Khoros is committed to protecting the privacy and rights of its customers as well as respecting the rules and laws of the jurisdiction in which it operates. As such, Khoros requires that all law enforcement requests for customer data be accompanied by valid legal process from a law enforcement authority with jurisdiction. Khoros will only provide customer data in response to a law enforcement request when we reasonably believe that we are legally required to do so, and in accordance with our privacy policy, terms of use, and our individual customer agreements. To protect the privacy and rights of our customers, Khoros reviews all law enforcement requests to ensure they comply with the law.

It is Khoros’s policy to notify our customers of all requests for their information and provide them with an opportunity to object to the disclosure when we respond unless we are explicitly prohibited from doing so by law.

GUIDELINES FOR SUBMITTING LAW ENFORCEMENT REQUESTS

HOW TO SERVE A LAW ENFORCEMENT REQUEST:

The Khoros Legal Department is the only Khoros department that can respond to law enforcement requests. All such requests should be sent via email to legal@khoros.com.

If the requesting agency is required to submit a request in person or via mail, Khoros’s address is:

7300 Ranch Road 2222

Building 3, Ste 150

Austin, TX 78730

Attn: VP, Legal

Please also email legal@khoros.com to alert us to the incoming request.

REQUIREMENTS FOR SUBMITTING A LAW ENFORCEMENT REQUEST:

Khoros will process a law enforcement request if it meets the following criteria:

• Is submitted to the Khoros Legal Department by a law enforcement agency or official government entity;
• Includes valid and enforceable legal process, such as a warrant, subpoena, or court order, that compels Khoros to produce the information requested;
• States with sufficient particularity the categories of information or records sought;
• Contains the name, contact information, and badge/identification number of the government representative or individual law enforcement agent who is authorized to service the request;
• Includes enough information about the customer account that Khoros can clearly identify the account at issue;
• Clearly states the specific customer information being requested, such as names, usernames, email addresses, phone numbers, and IP addresses; and
• Sets out the specific response date for the information requested.

If the requesting agency does not want us to notify a customer of a law enforcement request for their information, the request should include a court order or reference to other legal authority that explicitly prohibits Khoros from disclosing the existence of the request to our customer.

REQUESTS FOR PRESERVATION OF CUSTOMER INFORMATION:

Upon receipt of a valid law enforcement preservation request, Khoros will preserve customer information for 90 days upon receipt. If the preservation request is not validly extended by the end of the 90-day period, Khoros may delete the customer information when the preservation period expires.

EMERGENCY REQUEST REQUIREMENTS:

If a law enforcement agency or official government entity submits a request for the disclosure of customer information in relation to a matter involving imminent harm to a child or risk of death or serious physical injury to any person, Khoros may provide such information necessary to prevent the harm, consistent with applicable law.

INTERNATIONAL LAW ENFORCEMENT REQUEST REQUIREMENTS:

Khoros discloses customer information solely in accordance with our privacy policy, terms of use, our individual customer agreements, and applicable law. To compel the disclosure of customer information from Khoros, a Mutual Legal Assistance Treaty request or a letter rogatory may be required. Khoros also requires that any agency or individual issuing law enforcement requests or other legal process or information requests ensure that the request or process is properly domesticated.

INTERNATIONAL CUSTOMER POLICY FOR LAW ENFORCEMENT REQUESTS:

In providing Services to our customers, Khoros may process the Personal Data (as defined by the GDPR or other applicable data privacy law) of EEA, Australian, or other international individuals in jurisdictions outside of where that individual is located, including the United States. Any such Personal Data that is transmitted to the United States by Khoros is encrypted in transmission and at rest.

If at any time Khoros becomes aware of a binding request by local authorities or direct access of a customer’s Personal Data by public authorities, Khoros will notify that customer and, where possible, the data subject of such binding request or access. Khoros will record and preserve all information relating to such a request for the duration of the contract with the impacted customer.

If Khoros receives a law enforcement request for the disclosure of customer data that includes the Personal Data of an international individual(s), Khoros will inform the requesting agency that we process Personal Data on our customer’s behalf. Unless otherwise prohibited from doing so by law, we will notify our customer of the request and will coordinate with our customer prior to producing any information to the requesting agency.

Khoros will also review the law enforcement request for legality. If Khoros deems a law enforcement request as unlawful, we will challenge the request and will also seek interim measures with the objective of suspending the request. We will also pursue all possibilities of appeal.

If Khoros does not deem the law enforcement request to be unlawful, we will take the following steps:

• Where applicable, seek a limited waiver of any prohibition against Khoros’s disclosure of the existence and/or details of a request to our customer or impacted data subjects;
• Work with the requesting agency to narrow the request for such Personal Data to the minimum data needed by the agency;
• Inform the requesting agency that the Personal Data is subject to the GDPR and/or other laws that confer certain rights upon individuals (as applicable), including the right to transparency, access, rectification, and deletion from any entity that process personal information, including government agencies;
• Evaluate if the request seeks information which goes beyond what appears reasonably necessary for: national security; defense; public security; the prevention, investigation, detection and prosecution of criminal offenses; or the breach of ethics for the regulation of professions, other important economic or financial interests of a country, the protection of individuals, or the protection of the rights and freedoms of others; and
• Appeal, narrow, or attempt to quash a request that we determine is unreasonable, to the extent we are permitted to do so by law.

In all instances, Khoros will provide regular updates to the impacted customer on any law enforcement request that we have received. We will also document the details related to any law enforcement request received (including the legal reasoning provided and the actors involved), our legal assessment of the legality of the law enforcement request, and any challenges that we make to it. And, to the extent permissible, we will make this documentation available to such customer upon request. We will also publish transparency reports summarizing government requests for information to our customers.