We at Kaleyra are committed to protecting the information that you share with us and explaining how we collect, process, and share that information online. When you use our services, you’re trusting us with your information. We understand this is a big responsibility and work hard to protect your information and entrust to keep it secure.
We provide you with insight into the privacy practices employed here at Kaleyra.
- What information we collect,
- How we collect,
- Why we collect it,
- How we keep it secure, and
- How you can update, manage, export, and delete your information.
This Policy provides an overview of how at Kaleyra information of “data subjects” (hereinafter referred to as “You or your”) personal data are collected, how they’re handled, and how your privacy is protected. In this policy, “we”, “us” and “our” may refer to Kaleyra Inc. or its subsidiaries and affiliates.
End Users of Kaleyra’s Products and Services
Kaleyra is a market leader in providing innovative Global Communication Services. In this capacity, Kaleyra may obtain and process on behalf of its prospects, customers (collectively hereinafter referred to as “Users“) certain personal information about its Users’ employees, representatives, consultants, contractors, agents, or other end users who are authorized to use its services (“End User Data“). If you are an employee or other end user of a User, please contact your employer with any questions about how your End-User
Data is collected and processed, or to seek clarification or exercise any rights you may be offered under data protection laws in your jurisdiction.
Kaleyra, with regard to personal data, might act both as a data controller as well as a data processor or agent that processes End User Data on behalf of its User, which is the controller or owner of such data under applicable data protection laws.
As such, in the latter, Kaleyra assists its Users to address data protection inquiries from end users to the extent applicable to its services but typically does not respond directly to such inquiries from end-users.
Kaleyra is also a data controller in certain cases where there is an express agreement between Kaleyra and the client or maybe a controller in certain circumstances where there is a written consent from the client based on business necessities and exigencies. Further, Kaleyra is also a data controller to the extent of its customers’ data which it obtains and processes directly, through lead-generation platforms where the customer would have given their express consent, social media platforms where the customer could have contacted or email referrals from existing clients, tradeshows where the customer would have visited and shared their contact information with Kaleyra.
Kaleyra has appointed a Data Protection Officer (DPO) whose appointment is mandated as a compliance of Regulation (EU) 2016/679, which obliges some organizations in EU countries to appoint a DPO, applicable as of 25 May 2018. DPO shall be the authorized controller of your data provided to us, whose primary role is to ensure that the organization legitimately processes the personal data of its staff, customers, providers, or any other individuals (also referred to as data subjects).
We build a range of services that you would find it on our website, and in order to achieve this we collect personal data from you in a number of ways including:
- Web Forms
- Off-site services
- Contractual Commitments
In the process of rendering our services, we collect the PII, which is the information that can be used to identify you such as, but not limited to:
- Birthdate, place of birth;
- Home and personal cell telephone numbers;
- Personal email address, mailing, and home address;
- Financial information to the extent required;
- Office location;
- Business telephone number;
- Business e-mail address;
- Other information that is releasable to the public.
We may process data about the use of our website and services (“usage data”). The usage data may include your IP address, geographical location, browser type, and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency, and pattern of your service use. The source of the usage data is our analytics tracking system and other tools used for web tracking/lead generation purposes. This usage data may be processed for the purposes of analyzing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website, services, and improve the user’s experience as well as your expressed consent where necessary.
We may also process your data (“account data”), which may include your name and email address, contact details, your qualifications, employment, and past experiences, and other related information. The source of the account data is from third-party sites, job portals, leads / connects from social media platforms like LinkedIn, Twitter, Facebook, YouTube, Instagram, Pinterest, etc., where you have given your consent to store and transmit your individual data for prospective employers and companies. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases, and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business, by the performance of a contract between you and us as well as your consent where necessary.
We may also store your personal data (“profile data” ), such as your name, address, telephone number, email address, gender, date of birth, and employment details in our database, so as to contact you directly in the event of a contracting opportunity or sharing a new product portfolio or a service based on your requirements and the opportunities we intend to share with you. In the latter case the legal basis of processing, if any, is the express consent, provided by you, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
We process your “non-sensitive” personal information for the following reasons:
- Advertising and sales activities while we would be presenting information about our services and products;
- Creating and executing contracts and agreements with you or your employer to:
- Provide services to clients and other users of these services;
- Receive goods and services from vendors;
- Control our relationship with clients, vendors, and other parties who use our services or products;
- Administering our website as per the agreement and for internal processing, including fixes of defects, data analysis, testing, investigating, and collecting statistics and surveys;
- Improving our website to provide content in the most efficient & effective way.
