Updated: 05.24.2018

Overview

Lockpath is committed to providing excellent service for its Keylight GRC Platform. Lockpath respects your right to privacy and your desire to control personal data that you share with Lockpath. As such, Lockpath has created this Privacy Policy to inform you about its privacy practices. To view Lockpath’s Privacy Policy, please visit: Lockpath.com/privacy. This privacy policy covers all customer, pilot, demo and test instances hosted at https://*.keylightgrc.com. Additionally, Lockpath’s corporate site Lockpath.com is covered by this privacy policy.

Lockpath is eligible to participate and adheres to the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Frameworks with respect to personal data that it receives in the course of providing Lockpath services. Information and website links about Lockpath’s participation in the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework can be found below.

Keylight may contain links to other external web sites. Lockpath is not responsible for the privacy, content or security practices of third-party sites.

To update your email preferences and to choose the types of emails you receive, visit the Email Subscription Preferences page.

 


 

Transparency

Lockpath is committed to acting with integrity, ethics, and transparency. While the lawyers love to make things complicated, we believe in communicating clearly and concisely to our customers and prospective customers. As you read our privacy policy, please don’t hesitate to reach out to our Data Protection Officer if you have any questions about the types of data we collect, how we use it, or how we protect it.

 


 

Personal Information

What we collect, how we use it and how it is shared.

There are four ways in which you may consent to provide personal information to us.

  1. Email – Lockpath uses links throughout its web sites that provide you a way to ask questions via email, request information, register for events or webinars and request support / assistance. You may also be offered the opportunity to have one of our representatives contact you to provide information. Lockpath may request personal information from you, such as your name, phone number and email address to help us track and satisfy your request. Lockpath may share your personal information with third parties, such as vendors providing supporting technology or tools in order for Lockpath to provide the services above and as described in this privacy policy. Lockpath does not sell your information to third parties.
  2. Web Forms – Lockpath uses web forms throughout its web sites that provide you with a way to seek additional information. As part of this, Lockpath may request personal information from you such as your name, phone number and email address to help us track and satisfy your request.
  3. Use of Lockpath Products– When purchasing, evaluating or using a subscription to Lockpath’s products, certain personal information will be requested such as your name, address, phone number and email address. The Lockpath products may require certain personal information such as your name and email address. This information is used by the platform to send alerts / notifications to you. Lockpath does not perform onward transfer of this personal information to third parties. Should there be future onward transfer to third parties of data of EU or Swiss individuals received by Lockpath and pursuant to the EU-US Privacy Shield and Swiss-US Privacy Shield, Lockpath is potentially liable, unless of course Lockpath proves we are not responsible for the event giving rise to the damage. You will be notified of onward transfer of your personal information to third parties by email and/or public notice on this site.
  4. Employment – For persons interested in working at Lockpath, certain information may be requested such as a resume, name, address, phone number, email address and other employment related information. Lockpath may use this information for the purpose of employment consideration.

Lockpath never collects any personal data revealing racial or ethnic origin, religious beliefs, health/medical conditions, political opinions or sexual orientation.

Lockpath limits the collection of personal data to the minimum necessary to process it for its intended purpose.

Lockpath will review the context around how PII is collected before processing it for another purpose than originally intended. Lockpath will notify data subjects if it decides to process data for a purpose outside of what it was collected for.

 

Data Retention

Lockpath retains personal data for only as long as it requires to fulfill the purpose for which it is intended to be processed.

Data Retained for Marketing Purposes
For individuals who have agreed to opt-in (or not opted out), Lockpath keeps basic contact information for as long as the information is deemed to be accurate and the user has not withdrawn consent. Once an individual has opted-out / withdrawn consent, Lockpath keeps a minimal amount of data necessary to identify the individual to avoid contacting them in the future (email address, phone number, etc.)

Data Retained by Lockpath’s Products and Services
Lockpath disposes of data within 30 days of termination of the contract or according to the contract if outside of the normal terms.

 

Data Access, Processing Restrictions, Erasure, and Data Portability

Lockpath acknowledges that individuals have a right to request a copy of the data that Lockpath holds on them. Lockpath will not charge individuals for information requests. Lockpath will not withhold information from individuals unless it is required to for legal reasons.

Lockpath will restrict the processing of data if an individual requests a restriction by lodging a complaint for legitimate reasons including: accuracy, unlawful processing, or other legal reasons.

Lockpath will inform individuals prior to lifting a processing restriction.

Lockpath will provide a machine readable copy of personal information to individuals upon request. Lockpath will deny information requests if it is not able to validate the identity of the requester. Upon request by an individual, Lockpath will directly transfer personal information to another controller.

When an individual lodges a complaint, Lockpath will communicate the actions it took to address the request.

Lockpath strives to respond quickly to information requests and will inform the individual as to the reason for delays in responding to requests.

 

Data Location

Lockpath stores information in data-centers located in the United States. It does not store any customer or personal information outside the United States.

 

Data Breach Notifications

If a Lockpath product / service offering experiences a data breach, Lockpath will work with the affected customer(s) to jointly notify individuals that are impacted by the breach. If Lockpath experiences a breach unrelated to a customer, then Lockpath will directly notify the individuals impacted by the data breach.

 

Site Analytics

When you visit Lockpath web sites, various systems collect personal information and statistical or non-personally identifiable information (non-PII) about your visit, including IP Address, pages visited, origin of visitor domains, and types of browsers used. To the extent permitted by applicable law, Lockpath reserves the right to combine non-PII with personal information that you have actively submitted.

