We at Kenbox are committed towards your privacy regarding any information that we collect, while you use our software applications and websites, collectively called the Services.
Data Controller and Data Processor:
We process two main types of personal data.
- Customer Data – Personal data that forms part of data that is provided by our customers and their end-users for processing. We are Processor of this data.
- Other Data – Personal data about our visitors and other individuals that is collected and processed directly for marketing purpose. We are Controller of this data.
Kenbox will use the Customer’s Personal Data for the purpose of providing relevant Services subscribed by the Customer as per the contract and not for any other marketing purposes.
What information do we collect?
As customers, you provide us with data for processing as part of usage of our Kenbox application.
Customer Data is processed by us when the customers or their end-users, provide us or upload information into the service. For example, customers who uses our application may upload Customer Data about themselves or their employees.
This data includes recruitment related data, payroll data, employee details, employee bank details, tax records etc.
Customer’s data that is necessary to create user accounts.
For creation of user accounts, customers provide their name, email address, password, job title, telephone number and correspondence address.
We collect data when you use our applications/websites or provide it directly to us.
- Log Data – Our servers automatically collect information when you access or use our applications and services. This data is recorded in log files. Examples of such data include IP Address.
- Subscription Data – We also collect the information that you provide to us as part of signing up for our newsletters, or request demo of our products.
- Contact Us Data – When you enquire about our products and services, we collect and store this data to communicate with you and respond to your enquiry.
- Seminars and Conferences – We collect and retain the information that you provide during any events and seminars.
Other data that we collect:
Apart from data that you provide us directly, we also collect data from social media websites such as LinkedIn for our marketing and sales purposes.
We collect data through cookies.
How We Use Your Data?
How we use your personal data depends on which Services you use and how you use those Services.
Customer Data will be used by Kenbox in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and as required by applicable law. Kenbox is a processor of Customer Data and Customer is the controller.
Other Data is used to send our newsletters and to communicate with you effectively by responding to your requests, comments, and questions.
Lawful basis for processing
We have lawful bases to process your personal data. We have a legitimate interest in processing, in some cases use your consent as basis for lawfully processing your personal data.
We process your personal data only when we have a lawful basis. Presently, our lawful basis is performance of contract for processing of Customer Data and Legitimate Interest or Consent for processing Other Data. In some cases, we may also have a legal obligation to collect personal information from you.
Note: As you agree to a particular processing of your data with us, you also have a right to withdraw the consent at any time.
How we use Customer data?
We use your data to authenticate and authorize access to our services.
We only process Customer Data on behalf of our customers and in accordance with their instructions provided in the applicable Services agreement with us. We use your data to provide you a better experience and thus support you with our service. In each case, Kenbox collects such information only when it is extremely necessary or appropriate to fulfil the purpose of the interaction with our services.
- To provide Services. We process Customer Data as a Data Processor to provide services to our clients through the Kenbox application.
- To send emails and other communications. We may send you service, technical and other administrative emails, messages, and other types of communications. We may also contact you to inform you about changes in our Services and our Services offerings. These communications are considered part of the Services and you may not opt out of them unless you choose to not use our Services.
- Customer Support. If you send us a request (for example via a support email or via one of our feedback mechanisms), we respond to your request and assist you in resolving the issue faster.
- Other purposes: For any other purpose as provided for in the Services Agreement between Kenbox and the customer, or as otherwise authorized by the customer. In accordance with or as may be required by law.
How we use Other data?
We may send you service-related messages or marketing / promotional materials. You may choose to restrict the collection or use of your personal information.
We use Other Data to arrange demo of our products that you request for, send you promotional material and updates about the company or invite you to conference and events that are relevant to you. Direct marketing is carried out only if you give us consent to receive such communications from us.
Users under 18 years of age
The Sites and Services do not knowingly collect personal information from users under the age of 18.
If you are under the age of 18, you are not permitted to use the Services or to disclose Personal Information. If we learn we have collected or received Personal Information from a child under 18, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us.
Data Retention Policy
Customer Data – We retain your information as long as you have an active Services account. We may also retain your personal information for extended period under applicable statutory laws.
Kenbox will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and as required by applicable law. When you decide to stop using our services, we will either delete or return all Customer Data, as per your instructions.
You can request to access, update, or correct your personal information. You also have the right to object to direct marketing.
You may have additional rights pursuant to your local law applicable to the processing. For example, if the processing of your personal information is subject to the EU General Data Protection Regulation (“GDPR”), and your personal information is processed based on legitimate interests, you have the right to object to the processing on grounds relating to your specific situation. Under GDPR you also have the right to request for deletion or restriction of your personal data and ask for portability of your personal information.
Customer’s Rights to Control Data:
Whenever you use our services, we aim to provide you easy means to access, modify, delete, object to or restrict use of your personal information.
We strive to give you ways to access, update/modify your data quickly or to delete it unless we have to keep that information for legal purposes. Some rights can be access from within the Kenbox application. For visitors, these rights can be exercised by contacting us with your specific request.
- Right to Rectify: You can edit some of your personal data through your account. You can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
- Right to Erase: You can ask us to erase or delete all or some of your personal data (e.g. if it is no longer necessary to provide Services to you).
- Object or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g. if we have no legal right to keep using it) or to limit our use of it (e.g. if your personal data is inaccurate or unlawfully held).
- Right to Access/Take Your Data: You can ask us for a copy of your personal data that you have provided in machine readable form.
Customer information shared with others.
Recipients of your data
Your data will be shared with other recipients in order to provide you with services.
While we aim to limit the sharing of your data, at times, it is necessary to share your data with certain service providers. Examples of when and for what purpose your data is shared include data centre / hosting services, email marketing services, etc.
The following categories of recipient will most likely receive your data for us to provide services to you.
- Third Party Data Centre Services
- Third Party SMTP and SMS notification services such as SendGrid
- ERP for direct marketing and invoicing
To Comply with Laws: If we receive a request for information, we may disclose if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process. We may also share your data to an acquirer in the event of a sale of substantially all of our assets or other change of control transaction.
Cross-Border Data Transfers
Your data will be stored and processed in multiple countries including outside of the European Union (EU) Region
Since we are an international company, your data will be processed outside of the EU region. Your data will be processed within Third Party Data Centers in India and Singapore. Some countries where we process data may not have as protective laws as your own country and there are risks associated with such transfer.
Kenbox offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union, and other international transfers of Customer Data. These clauses are contractual commitments between parties transferring personal data (for example, between Kenbox and its Clients, suppliers or data processors outside the EU), binding them to protect the privacy and security of the data.
Security Measures to Protect Customer Data:
We implement security controls to prevent breaches and unauthorised access to your data.
We maintain reasonable and appropriate security measures to protect Customer Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Examples of security measures include physical access controls, HTTPS, restricted access to data, monitoring for threats and vulnerabilities etc.
If you have any questions or queries regarding this Policy, you may contact us through email at firstname.lastname@example.org .
If you are a resident of the European Economic Area and we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you have additional rights. If you are not satisfied with the resolution, you can also lodge a complaint with the Supervisory Authority in the country of your residence.