Posted inUS_1

Kandji Privacy Policy: Protecting Your Data in the Digital Age

No Comments

Your Privacy Matters: Understanding Kandji’s Data Practices

At Kandji Companies (“we”, “us”, “Kandji”), we are committed to protecting your personal information. This Privacy Policy is designed to clearly and transparently explain how we collect, use, protect, and disclose your personal data. Whether you are visiting our website, are a valued customer, or a user of our services, this policy applies to you. We believe in empowering you with knowledge about your privacy rights. If you have any questions or concerns after reading this policy, please do not hesitate to contact us using the details provided below.

Navigating the Contents of Our Privacy Commitment

To make this policy easy to navigate, we have organized it into clear sections:

Personal Information We Collect: Categories and Types

“Personal information” is data that can identify, relate to, describe, reference, or be reasonably linked – directly or indirectly – to you or your devices. We collect various categories of personal information to provide and improve our services. These categories include:

  • Contact Information: This includes your full name, email address, postal address, and telephone number. This is essential for communication and service delivery.
  • Identifiers: To ensure the smooth operation and security of our services, we collect identifiers such as unique device IDs, device names, models, operating systems, enrollment dates, serial numbers, usernames, asset tags, file paths, file names, and even photographic headshots in some contexts. We also collect Internet Protocol (IP) addresses and email addresses.
  • Commercial Information: We keep records of the products and services you or your company have purchased, obtained, or considered. This helps us understand your needs and tailor our offerings.
  • Internet or Electronic Usage Data: We monitor network and website interactions, including IP addresses, website cookie information, interactions with advertisements, and browsing time. For our services, this extends to data like time since the last device boot, app store download activity, and a history of device activities related to our service actions (e.g., application installations, device missing logs, and applications installed, including last modification dates).
  • Professional or Employment Information: We collect job titles and employer names to understand your professional context when you interact with Kandji.

Important Note: It’s crucial to understand that in many cases, especially regarding the data processed by our services, our customers (your employers or organizations) determine the specific categories of personal information involved. This is because:

  • Customer infrastructure (endpoints, virtual machines, cloud environments) is uniquely configured.
  • Kandji’s services are highly customizable, allowing customer-defined settings.
  • Customers control the content uploaded to or collected by our services through deployment, configuration, and submissions.

Sources of Information: Where We Collect Your Data

We collect personal information from various sources to ensure the effectiveness and security of our services:

  • Directly from You: When you interact with us, you directly provide information like contact details, identifiers, commercial information, and professional details. This happens when you fill out forms, contact us, or use our website.
  • Office Visits: If you visit our physical offices or facilities, we may collect your contact information for security and administrative purposes.
  • Service Utilization: When you use Kandji services, your employer may provide us with personal information necessary to configure and support those services for your organization.
  • Automatic Collection: As you browse our websites and use our services, we automatically collect identifiers and internet/electronic usage data through technologies like browser cookies.
  • Third-Party Sources: We may receive identifiers and commercial information from third-party vendors and service providers who assist us in our operations.

How We Use Your Information: Purposes of Data Collection

We use your personal information for clearly defined purposes:

  • Transactional Purposes: To process orders from our corporate clients and fulfill requests for information or services. For instance, if you ask a question, we use your contact information to respond.
  • Marketing and Promotional Activities: We use contact information, identifiers, and usage data to improve our marketing, personalize your experience, deliver relevant content and offers, and communicate with potential corporate clients about our services through various channels, including targeted ads and email.
  • Record Keeping: We maintain records of customer purchases to manage renewals and facilitate future transactions.
  • Website and Service Improvement: We analyze internet and electronic usage data to understand how users interact with our online platforms, allowing us to improve our website, services, and marketing efforts. We use identifiers to associate users with devices within corporate accounts, providing visibility for both us and our corporate customers.
  • Product and Service Development: We utilize contact, identifier, commercial, and professional information to create, maintain, personalize, and secure user accounts. This data helps us provide support, personalize offerings, develop new features, and facilitate user interaction with our services. We may also use generative AI to process customer feedback to improve our services, which may include contact, identifier and employment information.
  • Security and Fraud Prevention: To protect our websites, services, databases, and business operations, we use various categories of personal information to maintain security, prevent fraud, conduct vendor due diligence, and protect against theft and misconduct.
  • Legal Compliance: We process personal information to comply with legal obligations, respond to legal proceedings, and protect our company, property, employees, and others through legal means.

