Corporate Privacy Policy

CORPORATE PRIVACY POLICY OF KEYEDIN SOLUTIONS LIMITED AND KEYEDIN SOLUTIONS, INC

EFFECTIVE DATE: OCTOBER 2023

We, KeyedIn Solutions Limited, KeyedIn Solutions Inc. and KeyedIn Solutions Holdings Inc. (KeyedIn, also referred to as we, us, our in this document), are committed to protecting and respecting your privacy. For the purposes of this policy ‘you’ are our customers or individuals who supply personal information to us in order to communicate with us.

This privacy policy sets out the basis on which we collect and process personal information gathered:

  1. through our website www.keyedin.com (our “Site”);
  2. when you communicate with us by email or telephone;
  3. when you enter into contracts with us to use our Cloud Services (the “Cloud Services”);
  4. when you access our support portal (described below) so that we can perform our contractual obligations to you in relation to the Cloud Services.

For the purposes of data protection legislation, we are the controller of this personal information. This means that we determine the purposes and means of the processing of this personal data.

The full terms on which we process personal data on your behalf where you are a controller is set out in our Cloud Services privacy policy https://www.keyedin.com/platform-privacy-policy. We also hold some personal data about your employees in the context of you being a customer of KeyedIn. In relation to that data we also act as a controller and perform the activities set out in this policy in order to perform our contract with you.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. If you have questions or complaints regarding our privacy policy or practices, please contact us at privacy@keyedin.com.

If you are in the United States and have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. If you are in the United Kingdom and facing a similar concern, please contact the Information Commissioner’s Office.

WHAT IS PERSONAL INFORMATION?

Data protection legislation determines the following to be personal information: your name, identification number, phone number, job title and e-mail address. It also includes less obvious information such as location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person. Personal information is treated confidentially.

COLLECTION OF PERSONAL INFORMATION THROUGH OUR SITES

Personal Information We Collect

Our Site does not collect personal information about you except for information that you voluntarily provide (for example, when you complete a form on the Site or submit an email to us with comments or questions about our Site or products). We may set cookies from time to time to better gauge our readership level, please see our cookie information for further details https://www.keyedin.com/about-cookies.

Communications from Us

If you wish to subscribe to our newsletter(s), you will submit your name and email address to the Site and we will use these details to send the newsletter to you. If you no longer wish to receive these newsletters you may follow the unsubscribe mechanism contained in each of the emails you receive.

Testimonials

From time to time we post customer testimonials/comments/reviews on our Site which may contain personally identifiable information. We will obtain your consent via email prior to posting any testimonial which contains personally identifiable information. An individual may ask to have their testimonial removed from our Site at any time and can make this request by contacting us at privacy@keyedin.com.

COLLECTION OF PERSONAL INFORMATION FROM YOU WHEN YOU COMMUNICATE WITH US

We may collect contact details from you when you communicate with us by email, telephone or post. This could be in order to obtain some further information about any of our products or services. Where you have indicated that you would like further information we will include you on our mailing list (see MARKETING COMMUNICATIONS).

COLLECTION OF PERSONAL INFORMATION FROM OUR CUSTOMERS

We also collect personal data from you when you enter into a contract with us to use our Cloud Services. In these circumstances we collect and process the following information about you:

Information you give us:

  • when you, your company or your employer enters into a contract with us for Cloud Services;
  • by corresponding with us by email or otherwise; and when you create a user account to access the Cloud Services.
  • The information you give us may include your name, address, job title and organisation you work for, email address and phone number.

We use this information to:

  • carry out our obligations arising from contracts entered into between you or your company and us and respond to customer service requests;
  • administer your account;
  • notify you about changes to our services; and
  • send you a newsletter or information about other products we offer that are similar to those you have already purchased, provided you have agreed to receive such communications.

Support Portal

We provide a support portal to our customers through which you log any service issues associated with the Cloud Services. To enable our helpdesk to respond quickly and efficiently, contact details will be collected from the individual logging the problem. Where necessary the helpdesk engineer will use this personal data logged to communicate with the individual in order to reach a resolution of the service issue.

Public Forums

Our Cloud Service platform offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at privacy@keyedin.com.

