Keyfactor, Inc. (“Keyfactor”) provides digital certificate issuance and management system services. At Keyfactor, the privacy and security of our customers and visitors are of paramount importance. Keyfactor is committed to protecting the data you share with us.
For the purposes of this Policy, Keyfactor defines the term “User” as an entity external to Keyfactor with which, or individual with whom, Keyfactor has an established business relationship and the term “Visitor” as an individual who visits our front-end website (i.e., https://www.keyfactor.com).
Keyfactor treats all information stored on its platforms as confidential. We store all information securely and permit access to such information to authorized personnel only. Keyfactor implements and maintains appropriate technical, security and organizational measures to protect Personal Data and Personal Information against unauthorized or unlawful access, processing, use, accidental loss, destruction, damage, theft and/or disclosure.
The following sections cover the specifics regarding each of the two groups from which data is collected—namely, website Visitors and Users.
If you are a Visitor to our website only, and not a User of our platform, then this section applies to you.
- Except where prohibited by applicable laws or regulations, a User or Visitor to this website will be deemed to have consented to Keyfactor’s collection and processing of select Personal Data or Personal Information. Keyfactor will seek your explicit, voluntary consent to process Personal Data and/or Personal Information that the company collects on this website or that you submit of your own accord to the site where and to the extent required by applicable law. Should you decline to consent to the processing of your Personal Data or Personal Information, please refrain from any further use this website.
- Keyfactor may collect and process the following Personal Data and/or Personal Information through your interactions with our website: your IP address; your first and last name; your postal and email address; your telephone number; your job title; select social network data; your areas of interest, including interest in Keyfactor products; certain information about the company for which you work (e.g., company name and address); and information pertinent to your relationship with Keyfactor.
- Keyfactor gathers data about visits to the company’s website. Such information includes, but is not necessarily limited to, the following: the number of Visitors; the number of unique visits; geolocation data; the length of time Visitors spend on the site; and the pages that Visitors click.
Keyfactor uses the Personal Data and Personal Information it collects to communicate with Visitors, to customize content for Visitors, to display ads on other websites of interest to Visitors, and to improve the website by analyzing how Visitors navigate the website.
Please be aware that, when visiting Keyfactor’s site, Visitors may encounter links to other sites that lie outside of Keyfactor’s possession or control. Keyfactor is not responsible for the content or privacy policies that rest on the other sites.
Keyfactor collects certain types of data from Users in order to provide services to them. In this section, we will describe how Keyfactor collects and utilizes such data. We will also explain how geographical differences may affect the application of certain components of this Policy. If a User enters or transfers data such as texts, questions, contacts, media files, etc., into the Keyfactor website, that data remains the property of the User. Keyfactor cannot share such data with a third party without the express consent of the User.
A User may submit Personal Information and/or Personal Data such as the individual’s first and last name, the name of the company/employer for which the individual works, an email address, physical address, telephone number, and other relevant data during the User registration process on the Keyfactor platform and/or at some later date. Keyfactor utilizes such information to identify Users and provide them with support, services, mailings, sales and marketing actions, billing information and to meet various contractual obligations.
Keyfactor collects, processes, uses, stores and transmits the Personal Data of all European Data Subjects in the EU and EEA—whether they are Visitors to the site or Users of the same—in a manner consistent with the provisions of the GDPR.
In compliance with the EU-U.S. DPF, Keyfactor commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF.
In some instances, Keyfactor processes Personal Data as a Controller and in others as a Processor. We have based that assessment upon the definitions of those terms that are provided in the GDPR.
The Keyfactor entity by which you are employed or with which you, as a User external to Keyfactor, have entered into an agreement pertinent to the use of Keyfactor’s platform, is the Controller of User Personal Data for GDPR purposes. Keyfactor requires that all Users conduct the processing of such Personal Data in adherence to the provisions of the GDPR.
Keyfactor stores all Personal Data collected by Keyfactor Users (i.e., Keyfactor’s employees, contractors and sub-processors) in hosting facilities that the company has thoroughly vetted. All hosting is performed in accordance with applicable security controls. Keyfactor manages the transfer of Personal Data into and out of the EU/EEA/UK in accordance with the provisions of the GDPR, the SCCs and the UK IDTA Addendum.
Keyfactor solely processes the Personal Information of Users whose accounts rest in the U.S. in data centers that are situated in the US. Keyfactor has adopted physical, technical and organizational safeguards for the protection of the Personal Information it processes in the U.S. Those measures substantially mirror the safeguards the company has implemented for the protection of EU Data Subjects’ Personal Data. Such safeguards are designed to protect the Personal Information in Keyfactor’s possession against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing. Keyfactor will promptly notify affected Users should it become aware that a party or entity has obtained unauthorized access to, or use of, the User’s Personal Information.