Sharing Your Information: Who Has Access and Why

We share personal information in specific circumstances, always with a focus on maintaining your privacy:

  • Service Providers: We engage vendors and service providers (cloud hosting, analytics, payment processing, marketing, etc.) who need access to personal information to support our operations. These providers are contractually obligated to protect your data.
  • Affiliates: We may share information within our corporate family – subsidiaries, affiliates, and their successors – for business operations and service delivery.
  • Marketing/Analytics/Advertising Partners: We collaborate with third-party partners, including social media platforms, for marketing, analytics, and advertising purposes, such as sending marketing emails and targeted advertising.
  • Professional Advisors: We may share information with legal, financial, and other professional advisors when necessary for their services to us (e.g., lawyers, auditors).
  • Government Entities: We disclose information to regulatory and government entities to comply with legal obligations, respond to law enforcement requests, and as required by law or court order.
  • Corporate Transaction Recipients: In the context of mergers, acquisitions, or asset sales, we may share information with potential investors, purchasers, or merger partners and their advisors, subject to confidentiality agreements.
  • With Your Consent: We will share information with third parties if you explicitly consent to or direct us to do so.

Data Retention: How Long We Keep Your Information

We retain your personal information only for as long as necessary to provide you with services or products, fulfill the purposes outlined in this policy, comply with our legal obligations, resolve disputes, and enforce our agreements. If you wish to request that we no longer use your information to provide services, please contact us at [email protected].

Cookies and Tracking: Understanding Our Technologies

We utilize cookies, analytics, and other tracking technologies to enhance your website experience and improve our services.

Cookies and Tracking Technologies:

These technologies are small data files placed on your computer or device when you visit our website. They include cookies, web beacons, pixel tags, and similar tools. Cookies help us understand how you navigate our website, track your preferences, collect usage statistics, and personalize your experience. You can manage cookies through your browser settings (see www.allaboutcookies.org). You can also adjust your cookie preferences here.

Do Not Track Signals:

While some browsers offer “Do Not Track” features, there is no universal standard for responding to these signals. Our sites are not currently configured to respond to “Do Not Track” signals. For more information, visit https://allaboutdnt.com/.

Security Measures: Protecting Your Data

We implement industry-standard security measures – technical, organizational, administrative, and physical – to protect your personal information from unauthorized access, use, or disclosure. However, no online transmission or electronic storage is completely secure. We encourage you to exercise caution when sharing information online.

Children’s Privacy: Not Intended for Children Under 13

Our website and services are not intended for children under 13 years of age, and we do not knowingly collect personal information from them. If we become aware of collecting data from a child under 13, we will take steps to remove it. If you are a parent or guardian and believe we may have collected your child’s information, please contact us immediately at [email protected].

Marketing Communication Choices: Opting Out

You have the right to opt out of receiving marketing emails and newsletters from us at any time. You can use the opt-out mechanism provided in our marketing communications or contact us directly using the details in the Contact Us section. Even if you opt out of marketing messages, we will still send you essential communications related to your relationship with us, where permitted by law.

International Data Transfers: Moving Data Across Borders

Kandji is based in the United States, and we may transfer data to the US if you or your users are located in other countries. When we transfer data internationally, we implement safeguards such as Standard Contractual Clauses approved by the European Commission and other security measures required by applicable laws to protect your data. We also ensure that our third-party vendors adhere to these same standards. While we are committed to data privacy, we do not currently participate in the Data Privacy Framework.

Data Privacy Framework Compliance

Kandji, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce. We have certified our adherence to the DPF Principles regarding the collection, use, and retention of personal information transferred from the European Union, United Kingdom, and Switzerland to the United States. In case of any conflict between this Privacy Policy and the DPF Principles, the DPF Principles will govern. To learn more about the Data Privacy Framework program and view our certification, please visit the Data Privacy Framework website.

If you have any inquiries or complaints related to our handling of personal data under the DPF, please first contact us at [email protected] or call us at 855-877-1866.

For unresolved complaints related to the DPF Principles, Kandji commits to refer them to JAMS DPF Dispute Resolution, an alternative dispute resolution provider in the United States. If you do not receive timely acknowledgment or resolution of your complaint from us, please visit JAMS DPF Dispute resolution for more information or to file a complaint. These services are provided to you free of charge.

Under certain conditions, if your DPF complaint remains unresolved through other channels, you may have the option to invoke binding arbitration for residual claims. Please refer to the Data Privacy Framework Annex 1 for details.

The Federal Trade Commission (FTC) has jurisdiction over Kandji’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

Kandji is accountable for personal data received in the United States under the Data Privacy Framework and onward transfers to third parties. We remain liable under the DPF Principles if our third-party agents process personal data inconsistently with the Principles, unless we can prove we are not responsible for the event causing the damage.

Lawful Basis for Data Collection

When you voluntarily provide us with personal information, such as when requesting a service demonstration, we have a legitimate interest in using that information to respond to your request. For users outside the United States, we collect personal information automatically with your consent, obtained via a pop-up banner when you first visit our website. You can manage tracking through your browser settings or revoke your consent. The legal basis for collecting payment information is to facilitate contract execution when you make a purchase.

Your Privacy Rights: Empowering You with Control

Kandji is committed to providing privacy rights to our customers, users, employees, and business contacts. Even if you reside in a jurisdiction without specific privacy laws, we will consider your requests, applying our discretion in processing them.

If you use Kandji services through a corporate account, please direct any rights requests to your company, as they control your account data. We will forward any requests received by us to the relevant company.

