Effective Date: April 21, 2018
Last Updated: March 21, 2018
Kibo Software, Inc., and its subsidiaries (“Kibo”), respects the privacy of our website visitors, customers, partners, and employees. We believe it is important that you understand the kinds of data we collect about you, how we protect that data, and how it is used. We recognize the need for appropriate safeguards and management of Personal Data you provide to us. This Privacy Statement sets forth the privacy principles Kibo follows with respect to your Personal Information. This privacy statement covers all Personal Information received by Kibo at its website www.kibocommerce.com (the “Site”) as well as through Kibo’s eCommerce, order management, individualization, mobile point of commerce, and related services (collectively the “Kibo eCommerce Services”).
U.S.-EU PRIVACY SHIELD
Kibo is subject to the jurisdiction, enforcement, and investigatory authority of the United States Federal Trade Commission. Any questions, comments, or complaints about the data practices (including, without limitation, compliance with data privacy principles of notice, choice, onward transfer, access, security, data integrity, or enforcement) of one of the clients or partners for whom Kibo processes data, should be addressed to that client or partner.
GENERAL DATA PROTECTION REGULATION
Kibo also complies with European Union (“EU”) regulations regarding the processing and movement of personal data including the General Data Protection Regulation 2016/679 (the “GDPR”). Kibo believes privacy is a human right and supports the foundations of the GDPR including breach notification, the right to access, the right to be forgotten, data portability, and privacy by design.
INFORMATION COLLECTED BY KIBO
We collect information about your use of the Site. This information falls into two categories: Personal Data and Non-Personal Data. We want you to be informed about what data is collected, when it is collected, and what we do with the data. Unless otherwise stated, we do not share any of this data with third parties.
Personal Data is any information relating to an identified or identifiable natural person. Personal Data is data that makes it possible to identify you by reference to an identifier such as your name, identification number, location data, or other specific data points. Such information may include your name, address, email, telephone number, fax number, company, Site user name, Site password, billing or credit card information, or other similar information.
We collect Personal Data when you:
1. Register for an account or support account on the site
With your consent, Kibo collects the information you provide us such as you name, email address, physical address, employer information, username, location information, IP address and the like.
2. Request information about products or services
With your consent, Kibo collects the information you provide us such as your name, email address, employer information, country of residence, and phone number.
3. Register for an event, answer a survey, or correspond with us.
With your consent, Kibo collect the information you provide us such as your name, email address, employer information, country of residence, and phone number.
4. Download technical resources such as Kibo Whitepapers
With your consent, Kibo collects the information you provide us such as your name, email address, employer information, country of residence, and phone number.
5. Apply for a Job on the Site
Kibo collects information provided by you to evaluate your suitability for positions to which you apply. This information may include: your email address, name, address, location information, telephone numbers, work authorization information, gender, race, veteran status, work history, education history and the like.
KIBO’S USE OF PERSONAL DATA COLLECTED ON THE SITE
Kibo uses the personal data it collects through the Site to send you information about products or services, to respond to requests for technical or customer support; to track compliance with the Site’s rules and policies; to contact you in regards to Kibo products
or services, to deliver technical resources and documents to you in email form, to provide you with Kibo’s newsletters and other documents, to coordinate communication with you regarding events you have registered to attend, and to evaluate applicants for jobs listed on the Site. You have the option to opt-out of any secondary communications such as promotional communications by clicking on “opt-out” or “unsubscribe” on emails sent by Kibo. Kibo stores personal data in encrypted form on U.S. based servers. Kibo retains the personal data it collects on the site for no more than seven (7) years.
DATA ACCESS REQUESTS AND RIGHTS TO CORRECTION & ERASURE
The General Data Protection Regulations (GDPR) provides you with a right to receive a copy of the data/information we hold about you or to authorize someone to act on your behalf. To request this information, please complete the form located at https://kibocommerce.com/datarequest. Kibo responds to data access requests within 30 days receiving a completed request form with proof of identity.
The GDPR also provides you with a right to erasure and/or rectification (correction) of Personal Data in certain circumstances. To request erasure or correction of Personal Data collected by the Site, please complete the form located at https://kibocommerce.com/datarequest. Kibo responds to requests for erasure within 30 days of receiving a completed request form with proof of identity.
If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by Kibo to its affiliates and/or third parties for their direct marketing purposes. To make such a request, please complete the form located at https://kibocommerce.com/datarequest.pdf. Kibo responds to requests for erasure within 30 days of receiving a completed request form.
