Keycafe

Keycafe Privacy Policy

Last updated May 24, 2018.

We in the Keycafe Group of companies ("we", "us", "our", etc) respect Your privacy and want You ("you", "your", "yourself", etc) to understand how we collect, use, and share data about you. This privacy policy ("Privacy Policy") covers our data collection practices and describes your rights to access, correct, or restrict our use of your personal data. Capitalized terms have the meanings set out in the Keycafe Terms of Service available at https://www.keycafe.com/keycafe-tos (the "Keycafe Terms"), unless otherwise defined in this Privacy Policy.

Our Privacy Policy explains:


Information We Collect About You

We collect information about you to provide you with the Service. The type of information we collect can vary depending on what you provide and how you use the Service.

Information You Provide

We collect information when you register an account or use the Service, including:

  • Identification Information. Your name, email address, mobile number, and authentication credentials.
  • Billing Information. If you subscribe or make a purchase, information such as payment card numbers, billing address, or bank account information.
  • Configuration Information. If you use the Service, you may create keys, locations, key cabinets, other access hardware types, etc. and provide configuration information such as related names, metadata, addresses, and settings which we store and utilize to operate the Service to your specification.
  • Transaction Information. When you use our Service we collect information about accesses you create or participate in including the contact details of guests and settings related to the accesses, when and where the accesses occur, the transacting parties, the devices and methods used to complete the transactions, related billing charges, and other statistical data.
  • Other Information You Provide. Information that you voluntarily provide to us, including but not limited to your or fellow traveler data (such as name, birthday, occupation, dates of travel, passport or ID, or other information required by law or requested by a property owner for an access to be confirmed), photo verification for access, customer service interactions (including voice, chat and email recordings and records), information related to your business, communication and privacy preferences, survey responses, feedback responses, suggestions for improvements, referrals, or any other data provided by you when using the Service.

Information We Collect From Your Use of Our Service

We collect information about you and the devices you use to access the Service, such as your computer, mobile phone, or tablet. The information that we collect includes:

  • Device Information. Information about your device, including your hardware model, operating system and version, device name, unique device identifier, mobile network information, and information about the device’s interaction with our Service.
  • Use Information. Information about how you use our Service, including your access time, "log-in" and "log-out" information, browser type and language, country and language setting on your device, Internet Protocol ("IP") address, the domain name of your Internet service provider, other attributes about your browser, mobile device and operating system, any specific page you visit on our platform, content you view, features you use, the date and time of your visit to or use of the Service, the website you visited before you visited or used the Service, data about how you interact with our Service, and other clickstream data.
  • Location Information. During transactions such as a key exchange, your viewing of our location map, or requesting walking directions, etc. we may obtain your device GPS information to make these features functional. We also derive and store location information from your IP address and third-party services which helps us tailor the site to your language and currency and to send you relevant communications. Although we do not store device GPS information or your map searches at the time of the last update to this Privacy Policy, this is something we may add in the future to further optimize these capabilities.

Information We Collect From Other Sources

We also collect information about you from third parties that specialize in enriching Customer data and combine this data with information we already have about you so that we can enrich the app with Customer photos, update, expand and analyze the accuracy of our records, identify potential customers, and communicate products and services that may be of interest to you.


How We Use Your Information

We may use information about you for a number of purposes, including:

Providing, Improving, and Developing our Service

  • Processing, supporting, recording and displaying key accesses and other transactions, products and features you choose to use.
  • Providing, maintaining and optimizing our Service for your use.
  • Personalizing and facilitating your use of our Service, such as optimizing the website to your language, currency, country, etc.
  • Measuring, tracking, and analyzing trends in your usage and performance of the Service.
  • Developing new products and features.

Communicating with You About our Service

  • Resolving any support inquiries you make to the Service.
  • Proactive account management outreach.
  • Sending you necessary information such as security, technical, account, support and administrative notices and reminders (such as login codes, billing alerts, referral outcomes, location closure notices, key related notices, account reminders, etc).
  • Sending you information we think you may find useful such as location announcements and important product updates.
  • Conducting surveys and collecting feedback about our Service.

Protecting our Services and Maintaining a Trusted Environment

  • Investigating, detecting, or preventing misrepresentations, security breaches, incidents, or other potentially prohibited activities, or to otherwise help protect your account.
  • Protecting Customers' rights or property or the security or integrity of our Service.
  • Enforcing the Keycafe Terms or other applicable agreements or policies.
  • Verifying your identity.
  • Complying with any applicable laws or regulations, or in response to lawful requests for information from the government or through legal process.
  • Contacting you to resolve disputes, collect fees, and provide assistance with our Service.

