Kaoshi Inc. (hereinafter “KAOSHI”, with its registered office at 16192 Coastal Highway, Lewes, DE 19958, United States of America.) is committed to protecting your privacy.
The Privacy Statement explains how your Personal Data is processed by Kaoshi, as a Data Controller for the data Processing activities described in this policy. This applies to data collected through our websites (for example, when you submit your data through our online forms, when you use the Kaoshi website as a registered user), or collected during interactions you may have with us (for example, when you attend our events, forums, trainings, or when you use our applications). In this regard, Kaoshi will process all your Personal Data in compliance with the applicable United States Data Protection laws, the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and other applicable data protection legislation (hereinafter “Data Protection Laws”). For the purpose of this policy, Kaoshi is your data controller.
We implore you to carefully read this Privacy Statement to understand our data Processing practices as this policy is legally binding when you use our website or the services posted theron.
Kaoshi may modify this Privacy Statement from time to time. Please check it periodically for changes, in particular when you submit Personal Data on our websites and partner websites
Purposes of Collecting Data
Kaoshi processes Personal Data collected on our websites or through the interactions you have with us for the following purposes:
- The provision of Kaoshi services and products, including use of our software
- Sending commercial communications, newsletters, and other customer communications
- The operation of our websites and software (IP addresses, cookies, web acceleration, data security, Data anonymisation for reporting and statistics, and for customer retention)
- The improvement and preservation of our websites and infrastructures
For these purposes, Kaoshi will generally process the following data pertaining to you (depending on the website, activity, product or software used by you): IP address, identification information (for example, last name, first name, job title, company name, contact details - such as mobile, landline, e-mail address), login and password, the history of your interactions with Kaoshi (for example, attendance dates to events, photographs, downloads from our websites, connection logs), your financial information (for example, credit card details for billing purposes after your subscription to our events, invoicing history).
More information about the use of your data for specific purposes is given below. Where applicable, we indicate whether, and why, you must provide us with your Personal Data, as well as the consequences of failing to do so. If you do not provide your data when requested, and if that data is necessary to provide you with Kaoshi services and products or if we are legally required to collect it, then you may not be able to benefit from our services.
You may also find more information about the use of your Personal Data (as a Kaoshi customer) for Kaoshi governance and for the provision of Kaoshi services and products in the Kaoshi Personal Data Protection Policy.
Data Processing and Collection of Your Data
Kaoshi takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition - in some cases, the Data may be accessible to certain types of people in charge, involved with Kaoshi’s operations (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by Kaoshi. The updated list of these parties may be requested from us at any time.
Legal basis of processing
The Owner may process Personal Data relating to Users if one of the following applies:
- Users have given their consent for one or more specific purposes. Note: Under some legislations Kaoshi may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases ;
- provision of Data is necessary for the performance of an agreement with the User and/or for any precontractual obligations thereof;
- processing is necessary for compliance with a legal obligation to which the Kaoshi is subject;
- processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in Kaoshi;
- processing is necessary for the purposes of the legitimate interests pursued by Kaoshi or by a third party.
Use of Your Personal Data
Kaoshi may use Personal Data for the following purposes:
- To provide and maintain our Service, including to monitor the usage of our Service.
- To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
- For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
- To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
- To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
- To manage Your requests: To attend and manage Your requests to Us.
- The development, subscription, deployment, provision, support, promotion, evaluation, and invoicing of the following services: Kaoshi’s services and products, services and products offered to Kaoshi’s partners and online services and products
Personal Data Collected by Kaoshi Customers/ ‘Product Users’
This section deals with personal data collected by Kaoshi product users and supplied to Kaoshi as part of their use of the Kaoshi service offering or software, KYC and record collection including the API messaging service/forum.
Kaoshi product users may instruct us to process personal data of individuals as part of their use of the Kaoshi platform and necessary record collection. For instance, Kaoshi’s product users may include personal data (such as name, address, account number of an instructing or beneficiary party and Unique End-to-end Transaction References or 'UETR' in a payment transaction) in the messages or files they send (API data) Kaoshi may have no relationship with these individuals. Only Kaoshi customers know their clients and employees, and have a contractual relationship with them. Kaoshi product users determine the purposes for which the personal data of their clients and employees may be processed and the most suitable means to do so. However, in limited situations, Kaoshi may also retrieve personal data and determine the purposes and means of the processing of such personal data.
