General Data Protection Regulation
General Data Protection Regulation (GDPR) is a European Union regulation that establishes a new framework for handling and protecting the personal data of EU-based residents. It is the most comprehensive EU data privacy law in decades and comes into effect on May 25, 2018.
Besides strengthening and standardizing user data privacy across the EU nations, it will require new or additional obligations on all organizations that handle EU citizens’ personal data, regardless of where the organizations themselves are located.
GDPR is intended to offer protection for you or any identifiable natural person (the “Data Subject”) regarding your information (your “Personal Data”). You, as a Data Subject, have broad rights, whether you are identified directly or indirectly through the interaction context in which your information was captured.
Your rights under GDPR
Under GDPR, you opt in to have an organization (the “Data Controller”) process your Personal Data. Data Controllers must obtain your consent before they can process your data.
Special Categories of Data
Unless specifically authorized, GDPR prohibits the processing of certain special categories of data such as race, ethnicity, political and religious beliefs, sexual orientation, and genetic and biometric data. KlozeAI does not acquire or process any data belonging to these categories.
Right of Access
If you consented to a Data Controller processing your Personal Data, you may then request the following:
- A copy of the personal data undergoing processing
- Purpose of processing
- In particular, if automated decision-making or profiling takes place, and if so, the logic involved, significance, and likely consequences of such processing
- Categories of data processed (e.g., name, address, online browsing behavior)
- Any third party recipients of this personal data, both backward or forward-looking, especially recipients in third-party countries (i.e. countries outside of the EU)
- Any third party sources of Data Subject’s personal data (i.e. not collected from the Data Subject directly, for instance by purchasing said data from another source that previously collected the data directly)
- How long such Personal Data would be stored, or if that’s not determinable, how the length of this period would be determined
- Data rectification
- Data erasure
- Restriction of data processing
- Objection to data processing
Right of Rectification
You, as a Data Subject has the right to have any errors on inaccuracies of Personal Data corrected. Your Data Controller shall implement such requests without undue delay.
Right of Erasure
Right of Data Portability
KlozeAI Commitment to Protecting Your Personal Data
Our Security Structure and Certifications
Protecting our customers’ information and their users’ privacy is extremely important to us. As a cloud-based company entrusted with some of our customers’ most valuable data, we’ve set high standards for security. If you would like to learn more about KlozeAI’s security policies and procedures, please see right on our homepage, www.klozeai.com
KlozeAI as Data Controller vs Data Processor
Your personal data may enter KlozeAI’s processing scope in multiple ways. Based on how your personal data is consented to, who has control over the data, and who has responsibility for protecting and administering your rights, KlozeAI is either a Data Controller or a Data Processor. This section describes KlozeAI’s role as both a Data Controller and Processor and explains how you can interact with KlozeAI in either role.
Role of KlozeAI as a Data Controller
When you interact with KlozeAI via its marketing and sales development outreach programs as a website visitor, webinar participant or asset downloads, KlozeAI is the primary Data Controller from GDPR perspective. In these cases, KlozeAI is responsible for obtaining your consent and providing means for exercising your data rights.
- Personal Data you submit during registration, such as your name, email, phone number, and your address.
- Any other Personal Data that KlozeAI obtains via sources to which you have already provided consent. KlozeAI may use data from these sources for data identification and enrichment. As an example, if you provided only your email and company name to KlozeAI, KlozeAI may use another service to identify your business contact phone, or your title, so long as such information was submitted by you to the third party service.
- When you interact with web forms and similar registration pages at KlozeAI’s website (or with partners that we collaborate with), we will request explicit consent prior to you submitting your Personal Data.
- When Sales Development Representatives contact you and you provide information to us, and you consent to us for using the information we obtained from you.
- When your colleague from your organization volunteers your personal data to us via email or other information channels. We will follow up to obtain consent using the email provided to us, or we will indicate in our email communication that we do not yet have consent but you provide us consent to continue our use of your personal data.
During the course of your registration process, we may offer certain preferences that control the privacy of your data. Additionally, some registration processes may offer submission of certain data as optional items. You may choose not to provide optional data, but if you do provide them, KlozeAI will track your submissions. Additionally, KlozeAI will honor your choices and will ensure that these preferences and optional data are part of the data that you have access to via GDPR framework-based requests.
As part of GDPR you have the right to request all Personal Data about you to be made available to you. We will provide:
- All personal data that we have on record, including your preference choices and optional data that you submitted
- How and when we obtained the data
- Our use of your data
- Whether any data was transferred to any other third party
Data Erasure, Accuracy and Portability
You may submit a request via firstname.lastname@example.org to delete all data about you. KlozeAI will comply with this request but will use your email to send a confirmation notice that we performed the requested action.
You may submit a request via email@example.com to update Personal Data that we have about you. KlozeAI will perform this and will use your email to send a confirmation notice that we performed the requested action. If the email itself was requested to be changed, KlozeAI will send a confirmation to both the old and new email.
You may also submit a request via firstname.lastname@example.org to request an export of all your data for data portability. KlozeAI will provide this information via a CSV or JSON file. Such a report will include meta-data such as when particular data was added, any updates to the data, etc. – i.e., an audit trail of the data
Data Breach Notification
We will notify you if your Personal Data was compromised via a breach using all methods of contact information we have about you, within 72 hours. This includes any breach that was caused by a Data Processor that KlozeAI has authorized to process your data.
KlozeAI has put in place best-in-the-industry processes for providing you the rights to your personal data, per GDPR guidelines. In the event that you are not satisfied with our resolution of your requests, you have the right to file a complaint. Please submit a request via email@example.com to file a complaint. You also have a right to file a similar complaint with a supervisory authority for the jurisdiction you are in and seek appropriate remediation.
Role of KlozeAI as a Data Processor
When KlozeAI processes and displays your personal data, that data was acquired from your employer or organization that you interact with. If it is personal data that you submitted to your employer, you provided consent to your employer to that data for their business purpose. If it is personal data that KlozeAI’s customers obtained in the process of conducting business with you or your employer, they rely on your consent to use the data for business purpose. As an example, if you are a purchaser of a product from KlozeAI’s customer, your relationship with our customer would be that of a vendor, and in furthering that relationship, our customer would have acquired your personal data.
Data Breach Notification
Data Erasure, Accuracy and Portability
Filing a complaint
List of Sub-Processors
- Amazon Web Services, Inc