This privacy policy applies to Kaisa Technologies AB’s website (the “Site”), to Kaisa Technologies AB provided Service as described in our Terms and Conditions as well as to any other communications between Kaisa Technologies AB and individuals through written or oral means, such as email or phone. All capitalized words and expressions shall have the same meaning as defined in the Terms and Conditions unless explicitly stated otherwise. “personal data”, “processing”, “controller”, “processor” and other words defined within the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) shall have the same meaning as under GDPR.
This policy governs our data collection, processing and usage practices. It also describes your choices regarding use, access and correction of your personal information. By using our Site or the Service, you consent to the data processing described in this policy. If you do not agree with the data practices described in this policy, you should not use our Site or the Service.
1. Background
As described in the Terms and Conditions, the Service consists of Kaisa Technologies AB providing a Kaisa Technologies AB Call Extension that can be connected to a Response Number, in order to capture information about incoming calls via the Kaisa Technologies AB Call Extension such as the incoming number and the time and duration of the call (the “Call Data”).
The Response Number can belong to the Customer directly or to one of its own customers or users, such as vendors on a marketplace operated by the Customer or resellers of the Customer’s products (such third parties are collectively referred to as “Users”).
2. What information is collected?
We collect different types of information from or through the Site and Service.
Information provided by Customers and Users
When a Customer or User browses the Site or uses the Service, it may provide us with personal data such as name, email address, post address, phone number and billing information.
Information obtained through other sources
We also obtain personal data from sales prospecting companies like Cognism.
Automatically collected information.
When an individual (a “Visitor”) browses a Customer’s or User’s website where the Kaisa Technologies AB Tracking Script is installed, we may automatically record certain information about the Visitor by using various types of technologies including cookies, clear gifs or web beacons. This automatically collected information may include IP address or other device address or ID, geographic location of the Visitor, web browser and/or device type, the web pages or sites visited just before or just after visiting the Site, the pages or other content the Visitor views or interacts with, and the dates and times of the visit.
We also collect the incoming phone number of all incoming calls to a Response Number and connect this to the information about the Visitor collected by the Kaisa Technologies AB tracking script to produce more detailed intelligence about the Customer’s or User’s incoming phone traffic, site conversion etc.
It is the Customer’s or User’s responsibility to make sure Visitors consent to such personal data being collected and processed by Kaisa Technologies AB in accordance with applicable data protection laws and to inform Visitors about cookies being placed on their devices.
Integrated Services
You may be given the option to access or register for the Service through the use of your user name and passwords for certain services provided by third parties (each, an “Integrated Service”), such as through the use of your Google account, or otherwise have the option to authorize an Integrated Service to provide Personal Data or other information to us. By authorizing us to connect with an Integrated Service, you authorize us to access and store personal data, including but not limited to your name, email address(es), date of birth, gender, current city, profile picture URL, and other information that the Integrated Service makes available to us, and to use and disclose it in accordance with this policy. You should check your privacy settings on each Integrated Service to understand what information that Integrated Service makes available to us, and make changes as appropriate. Please review each Integrated Service’s terms of use and privacy policies carefully before using their services and connecting to our Service.
3. How we use the information we collect
We use the information that we collect in a variety of ways in providing the Service and operating our business, including the following:
Operations
We use the information to operate, maintain, enhance and provide all features of the Site and Service and to provide support relating to the Site and Service.
Communications
We may use a Customer’s or User’s information to contact that Customer or User (i) for administrative purposes such as customer service, to address intellectual property infringement or right of privacy violations related to the Service or (ii) with updates on promotions and events, relating to products and services offered by us and (upon prior approval from Customer or User) by third parties we work with. You have the ability to opt-out of receiving any promotional communications as described below under Section 5 (Your Choices).
Newsletter
If you sign up to our newsletter, we will use your email address to send you regular updates about our promotions, events, products and services.
3rd Party Analytics software
We use the following 3rd Party software to measure and evaluate access to and traffic on our Site, and create user navigation reports for our administrators:
• Google Tag Manager
• Google Analytics
• Google Ads
• Hubspot
• LinkedIn
• Jabmo
These 3rd party software operate independently from us and have their own privacy policies, that we encourage you to review.
4. To whom we disclose information
Except as described in this policy, we will not intentionally disclose the personal data that we collect or store to third parties without the consent of the applicable Customer, User or Visitor. We may disclose information as set out below:
Customers
Statistics about Visitors.
