Privacy policy — summary

Privacy policy summary for customers

We care about your personal data and aim to keep it as safe as possible. This summary does not replace our terms, but is to help you understand our service. For the full terms, please click here.

What personal data?

In order to provide you with our service, we have to ask for some of your personal data, but we try to keep this to a minimum. Usually, we will only require your name, email address, and, Klevio account password.

For processing payment of your order, we will need your card details, billing address and name of the card holder.

Why do you need my personal data?

We need your personal data in order to register you as a user, authenticate who you are, authorize your access to our website or app, and help you with any issue you may have regarding our service.

Who do you share my personal data with?

In order to provide you with our service, we may share some of your personal data with the following companies/services that might store some of your data outside EEA:

• Stripe (a payment service provider)¹
• MailChimp (newsletter management)
• Intercom (online chat and CRM)
• Airship (in-app notifications)
• Sentry (error reporting)
• Hubspot (CRM, sales tools and marketing service provider)
• Atlassian (a user reported issues tracking software provider)
• Google (analytics, notifications)
• Cloudflare (web hosting)
• Amazon Web Services (Cloud computing services provider)
• Facebook (data analytics, social media, advertising, which may also be shown on other websites)
• LinkedIn (data analytics, social media, advertising, which may also be shown on other websites)
• Hotjar (a website analytics provider)

1) On-line purchase only

For how long do you keep my personal data?

We usually keep your personal data only for as long as we are providing you with our service.

We may need to retain some of your personal data even after the end of your agreement with us, if reasonably necessary to comply with our legal obligations, resolve disputes, maintain security or prevent fraud and abuse.

In particular, in order to be able to defend ourselves against future claims, we may retain some of your personal data for up to six years from the performance of our service to you or last contact.

Data storage

We store personal data on servers provided by Amazon Web Services in the UK and inside EEA with backups held on our own servers inside EEA.

Non-EEA transfer

Your personal data is not transferred, stored or processed outside the UK and EEA, unless you have explicitly consented for us to do so.

7 July 2021

1. Background

   Klevio LTD ("KLEVIO", "we", "us") provides a remote locking digital service for use in combination with hardware products. We are a company registered in England and Wales. Our company regi stration number is 09971722 and our registered office is at 415 The Archives Unit 10 High Cross Centre, Fountayne Rd, London, United Kingdom, N15 4BE.

   We care about privacy and data protection and we are committed to protecting your personal information. We also aim at transparency, we want you to know what data we collect about you and how it is used and shared. Please be aware that, whilst we make our best efforts to keep your personal information safe, no website can be completely secure.

   The following privacy policy ("Privacy Policy") relates to our use of any personal information regarding you that we collect and process via our website ("Site") or any other personal information you provide us in person, via email, telephone, text message, or other means.

   In this Privacy Policy, the terms processing, personal data, data controller, data processor, data subject shall have the same meaning as set out in the Data Protection Act 1998 ("DPA") as amended, extended or re-enacted from time to time and including all subordinate legislation made from time to time under the DPA or as defined by the Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the "GDPR") once applicable and/or any corresponding or equivalent national laws or regulations once in force and applicable ("Applicable Data Protection Laws").

   To learn more about your rights to privacy and data protection, we recommend you visit the Information Commissioner’ Office ("ICO") website at https://ico.org.uk/.

2. Key terms

   To help you understand the content of our Privacy Policy we have summarised some key terms:

   Data Controller means the individual or organisation that, alone or jointly with others, exercises overall control over how Personal Data is processed and the purposes of such treatment.

   Data Processor means any person (other than an employee of the Data Controller) who processes the data on behalf of and under the instruction of the Data Controller.

   Communication Methods means email, telephone, notices posted on our Site, or any other communication methods.

   Personal Data means data which relates to a living individual who can be identified from such data, or from data and other information which is in the possession of, or is likely to come into the possession of, the Data Controller.

   Processing means obtaining, recording or holding data or carrying out any operation in relation to Personal Data.

   Third-Party Websites means websites owned and operated by third parties.

3. Data controller

   For the purpose of the processing of your Personal Data in connection with your use of our Site or of our services, Klevio is a Data Controller.

   We are based and operate within the United Kingdom.

   If you have any query regarding our use of your personal data, please contact us at [email protected].

4. Privacy policy in relation to website users

   The terms in this paragraph 4 apply only to users of the Site who are not otherwise using our services.

   1. Legal basis for processing

      We process your Personal Data on the basis that you have consented to and we have a legitimate interest in such processing. Our legitimate interest includes our commercial interest in offering our services to the public.

