Updated? This Notice may be amended consistent with the requirements of the EU-U.S. Privacy Shield and/or the Swiss-U.S. Privacy Shield Frameworks, as applicable. When we update this Notice, we will also revise the "Last Updated" date at the top of this document. Any changes to this Notice will become effective when we post the revised version on our website.


Contact information. If you have any other questions or concerns please notify us at or through postal at:

AppRiver, LLC
Privacy Department
1101 Gulf Breeze Pkwy, Suite 200
Gulf Breeze, FL 32561