Privacy

Effective Date: 05/13/2019


Privacy Settings

1. Scope and application

This Privacy Notice describes how Khoros collects, uses, shares, and secures the Personal Data about individuals who use this web site (www.khoros.com) and our services.

The following is a list of our current services:

When we say “Personal Data,” we mean any data that could directly or indirectly be used to identify you or your household, ranging from (for example) your name and email address to the IP address of your device and the location from which you access this website.

This Privacy Notice describes how we collect, use, share, and secure the Personal Data that we collect when you access this website and our services.

This Privacy Notice also describes how we handle Personal Data on behalf of our customers.

It is important to understand, however, that when we handle your Personal Data on behalf of one of our customers, we are doing so pursuant to the customer’s instructions as their data processor. If you want to know more details about that customer’s data protection policies, you should consult the customer’s privacy notice.

Read more about the scope of this Privacy Notice here.

This Privacy Notice (“Privacy Notice”) applies to:

This Privacy Notice describes how Khoros:

The use of any information collected through our Services shall be limited to the purpose of providing the Service for which the Customer has engaged Khoros, as agreed in a signed contract between Khoros and Customer.

This Privacy Notice also describes your rights regarding the use of your Personal Data by Khoros, as well as the options available to you regarding how we communicate with you.

Khoros does not send unsolicited emails or sell any Personal Data that users may have submitted to us though our Site. In addition, for lead generation or marketing purposes, we may ask individuals interested in obtaining more information about Khoros products to voluntarily submit their contact information to us. For more information on the Personal Data that we collect, see the “What Personal Data do we collect?” section, below. For more information on how we use your Personal Data, see the “How do we use your Personal Data?” section below. Khoros is controller of your Personal Data as described in this Privacy Notice, unless explicitly stated otherwise.

This Privacy Notice does not apply to the extent that we process Personal Data while acting in the role of processor for our Customers. Such processing is governed by contracts that we have with our Customers.

For detailed information on how we process Personal Data on behalf of our Customers, please ask the applicable Customer directly. Khoros is not responsible for the data privacy or data protection practices of its Customers.

2. What Personal Data do we collect?

We collect two types of Personal Data about you:

(1) Personal Data that we receive directly from you, which can include, but is not limited to, your name, email address, company that you represent, and social media account information; and

(2) Personal Data about you that we receive from others, which can include, but is not limited to, content that you post on social media sites, information that you’ve provided to our customers, and information about your browsing habits on other websites.

Read more about the Personal Data that we collect about you here.

Please note that some Personal Data we receive directly from you is provided to us automatically via technology, such as a cookie placed on your computer when you visit our Site.

Please also note that some parts of our website and services allow you to post or transmit comments, computer files, messages, and other materials. Please be careful about what Personal Data you choose to make public in these areas of our Site and Services.

Personal Data that we receive directly from you:

As mentioned above, some of the Personal Data we receive from you is collected by automated means. Such Personal Data includes:

Personal Data that we receive from other parties:

Additionally, when a Customer provides or accesses information through one of our Services, we may receive information from the Customer’s input of, in response to, or by way of interaction with, content generated by Customer’s use of the Services, such as social media messaging, as well as from the Customer’s website or Third Party Site. This may include information regarding a third party that was published on or provided to the Customer’s website or Third Party Sites.

This Privacy Notice does not govern the collection of content by Third Party Sites that is not published or generated through the Services, except to the extent that we act as a processor with respect to such content. Our Customers are required to abide by the applicable policies and requirements of such Third Party Sites used in connection with the Services and when using information from Third Party Sites.

3. How do we use your Personal Data?

We use the Personal Data about you that we collect in order to fulfill a range of purposes, including:

To read more about how we use your Personal Data, click here.

We collect and process your Personal Data for the following purposes:

Information collected by Khoros from each Customer Community is used solely to provide the Services for that Community, to provide related Services to the customer who manages that Community, and as otherwise agreed in a contract between Khoros and the customer. Other information gathered is solely used to: (i) respond to a user's request for additional information on Khoros Services; (ii) provide, develop, enhance and support related Khoros Services; (iii) fulfill Khoros’s legal obligations and defend Khoros’s legal rights, as needed. We may also use a user's email address to send promotional or marketing materials on related Services, such as updates on the product line, but this is only after the user is a customer, a Service is requested by the user, or Khoros has some other pre-existing business relationship with the user. We use your IP address and browser-type information in the general administration of our website

In addition, we use the information that we gather from other social media sites to:

  1. provide context to a brand, such as information about an individual’s past interactions with that brand, and the individual’s public profile information, to improve the quality of the brand’s interactions with that consumer who is reaching out to them over social media,
  2. assess each individual’s general topics of interest (but excluding sensitive topics such as political or religious views),
  3. measure their influence on social media by assigning a numerical value based on our proprietary algorithm which looks at frequency/ dates of activity, responses of other individuals to that activity, and the occurrence of certain key words and/or brand names, and,
  4. allow brands to compare themselves to other brands in their industry by seeing aggregated statistics of the numbers of individuals who promote or detract from each brand based on the individuals’ public social media activity.