As to the provision of this messaging service, the intention of this document is to transparently set forth the roles of the parties involved, as well as the technical and organisational security measures that Kaoshi has put in place for the processing of message data (that may contain personal data).
The purpose of the data collection described above include:
- Production of general information on financial transactions, including identifiable and non-identifiable information, and the processing of personal data for product development purposes;
- Data collection towards contributing to the safety, efficiency, and transparency of financial transactions through automated and secured transmission of standardized, integer and immediately exploitable information.
- Use for statistical and product development purposes (see section below)
Respective roles with regards data collection by Kaoshi Product Users.
a) Kaoshi will process process personal data in accordance with the Kaoshi general Terms and Conditions, Privacy policies other relevant service documentation thereof; • We will apply the security measures as described in this policy and in the applicable service documentation
b) The Kaoshi prodiuct users must, each with regard to the individuals that are their clients, comply with the obligations that require a direct contact with these individuals, in particular:
- obligations concerning data, accuracy, and lawfulness of the processing
- providing notice regarding the data processing and data transfers to individuals
- handling individuals’ requests to exercise their rights of access, rectification, restriction, erasure, data portability, objection, consent withdrawal, and their rights relating to automated individual decision-making
- notifying personal data breaches to individuals
Kaoshi product users should also comply with their own obligations of record keeping, performing data protection impact assessments and appointing a data protection officer, if and as required by applicable law. These obligations are not different from the obligations that many Kaoshi product users already have under applicable data protection laws or financial regulations.
Marketing Communication and Surveys
Kaoshi has a legitimate interest in processing Personal Data that you submit on our websites or during your interactions with us (for example, purchase or use of our products), to provide you with commercial communications related to Kaoshi products and services. In this regard, if your legal entity is a Kaoshi customer/ subscriber we might send you communications related to Kaoshi products or service offering that you use, purchase or products In the same line.
In addition, you can consent to receiving commercial communications pertaining to Kaoshi activities in general, tailored to your profile (“Advanced Matching”) or related to specific topics or domains of interest which you can select and manage through your online Preference Centre. If you choose to use “Advanced Matching”, you leave us in charge of identifying your topics or domains of interest based on your online engagement with us (for example, downloading factsheets), so that we can provide you with curated content and ensure you only receive information that is relevant to you.
You have the right to opt out of this type of tailored communication, to unselect specific domains of interests or to opt out from any type of commercial communication from Kaoshi, at any moment. You can do so by accessing your account settings, in your secured Kaoshi backend center or through a link provided in each commercial e-mail from us.”.
Please note that if you are a kaoshinetwor.com registered user, you can subscribe to specific newsletters, which you can manage through your secured account settings area. When you choose to opt out from all communications from us, we will stop your subscription to these specific newsletters.
Through the Backend access, you will be able to:
- manage your commercial communication preferences, such as what content we send you, by adjusting your domains of interest, subscribing to or opting out of general communications from Kaoshi and/or Advanced Matching;
- update and edit your personal data, or request that your details be deleted.
- manage your preferences with regards to surveys.
Indeed, from time to time, we may send you invitations to participate in surveys or market researches in order to seek community feedback on existing products and services or on future product developments. It is both Kaoshi and its customers’ legitimate interest to identify how to improve the quality of our services and products through surveys, in compliance with the recipients’ commercial communications preferences. If you do not wish to receive surveys or market researches, you may choose to opt out from all types of surveys through the Backend access.
To monitor the effectiveness of our e-mail campaigns and facilitate further interactions between us, Kaoshi measures specific actions related to e-mails (e.g. clicks, bounce, open). It is Kaoshi’s legitimate interest to maintain accurate, effective and quality interactions with its current and prospective customers. If you opt out from any type of commercial communications from Kaoshi through your secured account area (Backend), your personal data will no longer be used for that purpose.