DISCLOSURE OF YOUR PERSONAL INFORMATION

Service Providers

In order to provide the Cloud Services we engage third parties to perform functions on our behalf, for example, we use a third party hosting service provider. If you are a customer, we will inform you of the identity of these processors and of any intended changes concerning the addition or replacement of processors and give you an opportunity to object. We have comprehensive data processing agreements in place with all processors we engage. Where a processor fails to fulfil its data protection obligations, in most circumstances we remain responsible to you for the performance of those obligations.

Other third parties

If we sell our business, or it undergoes a business transition, your services agreement with us may be transferred as part of the process. As a result, the personal data that we store and process on your behalf may also be incidentally transferred. Where this is likely to occur, we will endeavour to inform you in advance. If you are a customer please see the terms on which we provide your service for further information.

We may also disclose your personal data if we are under a duty to do so in order to comply with any legal obligations; in order to enforce or apply our terms of use and other agreements; or to protect the rights, property or safety of business, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.

Law enforcement

Under certain circumstances, we may be required to disclose personal information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

MARKETING COMMUNICATIONS

You have the right to ask us not to process your personal data for marketing purposes. We will inform you (at the point of collecting your data or as soon as possible thereafter) if we intend to use your data for direct marketing purposes (i.e. providing you with details of our other products and services which we feel may interest you). You will have the option to refuse permission for us to do this when we collect your contact details and in every email we send you, there will always be an option to unsubscribe.

We will obtain your consent before we pass on your information to selected third parties to provide you with information about goods and services that they offer and which could interest you. You can exercise your right to prevent such processing by not checking certain boxes on the forms we use to collect your data.

YOUR RIGHTS

The right to be informed about our collection and use of personal data;

You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through our external website policy. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.

Right to Access Your Personal Information

You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is often termed a ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you, we will provide it to you free of charge and aim to do so within 30 days from when your identity has been confirmed.

We would ask for proof of identity and sufficient information about your interactions with us, so that we can locate your personal information.

If you would like to exercise this right, please contact us as set out below.

Subject Access Request as a Service (SARaaS)

We are committed to providing the information you request as part of your Subject Access Request and have procedures in place to ensure this occurs in a timely fashion.

We do not have agreements in place with any third-party platforms that offer “Subject Access Requests as a Service”. As a responsible data controller of your personal information this represents significant risks when sharing data. The right of access afforded to you, does not obligate data controllers to share data with third-parties. It is our policy to provide the information directly to data subjects ensuring the safety and security of the information throughout the process.

We will monitor future guidance from the Information Commissioner’s Office but currently undertake our own reasonable measures to verify the identity of data subjects. We would like to assure you that the protection of your data is our main concern and we are committed to providing information as part of any valid request.

This policy will also apply to the rights set out below.

Right to Correction Your Personal Information

If any of the personal information we hold about you is inaccurate, incomplete or out of date, you may ask us to correct it.

Right to Stop or Limit Our Processing of Your Data

You have the right to object to us processing your personal information for particular purposes, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.

Right to Erasure

You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.

If you would like to exercise this right, please contact us as set out below.

Right to Portability

The right to portability, gives you the right to receive personal data you have provided to a controller in a structured, commonly used and machine readable format. It also gives you the right, to request that a controller transmits this data directly to another controller.

If you would like to exercise any of the rights above, please contact us as set out below.

For more information about your privacy rights

The Information Commissioner's Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here https://ico.org.uk/for-the-public or by calling their helpline on 0303 123 1113.

You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have. To exercise your rights or to make a complaint you can contact us at privacy@keyedin.com.

 

INFORMATION SECURITY

Security

The security of your personal information is extremely important to us. All information you provide us is stored on our secure servers and we encrypt the transmission of personal information using secure socket layer technology (SSL).

Where you have created a user account or where we have given you (or you have chosen) a password which enables you to access our Support Portal, you are responsible for keeping this password confidential. We ask you not to share that password with anyone.

We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. If you have any questions about security on our Site or our Platform, you can contact us at privacy@keyedin.com.

