1. Introduction
Keyrails Inc. (“Key Rails”, “we”, “us”, or “our”) is committed to protecting the privacy of your personal information. This Privacy Policy explains how we collect, use, and disclose personal information in accordance with UK laws and the General Data Protection Regulation (GDPR). This Privacy Policy applies to our consultancy services, our Fortify360 software-as-a-service (SaaS) product, and our website.
2. Scope of Services
We collect personal information from our clients and their customers in the course of providing our services, including:
2.1 Client Data
- Contact information, such as name, email address, phone number, and mailing address
- Company information, such as company name, address, and industry
- Billing information, such as credit card details or bank account information
2.1 Customer Onboarding Data
- Personal Identifiable Information (PII) of our clients’ customers, such as name, date of birth, address, nationality, and identification documents
- Other relevant information required for Know Your Customer (KYC), Know Your Business (KYB), and sanction check services
3. How We Use Your Information
We use the information we collect for the following purposes:
- To provide our consultancy services and Fortify360 SaaS product
- To communicate with you and respond to your inquiries
- To process payments and manage your account
- To comply with legal and regulatory requirements
- To improve our services and develop new products
4. Disclosure of Information
We may share your personal information with third parties in the following circumstances:
- With third-party service providers who assist us in providing our services, such as data storage providers, payment processors, and customer support services
- With third-party service providers for customer onboarding, KYC/KYB, and sanction check services, as part of our “Customer Onboarding” service package
- In response to legal process, such as a court order, subpoena, or government investigation, or as otherwise required or permitted by applicable law
- In connection with a merger, acquisition, or sale of all or a portion of our business, in which case personal information may be transferred as a business asset
- When we believe disclosure is necessary to protect our rights, your safety, or the safety of others, or to detect, prevent, or address fraud, security, or technical issues
- With your consent, or as otherwise disclosed to you at the time of collection
5. Data Storage and Transfers
We store your personal information on servers located within the European Union and the United Kingdom. We take appropriate measures to ensure the security and confidentiality of your information, including implementing technical and organizational measures to protect against unauthorized access, disclosure, alteration, or destruction of your data.
6. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, comply with legal and regulatory requirements, or as otherwise required by our contractual obligations with third-party service providers.
7. Your Rights
Under the GDPR, you have certain rights with respect to your personal information, including:
- The right to access your personal information held by us
- The right to rectify inaccurate or incomplete personal information
- The right to request the erasure of your personal information, subject to certain exceptions
- The right to restrict the processing of your personal information in certain circumstances
- The right to data portability, allowing you to obtain and reuse your personal information for your own purposes across different services
- The right to object to the processing of your personal information, based on your specific situation, in certain circumstances
- The right to withdraw your consent to the processing of your personal information at any time, if the processing is based on consent
To exercise any of these rights, please contact us using the contact information provided below.
8. Third-Party Services
Our website, consultancy services, and Fortify360 SaaS product may include links to third-party websites or services. This Privacy Policy does not apply to the information collected by such third parties. We encourage you to review the privacy policies of any third-party websites or services you access to understand their data collection, use, and disclosure practices.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, applicable laws, or regulations. If we make material changes to this Privacy Policy, we will notify you by posting the updated policy on our website, along with the date of the update. Your continued use of our services or Fortify360 SaaS product following the posting of an updated Privacy Policy constitutes your acceptance of the changes.
10. Contact Information
If you have any questions or concerns about this Privacy Policy, or if you wish to exercise any of your rights under the GDPR, please contact us at:
Keyrails Inc.
Office C, 1100-717 7 Ave SW, Calgary, AB, T2P0Z3
Canada
info@keyrails.com
11. Complaints
If you have concerns about our data protection practices or believe that we have not complied with this Privacy Policy, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or your local data protection authority.
12. Data Protection Officer
We have designated a Data Protection Officer (DPO) to oversee our data protection efforts and ensure compliance with this Privacy Policy and applicable laws. If you have any questions or concerns about our data protection practices, you can contact our DPO at:
Data Protection Officer Key Rails Inc.
Office C, 1100-717 7 Ave SW, Calgary, AB, T2P0Z3
Canada
info@keyrails.com (Subject Starts With: DATA PROTECTION MATTER)
13. Children’s Privacy
Our services and Fortify360 SaaS product are not directed at or intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under the age of 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will promptly delete such information from our records.
14. Data Processing Agreements
When using third-party service providers to process personal information, we ensure that appropriate data processing agreements are in place, in accordance with applicable laws and regulations. This helps safeguard the confidentiality, integrity, and availability of the personal information we process.
15. Security Measures
We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect your information against unauthorized access, disclosure, alteration, or destruction. Such measures may include, but are not limited to, the use of encryption, secure socket layer (SSL) technology, firewalls, access controls, and regular security assessments.
16. Fortify360 Privacy Considerations
Our Fortify360 SaaS product does not collect Personal Identifiable Information (PII) on anyone. However, we may collect non-personal, anonymized data to analyze usage patterns and improve the functionality and performance of the Fortify360 software.
Please note that this Privacy Policy may be updated periodically to reflect changes in our data processing activities or applicable regulations. We encourage you to review this Privacy Policy regularly to stay informed about our data protection practices.
17. International Data Transfers
Although we primarily store your personal information on servers located within the European Union and the United Kingdom, there may be instances where we transfer your personal information to countries outside the European Economic Area (EEA) for specific purposes, such as to comply with legal or contractual requirements, or to work with third-party service providers.
When transferring personal information outside the EEA, we will implement appropriate safeguards to ensure the protection of your personal information, such as relying on approved standard contractual clauses, or ensuring that the recipient is located in a country deemed to provide an adequate level of protection by the European Commission.
18. Cookie Policy
Our website may use cookies and other tracking technologies to enhance your browsing experience, collect usage statistics, and improve the performance of our site. You can manage your cookie preferences through your web browser settings or by visiting our Cookie Policy page for more information on the types of cookies we use and how to manage or disable them.
19. Notification of Data Breaches
In the event of a personal data breach, we will promptly notify the relevant supervisory authority and affected individuals, as required by the GDPR and other applicable laws. We will also take appropriate measures to minimize the impact of the breach and prevent any recurrence.
20. Updates to Our Privacy Policy
We reserve the right to modify this Privacy Policy at any time. Any changes will be effective immediately upon posting the updated policy on our website, and we will update the “last updated” date at the beginning of this Privacy Policy accordingly. We encourage you to review this Privacy Policy regularly to stay informed about our data protection practices.
21. Consent
By using our services, Fortify360 SaaS product, or website, you acknowledge that you have read and understood this Privacy Policy, and you consent to the collection, use, and disclosure of your personal information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our services, Fortify360 SaaS product, or website.
22. Contacting Us
If you have any questions, concerns, or feedback regarding this Privacy Policy, or if you need assistance in exercising your rights under the GDPR, please do not hesitate to contact us using the contact information provided in Section 10.
We are committed to working with you to resolve any issues you may have concerning our data protection practices and to ensure that your personal information is treated with the utmost care and respect.