Kaarta adheres to the following policies with regard to Your privacy.
A. “NPI”, Nonpublic Personal Information, is information that is not personally identifiable and that is obtained through Your use of the Service.
B. “PII”, Personally Identifiable Information, is non-public information that is personally identifiable and obtained in connection with providing a product or service to You, including personally identifiable information You provide during the registration process or during Your use of the Service. It may include information such as name, email, phone number and address that You provide to Kaarta. PII does not include information that has been made anonymous or aggregated so that it can no longer be used, whether in combination with other information or otherwise, to contact or identify You.
When You use the Service, Kaarta collects NPI such as Your device’s browser type. Likewise, in order to offer You meaningful products and services and for other reasons, Kaarta may collect PII about You from the following sources:
In order to use the Service (apart from the publicly available portion of the Site or Kaarta Cloud), You must provide Kaarta the following information: first name, last name and email address and scanner data. In addition, You may choose to add additional information to Your contact information.
If You submit a contact form on the website, that information is not stored, but it is emailed to a Kaarta employee who will then respond to it. Do not put any PII into the form such as social security numbers or any other non-public personal information.
A cookie is a small piece of data that is sent to Your browser from a web server and stored on Your device. A cookie cannot read data off Your device or read cookie files created by other sites. Cookies do not damage Your system. Every device accessing the Service is assigned a different cookie. Cookies allow Kaarta to recognize You as a user when You access the Service using the same device and web browser. If You visit Our login page, We will send a temporary cookie to determine if Your browser accepts cookies. This cookie contains no personal data and is discarded when You close Your browser. When You log in, We will also set up several cookies to save Your login information and Your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If You select "Remember Me", Your login will persist for two weeks. If You log out of Your account, the login cookies will be removed. Kaarta also may use this information to better personalize the content that You see while using the Service. Most browser software can be set to reject cookies. However, if You reject Kaarta cookies, certain functionality on the Service may not work correctly or at all. Kaarta may also use web beacons, pixels, anonymous ad network tags, cookies and similar technologies to collect NPI about Your use of the Service and the websites of selected sponsors and advertisers, to collect anonymized, aggregated auditing, research and reporting for advertising purposes, and to collect data related to Your use of special promotions or newsletters. The information that may be collected by web beacons may also allow Kaarta to statistically monitor how many people open Kaarta emails and for what purposes these actions are being taken. Kaarta web beacons will not be used to track Your activity outside of the Service or the websites of Kaarta sponsors. However, because Your web browser requests advertisements and web beacons directly from ad network servers, these networks can view, edit or set their own cookies, just as if You had requested a web page from their site.
Do Not Track: Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many website operators, including Kaarta, do not respond to DNT signals.
When You use the Service, We may collect location data that You provide Kaarta.
When You use the Service, Kaarta may automatically receive the URL of the site from which You came and the site to which You are going when You leave the Service. Kaarta may also receive the IP address of Your computer (or the proxy server You use to access the internet), Your computer operating system and type of web browser You are using, Your mobile device, including Your Unique Device Identifier (“UDID”) and mobile operating system, as well as the name of Your ISP or Your mobile carrier. The link between Your IP address and Your PII is not shared with third parties without Your permission, except as described in Section 8. (“When Kaarta May Disclose Your Information”), below.
From time to time, We may disclose the information collected from You, including PII, in accordance with Section 8 (“When Kaarta May Disclose Your Information”), below.
Kaarta uses and/or intends to use PII to:
Our policies limit access to un-aggregated user PII that is collected from the Service, to Our employees and agents and the employees and/or agents of Our affiliates and business partners who need the information to fulfill their business responsibilities, and who are under obligations of confidentiality. In some cases, this may require Your information to be sent to other countries. By supplying Your PII to Kaarta, including information supplied through the Service, You consent to Your information being transferred to Kaarta, its affiliates, vendors or agents. Vendors and other outside contractors We engage are subject to Our contractual requirements for safeguarding PII.
