Please enable JS

Sfile and the EU-U.S. / Swiss-U.S. Privacy Shield

Sfile and its affiliates complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Sfile has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit

The US Federal Trade Commission (FTC) has jurisdiction with enforcement authority over Sfile. Sfile’s participation in the Privacy Shield applies to all personal data that is received from the European Union and Switzerland. Sfile will comply with the Privacy Shield Principles in respect of such personal data. Sfile does not actively collect personal data from individuals, but may receive personal data from third parties in the normal course of providing eDiscovery services to parties involved in civil or criminal litigation, federal or state regulatory investigations or internal company investigations. The types of personal data received typically include names, addresses, email, network files (such as Microsoft Word, PowerPoint, Excel docs), and image files. None of the personal data Sfile receives from third parties is used for company purposes by Sfile, nor is any personal information disclosed to anyone outside of the respective litigation, regulatory or internal investigation for which the personal data was provided. If in the future, this practice changes, Sfile will update this policy and provide individuals with choice regarding the sharing of their personal data with non-agent third parties. All data received by Sfile, including personal data, must be preserved in its original state throughout eDiscovery processing. Sfile acknowledges an individual’s right to access their personal data and would refer the individual to the third party who originally collected the individual’s personal data, for any correction, modification or deletion of their personal data. Notwithstanding, Sfile may be required to disclose private data in response to a lawful request by a public authority, including law enforcement or national security.

In the event Sfile must engage a third-party vendor to process personal data received on its behalf, Sfile accountability transfers to the third-party vendor as described in the Privacy Shield Principles. Sfile remains responsible and liable under the Privacy Shield Principles if its third-party vendors process the personal data in a manner inconsistent with the Principles, unless Sfile proves that it is not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, Sfile commits to resolve complaints about our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Sfile via email at:

Sfile has further committed to refer unresolved Privacy Shield complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint. The services of the Council of Better Business Bureaus, Inc. are provided at no cost to the individual.

As further explained in the Privacy Shield Principles, an individual has the option, under certain conditions, to invoke binding arbitration for complaints not resolved by any of the other Privacy Shield mechanisms noted above. Click here for more detailed information on binding arbitration provisions:

Sfile commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner, and comply with the advice given by the panel or Commissioner with regard to human resources data transferred from the EU or Switzerland, in the context of the employment relationship.