Please note that a separate agreement governs delivery, access, and use of the Services (the "Customer Agreement"), including the processing of any messages, files or other content submitted through Services accounts (collectively, "Customer Data"). The organization (e.g., your employer or another entity or person) that entered into the Customer Agreement ("Customer") controls their instance of the Services (their "decision making tools" or "Surveys" or Other) and any associated Customer Data. If you have any questions about specific decision-making tool settings and privacy practices, please contact the Customer whose decision-making tool you use. If you have received an invitation to join a decision-making tool in a Slack workspace but have not yet created an account, you should request assistance from the Customer that sent the invitation.
INFORMATION WE COLLECT AND RECEIVE FROM YOU
We may collect and receive Customer Data, and Automatically Generated Information and data ("Automatically Generated Information ") in a variety of ways:
Customer Data. Customers or individuals invited to use a decision-making tool by a Customer ("Authorized Users") routinely submit Customer Data to us when using the Services, which may include: Company name, Slack domain name, organization structures, etc.
Personal Data. We process personal data through our Services on behalf of our customers and in accordance with applicable law. In order to use our Services, Personal Data provided by the Customer directly or indirectly (invitation to access Personal Data from a Workspace, or other) are accessible by Kona in order to generate and/or operate decision-making tools. Authorized Users may provide Kona us with their Personal Data directly at instances, for example when they provide feedback or request client support or in any way communicate with us. This Personal Data may include their name and contact information. We will not collect or process any sensitive Personal Data (as defined under applicable law) through Kona unless we have received express consent or as otherwise permitted by law.
Automatically Collected Information. We also collect, generate and/or receive automatically collected information (Automatically Collected Information) when you interact with our Services:
1. Usage Information.
Services Metadata. When an Authorized User interacts with the Services, metadata is generated that provides additional context about the way Authorized Users work. For example, we may log the decision-making tools, channels, people, features, content, and links you interact with, the types of files shared and what Third Party Services are used (if any).
Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our Website or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data. Report data. When you or Customer participates and/or generates a decision-making tool, we collect all supplied or relative information in view to produce and supply you and/or customer with results in form of a Report. Reports are archived and are retrievable by Customer. Reports may also be used for research, statistical purposes in order to improve our efficiency, update our Services, as well as feedback in order to create and launch marketing campaigns.
Device information. We may collect information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this Automatically Generated Information often depends on the type of device used and its settings.
Location information. We may receive information from you, your Customer and other third-parties that helps us approximate your location. We may, for example, use a business address submitted by your employer, or an IP address received from your browser or device to determine approximate location in order to align our Services with your current time-zone. We may also collect location information from devices in accordance with the consent process provided by your device.
Third Party Services.
Typically, Third Party Services are software that integrates with our Services, and Customer can permit its Authorized Users to enable and disable certain integrations, while other (e.g. invoicing, billing, payments’ integrations) are required for the operation of Sike Insights therefore Customer or Authorized Users are required to use if they intend to use our Services. Once enabled, the provider of a Third-Party Service may share certain information with us. Authorized Users should check the privacy settings and notices in these Third-Party Services to understand what data may be disclosed to us. When a Third-Party Service is enabled, our Services are authorized to connect and access Automatically Generated Information made available to us in accordance with our agreement with the Third-Party Provider. We do not, however, receive or store passwords or means of payment/ transaction details (for example credit-card numbers) for any of these Third-Party Services when connecting them to the Services. Furthermore, for purposes of Due Diligence, Analytics, Client Support, Quality Control and Communication we may employ Third Party Services in view to acquire information and data, as well as Personal Data, in order to comply with our legal, contractual or client service and support obligations as well as improve our product. Such services may include (list non-exhaustive) Google Analytics, Segment, Stripe, etc.
HOW WE USE YOUR INFORMATION
Customer Data will be used by us in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. We are a processor of Customer Data and Customer is the controller. Customer may, for example, use the Services to grant and remove access to an Authorized User, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Services.
In our role as a controller, our legal bases for processing your Personal Data are: 1) our legitimate interest in running and maintaining our business; 2) performance and fulfillment of our contracts; 3) your consent; and 4) compliance with our legal obligations. In many instances, more than one of these legal bases apply to the processing of your personal information.
More specifically, we use Personal Data:
- To provide, update, maintain and protect our Services, Website, and business. This includes use of Personal Data to support delivery of the Services under a Customer Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at an Authorized User’s request.
- As required by applicable law, legal process or regulation. - To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Personal Data to respond.
- To develop and provide search, learning and productivity tools and additional features. We try to make the Services as useful as possible for Customers and Authorized Users. For example, we may improve configuration functionality by using Personal Data to help determine and rank the relevance of content, series and hierarchy of questions to an Authorized User, make Services suggestions based on historical use and predictive models, identify organizational trends and insights, to customize a Services experience, create new productivity features and products and apply machine learning capabilities in view to further improve insights.
