Keyfactor’s General Privacy Policy
1. INTRODUCTION

Keyfactor, Inc. (“Keyfactor”) provides digital certificate issuance and management system services. At Keyfactor, the privacy and security of our customers and visitors are of paramount importance. Keyfactor is committed to protecting the data you share with us.

If you are a California resident/consumer, please visit the “Keyfactor Privacy Policy for California Consumers” page for information specific to Keyfactor’s compliance with the provisions of the California Consumer Privacy Act of 2018 (“CCPA”).

This Privacy Policy contains an overview of the approach that Keyfactor takes to processing information that can be used to directly or indirectly identify an individual. Such information is known as Personal Data in the European Union (“EU”) and the European Economic Area (“EEA”) and as Personal Information and/or Personally Identifiable Information (“PII”) in the United States. Keyfactor collects and processes certain Personal Data and Personal Information through Users’ and Visitors’ interactions with and use of its platforms and website.

For the purposes of this Policy, Keyfactor defines the term “User” as an entity external to Keyfactor with which, or individual with whom, Keyfactor has an established business relationship and the term “Visitor” as an individual who visits our front-end website (i.e., https://www.keyfactor.com).

Keyfactor treats all information stored on its platforms as confidential. We store all information securely and permit access to such information to authorized personnel only. Keyfactor implements and maintains appropriate technical, security and organizational measures to protect Personal Data and Personal Information against unauthorized or unlawful access, processing, use, accidental loss, destruction, damage, theft and/or disclosure.

2. COLLECTION AND USE
2.1 GENERAL

The following sections cover the specifics regarding each of the two groups from which data is collected—namely, website Visitors and Users.

2.2 WEBSITE VISITORS

If you are a Visitor to our website only, and not a User of our platform, then this section applies to you.

  • Except where prohibited by applicable laws or regulations, a User or Visitor to this website will be deemed to have consented to Keyfactor’s collection and processing of select Personal Data or Personal Information. Keyfactor will seek your explicit, voluntary consent to process Personal Data and/or Personal Information that the company collects on this website or that you submit of your own accord to the site where and to the extent required by applicable law. Should you decline to consent to the processing of your Personal Data or Personal Information, please refrain from any further use this website.
  • Except as described above, Keyfactor reserves the option to collect, record and analyze Personal Data and Personal Information of Visitors to its website. We may record your IP address and use cookies. Keyfactor may collect Personal Data and/or Personal Information generated by way of your page view activity. Keyfactor may also collect and process any Personal Data and Personal Information that you voluntarily share with us through our website forms, including any forms that you may complete when registering for Keyfactor events or signing up for more information about Keyfactor through newsletters and the like. If you provide your social media details to Keyfactor, we may retrieve publicly available information about you from applicable social media sites.
  • Keyfactor may collect and process the following Personal Data and/or Personal Information through your interactions with our website: your IP address; your first and last name; your postal and email address; your telephone number; your job title; select social network data; your areas of interest, including interest in Keyfactor products; certain information about the company for which you work (e.g., company name and address); and information pertinent to your relationship with Keyfactor.
  • Keyfactor gathers data about visits to the company’s website. Such information includes, but is not necessarily limited to, the following: the number of Visitors; the number of unique visits; geolocation data; the length of time Visitors spend on the site; and the pages that Visitors click.
2.2.1 PURPOSE OF PROCESSING PERSONAL DATA

Keyfactor uses the Personal Data and Personal Information it collects to communicate with Visitors, to customize content for Visitors, to display ads on other websites of interest to Visitors, and to improve the website by analyzing how Visitors navigate the website.

