Effective: February 31, 2023
Your data and privacy are important to us, and we are committed to transparency regarding how we collect, use, and share information about you and your data.
This policy also explains your choices about how we use information about you, which could be used to identify you directly or indirectly (“Personal Data”). Your choices include how you can object to certain uses of Personal Data about you and how you can access and update certain Personal Data about you. If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.
Where we provide the Services under contract with an organization, that organization controls the information processed by the Services. For more information, please see Notice to End Users below.
We also collect, generate, and/or receive Other Information, which may include Personal Data:
To create your account, you supply us with an email address, password, and/or similar account details. To update your account, you can log in using the supplied credentials (email/password) and change the settings to which you have access.
Your use of the ServicesWe keep track of certain information about you when you visit and interact with any of our Services. This information includes:– the features you use– the links you click on– the type, size, and file names of attachments you upload to the Services– how you interact with others on the Services. We also collect information about the teams and people you work with and how you work with them, such as who you collaborate with and communicate with most frequently.
Device and Connection Information
We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
Cookies and Other Tracking Technologies
We may receive data about Accounts, industries, Website visitors, marketing campaigns, and other matters related to our business from our partners or others that we use to make our own information better or more useful. This data may be combined with Other Information that we collect and might include aggregate-level data, such as which IP addresses correspond to zip codes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed.
Additional Information Provided to Us
We receive Other Information when you submit information through a form on our Website or if you participate in a focus group, contest, webinar, activity, or event, apply for a job, request support, visit our office, interact with our social media accounts, or otherwise communicate with us.Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as Account setup details, is not provided, we may be unable to provide the Services.
How We Use Information
Customer Data will be used by us in accordance with Customer’s instructions, including any applicable terms in the Services Agreement and as required by applicable law. Kreoh is a processor of Customer Data and Customer is the controller.
We use Other Information in furtherance of our legitimate interests in operating our Services, Websites, and business. More specifically, we use Other Information:
To provide, update, maintain, and protect our Services, Websites, and business.
This includes the use of Other Information to support the delivery of the Services under a Services Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends, and other activities or at a Customer’s request.
As required by applicable law, legal process, or regulation.
To communicate with you by responding to your requests, comments and questions.
If you contact us, we may use your Other Information to respond.
To develop and provide additional features.
We try to make the Services as useful as possible for specific Customers.
To send emails and other communications.
We may send you service, technical, and other administrative emails, workflow notifications, messages, and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. We will also contact you if you request information or to meet with a company representative. These communications are considered part of the Services and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications, or other news about Kreoh. These are marketing messages, and you can control whether you receive them by clicking the “Unsubscribe” link in our email footers.
For billing, account management, and other administrative matters.
We may need to contact you for invoicing, organization management, and similar reasons and we use organization data to administer accounts and keep track of billing and payments.
To investigate and help prevent security issues and abuse.
If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, we may use it for any business purpose.
We will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Services Agreement and as required by applicable law. We will retain your information for as long as your account is active or as needed to provide you with Services. If you wish to cancel your account or request that we no longer use your information to provide you services, you may delete your account by sending a request to delete your account to “email@example.com”.
We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will try to delete your information quickly upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist after deletion. In addition, we do not delete from our servers files that you have in common with other users.
How We Share And Disclose Information
This section describes how we may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and we do not control how they or any other third parties choose to share or disclose Information.
We will solely share and disclose Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and in compliance with applicable law and legal process.
Displaying the Services.
When a Team Member submits Other Information, it may be displayed to other Team Members in the same or connected Workspaces. For example, a Team Member’s email address may be displayed with their Workspace profile.
Collaborating with Others.
The Services provide different ways for Team Members working in independent Workspaces to collaborate, such as shared channels. Other Information, such as a Team Member’s profile Information, may be shared, subject to the policies and practices of the other Workspace(s).
Owners, administrators, Team Members, and other Customer representatives and personnel may be able to access, modify, or restrict access to Other Information. This may include, for example, your employer using Service features to export logs of Workspace activity, or accessing or modifying your profile details.
Third-Party Service Providers and Partners.
We may engage third-party companies or individuals as service providers or business partners to process Other Information and support our business. These third parties may, for example, provide virtual computing and storage services.
