REVIEWED: FEBRUARY 2018
We, KeyedIn Solutions Limited and on behalf of our US parent entity KeyedIn Solutions Inc. (referred to herein as we, us, ours), are committed to protecting and respecting your privacy You, are our customers who enter into agreements with us for the use of our products.
This personal information is uploaded to the Cloud Service by you in the course of your use of our products and may, for example, include personal employee data or customer data. You are the controller of this data and we simply process it (where we are required to do so) in the performance of our contract with you for example in the provision of the helpdesk function. We also store the data on your behalf on our secure servers.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
COLLECTION OF PERSONAL INFORMATION
Collection of personal information in the course of using the Platform
We collect and process personal information in the course of your use of our Cloud Service. You may upload personal information (about employees, customers etc.) when using our Cloud Service. This data is stored on our secure servers and from, time to time, may be processed by us in order to perform technical support obligations to you in line with our service agreement. We do not use the data uploaded to the Cloud Service for any purpose other than to provide the service.
We consider the following to be personal information: your name, identification number, phone number, job title and e-mail address. It may also include less obvious information such as location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person. Personal information is treated confidentially.
We have no direct relationship with the individuals whose personal data we process in this context and we simply act as a processor in respect of this data.
If you wish, you can disable the cookies from your browser and delete all cookies currently stored on your computer. Cookie settings can be found in your browser’s preferences. For information about cookies and their use please visit http://www.allaboutcookies.org/manage-cookies/index.html. Please note, however, that if you choose to disable the cookies the platform will not work.
We use session ID cookies and persistent cookies within the product for identity management as you navigate to different areas of the system. A session ID cookie expires when you close your browser. We also use persistent cookies to hold log on screen defaults such as the last used language for localization and the ‘keep me logged in’ facility. A persistent cookie remains on your hard drive for an extended period of time. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file.
DATA ACCESS AND RETENTION
You may access, correct and update the personal information you have uploaded to the Cloud Service about your customers, employees etc. at any time by accessing the relevant areas of the platform.
We will retain personal data we process on your behalf for as long as needed to provide services to you and in line with your instructions as controller of this data. We will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Individuals have a right to access personal data held about them. Should an individual whose data we store pursuant to our service agreement with you, approach us to seek access, correction, amendment, or deletion of inaccurate data, we will ask them to direct their query to you, the controller of such information. If you request that we erase data from our system or amend this data, we will respond to your request as soon as possible.
In the event of a data breach, we will notify you without undue delay after we become aware of the breach.
ENGAGING THIRD PARTY SERVICE PROVIDERS
In order to provide the Cloud Services we engage third parties who perform functions on our behalf, for example, we use a third party hosting service provider. We will inform you of any intended changes concerning the addition or replacement of sub-processors and give you an opportunity to object. We have comprehensive data processing agreements in place with all sub-processors we engage and where a sub-processor fails to fulfil its data protection obligations, we remain responsible to you for the performance of that other processor’s obligations.
DISCLOSURE OF PERSONAL INFORMATION ON BUSINESS SALE
If we sell our business, or it undergoes a business transition, your services agreement with us may be transferred as part of the process. As a result, the personal data that we store and process on your behalf may also be incidentally transferred. Where this is likely to occur, we will endeavour to inform you in advance. Please see the terms on which we provide your service for further information.
DISCLOSURE FOR NATIONAL SECURITY OR LAW ENFORCEMENT
Under certain circumstances, we may be required to disclose personal information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
In certain circumstances, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
The personal information that you control will never be accessed or processed by us for marketing purposes.
The security of your personal information is important to us. All information you provide us is stored on our secure servers and we encrypt the transmission of personal information using secure socket layer technology (SSL).
Where you have created a user account or where we have given you (or you have chosen) a password which enables you to access certain parts of our Cloud Service, you are responsible for keeping this password confidential. We ask you not to share that password with anyone.
We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or of electronic storage, is 100% secure; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. If you have any questions about security on our Cloud Service, you can contact firstname.lastname@example.org.
TRANSFER OF PERSONAL DATA OUTSIDE OF THE EEA
We are a multi-national business and personal data about individuals based in Europe along with your other data, will be stored in the geographic location agreed with you. Data may be processed by KeyedIn Solutions Inc. (see KEYEDIN SOLUTIONS INC REGISTRATION WITH US-EU PRIVACY SHIELD below) and engineers in the United States and India in order to fulfil our contractual obligations to you, including our helpdesk service.
The European data protection legislative framework prohibits transfers of personal data outside of the European Economic Area (EEA) without a mechanism in place assuring that the rights of individuals are adequately protected. Where data is transferred out of the EEA to third party processors, we ensure that these organisations provide sufficient guarantees to implement appropriate technical and organisational measures for the protection of personal data. Where necessary require that any such third party processors execute the relevant Standard Contractual Clauses or adhere to any certification processes issued by the European Commission for transfer of personal data out of the EEA.
KEYEDIN SOLUTIONS INC REGISTRATION WITH US-EU PRIVACY SHIELD
In the course of providing the Cloud Services, data will be transferred to and processed by us in the US. To provide adequate protection for personal data received in the US, KeyedIn Solutions Inc. has elected to self-certify to the EU-US Privacy Shield Framework administered by the US Department of Commerce ("Privacy Shield"). KeyedIn Solutions Inc. adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability.
For purposes of enforcing compliance with the Privacy Shield, KeyedIn Solutions Inc is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, see the US Department of Commerce's Privacy Shield website located at: https://www.privacyshield.gov. To review KeyedIn Solutions Inc's representation on the Privacy Shield list, see the US Department of Commerce's Privacy Shield self-certification list located at https://www.privacyshield.gov/list.
PRIVACY SHIELD COMPLAINTS PROCEDURE AND ARBITRATION
In compliance with the Privacy Shield principles, KeyedIn Solutions Inc. commits to resolve complaints about our collection or use of personal information. If you want to ask something or if you have concerns about the way in which personal data is handled please contact our Privacy Team at email@example.com. We will investigate and respond as quickly as possible.
KeyedIn Solutions Inc. has further committed to refer unresolved Privacy Shield complaints to TRUSTe, U.S.-based third party dispute resolution provider at https://feedback-form.truste.com/watchdog/request. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit TRUSTe for more information or to file a complaint. The services of TRUSTe are provided at no cost to you.
Where you have specific concerns about the way in which data has been handled or transferred out of the EEA,(and we are unable to resolve those concerns), you can also contact the data protection authority in the jurisdiction where the individual is based or resides. If you are in the United Kingdom, please contact the Information Commissioner’s Office on +44 303 123 1113. Where the issue specifically relates to Privacy Shield, please contact the Information Commissioner at firstname.lastname@example.org.
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with KeyedIn Solutions Inc. and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce's Privacy Shield Framework https://www.privacyshield.gov.
CHANGES TO THIS POLICY
If you have questions about our privacy or legal policies, contact us by email at email@example.com or in the US via postal mail at 5001 American Blvd W Suite 1010 Minneapolis, MN 55437 or in the UK at Maple House, Woodland Park, Cleckheaton, BD19 6BW.