Users (or Customers when there are no Users)
This can be statistics, but also information connected to the Visitor’s IP-address, phone number and sometimes voice recording which means that the information may refer to a specific individual whereby all the information becomes personal data.
Service Providers
Kaisa Technologies AB works with third party service providers (also known as “sub-processors”) who provide hosting, maintenance, call transcription and other services to us. These third parties may have access to, or process personal data as part of providing those services to us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information and to only process it as instructed by us.
Please find below the list of our current sub-processors.
For Customers based in Europe, America or Africa
| Name of sub-processor | Location of sub-processor | Address(es) where the Personal Data are stored |
Types of Personal Data remaining | Purpose of the transfer to the Data processor |
| Amazon Web ServicesEMEA SARL | Frankfurt, Germany | Frankfurt, Germany | Phone numbers, call recordings, text message contents. | Data storage and processing. |
| Kaisa Technologies Limited | London, UK | London, UK | Phone numbers, call recordings, text message contents. | Data processing by consultants and employees of a Kaisa Group Company. |
| Google Ireland Limited | St. Ghislain, Belgium | St. Ghislain, Belgium | Call recordings. | Speech analytics. |
| Google Cloud EMEA Limited | Dublin, Ireland; Eemshaven, Netherlands; Fredericia, Denmark; Hamina, Finland; Middenmeer, Netherlands; St. Ghislain, Belgium | Dublin, Ireland; Eemshaven, Netherlands; Fredericia, Denmark; Hamina, Finland; Middenmeer, Netherlands; St. Ghislain, Belgium | Phone numbers, text message contents. | Document management and storage |
| Native Teams Limited | London, UK | London, UK | Phone numbers, call recordings, text message contents. | Employer of record and consultant management services in North Macedonia |
| Native Teams DOOEL Bitola | Bitola, North Macedonia | Bitola, North Macedonia | Phone numbers, call recordings, text message contents. | Employer of record and consultant management services in North Macedonia |
| Posthog, Inc. | Germany | Germany | Names and email addresses of the Data Controller’s representatives | Product analytics |
| Sinch Sweden AB | Stockholm, Sweden | Ireland: Amazon Web Services’ region eu-west-1 | Text message contents. | Message transmission. |
| Zendesk, Inc. | Ireland | Ireland | Customer Tickets’ contents | Customer service |
For Customers based in the APAC region
| Name of sub-processor | Location of sub-processor | Address(es) where the Personal Data are stored |
Types of Personal Data remaining | Purpose of the transfer to the Data processor |
| Amazon Web ServicesEMEA SARL | Frankfurt, Germany | Frankfurt, Germany | Phone numbers, call recordings, text message contents. | Data storage and processing. |
| Amazon Web Services EMEA SARL | Singapore, Republic of Singapore | Singapore, Republic of Singapore | Phone numbers, call recordings, text message contents. | Data storage and processing. |
| Kaisa Technologies Limited | London, UK | London, UK | Phone numbers, call recordings, text message contents. | Data processing by consultants and employees of a Kaisa Group Company. |
| Google Ireland Limited | St. Ghislain, Belgium | St. Ghislain, Belgium | Call recordings. | Speech analytics. |
| Google Cloud EMEA Limited | Dublin, Ireland; Eemshaven, Netherlands; Fredericia, Denmark; Hamina, Finland; Middenmeer, Netherlands; St. Ghislain, Belgium | Dublin, Ireland; Eemshaven, Netherlands; Fredericia, Denmark; Hamina, Finland; Middenmeer, Netherlands; St. Ghislain, Belgium | Phone numbers, text message contents. | Document management and storage |
| Native Teams Limited | London, UK | London, UK | Phone numbers, call recordings, text message contents. | Employer of record and consultant management services in North Macedonia |
| Native Teams DOOEL Bitola | Bitola, North Macedonia | Bitola, North Macedonia | Phone numbers, call recordings, text message contents. | Employer of record and consultant management services in North Macedonia |
| Posthog, Inc. | Germany | Germany | Names and email addresses of the Data Controller’s representatives | Product analytics |
| Sinch Sweden AB | Stockholm, Sweden | Ireland: Amazon Web Services’ region eu-west-1 | Text message contents. | Message transmission. |
| Zendesk, Inc. | Ireland | Ireland | Customer Tickets’ contents | Customer service |
List of Processors for web user data and event participation
| Name of sub-processor | Location of sub-processor | Address(es) where the Personal Data is stored |
Types of Personal Data remaining | Purpose of the transfer to the Data processor |
| Hubspot, Inc. | Germany | Germany | Names and email addresses | Marketing automation |
| Livestorm | France | Ireland | Name, account name login, email address of webinar participants, interactions with the platform during a webinar, other data shared voluntarily on the webinar platform | Webinar provision |
| Outreach Corporation | Ireland | Ireland | Names, email addresses, phone numbers | Sales management |
| RiversideFM, Inc. | US and Israel | US and Israel | Full Name, email, profile picture, job title, employer, video and/or audio content | Video recording. |
Law enforcement and legal process
We may disclose personal data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws or regulations.