2.2.2 SHARING PERSONAL DATA

Keyfactor may share Personal Data and Personal Information with service provider vendors or sub-processor contractors in order to provide a requested service or transaction or in order to analyze Visitor behavior on its website. If applicable, Keyfactor adheres to the notice and consent policies and practices set forth in the General Data Protection Regulation (EU) 2016/679 and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (“GDPR”) with respect to the onward transfer of Personal Data. When engaged in the onward transfer of Personal Data applicable to EU Data Subjects, Keyfactor facilitates the transfer of such Data under the auspices of the EU-U.S. Privacy Shield Framework. Keyfactor manages subsequent transfers via a third party that acts as an agent on its behalf. Keyfactor understands that it remains liable for any sub-processor agent’s improper transfer and/or processing of Personal Data where such processing is handled in a manner inconsistent with Privacy Shield principles and the requirements of the GDPR.

2.2.3 COOKIES

Cookies are small pieces of information sent by a website to a Visitor’s computer. Cookies cannot be used to run programs or deliver viruses to your computer. When you visit our website, you encounter a banner at the bottom of the page which reads as follows: “We use cookies to personalize your experience with our website. By using our site, you agree to our privacy policy.” If you click “Okay” next to that notification, you agree to the placement of cookies on your device. Should you decline to accept our site’s cookies, Keyfactor cannot guarantee that your experience on the site will be a fulfilling one. The use of cookies is widespread and enhances a Visitor’s interaction with the site.

2.2.4 LINKS TO OTHER SITES

Please be aware that, when visiting Keyfactor’s site, Visitors may encounter links to other sites that lie outside of Keyfactor’s possession or control. Keyfactor is not responsible for the content or privacy policies that rest on the other sites.

2.3 USERS
2.3.1 GENERAL

Keyfactor collects certain types of data from Users in order to provide services to them. In this section, we will describe how Keyfactor collects and utilizes such data. We will also explain how geographical differences may affect the application of certain components of this Policy. If a User enters or transfers data such as texts, questions, contacts, media files, etc., into the Keyfactor website, that data remains the property of the User.  Keyfactor cannot share such data with a third party without the express consent of the User.

2.3.2 COLLECTION OF USER DATA

A User may submit Personal Information and/or Personal Data such as the individual’s first and last name, the name of the company/employer for which the individual works, an email address, physical address, telephone number, and other relevant data during the User registration process on the Keyfactor platform and/or at some later date. Keyfactor utilizes such information to identify Users and provide them with support, services, mailings, sales and marketing actions, billing information and to meet various contractual obligations.

Keyfactor Users can access, edit, update or delete their contact details at any time by contacting the Keyfactor Data Protection Officer (“DPO”). Our DPO’s contact information appears in section 11 of this Privacy Policy. Keyfactor will not retain a User’s Personal Information or Personal Data any longer than necessary to fulfill the purposes for which it was collected and will comply with the requirements of applicable laws and/or regulations pertinent to the retention of such data.

2.3.3 PROCESSING OF PERSONAL DATA FROM THE EUROPEAN UNION (“eu”) AND EUROPEAN ECONOMIC AREA (“EeA”)

Keyfactor collects, processes, uses, stores and transmits the Personal Data of all European Data Subjects in the EU and EEA—whether they are Visitors to the site or Users of the same—in a manner consistent with the provisions of the GDPR.

2.3.4 CONTROLLER

In some instances, Keyfactor processes Personal Data as a Controller and in others as a Processor. We have based that assessment upon the definitions of those terms that are provided in the GDPR.

The Keyfactor entity by which you are employed or with which you, as a User external to Keyfactor, have entered into an agreement pertinent to the use of Keyfactor’s platform, is the Controller of User Personal Data for GDPR purposes. Keyfactor requires that all Users conduct the processing of such Personal Data in adherence to the provisions of the GDPR.

Keyfactor stores all Personal Data collected by Keyfactor Users (i.e., Keyfactor’s employees, contractors and sub-processors) in hosting facilities that the company has thoroughly vetted. All hosting is performed in accordance with applicable security controls. Keyfactor manages the transfer of Personal Data into and out of the EEA in accordance with the provisions of this Privacy Policy, the Privacy Shield Framework and the GDPR.

