Keyfactor, Inc. (“Keyfactor”) provides digital certificate issuance and management system services. At Keyfactor, the privacy and security of our customers and visitors are of paramount importance. Keyfactor is committed to protecting the data you share with us.
For the purposes of this Policy, Keyfactor defines the term “User” as an entity external to Keyfactor with which, or individual with whom, Keyfactor has an established business relationship and the term “Visitor” as an individual who visits our front-end website (i.e., https://www.keyfactor.com).
Keyfactor treats all information stored on its platforms as confidential. We store all information securely and permit access to such information to authorized personnel only. Keyfactor implements and maintains appropriate technical, security and organizational measures to protect Personal Data and Personal Information against unauthorized or unlawful access, processing, use, accidental loss, destruction, damage, theft and/or disclosure.
The following sections cover the specifics regarding each of the two groups from which data is collected—namely, website Visitors and Users.
If you are a Visitor to our website only, and not a User of our platform, then this section applies to you.
- Except where prohibited by applicable laws or regulations, a User or Visitor to this website will be deemed to have consented to Keyfactor’s collection and processing of select Personal Data or Personal Information. Keyfactor will seek your explicit, voluntary consent to process Personal Data and/or Personal Information that the company collects on this website or that you submit of your own accord to the site where and to the extent required by applicable law. Should you decline to consent to the processing of your Personal Data or Personal Information, please refrain from any further use this website.
- Keyfactor may collect and process the following Personal Data and/or Personal Information through your interactions with our website: your IP address; your first and last name; your postal and email address; your telephone number; your job title; select social network data; your areas of interest, including interest in Keyfactor products; certain information about the company for which you work (e.g., company name and address); and information pertinent to your relationship with Keyfactor.
- Keyfactor gathers data about visits to the company’s website. Such information includes, but is not necessarily limited to, the following: the number of Visitors; the number of unique visits; geolocation data; the length of time Visitors spend on the site; and the pages that Visitors click.
Keyfactor uses the Personal Data and Personal Information it collects to communicate with Visitors, to customize content for Visitors, to display ads on other websites of interest to Visitors, and to improve the website by analyzing how Visitors navigate the website.
Keyfactor may share Personal Data and Personal Information with service provider vendors or sub-processor contractors in order to provide a requested service or transaction or in order to analyze Visitor behavior on its website. If applicable, Keyfactor adheres to the notice and consent policies and practices set forth in the General Data Protection Regulation (EU) 2016/679 and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (“GDPR”) with respect to the onward transfer of Personal Data. When engaged in the onward transfer of Personal Data applicable to EU Data Subjects, Keyfactor facilitates the transfer of such Data under the auspices of the EU-U.S. Privacy Shield Framework. Keyfactor manages subsequent transfers via a third party that acts as an agent on its behalf. Keyfactor understands that it remains liable for any sub-processor agent’s improper transfer and/or processing of Personal Data where such processing is handled in a manner inconsistent with Privacy Shield principles and the requirements of the GDPR.
Please be aware that, when visiting Keyfactor’s site, Visitors may encounter links to other sites that lie outside of Keyfactor’s possession or control. Keyfactor is not responsible for the content or privacy policies that rest on the other sites.
Keyfactor collects certain types of data from Users in order to provide services to them. In this section, we will describe how Keyfactor collects and utilizes such data. We will also explain how geographical differences may affect the application of certain components of this Policy. If a User enters or transfers data such as texts, questions, contacts, media files, etc., into the Keyfactor website, that data remains the property of the User. Keyfactor cannot share such data with a third party without the express consent of the User.
A User may submit Personal Information and/or Personal Data such as the individual’s first and last name, the name of the company/employer for which the individual works, an email address, physical address, telephone number, and other relevant data during the User registration process on the Keyfactor platform and/or at some later date. Keyfactor utilizes such information to identify Users and provide them with support, services, mailings, sales and marketing actions, billing information and to meet various contractual obligations.
Keyfactor collects, processes, uses, stores and transmits the Personal Data of all European Data Subjects in the EU and EEA—whether they are Visitors to the site or Users of the same—in a manner consistent with the provisions of the GDPR.
In some instances, Keyfactor processes Personal Data as a Controller and in others as a Processor. We have based that assessment upon the definitions of those terms that are provided in the GDPR.
The Keyfactor entity by which you are employed or with which you, as a User external to Keyfactor, have entered into an agreement pertinent to the use of Keyfactor’s platform, is the Controller of User Personal Data for GDPR purposes. Keyfactor requires that all Users conduct the processing of such Personal Data in adherence to the provisions of the GDPR.
Keyfactor solely processes the Personal Information of Users whose accounts rest in the U.S. in data centers that are situated in the US. Keyfactor has adopted physical, technical and organizational safeguards for the protection of the Personal Information it processes in the U.S. Those measures substantially mirror the safeguards the company has implemented for the protection of EU Data Subjects’ Personal Data. Such safeguards are designed to protect the Personal Information in Keyfactor’s possession against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing. Keyfactor will promptly notify affected Users should it become aware that a party or entity has obtained unauthorized access to, or use of, the User’s Personal Information.
