CLOUD SERVICES PRIVACY POLICY OF KEYEDIN SOLUTIONS INC and KEYEDIN SOLUTIONS LIMITED

REVIEWED: MARCH 2018

We, KeyedIn Solutions Limited and on behalf of our US parent entity KeyedIn Solutions Inc. (referred to herein as we, us, ours), are committed to protecting and respecting your privacy You, are our customers who enter into agreements with us for the use of our products.

This privacy policy and our software service agreements set out the basis on which we collect, process, store and disclose personal information collected through our Cloud Service (the Cloud Service).

This personal information is uploaded to the Cloud Service by you in the course of your use of our products and may, for example, include personal employee data or customer data. You are the controller of this data and we simply process it (where we are required to do so) in the performance of our contract with you for example in the provision of the helpdesk function. We also store the data on your behalf on our secure servers.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

COLLECTION OF PERSONAL INFORMATION

Collection of personal information in the course of using the Platform

We collect and process personal information in the course of your use of our Cloud Service. You may upload personal information (about employees, customers etc.) when using our Cloud Service. This data is stored on our secure servers and from, time to time, may be processed by us in order to perform technical support obligations to you in line with our service agreement. We do not use the data uploaded to the Cloud Service for any purpose other than to provide the service.

We consider the following to be personal information: your name, identification number, phone number, job title and e-mail address. It may also include less obvious information such as location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person. Personal information is treated confidentially.

We have no direct relationship with the individuals whose personal data we process in this context and we simply act as a processor in respect of this data.

COOKIES

We use cookies for certain areas of our Cloud Service. Cookies are files that store information on your hard drive or browser that means that we can recognize that you have visited the platform before. They make it easier for you to maintain your preferences on the platform, and by seeing how you use the platform, we can tailor it around your preferences and measure usability.

If you wish, you can disable the cookies from your browser and delete all cookies currently stored on your computer. Cookie settings can be found in your browser’s preferences. For information about cookies and their use please visit http://www.allaboutcookies.org/manage-cookies/index.html. Please note, however, that if you choose to disable the cookies the platform will not work.

We use session ID cookies and persistent cookies within the product for identity management as you navigate to different areas of the system. A session ID cookie expires when you close your browser. We also use persistent cookies to hold log on screen defaults such as the last used language for localization and the ‘keep me logged in’ facility. A persistent cookie remains on your hard drive for an extended period of time. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file.

DATA ACCESS AND RETENTION

You may access, correct and update the personal information you have uploaded to the Cloud Service about your customers, employees etc. at any time by accessing the relevant areas of the platform.

We will retain personal data we process on your behalf for as long as needed to provide services to you and in line with your instructions as controller of this data. We will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Individuals have a right to access personal data held about them. Should an individual whose data we store pursuant to our service agreement with you, approach us to seek access, correction, amendment, or deletion of inaccurate data, we will ask them to direct their query to you, the controller of such information. If you request that we erase data from our system or amend this data, we will respond to your request as soon as possible.

Please see our corporate privacy policy for information on how to access, correct and check personal information that we hold about you and in respect of which we are the data controller.

DATA BREACH

In the event of a data breach, we will notify you without undue delay after we become aware of the breach.

ENGAGING THIRD PARTY SERVICE PROVIDERS

In order to provide the Cloud Services we engage third parties who perform functions on our behalf, for example, we use a third party hosting service provider. We will inform you of any intended changes concerning the addition or replacement of sub-processors and give you an opportunity to object. We have comprehensive data processing agreements in place with all sub-processors we engage and where a sub-processor fails to fulfil its data protection obligations, we remain responsible to you for the performance of that other processor’s obligations.

DISCLOSURE OF PERSONAL INFORMATION ON BUSINESS SALE

If we sell our business, or it undergoes a business transition, your services agreement with us may be transferred as part of the process. As a result, the personal data that we store and process on your behalf may also be incidentally transferred. Where this is likely to occur, we will endeavour to inform you in advance. Please see the terms on which we provide your service for further information.