Through our social media management services, we provide this information on individuals to the customer support and service representatives of the companies who are Khoros customers, the “brands”, so that those representatives can provide support and service to their consumer customers more effectively, by triaging communications to address more urgent requests in priority order, and by understanding the interests of their consumer customers to provide more targeted support. We also provide aggregated statistic to the brands for competitive analysis purposes.

Through our Khoros Community and Khoros JX Community platforms, we make social impact scores available for individuals who participate in the community to create more effective and interesting social interactions within the Community.

In the collection and use of information from other social media sites, we rely on our legitimate interests in providing services to our customers, and assisting them to provide better service to their customers, under applicable data privacy regulations, and balance those interests with the data privacy concerns of individuals. If you would like more information about our legitimate interests analysis, or have concerns that you would like us to address, please contact privacy@khoros.com.

In regard to Khoros Services, Khoros collects information under the direction of its Customers, and has no direct relationship with the individuals whose Personal Data it processes. If you are a customer of one of our Customers and would no longer like to be contacted by one of our Customers that use our Services, please contact the Customer that you interact with directly. We may transfer Personal Data to companies that help us provide our Services. Transfers to subsequent third parties are covered by the service agreements with our Customers.

Please note that Khoros may use and disclose data cleansed of all Personal Data so that it no longer can identify the Customer and/or user; and aggregated with similar data from other Khoros Customers (“Aggregated Data”) to determine and report Services usage patterns by Customers and users generally, and for any other legitimate purpose.

Information collected by Khoros from Customers is used solely to provide the Services and as otherwise agreed to in a contract between Khoros and the Customer.

Sometimes, our Customers have specific purposes for which they plan to use an individual user’s Personal Data, and our Customers describe those purposes at the point of collection. For example, a Customer may solicit a user’s feedback in order to improve services and products, respond to a user’s questions or comments, register in connection with a contest, giveaway, or drawing, respond to a request for a brochure, or to otherwise send information to the user. We may be asked to fulfill or assist with the fulfillment of the requirements associated with the point of collection purposes, but the responsibility to obtain any necessary consents remains with our Customers as the data controllers.

4. How do we share your Personal Data?

We do not sell your Personal Data. We do share the Personal Data with third parties in a range of scenarios, including the following:

To read more about how we share your Personal Data, click here.

As a matter of policy, we do not sell your Personal Data. We may disclose your Personal Data. We will only share your Personal Data in the ways stated below:

For more information on international transfers of your Personal Data by Khoros, please see “International transfers of your Personal Data” below.

5. International transfers of your Personal Data

If you’re in the European Economic Area (EEA) or the United Kingdom, we ensure protection of your Personal Data when it’s collected, transferred to, and stored outside the EEA or United Kingdom.

Some of the third parties to which we may disclose your Personal Data (discussed above) might be in a location outside the EEA or United Kingdom. In this case, we use certain legal mechanisms to ensure that the protection afforded your Personal Data is the same as the protection provided within the EEA or the United Kingdom, as the case may be.

Depending on the scenario, we use one of two mechanisms to achieve this protection: the European Commission Standard Contractual Clauses or the EU-US Privacy Shield program and the Swiss-US Privacy Shield program (the “Privacy Shield”).

To read more about how we handle international transfers of Personal Data, click here.

Some of the third parties listed in the previous section “How do we share your Personal Data?” may be located in countries located outside of the European Economic Area (“EEA”) or UK that offer an adequate level of data protection, as determined by the European Commission. More information on those countries can be found here:

https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

Some of these third parties may be located in countries whose level of data protection has not been deemed adequate by the European Commission.

In the course of performing its Services, Khoros and its subprocessors may access and/or transfer Personal Data to (or from) these areas, pursuant to either, at Khoros’s sole option: (i) the European Commission Standard Contractual Clauses (“Clauses”) or (ii) the EU-US Privacy Shield program and the Swiss-US Privacy Shield program (collectively “Privacy Shield”).

