Privacy Notice: Clients/End Users
July 6, 2020
Kipsu, Inc. (“Kipsu”, “we”, “our”, or the “Company”) and its subsidiaries are committed to protecting the privacy of individuals who visit the Company’s website (“visitors”), individuals who have signed a service agreement with the Company (“clients”) to use our on-demand real time online engagement platform (“services”) and the guests of our clients who elect to use our services to communicate with our clients (“end users”).
Below is a description of what data we gather from clients and end users of our services. Also, included below is a description of why we collect client and end user data, how we use the data we collect, and information on your choices regarding use, access and correction of personal information. Throughout this notice, “data” includes personal information about you. If you are interested in learning more about our practices regarding data that we collect as a visitor to Kipsu’s publicly-accessible website, click here.
How You May Contact Us
You may contact us via email at email@example.com. Or, you may write to us at the address listed below.
Attn: Privacy Officer
100 S 1st Street #583491
Minneapolis, MN 55458
Data We Collect
Data you give to us directly. When our clients contract to use our service, we ask for personal contact information such as the name, mobile phone number, passwords and email addresses of client staff authorized to use the services. If a client’s guest or patron elects to use our messaging service, our client will also collect the end user’s personal contact information such as their name and mobile phone number and enter that information into our services.
Kipsu’s clients may also interface our services to other systems to bring in additional end user data to enhance their communications with their guests. When clients interface our services or application with other systems, the additional data collected is dependent upon and specific to the clients. For example, clients may interface Kipsu with their property management system or service ticketing system.
Data we collect from you automatically. When clients use our application, we automatically collect data regarding the clients’ browser and log files, operating system, internet protocol (IP) address, domain name internet service provider, geographic location, date/time stamp, and click stream data, including the pages visited while on our web application.
Please see Data We Collect above, and How We Can Use Data, How We May Disclose Data, Where We Store Data, Cross-Border Transfers, Your Choices Regarding Your Client and End User Data, Security, Cookies and Other Technologies; Do Not Track, Links to Other Websites, Retention and Children below.
How We Can Use Data
We can use the data that we collect for the following purposes, subject to applicable law and as outlined in our service agreement, including:
- The purposes for which the client provided it and as outlined in the Kipsu-client signed service agreement;
- To provide our services to clients, including any notifications or updates relating to the services;
- To process and respond to client inquiries and comments (for example, regarding service ticket requests);
- To improve the Kipsu services or to develop new services;
- To contact clients with information, including marketing information, that we believe will be of interest to them;
- To aggregate or de-identify data, we can share aggregated or de-identified data relating to clients and end users of the Kipsu services with any third party for any purpose;
- To analyze how clients use Kipsu’s services;
- To allow us to personalize and enhance the clients experience using the services;
- To reach out to clients via telephone, email or text regarding the services;
- As otherwise stated in this notice.
Please see Data We Collect and How We Can Use Data above, and How We May Disclose Data, Where We Store Data, Cross-Border Transfers, Your Choices Regarding Your Client and End User Data, Security, Cookies and Other Technologies; Do Not Track, Links to Other Websites, Retention and Children below.
How We May Disclose Data
Data can be disclosed to third parties in accordance with this notice, subject to applicable law. Please note that an end user can choose not to share certain data. See Your Choices Regarding Client and End User Data.
- Third Parties and Service Providers. We can use third parties or service providers to perform functions in connection with our services for example, such as our hosting service provider and service providers that assist with the transmission of data or to perform any of the actions or activities allowed under this notice. We can share data about client and end users that they need to perform their functions and in accordance with our agreements with them. We do not permit our third party service providers to use the data we share with them for their marketing purposes.
- Client Subsidiaries and Affiliates. We can share client and end user data with client owners, subsidiaries, licensees, affiliates, successors, or other entities related to our client for the purposes of managing the services offering at client sites.
- Kipsu Subsidiaries. We can also share your data with any subsidiaries of ours for purposes consistent with this notice. Any subsidiary of ours will be required to maintain that data in accordance with this notice.
- Aggregated or De-identify Data. We can share aggregated or de-identified data relating to clients and end users of the Kipsu services with any third party for any purpose.
- Business Changes. If we become involved in a merger, acquisition, sale of assets, divestiture, joint venture, securities offering, financing, bankruptcy, reorganization, liquidation, dissolution, or other transaction or if the ownership of all or substantially all of our business otherwise changes, we can share or transfer client and end user data (including, without limitation, in connection with due diligence for any such transaction) to a third party or parties in connection therewith and it can be used subsequently by such third party or parties.
- Investigations and Law. To the extent permitted by applicable law, we can disclose data about client and end users to third parties to:
- Comply with law, in response to subpoenas, warrants, or court orders, or in connection with any legal process or cooperate with government or law enforcement agencies or officials or private parties, including laws outside of the client and end users’ country of residence;
- Protect our rights, reputation, safety and property or in an emergency, or that of our users or others;
- To resolve disputes;
- Protect against legal liability;
- Establish or exercise our rights to defend against legal claims; or
- To investigate, prevent or take action regarding suspected illegal activities, suspected fraud, the rights, reputation, safety or property of us, client and end users or others, violation of our policies or agreements or as otherwise required by law.
- For any other purpose disclosed by client or Kipsu to provide our services.
Please see Data We Collect, How We Can Use Data and How We May Disclose Data above, and Where We Store Data, Cross-Border Transfers, Your Choices Regarding Your Client and End User Data, Security, Cookies and Other Technologies; Do Not Track, Links to Other Websites, Retention and Children below.