Customer may enable or permit Team Members to enable Third Party Services. When enabled, we may share Other Information with Third Party Services. Third Party Services are not owned or controlled by us and third parties that have been granted access to Other Information may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions.
We may share Other Information with our corporate affiliates with your consent.
During a Change to Our Business.
If Kreoh engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Other Information may be shared or transferred, subject to standard confidentiality arrangements.
Aggregated or De-identified Data.
We may disclose or use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes, such as telling a prospective Kreoh customer the average amount of time or money saved for an average team.
To Comply with Laws.
If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation, or legal process.
To enforce our rights, prevent fraud, and for safety.
To protect and defend the rights, property, or safety of Kreoh or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
We may share Other Information with third parties when we have consent to do so.
We take the security of data very seriously. We work hard to protect Other Information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Other Information we collect, process and store, and the current state of technology.
Information storage and security
We use data hosting service providers in the European Union to host the information we collect, and we use technical measures to secure your data. For more information on where we store your information, please see Google’s Cloud hosting infrastructure page (https://cloud.google.com) and Amazon Web Services hosting infrastructure page (https://aws.amazon.com/). While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.
How long we keep information
How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
Information you share on the Services
If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Services. For example, we continue to display messages you sent to the users that received them and continue to display content you provided.
Our Policy Toward Children
Our Services are not directed to persons under 16. We do not knowingly collect personally identifiable information from children under 16. If a parent or guardian becomes aware that their child has provided us with Personal Data without their consent, they should contact us at firstname.lastname@example.org. If we become aware that a child under 16 has provided us with Personal Data, we will take steps to delete this information from our files.
Data Protection Officer
To communicate with our Data Protection Officer, please email email@example.com.
Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, you may have the right to request access to Personal Data, as well as to seek to update, delete or correct this Personal Data. Please check your profile at https://home.kreoh.com for your contact information.
To the extent that our processing of your Personal Data is subject to the General Data Protection Regulation, we rely on our legitimate interests, described above, to process your data. We may also process Other Information that constitutes your Personal Data for direct marketing purposes and you have a right to object to our use of your Personal Data for this purpose at any time.
For California Residents
If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of Personal Data by us to third parties for the third parties' direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org.
Furthermore, California residents have the following rights with respect to Personal Data we may have collected about them:
(i) Requests to Know
You have the right to request that we disclose:
The categories of Personal Data we have collected about you;The categories of Personal Data about you we have sold or disclosed for a business purpose;The categories of sources from which we have collected Personal Data about you;The business or commercial purposes for selling or collecting Personal Data about you;The categories of Personal Data sold or shared about you, as well as the categories of third parties to whom the Personal Data was sold, by category of Personal Data for each party to whom Personal Data was sold;The specific pieces of Personal Data collected.
You may submit a request to know by emailing email@example.com. The delivery of our response may take place electronically or by mail. We are not required to respond to requests to know more than twice in a 12-month period.
(ii) Requests to Delete
You have the right to request that we delete any Personal Data about you that we have collected. Upon receiving a verified request to delete Personal Data, we will do so unless otherwise authorized by law. You may submit a request to delete Personal Data by emailing firstname.lastname@example.org.
Upon receipt of a request, we may ask you for additional information to verify your identity. Any additional information you provide will be used only to verify your identity and not for any other purpose.
We will acknowledge the receipt of your request within ten (10) days of receipt. Subject to our ability to verify your identity, we will respond to your request within 45 days of receipt. In order to protect your privacy and the security of Personal Data about you, we typically verify your request by requesting additional identifying information relating to you and/or you’re your mobile device.
(iii) Right to Opt-Out of the Sale of Personal Data
We do not sell Personal Data.
(iv) Authorized Agents
You may designate an authorized agent to make requests on your behalf. You must provide an authorized agent written permission to submit a request on your behalf, and we may require that you verify your identity directly with us. Alternatively, an authorized agent that has been provided power of attorney pursuant to Probate Code sections 4000-4465 may submit a request on your behalf.
(vi) Categories of Personal Data that We Have Sold in the Last 12 Months
We do not sell Personal Information.
(vii) The Right to Non-Discrimination
You have the right not to be discriminated against for the exercise of your California privacy rights described above.
How We Respond to Do Not Track Signals
California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Because there currently isn’t an industry or legal standard for recognizing or honoring DNT signals, we don’t respond to them at this time.