Privacy Policy

Kompliant (“Kompliant”, “us”, “our”, or “we”) is committed to protecting the privacy of individuals who visit the www.kompliant.net website.

This Privacy Policy describes the privacy practices for www.kompliant.net and applies solely to information collected by the website or provided to us by you. This policy contains the following:

  1. What information is collected from you through the website or provided to us by you that could be used to identify you, how it is used and with whom it may be shared.
  2. What choices are available to you regarding the use of your data.
  3. Cross-border transfers of your data.
  4. The security procedures in place to protect the misuse of your information.
  5. How you can correct any inaccuracies in the information.

If you continue to use our website, then you have given your consent to the data collection and processing by Kompliant as described in this policy.

Information Collection, Use, and Sharing

We only have access to and collect information that you voluntarily give us via email or other direct contact from you. As a result of the information that you provide to us, we may have information that could be used to identify you such as your name, address, email address, telephone number, etc.  This information is referred to as personally identifiable information or “PII”.  Since we know that PII is highly sensitive information, we treat it with a high level of security.

We will only use your PII to respond to you regarding the reason you contacted us, such as product inquiry, place an order, support issues, or general customer service needs.  Your PII will be used solely by Kompliant to process your request.  We will neither sell nor rent this information to any third party unless it is necessary to accomplish your request, e.g., processing your credit card purchase or shipping your order to you.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Your Access to and Control Over Information

You may opt out of any future contacts from us at any time. You can request that we take certain actions listed below at any time by contacting us via the email address or phone number provided on our website:

  • See what data we have collected from you, if any.
  • Change/correct any data we have about you.
  • Have us delete any of your data.
  • Express any concern that you have about our use of your data.

Cross-border Transfers of Your Data

Information that we collect from you, including PII, may be transferred across borders from your country to other countries.  Whether such cross-border transfer of your data will occur will depend on your location, the nature of your request and the location of our data processing center.  If you are located in a country with data privacy laws governing data collection and use please note that by making your request of Kompliant, you are consenting and permitting the transfer of information, including PII, to countries that may not have the same data protection laws as your own country.

Security

We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Wherever we collect sensitive information it is encrypted and transmitted to us securely. You can verify this by looking for a small lock icon on the address bar and looking for “https” at the beginning of the address of the Web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to your PII. The servers on which we store PII are kept in a secure environment with limited access.

Registration

On this site you may be asked to complete the registration form to receive additional information. During registration, a user is required to give certain information (such as name and email address). This information is used to contact you about the products/services on our site in which you have expressed interest. 

Cookies

We use “cookies” on this site. A cookie is a piece of data stored on a site visitor’s hard drive to help us improve your access to our site and identify repeat visitors to our site. For instance, when we use a cookie to identify you, you would not have to log in a password more than once, thereby saving time while on our site. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site. Usage of cookies on our site is in no way linked to any personally identifiable information.

Privacy of Minors

Although our products and services are not geared to attracting minors, a minor may enter our website.  We endeavor to comply with child protection of online privacy legislation and undertake not to collect data from users that are known to us to be minors of the age of 13 or younger.  If you are 13 years of age or younger, please stop your use of our website.  The age used to determine whether a person is a minor may change according to the jurisdiction where you are located.  Please know that it is Kompliant’s policy not to collect any data from a minor, wherever located.  If we or you determine that we have inadvertently, without knowledge, collected PII from a minor, such information will be permanently deleted from our files upon becoming aware of information collected from a minor.

Kompliant complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries transferred to the United States pursuant to Privacy Shield.  Kompliant has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Kompliant is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.

Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States.  Upon request, we will provide you with access to the personal information that we hold about you.  You may also correct, amend, or delete the personal information we hold about you.  An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to privacy@kompliant.net.  If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.  To request to limit the use and disclosure of your personal information, please submit a written request to privacy@kompliant.net.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Kompliant’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Kompliant Inc remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Kompliant proves that it is not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, Kompliant commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints should first contact Kompliant Inc by email at privacy@kompliant.net.

COMPANY has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.

Changes to Privacy Policy

We reserve the right to amend or update this privacy policy at any time. We may or may not notify you of such changes, however, you can always view the most current version of this privacy policy at any time at: www.kompliant.net.  The date of the last revision appears at the end of this policy.  Once the revision is effective, your use of our services and your data will be governed by the most recently revised privacy policy.  If you do not want to be bound by the changes to the privacy policy you may revoke your consent by contacting us as described above and ask that we delete your data from our database.

Links

This website may contain links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.

Do Not Track (for California residents only)

Do not Track (“DNT”) is a setting provided by your browser (depending on the browser used) that you can activate in your browser’s settings to let Internet sites know that you do not want them collecting certain information about you. Currently we cannot respond to DNT signals. As a result, we do not afford different treatment to California residents whose browsers send a DNT signal as opposed to those without this setting.

If you feel that we are not abiding by this privacy policy, you should contact us at privacy@kompliant.net.

Last revised: July 1, 2021

Kompliant’s GDPR Statement

Kompliant believes that individuals should be in control of their Personal Data and recognizes that the need for strong, customer friendly identity proofing solutions has never been greater.  As Personal Data is continuously at risk, we strive to create trusted solutions that put individuals at ease and give them control of their data, while simultaneously allowing businesses to address the appropriate level of risk and offer the appropriate security.  Kompliant, as a data processor under the GDPR is compliant with the rigorous demands of the legislation and we want to work and cooperate with our current and future partners and be prepared to meet the requirements of the GDPR together.

