InputKit Privacy Policy

Updated May 23, 2018

InputKit is a hosted web application (“Service”) developed and maintained by PG WEB SOLUTIONS, doing business as “InputKit”.

We care about your personal data you entrust with us. Demonstrating InputKit’s engagement in personal data protection we are bringing you the key facts about how we handle personal data processing in InputKit.

We are GDPR ready and compliant

GDPR is the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Data Protection Officer

InputKit is a data controller and a processor of personal data provided in Service.

InputKit has its headquarters in Canada so we have appointed a representative and internal data protection officer (“DPO”) for you to contact if you have any questions or concerns about InputKit personal data policies or practices.

You can reach out to our Data Protection Officer at privacy@inputkit.io.

What do we do:

We provide a web application to gather customer feedback from our users’s customers. The main activity of InputKit is gathering Your data from various channels, grouping it, cross-referencing and categorizing in order to make it accessible in the most user-friendly way, allowing you to deliver the best possible experience for your customers.

In order to perform our Service we process:

  • (as a data controller) internet protocol (IP) of everyone who visits our service (“Visitor”)
  • (as a data controller) personal data of our customers (users of Service acting as Account Owner, Administrators – jointly referred to as (“You”));
  • (as a processor on Your behalf ) personal data of Your customers.

 

How do we collect personal data:

Visitors data

Where the website is used for informational purposes, so that You do not register as a user of the website or transmit other information to us, we do not collect any personal data, with the exception of the data which Your browser transmits to us in order to allow You to access the website. This data is:

IP address
Date and time of the query
Time zone difference to Greenwich Mean Time (EST)
Content of the request (specific site)
Access status/HTTP status code
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software.

Your personal data

InputKit collects personal data (name, email) during registration process and when You add new Users. InputKit also collects personal data such as IP address and API token when You use our Service.

If You activate new features it’s possible new personal data will be collected. We will always inform You on the legal grounds and purposes of data collecting and also enable You to study the current Privacy Policy.

Your customer data

As a processor we do not collect any personal data without Your consent – we process Your customers’ personal data on Your behalf, which You have collected and explicitly provided to the Service. All this data belongs to You, we store it on our servers to support all of the Service’s features and remove them whenever You instruct us to.

We also provide You with features that enable You to profile Your customers by tracking their movements on the Knowledge Base (KB), by tracking read emails opened by Your customers as also we collect Your customers’ satisfaction ratings (for further information please visit Tracking and Profiling).

What kind of data do we process

Your personal data

Name;
Email addresses;
Billing information – which we do not store ourselves, we use Stripe for this purpose to ensure the best security of Your billing information;
Internet protocol (IP);
API token;
Cookies;
We collect information how You use our Service, i.e. which features You use the most, which pages You visit, which buttons You click. We use cookies – you can find more info in the Cookies section.

Your customer data:

This category is all data You give us access to in order for us to process it, store it and present it to You in the most productive and user-friendly way to help You deliver the best support experience for Your customers.

We also build on top of these channels to give You additional features, such as collecting information regarding the time of opening an email by Your custome.

We also collect Your customers’ data which Your browser sends to us – please look at Visitors data.

We enable You to use third-party services.

If anything is unclear please contact our DPO at privacy@inputkit.io.

What are the legal grounds for processing data

We process Your data either on contractual ground (processing is necessary for the fulfillment of a contract or in order to take steps at Your request prior to entering into a contract) or when You have given us Your explicit consent.

We process Your customer data as processor pursuant to Data Processing Agreement.

What are the purposes of processing data:

Your personal data

Service performance including its development – email, name, billing information, API token, cookies, internet protocol (IP)
Marketing – email addresses, name
Service performance purposes means all data processing relevant to providing You with Service. This is information which we need for creating an account for You (name, e-mail address, billing information) but also to develop and maintain our Service (cookies, API token, internet protocol (IP). InputKit analyzes trends, tracks Your movements so we can adjust Service to Your needs.

Marketing purposes mean that we want to inform You about our new features and products and send You a newsletter regarding it via email.

You can always withdraw Your consent – more at Right to withdraw consent.

Your customer data

We process Your customer data on Your behalf so you can use InputKit.

We provide You with features that enable You to profile Your customers (tracking read emails).

Tracking and Profiling

Your personal data

We use online tracking which means InputKit collects certain information automatically and stores it in log files and databases. The information includes internet protocol (IP) addresses, browser type, operating system and other usage information about the use of the InputKit’s website, including a history of the pages You visit in InputKit. InputKit analyzes trends, tracks Your movements, and gathers this information in order to make better decisions in terms of product development, so it better suits Your needs and also for assisting us in debugging issues You report to us via our own support channels.

Although online tracking is an automated process in which we collect personal data (Your movements online) InputKit does not make any predictions or draws no conclusion about an individual – You – on that account. We use online tracking only for Service development. We don’t create any profiles nor do we make any decisions concerning You that are made based on online tracking. We are not profiling You.

Your customer data:

We use email read receipt tracking as a feature of Service. We collect Your customers’ satisfaction ratings and feedback.

Your customers are being profiled on Your behalf.

If you are a customer please contact your data controller – this is an entity you interact directly with.

In case of any doubts please contact our privacy@inputkit.io.

