Evernote Logo
Evernote
Get the app

Region-Specific Information

Effective Date: June 14, 2024

If this Policy is translated into any language other than English, in the event of a conflict, the English language version shall govern to the fullest extent permitted by applicable laws.

The information on this page supplements the information found in our Privacy Policy and may apply to you if you are a resident of one of the regions below. 

California

Your California Privacy Rights

Consumers residing in California are afforded certain additional rights with respect to their personal information under the California Consumer Privacy Act, as amended from time to time, including the California Privacy Rights Act and its implementation regulations (“CCPA”) (California Civil Code Section 1798.100 et seq.).

We collect your information for the purposes described in this Privacy Policy, which include “business purposes” under the CCPA. We provide the following additional disclosures related to the collection, use, and disclosure of personal information under the CCPA:

Categories of Personal Information Collected. In the preceding 12 months, we have collected the categories of personal information listed below. 

  • Identifiers. Identifiers such as your first name, last name, email address, IP address, unique device identifiers or other online identifier.
  • Personal information categories listed in the California Customer Records statute. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as your name or the commercial, professional, or education information described below.
  • Commercial information. Commercial information such as your payment method and related information if you purchase a subscription.
  • Network activity. Internet or other electronic network activity information, including connection information and information regarding your interaction with the Service such as the name of your mobile operator or ISP, browser type and version, usage data, type and version of operating system, hardware version, device settings, software types, battery and signal strength, screen resolution, device manufacturer and model, language and time zone, mobile phone number and IP address. 
  • Geolocation data. Geolocation data, including the IP address you use to connect to the Service and — if you choose to share it — your location information from a mobile device.
  • Sensory information. Audio, electronic, visual, or similar information, such as photos that you upload to your account or otherwise provide to us, or when you consent to the recording of calls.
  • Professional information. Professional or employment-related information (for Evernote Teams users).
  • Education information. Education information, if you choose to provide this information such as in marketing surveys or your profile.
  • Inferences. Inferences drawn from any of the information above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and/or aptitudes, so that we may contact you with messaging that we think will interest you.

We do not sell or share (as defined under the CCPA) any of the categories of personal information we collect about you, and have not sold or shared such information in the preceding 12 months. We generally do not collect information that is considered sensitive personal information (as defined under the CCPA). In the limited circumstances that we do, such as the collection of your username and password, we do not collect this information for the purpose of inferring characteristics about you. For additional examples of the types of data we may collect, see the section “What data do we collect?” of this Privacy Policy.

Business or Commercial Purpose for Collecting Information. We collect personal information for the business and commercial purposes described in the section “How do we use your data?” of this Privacy Policy. 

Categories of Sources of Personal Information. We collect personal information directly from you when you interact with the Services, automatically when you access or use the Services or transact business with us, and from other sources as described in the section “What data do we collect?” of this Privacy Policy. 

Categories of Recipients with Whom We Disclose Information. We may disclose your personal information as described in the section “How do we disclose your data?” of this Privacy Policy. In the preceding 12 months, we have disclosed the categories of personal information for a business purpose or at your direction to our parents, affiliates, subsidiaries, and service providers.

Your Rights. Below is an explanation of rights for California consumers: 

  • Right to know. You can request to know the specific pieces of personal information we collect about you.
  • Right to correct. You can request that we correct certain inaccurate information.
  • Right to delete. You can request that we delete personal information that we collect from you (subject to certain exceptions).

California consumers may make rights requests by emailing your request to privacy@evernote.com. In the subject line of your email, please write “CCPA Rights Request". You can also log in to your Evernote account, go to the Contact form, select Privacy, complete the required fields, and then click Submit.  

We will not discriminate against you if you choose to exercise your rights under the CCPA.

Note that in order to fulfill your request, we may need you to provide certain information to verify your identity, by ensuring your request was made using our support portal from an authenticated account. You can also designate an authorized agent to exercise these rights on your behalf. The authorized agent will be asked to verify (i) the user and/or account about which the request relates, and (ii) their identity and written authorization to act as your agent. We may ask you to directly confirm to us that you have given permission to the authorized agent to submit the request.  

The Evernote Service is accessible to consumers with disabilities. Consumers with disabilities may also contact us by emailing privacy@evernote.com to request an alternative format of this Privacy Policy. 

