- On the Platform.
- In email, text, and other electronic messages between you and the Platform.
- Through mobile and desktop applications you download from the Platform, which provide dedicated non-browser-based interaction between you and the Platform.
It does not apply to information collected by:
- Us offline or through any other means, including on any other website operated by us or any third party.
- Any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Platform.
While using the Platform we may collect your name, email, address, telephone number, company name and address, organization information, and other personal identifying details. We may also collect payment information that you make available to us for your use of the Platform. Please be aware that this payment information will be stored by third-party payment processors. In connection with your use of the Platform, we may collect personally identifiable information, including your name, postal address, email address, username, password (not in human readable format), login information, and contact information. We may also collect your personal information that you make available to us from third parties in connection with use of the Platform.
Whenever you use the Platform, we may collect non-identifying information from you, such as your IP address, interactions with the Platform, query information, location information, pricing data, research history, location and GPS information, referring URL, browser, application interaction, mobile provider information, operating system, data usage, data transferred, and Internet Service Provider.
Use of Information
This section explains how we plan on using your information. You agree that we may use your information, including your personally identifiable information:
- To present the Platform and its contents to you.
- To provide you with information, products, or services that you request from us.
- To enhance or improve your user experience.
- To improve the Platform.
- To recognize you when you return to the Platform.
- To email you newsletters and marketing.
- To store information about your preferences.
- To understand how you communicate and use the Platform.
- To contact and correspond with you and to respond to your inquiries.
- To process your transactions.
- To ask for ratings and reviews of services or products.
- To have follow-up correspondence (live chat, text, call, email, voice, screen share) with you.
- To carry out our obligations and enforce our rights arising from any contracts or agreements entered into between you and us, including for billing and collection.
- To notify you about changes to the Platform or any products or services we offer or provide through the Platform.
- In any other way we may describe when you provide the information.
- To fulfill any other purpose for which you provide it.
- For any other purpose with your consent.
Disclosure of Your Information
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
- To our subsidiaries and affiliates.
- To contractors, service providers, and other third parties we use to support our business.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about the Platform users is among the assets transferred.
- To fulfill the purpose for which you provide it.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
We may also disclose your personal information:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- To enforce or apply our Terms of Service and other agreements, including for billing and collection purposes.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Kennected, our customers, or others.
Accessing, Editing, and Removing Your Information
If you have submitted information to the Platform, you may be unable to edit that information. When using the Platform, you may be able to access and edit your information via the Platform dashboard. However, you will be unable to opt out of any of our data collection practices via the Platform. If at any time, you have any questions or wish to review, change, or delete any of your information collected by us, please contact us at email@example.com. Additionally, if you would like us to permanently remove any accessible copies of your information, please contact us at firstname.lastname@example.org. After you have cancelled your account please be aware that we may keep inaccessible copies of your information for a commercially reasonable period of time for reasons such as prevention of fraud, troubleshooting problems, assisting with any investigations, enforcing our legal terms and/or complying with applicable legal requirements.
Cookies and Other Tracking
Commercial, Non-Commercial Communications, and Do Not Track
If you decide to provide us with your contact information, you agree that we may send you communications via phone, text, and email. However, you may unsubscribe from certain communications by notifying Kennected that you no longer wish to receive these communications, and we will endeavor to promptly remove you from our notification listings once we have received that request. We currently do not offer website functionality for you to opt out of any “do not track” listings. If you wish to opt out of certain communications or information collection, please contact us at email@example.com.
Plugins are tools which allow users of the Platform to access and view content on the Platform. We may use data capture, syndication analysis, and other similar tools to track, extract, compile, aggregate, and analyze any data or information resulting from use of a plugin. If you object to our use of any of the foregoing, you should immediately stop using the plugins.
Third Party Access to Your Information
Workplace Provided Information; Enterprise Accounts
Others buying our services for your use, such as your employer, may provide us with personal data about you and your eligibility to use the services that they purchase for use by their workers. Your employer may offer you access to our enterprise services. Your employer may review and manage your use of such enterprise services, and certain of your data may also be made available to your employer or be connected with information we receive from your employer to enable these tools and services.
We make reasonable attempts to protect your information by using physical and electronic safeguards. However, because the Platform is hosted electronically, we can make no guarantees as to the security or privacy of your information. For this reason, we recommend that you use anti-virus software, routine credit checks, firewalls, and other precautions to protect yourself from security and privacy threats.
No one under age eighteen (18) may use or provide any information to or on the Platform. We do not knowingly collect personal information from children under age eighteen (18). If you are under the age of eighteen (18), do not access or use the Platform or provide any information to the Platform. If we learn we have collected or received personal information from a child under age eighteen (18), we will delete that information. If you believe we might have any information from or about a child under age eighteen (18), please contact us at firstname.lastname@example.org.
If You are Located in the EU or UK
The General Data Protection Regulation (“GDPR”) is a regulation in EU law on data protection and privacy for all individuals within the EU. For EU residents, the regulation aims to increase residents’ control over their personal data. GDPR and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
- We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
- We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our services or at your request prior to entering into a contract with you.
- We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
- Send users information about special offers and discounts on our products and services.
- Analyze how our services are used so we can improve them to engage and retain users.
- Diagnose problems and/or prevent fraudulent activities.
- Understand how our users use our products and services so we can improve user experience.
- We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
- We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
Compliance with GDPR
The following are some of the actions we have taken to ensure we are compliant:
We take the security of the data we manage very seriously. Kennected takes all reasonable and appropriate steps to protect your personal information, including encrypting such information, maintaining readily accessible steps to limit access, working to detect unauthorized access, and not storing such information any longer than we need to.
