1000 N West Street,
Suite 1200, Wilmington,
Kissflow is a product of Kissflow Inc.,
Information we collect:
For those users who provide requisite authorization during the account setup and login process, Kissflow collects information from enquiry forms, contacts forms, Google GSuite or Microsoft Office 365, and others, as applicable to provide better service to all users. This includes first name, last name, email address, phone numbers and email groups that users belong to. We store this personal information on Google Cloud Services. Our legal basis for the collection of user data is Art 6 (1) b) GDPR and Art. 6 (1) f) GDPR. Our legitimate interest is to optimize our product, increase user experience, enhance our customer support, and improve our internal process efficiency.
Information we collect as customers use our service.
Kissflow may collect specific information about how customers use our product. This include situations such as how a customer uses a specific feature and when a customer uses the product. The information is collected as data logs, images, or a logical sequence of images/videos to reply an issue encountered by a user. Our logging system automatically collects information such as the internet protocol address, browser type, browser language, referring URL, features accessed, errors generated, time zone, geo-location data, operating system information, and other such information that is transmitted in the header of the user’s HTTP request.
This information is stored in log files. Kissflow uses these log files to analyze trends, administer, and improve the application. Our legal basis for the collection of user data is Art 6 (1) b) GDPR and Art. 6 (1) f) GDPR. Our legitimate interest is to optimize our product, increase user experience, enhance our customer support, and improve our internal process efficiency.
Google user data
We use Google APIs for achieving the following:
- Google OAuth APIs are used to perform a Single Sign On through Google, while doing so we ensure that the email provided by the Google Auth server is a valid user of the Kissflow system.
- We use Google Drive APIs to retrieve file URLs and Ids of the files attached by the user into his/her Kissflow account. We also manage the permissions of these files through the drive APIs when the workflow on Kissflow attached to these files are on progress.
How we use the Information we collect
Kissflow uses the above information for the following general purposes: service provisioning, billing, identification and authorization, service improvement, and research. When a customer contacts Kissflow, we may keep a record of customer communication to help solve any issues the customer might be facing.
If you contact us by email or contact form, the information you provide will be stored for the purpose of processing the request and for possible follow-up questions. Please email us at email@example.com to assert your data protection rights. Please read the section entitled “Your rights to access, rectification, cancellation, limitation of processing, data portability and to withdraw consent”.
- Service Providers. We may provide access to or share your information with select third parties who perform services on our behalf. These third parties provide a variety of services to us, including without limitation billing, sales, marketing, provision of content and features, advertising, analytics, research, customer service, shipping and fulfillment, data storage, security, fraud prevention, payment processing, and legal services. The list of our third party service providers can be found here: Data Processing Addendum
- Complying with our obligations: we may process your personal data to comply with our legal or regulatory requirements, where this is required by law.
- To continue using the Services after the free trial period, you must begin a paid subscription which requires a valid credit card. Enterprise customers may request a paper contract that includes alternative billing arrangements including purchase orders.
International Data Transfer
How Secure is your personal data and information with us?
We work hard to protect Kissflow and our users from unauthorized access or unauthorized alteration, disclosure, or destruction of information we hold. In particular:
- We encrypt our services using SSL.
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
- We restrict access to personal information to Kissflow employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
Compliance and cooperation with regulatory authorities
In compliance with the Privacy Shield Principles, Kissflow commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Kissflow at: firstname.lastname@example.org
We are also ISO 27001 Certified and we follow all the regulatory norms set by this standard. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.
Retention, deletion or blocking of data
We adhere to the principles of purpose limitation and data minimisation. Therefore, we only store your personal data for as long as it is necessary to achieve the purposes mentioned here or as long as the many storage periods required by law. After discontinuation of the respective purpose or expiry of these deadlines, the corresponding data will be blocked or deleted in accordance with the statutory provisions. Our legal basis for the deletion or blocking of personal data is Art. 5 (1) b) GDPR and Art. 5 (1) c) GDPR.
Your rights of access, rectification, cancellation, limitation of processing, data portability and to withdraw consent
We will provide access to your personal data stored by us at any time. If you wish, you will receive it in a structured, commonly-used and machine-readable format. We will be happy to correct, edit, limit, or delete your personal data at your request, provided that no statutory storage requirements are in conflict, or forward them to another responsible office. If your personal data stored with us has been processed incorrectly, out-of-date, or unlawfully, you can restrict its processing by us. Finally, you may change or revoke your consent to the processing of your personal information at any time with future effect. To contact us for any of these concerns, please email us at email@example.com. Our legal basis for the disclosure, correction, deletion, limitation of processing and data transmission is the respective request of the data subject.
You have the right to complain about the improper processing of your personal data (such as collection, storage, modification, transfer, deletion, etc.) by emailing us at firstname.lastname@example.org.
Last Updated: 10th July, 2019