- Provide you with specific products and services covered under the terms of a contract with one or more of our corporate customers, including processing transactions, authenticating authorized users, and marketing our products and services;
- Perform certain benefit administration or other transactions initiated by you;
- Respond to your questions, complaints, or reviews of our product or services;
- Send you communications about online transactions, product information, ads and promotions, electronic newsletters, or other notices you requested or offers tailored to you;
- Comply with applicable law, obey judicial orders, cooperate with law enforcement authorities, or prevent any suspected illegal activities;
- Help us run our business; or
- For any other everyday business purposes, such as product development and website administration.
What legal basis do we have for collecting and processing your information?
Our legal basis for each of the ways we collect information from you has been explained in the earlier sections. Please note where consent forms the basis, you can withdraw consent at any time by contacting our DPO by opting out of any email message using the “Unsubscribe” link.
- Necessary to provide information or otherwise carry out the performance of a contract with you as an individual;
- Our legitimate interests, including:
- Performance of the contract with our Users;
- Implementation and operation of a group-wide matrix structure and group-wide information sharing;
- Customer relationship management and other forms of marketing and analytics;
- Fraud prevention, misuse of company IT systems, or money laundering;
- Whistleblower scheme operations;
- Physical, IT, and network perimeter security;
- Internal investigations; and
- Intended mergers and acquisitions;
- Compliance with legal obligations and/or defense against legal claims, including those in the area of labor law, social security, and data protection, tax, and corporate compliance laws.
- Protection of the vital interests of any individual;
- Performance of a task carried out in the public interest or in the exercise of official authority vested in Kaleyra; and
- Consent, as permitted by applicable law
We offer to our Users the ability to use location-based tracking on certain mobile technologies as part of Kaleyra’s Services. To provide location-based services on these Kaleyra products, we and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your device. Where available and enabled within the Kaleyra product configuration, location-based services may use GPS, Bluetooth, and your IP Address, along with crowd-sourced Wi-Fi hotspot and cell tower locations, and other technologies to determine your devices’ approximate location.
However, it is to be noted that we may not be able to withdraw the consent by virtue of contractual commitments where there was an express consent you gave for storing your information for a period mentioned in the contract, or by the law of Land under which we operate.
- We may disclose your profile data, usage data, account data, (collectively “your personal data”) to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy. Information about our group of companies can be found here.
- We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
- We may also disclose your personal data to our suppliers or subcontractors or our clients, financial institutions for processing the claims and payments, identified insofar as reasonably necessary for achieving the business objectives.
What if the personal information belongs to a third-party?
- If you provide Kaleyra with data of/from third parties (such as their names, email addresses, phone numbers, etc.), you guarantee that you have the right to do so and you have obtained the consent from them.
- This includes, but is not limited to, forwarding of referential for open vacancies and for lead generation.
- Third parties opt-out of future messages by clicking the corresponding link in the original message or by getting in touch with us at email@example.com.
- In certain cases, Kaleyra and partner third-parties can automatically collect data using browser cookies, weblogs, web beacons, and other similar applications and attachments consistently with the related policies.
- This information is used for analysis, improving the convenience and efficiency of our website, and to help us provide you with relevant and interesting material.
We process and access to the data we collect from you. However, we use third parties to assist us with processing your personal data including the following categories of recipients:
- Financial transaction processors (processing your payments)
- Customer service communication platform
- Email communication manager
- Website management services
- Website design and programming services
- Users / Sub-Contractors / Contractors to the extent necessary for our business objectives.
Preparation of Analytics and Dashboards
These third parties have a contract with us, wherein, they are prohibited from utilizing, sharing or retaining your personal data for any purpose other than we dictate.
What are your rights over your PII
You have the right to control your personal data. Specifically, you have the following rights:
- Right to be informed:
We are informing you now with this policy.
- Right of access:
We’ll provide you with the data we have about you.
- Right to rectification:
Request we fix incorrect data about you.
- Right to erasure:
- Right to restrict processing:
Ask us to restrict certain types of processing of your personal information.
- Right to data portability:
Ask us to provide your personal data we have for export where applicable.
- Right to object:
Object to how we use your data.
- Rights of automated decision making and profiling:
While we do your profiling, we also give you the right to opt-out/ not accept.
- To exercise any of these rights, please contact firstname.lastname@example.org with your request.
Although this is mentioned above, we want to emphasize that wherever we’ve asked for your consent to collect or process your personal data, you have the right to withdraw that consent. If you receive email messages from us, you can use the “unsubscribe” link in each message to withdraw consent and stop the mailings.
You can raise your request with any questions you have about these policies or your personal data.
Data Protection Officer
DPO Office, Via Marco D’Aviano, 2 – 20131 Milan, Italy – email@example.com
On-duty privacy representative:
Legal and Compliance Department, Via Marco D’Aviano, 2 – 20131 Milan, Italy – firstname.lastname@example.org
What information do we collect?
We collect information from you when we/you contact each other, you place an order, subscribe to our newsletter or fill out a form.
When ordering or registering on our site, as appropriate, you may be asked to enter your: name or e-mail address and banking information for payment purposes. You may, however, visit our site anonymously.
What do we use your information for?
Any of the information we collect from you may be used in one of the following ways:
- To personalize your experience:
To better respond to your individual needs
- To improve our website:
To improve our website offerings based on the information and feedback we receive from you
- To improve customer service:
To more effectively respond to your customer service requests and support needs
- To process transactions:
Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of the deliverable.
- To administer a contest, promotion, survey, or other site feature:
Thereby promoting the control over data
- To send periodic emails:
To send you information and updates pertaining to your order, in addition to receiving occasional company news, updates, related product or service information, etc.
However, if at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.
How do we protect your information?
We implement a variety of security measures such as maintaining a discrete database, providing access only in case of necessity, access on a need to know basis and such other globally acceptable security measures, to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information. For further help and details, please contact our ISO 27001 manager for Kaleyra IT ongoing measures/policies at email@example.com .
Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses. The other details are discussed in Section 1.
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Children’s Online Privacy Protection Act Compliance
As required by the law we are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products, and services are all directed to people who are at least 13 years old or older.
Usage of Outbound links
Kaleyra websites might include links that lead to other websites, websites that are controlled by parties we are not related or connected to. After clicking an outbound link we lose any control of collection, storage, or processing of your personal data that is transferred
The behavior of third-parties is also beyond the scope of our control, therefore is not responsible for the collection, storage, and processing of the information you share with third-parties.
How long we process your personal data
We process personal data as long as it takes to achieve the goal (goals) for which this data was originally collected. After this, your data will be deleted or transferred to an archive, except for cases when it is necessary to continue the processing of your data to abide by the legal and contractual obligations that we have or other rightful and legal purposes.
Use of social plugins as part of social media
|What Social Media do we use?||Particulars||Plugins are identified by||How does it work?|
|Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025 (“Facebook”)||Facebook logo with a “Facebook”, “Like”, or “Share” prefix.||
· When you visit our website these plugins are turned off by default. Plugins remain turned off until you click on the corresponding button.
· When these plugins are turned on, you are connected to the concerned website and give it your permission to transfer data to it.
· When you click one of these buttons, this information is transferred by your browser to it and remains stored there.
· If you would like to opt-out of the concerned website’s collection of your data when visiting our website, before visiting our website, you must log out of your profile from that social media
901 Cherry Ave.
San Bruno, CA 94066 USA
Fax: +1 650-253-0001
|YouTube logo||LinkedIn logo|
|Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 («Twitter»)||Twitter logo with a “Tweet”, or “Share” prefix.|
How to retract your agreement of the processing of your data?
You can retract your agreement on the processing of your personal information:
- By sending us an email to firstname.lastname@example.org
- By mailing us at the address: Kaleyra Inc., Via Marco D’Aviano, 2 – 20131 Milan, Italy.
Locations and international transfers
We share your personal information and service data within the Kaleyra Group. By accessing or using our services or otherwise providing personal information or service data to us, you consent to the processing, transfer, and storage of your personal information or Service Data within the domains within the United States of America, the European Economic Area (EEA) and other countries where Kaleyra operates. Such transfer is subject to a group company agreement that is based on EU Commission’s Model Contractual Clauses.
We do not intend to sell our business. However, in the unlikely event that we sell our business or get acquired or merged, we will ensure that the acquiring entity is legally bound to honor our commitments to you. We will notify you via email or through a prominent notice on our website of any change in ownership or in the uses of your personal information and service data. We will also notify you about any choices you may have regarding your personal information and service data.
- We may update this policy from time to time by publishing a new version on our website.
- You should check this page occasionally to ensure you are happy with any changes to this policy
- In case of relevant changes due to legal, regulatory or business issues affecting this policy and the consent you provided us with for personal data processing, you’ll be notified and will be requested to confirm whether or not you wish to confirm your consent
- Also, any further recommendations/suggestions/concerns can be made known to us here.
Last updated: July 10, 2020