In the event of a personal data breach, we will, without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the breach to the relevant supervisory authority (Information Commissioner in the UK), unless the breach is unlikely to result in a risk to your rights and freedoms. When the data breach is likely to result in a high risk to your rights and freedoms, we shall communicate the breach to you without undue delay unless data protection legislation stipulates that we are not required to do so.

TRANSFER OF PERSONAL DATA OUTSIDE OF THE EEA, UK AND SWITZERLAND

We are a multi-national business, head-quartered in the United States, and personal data about individuals based in Europe with your other data may be stored or processed by KeyedIn Solutions Inc. outside of the European Economic Area (EEA), UK or Switzerland in order to fulfil our contractual obligations to you, including our helpdesk service.

The European, UK and Swiss data protection legislative framework prohibits transfers of personal data outside of the European Economic Area (EEA), UK or Switzerland without a mechanism in place assuring that the rights of individuals are adequately protected.

Where data is transferred out of the EEA, UK or Switzerland to third party processors, we ensure that these organisations provide sufficient guarantees to implement appropriate technical and organisational measures for the protection of personal data in line with our legislative obligations. Where necessary we require that any such third party processors execute the relevant Standard Contractual Clauses or adhere to any certification processes issued by governing bodies such as the European Commission.

KEYEDIN SOLUTIONS INC. REGISTRATION WITH EU-US DATA PRIVACY FRAMEWORK AND THE UK EXTENSION TO THE EU-U.S. DPF AND SWISS–US DATA PRIVACY FRAMEWORK

KeyedIn complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. KeyedIn has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

KeyedIn is responsible for the processing of personal data it receives and subsequently transfers to a third party acting as an agent on its behalf. KeyedIn complies with the Data Privacy Framework Principles for all onward transfers of personal data from the EU, UK and Switzerland including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Data Privacy Framework, KeyedIn is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

KeyedIn have implemented Standard Contractual Clauses between KeyedIn Solutions Ltd and KeyedIn Solutions Inc.  

DATA PRIVACY FRAMEWORK COMPLAINTS PROCEDURE AND ARBITRATION

In compliance with the Data Privacy Framework principles, KeyedIn Solutions Inc. commits to resolve complaints about our collection or use of personal information. If you want to ask something or if you have concerns about the way in which personal data is handled please contact our Privacy Team at privacy@keyedin.com. We will investigate and respond as quickly as possible.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Where you have specific concerns about the way in which data has been handled or transferred out of the EEA, UK or Switzerland, (and we are unable to resolve those concerns), you can also contact the data protection authority in the jurisdiction where you are based. If you are in the United Kingdom, please contact the Information Commissioner’s Office on +44 303 123 1113. Where the issue specifically relates to the Data Privacy Framework, please contact the Information Commissioner here - https://ico.org.uk/make-a-complaint/uk-extension-to-the-eu-us-data-privacy-framework-complaints-tool/

You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with KeyedIn Solutions Inc. and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce's Data Privacy Framework Website:  https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf?tabset-35584=2

COOKIES

A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We use cookies on our Sites and on our Cloud Service platforms, please see our Cloud Services privacy policy for information on how cookies are used by our platforms https://www.keyedin.com/about-cookies. We link the information collected by cookies to personally identifiable information you submit to us while on our Sites. This means, for example, that where you have submitted an email address to our Sites to receive updates from us, our cookies will monitor your browsing activity so we can better tailor our mailshots to you.

Clear Gifs (Web Beacons/Web Bugs)

Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users. We use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. If you have elected not to receive marketing emails from us, clear gifs will not be used in any other communications with you.

Links to Other Sites

Our Sites may, from time to time, contain links to and from other websites that are not owned or controlled by us. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

CHANGES TO OUR PRIVACY POLICY

We may update this privacy statement to reflect changes to our information practices or changes in applicable law. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a prominent notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

If you have questions about our privacy or legal policies, contact us by email at privacy@keyedin.com or via postal mail in the US at 8500 Normandale Lake Blvd, Suite 350, Bloomington, MN 55437 or in the UK at Maple House, Woodland Park, Cleckheaton, BD19 6BW.

Our EU Representative is: The DPO Centre Europe, Alexandra House, 3 Ballsbridge Park, Dublin, D04C 7H2, Ireland: Email: eurep@keyedin.com

TRUSTe