Kenesto® Corporation
Your privacy is our priority. This privacy policy governs the use of Kenesto Corporation (“we”, “us”, “our”, or “Kenesto”)’s cloud-based product document management services (the “Service”) and Kenesto’s website at www.Kenesto.com (the “Website”). This privacy policy explains and describes the ways we collect and use your personal data and the rights and options available to you with respect to this data. This privacy policy (the “Policy”) is incorporated into our Terms of Service Agreement (collectively, the “Terms”).
Data Controller and Data Processor
Kenesto’s Service is available to those entities who accept our Terms and subscribe to our Service (a “Customer”). Customers, through their registered and authorized users (each, a “User”) will be able to store data on our Service (your “Customer Data”). Kenesto does not own, control or direct the use of the Customer Data stored or processed by a Customer or User via the Service. Only the Customer or Users are entitled to access, retrieve and direct the use of such Customer Data. Kenesto does not directly access Customer Data except as authorized by the Customer, or as necessary to provide the Service to the Customer and/or its Users. For purposes of the European General Data Protection Regulation (“GDPR”), Kenesto is the data processor of its Customers’ Customer Data. . Except as provided in this Policy, Kenesto does not independently cause Customer Data containing personal data (as defined in the GDPR) stored in connection with the Service to be transferred or otherwise made available to third parties, except to Kenesto’s third party subcontractors who may process such data on behalf of Kenesto in connection with Kenesto’s provision of the Service to its Customers.
Personal Data That You Provide
When you register with the Service, we will ask you to provide certain personal details such as your name, e-mail address, physical address, phone number, company name and payment information . The Service is not intended for use by persons under the age of 18. If you are not 18 years old or older, then you may not register with the Service and must not provide us any personal details.
Additional Personal Data That We Collect
In addition to the data you provide, we may further collect data when you use the Service and/or the Website. For example, this data may include the frequency and scope of your use of the Service or the Website, the Internet protocol (IP) address and the name of the domain that serve you to access the Service or the Website, your browser type and the geographic location of the computer system that you are using to log-in.
What Do We Do With Your Personal Data?
We may use personal data for the following purposes:
- To operate the Service and enable you and other users to use it;
- To improve and customize your experience with the Service and Website;
- To provide you with customer services and support;
- To send you Service-related updates, notices and announcements;
- To contact you with respect to the Service and related issues;
- To send you marketing and advertising material. At any time, you may opt out of the mailing lists, by changing your preferences in your personal account. In any case, we will not share your personal identifiable details with any advertisers, without your explicit consent;
- To enforce our Terms;
- To conduct surveys and questionnaires;
- To comply with any applicable law and assist law enforcement agencies under any applicable law, when we have good faith to believe that our cooperation with the law enforcement agencies is legally mandated or meets the applicable legal standards;
- To collect fees and debts;
- To prevent fraud, misappropriation, infringements, identity thefts and any other misuse of the Service and/or the Website;
- To take any action in any case of dispute, or legal proceeding of any kind between you and us, or between you and other users or third parties with respect to, or in relation with the Service and/or the Website;
- We may also use your personal data in other ways, provided that we provide specific notice at the time of collection and obtain your consent where necessary.
Legal Basis for Processing Your Personal Data Under the GDPR
To process your personal data, we rely on certain legal grounds, depending on how you interact with our Service and Website.
- When you use the Service, we need your personal data to fulfill our contract with you. For example, we need your contact details and payment info to provide you access to the Service.
- When you use our Service, for certain purposes we rely on your consent for processing to fulfill our contract with you.
- We also rely on other legal grounds, such as our legitimate interests as a business, to comply with a legal obligation, or to protect your vital interests.
How Do We Share Data With Others?
We do not sell, rent or lease your personal data. We may share personal data with others subject to your explicit consent or in any of the following instances:
- We may engage third-party service providers, such as hosting service providers and data centers, to work with us to administer and provide the Service. These third-party service providers may have access to your personal data only for the purpose of performing services on our behalf and are expressly obligated not to disclose or use your data for any other purpose;
- If we believe that you have breached the Terms or abused your rights to use the Service and/or the Website or performed any act or omission that we believe to be violating any applicable law, rules, or regulations. In these cases, we may share your data with law enforcement and other competent authorities as well as with other third parties, as may be required to handle your wrongdoings;
- If we are required, or believe that it is required by law to share or disclose your data;
- In any case of dispute, or legal proceeding of any kind between you and us, or between you and other users or third parties with respect to, or in relation with the Service and/or the Website. In these cases we will share your data to the extent required to handle the dispute or the proceedings;
- In any case where we believe that sharing data is necessary to prevent imminent physical harm or damage to property;
- If we organize the operation of the Service and/or the Website through a different legal structure or entity, or if we are acquired by, or merged with another entity, provided however, that those entities agree to be bound by the provisions of this Policy;
- We may also share personal data with affiliate companies such as subsidiaries, sister-companies and parent companies for purposes consistent with this Policy.
How Do We Use Aggregated Data?