Common privacy laws grant individuals the following rights, subject to certain exceptions:

  • Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you, the sources of the information, the purposes for collection, and the categories of third parties with whom we share it.
  • Right to Access/Portability: You can request a copy of your personal information in a portable format.
  • Right to Deletion: You can request the deletion of your personal information, although legal exceptions may apply.
  • Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information.
  • Right to Limit Use of Sensitive Personal Information: You can direct us to limit the use of your sensitive personal information to specific purposes allowed by law.
  • Right to Correction: You can request the correction of inaccurate personal information we hold about you.
  • Right to Opt-Out of Automated Decision-Making: You can opt out of automated decision-making, including profiling, used in recruitment processes.
  • Right to Object to Processing: You can object to the processing of your personal data for marketing purposes at any time, free of charge. Objections to other processing activities will be assessed to ensure they are compatible with local laws.
  • Right to Withdraw Consent: If we process your data based on consent, you can withdraw your consent at any time.
  • Right to Data Portability: You have the right to obtain and reuse your data across different services, including transferring it to yourself or another third party.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

If you use the Global Privacy Control (“GPC”) browser signal, it will only opt you out of online sales or sharing of personal information. You need to enable it for each browser you use. To opt out of offline sales and sharing not covered by GPC, please use our webform or phone number.

We will provide you with an opt-in or opt-out choice before sharing your data with third parties (other than service providers) or using it for purposes beyond the original collection purpose. To limit the use and disclosure of your personal information, please submit a written request to [email protected].

Exercising Your Privacy Rights:

To exercise your privacy rights, please submit your request through our Privacy Rights Request Form, email us at [email protected], or call us at 855-877-1866. For all requests, you must provide your name, email address, phone number, and mailing address. Failure to provide complete information may hinder our ability to process your request. For online deletion requests, we will send a second verification to confirm your request.

To authorize an agent to act on your behalf, please send a signed written authorization to [email protected].

Region-Specific Disclosures: Additional Rights

Certain jurisdictions provide residents with additional privacy rights. Please see the sections below for information specific to your region.

California Consumer Privacy Act (CCPA):

This section applies to California residents and our compliance with the CCPA, including the California Privacy Rights Act (CPRA).

Categories and Sources of Personal Information:

In the preceding 12 months, we have collected the following categories of personal information: contact information, identifiers, financial information, commercial information, internet or electronic usage data, and professional or employment information. Detailed information on the specific data points and sources can be found in the Categories of Personal Information We Collect and Categories of Sources From Which We Collect Personal Information sections above.

Sale of Personal Information:

In the preceding 12 months, we have not “sold” personal information as defined by the CCPA. We do not knowingly sell the personal information of minors under 16 years of age.

Sharing of Personal Information:

We have not “shared” and do not “share” personal information as defined by the CCPA. We do not knowingly share the personal information of minors under 16 years of age.

Use or Disclosure of Sensitive Personal Information:

In the preceding 12 months, we have not used or disclosed sensitive personal information in a way that triggers the right to limit use and disclosure under the CCPA.

Purposes of Data Use:

We collect personal information for the business and commercial purposes described in the Purposes for Collecting Personal Information section.

Disclosure for a Business Purpose:

In the preceding 12 months, we have disclosed the following categories of personal information for business purposes to the listed categories of third-party recipients:

Category of Personal Information Categories of Third Parties
Contact Information – Service providers – Corporate customers who retain us
Identifiers – Service providers – Corporate customers who retain us
Financial information – Service providers – Corporate customers who retain us
Internet or Electronic Usage Data – Service providers – Corporate customers who retain us
Professional or Employment Information – Service providers – Corporate customers who retain us

A list of our authorized service providers (sub-processors) is available here. For a broader description of recipients and business purposes, please see the How We Share Personal Information section.

California “Shine the Light” Law:

California residents have the right to request information about how we share their personal information with third parties for those parties’ direct marketing purposes, as per the “Shine the Light” law (Cal. Civ. Code § 1798.83). To make such a request, please contact us at [email protected] with “CA Shine the Light” in the subject line.

You may also contact the Complaint Assistance Unit of the Division of Consumer Services of California’s Department of Consumer Affairs at 400 R Street, Suite 1080, Sacramento, California 95814, or by phone at (916) 445-1254 or (800) 952-5210.

EU and UK General Data Protection Regulation (GDPR):

Under the GDPR, we are required to provide residents of the European Economic Area and the UK with specific information. This privacy policy aims to fulfill those requirements through its comprehensive and transparent disclosures.

Contact Us: We Are Here to Help

If you have any questions about this Privacy Policy, our data practices, or wish to contact Kandji’s Data Protection Officer, please email us at [email protected]. You can also call us at 855-877-1866 or write to us at:

[Kandji’s Physical Address – This would be populated with the actual address]

Policy Updates: Staying Informed

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When we make changes, we will post the updated policy on our website and revise the “Effective Date” at the top of this policy. Your continued use of our website or services after changes are posted signifies your acceptance of the updated policy.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *