Effective Date: [June 1st], 2019
Privacy is important to Kastle and we take seriously our responsibility to secure and protect Personal Data whether it is used in providing access to our customer’s facilities or detecting threats to those assets. Whether you are a customer, business partner or simply a visitor interested in the services Kastle provides, we have developed a privacy policy (“Privacy Policy”) that covers how we process the Personal Data we collect when you:
- use the Kastle website at security.kastle.com, or any other website that Kastle operates that links to this Privacy Policy (the “Sites”);
- purchase, download, install, register with, access, or use Kastle products and solutions, such as myKastle and myKastle Multifamily platforms; KastlePresence, KastleResident, KastleVisitorPass, KastleAlert applications; KastleVideo and KastleVisitor solutions; and KastleConnect application program interfaces, such as EventConnect, VisitorConnect and IdentityConnect (the “Products and Solutions”);
- attend Kastle events, sales pitches, and other meetings; and
- interact with Kastle in other scenarios where we present or link to this Privacy Policy.
This Privacy Policy does not apply to the extent we process Personal Data in the context of providing services to our business customers. This includes where we offer solutions to our customers that help the customers: (i) provide access control, visitor management, and security surveillance of their buildings; (ii) offer a mobile platform or mobile keys; or (iv) otherwise secure and protect their environment, property, or personnel.We use such Personal Data only on behalf of our customers and in accordance with our customer contracts. For detailed privacy information related to where a Kastle customer is the controller of your data – where Kastle is providing a service on behalf of a customer – please reach out to the respective customer directly. We are not responsible for the privacy or data security practices of our customers, which may differ from those set forth in this Privacy Policy.
Who We Are
In this Privacy Policy, “Kastle” “we” or “us” refers to Kastle Systems International, LLC and our U.S. subsidiaries: Kastle Systems of Los Angeles PSP, Kastle Systems of Texas LLC, Kastle Systems of New York LLC, Kastle Systems of Chicago LLC, CheckVideo LLC, and Kastle Systems of Los Angeles LLC. Kastle is the controller of your Personal Data as described in this Privacy Policy, unless expressly specified otherwise.
Personal Data We Process
“Personal Data” refers to any information that relates to you directly or indirectly. We process the following categories of Personal Data:
- Contact information, such as your full name, job title, email, business phone, mobile phone, fax, address, city, state, zip code, and business contact information;
- Technical information, such as data collected about your interaction with our Sites or any Products and Solutions;
- Financial information, such as payment card and related information (sometimes through third parties who collect and process your financial information on our behalf);
- Identification or background information, provided by you or collected by third parties such as your occupation, zip code, area code, and time zone; and
- Location Information, such as real-time information about the location of your device through GPS, WiFi, IP address, Bluetooth services or wireless network triangulation;
- Security system information, including audio and video feeds and access logs from Kastle security systems;
- Any other information that you provide that can be used to identify you.
We collect your Personal Data from:
- Direct interactions, such as when you create a user account, provide your contact information, register for an event, participate in surveys or questionnaires, or in any way engage with our personnel;
- Cookies and automated technologies, such as when you interact with our website, click on links on our emails, or access or use any Kastle Products and Solutions;
- Third parties, when the circumstances arise, such as when we sponsor a conference and receive the conference attendee list from the conference organizer; and
- Through social media, such as if you link to social media platforms or use social media plug-ins, we may (depending on your user privacy settings on that social media platform) automatically receive information about you from that social media platform.
In addition to Personal Data, we may collect information that does not relate to an identified or identifiable person. For example, we may collect the browser types, device types, and operating system information of our users. If any of this information can be used to identify you because, for example, we link it to your Personal Data, we will treat such information as Personal Data.
How We Use Your Personal Data
The way we use your Personal Data depends on the reason for which we collected it. Generally, we may use your Personal Data for the following purposes:
- Providing you our Sites, Products and Services.We process your Personal Data to perform our contract with you for the use of our websites and services and to fulfill our obligations under applicable terms of use/service. Where we have not entered into a contract with you, we base the processing of your Personal Data on our legitimate interest to operate and administer our Sites, Products and Services, and to provide you with the content you access and request (e.g., to download content from our websites).
- Promoting the security of our Sites, Products and Services:We process your Personal Data by tracking use of our websites and services, creating aggregated, non-personal data, verifying accounts and activity, investigating suspicious activity and enforcing our terms and policies, to the extent this is necessary for our legitimate interest in promoting the safety and security of the services, systems and applications and in protecting our rights and the rights of others;
- Managing user registrations.If you have registered for an account with us, we process your Personal Data by managing your user account for the purpose of performing our contract with you according to applicable terms of service.
- Handling contact and user support requests.If you fill out a “Contact Me” web form or request user support, or if you contact us by other means including via a phone call, we process your Personal Data to perform our contract with you and to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you;
- Managing event registrations and attendance. We process your Personal Data to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, to perform of our contract with you;
- Managing questionnaires and surveys.If you participate in a questionnaire or survey, we process your Personal Data to perform our contract with you. Some contests or promotions have additional rules containing information about how we will process your Personal Data;
- Managing payments.If you have provided financial information to us, we process your Personal Data to verify that information and to collect payments to the extent that doing so is necessary to complete the transaction and perform our contract with you. We use a third party payment processor to process your payments. Kastle does not directly collect, store, or otherwise maintain your credit card or other financial information;
- Developing and improving our websites and services:We process your Personal Data to analyze trends and to track your usage of and interactions with our Sites, Products and Services to the extent it is necessary for our legitimate interest in developing and improving our Sites, Products and Services and providing our users with more relevant content and service offerings, or where we seek your consent;
- Assessing and improving user experience.We process may process your Personal Data in order to assess and improve the overall user experience to the extent it is necessary for our legitimate interest in developing and improving the service offering, or where we seek your consent;
- Sending marketing communications.We will process your Personal Data to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, telemarketing calls, SMS, or push notifications) about us. This may include information about our products, promotions or events as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided your prior consent; and
- Complying with legal obligations.We process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our websites, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes or to respond to lawful requests.
Where we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide the required Personal Data when requested, we may not be able to perform our contract with you.
How We Share Your Personal Data
We will share your Personal Data within Kastle, at your direction, as disclosed to you at the time of collection, or in the following circumstances:
- Service Providers. We may provide your Personal Data to our service providers that help us run and manage our organization and process Personal Data solely on our behalf. The categories of service providers include: technology service providers, analytics service providers and marketing service providers.
- Corporate Transaction.In the event Kastle is involved in a merger, reorganization, acquisition or sale of all or a portion of its assets, or other corporate transaction, we may disclose your Personal Data as part of that transaction.
- As Required By Law.We may disclose your Personal Data if we determine that the disclosure is necessary: (i) to comply with any law applicable to us, a request from law enforcement, a regulatory agency, or other legal process; (ii) to protect the legitimate rights, privacy, property, interests or safety of Kastle, our business partners, personnel, or the general public; (iv) to pursue available remedies or limit damages; (v) to enforce our policies and procedures; or (vi) to respond to an emergency.
We may also share anonymous data with Kastle’s service providers for the purpose of helping Kastle in such analysis and improvements. Additionally, Kastle may share such anonymous usage data on an aggregate basis in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our Sites, Products and Services.
Note to International Users
Kastle is committed to complying with this Privacy Policy and the data protection laws, including those outside of the United States, that apply to our collection and use of your Personal Data. Kastle is located in the United States, and we recognize that the laws in the United States may be different and, in some cases, less protective as the laws other countries, including the European Economic Area (“EEA”). By providing us with your Personal Data and using our Sites, Products and Services, you acknowledge that your Personal Data will be transferred to and processed in the United States.
Kastle’s Privacy Shield Participation
Kastle adheres to the principles of the EU-U.S. Privacy Shield Framework for transfers of data from the EU to the U.S. To review Kastle’s Privacy Shield Privacy Policy, please connect to the link here.
Our Cookie Policy
We use Cookies, Web Beacons (also known as pixel tags and clear GIFs) and other similar technology (together, “Data Collection Technology” on our Site. A “Cookie” is a small text file that is sent to or accessed from your web browser or your computer’s hard drive. A Cookie typically contains the name of the domain (internet location) from which the Cookie originated, the “lifetime” of the Cookie (when it expires), and a randomly generated unique number or other similar identifier. A Cookie may also contain information about your computer, such as user settings, browsing history and activities conducted while using our online services.A “Web Beacon” (also called a “pixel tag” or “clear GIF”) is a piece of computer code that enables us to monitor user activity and website traffic. To learn more about cookies and web beacons, visit www.allaboutcookies.org.
Data Collection Technology helps us improve your experience on our online services. For example, we use Google Analytics, a web-based analytics tool that tracks and reports on the manner in which the website is used to help us to improve it. Google Analytics does this by placing Cookies on your device. The information that the Cookies collect, such as the number of visitors to the website, the pages visited and the length of time spent on the website, is aggregated. For more information about Google’s ability to use and share information collected by Google Analytics about your visits to the Site, please see the Google Analytics Terms of Service and the Google Privacy Policy. We also may use Data Collection Technology to collect information from the computer or device that you use to access our online services, such as your operating system type, browser type, domain and other system settings, as well as the language your system uses and the country and time zone in which your computer or device is located.
Your Control of Cookies: Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject Cookies or alert you when a Cookie is placed on your device. You may also be able to reject mobile device identifiers by activating the appropriate setting on your mobile device. Although you are not required to accept Cookies or mobile device identifiers, if you block or reject them, you may not have access to all features available through our online services.