Keyfactor stores all Personal Information and other data collected by Keyfactor Users in secure hosting facilities maintained by vetted providers. We have entered into contracts with hosting providers that have been written in a manner designed to ensure that the providers perform all hosting duties in accordance with applicable security controls. Keyfactor works hard to protect and safeguard the Personal Information in the company’s possession and in keeping with all applicable laws and regulations governing the protection of such Personal Information.
Keyfactor will not retain the Personal Information in its possession longer than necessary to fulfill the purposes for which it was collected. We will comply with all applicable laws and/or regulations governing the retention of such data. Users must request that Keyfactor delete the Users’ data when necessary.
Keyfactor, Inc., is certified to facilitate the transfer of the Personal Data of European Data Subjects into and out of the EU and EEA under the auspices of the EU-U.S. Privacy Shield Framework (“Privacy Shield”). Developed as a joint effort of the U.S. Department of Commerce and the European Commission, the Privacy Shield empowers companies on both sides of the Atlantic to transfer Personal Data to and from the EEA in a manner consistent with the existing privacy and data protection regulations of both regions. Keyfactor has certified to the U.S. Department of Commerce that it will adhere to Privacy Shield Principles. Keyfactor’s participation in the EU-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission.
You may possess the option to select binding arbitration before the Privacy Shield Panel to resolve a complaint against Keyfactor under certain circumstances. Section C of Annex I to the Privacy Shield Principles explains in detail when an individual can invoke binding arbitration. For more information about the applicable process and procedures, please visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Keyfactor commits to resolve complaints about its collection or use of EU Data Subjects’ Personal Data in a manner compliant with Privacy Shield Principles and the provisions of the GDPR. Should you wish to inquire about Keyfactor’s treatment of an EU Data Subject’s Personal Data, or lodge a complaint related to Keyfactor’s failure to adhere to Privacy Shield Principles or applicable provisions of the GDPR, please contact Keyfactor at:
Attn: Data Protection Officer
6050 Oak Tree Blvd. Suite #450
Independence, OH 44131
Keyfactor has committed to refer unresolved Privacy Shield complaints to PrivacyTrust, an alternative dispute resolution provider located in the United Kingdom. If you do not receive timely acknowledgment of your complaint from Keyfactor, or if we fail to address your complaint to your satisfaction, please visit https://www.privacytrust.com/drs/keyfactor for more information or in order to file a complaint. PrivacyTrust’s services are provided at no cost to you.
Please visit the Privacy Shield website for further information. Should you wish to learn more about the Privacy Shield Framework, or view proof of Keyfactor’s Privacy Shield certification, please visit https://www.privacyshield.gov/list.
Keyfactor reserves the right to reveal a User’s Personal Information to a third party without his/her/their prior permission when the company has reason to believe that it must disclose such information in order to:
- (a) Establish the identity of, to contact, or to initiate legal proceedings against a person or persons who are suspected of infringing Keyfactor’s intellectual property rights in the company’s products or services; or
- (b) To protect the interests of others who could be harmed by the User’s activities or in instances in which entities or persons might (whether willfully or negligently) violate another party’s interests in rights and/or property.
Keyfactor also reserves the right to disclose Personal Information to third parties when necessary to comply with legal or regulatory obligations and/or law enforcement requests. Keyfactor will solely exercise the rights to which it alludes in this section in a manner that is consistent with the provisions of applicable data privacy/data protection laws and regulations.
Keyfactor limits access to your Personal Information to those employees and consultants who require access to such information in order to perform their jobs and provide products or services to you.
Keyfactor maintains physical, electronic, and procedural safeguards that are designed to comply with industry standards surrounding the protection of your Personal Information.
As Keyfactor collects and uses Personal Information about our customers for processing purposes, we reserve the right to contract with vendors who can assist us with such processing. Keyfactor requires that such vendors maintain the confidentiality of the Personal Information entrusted to them for processing and that they refrain from using such data for any purpose other than supporting Keyfactor’s provision of services to its customers.
Customers and Visitors may submit requests to Keyfactor in order to obtain access to, updates or deletion of their Personal Data or Personal information by contacting us as described in sections 11 or 12 below. If you submit such a request to Keyfactor, and we discover that we require the Personal Data or Personal Information at issue in order to provide the products or services you have purchased, Keyfactor will honor the request to the extent required by applicable laws and regulations. As part of that assessment, we will determine the extent to which: (a) our access and/or processing of the Personal Data or Personal Information may be necessary to provide the services purchased; (b) we may require ongoing access to such information for legitimate business purposes; and/or (c) we may be compelled to maintain such information because of legal, regulatory or contractual recordkeeping requirements or other obligations. You may choose to opt out of disclosure of your Personal Data and Personal Information to third parties and cease the processing of such Personal Data or Personal Information.
Keyfactor maintains a “Data Protection Officer” who is responsible for all matters related to privacy and data protection. You can reach our Data Protection Officer at the following address:
Attn: Data Protection Officer
6050 Oak Tree Blvd., Suite #450
Independence, OH 44131
If you have any further questions regarding the data Keyfactor collects, or how we use it, please contact us in writing at:
6050 Oak Tree Blvd. Suite #450
Independence, OH 44131