Where We Store Data
We store the data that we collect on servers located in the United States. Therefore, client and end user data can be processed and stored in the United States. As a result, United States federal and state governments, courts, or law enforcement or regulatory agencies may be able to obtain disclosure of your data through laws applicable in the United States. By using Kipsu’s services, you understand that the data can be transferred to countries outside of the country the services are provided, including the United States, which may have data protection rules that are different from those in which the services were provided.
For transfer of your personal information from the European Economic Area to countries that are not considered adequate by the European Commission, we have put in place adequate measures. We participate in the EU-U.S. Privacy Shield Framework regarding the collection, use and retention of personal information from European Union member countries. We have certified with the U.S. Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield Principles, visit https://www.privacyshield.gov/welcome. If you have any inquiries or complaints about our handling of your personal information under Privacy Shield, or about our privacy practices generally, please contact us by email at firstname.lastname@example.org. If you have a Privacy Shield complaint that we have not otherwise satisfactorily addressed with you directly, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield. Under certain conditions, as more fully described at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you can pursue binding arbitration when other dispute resolution procedures have been exhausted.
Please see this privacy notice regarding:
- the types of personal information we collect,
- the purposes for collection and use of such personal information,
- the types of third parties to which we can provide personal information and the purposes for which we can do so; and
- the right of individuals to access their personal information and the choices and means we offer individuals for limiting the use and disclosure of their personal data.
If we transfer personal information received under the Privacy Shield to a third party, the third party's access, use and disclosure of the personal data must also be in compliance with our Privacy Shield obligations, and we will remain liable under the Privacy Shield for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage.
Please see our Privacy Shield registration at https://www.privacyshield.gov/list. We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). We may be required to disclose personal information that we handle under the Privacy Shield in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Please see Data We Collect, How We Can Use Data, How We May Disclose Data and Where We Store Data, and Cross-Border Transfers above, and Your Choices Regarding Your Client and End User Data, Security, Cookies and Other Technologies; Do Not Track, Links to Other Websites, Retention and Children below.
Your Choices Regarding Your Client and End User Data
Choices regarding the use of your client and end user data.
Changing Data. Clients and end users can make changes to their data, including accessing the data, correcting or updating the data or deleting the data by emailing us at email@example.com.
Email Communications. Clients and end users can make changes regarding receiving email communications from us by emailing us at firstname.lastname@example.org or by contacting us at:
Attn: Privacy Officer
100 S 1st Street #583491
Minneapolis, MN 55458
Withdrawing Consent. Clients or end users may withdraw consent to our processing of your personal information at any time emailing us at email@example.com or by contacting us at:
Attn: Privacy Officer
100 S 1st Street #583491
Minneapolis, MN 55458
Although we use administrative, technical and physical measures to help protect the data you submit via the Kipsu website and services from accidental or unlawful destruction, loss or alteration and from unauthorized access, use, or disclosure, we cannot guarantee its absolute security. No internet or electronic communication transmission is ever fully secure or error free. Internet or electronic communications, including those sent through Kipsu’s service, may not be secure. You should use caution whenever submitting data through Kipsu’s service and take special care in deciding which data is provided to us. We encourage you to take steps to help protect the confidentiality and security of your data.
Please see Data We Collect, How We Can Use Data, How We May Disclose Data and Where We Store Data, Cross-Border Transfers, and Your Choices Regarding Your Client and End User Data and Security above, and Cookies and Other Technologies; Do Not Track, Links to Other Websites, Retention and Children below.
Cookies and Other Technologies; Do Not Track
- Cookies. Cookies are small text files that are stored on your computer. Persistent cookies remain on the visitor’s or user’s computer after the browser has been closed. Session cookies exist only during a visitor’s or user’s online session and disappear from the visitor’s or user’s computer when they close the browser software. You can instruct your browser to stop accepting cookies. But if you do not accept cookies, you may not be able to use all portions or all functionality of the Kipsu website.
- Web Beacons. Web beacons or tags (small images embedded into websites or emails that send data about your computer when you visit the Kipsu website, or open an email we send to you) may be used either by us.
- Local Shared Objects. We can use Local Shared Objects, which can be placed by using our web chat or web application services.
- Third parties may collect personally identifiable information about an individual user's online activities over time and across different internet services when a user uses the Kipsu website. Below is a link to a resource regarding online tracking:
For Google Analytics, please see https://policies.google.com/privacy, https://policies.google.com/technologies/partner-sites, https://www.google.com/analytics/terms/ and https://tools.google.com/dlpage/gaoptout.
- Do Not Track. At this time, we do not respond to “Do Not Track” signals sent from Web browsers or other mechanisms that provide users the ability to exercise choice regarding the collection of personally identifiable information about a user’s online activities over time and across third party internet services.
Please see Data We Collect, How We Can Use Data, How We May Disclose Data and Where We Store Data, Cross-Border Transfers, Your Choices Regarding Your Client and End User Data and Security, and Cookies and Other Technologies; Do Not Track above, and Links to Other Websites, Retention and Children below.
Links to Other Websites
We will retain the personal information for as long as reasonably necessary for the purposes described in this notice, as agreed upon in our services agreements, while we have a legitimate business need to do so, or as required by law (for example, for legal, tax, accounting or other purposes), whichever is the longer.
To determine the appropriate retention period for the personal information, we will consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which we use the personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
We do not knowingly collect any personal information directly from individuals under the age of 18. If you are under the age of 18, please do not access, use, or submit any personal information through the Kipsu website. If you have reason to believe that we may have accidentally received personal information from an individual under age 18, please contact us immediately via email at firstname.lastname@example.org.
Changes to This Privacy Notice
We reserve the right to update or modify this notice at any time and from time to time. Please review this notice periodically, and especially before providing any data. This notice was made effective on the date indicated above.