Keyfactor stores all Personal Information and other data collected by Keyfactor Users in secure hosting facilities maintained by vetted providers. We have entered into contracts with hosting providers that have been written in a manner designed to ensure that the providers perform all hosting duties in accordance with applicable security controls. Keyfactor works hard to protect and safeguard the Personal Information in the company’s possession and in keeping with all applicable laws and regulations governing the protection of such Personal Information.
Keyfactor will not retain the Personal Information in its possession longer than necessary to fulfill the purposes for which it was collected. We will comply with all applicable laws and/or regulations governing the retention of such data. Users must request that Keyfactor delete the Users’ data when necessary.
Keyfactor reserves the right to reveal a User’s Personal Information to a third party without his/her/their prior permission when the company has reason to believe that it must disclose such information in order to:
- (a) Establish the identity of, to contact, or to initiate legal proceedings against a person or persons who are suspected of infringing Keyfactor’s intellectual property rights in the company’s products or services; or
- (b) To protect the interests of others who could be harmed by the User’s activities or in instances in which entities or persons might (whether willfully or negligently) violate another party’s interests in rights and/or property.
Keyfactor also reserves the right to disclose Personal Information to third parties when necessary to comply with legal or regulatory obligations and/or law enforcement requests. Keyfactor will solely exercise the rights to which it alludes in this section in a manner that is consistent with the provisions of applicable data privacy/data protection laws and regulations.
It is important to inform you that Keyfactor is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We may share your information with the FTC if required by law or in response to a legal process.
7 At Keyfactor, we understand that individuals should have control over their personal data. We offer the following choices and means for limiting the use and disclosure of personal data:
- Opt-Out: You can opt out of receiving promotional communications from us by following the instructions provided in those communications or by contacting us directly.
- Account Settings: You can review and modify your account settings to control the personal data we collect and how it is used.
- Data Access and Deletion: You can request access to your personal data or ask for its deletion, subject to applicable legal requirements.
- Cookie Settings: You can manage your preferences for cookies and similar technologies through your browser or device settings.
- Data Security: We implement robust security measures to protect your personal data. While we strive to protect your data, no method of transmission over the internet or electronic storage is entirely secure. If you have concerns about the security of your data, please contact us.
Keyfactor limits access to your Personal Information to those employees, vendors, service providers, and consultants who require access to such information in order to perform their jobs and provide products or services to you.
Keyfactor maintains physical, electronic, and procedural safeguards that are designed to comply with industry standards surrounding the protection of your Personal Information.
As Keyfactor collects and uses Personal Information about our customers for processing purposes, we reserve the right to contract with vendors who can assist us with such processing. Keyfactor requires that such vendors maintain the confidentiality of the Personal Information entrusted to them for processing and that they refrain from using such data for any purpose other than supporting Keyfactor’s provision of services to its customers.
Keyfactor takes responsibility for the security and privacy of your personal information, both within our organization and when transferred to third parties. In the event of any breach of your data privacy or confidentiality due to our actions or negligence, we are committed to:
- Informing you promptly: In case of a data breach, we will promptly notify you and the appropriate regulatory authorities in accordance with applicable data protection laws.
- Remedying the situation: We will take appropriate steps to mitigate the consequences of a data breach and prevent its recurrence.
- Liability for third parties: While we exercise diligence in selecting and contracting with third parties, we cannot assume direct liability for their actions. However, we will work with them to ensure that any issues related to data protection are addressed promptly and effectively.
Customers and Visitors may submit requests to Keyfactor in order to obtain access to, updates or deletion of their Personal Data or Personal information by contacting us as described in sections 10 or 11 below. If you submit such a request to Keyfactor, and we discover that we require the Personal Data or Personal Information at issue in order to provide the products or services you have purchased, Keyfactor will honor the request to the extent required by applicable laws and regulations. As part of that assessment, we will determine the extent to which: (a) our access and/or processing of the Personal Data or Personal Information may be necessary to provide the services purchased; (b) we may require ongoing access to such information for legitimate business purposes; and/or (c) we may be compelled to maintain such information because of legal, regulatory or contractual recordkeeping requirements or other obligations. You may choose to opt out of disclosure of your Personal Data and Personal Information to third parties and cease the processing of such Personal Data or Personal Information.
Binding Arbitration: Under certain conditions, you may have the right to invoke binding arbitration to resolve disputes related to your privacy and data protection rights. This means that if we cannot resolve a dispute through our regular channels, we both agree to resolve it through arbitration rather than in court. If you wish to invoke binding arbitration, please contact us at [email protected] and include “Arbitration Request” in the subject line. We will work with you to mutually select an independent arbitrator to address your concerns.
Keyfactor maintains a “Data Protection Officer” who is responsible for all matters related to privacy and data protection. You can reach our Data Protection Officer at the following address:
Attn: Data Protection Officer
6150 Oak Tree Boulevard, Suite 200
Independence, OH 44131