Regional Data Protection Policy
Effective Date: March 1st, 2023
EU Privacy Policy Addendum
For those Customers residing in the European Union ("EU"), the following additional EU-specific provisions apply to our processing of your personal data. Personal data includes Account Information and Customer Data, as described more specifically in our Privacy Policy and this Regional Privacy Policy Addendum. Processing of personal data may be undertaken by Konfeeg as a data controller or as a data processor.
This Regional Privacy Policy Addendum is intended to comply with the General Data Protection Regulation, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation and referred to hereinafter as the “GDPR”), together with any replacement legislation or any equivalent legislation of any other applicable jurisdiction and all other applicable laws and regulations in any relevant jurisdiction relating to the processing of personal data and privacy (such as, without limitation, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector as may be amended from time to time).
Information We Obtain through Cookies and Similar Tracking Means
This Regional Privacy Policy Addendum remains subject to the Terms of Service and Regional Data Processing Addendum, as applicable between you and Konfeeg, and supplements the Konfeeg Privacy Policy. This Regional Privacy Policy Addendum will prevail over any conflicting information in the Konfeeg Privacy Policy. We may update this Regional Privacy Policy Addendum at any time, and without prior notice, and any changes will be effective as of the Effective Date listed on the updated Regional Privacy Policy Addendum.
To the extent required by applicable law, we will obtain your consent before collecting information by automated means using cookies or similar devices. Please refer to the Konfeeg Privacy Policy at https://konfeeg.com/privacy for more information on our Cookie Policy. We may also use personal data that you may provide in connection with such use of the website, through one or more vendors or partners, including but not limited to in connection with a request for information related to the Konfeeg Services, products, forums or service information, or registration for email communications. We may also use this personal data to improve our website and services, or ensure security of our website.
Processing of Other Information
Konfeeg processes personal data in order to provide the Konfeeg Services and as described more specifically in the Terms of Service and Privacy Policy. In order to provide the Konfeeg Services, Konfeeg processes the following personal data in connection with your creation and operation of a Konfeeg Account and as further described in the Privacy Policy: name, title, address, company information (if applicable), company website (if applicable), occupation, type of business/industry, telephone numbers, and email addresses. Konfeeg may also process the last four digits of your credit card number, expiration date and billing address. All other credit card and other payment information is processed by Konfeeg’s credit card processing vendor identified at the bottom of this Regional Privacy Policy Addendum. Collectively, all such Customer personal data collected, maintained and used in connection with your Konfeeg Account is referred to as “Account Information”. Konfeeg is a data controller with respect to the processing of your Account Information.
Konfeeg may also process other data on your behalf which includes the personal data of your end-users, customers, clients, employees, patients or other individuals (Data Subjects”) that you may create, maintain, use, disclose, provide or otherwise make available to Konfeeg in connection with the Konfeeg Services and as described in the Privacy Policy. Collectively, all such personal data of Data Subjects is referred to for purposes of this Regional Privacy Policy Addendum as Customer Data. Konfeeg processes such Customer Data as a data processor. You are solely responsible for how you may further process Customer Data in connection with the Konfeeg Services, including your processing of any personal data in compliance with the GDPR. Konfeeg will never use or disclose Customer Data for marketing, advertising or other similar commercial purposes.
We may process the personal data we obtain as described in this Regional Privacy Policy Addendum for the duration of the Konfeeg Services that we provide in accordance with the Terms of Service or as reasonably related to your use of the Konfeeg website. We may process personal data where processing is necessary for compliance with a legal obligation to which Konfeeg is subject. We may also be required to process and retain limited Account Information after you have terminated use of the Konfeeg Services in order to maintain accurate business records of the Konfeeg Services that we provided to you.
Access, Correction and Erasure
You have a right of access to certain personal data under the GDPR. You also have the opportunity to correct, amend or delete personal data which may be inaccurate or which Konfeeg may have processed in violation of the Applicable Data Protection Laws. You may update, change or delete your Account Information with Konfeeg at any time by logging into your Account and updating such information. Any such change would take immediately except to the extent that Konfeeg would not be required to agree to the requested change.