Cookies

A cookie is a small amount of data which often includes an anonymous unique identifier that is sent to Your browser from a web site’s computers and is stored on Your computers hard drive. Cookies are required to use InputKit in order to uniquely identify Your browser and user preferences while logged in.

You can control and/or delete cookies as You wish using Your browser preferences. You can delete all cookies that are already on Your computer and You can set most browsers to prevent them from being placed. If You do this, however, You may have to manually adjust some preferences every time You visit InputKit and some services and functionalities may not work.

Who do we disclose Your data to

We cooperate with several third parties, however we do not disclose any personal data to them without Your demand or consent. If You wish to use any of third-parties services You will be asked to agree to third parties’ terms and conditions (including privacy policies).

We are not liable for third parties compliance to data protection however we do not cooperate with any entity which does not demonstrate strong data protection care.

The list of third parties can be found here.

Where and to whom do we transfer Your data

In order to maintain and develop Service InputKit engages other entities. You gave us general written authorization in Data Processing Agreement.

InputKit notifies You if we intend to change the list so You have the opportunity to object to such changes.

Your rights

Access

You have a right to be informed about Your personal data processing, including the source of Your data collection, the purpose of its processing and how long it will be stored.

If You have any question regarding Your personal data please contact our DPO at privacy@inputkit.io.

Rectification:

You have a right to access and change Your personal data provided during registration or creating an account. You can do this in the Profile section of Your Account Settings.

More info about Your rights as a Service user here (active link – Knowledge Base).

Erasure (“right to be forgotten”):

In line with GDPR enforcement of the right to be forgotten, InputKit introduces internal procedures which will streamline this process.

In other words, You (as an Account owner and/or Admin) can decide whether You wish to permanently delete a whole account, a user account or just specific personal data. If You decide so the process will be irreversible.

Deletion can be performed by either using a “delete” function next to an appropriate piece of data in the Service (for example, Delete Ticket) or by contacting us on privacy@inputkit.io when a built-in option is not available.

InputKit reserves the right to refuse permanent deletion for a legitimate reason, in particular, but not limited to if current business affairs are not yet finished.

Restriction on processing:

You have a right to demand ceasing processing your data or restricting its processing with respect to exceptions set forth in art. 18 GDPR.

If You have any question regarding Your restriction rights please contact our DPO at privacy@inputkit.io.

Portability:

If You need to export/import data to the Service in a way which is not available, please contact us at support@inputkit.io so we can help You with Your custom needs.

 

Right to withdraw consent:

You always can withdraw Your consent for processing Your data for marketing. To do so just contact us at support@inputkit.io.

Lodge a complaint

You have a right to lodge a complaint with the appropriate data protection authority if You have concerns about how InputKit processes Your personal data. For more information please contact our DPO at privacy@inputkit.io.

Cross-border CA – EU transfer

InputKit is established in the Canada. Information we collect from You and on Your behalf will be processed in the Canada.

The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. InputKit relies on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, InputKit collects and transfers to Canada. personal data only: with Your consent; to perform a contract with You; or to fulfill a compelling legitimate interest of InputKit in a manner that does not outweigh Your nor Your customers’ rights and freedoms. InputKit endeavors to apply suitable safeguards to protect the privacy and security of Your and Your customers’ personal data and to use it only consistent with Your relationship with InputKit and the practices described in this Privacy Policy.

Data storage

InputKit stores Your and Your customers’ personal data on the servers of the cloud-based database management services InputKit engages, located in the United States. InputKit is hosted at AWS which announced compliance with GDPR. For more information on their servers and security, please see AWS security whitepaper (https://aws.amazon.com/whitepapers/overview-of-security-processes/).

InputKit notifies You if we intend to change the list so You have the opportunity to object to such changes.

For more information regarding data storage contact our DPO at privacy@inputkit.io.

Retention

We keep all Your data that You have provided to us for the duration of Your business relationship with us and we remove data:

  • at Your explicit request (either via clicking the delete button next to a particular piece of data or via an email request to support@inputkit.io)
  • after You cancel Your account, at which point we remove Your data. This process takes up to 30 days to ensure all Your data is expunged from the system
    Most of personal data is deleted once You demand it or our business relation is ceased, however, we keep Your name and email address longer until all possible business affairs are finished.

For more information please contact our DPO at privacy@inputkit.io.

Security of data

We are committed to ensuring the best security for You, which means choosing the best hosting providers and data storage solutions, including those having ISO 27001 and PCI Level 1 certifications. We ensure encryption of communication not only between You and our servers but also internally between parts of our Service.

InputKit restricts access to Your personal data to those employees who need to know that information to provide benefits or services to You. We maintain an internal Security Policy which ensures that all sensitive information is always transferred using secure, encrypted channels. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of Your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

Legal obligations regarding data.

InputKit discloses personal data we process if necessary for the requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Changes and updates to the Privacy Policy

As InputKit changes from time to time, this Privacy Policy is expected to change as well. We reserve the right to amend the Privacy Policy at any time, for any reason. We will inform You about that change by sending to You an email. Remember to check our Privacy Policy website.

Contact & Questions

In case of any queries please contact InputKit’s DPO at privacy@inputkit.io.