Last updated: October 10, 2020
1. Data Collection and Storage
1.1. Kyoo enables its Customers to collect, import, upload and store a variety of data about the Persons using the Products in the Customer Properties.
1.2. The Customer Data may be collected and imported into the Products via the following ways:
i. Wireless and wired sensors and systems. Kyoo provides Customers with software solutions, integrations and APIs that enable the Customer to provide access control and authentication for Persons who wish to utilise wireless or wired connection that is provided by the Customer to access the Internet or other computer networks in Customer Properties and to collect usage, location, and other data from their Devices.
ii. Online Customer Properties. As part of the Products, Kyoo provides Customers with tools and technologies to collect information on Persons who are using their online resources (such as websites and smartphone apps) and upload this information into the Products.
iii. Order and Point of Sale systems. Kyoo API and supported Third-Party Platforms integrations may enable the Customer to upload Customer Data from third-party platforms into the Products. Such information may include items that Person has ordered, total sale values, shopping preferences and more.
iv. Other sources. Kyoo API and Customer Data import tools that are available to Customers as part of the Products enable importing and uploading Person’s data from any other electronic system or service.
v. Manual entry. Customers may also create and update Customer Data stored in the Products by manually creating and editing the entries via the Dashboard.
vii. Explicit Consent Requirement. The Products do not permit collection data on Persons unless the explicit consent is provided by this Person.
2. Data Ownership
2.1. The Customer retains all rights, title and interest (including any and all intellectual property rights) in and to the Customer Data as provided to Kyoo or collected by use of Kyoo Products. Subject to the terms of this Agreement, Customer hereby grants to Kyoo a non-exclusive, worldwide, royalty-free right to use, copy, store, transmit, modify, create derivative works of and display the Customer Data solely to the extent necessary to provide the Products to the Customer.
3. Access to Customer Data
3.1. Kyoo may provide access to Customer Data as described below:
i. To our Affiliates, Agents and Contractors. We may share information with our approved third parties that help us operate our business and provide our Products, such as contractors that provide us with technology, Products, data or content.
ii. For Legal Reasons. We may share information when we are required to do so under the law; enforce or apply our agreements; or protect the rights, property, or safety of Kyoo, our Customers, our employees, or others. This may include exchanging information with other companies and organizations for fraud protection and credit risk reduction.
iii. Changes in the structure or ownership. We may transfer the information we hold in the event we sell or transfer all or a portion of our business or assets (such as in connection with a merger, acquisition, reorganization, dissolution or liquidation) or take steps in anticipation of such a transaction.
iv. At Customer's Request. At the request of a Customers, we may disclose of information we hold for that Customer.
v. Aggregated or De-identified Information. We may share aggregated or de-identified data without restriction but only when permitted by law.
vi. Opt-out and Data Ownership Rights. The law in certain countries (such EU’s GDPR) give Persons’ rights to access, correct, update or delete their personal information. The law may also give additional rights to object to the processing of such information or to withdraw Person’s consent to the processing of this information. Customers must provide the Persons whose information is stored in the Products a clear way to execute such rights.
vii. Kyoo Partners. Kyoo reseller Partners do not have access to Customer Data unless the Customer has explicitly permitted such access. We advise Customers to only permit such access on a case-by-case basis.
4. Protection of Underaged
4.1. Children's Privacy. If Customer believes that any child under 13 has provided the Customer with any personal information, the Customer must make all reasonable efforts to ask that the parent or guardian of that child contacts the Customer to ensure that such information is deleted from the Service. Customer must also honour similar requests from parents and guardians in jurisdictions where the age threshold provided by law is higher.
5. Data Processing
5.1. Our data processing rules as outlined in the Agreement clearly articulate our privacy commitment to the Customers. More recently, we have specifically updated these terms to reflect the GDPR to facilitate our customers’ compliance assessment and GDPR readiness when using Kyoo Products.
i. Processing According to Instructions. Any data that the Customer and its users put into our systems will only be processed in accordance with the Customer’s instructions, as described in the Agreement.
ii. Personnel Confidentiality Commitments. All Kyoo employees, contractors and agents are required to sign a confidentiality agreement and complete mandatory confidentiality and privacy training. Kyoo specifically addresses responsibilities and expected behaviour with respect to the protection of information.
iii. Use of Subprocessors. Kyoo directly conducts the majority of data processing activities required to provide the Products. However, we do engage some third-party vendors to assist in supporting these Products. Each vendor goes through a rigorous selection process to ensure it has the required technical expertise and can deliver the appropriate level of security and privacy.
iv. Data Return and Deletion. Dashboard Users with
administrative privileges can export Customer Data, via the functionality of the
Dashboard Products (consult Specifications for further information), at any time
during the term of the Agreement. We have included data export commitments in
our data processing terms for several years and updated them to reflect the
GDPR. We are continuously working to enhance the robustness of the data export
capabilities and make it even easier to download a copy of your business’ data
securely from Kyoo. You can also delete Customer Data, by contacting
Kyoo Support via the Dashboard, at any time. When Kyoo receives a
complete deletion instruction from you, Kyoo will delete the relevant
Customer Data from all its systems within a maximum period of 180 days unless
retention obligations apply.
6. Restricting collection and storage of personal information
6.1. Laws in certain countries may require limiting or otherwise restricting the storage of information about the Persons (for example the Customer may only be able to store the phone numbers and corresponding smartphone identification but not the email addresses or names). Kyoo Products can be configured by the Customer not to store such information.
7. End-user Terms and Conditions
7.1. The Customer is responsible to provide Persons who are accessing the Products with End-User Terms outlining how their information will be stored and processed.
7.2. Kyoo provides the Customer with solutions to make these documents available to Persons who are accessing the Products and to record their acceptance of the End-User Terms. Kyoo also provides solutions to version the End-User Terms and to record the acceptance of changes by the Persons.
8. Contacting Kyoo