We will use anonymous, statistical or aggregated data collected through the use of the Service and/or Website to properly operate the Service and the Website, to modify and improve the Service’s and the Website’s features, to enhance your experience with the Service and the Website, to create new services and features, including customized services, and for other internal, commercial and statistical purposes. We may share the data with third parties, such as suppliers, business partners, sponsors and affiliates, provided however, that the data will not identify you and that we will not knowingly, or intentionally use the data to reveal your identity without your consent.
Your Rights Relating to Your Personal Data
You may update, correct, or delete your account data and preferences at any time by accessing your account settings page on the Service. Please note that while any changes you make will be reflected in active user database instantly or within a reasonable period of time, we may retain all data you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so,
You may decline to share certain personal data with us, in which case we may not be able to provide you the Service. At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law.
If you would like data in relation to your rights or would like to exercise any of them, you may contact us via [email protected] or our postal address provided below. If you reside or are located in the European Economic Area (“EEA”), you may ask us to take the following actions in relation to your personal data that we hold:
- Opt-out. Stop sending you direct marketing communications. You may continue to receive Services-related and other non-marketing emails.
- Access. Provide you with data about our processing of your Personal data and give you access to your personal data.
- Correct. Update or correct inaccuracies in your personal data.
- Delete. Delete your personal data.
- Transfer. Transfer a machine-readable copy of your personal data to you or a third party of your choice.
- Restrict. Restrict the processing of your personal data.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal data that impacts your rights.
We may request specific data from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal data or response to your requests regarding your personal data, you may contact us at [email protected] or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
Where Is Your Personal Data processed?
The personal data we collect (or process) in the context of our Services and Website will be stored in the USA and other countries. Some of the data recipients with whom we share your personal data may be located in countries other than the country in which your personal data originally was collected. The laws in those countries may not provide the same level of data protection compared to the country in which you initially provided your data. Nevertheless, when we transfer your personal data to recipients in other countries, including the USA, we will protect that personal data as described in this Privacy Policy and in compliance with applicable law.
We take measures to comply with applicable legal requirements for the transfer of personal data to recipients in countries outside of the EEA that do not provide an adequate level of data protection. We use a variety of measures to ensure that your personal data transferred to these countries receives adequate protection in accordance with data protection rules; this includes signing the EU Standard Contractual Clauses, verifying the recipient has adopted Binding Corporate Rules or adheres to the EU-US and Swiss-US Privacy Shield Framework.
Data retention
We will retain your personal data for as long as your account is active or as needed to provide you with the Service and as required to comply with any legal obligation, to resolve disputes and to enforce our Terms. If you wish to cancel your account or request that we no longer use your data to provide you the Service, please contact us at: [email protected].
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you), in which case we may use this data indefinitely without further notice to you.
Cookies
We use cookies. Cookies are packets of information sent by a website’s servers to your web browser and then sent back by your browser each time you access the website’s servers. We may link the information we store in cookies to any personal data you submit while using the Service. For example, we may use cookies to make your log-in easier, by saving you the need to re-enter your username and password each time you log-in. In this case, the cookie that stores your log-in information will be linked with your personal account.
The cookies may contain a variety of information, such as session durations, the IP address that you use to access the Service and other pieces of data that help us maintain and enhance user interaction.
Some of the cookies may expire when your browsing session ends and you exit your browser, however other cookies are saved on your computer’s hard drive. If you wish to block the Service’s and/or Website’s cookies, then please use the help button in your browser and follow the necessary instructions. However, bear in mind that disabling cookies may complicate or even prevent your use of the Service, or certain features of the Service.
Links to Other Sites
We may provide links to other websites that we do not own or control. We are not responsible for the privacy practices of these sites. Therefore, we encourage you to be aware when you leave the Service or Website and to read the privacy statements of websites that collect personal data.
Information Security
We implement standard information security tools and procedures to secure your personal data, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information, as provided by our cloud hosting services provider. Among such security methods is the storing of information on cloud services, firewalls, encryption codes, hashing and authentication procedures. Furthermore, we implement employee supervision and prevent unnecessary access to data.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the information’s absolute security. If you have any questions about security on our Service, you can contact us at [email protected].
Please keep your log-in details safe. We strongly advise that you do not share this information with any third parties or leave it exposed. Furthermore, we strongly advise you to change your password from time to time.
Kenesto Corporation Data Protection Officer
Kenesto has a “Data Protection Officer” or its equivalent who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached at the following address: Kenesto Corporation, c/o Pearl Cohen Zedek Latzer Baratz LLP 131 Dartmouth Street, Boston, MA 02116.
Privacy Statement Changes
We may update this Policy to reflect changes to our data practices. If we make any material changes we will ask you to provide your consent, the next time you log-in to the Service. If you do not provide your consent to the amended terms, you may not use of the Service. We strongly encourage you to periodically read our Policy and keep yourself informed of our practices.
Contacting us
You may contact us regarding this Policy send us requests, responses, questions and complaints, by using the Contact Us form on our website, emailing us at [email protected] or postal mail: Kenesto Corporation, c/o Pearl Cohen Zedek Latzer Baratz LLP 131 Dartmouth Street, Boston, MA 02116.
Update date: June 28, 2019