Non-Personal Data (“NPD”): NPD is information that cannot reasonably be used to identify or contact you. Such information may include browser information, domain names, and other anonymous or anonymized statistical data related to use of the Site.
The Site collects NPD to monitor user traffic patterns and Site usage. We may link some of this NPD to Personal Data for purposes such as personalizing and improving your experience on the Site and for general Site evaluation. More specifically, browser information is collected when you are using the Site through log files and third-party scripts that automatically collect information that may include, browser type, internet service provider, referring/exit pages, number of clicks, date/time stamp, and other similar information. Log files and third-party scripts may also collect general demographic and visit information. We use these log files and third-party scripts to help us analyze trends and to improve the value of the Site and services. Finally, we may also use third party scripts to collect NPD that is necessary to optimize effectiveness of advertisements appearing on other parties’ sites.
We also collect NPD which involves cookies, action tags, and web beacons. Cookies are stored on your computer’s hard drive and identify your web browser and the activities of your computer on the Site and other websites. Most browsers accept cookies automatically, but you may disable them. Cookies help us facilitate efficient site navigation, improve your experience on the Site and to allow us to take note of visits to the Site and show relevant ads on our website and across the Internet. Action tags, also known as web beacons or single pixel GIFs, are a web technology used to help track website usage information, such as how many times a specific page has been viewed. Action tags are invisible to you. Any portion of the Site, including advertisements or emails sent on our behalf, may contain action tags. Action tags can be used to count Site users, to deliver co-branded services, or to determine whether email messages have been opened or acted upon. Action tags may be used to conduct research on behalf of certain clients, to compile statistics for advertising purposes, for auditing purposes, or to report certain aggregate information. By using cookies and action tags together, we are able to gather information to improve the Site and measure the effectiveness of our advertising and marketing campaigns. Embedded URLs allow use of the Site without cookies and we utilize them as a tracking tool to collect NPD. Embedded URLs are exhibited as plain text or encoded extensions to the URL that appear in the browser address or location toolbar. They provide limited NPD about navigation on the Site during the current session.
As part of Kibo’s operation of its Site, we may contract with third-party providers to perform certain functions. These third parties may have access to Personal Data and NPD to the extent necessary to permit them to assist Kibo in performing the functions set forth above. The Site contains links to other sites. Please be aware that Kibo is not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave the Site and to read the privacy statements of each and every website. This Privacy Statement applies solely to information collected by this Site and the Kibo eCommerce Services.
Kibo Client websites may contain links to third-party sites for Visitors’ convenience and/or information. If a Visitor accesses those links, he/she will leave the Kibo client’s website and be re-directed to a third-party site. Kibo does not control those sites or the privacy practices of those third-party sites, which may differ from Kibo’s privacy practices and those of our client. We do not endorse or make any representations about third-party websites, and the personal data Visitors choose to provide to third-party websites is not covered by this Privacy Statement. We encourage Visitors to review the Privacy Statement of any Website or company before submitting their Personal Information to them.
We provide online forums as a means for our clients and other users of the Kibo eCommerce Services to communicate. If you use a forum, you should be aware that any personally identifiable information you submit through a forum can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. Kibo cannot be responsible for the PII you choose to submit in these forums.
KIBO AS A DATA PROCESSOR
DATA PROCESSED BY KIBO
Kibo is a Software-as-a-Service eCommerce platform that supports the businesses of many client retailers (“Data Controllers”). As a service provider, Kibo processes both Personal Data and Non-Personal Data on behalf of its clients, the Data Controllers.
KIBO Platform Services:
eCommerce and Order Management
Kibo’s eCommerce solution powers the consumer-facing web presence of retailers on both computer, and mobile browsers. Kibo’s Order Management System provides logistical support for order routing, fulfillment, shipment, inventory tracking and sales enablement. The Kibo eCommerce and Order Management Services are not a part of our corporate website. Kibo serves as a Data Processor for our clients who use these services. Kibo does not own the information that is submitted to its clients’ websites. The information that is submitted to our clients’ websites will be subject to our clients’ privacy policies/statements.