In addition, Kaarta employs commercially reasonable security measures, including advanced technology, to protect PII collected against unauthorized access, disclosure, alteration or destruction. Kaarta reviews and enhances its security systems in a commercially reasonable manner and as it deems necessary. Even with such technology, no web site or database is 100% secure. Kaarta cannot and does not guarantee that such security measures will prevent loss, misuse and/or alteration of information under its control.
Kaarta is not responsible for the actions, practices, or content, including but not limited to the privacy practices, of such third-party websites from which You may access the Service or that are linked to in the Service. Kaarta does not guarantee, approve, or endorse any information, material, services, or products contained on these third-party websites. Kaarta is not responsible for any content on sites linked from or to the Service or for obtaining the necessary consent for such third party sites to collect, transmit, or otherwise use Your information.
You understand that such websites may have their own legal documents to which You must agree prior to using and that Kaarta has no control over these legal documents. As always, You understand that it is Your responsibility to verify Your legal use of a website as well as use of information from the website with the corresponding website owner. If You visit the sites of third parties, please be sure to review the privacy policies applicable to those sites.
B. Kaarta may share PII Kaarta collects, as permitted by law, to companies such as credit reporting agencies, or servicing and processing companies, or when required or advised to do so in response to a valid legal requirement to release this information such as a state or federal law, regulation, search warrant, subpoena, or court order; or in special cases, such as in response to a physical threat to You or others, to protect property, or if We determine such disclosure is legally advisable or necessary to defend or assert legal rights or prevent harm, to defend ourselves in litigation. In the event that Kaarta is legally compelled to disclose Your PII to a third party, Kaarta will attempt to notify You unless doing so would violate the law or court order.
C. Kaarta may share PII in accordance with Section 11 (“Transfer of Ownership”), below.
D. If You prefer that Kaarta does not share certain information with third parties, as described above, You can direct Kaarta not to share that information by contacting Us (email@example.com). Please note that an opt-out with respect to information sharing will not apply to information sharing arrangements described in Sections 8. B or C.
The Service utilize various information security measures such as internet firewalls, encrypted data transmission, and operating procedures to protect Your PII, accounts, passwords, etc. Your PII is kept completely separate and confidential, unless You have given someone else access to Your PII. If Kaarta provides the capability for You to create a user ID and password, You should protect Your user ID and password and NOT share it with anyone. If You believe Your user ID and password have been compromised and You have trouble changing Your user ID/password on the Service, please contact Us (firstname.lastname@example.org).
Kaarta and its affiliates fully comply with the federal CAN-SPAM Act. You can always opt out of receipt of further email correspondence from Kaarta by contacting Us (email@example.com).
As of January 1, 2020, the California Consumer Privacy Act of 2018 (“CCPA”) provides California residents with additional privacy rights. Under the current guidelines, Kaarta is exempt from the rules and regulations of the CCPA. If you are a California resident and concerned about the privacy of your personal information please contact Us (firstname.lastname@example.org).
Use of the Service is limited to users who are eighteen (18) years of age or older and/or have legal capacity to form a binding contract.
You may be entitled to other rights under the GDPR. These rights are summarized below. We may require You to verify Your identity before We respond to Your requests to exercise Your rights. If You are entitled to these rights, You may exercise these rights with respect to Your PII that We collect and store:
You may exercise these rights free of charge. These rights will be exercisable subject to limitations as provided for by the GDPR. Any requests to exercise the above listed rights may be made by contacting Us (email@example.com).
You may also lodge a complaint with the competent Data Protection Authority if You are dissatisfied with the manner in which Your PII is used by Us.
We keep Your PII only as long as necessary for the purposes for which the PII are processed and as permitted by applicable law. For users that register on Our website, We store the personal information they provide in their user profile indefinitely. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
In practice, We delete or anonymize Your PII upon deletion of Your account, unless:
Keep in mind that even though Our systems are designed to carry out data deletion processes according to the above guidelines, We cannot promise that all data will be deleted within a specific timeframe due to technical constraints.