- For billing, account management and other administrative matters. we may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments. Such data and information will be furthermore retained and used as may be required by applicable law.
- To investigate and help prevent security issues and abuse.
- To provide Kona’s Reports.
We may aggregate or deidentify information in accordance with applicable law and use it for the purposes outlined above. If we link any Personal Data with information that we collect from Third Parties, we will treat that information in accordance with this Policy.GOOGLE APIKona’s use and transfer of information received from Google APIs (specifically users’ Google Calendar data) to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements. DATA RETENTION
We will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. Depending on the Services plan, Customer may be able to customize its retention settings and apply those customized settings. The deletion of Customer Data and other use of the Services by Customer may result in the deletion and/or de-identification of certain associated Personal Data. We will delete any Personal Data we process on behalf of our Customers if instructed to do so.
When we are a controller, we retain Personal Data about you necessary to fulfill the purpose for which that information was collected or as required or permitted by law. We do not retain Personal Data longer than is necessary for us to achieve the purposes for which we collected it. When we destroy your personal information, we do so in a way that prevents that information from being restored or reconstructed.
HOW WE SHARE AND DISCLOSE YOUR INFORMATION
This section describes how we may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and we do not control how they or any other third parties choose to share or disclose Information. Furthermore, insights may be visible or accessible by Authorized Users, we do not control how they or any other parties chose to share or disclose such Information.
- Customer’s Instructions. We may share and disclose Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and in compliance with applicable law and legal process.
- Displaying the Services. When an Authorized User submits Personal Data, it may be displayed to other Authorized Users. Please consult the FAQ for more information on Services functionality.
- Collaborating with Others. The Services provide different ways for Authorized Users to collaborate. Personal Data, such as an Authorized User’s profile Information, may be shared, subject to the policies and practices. - Customer Access. Owners, administrators, Authorized Users and other Customer representatives and personnel may be able to access, modify or restrict access to Personal Data and Customer Data. This may include, for example, your employer using Service features to export activity logs and reports. - Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Personal Data or Automatically Generated Information and support our business. These third parties may, for example, provide virtual computing and storage services. - Third Party Services. Customer may enable or permit Authorized Users to enable Third Party Services. When enabled, we may share Automatically Personal Data with Third Party Services. Third Party Services are not owned or controlled by us and third parties that have been granted access to Personal Data may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third-Party Services or contact the provider for any questions. If required by our policies or law, we will ask for your consent and/or the Customer’s before engaging any such service.
We take security of data very seriously. We employ physical, technical, and administrative procedures to safeguard the personal information we collect online and work hard to protect all and Personal Data you provide from loss, misuse, and unauthorized access or disclosure. These security practices are in line with industry best practices. However, no website or platform is 100% secure, and we cannot ensure or warrant the security of any information you transmit to the Services or to us, and you transmit such information at your own risk.
To the extent prohibited by applicable law, we do not allow use of our Services and Website by anyone younger than 13 years old. If you learn that anyone younger than 13 has unlawfully provided us with Personal Data, please contact us and we will take steps to delete such information.
INTERNATIONAL DATA TRANSFERS
We may transfer your Personal Data to countries other than the one in which you live for the purposes described above. We also may subcontract the processing of your data to, or otherwise share your data with, affiliates or third parties in the United States or countries other than your country of residence. The data-protection laws in these countries may be different from, and less stringent than, those in your country of residence. By using the Services or by providing any personal or other information to us, you expressly consent to such transfer and processing. When transferring data internationally from the EU or UK, we may rely on Standard Contractual Clauses or the UK International Data Transfer Agreement to meet the adequacy and security requirements for our Customers in those regions.
As noted previously, we are generally a “processor” in relation to Customer Data that we process, including any Personal Data that we process on behalf of our Customers. If you have any questions about specific decision-making tool settings and privacy practices, including the rights that may be available to you, please contact the Customer whose decision-making tool you use. If you are a resident of the EU, UK, or another jurisdiction with an applicable privacy law, you may have certain rights available to you in relation to Personal Data that we process as a controller. These rights may include: - The right to be informed about our data collection practices; - The right to access and rectify your data; - The right to erase or delete your data; - The right to data portability; - The right to restrict and object to the processing of your data (including for direct marketing purposes); - The right to opt-out of the sale of your information; - The right to opt-out of marketing emails and text messages; - The right to limit our use of any automated decision-making processes; - The right to lodge a complaint to your local data protection authority; and - The right to withdraw consent (to the extent applicable). You may contact us using the contact information below to exercise any of these rights.
DATA PROTECTION OFFICER
To exercise any of the rights outlined above or to otherwise communicate with our Data Protection Officer, please email email@example.com.