In providing its eCommerce and Order Management services, Kibo processes Personal Data in furtherance of online sales contracts for the purchase of goods entered into by our clients. This Personal Data includes your name, email address, physical address, country of residence, location data, phone number, payment card numbers, third party payment account identifiers, IP address, order history, account information, account identifiers and the like. Kibo processes this information to ensure that online orders are processed by shippers & fulfillers, to process payments related to online orders, to screen for fraudulent orders, to provide consumer and client support, and to send messages related to the placement, fulfillment, shipment and delivery of orders. Kibo’s eCommerce solution may also process information about client personnel to provide control functions for the eCommerce platform. This information may include personnel names, email addresses, account identifiers, IP addresses, physical addresses, location data, phone numbers, employer information, job function information and the like.
Kibo also processes NPD on its eCommerce and Order Management services and may link certain NPD to Personal Data for purposes such as personalizing and improving your experience on the client sites and for general client site evaluation. More specifically, browser information may be processed when you are using client sites through log files and third-party scripts that automatically collect information that may include, browser type, internet service provider, referring/exit pages, number of clicks, date/time stamp, and other similar information. Log files and third-party scripts may also process general demographic information. Kibo may also process NPD collected by Client sites using cookies, action tags, web beacons and Embedded URLs.
Kibo cannot be fully aware of and is not responsible for data collected by third party clients and/or data that is not processed by Kibo.
Mobile Point of Commerce
Kibo’s Mobile Point of Commerce (“MPOC”) solution powers mobile checkout, registration, purchases, and the placement of orders, for delivery or in-store pickup on a mobile tablet used by client associates. In providing this service, Kibo processes Personal Data in furtherance of Point of Sale sales contracts, orders, or registration contracts entered into by its Data Controller clients. This Personal Data may include your name, email address, physical address, country of residence, location data, phone number, payment card numbers, third party payment account identifiers, IP address, order history, account information, account identifiers and the like. Kibo processes this information to ensure that orders placed are processed by shippers & fulfillers, to process payments, to screen for fraudulent orders, to provide consumer and client support, and to send messages related to the placement, fulfillment, shipment and delivery of orders. Kibo’s MPOC solution may also process information about client personnel to provide control functions for the MPOC platform. This information may include personnel names, email addresses, account identifiers, IP addresses, physical addresses, location data, phone numbers, employer information, job function information and the like.
Kibo’s Real-Time Individualization (“RTI”) solution processes data gathered by our Data Controller clients during the visits to the Data Controllers’ websites to provide individualized web experiences tailored to each website visitor. To provide this service, Kibo processes NPD including non-specific location information, user actions, click activity, search activity, purchase history, dwell time, and the like. In some circumstances, Kibo may process Non-Personal Data to associate it with Personal Data provided by
Kibo’s Data Controller clients to facilitate further personalized online experiences. Kibo’s RTI solution may process anonymized user and machine attributes to associate multiple visits to client website properties.
As part of Kibo’s services we may contract with third-party providers to perform certain functions on behalf of our clients to enhance our existing product and service offerings. Examples include providing product and service support. These third parties may have access to Personal Data and NPD to the extent necessary to permit them to do their jobs, however, they are bound by confidentiality agreements or similar contractual restrictions before any information is provided to them, and they are restricted from using the information for other purposes.
KIBO’S RETENTION OF PERSONAL DATA PROCESSED ON ITS PLATFORM
Kibo retains the Personal Data it processed on its systems for no more than seven (7) years. Personal Data is processed on servers based in the United States.
DATA ACCESS REQUESTS AND RIGHTS TO CORRECTION & ERASURE
The General Data Protection Regulations (GDPR) provides you with a right to receive a copy of the data/information a Data Controller holds about you or to authorize someone to act on your behalf. To request this information, please contact the Kibo Data Controller client responsible for the storage of your data. Alternatively, you may complete the form located at https://kibocommerce.com/datarequest which Kibo will forward to the Data Controller for processing.
The GDPR also provides you with a right to erasure and/or rectification (correction) of Personal Data in certain circumstances. To request erasure or correction of Personal Data processed by Kibo, please contact the Kibo Data Controller client responsible for the storage of your data. Alternatively, you may complete the form located at https://kibocommerce.com/datarequest, which Kibo will forward to the Data Controller for processing.
To prevent unauthorized access or disclosure, to maintain data accuracy, and to allow only the appropriate use of your Personal Information, we utilize industry standard physical, technical, and administrative controls and procedures to safeguard the information we collect. To help ensure the integrity and privacy of the PII that you provide to us, we encrypt that information using secure socket layer technology (SSL). We follow generally accepted industry standards to protect the PII submitted to us, both during transmission and once we receive it. However, you should recognize there is always some risk involved in transmission of information over the internet or in a method of electronic storage.