2.3.5 PROCESSING IN THE UNITED STATES OF AMERICA

Keyfactor solely processes the Personal Information of Users whose accounts rest in the U.S. in data centers that are situated in the US. Keyfactor has adopted physical, technical and organizational safeguards for the protection of the Personal Information it processes in the U.S. Those measures substantially mirror the safeguards the company has implemented for the protection of EU Data Subjects’ Personal Data. Such safeguards are designed to protect the Personal Information in Keyfactor’s possession against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing. Keyfactor will promptly notify affected Users should it become aware that a party or entity has obtained unauthorized access to, or use of, the User’s Personal Information.

Keyfactor stores all Personal Information and other data collected by Keyfactor Users in secure hosting facilities maintained by vetted providers. We have entered into contracts with hosting providers that have been written in a manner designed to ensure that the providers perform all hosting duties in accordance with applicable security controls. Keyfactor works hard to protect and safeguard the Personal Information in the company’s possession and in keeping with all applicable laws and regulations governing the protection of such Personal Information.

3. RETENTION AND DELETION

Keyfactor will not retain the Personal Information in its possession longer than necessary to fulfill the purposes for which it was collected. We will comply with all applicable laws and/or regulations governing the retention of such data. Users must request that Keyfactor delete the Users’ data when necessary.

4. EU-U.S. PRIVACY SHIELD

Keyfactor, Inc., is certified to facilitate the transfer of the Personal Data of European Data Subjects into and out of the EU and EEA under the auspices of the EU-U.S. Privacy Shield Framework (“Privacy Shield”). Developed as a joint effort of the U.S. Department of Commerce and the European Commission, the Privacy Shield empowers companies on both sides of the Atlantic to transfer Personal Data to and from the EEA in a manner consistent with the existing privacy and data protection regulations of both regions. Keyfactor has certified to the U.S. Department of Commerce that it will adhere to Privacy Shield Principles. Keyfactor’s participation in the EU-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission.

Should any conflict arise between the provisions of this Privacy Policy and applicable Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov. To view evidence of our certification, please visit https://www.privacyshield.gov/list.

You may possess the option to select binding arbitration before the Privacy Shield Panel to resolve a complaint against Keyfactor under certain circumstances. Section C of Annex I to the Privacy Shield Principles explains in detail when an individual can invoke binding arbitration. For more information about the applicable process and procedures, please visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Keyfactor commits to resolve complaints about its collection or use of EU Data Subjects’ Personal Data in a manner compliant with Privacy Shield Principles and the provisions of the GDPR. Should you wish to inquire about Keyfactor’s treatment of an EU Data Subject’s Personal Data, or lodge a complaint related to Keyfactor’s failure to adhere to Privacy Shield Principles or applicable provisions of the GDPR, please contact Keyfactor at:

Keyfactor, Inc.

Attn: Data Protection Officer

6050 Oak Tree Blvd. Suite #450

Independence, OH 44131

(877) 715-5448

[email protected]

Keyfactor has committed to refer unresolved Privacy Shield complaints to PrivacyTrust, an alternative dispute resolution provider located in the United Kingdom. If you do not receive timely acknowledgment of your complaint from Keyfactor, or if we fail to address your complaint to your satisfaction, please visit https://www.privacytrust.com/drs/keyfactor for more information or in order to file a complaint. PrivacyTrust’s services are provided at no cost to you.

Please visit the Privacy Shield website for further information. Should you wish to learn more about the Privacy Shield Framework, or view proof of Keyfactor’s Privacy Shield certification, please visit https://www.privacyshield.gov/list.

"Click

5. ACCEPTANCE OF THESE CONDITIONS

Keyfactor assumes that all Users of its platforms have carefully read this document and have agreed to its contents. If you do not agree with the provisions of this Privacy Policy, please refrain from using our website and platform. We reserve the right to change our Privacy Policy as necessity dictates. Should you continue to use the Keyfactor website and platform after having been informed of any changes to these provisions, Keyfactor will deem such ongoing use an implied acceptance of its revised Privacy Policy. This Privacy Policy is an integral part of Keyfactor’s terms of use.