GDPR Regulation

The General Data Protection Regulation (“GDPR”) is a legal framework that sets guidelines for the collection and processing of Personal Data of individuals within the European Union (EU). Any company that holds personal data of EU residents or processes data of EU residents is accountable under the GDPR, regardless of the company’s physical location.

Kompliant’s Security Measurements

Kompliant has implemented technical and organizational measures to ensure the security of the Personal Data while the data is in Kompliant’s possession or control. The security measures that Kompliant has implemented include, but are not limited to:

  • Encryption of the Personal Data during transmission;
  • Prevention of accidental or unauthorized access, reading, copying, modification, removal or destruction of the Personal Data;
  • Access is restricted to Kompliant’s employees who have a “need to know” in order to carry out the purpose of the processing and all of those employees are under an obligation of confidentiality with Kompliant;
  • Training of Kompliant’s employees regarding the proper handling of Personal Data;
  • The data center where the Personal Data is processed and/or stored has restricted access;
  • Use of technological means (e.g. firewalls) to prevent unauthorized access to the Personal Data while it is in Kompliant’s possession or control;
  • A disaster recovery plan which allows the restoration of all Personal Data in the event of a catastrophic event;
  • Logging of all processing activity of the Personal Data which records when the Personal Data was processed, what processes the Personal Data underwent, anyone that accessed the Personal Data, where and when the Personal Data was transmitted and when the Personal Data was erased from Kompliant’s services; and
  • Annual review and evaluation of the adequacy of Kompliant’s security measures.

Data Subject’s Access to the Personal Data

Kompliant’s Data Protection Officer (“DPO”) may be contacted at privacy@kompliant.net.

Data Subjects may contact the DPO about all issues related to processing of their Personal Data and exercise all of their rights under the GDPR. A Data Subject is entitled to request and the DPO shall respond without undue delay to the following:

  • To know the content of the Personal Data being processed and/or stored by Kompliant
  • Correction, amendment, or deletion of their Personal Data if inaccurate
  • To whom the Personal Data has been disclosed
Disclaimer

The information given to you by Kompliant concerning technical, legal, or professional aspects of Kompliant’s compliance with the GDPR is for informational purposes only and does not constitute legal or professional advice nor create any legal obligation or liability on the part of Kompliant.

Last revised:  July 1, 2021

CCPA Privacy Notice

Privacy Statement – California

This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS supplements the information contained in Kompliant, Inc.’s or its subsidiaries’ (collectively “we”, “us”, or “our”) Privacy Shield Policy, GDPR Statement, Kompliant Customer Experience Privacy Statement, AssureID Connect Privacy Statement, and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). This notice is intended to comply with the California Consumer Privacy Act of 2018 (“CCPA”) which is effective as of January 1, 2020 and other California Privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice. This Notice does not cover personal information not subject to the CCPA rights.

Information We Collect

We collect several types of information from and about users of our Website and/or Products, including information:

  • By which you may be personally identified, such as name, postal address, e-mail address, telephone number or any other identifier by which you may be contacted online or offline (“personal information”); and/or
  • That is about you but is anonymized so that the collected information does not identify you.

We collect this information:

  • Directly from you when you provide it to us.
  • Automatically as you navigate through the site or use any of our Products. Information collected automatically may include usage details, IP addresses, and information collected through cookies, and other tracking technologies.
  • From third parties, for example, our business partners.

Personal information does not include:

  • Publicly available information from government records.
  • De-identified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, like:
    • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
    • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

Use of Personal Information

We use information that we collect about you or that you provide to us, including any personal information:

  • To present our website and its contents to you;
  • To provide you with information, products, or services that you request from us;
  • To fulfill any other purpose for which you provide it;
  • To notify you about changes to our website or any products or services we offer or provide through it;
  • For testing, research, analysis and product development;
  • As necessary or appropriate to protect the rights, property or safety of us, our clients or others;
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
  • And, as described to you when collecting your personal information or as otherwise set forth in the CCPA.

We will not collect additional personal information data or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. We also do not sell personal information, so we don’t have an opt-out feature.

Sharing Personal Information

We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing privacy@kompliant.net.

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child (16 years old or younger).

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. Any additional requests during the same 12-month period will be processed by us after payment of an administrative fee. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We will work to respond to a verifiable consumer request within forty-five (45) days of receipt. If we need more time (up to 45 or 90 days), we contact you in writing with the reason and necessary extension period. Written responses will be delivered by mail or electronically, at your request. Disclosures we provide cover only the 12-month period prior to receipt of your verified request’s. If applicable, the response we provide will also explain the reasons we cannot comply with a request. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without issue, specifically by electronic mail communication.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Changes to Our Privacy Policy

We reserve the right to amend or update this CCPA Privacy Notice at any time. We may or may not notify you of such changes, however, you can always view the most current version of this privacy policy at any time at: www.kompliant.net. The date of the last revision appears at the end of this policy. Once the revision is effective, your use of our services and your data will be governed by the most recently revised CCPA Privacy Notice. If you do not want to be bound by the changes to the Privacy Notice, you may revoke your consent by contacting us as described above and ask that we delete your data from our database.

Contact Information

If you have any questions or comments about this notice, the ways in which we collect and use your information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us a:

Website: www.kompliant.net

Email: privacy@kompliant.net