EFFECTIVE DATE: Feb 2023
We, KeyedIn Solutions Limited, KeyedIn Solutions Inc and KeyedIn Solutions Holdings Inc (KeyedIn, also referred to as we, us, our in this document), are committed to protecting and respecting your privacy. For the purposes of this policy ‘you’ are our customers or individuals who supply personal information to us in order to communicate with us.
- through our websites www.keyedin.com and www.keyedinerp.com (our “Sites”);
- when you communicate with us by email or telephone;
- when you enter into contracts with us to use our Cloud Services (the “Cloud Services”);
- when you access our support portal (described below) so that we can perform our contractual obligations to you in relation to the Cloud Services.
For the purposes of data protection legislation, we are the controller of this personal information. This means that we determine the purposes and means of the processing of this personal data.
WHAT IS PERSONAL INFORMATION?
Data protection legislation determines the following to be personal information: your name, identification number, phone number, job title and e-mail address. It also includes less obvious information such as location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person. Personal information is treated confidentially.
COLLECTION OF PERSONAL INFORMATION THROUGH OUR SITES
Personal Information We Collect
Our Sites do not collect personal information about you except for information that you voluntarily provide (for example, when you complete a form on the Sites or submit an email to us with comments or questions about our Sites or products). We may set cookies from time to time to better gauge our readership level, please see our cookie information for further details https://www.keyedin.com/about-cookies.
Communications from Us
If you wish to subscribe to our newsletter(s), you will submit your name and email address to the Site and we will use these details to send the newsletter to you. If you no longer wish to receive these newsletters you may follow the unsubscribe mechanism contained in each of the emails you receive.
From time to time we post customer testimonials/comments/reviews on our Sites which may contain personally identifiable information. We will obtain your consent via email prior to posting any testimonial which contains personally identifiable information. An individual may ask to have their testimonial removed from our Sites at any time and can make this request by contacting us at email@example.com.
COLLECTION OF PERSONAL INFORMATION FROM YOU WHEN YOU COMMUNICATE WITH US
We may collect contact details from you when you communicate with us by email, telephone or post. This could be in order to obtain some further information about any of our products or services. Where you have indicated that you would like further information we will include you on our mailing list (see MARKETING COMMUNICATIONS).
COLLECTION OF PERSONAL INFORMATION FROM OUR CUSTOMERS
We also collect personal data from you when you enter into a contract with us to use our Cloud Services. In these circumstances we collect and process the following information about you:
Information you give us:
• when you, your company or your employer enters into a contract with us for Cloud Services;
• by corresponding with us by email or otherwise; and when you create a user account to access the Cloud Services.
• The information you give us may include your name, address, job title and organisation you work for, email address and phone number.
We use this information to:
• carry out our obligations arising from contracts entered into between you or your company and us and respond to customer service requests;
• administer your account;
• notify you about changes to our services; and
• send you a newsletter or information about other products we offer that are similar to those you have already purchased, provided you have agreed to receive such communications.
We provide a support portal to our customers through which you log any service issues associated with the Cloud Services. To enable our helpdesk to respond quickly and efficiently, contact details will be collected from the individual logging the problem. Where necessary the helpdesk engineer will use this personal data logged to communicate with the individual in order to reach a resolution of the service issue.
Our Cloud Service platforms offer publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at firstname.lastname@example.org.
DISCLOSURE OF YOUR PERSONAL INFORMATION
In order to provide the Cloud Services we engage third parties to perform functions on our behalf, for example, we use a third party hosting service provider. If you are a customer, we will inform you of the identity of these processors and of any intended changes concerning the addition or replacement of processors and give you an opportunity to object. We have comprehensive data processing agreements in place with all processors we engage. Where a processor fails to fulfil its data protection obligations, in most circumstances we remain responsible to you for the performance of those obligations.
Other third parties
If we sell our business, or it undergoes a business transition, your services agreement with us may be transferred as part of the process. As a result, the personal data that we store and process on your behalf may also be incidentally transferred. Where this is likely to occur, we will endeavour to inform you in advance. If you are a customer please see the terms on which we provide your service for further information.
Under certain circumstances, we may be required to disclose personal information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (at the point of collecting your data or as soon as possible thereafter) if we intend to use your data for direct marketing purposes (i.e. providing you with details of our other products and services which we feel may interest you). You will have the option to refuse permission for us to do this when we collect your contact details and in every email we send you, there will always be an option to unsubscribe.
We will obtain your consent before we pass on your information to selected third parties to provide you with information about goods and services that they offer and which could interest you. You can exercise your right to prevent such processing by not checking certain boxes on the forms we use to collect your data.
The right to be informed about our collection and use of personal data;
You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through our external website policy. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.
Right to Access Your Personal Information
You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is often termed a ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you, we will provide it to you free of charge and aim to do so within 30 days from when your identity has been confirmed.
We would ask for proof of identity and sufficient information about your interactions with us, so that we can locate your personal information.
If you would like to exercise this right, please contact us as set out below.
Subject Access Request as a Service (SARaaS)
We are committed to providing the information you request as part of your Subject Access Request and have procedures in place to ensure this occurs in a timely fashion.