Advertising and Marketing

  • Marketing of our products and services, including communicating with you about opportunities, contests, promotions, discounts, incentives, and rewards offered by us and select partners.

How We Share Your Information

We may share information about you as follows:

With Other Users of the Service with Whom You Interact

  • With other Customers of the Service with whom you interact through your use of the Service. Some examples are, we may display your photo to other Customers with whom you interact to enrich their experience, display your contact information to resolve issues related to an access, or if you are a guest, we may update the Customer who sent you the access with your progress such as updating them that you viewed the access email, registered, completed the access, or other aspects of your usage related to them.

With Third Parties

  • With third-party data processors and services to provide, maintain, and improve our Service, including service providers who access or receive information about you to perform services on our behalf including cloud hosting providers, billing providers, email and sms services, customer data enrichment services, shipping providers, customer relationship services, analytics services, and others.
  • Information technology platforms used by our team to interact and store data internally that may as a result store data related to your account.
  • With third parties that run advertising campaigns, contests, special offers, or other events or activities on our behalf or in connection with our Services.
  • We also may share with third parties aggregated and anonymized information that does not specifically identify you or any individual Customer of our Service.

Business Transfers and Corporate Changes

  • To a subsequent owner, co-owner, or operator of our Service; or
  • In connection with (including, without limitation, during the negotiation or due diligence process of) a corporate merger, consolidation, or restructuring; the sale of substantially all of our stock and/or assets; financing, acquisition, divestiture, or dissolution of all or a portion of our business; or other corporate change.

Safety and Compliance with Law

  • If we believe that disclosure is reasonably necessary (i) to comply with any applicable law, regulation, legal process or governmental request (e.g., from tax authorities, law enforcement agencies, etc.); (ii) to enforce or comply with our Keycafe Terms or other applicable agreements or policies; (iii) to protect our Customers’ rights or property, or the security or integrity of our Services; or (iv) to protect us, Customers or the public from harm, fraud, or potentially prohibited activities.

With Your Consent

  • For example, at your direction or as described at the time you agree to share or when you authorize a third party application or website to access your information.

How We Secure, Store, and Retain Your Information

How and Where Your Data is Secured and Stored

We follow generally accepted standards to store and protect the data we collect, both during transmission and once received and stored, including utilization of encryption where appropriate. For more information about our security practices, please visit https://www.keycafe.com/security. The Service is not without inherent risks as made clear in the Keycafe Terms and Community Guidelines.

We are headquartered in Vancouver, Canada and do not process your data on premises. We rely upon best in class third-party cloud service providers to process and store your information on our behalf and these providers may process and store your information in the United States, Canada, the European Union and other countries. We have verified these providers have GDPR compliance programs in place and have entered into data processing agreements with our service providers that restrict and regulate their processing of your data on our behalf. By visiting or using our Services, you consent to to the transfer, storage, and processing by us and our processors which may result in your data being processed outside of the European Economic Area ("EEA").

Our Basis for Storing and Retaining Data

We retain personally identifiable information only for as long as necessary to provide you with the Service, letting you know about our Service's evolving product capabilities and geographic availability, and other legitimate legal or business purposes such as:

  • mandated by law, contract or similar obligations applicable to our business operations
  • for preserving, resolving, defending or enforcing our legal/contractual rights
  • needed to maintain adequate and accurate business and financial records

Customers who trial the service or subscribe as a property owner, though they may pause usage or unsubscribe, often later resume the Service as a result of seasonal trends, changing personal circumstance, or new key exchange locations or product capabilities we add. Similarly, as we expand we find that guests from around the world may be given an access through Keycafe more than once and link future accesses to their existing account, and - encouragingly to all of us at Keycafe - a high percentage of guests surveyed indicate they would like to use the Service once it is available in their geographic area. Keycafe has the unique challenge of expanding a physical network of kiosks across borders, to cities and countries around the world, and adding new access hardware compatibilities before the Service can be made useful to entire Customer segments and for referrals to finally be realized. Having the ability to make you aware of our evolving product and geographic availabilities is crucial to meeting this business challenge. For all of these reasons, we generally maintain your information as long as your account is open.

Our Retention Policy

Keycafe has a number of automated rules to automatically permanently delete internal emails, dialogues, and data files after a certain period of time, helping ensure that unstructured data that may relate to you is continuously removed from our system. Regarding your personally identifiable data and the databases used to enable your account, our policy is as follows:

We will continue to store your personally identifiable information: (i) if you are registered user, until one year after you cancel your account, (ii) if you are unregistered guest user, until your communication preferences are set to off and one year has passed since your last access expired, or (iii) until 30 days after a formal request is sent by you to privacy@keycafe.com to remove your information.