DISCLOSURE FOR NATIONAL SECURITY OR LAW ENFORCEMENT

Under certain circumstances, we may be required to disclose personal information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

In certain circumstances, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

MARKETING COMMUNICATIONS

The personal information that you control will never be accessed or processed by us for marketing purposes.

INFORMATION SECURITY

Security

The security of your personal information is important to us. All information you provide us is stored on our secure servers and we encrypt the transmission of personal information using secure socket layer technology (SSL).

Where you have created a user account or where we have given you (or you have chosen) a password which enables you to access certain parts of our Cloud Service, you are responsible for keeping this password confidential. We ask you not to share that password with anyone.

We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or of electronic storage, is 100% secure; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. If you have any questions about security on our Cloud Service, you can contact info@keyedin.com.

TRANSFER OF PERSONAL DATA OUTSIDE OF THE EEA AND SWITZERLAND

We are a multi-national business and personal data about individuals based in Europe and Switzerland along with your other data, will be stored in the geographic location agreed with you. Data may be processed by KeyedIn Solutions Inc. (see KEYEDIN SOLUTIONS INC REGISTRATION WITH EU-US PRIVACY SHIELD AND SWISS-US PRIVACY SHIELD below) and engineers in the United States and India in order to fulfil our contractual obligations to you, including our helpdesk service.

The European and Swiss data protection legislative frameworks prohibits transfers of personal data outside of the European Economic Area (EEA) or Switzerland without a mechanism in place assuring that the rights of individuals are adequately protected. Where data is transferred out of the EEA or Switzerland to third party processors, we ensure that these organisations provide sufficient guarantees to implement appropriate technical and organisational measures for the protection of personal data. Where necessary require that any such third party processors execute the relevant Standard Contractual Clauses or adhere to any certification processes issued by the European Commission for transfer of personal data out of the EEA.

KEYEDIN SOLUTIONS INC REGISTRATION WITH EU-US PRIVACY SHIELD AND SWISS–US PRIVACY SHIELD

In the course of providing the Cloud Services, data will be transferred to and processed by us in the US. To provide adequate protection for personal data received in the US, KeyedIn Solutions Inc. has elected to self-certify to the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework administered by the US Department of Commerce ("Privacy Shield"). KeyedIn Solutions Inc. adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability.

For purposes of enforcing compliance with the Privacy Shield, KeyedIn Solutions Inc is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, see the US Department of Commerce's Privacy Shield website located at: https://www.privacyshield.gov. To review KeyedIn Solutions Inc's representation on the Privacy Shield list, see the US Department of Commerce's Privacy Shield self-certification list located at https://www.privacyshield.gov/list.

PRIVACY SHIELD COMPLAINTS PROCEDURE AND ARBITRATION

In compliance with the Privacy Shield principles, KeyedIn Solutions Inc. commits to resolve complaints about our collection or use of personal information. If you want to ask something or if you have concerns about the way in which personal data is handled please contact our Privacy Team at privacy@keyedin.com. We will investigate and respond as quickly as possible.

KeyedIn Solutions Inc. has further committed to refer unresolved Privacy Shield complaints to TRUSTe, U.S.-based third party dispute resolution provider at https://feedback-form.truste.com/watchdog/request. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit TRUSTe for more information or to file a complaint. The services of TRUSTe are provided at no cost to you.

Where you have specific concerns about the way in which data has been handled or transferred out of the EEA or Switzerland, (and we are unable to resolve those concerns), you can also contact the data protection authority in the jurisdiction where the individual is based or resides. If you are in the United Kingdom, please contact the Information Commissioner’s Office on +44 303 123 1113. Where the issue specifically relates to Privacy Shield, please contact the Information Commissioner at privacyshield@ico.org.uk.

You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with KeyedIn Solutions Inc. and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce's Privacy Shield Framework https://www.privacyshield.gov.

CHANGES TO THIS POLICY

We may update this privacy policy to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on the platforms prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

CONTACT US

If you have questions about our privacy or legal policies, contact us by email at info@keyedin.com or in the US via postal mail at:
5800 W 84th Street, Suite 400, Bloomington, MN 55437 OR in the UK at: Maple House, Woodland Park, Cleckheaton, BD19 6BW.