EFFECTIVE: July 1st, 2020
As used in this policy, the terms “using” and “processing” information include using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within our organization or among our affiliates within the United States or internationally.
Information Collection and Use
Our primary goals in collecting information are to provide and improve our Site, products, services, features and content and to administer your use of the Site (together, the “Service”), and to enable users to enjoy and easily navigate the Site.
Information You Provide
- In connection with your use of the Service, we may ask you to provide, or you may otherwise choose to submit, certain information about you. This may include information about you that can be used to contact or identify you (“Personal Information”). Personal Information includes, but is not limited to, your name, phone number, email address and home and business postal addresses.
- We also collect the other information that you provide as part of registration to create an account or when contacting Krista Software or using certain interactive features of the Site (such as the content of any request you submit to Krista Software via the Site, hint questions and answers to remember your account password (if applicable), zip code (on its own) and individual preferences) (“Non-Identifying Information”).
- We use your Personal Information (in some cases, in conjunction with your Non-Identifying Information) mainly to provide the Service and administer your inquiries.
- We may also use your Personal Information to contact you with Krista Software product or service announcements, marketing or promotional materials and other information that may be of interest to you. If you decide at any time that you no longer wish to receive such communications from us, please follow the unsubscribe instructions provided in any of the communications or contact us at firstname.lastname@example.org. (See “Changing or Deleting Information,” below.)
- Certain Non-Identifying Information would be considered a part of your Personal Information if it were combined with other identifiers (for example, combining your zip code with your street address) in a way that enables you to be identified or contacted. But the same pieces of information are considered Non-Identifying Information when they are taken alone or combined only with other Non-Identifying Information (for example, your viewing preferences). We may combine your Personal Information with Non-Identifying Information and aggregate it with information collected from other Krista Software Users (defined below) to attempt to provide you with a better experience, to improve the quality and value of the Service and to analyze and understand how our Site and Service are used. We may also use the combined information without aggregating it to serve you specifically, for instance to deliver a communication to you according to your preferences or restrictions. We may use Non-Identifying Information for any purpose (including those described above).
- Our Service enables organizations to manage automation activities via an administrator console. If requested by the organization, Krista Software may provide the organization’s administrator with a function to remotely lock your access to the organization’s account in our Service or erase the organization-related data inside our Service.
Like many websites, the Site uses “cookies” to collect information. A cookie is a small data file that is transferred to your computer’s hard disk for record-keeping purposes. Cookies may originate from our servers or from those of our service providers. We may use persistent cookies to save your login information or individual preferences for future visits to the Site, as applicable. We may also utilize session ID cookies to enable certain features of the Site, to better understand how you interact with the Site and to monitor aggregate usage by Krista Software Users and web traffic routing on the Site. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Site and Service and then close your browser. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions of the Site or all functionality of the Service.
The Digital Advertising Alliance allows you to opt out of several ad tracking cookies placed by major social media sites and other ad tracking services.
Information Sharing and Disclosure
Aggregate Information and Non-Identifying Information. We may share aggregated information that does not include Personal Information and we may otherwise disclose Non-Identifying Information and Log Data with third parties for security improvement, improve our Service, industry analysis, demographic profiling and other purposes. Any aggregated information shared in these contexts will not contain your Personal Information.
Service Providers. We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Site-related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Site’s features) or to assist us in analyzing how our Site and Service are used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Compliance with Laws and Law Enforcement. Krista Software cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of Krista Software or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, unethical or legally actionable activity.
Business Transfers. Krista Software may sell, transfer or otherwise share some or all of its assets, including your Personal Information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. Krista Software will not sell any Personal Information outside of the scope of transferring its assets in this manner.
Changing or Deleting Your Information
All account holders may review, update, correct or delete the Personal Information in their registration profile by contacting us. If you completely delete all such information, then your account may become deactivated. If you would like us to delete your account in our system, please contact us at email@example.com with a request that we delete your Personal Information from our database. We will use commercially reasonable efforts to honor your request. We may retain an archived copy of your records as required by law or for legitimate business purposes.
Krista Software is very concerned with safeguarding your information. We employ reasonable physical, technological, and administrative security measures intended to safeguard and help prevent unauthorized access to sensitive information. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored “personal data” (as defined in applicable state statutes on security breach notification) to you via email or conspicuous posting on the Site in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
EU and Swiss Residents
If you are a European Union or Swiss resident, applicable data protection laws (which may include the EU’s General Data Protection Regulation or “GDPR”) may provide you with certain rights with regards to our processing of your personal data. To the extent established under applicable law, European Union or Swiss residents may have the right:
- to access, review, and update your personal data;
- to restrict our processing of your personal data;
- to request that we provide you a copy of, or access to, your personal data in structured, commonly used and machine-readable format (or that we transfer your personal data to another controller, when technically feasible);
- to withdraw your consent when our processing of your personal data is based on your consent (and not another legitimate basis);
- to request that we delete all of your personal data (subject to certain limitations); and
- to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated. Before you do this, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.
You may exercise any of the above rights by contacting us through any of the methods listed at the end of this policy. If you contact us to exercise any of the foregoing rights, we may ask you for additional information to verify your identity. Some of these rights may be subject to certain restrictions or limitations under applicable law. Additionally, we reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements. Please note that if you make unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access your personal data, you may be charged a fee subject to a maximum set by applicable law.
Note that we will only be able to directly process the above requests in situations where we are the “data controller” under the GDPR, which refers to the entity that controls the relevant personal data and its processing. This includes some situations where you provided the relevant data directly to us. However, in many cases we are instead the “data processor” under the GDPR and are processing personal data on behalf of our customer who provided the data to us and acts as the data controller. In those situations where we are acting as the data processor, we will refer your request to the applicable data controller instead.
California Privacy Rights
California law (including the California Consumer Privacy Act or “CCPA”) entitles California residents to certain additional protections regarding personal data. For purposes of this section alone, “personal information” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. California residents have the right to request:
- information regarding your personal information we have collected in the past 12 months (including the categories of personal information we have collected, the categories of sources of such information, and the purposes for which we have collected such information);
- notice of whether we have disclosed your personal information to third parties in the past 12 months (and if so, what categories of information we have disclosed, and what categories of third parties we have disclosed it to);
- a copy of your personal information collected by us in the past 12 months; and
- that your personal information be deleted.
We will not discriminate against you if you choose to exercise any of these rights. To make any of the above requests, please contact us as set forth at the end of this policy. We may require verification of your identity before further processing your request. In certain instances, we may be permitted by law to decline some or all of such requests.
Note that we will only be able to directly process the above requests in situations where we are the “business” under the CCPA, which refers to the entity that determines the purpose and means of information processing. This includes some situations where you provided the relevant information directly to us. However, in many cases we are instead a “service provider” under the CCPA and are processing personal information on behalf of our customer who provided the data to us and acts as the business. In those situations where we are acting as a service provider, we will refer your request to the applicable business instead.
Links to Other Sites
Our Site contains links to other websites. If you choose to access a third party link, you will be directed to that third party’s website. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you. Other websites follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.
Our Policy Toward Children
The Site is not directed to persons under 18. It is not within our control who chooses to view the Site to gain knowledge about our company, and we do not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at firstname.lastname@example.org. If we become aware that a child under 13 has provided us with Personal Information, we will delete such information from our files.