Your personal data will be kept no longer than two years after the last interaction between Kaoshi and you, or until the information is no longer necessary for the purposes for which we process it, unless we are required by law to keep the information for a longer period of time.
Operation of our Websites
Kaoshi has a legitimate interest to Process your Personal Data for the operation of its websites and as detailed below:
For our internal purposes, we may use IP addresses (the Internet address of your computer) stored in web logs to generate aggregate statistics on the usage of our websites, such as volume, traffic patterns, and time spent on a page.
The information stored in cookies include your name, first name, registration number on Kaoshi
Network, language preference, navigation settings, login ID, and IP addresses.
In addition, our websites use Google Analytics, a service which transfers traffic data to Google servers in the United States..
The data we collect by using cookies is used to customize our website to your needs. After we use the data for statistical analysis, the data is completely removed from our systems. Please note that cookies don't allow us to gain control of your computer in any way. They are strictly used to monitor which pages you find useful and which you do not so that we can provide a better experience for you.
If you want to disable cookies, you can do it by accessing the settings of your internet browser. (Provide links for cookie settings for major internet browsers).
Web Acceleration Services
For purposes of accelerating the consultation of our websites, we use the services of a supplier specialized in web acceleration services. This requires caching the content of our websites on a substantial number of servers worldwide.
This supplier only processes data upon our instructions for web acceleration services and provides sufficient guarantees in respect of technical and organizational data security measures. This supplier also commits to notify us in case of a security breach compromising your Personal Data (see also ‘Sharing Data’ section below).
Hyperlinks to other websites
Our websites may contain links to other websites not owned or operated by Kaoshi. Kaoshi is not responsible for the privacy practices of these websites.
Tracking of URL activation
Upon registration to certain services , we will send you, by e-mail, a dedicated URL from where you can download relevant material. For purposes of measuring and following up on the use of these services, we will track the identity of the persons who activated such URLs, as well as the moment of download.
We are committed to protect your Personal Data against accidental or unlawful destruction, accidental loss, alteration, and unauthorised disclosure or access. Therefore, we monitor and record the data exchange (IP address, timestamp, volumes), both incoming and outgoing, in order to preserve the security, integrity, and availability of our infrastructure. In addition, in case of suspicious activity, Kaoshi might collect data (including Personal Data) from various sources (for example, public sources, threat intelligence providers) in order to start and manage its own investigation.
This data is kept for up to one year. Data can be kept longer when a security issue has been encountered and evidences need to be kept for Kaoshi to exercise its rights and remedies. Any Personal Data collected during this process may be shared by Kaoshi with the relevant authorities.
Please be aware that we cannot ensure the security of your data on your computer or during transmission over the Internet. In this regard, we advise you to take every possible precaution to protect Personal Data stored on your computer and transiting on the Internet.
Data anonymisation for reporting and statistics
Kaoshi has a legitimate interest to produce reports and statistics about the usage of its websites (for example, visitors per day, geographical reach).
These reports will be fully anonymized.
Analysis of End Users’ Usage Data for Customer Retention
Kaoshi has an authentic interest in analyzing and producing reports about the usage of its products and services, as made available through the website (such as Watch, Compliance Analytics) by their related end users and administrators for the following purposes:
- Create internal reporting about the individual or aggregated usage of the product or service.
- Provide specific training, and more generally awareness communication, to the customers.
- Provide ad hoc reporting to customers on their usage of the product or service.
Improvement and Preservation of Our WebSites and Infrastructures
When you submit your data through the Responsible Disclosure Policy, Kaoshi has a legitimate interest to process your Personal Data (for example, your personal identification data) to get in contact with you in order to obtain additional information about, or to undertake actions with regard to, your reported vulnerability.
Kaoshi will not share your Personal Data with third parties without your permission, unless we are required to do so by law (for example, sharing with the relevant authorities) or in order to exercise our rights and remedies, for instance in case of malicious activity (for example, sharing with external lawyers).
Data Submitted on Behalf of Someone Else
If you provide Personal Data of another person to Kaoshi for the purposes mentioned above, you shall ensure that (i) this person has been duly informed about Kaoshi’ s right to process such Personal Data as set out herein, and has been provided with the present Privacy Statement, (ii) such Personal Data is collected and supplied in accordance with applicable legislation and without infringing such person's or any third party’s rights and (iii) you have obtained his or her prior consent where needed.