 

Cookies

A cookie is a piece of information that our web sites send to your browser, which then stores this information on your system. Cookies are used to remember information about you and your preferences.

KeylightGRC Cookies
The Keylight GRC Platform uses cookies to track authenticated sessions. When you login to Keylight, a temporary session cookie is written to your machine that enables us to track your session / interaction with Keylight. Keylight may also use persistent cookies for tracking single-sign-on preferences such as LDAP or SAML authentication or language preferences.

LockPath.com Cookies
Lockpath uses Google Analytics to track page visits on www.Lockpath.com, which makes use of permanent cookies. Additionally, Lockpath uses temporary persistent cookies to track requests for downloads. By using cookies, users are able to retrieve additional information without needing to provide their information multiple times.

 

Web Beacons

Lockpath uses some third-party services for web / email marketing purposes that may make use of web beacons. This capability helps Lockpath send email in a format that users can read and allows Lockpath to determine the aggregate number of emails opened. The web beacon does not collect any personal information.

 

Testimonials & Endorsements

Lockpath displays personal testimonials and endorsements of happy customers on its site. With your consent, Lockpath may post your testimonial with your name. If you wish to update or delete your testimonial, you may do so by contacting the Lockpath Privacy Contact as described below.

 

Surveys

Lockpath may request information from customers via surveys. Participation in these surveys is 100% voluntary. Survey information will be used for improving our customer service and products. The feedback Lockpath collects is aggregated and we do not track individual responses unless the respondent chooses to be identified.

 

Lockpath Blogs

If you use a blog on our web site, you should be aware that any personal information you submit can be read, collected or used by other users of these blogs. Lockpath is not responsible for personal information that you choose to submit in these blogs. You are also responsible for adhering to the Terms of Use set forth on the relevant blog site. To request removal of your personal information from our blog, please contact the Lockpath Privacy Contact as described below. In some cases Lockpath may not be able to remove your information. In the event that Lockpath cannot remove your information you will be contacted with an explanation.

 

Security

Lockpath uses reasonable physical, electronic, and administrative safeguards to protect your personal information from misuse, unauthorized access, disclosure, alteration, loss, or destruction. Lockpath exercises the same rigorous security solutions, practices and standards to protect all data collected and maintained by Lockpath, regardless of the source.

 

Changes to this Policy

This policy may be updated periodically to reflect changes to Lockpath’s privacy and information security practices. If Lockpath makes any material changes, you will be notified by email and/or a public notice on this site prior to the changes becoming effective.

 


 

Lockpath EU-US and Swiss-US Privacy Shield Frameworks

Lockpath complies with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Lockpath has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www. Privacyshield.gov/ Lockpath is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

In Compliance with the EU-US and Swiss-US Privacy Shield Principles, Lockpath commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Lockpath via the information below and Lockpath will respond within 15 days of the inquiry or complaint.

Lockpath, Inc.
Melanie Ekeland
6240 Sprint Parkway, Suite 100
Overland Park, KS 66211
(913) 601-4800
privacy@lockpath.com

Lockpath has further committed to refer unresolved privacy complaints under the EU-US and Swiss Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

 

Scope of Notice

This notice does not apply to employees of Lockpath. This notice applies to persons residing in the European Union (EU) or Switzerland (Swiss) whose data Lockpath may receive from its customers, suppliers or other businesses in the EU or Switzerland.

 

Types of EU or Swiss Data

Lockpath collects data and performs processing services primarily for businesses and rarely, if ever, for consumers. As a result, Lockpath mostly receives business information from the EU or Switzerland. Occasionally Lockpath may receive contact information related to individual representatives of businesses with whom Lockpath is dealing, including names, addresses, work phone numbers, work email addresses, etc. Lockpath does not collect, process, or use information about children.

 

Purposes

Lockpath collects and uses EU or Swiss data for purposes of providing data processing services to its customers, communicating with corporate partners about business matters, processing data on behalf of customers, transmitting marketing emails, and performing various marketing activities.

 

Disclosure

Lockpath does not sell EU or Swiss data to third parties. . Lockpath may disclose your personal information as required by law, such as to comply with a subpoena or similar legal process or government request. Lockpath may also be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Lockpath may also disclose your personal information if Lockpath, Inc. is involved in a merger, acquisition or sale of all or a portion of its assets. You will be notified by email and/or a notice on our web site of any change in ownership or uses of your personal information.

 

Opt Out

All marketing emails from Lockpath contain opt out language / features to make it easy for people to unsubscribe from future mailings.

 

Access, Review and Choice

EU or Swiss persons whose EU or Swiss data Lockpath holds may request confirmation of and/or access to their personal information, and also have the opportunity to update, correct or delete some or all of the EU or Swiss data, including the ability to opt out of sharing their personal information with third parties. To submit such requests, please contact the Lockpath Privacy Contact as described below. Lockpath reserves the right to authenticate a person’s identity, to charge an adequate fee for providing access, and to deny requests except as required by the Privacy Shield Principles.

 

Data integrity

Lockpath takes reasonable steps to ensure that your personal information is limited to that which is relevant for the purposes of processing and is accurate, complete, and current by using the most recent information provided to us.

 


 

To view our certification page, please visit https://www.Privacyshield.gov. Lockpath is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

 

Contact Information

If you have questions about Lockpath’s Privacy Policies / Program, please contact the Lockpath’s Data Protection Officer / Privacy Contact at:

Lockpath, Inc.
Melanie Ekeland
6240 Sprint Parkway, Suite 100
Overland Park, KS 66211
(913) 601-4800
privacy@lockpath.com

BBB