Infusion Software, Inc. (“Keap,” “we,” “us,” and “our”) takes the protection of personal data very seriously. This Application Privacy Notice (the “Notice”) addresses data subjects whose personal data we may receive in our hosted sales and marketing software applications from our customers or business partners. Our customers and business partners use our applications to store and process the personal data of their own users and customers, and we act only as a processor or service provider for such personal data. In general, we only access such personal data at our customer’s request in connection with customer support or account administration matters, as is reasonably necessary in order to provide the services that our customer has directed us to provide, or as may be required by law.
Keap sells sales and marketing software and related services, designed primarily for small businesses. Our customers use our hosted technology platforms to store and process personal data at their own discretion. Since our customers provide the personal data covered by this Notice, the categories of personal data we process are also determined by our customers, with whom the relevant data subjects typically have a closer employment or business relationship (and who, therefore, can provide additional information as to the categories of personal data shared with us).
We may receive your personal data when our customers or our business partners submit such data to our hosted technology platforms.
In the context of this Notice, Keap acts as a data processor (including as a service provider) for the personal data we process. It is the responsibility of our customers, who are typically data controllers, to establish a lawful basis and business purpose for the processing activities they undertake using our hosted sales and marketing software.
We collect and use personal data for the purposes of providing, maintaining, and developing our services, communicating with business partners about business matters, processing personal data on behalf of customers, detecting and blocking spam messages and security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, conducting related tasks as reasonably required in order to provide our hosted sales and marketing software to our customers, and such other purposes as permitted by applicable law.
To help us provide software solutions that meet the evolving needs of our customers, we may aggregate personal data that we process for the purpose of anonymizing such personal data. We may then process the resulting anonymized data for any legal business purpose, such as analyzing usage trends.
When the purposes of processing are satisfied (i.e., when the provision of the services to the Keap customer ends), we will delete such personal data within six months.
We share personal data with our service providers, who process personal data on behalf of Keap. Such third parties include those:
Personal data Personal Data may be provided, transferred to and stored by us in the United States and by our processors and service providers that are based in other countries. Therefore, personal data may be processed outside your jurisdiction, in countries that are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area. We will require that all of our processors and service providers have adequate level of protection, for instance by entering into the appropriate data protection agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission. Keap remains liable for the protection of your personal data that we transfer to our processors and service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
We also share personal data with other third parties for the purposes for which we receive the personal data (e.g., performance of contractual obligations and rights).
We may also disclose your personal data (i) to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders, or (ii) if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change.
If we must disclose your personal data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your personal data will maintain the privacy or security of your personal data.
We will not (1) sell your personal data, (2) retain, use, or disclose your personal data for a commercial purpose other than providing services to our customers and business partners or as otherwise permitted by law, nor (3) otherwise retain, use, or disclose personal data except where permitted by applicable law or as set forth in our agreement with our customers or business partners.
Keap has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect personal data from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction. For more information on our security practices, please visit https://keap.com/legal/data-security.
If you are a data subject about whom we store personal data, you may have a right to request access to your personal data, update, correct, or delete your personal data, and to object to processing, request restriction of processing, or exercise your right to data portability. To submit such requests or raise any other questions, please contact the organization that provided your personal data to us. We make a reasonable effort to provide our customers the means to comply with the requests of their data subjects in our hosted sales and marketing software applications.
If you have questions, please contact us at:
Our Data Protection Officer is:
Matthew Joseph, CIPP/E, CIPP/US
We will promptly investigate and attempt to resolve complaints and disputes in a manner that complies with the principles described in this Notice. Please allow up to four weeks for us to reply. If you are an individual and believe your data has been submitted to us by or on behalf of our customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly. Because we may only act upon instruction from that customer, if you wish to make your request directly to us, please provide to us the name of our customer who submitted your data to us. We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.
VeraSafe has been appointed as Keap’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to Keap only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ or via telephone at: +420 228 881 031
Alternatively, VeraSafe can be contacted at:
Unit 3D North Point House
North Point Business Park
New Mallow Road
Keap is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
If we make any material change to this Notice, we will post the revised Notice to this web page and update the “Effective on” date above to reflect the date on which the new Notice became effective.