01Who this applies to
This notice supplements our Privacy Policy for individuals located in the European Economic Area (the 27 EU Member States, Iceland, Liechtenstein, and Norway), the United Kingdom, and Switzerland. In case of conflict between this notice and the Privacy Policy, this notice prevails for EEA/UK/Swiss individuals.
02Data controller
The controller of your personal data is File.Business, Inc., 101 N Monroe St, Suite 800, Tallahassee, FL 32301, United States.
EU Representative (Article 27 GDPR): VeraSafe Ireland Ltd., Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23 AT2P, Ireland. Email: eu-representative@verasafe.com.
UK Representative: VeraSafe United Kingdom Ltd., 37 Albert Embankment, London SE1 7TL, United Kingdom. Email: uk-rep@verasafe.com.
Data Protection Officer: Available at dpo@file.business.
03Legal bases for processing
We process personal data on the following legal bases (Article 6 GDPR):
- Contract (Article 6(1)(b)): account creation, providing the Services, processing payments, government filings made on your behalf.
- Legitimate interests (Article 6(1)(f)): securing the platform, preventing fraud, communicating about product updates, improving the Services. The relevant legitimate interest assessment is available on request.
- Legal obligation (Article 6(1)(c)): AML/KYC, tax filings, responses to lawful requests.
- Consent (Article 6(1)(a)): marketing communications, non-essential cookies, optional product features. You can withdraw consent at any time without affecting prior processing.
04Your rights
You have the following rights, exercisable by emailing privacy@file.business or through your account settings.
- Article 15: Right of access
- Article 16: Right to rectification
- Article 17: Right to erasure ("right to be forgotten")
- Article 18: Right to restriction of processing
- Article 19: Notification obligations
- Article 20: Right to data portability
- Article 21: Right to object (including to direct marketing at any time)
- Article 22: Rights related to automated individual decision-making
We respond within one month. For complex requests we may extend by up to two further months with notice.
You have the right to lodge a complaint with your local data protection authority. The list is available at EDPB members. UK residents may complain to the Information Commissioner's Office (ico.org.uk). Swiss residents may contact the Federal Data Protection and Information Commissioner (edoeb.admin.ch).
05International transfers
We transfer personal data from the EEA, UK, and Switzerland to the United States. We rely on:
- European Commission Standard Contractual Clauses (Module 1, 2, or 4 as applicable), plus the UK International Data Transfer Addendum or the Swiss Addendum
- The EU-U.S. Data Privacy Framework, the UK Extension, and the Swiss-U.S. Data Privacy Framework (we are self-certified)
- Your explicit consent or Article 49 derogations where applicable
Copies of the safeguards are available on request.
06Data Processing Agreement
If you are a business customer using the Services to process personal data of your own employees, customers, or contractors, we act as a processor and you act as the controller. The Data Processing Agreement is auto-executed on all paid plans and governs that relationship in accordance with Article 28 GDPR.
Contact our legal team
Questions about this policy go to legal@file.business. Privacy or data requests go to privacy@file.business. Postal mail: File.Business, Inc., 101 N Monroe St, Suite 800, Tallahassee, FL 32301, USA.