Europe

Users residing in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland are afforded certain additional rights with respect to their personal data under applicable data protection laws, including Regulation (EU) 2016/679 – General Data Protection Regulation (“GDPR”). 

Your Rights. Subject to applicable data protection laws, the following rights may be available: 

  • Right to access. You can request us to provide you with information on how we collect, use, and store your personal data, including providing you with a copy of your personal data that we store.
  • Right of rectification. You can request that we correct certain inaccurate personal data.
  • Right of erasure. You can request that we delete your personal data.
  • Right to data portability. You can export your personal data from us to a competing service. See our Third Law of Data Protection for more information.
  • Right to object. You can object to the processing of your personal data in certain cases, as well as request that we not use your personal data for direct marketing purposes. Direct marketing includes emails which help us keep you informed about the latest improvements to our Service. See our Help and Learning page on opting-out for more information.
  • Right to restrict. You can restrict the processing of your personal data in certain cases.
  • Right to consent withdrawal. Where we rely on your consent to process your personal data, you have the right to withdraw your consent. If you do so, the processing carried out before your withdrawal will remain valid, but thereafter we’ll no longer process your data for that purpose.

You also have the right to complain before the competent national data protection authority, or any other applicable regulator in the jurisdiction where you reside, in the event that you think we’ve violated the applicable privacy laws and we haven’t addressed your request.

If you want to submit a request by email or if you have any other questions about privacy or data protection at Bending Spoons, you can contact us at privacy@evernote.com. You can also log in to your Evernote account, go to the Contact form, select Privacy, complete the required fields, and then click Submit

We may take some reasonable steps to verify your identity before responding to your request, such as asking you for information and making sure it matches the data available to us. If you submit a request to exercise a right as an authorized agent, we may ask you to provide proof of your authorization or we may contact the subject of the request for confirmation, in accordance with applicable privacy laws.

Data transfers. Bending Spoons is located in Italy. Sometimes, we may transfer your personal data outside the EEA. When we do so, the transfer is always based on appropriate safeguards in accordance with applicable privacy laws, including the standard contractual clauses developed by the European Commission, the decisions of adequacy of the European Commission, or binding corporate rules.

If you want to know more about the safeguards in place for the transfer of your data, you can contact us at privacy@evernote.com.

Brazil

Users residing in Brazil are afforded certain additional rights with respect to their personal data under the Brazilian General Data Protection Law (Law No. 13,709/18 or “LGPD”). 

Your Rights. If you are a resident of Brazil, you have certain rights in connection with your personal data according to the LGPD:

  • Right to access. You can ask that we confirm the existence of processing of your personal data and request access to such information, including information about public and private entities with which we have disclosed your personal data. You can also request to review decisions based solely on automated processing of personal data that affect your interests, including decisions aimed at defining your personal, professional, consumer and credit profile, or personality aspects. 
  • Right to correct. You can request that we correct certain inaccurate, outdated, and inexact personal data.
  • Right to delete. You can request that we delete your personal data where the personal data is processed based on your consent, subject to certain exceptions.
  • Right to anonymization, blocking, or deletion. Where your personal data is unnecessary, excessive, or is processed in non-compliance with the LGPD, you can request the anonymization, blocking, or deletion of such personal data.
  • Right to data portability. You can export your information from us to a competing service. See our Third Law of Data Protection for more information.
  • Right to object. You can object to the processing of personal data in certain cases. 
  • Right to withdraw consent. Where we rely on your consent to process personal data, you have the right to withdraw consent at any time and all processing activities carried out before your withdrawal of consent will remain valid.

 

Additional Information

How do I get a Data Processing Addendum?

Evernote Teams customers looking for a data protection agreement should email privacy@evernote.com for more information.

Does Bending Spoons view itself as a data controller business or data processor?

Both. Depending on the circumstance. We've outlined details about Bending Spoons’ role in each of these designations below:

  • Data controller: For individual users, Bending Spoons will act as the data controller. When Bending Spoons is the data controller, we handle personal data as described in our Privacy Policy. 
  • Data processor / service provider: Bending Spoons acts as a data processor or service provider on behalf of Teams customers.

What third parties do we work with to process customer data?

Bending Spoons uses third parties to help provide the Evernote Service to you. Before onboarding a new third party, we conduct a privacy and security review. Any third party which handles personal data must sign a data processing agreement with Bending Spoons. To view an updated list of the third parties, visit https://evernote.com/privacy/vendors.