For all other Customer Data that you maintain or otherwise process in your Account, you have access and control over such personal data, including the ability to correct, amend or delete any and all personal data which may be collected through or maintained in your Account. You are able to transfer Customer Data to and from your Account at any time, and we recommend that you do so prior to deleting your Account for any reason. To the extent that you maintain personal data of any Data Subject in your Account, you are solely responsible for according to the Data Subject any right of access, right of erasure, opportunity to correct, and any other applicable rights to which she or he may be entitled under the GDPR.
Please contact the Data Protection Officer by visiting https://konfeeg.com/contact if you have any questions about your rights under the GDPR with respect to Konfeeg’s processing of your personal data.
Data Transfers and Location
Konfeeg commits to resolve complaints about our collection or use of your personal information. EU individuals with questions or complaints regarding Konfeeg’s compliance with the EU-US Privacy Shield Framework should contact: complaints@konfeeg.com or visit https://konfeeg.com/contact. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU data protection authorities for more information or to file a complaint.
Account Information and Customer Data may be accessed by our support staff employees and agents who reside within the United States for debugging, troubleshooting, programming and other related administrative or technical activities required to provide the Konfeeg Services. In the event that personal data covered by this Regional Privacy Policy Addendum would be transferred to a third party outside of the EU, including any processors or sub-processors, we would do so: (i) consistent with any notice required to be provided to you, any applicable consents, and/or the Regional Data Processing Addendum; (ii) if required or permitted by the GDPR or applicable law; or (iii) if the third party has provided contractual assurances that it will (a) process the personal data for limited and specified purposes consistent with any consent required by applicable law, (b) provide the same level of protection as is required by the Regional Data Processing Addendum, the EU-US Privacy Shield Framework, and/or the GDPR and notify Konfeeg if it makes a determination that it cannot do so; and (c) cease processing of the personal data or take other reasonable and appropriate steps to remediate if it makes such a determination.
We may, in connection with your use of our website, or in connection with the provision of the Konfeeg Services, utilize one or more data processors or sub-processors, or share your personal data with another third party data controller. We will comply with the GDPR when transferring your personal data to any such third party. We will additionally comply with the terms of the Regional Data Protection Addendum when providing your personal data to any sub-processor.
Invalidation of the EU-US Privacy Shield Framework:
Konfeeg is aware of the Court Justice of the EU’s decision invalidating the Privacy Shield as a mechanism for authorizing data transfers to the US from the European Union. Konfeeg currently maintains a dedicated data center for its EU customers within the EU and only allows limited “view-only access” by US staff for troubleshooting and technical support purposes. Although Konfeeg participates in the Privacy Shield, Konfeeg routinely executes Data Protection Addendums with its EU customers which incorporate the Standard Contractual Clauses.
Our Vendors
Sub-processors and data controllers which Konfeeg has a relationship with include:
- Stripe– processes the credit card information you provide in connection with your payment for the Konfeeg Services.
- Google Analytics– collects information about visitors to our website through use of cookies and other browser session information. Information also may be collected in order to maintain your identity when logged into your Konfeeg Account. Please refer to the Cookie Policy, available at https://konfeeg.com/cookies.
- Amazon Web Services– used to host user data and provides the infrastructure Konfeeg runs on.
- MailChimp– user data for any email marketing uses is maintained in MailChimp.
- Slack– user and applicant data is discussed in chat in Slack.
- Google– user, employee and applicant data is maintained in Google through products like Gmail or Drive.
- Intercom– user data for product troubleshooting & support and product news is maintained in Intercom.
- Zendesk– user data for product support and troubleshooting is maintained in Zendesk.
- Profitwell- Stripe analytic data is maintained in Profitwell.
- Appcues- user onboarding and engagement data is maintained in Appcues.
We will use reasonable efforts to keep this list of current and notify you in the event of any changes through this Regional Privacy Policy Addendum.
Additional Information on Privacy Practices
Please refer to the full Konfeeg Privacy Policy for additional information on our privacy practices, available at https://konfeeg.com/privacy.