Our privacy team has analyzed the requirements of GDPR and is working to enhance our policies, procedures, contracts, and platform features to ensure we comply with GDPR and enable compliance for our customers.
We take multiple steps to prevent eavesdropping between you and our systems, as well as within our infrastructure. All network traffic runs over SSL/HTTPS, the most common and trusted communications protocol on the Internet. Internal infrastructure is isolated using strict firewalls and network access lists. Each system is designated to a firewall security group by its function. By default, all access is denied and only explicitly allowed ports are exposed.
If we see an issue, we will react quickly and attempt to remedy the issue. If we do find something out of place, we will endeavor to address the issue in a manner that prevents a reoccurrence of such issue. We have invested in helping ensure we can detect and respond to security events and incidents that impact the Platform’s infrastructure.
We are frequently updating our systems to protect your data. Our virtual systems are replaced on a regular basis with new, patched systems. System configuration and consistency are maintained using a combination of configuration management, up-to-date images, and continuous deployment. Through continuous deployment, existing systems are decommissioned and replaced by up-to-date images at a regular interval. Only individuals who need access, get access. Production system access is limited to key members of the Kennected engineering team. At a minimum, authentication requires two factors including asymmetric RSA public/private keys and a time-based crypto token.
Even though we have endeavored to design secure systems and procedures, we regularly perform security tests to identify and remediate potential vulnerabilities. We also conduct periodic penetration tests with expert third-party vendors to help keep our applications safe and secure. These tests cover network, server, database, and in-depth testing for vulnerabilities inside Kennected applications.
We endeavor to prevent single points of failure. Even if there is an interruption to one system, the rest of our services stay up and secure. We physically separate the database instances from application servers and heartily believe in the mantra of single-function servers. All login pages pass data via SSL/TLS for public and private networks, and only support certificates signed by well-known certificate authorities. All email and CRM credential related data are encrypted while in transit as well as at rest using military-grade encryption to ensure the security of user IDs and passwords. Kennected application passwords are hashed and even our own staff cannot retrieve them. If lost, the password must be reset.
To improve, debug, or prevent fraud on the Platform, we keep a variety of logs. We make sure logs are destroyed no more than 3 months after their collection date.
We allow a user to download any data that user provides to us. This allows for easier migration to other services.
Systematic Pseudonymization of Non-Public Data
Our applications pseudonymize data to help ensure the privacy of data subjects. Any attribute that does not need to remain in its original form is truncated to remove any possibility to be linked back to a specific data subject.
If You are Located in Canada
We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.
In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:
- If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way.
- For investigations and fraud detection and prevention.
- For business transactions provided certain conditions are met.
- If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim.
- For identifying injured, ill, or deceased persons and communicating with next of kin.
- If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse.
- If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province.
- If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records.
- If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced.
- If the collection is solely for journalistic, artistic, or literary purposes.
- If the information is publicly available and is specified by applicable regulations.
Additional Privacy Rights
In some regions (like the EEA, UK, and Canada), you have certain rights under applicable data protection laws. These may include the right (a) to request access and obtain a copy of your personal information, (b) to request rectification or erasure of your personal information, (c) to restrict the processing of your personal information, and (d) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us at email@example.com.
We will consider and act upon any request in accordance with applicable data protection laws.
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find contact details here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
If you are located in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.
Your State Privacy Rights
Residents of certain states, such as California, Nevada, Colorado, Virginia, Connecticut, and Utah may have additional personal information rights and choices. Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:
- Confirm whether we process their personal information.
- Access and delete certain personal information.
- Data portability.
- Opt-out of personal data processing for targeted advertising and sales.
Colorado, Connecticut, and Virginia also provide their state residents with rights to:
- Correct inaccuracies in their personal information, taking into account the information’s nature and processing purpose.
- Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.
To exercise any of these rights please contact us at firstname.lastname@example.org. If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at email@example.com. Within 60 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact your state’s Attorney General to submit a complaint.
Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise sale opt-out rights may submit a request to firstname.lastname@example.org. However, please know we do not currently sell data triggering that statute’s opt-out requirements.
Under the Virginia Consumer Data Protection Act (“CDPA”):
- “Consumer” means a natural person who is a resident of the Commonwealth of Virginia acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.
- “Personal Data” means any information that is linked or reasonably linkable to an identified or identifiable natural person. “Personal Data” does not include de-identified data or publicly available information.
- “Sale of Personal Data” means the exchange of personal data for monetary consideration.
If this definition of “Consumer” applies to you, we must adhere to certain rights and obligations regarding your Personal Data.
The information we collect, use, and disclose about you will vary depending on how you interact with us and the Platform.
Your rights with respect to your Personal Data
- Right to be informed whether or not we are processing your Personal Data.
- Right to access your Personal Data.
- Right to correct inaccuracies in your Personal Data.
- Right to request deletion of your Personal Data.
- Right to obtain a copy of the Personal Data you previously shared with us.
- Right to opt out of the processing of your Personal Data if it is used for targeted advertising, the Sale of Personal Data, or profiling in furtherance of decisions that produce legal or similarly significant effects.
We have not sold any Personal Data to third parties for business or commercial purposes. We do not intend to sell Personal Data in the future belonging to website visitors, users, and other Consumers.
Exercise your rights provided under the Virginia CDPA
If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.
We may request that you provide additional information reasonably necessary to verify you and your Consumer’s request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.
Upon receiving your request, we will respond without undue delay, but in all cases, within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.
Right to appeal
If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at email@example.com. Within 60 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact the Virginia Attorney General to submit a complaint.
Withdrawing Your Consent
If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us at firstname.lastname@example.org or updating your preferences.