6. OUR LEGAL OBLIGATION TO DISCLOSE PERSONAL INFORMATION

Keyfactor reserves the right to reveal a User’s Personal Information to a third party without his/her/their prior permission when the company has reason to believe that it must disclose such information in order to:

  • (a) Establish the identity of, to contact, or to initiate legal proceedings against a person or persons who are suspected of infringing Keyfactor’s intellectual property rights in the company’s products or services; or
  • (b) To protect the interests of others who could be harmed by the User’s activities or in instances in which entities or persons might (whether willfully or negligently) violate another party’s interests in rights and/or property.

Keyfactor also reserves the right to disclose Personal Information to third parties when necessary to comply with legal or regulatory obligations and/or law enforcement requests. Keyfactor will solely exercise the rights to which it alludes in this section in a manner that is consistent with the provisions of applicable data privacy/data protection laws and regulations.

7. CONFIDENTIALITY AND SECURITY

Keyfactor limits access to your Personal Information to those employees and consultants who require access to such information in order to perform their jobs and provide products or services to you.

Keyfactor maintains physical, electronic, and procedural safeguards that are designed to comply with industry standards surrounding the protection of your Personal Information.

As Keyfactor collects and uses Personal Information about our customers for processing purposes, we reserve the right to contract with vendors who can assist us with such processing. Keyfactor requires that such vendors maintain the confidentiality of the Personal Information entrusted to them for processing and that they refrain from using such data for any purpose other than supporting Keyfactor’s provision of services to its customers.

8. AGE RESTRICTIONS

Keyfactor’s services are solely meant to be purchased and used by those over the age of 18. We neither target provision of our services to individuals below the age of 18 nor do we intend that such services be consumed by or designed to attract the attention of such individuals. If you know or have reason to believe that any individuals under the age of 18 have shared their Personal Information or Personal Data with Keyfactor, please contact us using a method described in section 11 or 12 of this Privacy Policy.

9. HOW TO ACCESS, UPDATE OR DELETE YOUR PERSONAL DATA OR PERSONAL INFORMATION

Customers and Visitors may submit requests to Keyfactor in order to obtain access to, updates or deletion of their Personal Data or Personal information by contacting us as described in sections 11 or 12 below. If you submit such a request to Keyfactor, and we discover that we require the Personal Data or Personal Information at issue in order to provide the products or services you have purchased, Keyfactor will honor the request to the extent required by applicable laws and regulations. As part of that assessment, we will determine the extent to which: (a) our access and/or processing of the Personal Data or Personal Information may be necessary to provide the services purchased; (b) we may require ongoing access to such information for legitimate business purposes; and/or (c) we may be compelled to maintain such information because of legal, regulatory or contractual recordkeeping requirements or other obligations. You may choose to opt out of disclosure of your Personal Data and Personal Information to third parties and cease the processing of such Personal Data or Personal Information.

10. CHANGES IN OUR PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. If we decide to change our Privacy Policy, we will post those changes to this site as well as any other sites, links or resource materials Keyfactor deems appropriate.  We are committed to ensuring that you are aware of the information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make material changes to this Privacy Policy, we will notify you here, by email, or by means of a notice on our home page at least thirty (30) days prior to our implementation of such changes. Keyfactor reserves the right to update its Privacy Policy on a more expedited basis as necessary to comply with applicable legal and regulatory bodies implementation of new and/or amended laws and regulations.

11. KEYFACTOR’S DATA PROTECTION OFFICER

Keyfactor maintains a “Data Protection Officer” who is responsible for all matters related to privacy and data protection. You can reach our Data Protection Officer at the following address:

Keyfactor, Inc.

Attn: Data Protection Officer

6050 Oak Tree Blvd., Suite #450

Independence, OH 44131

(877) 715-5448

[email protected]

12. FURTHER INFORMATION

If you have any further questions regarding the data Keyfactor collects, or how we use it, please contact us in writing at:

Keyfactor, Inc.

6050 Oak Tree Blvd. Suite #450

Independence, OH 44131

[email protected]