Privacy Shield Disclosure

For purposes of this Privacy Shield disclosure, “Personal Information” means data that is (a) transferred from the European Union, the UK, or Switzerland, as the case may be, to the United States; (b) recorded in any form; and (c) about, or pertains to, a specific individual who is identified in, or is identifiable from, the data. “Sensitive Information” means Personal Information specifying medical or health conditions, personal sexuality, racial or ethnic origin, political opinions, religious, ideological, philosophical, or trade union-related beliefs, views or activities, trade union membership, information specifying the sex life of the individual, information on social security measures, or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings. Sensitive Information also includes Personal Information received from a third party where the third party treats and identifies it as sensitive.

The following Khoros products (collectively, the “Privacy Shield Certified Products”) are Privacy Shield certified under the name Spredfast, Inc., as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Information from European Union member countries and Switzerland. Certifications made under the Privacy Shield extend to transfers Khoros makes to and from the United Kingdom:

For the Privacy Shield Certified Products, we have certified that we adhere to the Privacy Shield principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this Privacy Notice and the Privacy Shield principles, the Privacy Shield principles shall govern. To learn more about the Privacy Shield programs, please visit https://www.privacyshield.gov.

For the Privacy Shield Certified Products, we will adhere to the requirements of the Privacy Shield with respect to Personal Information. As a condition to using the Services, Customers are required to obtain all necessary individual consents in order to collect and use Personal Information.

Khoros strictly prohibits the entry of Sensitive Information into Khoros systems, except with the express prior written consent of Khoros in each instance.

If Khoros relies on Privacy Shield as a basis for transfer of Personal Information outside of the EEA or the UK, and if Privacy Shield is deemed invalid by a competent authority or otherwise superseded, then any such transfers of EEA Personal Information outside the EEA shall be conducted pursuant to the EC Standard Contractual Clauses (the “Clauses”) and Khoros will execute a copy of the Clauses at Customer’s request. Khoros is subject to the investigatory and enforcement powers of the US Federal Trade Commission (the “FTC”). In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the Privacy Shield, Khoros is potentially liable.

In compliance with the Privacy Shield, Khoros commits to resolve complaints about privacy and our collection or use of Personal Information. European Union and Switzerland citizens with inquiries or complaints regarding this Privacy Notice should first send us an email to legal@khoros.com.

Khoros has further committed to refer unresolved privacy complaints under the Privacy Shield principles to the International Centre for Dispute Resolution (the “ICDR”), an international dispute resolution provider. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://go.adr.org/privacyshield.html for more information and to file a complaint.

6. How long do we keep your Personal Data?

We will retain your contact information, including your name and email address, for as long as your account is active or as needed to provide the Services to you. If you wish to cancel your account or request that we no longer use your Personal Data to provide Services, please refer to “Your Rights and Options regarding your Personal Data” Section of this Privacy Notice.

Khoros may retain data, including Personal Data, in encrypted format held on back up media or other back up storage for disaster recovery purposes for up to ninety (90) days pending routine erasure cycles, and log files held for security reasons for up to twelve (12) months.

For further information on our Personal Data retention practices and policies, please see the Khoros Data Retention and Media Destruction Policy for Customer Data. For additional questions on this topic, please contact us using the information contained in the “Contacting Us” section below.

7. Your Rights and Options regarding your Personal Data

Depending where you live, you have certain rights related to your Personal Data. The rights available to you depend on our reason for processing the Personal Data in question. Please note that these rights are also subject to local data protection laws and regulations, and that these rights do not apply in all situations.

Your rights are as follows:

For more information about how to exercise your rights and options, click here.

You may “opt-out” of having your Personal Data used for certain purposes, such as receiving promotional or other marketing material from us during the registration process, for downloading a whitepaper or signing up for our webcasts. Users who no longer wish to receive our updates or newsletters may opt-out of receiving these communications by following the instructions contained in the mailer or by emailing us at marketing@khoros.com. Please include the term “OPT-OUT” in the subject line immediately followed by your email address.

You may access, correct, or request deletion of your personal information collected via this Site by emailing us at either: (i) privacy@khoros.com if your request relates to Khoros’ Community or Social Medial Management products; (ii) DataAccessRequest@spredfast.com if your request relates to Khoros’ Conversation, Intelligence, Experience, or Vault products; or (iii) privacy@khoros.com if you are not sure which Khoros product to which your request relates. We will respond to your request within a reasonable timeframe.