   2. Information we collect about you

      We log your visits and your usage data when you visit our Site. In particular, we use internet protocol ("IP") addresses, cookies and similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to identify you or your device. Please read our Cookies Policy to learn more about how we use cookies and similar tracking technologies and how to opt out.

      We receive data from your devices and networks, including location data. When you visit or leave our Site, we receive the URL of both the site you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our Site from a mobile device, that device will send us data about your location. Most devices allow you to prevent location data from being sent to us and we respect your settings.

   3. How we use your personal data

      We use your Personal Data to give you access to our Site and in particular to:

      1. provide you with information about our services;
      2. contact you through any Communication Method about our services, provided that you have previously consented to us contacting you;
      3. produce aggregate insights that do not identify you; and
      4. investigate, respond to and resolve complaints and service issues.

   4. Recipients of your data

      In order to provide you with our service, we may share some of your personal data with, or store some of the information at:

      • Stripe (a payment service provider)¹
      • MailChimp (newsletter management)
      • Intercom (an online chat and Customer Relationship Management service provider)
      • Cloudflare (web hosting)
      • Hubspot (CRM, sales tools and marketing service provider)
      • Google (analytics, notifications)
      • Facebook (data analytics, social media, advertising, which may also be shown on other websites)
      • LinkedIn (data analytics, social media, advertising, which may also be shown on other websites)
      • Hotjar (a website analytics provider)

      We will only share your personal data with the companies described at number 3 and 4 provided that you have previously consented to such use of your personal data. As further detailed below at 6.6, you can always change your mind and withdraw your consent to the processing of your personal data.

      Additional disclosures

      To provide and develop our Site, we may share your Personal Data with:

      our subsidiaries, as defined by section 1162 of the Company Act 2006 as amended, extended or re-enacted from time to time, provided that our subsidiaries will be subject to the same terms of this Privacy Policy; and

      third parties for maintenance, analysis, audit, payments, marketing and development. Third parties will only have access to and use your Personal Data as reasonably necessary to perform these tasks on our behalf and they will be bound to non-disclosure obligations and to the terms of this Privacy Policy.

      We may have to disclose your Personal Data if it is reasonably necessary to: (i) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (ii) investigate and defend ourselves against any third-party claims or allegations; and (iii) protect the security or integrity of our services.

      We will attempt to notify you about legal demands for your Personal Data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.

      We may share your Personal Data as part of a sale, merger or change in control, or in preparation for any of these events.

      Any other entity which buys Klevio or part of our business will have the right to continue to use your data, but only in the manner set out in this Privacy Policy.

   5. Data retention

      We will normally keep your Personal Data for as long as it is necessary to provide you with access to our Site or services.

   6. Cross-border data

      We do not transfer, store or process your Personal Data at destinations outside the UK and the European Economic Area ("EEA").

5. Privacy policy in relation to users of our services

   The terms in this paragraph 5 apply only to users of our services.

   1. Legal basis for processing

      Legitimate interest

      We process Personal Data of users of our services (“Clients”) on the basis that we have a legitimate interest in such processing that includes our commercial interest in providing you with our services.

      Consent and performance of a contract

      Furthermore, we may process Personal Data of Clients on the basis that: (i) they have consented to such processing; and/or (ii) it is necessary for the entry into, or performance of, a contract or in order to take steps at their request prior to the entry into a contract.

   2. Information we hold

      Upon registration

      When you choose to use our services, we collect the following Personal Data: your name, your contact details, your email address, and your current address.

      Payment

      In order to process the payment of an invoice for our services, we may collect: the name of the card owner, the card details and the billing address.

      Additional information

      Depending on your requirements and circumstances, we may need to collect Personal Data (such as name, address, date of birth) of your “Authorised Users” to allow them to use our services.

      Website use

      We log your visits, use of our services and your usage data when you visit or otherwise use our services. We use log-ins, IP addresses, cookies and similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to log your use identify you or your device. Please read our Cookies Policy to learn more about how we use cookies and similar tracking technologies and how to opt out.

      When you visit or leave our Site, we receive the URL of both the site you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our Site from a mobile device, that device may send us data about your location. Most devices allow you to prevent location data from being sent to us and we respect your settings.

   3. How we user your personal data

      We use Personal Data of Clients to provide them with our services and in particular:

      1. for administrative purposes;
      2. to correspond with Clients about their matter(s) through any Communication Methods;
      3. to contact Clients via any Communication Methods about the availability of our services, security, other service-related issues, reminders, and suggestions;
      4. to produce aggregate insights that do not identify any individual Client; and
      5. to investigate, respond to and resolve complaints and service issues.

      Please be aware that as long as you are using our services you cannot opt out of receiving essential service messages from us, including security and legal notices.