Our Policy on Do Not Track Signals:Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. We are committed to providing you with meaningful choices about the information collected on our website for third party purposes; however, we do not currently recognize or respond to browser-initiated DNT signals.
Third Party Website and Services
When interacting with us, you may come across links or references to third party websites and services that we do not operate or control. If you provide your Personal Data to that third party through its websites or services, you will be subject to that third party’s privacy practices and policies. This Privacy Policy does not apply to any Personal Data that you provide to a third party website or service. We recommend that you read the privacy policy that applies to that third party website or service. A link or reference to a third party website or service does not mean that we endorse that third party or the quality or accuracy of the information presented on its website or service.
Security
Kastle takes the security of your Personal Data very seriously. We use commercially reasonable physical, administrative and technological safeguards to protect the information we collect. When your Personal Data is stored by Kastle, we use computer systems with limited access housed in facilities using physical security measures. Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted through the Sites, Products or Services. Any transmission of Personal Data is at your own risk.
Retention of Personal Data
We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data, whether we can achieve those purposes through other means, and all applicable legal requirements.
Children’s Privacy
Our Sites, Products and Services are not directed to or intended for use by minors. Consistent with applicable laws, if we learn that we have received Personal Data directly from a child without his or her parent or legal guardian’s verified consent, we will use that Personal Data only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use our services. Subsequently, we will delete such Personal Data.
Your Rights and Choices
You have certain rights with regard to the Personal Data we maintain about you, and certain choices about how we use it. Please note that if you decide to exercise some of your rights or choices, we may be unable to provide you certain services, or you may not be able to use or take full advantage of the services we offer.
Access and Correction: You may request to access or correct the Personal Data we maintain about you, and we will respond to your inquiry within a reasonable timeframe. If you wish to exercise these rights (including those described below for individuals in the EEA, as applicable), please contact us using the information in the “Contact Us” section at the end of this Privacy Policy. We may charge you a reasonable fee if you request additional copies of your Personal Data or make other requests that are manifestly unfounded or excessive. Further, we may not be able to honor your requests in certain circumstances. If we are unable to honor your request, or before we charge a fee, we will let you know why.
Opting out of Marketing: If you do not wish to receive marketing-related emails from us, please click the unsubscribe link at the bottom of any marketing email, or email us using the information in the section “Contact Us.” Please note that even if we stop all marketing communications, you may still receive administrative, legal, and other important communications from us.
Turning off Location Services: You can change your preferences on your mobile device and/or browser to deny us access to your geolocation. If you disable geolocation tracking, certain features of the Sites, Products and Services may not be available to you.
Additional Rights for Individuals in the EEA: If you are located in the EEA and we maintain your Personal Data under this Privacy Policy, you have the following additional rights (under the EU General Data Protection Regulation) with regard to your Personal Data:
- Right to access and receive:You may request a copy of or access to the Personal Data we hold about you. You may also request that we transfer your Personal Data to a third party in a machine-readable format.
- Right to correct:You may ask us to update or correct inaccurate or incomplete Personal Data we hold about you.
- Right to limit or restrict: You may have the right to request that we stop using all or some of your Personal Data or to limit our use of it.
- Right to erase:You may have the right to request that we delete all or some of your Personal Data.
- Right to withdraw consent:You have the right to withdraw any consent you have previously given to Kastle at any time. Your withdrawal of consent does not affect the lawfulness of our collecting, using, and sharing of your Personal Data prior to the withdrawal of your consent. Even if you withdraw your consent, we have the right to use your Personal Data if it has been fully anonymized and cannot be used to personally identify you.
- Right to complain: You have the right to lodge a complaint with your Supervisory Authority if you are unhappy with how we process your Personal Data. You can find contact information for your Supervisory Authority on the European Commission Data Protection Authorities webpage or through other publicly available sources.
Special Notice to California Residents
California Civil Code Section 1798.83 permits individual California residents to request certain information regarding our disclosure of certain categories of Personal Data to third parties for those third parties’ direct marketing purposes. To make such a request, please contact us using the information in the “Contact Us” section below. This request may be made no more than once per calendar year, and we reserve our right not to respond to requests submitted other than to the email or mailing addresses specified below. Note that we do not currently share Personal Data with third parties for those third parties’ direct marketing purposes.
Changes to this Privacy Policy
We state the Effective Date of this Privacy Policy at the top of this page. If we materially change the way we use or disclose your Personal Data we will notify you in advance by email and/or by placing a prominent notice on this website. The amended Privacy Policy supersedes all previous versions.
Contact Us
We welcome your questions and comments about this Privacy Policy or how we process your Personal Data. Please contact us using the information below and we will respond to you as soon as reasonably possible.
Kastle Systems International, LLC
6402 Arlington Boulevard
Falls Church, VA 22042
Phone: +1 703.528.8800
Email: [email protected].