We also reserve the right to disclose personal data and other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property or safety of others.
5. Your choices
If a Visitor declines to share certain personal data, e.g. by blocking cookies in a web browser, Kaisa Technologies AB may not be able to provide some of the features and functionality of the Service.
Access, correction, deletion
An individual who wants to access, amend or delete any personal data that Kaisa Technologies AB holds about them, or to withdraw a consent for further processing, may contact us as set forth in the “Contact Us” section.
Kaisa Technologies AB has no direct relationship with the User, Visitor or other third parties whose personal data it may process on behalf of a Customer or User. Such individuals should direct their queries to the Customer or User they deal with directly. If the Customer requests Kaisa Technologies AB to delete personal data, we will respond to its request within 30 days. We will delete, amend or block access to any personal data that we are storing only if we receive a written request to do so from the Controller of such data (as defined in section 9), and unless we have a legal right to retain such personal data. Any such request should be addressed as indicated in the “How to Contact Us” section, and include sufficient information for Kaisa Technologies AB to identify the Customer, User or Visitor and indication about the information to delete or amend.
Kaisa Technologies AB reserves the right to retain a copy of such data to defend our rights in litigation.
Opting out from commercial communications
If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email or by sending an email to the address provided in the “How to Contact Us” section. You can also contact us at this address to amend or delete your personal data.
6. Third-party services
The Site or Service may contain features, add-ons or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Site or Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Site or Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.
7. Cookies
A cookie is a small file sent from a website to your device – for example a computer, smartphone or tablet. Cookies are automatically saved on your device and can be used for different reasons. Some cookies are for example used for gathering information about you and some are used to enhance the performance of the Service or Site.
The following cookies are used:
Cookies used on the Site
Kaisa Technologies AB Cookies used on the Site
| Name | Purpose | Value | Duration |
| AWSELB | Map a session to the correct server instance. | n/a | Expires immediately |
| __fs_dncs_exttrack | Indicate the visitor can see unique phone numbers or share the phone numbers with others under circumstances. | 1 or 0 | 1 Year |
| __fs_dncs_sessionid | Connect multiple page views to one browsing session of a particular visitor. | Kaisa Technologies AB session ID | 30 minutes |
| __fs_dncs_trackingid | Bind together multiple browsing sessions of a particular visitor. | Kaisa Technologies AB longer-lived visitor ID | 1 year |
| __fs_uid | Connect browsing sessions across different sites. | Kaisa Technologies AB unique user ID | 1 year |
Third Party Cookies used on the Site
| Name | Purpose | Value | Duration |
| __aza-perm | Jabmo (formerly Azalead) | Check cookie permission and preferences | 1 year |
| __cfduid | HubSpot | Cookie associated with sites using CloudFlare, used to speed up page load times. | 7 days |
| __fbp | Track our advertising campaigns | 3 moths | |
| __ga | Google Analytics | Distinguish users | 2 years |
| __gat | Google Analytics | Throttle request rate | 1 minute |
| __gci_au | Google Analytics | Experiment advertisement efficiency | 3 months |
| __gid | Google Analytics | Distinguish users | 24 hours |
| __hs_opt_out | HubSpot | Remember not to ask the visitor to accept cookies again | 13 months |
| __hssc | HubSpot | Keep track of sessions | 30 minutes |
| __hssrc | HubSpot | Determine if the user has restarted their browser | End of session |
| __hstc | HubSpot | Tracking visitors | 13 months |
| hubspotutk | HubSpot | Keep track of a visitors identity | 13 months |
Cookies used to provide the Service
| Name | Purpose | Value | Duration |
| __fs_dncs_exttrack | Indicate the visitor can see unique phone numbers or share the phone numbers with others under circumstances. | 1 or 0 | 1 Year |
| __fs_dncs_sessionid | Connect multiple page views to one browsing session of a particular visitor. | Kaisa Technologies AB session ID | 30 minutes |
| __fs_dncs_trackingid | Bind together multiple browsing sessions of a particular visitor. | Kaisa Technologies AB longer-lived visitor ID | 1 year |
8. Data security
We follow GDPR and generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect personal data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the personal data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We use SSL technology to encrypt data during transmission through public internet, and we also employ application-layer security features to further protect personal data.