We do not have agreements in place with any third-party platforms that offer “Subject Access Requests as a Service”. As a responsible data controller of your personal information this represents significant risks when sharing data. The right of access afforded to you, does not obligate data controllers to share data with third-parties. It is our policy to provide the information directly to data subjects ensuring the safety and security of the information throughout the process.
We will monitor future guidance from the Information Commissioner’s Office but currently undertake our own reasonable measures to verify the identity of data subjects. We would like to assure you that the protection of your data is our main concern and we are committed to providing information as part of any valid request.
This policy will also apply to the rights set out below.
Right to Correction Your Personal Information
If any of the personal information we hold about you is inaccurate, incomplete or out of date, you may ask us to correct it.
Right to Stop or Limit Our Processing of Your Data
You have the right to object to us processing your personal information for particular purposes, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.
Right to Erasure
You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.
If you would like to exercise this right, please contact us as set out below.
Right to Portability
The right to portability, gives you the right to receive personal data you have provided to a controller in a structured, commonly used and machine readable format. It also gives you the right, to request that a controller transmits this data directly to another controller.
If you would like to exercise any of the rights above, please contact us as set out below.
For more information about your privacy rights
The Information Commissioner's Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here https://ico.org.uk/for-the-public or by calling their helpline on 03031231113.
You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have. To exercise your rights or to make a complaint you can contact us at email@example.com.
The security of your personal information is extremely important to us. All information you provide us is stored on our secure servers and we encrypt the transmission of personal information using secure socket layer technology (SSL).
Where you have created a user account or where we have given you (or you have chosen) a password which enables you to access our Support Portal, you are responsible for keeping this password confidential. We ask you not to share that password with anyone.
We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. If you have any questions about security on our Site or our Platforms, you can contact us at firstname.lastname@example.org.
In the event of a personal data breach, we will, without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the breach to the relevant supervisory authority (Information Commissioner in the UK), unless the breach is unlikely to result in a risk to your rights and freedoms. When the data breach is likely to result in a high risk to your rights and freedoms, we shall communicate the breach to you without undue delay unless data protection legislation stipulates that we are not required to do so.
TRANSFER OF PERSONAL DATA OUTSIDE OF THE EEA AND SWITZERLAND
We are a multi-national business, head-quartered in the United States, and personal data about individuals based in Europe and Switzerland along with your other data may be stored or processed by KeyedIn Solutions Inc outside of the European Economic Area (EEA) or Switzerland in order to fulfil our contractual obligations to you, including our helpdesk service.
The European and Swiss data protection legislative framework prohibits transfers of personal data outside of the European Economic Area (EEA) or Switzerland without a mechanism in place assuring that the rights of individuals are adequately protected.
Where data is transferred out of the EEA or Switzerland to third party processors, we ensure that these organisations provide sufficient guarantees to implement appropriate technical and organisational measures for the protection of personal data in line with our legislative obligations. Where necessary we require that any such third party processors execute the relevant Standard Contractual Clauses or adhere to any certification processes issued by the European Commission for transfer of personal data out of the EEA.
KEYEDIN SOLUTIONS INC REGISTRATION WITH EU-US PRIVACY SHIELD AND SWISS–US PRIVACY SHIELD
In light of the July 2020 ruling by the European Court of Justice invalidating the Privacy Shield as adequate protection against 3rd party access to data we have implemented Standard Contractual Clauses between KeyedIn Solutions Ltd and KeyedIn Solutions Inc.
However, KeyedIn Solutions Inc continues to participate in and has certified its compliance with the EU-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. [https://www.privacyshield.gov/list]
KeyedIn is responsible for the processing of personal data it receives and subsequently transfers to a third party acting as an agent on its behalf. KeyedIn complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, KeyedIn is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
PRIVACY SHIELD COMPLAINTS PROCEDURE AND ARBITRATION
In compliance with the Privacy Shield principles, KeyedIn Solutions Inc. commits to resolve complaints about our collection or use of personal information. If you want to ask something or if you have concerns about the way in which personal data is handled please contact our Privacy Team at email@example.com. We will investigate and respond as quickly as possible.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Where you have specific concerns about the way in which data has been handled or transferred out of the EEA or Switzerland, (and we are unable to resolve those concerns), you can also contact the data protection authority in the jurisdiction where you are based. If you are in the United Kingdom, please contact the Information Commissioner’s Office on +44 303 123 1113.
Where the issue specifically relates to Privacy Shield, please contact the Information Commissioner at firstname.lastname@example.org.
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with KeyedIn Solutions Inc. and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce's Privacy Shield Website: https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint.
Clear Gifs (Web Beacons/Web Bugs)
Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users. We use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. If you have elected not to receive marketing emails from us, clear gifs will not be used in any other communications with you.
Links to Other Sites
Our Sites may, from time to time, contain links to and from other websites that are not owned or controlled by us. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory or other requirements.
We may update this privacy statement to reflect changes to our information practices or changes in applicable law. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a prominent notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
If you have questions about our privacy or legal policies, contact us by email at email@example.com or via postal mail in the US at 8500 Normandale Lake Blvd, Suite 400, Bloomington, MN 55437 or in the UK at Maple House, Woodland Park, Cleckheaton, BD19 6BW.
Our EU Representative is: The DPO Centre Europe, Alexandra House, 3 Ballsbridge Park, Dublin, D04C 7H2, Ireland: Email: firstname.lastname@example.org