Privacy Notice: Privacy Shield
June 22, 2018
Kipsu, Inc.’s Notice of Certification Under the EU-U.S. Privacy Shield Framework
Effective as of June 22, 2018
Kipsu, Inc. (“Kipsu,” “we,” or “us,”) has certified our services, for which we act as a data processor, under the EU-U.S. Privacy Shield Framework (the certification can be found here).
Kipsu adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement, and Liability.
Scope: Kipsu, Inc.
Data processed: Kipsu provides a real time online guest engagement platform that allows our clients to communicate with their guests using SMS (short messaging service)/text, web chat, social messaging and other forms of communication. In providing these services, Kipsu processes data our clients submit to our services or instruct us to process on their behalf. While Kipsu’s clients decide what data to submit, it typically includes information about their staff’s email and contact information, and their guest’s name and mobile phone number. In such cases, we are acting as a data processor on behalf of and under the direction of our clients who act as the data controller. Kipsu does not collect sensitive personal information.
Purposes of data processing: Kipsu processes data submitted by clients for the purpose of providing Kipsu’s real time online guest engagement platform service to our clients. To fulfill this purpose, Kipsu may access the data to provide the services, to correct and address technical or service problems, or to follow instructions of the Kipsu client who submitted the data, or in response to contractual requirements.
Inquiries and complaints: In compliance with the Privacy Shield Principles, Kipsu commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Kipsu at firstname.lastname@example.org. Kipsu will respond within 45 days. Kipsu has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS at https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. If neither Kipsu nor our dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration through the Privacy Shield Panel
Third parties who may receive personal data: Kipsu uses a limited number of third-party service providers (such as our hosting services providers and service providers that assist with network data transmission) to assist us in providing our services to our clients. We do not permit our service providers to use the personal information we share with them for their marketing purposes. Kipsu may also share this information with the owners, subsidiaries, licensees, affiliates, successors, or other related entities of our clients for the purposes of managing the service offering at client sites. Kipsu maintains contracts with these parties restricting their access, use and disclosure of personal data in compliance with our Privacy Shield obligations. Kipsu remains potentially liable if any third-party service provider or agent that we engage to assist us does so in a manner inconsistent with the Privacy Shield Principles.
Your rights to access, to limit use and disclosure, and to deletion of personal data: EU individuals have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Privacy Shield certification, Kipsu has committed to respect those rights. If you wish to request access, to limit use, or to limit disclosure, please provide the name of the Kipsu client who submitted your data to our services. We will refer your request to that client, and will support them as needed in responding to your request. Kipsu may contact the data controller to confirm the authorization to amend or delete.
U.S. Federal Trade Commission enforcement: Kipsu’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Compelled disclosure: Kipsu may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.