If we learn of a security systems breach, we will inform you of the occurrence of the breach in accordance with applicable law.
9. Data controller and data processor
The Customer shall always make clear to its Visitors and Users that Kaisa Technologies AB is the provider of the Service and that Kaisa Technologies AB will process personal data in accordance with this policy.
The responsibilities in relation to personal data are set out in General Data Protection Regulation (GDPR) (EU) 2016/679 (the “Regulation”). If the Regulation is not applicable in the Customer’s, User’s or Visitor’s territory or parts thereof, then the Customer must inform Kaisa Technologies AB and their respective responsibilities in relation to data processing must be set out in a separate appendix to the Agreement. The responsibilities for processing of personal data will, as between the parties, be as set out below regardless of responsibility towards data subjects and authorities in deviating local legislation.
Under the Regulation, the entity that determines the purposes and the means of the processing of personal data is considered the controller of personal data and is primarily responsible for complying with the Regulation. A party that processes personal data on behalf of the controller is considered the processor or processing agent.
Kaisa Technologies AB will be a controller of personal data it may collect about individuals browsing the Site. In relation to the Service, Kaisa Technologies AB will always be a processor.
The implementation of the Service will determine whether the Customer is considered the controller, and Kaisa Technologies AB its processor, or whether the User is the controller and both the Customer and Kaisa Technologies AB its processors. This shall be clarified by the Customer in each User Agreement and the following shall apply:
The Customer as controller
The Customer will be the controller in cases where it has decided on its own to implement the Service and also determines how the Service will be used and what data will be made available to a User, if any. This could be the case if the Customer owns the Response Numbers and there are no Users, or if the Customer has decided to track how many calls are made from its website to its listed resellers, who are then the owners of the Response Numbers and thereby the Users.
The User as controller
A User will be the controller in cases where it is up to the User to make an active choice to implement the Service to track Visitors, and where the User can determine what data to collect and access it freely. This could be the case if the Customer operates an online marketplace where the advertisers can decide that they want to use the Service in relation to their ads to track Visitors that are potential buyers.
Kaisa Technologies AB as processor
Kaisa Technologies AB will be the processor of personal data on either the Customer’s or the User’s behalf (as a subprocessor of the Customer if on the User’s behalf). Kaisa Technologies AB will (i) keep the personal data collected through the Service confidential and only process such data for the purpose of the Service, (ii) implement appropriate technical and organizational measures needed to protect personal data from unauthorized access, destruction or distortion, and (iii) in all other aspects act in accordance with the Regulation as locally implemented.
10. Data retention
Kaisa Technologies AB shall be entitled to keep all data collected for billing purposes or for other purposes permitted under applicable law for the term set forth in said applicable laws.
Pursuant to Directive 2006/24/EC of the European Parliament and of the Council, Kaisa Technologies AB is obliged to retain certain data that arises in telephone traffic communications for six months to be used by law enforcement authorities. Such data relates to who communicated with whom, when it occurred, the identity of the communicating persons and what type of communication was used (eg SMS or phone call).
With the exception of the above, Kaisa Technologies AB will delete all traffic data when it is no longer needed to transfer an electronic message and all other personal data when it is no longer necessary for the purpose for which it was collected, unless Kaisa Technologies AB needs to keep the data longer in order to comply with its legal obligations, resolve a dispute or enforce an agreement.
In certain situations, Kaisa Technologies AB may also continue to process such data after making it anonymous (by removing all information that can link the data to an individual) in order to improve the Service.
11. Cross border data transfer
Kaisa Technologies AB processes and stores personal data collected through the Service in centralized databases located in the European Union. If a Customer or User is located outside the European Union Kaisa Technologies AB may also transfer the data to such location. It is up to the controller of the personal data, as defined in section 9, to obtain explicit consent from all Visitors and other data subjects to such cross border transfers.
12. Contact us
Our Data Protection Officer is Stephanie Duprat. If you have any questions about this policy or our processing of personal data, please send us an email at dpo@kaisa.io or a letter to Kaisa Technologies AB, Dragarbrunnsgatan 78B, 753 20 Uppsala, Attn: Data Protection Officer.