   4. Recipients of your data

      In order to provide you with our service, we may share some of your personal data with, or store some information at:

      1. Intercom (online chat and CRM)
      2. Airship (in-app notifications)
      3. Sentry (error reporting)
      4. Hubspot (CRM, sales tools and marketing service provider)
      5. Atlassian (a user reported issues tracking software provider)
      6. Amazon Web Services (Cloud computing services provider)
      7. Google (analytics, notifications)
      8. Facebook (data analytics, social media, advertising, which may also be shown on other websites)
      9. LinkedIn (data analytics, social media, advertising, which may also be shown on other websites)
      10. Hotjar (a website analytics provider)

      Additional disclosures

      To provide our services, we may also share your Personal Data with:

      1. our subsidiaries, as defined by section 1162 of the Company Act 2006 as amended, extended or re-enacted from time to time, provided that our subsidiaries will be subject to the same terms of this Privacy Policy; and
      2. third parties (e.g. for maintenance, analysis, audit, payments, marketing and development). Third parties will only have access to and use your information as reasonably necessary to perform these tasks on our behalf and they will be bound to non-disclosure obligations and to the terms of this Privacy Policy.

      We may have to disclose your Personal Data if it is reasonably necessary to: (i) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (ii) enforce our agreements with you; (iii) investigate and defend ourselves against any third-party claims or allegations; (vi) protect the security or integrity of our services.

      We will attempt to notify you about legal demands for your Personal Data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not undertake or warrant to challenge every demand.

      We may also share your Personal Data as part of a sale, merger or change in control, or in preparation for any of these events. Any other entity which buys Klevio or part of our business will have the right to continue to use your data, but only in the manner set out in this Privacy Policy.

   5. Data retention

      Unless you have agreed for us to retain your Personal Data for a longer period, we will keep your Personal Data only for as long as it is necessary to provide you with our services.

      We may need to retain part of your Personal Data even after termination of this agreement with you, if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse or enforce our agreements with you.

   6. Cross-border data transfers

      We do not transfer, store or process your Personal Data at destinations outside the UK and the European Economic Area (EEA).

      Even if it is necessary to perform our obligations to you, we will always ask for your consent before transferring your Personal Data outside the EEA.

6. General

   1. Change to this privacy policy

      As we are committed to constantly improving our services, we may change the selection of data and the way we process it. We reserve the right to change or adapt this Privacy Policy from time to time. In case of any material change to our Privacy Policy, we will update the version available on our Site as soon as reasonably possible.

   2. Linking to other websites

      For your information and convenience only, the Site may contain hyperlinks to Third-Party Websites. Klevio has no control over and does not endorse any content or services displayed, contained or related to those Third-Party Websites. We make no warranties or representations, express or implied, about Third-Party Websites or any content, products, material or services contained, displayed or related to them. If you decide to access any Third-Party Websites and make use of the information contained on them or to enter into any contract for the supply of goods or services from such third party, you do so entirely at your own risk. We accept no liability for damage or loss, however caused in the connection with the use of or reliance on any information, material, products or services contained on or accessed through any such Third-Parties Websites.

   3. Third-party advertisers

      We do not share your Personal Data with any third-party advertisers without your consent.

      In line with our cookie policy, we may supply you with advertising about Klevio products and services (remarketing cookies) via Google, Facebook and other advertising platforms, which may include showing you Klevio advertising on other websites once you have left our Site.

   4. Marketing

      To change your marketing preferences, you may email us at [email protected].

   5. Security

      We implement a number of security safeguards designed to protect your data, such as HTTPS. We regularly monitor our systems for possible vulnerabilities and attacks. However, we cannot warrant the security of any information that you send us. There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

   6. Your rights

      Right of access

      We offer you access to the Personal Data we hold about you. Please be aware that the purpose of an access request is to give you the opportunity to confirm the accuracy of Personal Data we are holding about you, the lawfulness of our processing and to allow you to exercise your rights under Applicable Data Protection Laws if necessary.

      We reserve the right to reject manifestly unfounded (e.g. made for other, non-data protection purposes) or excessive requests.

      To have access to the Personal Data we store about you, please contact us at [email protected].

      Right to withdraw consent

      Please be aware that, if you have given us consent to process your Personal Data for the purposes detailed in this Privacy Policy, you can always change your mind and withdraw your consent by contacting us at [email protected].

      In order to process your requests, we may ask you to send us a copy of two forms of identification (such as passport, driving licence, birth certificate, bank statement, utility bills).

      Further rights

      You also have the right to lodge a complaint about our processing of your Personal Data and/or our handling of your complaints to ICO or the appropriate data protection authority if you reside outside the United Kingdom.

      To learn more about your rights please visit ICO’s website at https://ico.org.uk/.