Effective on: June 24, 2022
Scope of this Notice
Infusion Software, Inc. (“Keap,” “we,” “us,” and “our”) takes the protection of personal data very seriously. This Application Privacy Notice (the “Notice”) addresses data subjects whose personal data we may receive in our hosted sales and marketing software applications (including from our websites, web applications, our mobile applications, or other add-on applications) from our customers or business partners. Our customers and business partners use our applications to store and process the personal data of their own users and customers, and we act only as a processor or service provider for such personal data. In general, we only access such personal data at our customer’s request in connection with customer support or account administration matters, as is reasonably necessary in order to provide the services that our customer has directed us to provide, or as may be required by law.
This Notice does not apply to personal data we collect by other means, such as personal data that we receive directly through Keap’s own publicly accessible websites or that we process as part of selling and marketing our services. For information about how we process such personal data, you can visit our Privacy Policy at https://keap.com/legal/privacy-policy.
If you are a customer and elect to integrate certain third-party connections with our platform, personal data submitted in conjunction with use of such services may be governed by our Third-Party Integrations API Privacy Notice (located at https://keap.com/legal/third-party-api-privacy-notice) as described therein.
Categories of Personal Data
Keap sells sales and marketing software and related services, designed primarily for small businesses. Our customers use our hosted technology platforms to store and process personal data at their own discretion. Since our customers provide the personal data covered by this Notice, the categories of personal data we process are also determined by our customers, with whom the relevant data subjects typically have a closer employment or business relationship (and who, therefore, can provide additional information as to the categories of personal data shared with us). When you give your data to one of our customers or when we collect your personal data on their behalf, our customer’s privacy notice, rather than this Notice, will apply to our processing of your personal data. If you have a direct relationship with one of our customers, please contact them to exercise your privacy rights.
How We Receive Personal Data
We may receive your personal data when our customers or our business partners submit your personal data to our hosted technology platforms.
Controllership
In the context of this Notice, Keap acts as a data processor (or a “service provider”) for the personal data we process. It is the responsibility of our customers, who are typically data controllers, to establish a lawful basis and business purpose for the processing activities they undertake using our hosted sales and marketing software.
Purposes of Processing of Personal Data
We collect and use personal data for the purposes of providing, maintaining, and developing our services, communicating with business partners about business matters, processing personal data on behalf of customers, detecting and blocking spam messages and security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, monitoring compliance with our contractual obligations and any applicable platform use requirements and restrictions with our customers, conducting related tasks as reasonably required in order to provide our hosted sales and marketing software to our customers, managing and processing payments (including facilitating payment card transactions initiated directly with us or through a third-party payment processor) and related authentication, security and fraud prevention activities for our customers and such other purposes as permitted by applicable law.
To help us provide software solutions that meet the evolving needs of our customers, we may aggregate personal data that we process for the purpose of anonymizing such personal data. We may then process the resulting anonymized data for any legal business purpose, such as analyzing usage trends.
When the purposes of processing are satisfied (i.e., when the provision of the services to the Keap customer ends), we will delete such personal data within six months.
Disclosure of Personal Data
We share personal data with our service providers, who process personal data on behalf of Keap. Such third parties include those:
- Providing IT systems and infrastructure
- Managing our IT systems and infrastructure
- Providing customer support
- Providing value-added services and feature functionality (such as assisting customers with marketing campaigns)
- Providing payment processing services including processing and facilitating payment card transactions initiated directly with us or through a third-party payment processor and related authentication, security and fraud prevention activities
- Providing communications services (such as email, voice over internet protocol, and SMS/MMS services)
- Providing integrations with other services if requested (such as email integrations and other complimentary services)
Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates and third parties that are headquartered in other countries, such as certain European Economic Area countries, as well as certain other countries such as the United States, United Kingdom, Canada, New Zealand, Switzerland, Costa Rica, and Australia. Therefore, your personal data may be processed outside your jurisdiction, and in countries that may not be subject to an adequacy decision by the European Commission, United Kingdom, or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction. We ensure that the recipient of your personal data offers an adequate level of protection, for instance by entering into the appropriate data protection agreements and, if required, standard contractual clauses for the transfer of personal data (as adopted by the European Commission Implementing Decision 2021/914/EU of June 4, 2021 and European Commission Implementing Decision 2010/87/EU of February 5, 2010), adequacy decisions for the United Kingdom or Canada, or transfers on the basis of any other data export mechanism authorized pursuant to applicable data protection laws. Keap remains liable for the protection of your personal data that we transfer to our processors and service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
We also share personal data with other third parties for the purposes for which we receive the personal data (e.g., performance of contractual obligations and rights).
Third Party Integrations and Add-On Services. Our services may allow for integrations with third-parties for additional functionality and add-on services. Please note that the privacy and other policies of any such third-party integrations and add-on services may differ materially from this Notice. We strongly recommend that you review the privacy policies of any such third party prior to submitting personal data. Keap has no control over and is not responsible for the information practices of such third-parties.
Other Disclosure of Your Personal Data
We may also disclose your personal data (i) to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders, or (ii) if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change.
If we must disclose your personal data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your personal data will maintain the privacy or security of your personal data.
We will not (1) sell your personal data, (2) retain, use, or disclose your personal data for a commercial purpose other than providing services to our customers and business partners or as otherwise permitted by law, nor (3) otherwise retain, use, or disclose personal data except where permitted by applicable law or as set forth in our agreement with our customers or business partners.
Data Integrity & Security
Keap has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect personal data from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction. For more information on our security practices, please visit https://keap.com/legal/data-security.
Access & Review
If you are a data subject about whom we store personal data, you may have a right to request access to your personal data, update, correct, or delete your personal data, and to object to processing, request restriction of processing, or exercise your right to data portability. To submit such requests or raise any other questions, please contact the organization that provided your personal data to us. We make a reasonable effort to provide our customers the means to comply with the requests of their data subjects in our hosted sales and marketing software applications.
Privacy Contact
General. If you have any questions or concerns about this Notice or the way your information is being used by Keap, you can contact us (i) by email directed to [email protected] or (ii) by mail addressed to Infusion Software, Inc., 1260 S. Spectrum Blvd., Chandler, AZ 85286, attention Legal / Privacy Compliance. If you have a disability, you may also contact us to access this Notice in an alternative format.
We will investigate and attempt to resolve complaints and disputes in a manner that complies with the principles described in this Notice. Please allow up to four weeks for us to reply. If you are an individual and believe your data has been submitted to us by or on behalf of our customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly. Because we may only act upon instruction from that customer, if you wish to make your request directly to us, please provide to us the name of our customer who submitted your data to us. We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.
Data Protection Officer, UK and European Union Representative. Information about our representatives is located at https://keap.com/legal/data-protection-specialists.
Regulatory Oversight
Keap is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Changes to this Privacy Notice
If we make any material change to this Notice, we will post the revised Notice to this web page and update the “Effective on” date above to reflect the date on which the new Notice became effective.