DISCLOSURES AND LIMITATIONS
Other than as stated in this Privacy Statement, we will endeavor not to release your Personal Information to unknown or unaffiliated third parties. We do not share, sell, rent or trade your Personal Information to third parties for promotional purposes. However, we may disclose your Personal Information if we are required to do so by law or we in good faith believe that such action is necessary to (1) comply with the law or with legal process including court orders or subpoenas; (2) protect and defend our rights and property; (3) protect against misuse or unauthorized use of our websites or the Kibo eCommerce Services; or (4) protect the personal safety or property of our users or the public (among other things, this means that if you provide false information or attempt to pose as someone else, information about you may be disclosed as part of any investigation into your actions). Please note that we may be required to release an individual’s personal information in response to lawful requests by public authorities including to meet national security and/or law enforcement requirements.
To protect your privacy and security, in relation to any request for data, including requests pursuant to the GDPR or state law(s) we take reasonable steps to verify your identity, before granting access to your Personal Information. In addition, we may limit or deny access to Personal Information where providing such access would be unreasonably burdensome or expensive in the circumstances. Due to the distributed nature of our business and systems, we cannot guarantee that your change request will update your information immediately in all Kibo systems. Please also be aware that it may not reasonably possible to remove each and every record of information you have provided to us. The need to back-up systems to protect information from inadvertent loss means that copies of information may exist in a forms that are difficult for us to locate or access.
1. ENFORCEMENT AND DISPUTE RESOLUTION
Kibo regularly reviews its compliance with this Privacy Statement. Please feel free to direct any questions or concerns regarding this Privacy Statement or Kibo’s treatment of Personal Information by contacting us at email@example.com. If you believe we have used your PII in violation of this Privacy Statement, you may contact us using the Contact Information below. If after 30 days you still believe your complaint has not been satisfactorily resolved, you may require that the matter be settled by a binding independent recourse mechanism (“IRM”).
6. As an IRM for Visitors, clients, partners, and employees outside the EU and Switzerland, we recommend the American Arbitration Association® (“AAA”). In these cases, written notice of arbitration should be delivered to Kibo at the address below. Each party will bear its own costs of arbitration. The AAA provides dispute resolution services using a neutral arbitrator which will provide case resolution under the applicable AAA rules. The arbitrator will have no authority to award punitive damages.
For more information on the AAA and the dispute resolution services, please see http://www.adr.org/drs.
7. As an IRM for Visitors, clients, and partners inside the EU, Kibo has committed to refer unresolved privacy complaints under the U.S.-EU Privacy Shield Privacy Principles to, the BBB EU Privacy Shield, a non-profit alternative dispute resolution provider located in the Unites States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. Finally, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
8. As an IRM, Visitors, clients, partners, and employees from Switzerland should contact the Swiss Data Protection Authority for IRM dispute resolution. For Swiss Federal Data Protection Information Commissioner contact information, visit http://www.edoeb.admin.ch/org/00926/index.html?lang=en
9. As an IRM to Employee data inside the EU, Kibo has committed to cooperating with EU Data Protection Authorities (“DPAs”) with regards to human resource data transferred from the EU in the context of the employment relationship. For information regarding how to contact your states DPA, visit http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm
2. ACCEPTANCE AND DISCLAIMER
By using the Site or the Kibo eCommerce Services, you signify your acceptance of this Privacy Statement. If you do not agree to this Privacy Statement, you should not use the Site or the Kibo eCommerce Services. Kibo reserves the right to modify or amend this Privacy Statement at any time. Your continued use of the Site or the Kibo Platform Services following the posting of changes will mean that you accept those changes. In the event of a sale, merger or other transfer of all or substantially all of the assets of Kibo, we reserve the right to transfer information to any such third party who acquires all or substantially all of the assets of Kibo by sale, merger, or transfer, or any of its divisions or business units.
3. CONTACT INFORMATION
At any time you may contact Kibo with questions or concerns about this Privacy Statement at firstname.lastname@example.org. Written responses may also be submitted to:
Kibo Software, Inc.
Attention: Privacy Officer
717 N. Harwood Street
Dallas, TX 75201