Storage and sharing of your data
In the latter case, we ensure the lawfulness of such transfers by:
- agreeing with other Kaoshi offices on the approved standard contractual clauses
- agreeing with third parties on the most appropriate statutory, contractual, or self-regulatory basis (for example, Privacy Shield certification) to allow such transfers
You have a right to obtain more information about these safeguards used to transfer data outside of the US or EEA, by contacting our Data Protection Officer (see below).
Your Personal Data will not be kept by Kaoshi for longer than necessary, after which your Personal Data will be deleted. As general rule, and unless specified differently in this Privacy Statement, Kaoshi will keep your data for the duration of the statute of limitation applicable to our relationship with you.
During this period, you have the right to access, correct, restrict, receive a copy, and even erase your own Personal Data in accordance with the Data Protection Laws, and you can object to the processing of your Personal Data for direct marketing purposes.
In addition, where relevant, you can withdraw your consent, at any time and without motivation, for those types of data Processing to which you consented. Note however that this does not affect the lawfulness of the data Processing based on your consent before the withdrawal. Finally, in some circumstances, you also have the right to object to the Processing of your Personal Data mentioned above.
You can update your own privacy settings, and review and update your Personal Data, at any time, through your secured account area (see above section “Marketing Communication and Surveys”) and your profile page. In addition, you may exercise your data protection rights by sending your request, together with a proof of your identity, to Kaoshi’s contact source (see below).
If you have any other questions or any complaints regarding the Processing of your Personal Data, you can contact the Kaoshi Officer or lodge a complaint with the supervisory data protection authority in your country of residence, place of work, or where an incident took place.
In summary, your rights include:
- exercise access rights and obtain the rectification or the erasure of your personal data
- restrict or object to the processing of your personal data
- easily transfer your personal data to another company (right to data portability)
- exercise your right not to be subject to automated individual decision-making
- withdraw any consent you previously provided to Kaoshi regarding the processing of your personal data, at any time and free of charge (we will apply the individual’s preferences going forward and this will not affect the lawfulness of the processing before the consent withdrawal)
- lodge a complaint with a supervisory authority, including in the individual’s country of residence, place of work or where an incident took place
Use for Statistical and Product Development Purposes
Kaoshi as Data Controller
With regard to the processing of message data for statistical and product development purposes, Kaoshi acts as a data controller.
a) Kaoshi relies on the following legal grounds to process personal data (that may be contained in message data) as a data controller:
- Kaoshi needs to process the personal data to provide or improve its services and products.
- Kaoshi needs to process the personal data to comply with a legal obligation, for example to respond to a legally enforceable request from a competent authority.
- Kaoshi has a legitimate interest in processing the personal data, for example when Kaoshi processes personal data for statistical and product development purposes, and to otherwise improve the safety, security, and performance of the Kaoshi service offerings and products. Kaoshi only relies on its legitimate interests to process personal data when these interests are not overridden by the individual’s rights and interests and when the processing is compatible with the purposes for which the data was initially processed, as set out in the applicable documentation.
Kaoshi only shares personal data in such contexts with other Kaoshi affiliates, Kaoshi partner companies and third parties as described in the data transfer section.
As a data controller, Kaoshi will comply with the following GDPR obligations:
- Personal data breach notification towards the Kaoshi product users and competent data protection authorities, except as otherwise provided by applicable law
- Maintaining internal records
- Complying with privacy by design and by default principles
- Ensuring data integrity and confidentiality
- Performing data protection impact assessments as required
- Appointing a data protection officer
- Assessing the compatibility of purposes
- Making information about its data processing activities publicly available, through this Privacy and data protection policy.
The Kaoshi Privacy Officer carries out internal supervision in connection with our responsibilities under this Privacy Statement.
You may exercise your rights and address any questions to the Privacy Officer:
- by letter to Kaoshi Inc., attention of the Privacy Officer, 16192 Coastal Highway, Lewes, DE 19958, United States
- by e-mail to firstname.lastname@example.org