If (i) or (ii) describes your circumstance at the time of the publication of this Privacy Policy, your one year retention period commences May 24, 2018.

Please note some of the limitations relating to removal of your data: (i) before Keycafe removes your information after the expiry of a retention period above, we may notify you and/or require a confirmation from you. (ii) the removal of your personally identifiable information does not mean that all of your data will be removed (which we may maintain for statistical purposes and system integrity), but only that it can no longer be identified in our database as yours, (iii) your data may continue to appear in the transaction histories of Customers you interacted with as you both "own" that data, (iv) it is possible that Customers you interacted with or third parties you authorized with access to your account may have retrieved and stored data related to you; such activity is irretrievable and beyond our control, and you should contact those parties if you wish for them to no longer store your data, and (v) some of our third-party service providers may have separate legal obligations to retain your data (such as billing providers)


Going Above and Beyond

Pseudonymization, Support PINs, and Synthetic Data

Although not ready at the time of the last update to this Privacy Policy, we have work in progress to re-architect our systems to use a number of advanced privacy techniques. We are striving to further protect your data through “pseudonymization”, a technique recommended but not required under the General Data Privacy Regulation (GDPR) in Europe. Everywhere your name, email, mobile or other personally identifiable information would traditionally appear in our or our third parties’ databases we will generally instead store or present to our team a random unique pseudonym you are known by (such as “Sally Incognito”). Additionally we have underway efforts to let you identify yourself to our support team with a one-time use code displayed in your mobile app, which will allow you to securely identify yourself while maintaining your pseudonymity. Finally, we are working on plans to have our software engineers utilize synthetic data for their development activities, thus shielding your data from most or all of our engineering team. These approaches will reduce exposure of your personally identifiable information among Keycafe’s team and third-party providers, further safeguard your data against possible breach, and facilitate your data removal rights. Excluded from these efforts will be situations where it is impossible to maintain your pseudonymity, such as with our credit card processing provider which must have your real identifying information, or other cases that would limit our ability to provide the Service or conduct our business effectively. These initiatives are a work in progress and subject to review and exception in our sole discretion as we learn how to balance them with our business needs, but we are pleased as a still early stage company to take the opportunity to lay a best-in-class foundation for privacy into our systems.


Cookies and Other Similar Technologies

We use various technologies to collect information when you access or use the Service, including placing a piece of code, commonly referred to as a "cookie," or similar technology on your device and using web beacons. Cookies are small data files that are stored on your hard drive or in your device memory when you visit a website or view a message. Among other things, cookies support the integrity of our registration and login processes, retain your preferences and account settings, and help evaluate and compile aggregated statistics about user activity. We will begin collecting information about you or from activity on devices you use as soon as you use our Services. By using our Service, you permit us to collect and use your information from activity on devices you use in accordance with this Privacy Policy.

Certain cookies we use last only for the duration of your web or application session and expire when you close your browser or exit the application. Other cookies are used to remember you when you return to use the Service and, as such, will last longer.

We may use cookies to:

  • Remember that you have visited us or used the Service before.
  • Customize elements of the promotional layout and/or content of our Service.
  • Collect data about the way you interact with our Service (e.g., when you use certain features).
  • Collect data to assess and improve our advertising campaigns, including sending information to our business partners.
  • Allow our business partners (including third parties) to use these tracking technologies to track your behavior on our behalf on our Platform (including when you use multiple devices) and on partner websites.
  • Enable third parties to collect data about the way you interact across sites outside of our Service.
  • Collect anonymous statistical information about how you use the Service and the location from which you access the Service, so that we can improve the Service and learn which elements and functions of the Service are most popular with our users.

Some of the cookies used in the Service are set by us, and others are set by third parties who deliver services on our behalf. Most web and mobile device browsers are set to automatically accept cookies by default. However, you can change your browser settings to prevent automatic acceptance of cookies, or to notify you each time a cookie is set.

You also can learn more about cookies by visiting http://www.allaboutcookies.org, which includes additional useful information on cookies and how to block cookies on different types of browsers and mobile devices. Please note, however, that by blocking or deleting cookies used in the Service, you may not be able to take full advantage of the Service.

We also may collect information using web beacons. Web beacons are electronic images that may be used in our Service or emails. We use web beacons to deliver cookies, track the number of visits to our website and apps, understand usage and campaign effectiveness, and determine whether an email has been opened and acted upon.