We are unable to delete information accessed or provided through the Services if we do not control such information, such as information that originated through a social media network and is consequently controlled by such social media network, except to the extent that a copy of that data exists on our systems and with the permission of the data controller.

8. How do we secure your Personal Data?

We follow generally accepted industry standards to protect the Personal Data submitted to us, both during transmission and once we receive it. Please keep in mind, however, that no method of transmission over the internet, or any method of electronic storage, is perfectly secure.

To read more about our security policies, please click here.

Khoros takes information security and privacy of Personal Data very seriously. We fully support and abide by the data privacy principals established in the EU Directive on Data Protection as well as all other applicable local privacy laws and regulations. Our security controls and mechanisms are based on the ISO 27001 global security management standard and we conduct external security audits and independent security testing on an annual basis.

Specifically for Customers:

The Khoros Security Data Sheet provides a summary of the security measures implemented throughout the organization to provide full transparency and a peace of mind for Khoros Customers that their Personal Data and information are in good hands.

For Customers who have a requirement to conduct their own security testing of the Khoros platform, the Khoros Security Scanning Policy provides an overview of the process and any associated restrictions.

If you have any questions about our security practices or security on our website, you can visit our security information page at https://khoros.com/khoros-security or email us at privacy@khoros.com.

9. Cookies

Cookies or similar technologies are used by Khoros and our partners, affiliates, or analytics or service providers. These technologies are used in analyzing trends, administering this website, tracking users’ movements around this website, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

To read more about how we use cookies and similar technologies, click here.

We use cookies to remember users’ settings (e.g. language preference) and for authentication. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our Site, but your ability to use some features or areas of our site may be limited.

As is true of most web sites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, referring/exit pages, browser type and operating system, date/time stamp, and/or clickstream data. We do not link this automatically collected data to other information we collect about you. For more information about cookies used by Khoros and a list of Khoros cookies download the Khoros Cookies Datasheet.

10. Changes in this Privacy Notice

This Privacy Notice may change from time to time, so please review it frequently for any updates or changes. If we make material changes to this Privacy Notice we will notify you by email (sent to the e-mail address specified in your account) or we will place a prominent notice on our Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

11. Contacting Us

If you have any questions about this Privacy Notice, the practices of this Site, or your dealings with this Site, please call us at 1 (415) 757-3100, email us at privacy@khoros.com or write us at the following address:

Khoros, LLC
1 Pier, Bay 1A

San Francisco, CA 94111
USA

Disputes

To exercise your rights regarding your Personal Data (as described in the “Your Rights and Options regarding your Personal Data” section, above), or if you generally have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our Data Protection Officer:

Lillian Pang

Taceo Limited

Company registration number 11059214

http://www.taceo.co.uk/

Telephone: +44 7474 293 610

Email: dpo@taceo.co.uk

In such a scenario, you may also contact our U.S.- based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

If you are located in the EEA and we have not able to address your complaint or concern to your satisfaction, you have the right to lodge a complaint with the supervisory authority that oversees Personal Data rules in your jurisdiction. For example, in the United Kingdom, your complaint should be directed to the Information Commissioner’s Office (https://ico.org.uk/).

Khoros London Limited, a wholly owned subsidiary of Khoros, LLC, is based in the United Kingdom under the jurisdiction of the UK data protection authority the UK Information Commissioner’s Office (ICO), and controls the export of Personal Data from the EEA to other Khoros affiliates, including Khoros, LLC. More information on ICO can be found on their homepage, which is located at https://ico.org.uk/.

12. Additional Information

Collection of Personal Data from Children

Our Site is not directed at children. We do not knowingly collect Personal Data from children under the age of 16. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us by using the information in the “Contacting Us” section, below, and we will take steps to delete such Personal Data from our systems.

Blogs

Our Site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your Personal Data from our blog or community forum, contact us at privacy@khoros.com. In some cases, we may not be able to remove your Personal Data, in which case we will let you know if we are unable to do so and why.

Social Media Widgets

Our Web site includes Social Media Features, such as the Facebook and Twitter buttons and Widgets, such as the Share this button or interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy notice of the company providing it.

Testimonials and Comment, Idea, and Survey Submissions

We display personal testimonials of satisfied Customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at privacy@khoros.com.

We consider information such as answers to surveys, comments, ideas, and suggestions (in each case, which do not contain Personal Data) to be non-personal and do not classify such as Personal Data. Except as otherwise provided by applicable contracts with our Customers or a third party, Khoros is free to disclose and use such data or information without any obligation.

Links to more detailed information