1. PROCESSING OF YOUR DATA
Kadiska’s mission is to help enterprises maximize business performance and productivity with self-driving user experience monitoring and guided performance optimization for modern networks, applications and cloud services. Kadiska helps enterprises understand and improve network speeds and comfort in application use for employees and customers like you.
Kadiska combines multiple data sources ranging from synthetic testing (network path monitoring) and real-user monitoring from global locations, endpoint and cloud hosting vantage points. Real-user monitoring is performed through a browser extension. Synthetic monitoring is performed from a container or a mobile application.
As a company whose livelihood depends on data and its proper treatment, Kadiska takes data privacy and security very seriously. As such we have taken steps to go well beyond basic privacy and data protection requirements.
The purpose of this Policy is to inform you about our privacy practices and to ensure that you understand the purposes for which we collect and process your personal data. The following is a brief summary of the manner and purposes for which we process your personal data.
Kadiska SAS (“Kadiska”, “we,” “us” or “our”) is the entity which is responsible for the control and processing of personal data that we collect from you when you use the Kadiska Services. If you have any questions or concerns about Kadiska’s use of your personal data, please contact us at privacy@Kadiska.com.
IF YOU HAVE RIGHTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT, PLEASE SEE THE CCPA SUPPLEMENT BELOW IN SECTION 12. IF YOU HAVE RIGHTS AS A RESIDENT OF NEVADA, PLEASE SEE THE YOUR NEVADA PRIVACY RIGHTS SECTION 13 BELOW.
2. WHAT INFORMATION DO WE COLLECT AND HOW WE COLLECT AND USE YOUR PERSONAL DATA
We collect different types of information to provide Services to You, including :
Customer account et registration data :
This includes information you provide to create your account with us or register for events, webinars, surveys, etc. and may include, first and last name, title, billing information, a password and a valid email address.
Service data (including Session and Usage data) :
When you use our Services, we receive information generated through the use of the Service, or from the Service Infrastructure itself (for example, duration of session, connection information, etc..). We may also collect usage information and log data about how the services are accessed and used, including information about the device you are using the Services on, IP addresses, location information, language settings, what operating system you are using, unique device identifiers and other diagnostic data to help us support the Services.
Device Information :
We may collect information about your device, including the Internet Protocol (“IP”) address, hardware model, operations system and version, unique device identifiers (UDID), mobile network information (as allowed by the mobile network) or platform information (as allowed by the specific platform type).
Network Paths :
Kadiska determines network performance by generating, transmitting and receiving TCP, UDP and ICMP packets. These packets do not contain any custom or sensitive information about your network, computers or security settings. To perform this analysis, we identify the monitoring targets and the hops in between by IP address and host name. We do not gather syslog, NetFlow or other data about the devices or traffic on the network.
Browser extension :
It allows the identification of users’ web sessions (but only on monitored business apps specified by your Company and that can be seen by clicking on the browser extension icon), and identifies the URL the user is connected to, identifies the start and end time of any web transaction but only for the specified monitored applications. Depending on the configuration mode, it may identify a user by the following preferred order: username (through GPO integration), email address (browser account), extension_id and finally public IP address. It tries to identify the local network interface used by the user, and lists all private IP addresses used by the user’s device.
We do not monitor the content of your data usage, collect personal demographic data on users such as the name, age, gender, telephone number or any other demographic data. We also do not collect any information about the use of your device such as apps used (other than the specified monitored business apps), or the content accessed. The goal of collecting the above device data is to measure the experience you have of business apps.
Mobile application :
Identifies the type of network the device is connected to, name of the Access Point or the name of the 4G/5G provider. The collected performance metrics for each synthetic test are limited to network latency, packet loss and network path length (from the runner up to the tracer destination).
Location Information :
On our app platform, you can enter the location information for a group of endpoints – corresponding to individual users or a group of users- and the targets of monitoring. This data will be included in dashboards and reports within the user interface, such as performance maps and location-based groups. All address information entered will only be used for these presentation purposes and not shared with third parties.