Third-Party Advertising and Analytics

We use third-party service providers to provide site metrics and other analytics services. These third parties can use cookies, web beacons, and other technologies to collect information, such as your IP address, identifiers associated with your device, other applications on your device, the browsers you use to access our Services, web pages viewed, time spent on webpages, links clicked, and conversion information (e.g., transactions entered into). This information can be used by us and third-party service providers on behalf of us to analyze and track usage of our Service, determine the popularity of certain content, and better understand how you use our Service.

This Privacy Policy does not apply to, and we are not responsible for, third-party cookies, web beacons, or other tracking technologies, which are covered by such third parties' privacy policies. For more information, we encourage you to check the privacy policies of these third parties to learn about their privacy practices. For more information about targeted advertising specifically, please visit http://www.aboutads.info/choices.

Examples of our third-party service providers to help deliver our Service or to connect to our Service include:

These third-party service providers make use of cookies to implement their services. Opt out of these services may be on a browser level, so you may have to opt out again on other devices or anytime your browser cache is cleared.


Your Choices

Communications Settings

We make you aware at the time you register that by providing your information and registering you are agreeing to receive communications that relate to your security and account, product and service updates, and feedback requests, and that you may change your settings after registering your account. We do not opt you into Keycafe communications regarding marketing and offers, but we hope you will opt in and let us be in touch!

You can opt out of you or your guests from receiving certain communications by going to the communications settings area of our mobile app at https://www.keycafe.com/mobile#!/notification

If we send you an automated communication by email that is non-mandatory, it will contain an unsubscribe link permitting you to "opt out" of receiving future communications. This option will opt you out of that communication type. For example, if you received a location launch email and you unsubscribe, this will change your communication setting for location launch emails to off.

Privacy Settings

You have certain privacy controls available in the privacy settings area of our mobile app at https://www.keycafe.com/mobile#!/privacy. At the time of the last update to this Privacy Policy, you can disable long term storage of GPS device data, disable third-party data enrichment, disable location related surveys, and disable feedback requests. By default you are opted into these programs so that we may provide the best Service possible, so please opt out after registering if you prefer these privacy options be in place. We intend to offer more privacy settings in the future and may initially set your account to the less private option if that was already our default behavior.

Device GPS Setting

In order to provide certain features, we may require access to location information, including precise geolocation information collected from your device, for example, to verify you are near a Keycafe SmartBox or generate walking directions. You can stop our collection of location information by our app at any time by changing the preferences on your mobile device. If you do so, critical features of our mobile application will no longer function.

Security Settings

We allow you to turn on two factor authentication for your account in your security settings which we highly recommend. You may also manage your API key if you use the Keycafe APIS. We intend to offer more security settings in the future and may initially set your account to the less secure option if that was already our default behavior.

Personal Information

You may access, change, or correct information that you have provided (including profiling decisions we have made such as your language) by logging into your Keycafe account at any time or by making a request to our support team, in which case we may need to verify your identity before granting access or otherwise changing or correcting your information.

Cancelling Your Account

If you wish to deactivate your account, you can do so by logging into your Keycafe account and using the "Cancel Account" option in your account settings area.

Do Not Track

Do Not Track ("DNT") is an optional browser setting that allows you to express your preferences regarding tracking across websites. We do not have a mechanism in place to respond to DNT signals. If you wish to minimize trackability of your use, we recommend using the Google Chrome browser in incognito mode.

Seeing Your Data

Your have the right to see your data. If you wish to see the data we store about you, email privacy@keycafe.com and we will respond within 30 days. Please note that Keycafe is still a small company and must dedicate engineering time to achieving your export. We will ask you to discontinue using the Service if you make a burdensome number of requests.


Changes to this Privacy Notice

We may amend this Privacy Policy from time to time by posting a revised version and updating the "Last Updated" date above. Unless we notify you otherwise, any revised version will be effective 30 days after the Last Updated date. We will provide you with reasonable notice of material changes to the Privacy Policy, including by email if you have provided an email address. If you disagree with these changes, you may cancel your account at any time. Your continued use of our Service constitutes your consent to any amendment of this Privacy Policy.


Contact

Please contact our privacy department with any requests, questions or concerns regarding this Privacy Policy at:

privacy@keycafe.com
Keycafe Inc., 505 - 55 Water Street, Vancouver, BC V6B 1A1, Canada

If we receive an inquiry from you, we will respond to let you know who will be handling your matter and when you can expect a further response. We may request additional details from you regarding your concerns and may need to engage or consult with other parties in order to investigate and address your issue. We may keep records of your request and any resolution.