When using our mobile application, we collect your location information through your IP address, WiFi, Bluetooth, and GPS coordinates (e.g., latitude/longitude) available through your mobile device.
We may also gather information about your location using other technologies and sensors which may provide us with information about nearby devices, WiFi access points and networks, and nearby cell towers. If you enable the mobile app to use your Bluetooth signal, we may be able to determine location based on nearby Bluetooth-enabled devices, which helps us to improve location accuracy.
Depending on your device settings, we collect location information in the background, even when you are not actively using the app. We collect and maintain location data to provide you the features and functionality of the Service.
To better understand differences between devices, we collect data on your device hardware such as the model, manufacturer, and manufacturers and models of sub-components (such as the cellular radio) and the capabilities of these components (for example the number of cores on the CPU). Similarly, to understand differences caused by software, we collect information on the mobile platform version used and whether custom Android skins are installed, as well as the operating system. The goal of collecting this data is to understand how device properties affect the experience of wireless networks.
Clear GIFs/Web Beacons. Clear GIFs (also known as web beacons) allow for the tracking of a user’s response to an email or usage of a website in a manner that does not reveal personally identifiable information. We may use clear GIFs or similar technologies to assess responses to emails and usage of the Service. For example, we may use clear GIFs to track when emails are opened, and which links are clicked by recipients. You can disable certain abilities of clear GIFs to capture information by blocking cookies.
Use of information with Your Consent. We may use your personal data for any other purpose for which you specifically provide us with your consent.
3. THE PURPOSES FOR WHICH WE USE YOUR PERSONAL DATA
The purposes for which we collect and store your personal data are the following:
(a) Personal data that we receive from you enables us to deliver our Services to you and enables you to use them efficiently;
(b) Insofar as permitted under applicable law, we use your data to communicate with you in relation to our Services;
(c) We use data to personalize, test, monitor, improve and upgrade our Services, to meet our legal obligations and the regulatory requirements to which we may be subject, for loss prevention purposes and to protect and enforce our rights and meet our obligations to third parties, and for our internal business purposes, such as compiling and analyzing usage information for general operational, statistical and business purposes;
(d) We use personal data in the general operation and administration of our business including in recruitment of staff, engaging service providers to provide services to our business, in providing services to our customers and for marketing purposes.
The goal of collecting the device data is to measure the experience you have of business apps and to provide all the necessary information to your Helpdesk and Workplace IT teams so that they can troubleshoot any technical issue you may encounter when using a business app while being on premises or working remotely.
To further help us manage the data, we also collect related IP addresses. These fields are needed for statistical purposes, for example to understand how much data is contributed by each device.
It is important that the personal data we hold about you is accurate and current. If you provided us with any details of personal data, please keep us informed if such details change.
4. LEGAL BASIS FOR PROCESSING YOUR DATA
We rely on the following lawful basis for the processing of your personal data:
(a) Our legitimate interests in (among other things) delivering the Kadiska Services, operating and administering our business, complying with accounting, or reporting requirements, conducting commercial research, improving and maintaining the Kadiska Services, personalizing and tailoring content made available to you through the Kadiska Services, protecting the security or integrity of our databases, protecting our business or reputation, taking precautions against legal liability, dealing with our assets in the event of a business change (see further below), protecting and defending our legal rights or property, or for resolving disputes, investigating and attending to inquiries or complaints with respect to your use of the Kadiska Services;
(b) Where relevant, your express consent. If you give your consent for accessing your device data to take measurements, you can withdraw it through the personal settings on the Mobile Application or the browser extension);
(c) Where relevant, the fulfilment of our contractual obligations to you under our terms and conditions of service; and
(d) Where relevant, for compliance with legal obligations to which we are subject.
5. HOW WE SHARE YOUR INFORMATION
(a) Service Providers. We may share datasets containing your personal data with third-party service providers that perform services on our behalf in connection with our Services, such as cloud service providers that we may use, or third-party analytical service providers. Where your information is shared with such third parties, we ensure that the third-party service provider will deal with your information only on our behalf and on our written instructions and solely for our benefit (and not for its own benefit).
(b) Business Change. If we become involved in a merger, consolidation, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution or other transaction, or if the ownership of all or substantially all of our business otherwise changes, we may share or transfer databases containing personal data of users to successor party or parties in connection with such transaction or change in ownership or legal structure.
(d) Subsidiaries and affiliates. We may share the data that we collect from users’ devices with the Kadiska subsidiaries and affiliates, with the purpose of bringing together complementary data on employee experience, network performance, and subscriber behaviour.
6. HOW WE PROTECT YOUR INFORMATION
We take certain measures to protect personal data collected through the Kadiska Services against loss, theft, and unauthorized access, use, disclosure, destruction or modification. These include physical, technological and administrative measures.
7. HOW LONG WE KEEP YOUR INFORMATION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Insofar as the data is collected to enable us to recognize you as a user of the Kadiska Services and to improve the services provided to you, we will dispose of the data within a reasonable time after you cease to be a registered user of the Kadiska Services.
8. COUNTRY OF PROCESSING
We operate globally. The collection of data from your device takes place in the country where you use the device. We store and otherwise process data (including personal data) through third party cloud service providers and other IT service providers which may be located or which may operate in other countries. We store personal data records predominantly through third-party cloud service providers on servers located in the United States of America (for US-headquarters companies) and Europe (for others). When transferring personal data records to a country which does not provide an adequate level of protection to privacy rights, we put in place appropriate safeguards including data transfer agreements.
9. CHILDREN’S PRIVACY
The Kadiska Services are not directed to children and are intended for use by adults only. We do not knowingly collect personal data from individuals under 18 years of age. If you are under the age of 18, please do not submit any information through the Kadiska Services and do not provide your consent for the use of your data unless your parent or guardian has approved.
10. THIRD-PARTY SITES AND SERVICES
11. DATA SUBJECT RIGHTS
Data subjects have the following legal rights in respect of their personal data that we process:
(a) The right to require Kadiska to confirm whether or not their information is being processed, the purpose of any such processing, the recipients of any information that has been disclosed, the period for which their information is to be stored and whether any automated decision-making processes are used in relation to their information;
(b) The right to require access to the personal data and to require Kadiska to rectify inaccurate information without undue delay;
(c) Where Kadiska has relied on the ‘consent’ basis for processing that information, the right to withdraw their consent at any time. This right to withdraw consent does not affect the lawfulness of processing based on consent before its withdrawal;
(d) The right to request the erasure of their information. You can make a request for erasure where:
(i) the information is no longer necessary in relation to the purpose for which it was collected;
(ii) where the processing of the information is based on the data subject’s consent (and the other circumstances described in the ‘Legal Basis for Processing Your Data’ and ‘How We Share Your Information’ sections above no longer apply), if the data subject withdraws his or her consent; or
(iii) where the personal data is processed by Kadiska solely on the basis of our ‘legitimate interest’, if the data subject objects to the processing of his or her personal data and there are no overriding legitimate grounds for the processing (such as, for example, where the processing of the data is required to meet statutory obligations or for the defense of legal claims).
Where Kadiska has disclosed the information of a data subject to a third party and the data subject requests the erasure or rectification of the data, Kadiska will take all reasonable steps to inform the third party of such request;
(e) The right to require Kadiska to restrict its processing of a data subject’s personal data in certain circumstances, such as where the accuracy of that data is disputed or an objection has been raised. In such circumstances, Kadiska will only process that information with the express consent of the data subject, or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest;
(f) Where data is processed based on data subject’s consent or to fulfil a contractual obligation, the data subject has the right to receive his or her personal data from Kadiska in a structured, commonly used and machine-readable format;
(g) The right to object to the processing of personal data where:
(i) Kadiska relies solely on the ‘legitimate interest’ basis for processing that data, in which case we will be legally required to stop processing the data subject’s information unless we have compelling legitimate grounds for the processing which override the data subject’s privacy rights and interests; or
(ii) the information is used for direct marketing purposes, in which case we will immediately stop processing the data subject’s information for such purposes;
(h) Data subjects have the right to lodge a complaint with the UK’s Information Commissioner’s Office or in some cases with the data protection supervisory authority of the EU member state where the data subject resides.
The above legal rights are subject to various conditions and exceptions including where the data is used for statistical or scientific research purposes and the exercise of the right would prevent such purposes from being attained or would seriously impair their attainment.
12. SUPPLEMENT FOR CALIFORNIA RESIDENTS
You will not need to create an account to exercise your rights. California residents have the right to:
- Request that we delete personal information about you that we may have collected. To exercise this right, you must provide a verifiable consumer request by either calling us at +33 2 79 11 02 44 or by emailing us at firstname.lastname@example.org.
- Request that, for personal information that we have collected in the preceding 12 months, we disclose, free of charge (unless your requests are manifestly unfounded or excessive), the categories of personal information that we have collected about you, the categories of sources from which the personal information was collected, the business or commercial purpose for collecting or selling personal information, the categories of third parties with whom we share personal information. To exercise this right, you must provide a verifiable consumer request by either calling us at +33 2 79 11 02 44 or by emailing us at email@example.com.
- Request that, for personal information that we have sold or disclosed for a business purpose in the preceding 12 months, we disclose, free of charge (unless your requests are manifestly unfounded or excessive), the categories of personal information that we have collected about you, the categories of personal information that we have sold about you, the categories of third parties to whom each category of personal information was sold, the categories of personal information that we have disclosed about you for a business purpose, and the categories of third parties to whom each category of personal information was disclosed. To exercise this right, you must provide a verifiable consumer request by either calling us +33 2 79 11 02 44 or by emailing us at firstname.lastname@example.org.
- Direct us, at any time, not to sell your personal information. We may sell your personal information within the meaning of the California Consumer Privacy Act of 2018 (“CCPA”). Under the CCPA, “sell” means sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate orally, in writing, or by electronic or other means a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration. The law contains exceptions to this definition which may limit how we respond to your direction. To exercise this right to opt out, you may call us at +33 2 79 11 02 44 or by emailing us at email@example.com. We do not have actual knowledge that we sell the personal information of minors under 16 years of age, and minors under the age of 16 may not use the Kadiska Services.
You can also authorize another person, called an agent, to exercise your rights on your behalf. You must provide the authorized agent written and signed permission to act on your behalf. We may deny requests from an authorized agent who does not submit proof that he or she has been authorized to act on your behalf. Furthermore, we may require you to verify your identity directly with us. We may also require you to directly confirm with us that you have provided the authorized agent permission to submit a request on your behalf. An authorized agent can make a request on your behalf by either calling us at +33 2 79 11 02 44 or by emailing us at firstname.lastname@example.org.
Please note that we cannot fulfill requests to know the specific pieces of personal information that we may have collected about you. In order to disclose the specific pieces of personal information that we may have collected about you, we would have to verify your identity to a reasonably high degree of certainty. Given the limited amount of information that we collect about you, we do not maintain enough data points to verify your identity to the reasonably high degree of certainty required by the CCPA.
Additionally, before we can fulfill your request to delete your personal information noted above, we must verify your identity. We will require you to provide us with your app installation ID and any other information reasonably necessary in order to verify your identity. We will match this information to the personal information we maintain.
We may not discriminate against you because you exercised any of your rights under the CCPA.
Shine the Light Notice
13. YOUR NEVADA PRIVACY RIGHTS
Senate Bill No. 220 (May 29, 2019) amends Chapter 603A of the Nevada Revised Statutes to permit a Nevada consumer to direct an operator of an internet website or online service to refrain from making any sale of any covered information the operator has collected or will collect about that consumer. You may submit a request pursuant to this directive by emailing us at email@example.com. We will provide further information about how we verify the authenticity of the request and your identity.
14. AGGREGATED INFORMATION
We may share aggregated, anonymized/deidentified data relating to users of the Kadiska Services with affiliated or unaffiliated third parties.
We may update this Policy from time to time, and the updated version of this Policy will be effective upon posting on the Kadiska Services. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. Please check this page to review the most up-to-date version of this Policy.
16. QUESTIONS / CONTACTING US
11 rue de la Foret
Normandy – France