Karuny Hosting and IT Services (Karuny) respects your privacy. In this Privacy Statement we will inform you how Karuny will safeguard your personal data. Karuny safeguarding your personal data. Being a customer at Karuny we comit to handle and store all your personal data according to current EU Laws on data protection
Scope and acceptance
This Privacy Statement applies on how we manage personal data for all our customers on websites, mail and databases that Karuny managed on behalf of our clients.
Personal data is information that can identify you as a person, such as an email address, street address or phone number. Processing your personal data is necessary for us to serve you or our Customers. By providing us with your personal data, you accept the practices and terms described in this Privacy Statement. Please do not use Karun’s services or provide your personal data if you do not agree.
Whose data we process
For customers who use our hosting products for Website, Mail or Databases, we only store data from contact forms for your institution within the guidelines of your own Privacy Statement and within the laws of EU Data Protection Laws.
Storage of Personal Data
Karuny uses only datacentres within the EU, namely in Germany using Server Solutions hosted with Amazon or Gertzner.
Security Around our Hosting Products
For Mail and Hosting, Karuny uses https certificates for all services where personal data may be stored.
For our Database services we have added an extra layer of security where we issue personal certificates to gain access to the system. Certificates will only be issues on request of the data responsible for the company/institution we have an agreement with.
Why we process your personal data
To manage our Customer relations in general and to meet our Customer commitments, Karuny requires some information about you in your role as Customer contact person or user of a service. Our aims with this are:
- Provide offers on programs and services that Customers or prospective customers have requested
- Inform about and present program and service offers that are closely related to the services and programs the Customer already uses
- Perform deliveries in accordance with a customer agreement
- Offer support to users of our services
- Detect and prevent security threats and perform maintenance and debugging
- Prevent abuse of our programs and services
- Communicate information that is relevant for our deliveries in particular and our customer relations in general
- Process orders, invoicing, payments and other financial follow up of Customers
- Payment of services purchased through Karuny
- To manage your access to our web-based services (web/mail and databases)
In addition, we will also collect information about you as a contact person or user of a service, for the following purposes:
- To promote new products and services
- To discuss development ideas around your services with us
How we collect your personal data
We only collect information about you directly from you or via one of our partners listed on our Partners Lists when relevant to offer you the service we are obliged under our contract with you.
Google Analytics: This cookie allows us to see information on user Website activities including, but not limited to page views, source and time spent on a Website. The information is depersonalized and is displayed as numbers, meaning it cannot be tracked back to individuals. This will help to protect your privacy. By using Google Analytics we can see what content is popular on our Website, and strive to give you more of the things you enjoy reading and watching.
You can prevent the information generated by the Google cookie about your use of our Sites from being collected and processed by Google in the future by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser. This Add-on is available at http://tools.google.com/dlpage/gaoptout.
What personal data we process
The type of data that Karuny process about you may be:
- Your own and the Customer’s contact details such as name, address, telephone number and email.
- Employment information about you at the customer company such as job title, position including preferences and interests in professional context
- Feedback, comments or questions about Karuny as a supplier, or concerning our programs and services
- Unique user information such as login ID, username and password to access your website and databases. We do not store password for your mail account
- Traffic information as provided by your web browser such as browser type, language and the address of the website from which you arrived and other traffic information such as IP address. IP Address is only used to measure repeated visits and geographical location of visits.
How we share your personal data.
It is important for us that we provide the best possible customer service and overall experience. This means that we can share your personal data with our partners listed here.
Our Partners has no right to share this information with any other 3rd party unless you have allowed this in written form through email
The police and other authorities may demand the handover of personal information from Karuny. In these cases, Karuny will only hand over the data if there is a court order to do so.
Right to opt-out of marketing communications
You have the right to opt-out of receiving marketing communications from Karuny and can do so by:
- Use the opt-out feature in newsletter and marketing mail
Please note that even if you opt-out from receiving marketing communications, you may still receive administrative communications from Karuny, such as order confirmations and notifications about your account activities (e.g. account confirmations and password changes).
Access and rectification
You have the right to request a copy of your personal data. You may send us a request for this.
Data security and retention
How we keep your personal data secure
Karuny takes the trust you place in us seriously. Karuny is committed to prevent unauthorized access, disclosure or other deviant processing of your data. Further, Karuny is committed to ensure proper use of the information, to maintain data integrity and to secure data availability. As part of our commitment, we utilize reasonable and appropriate physical, technical, and administrative procedures and measures to safeguard the information we collect and process. Karuny has implemented a number of security measures, including:
- Secure operating environments – Karuny stores your data in secure operating environments that are only accessible to Karuny employees and subcontractors on a need-to-know basis. Karuny also follows generally accepted industry standards in this respect.
- Encryption of payment information – Karuny uses industry-standard encryption to provide protection for sensitive financial information, such as credit card information, sent over the Internet (e.g., when you make payments through Karuny’s invoice system).
Please note that these protections do not apply to the personal data that you choose to share in public areas such as community websites.
How long we store your personal data
Karuny will only retain your personal data for as long as necessary for the stated purpose, while also taking into account our need to answer queries or resolve problems and to comply with legal requirements under applicable laws.
This means that we may retain your personal data for a reasonable period after your last interaction with us. When the personal data that we collect is no longer required in this way, we destroy or delete it in a secure manner. After 2 years since last interaction we automatically will delete all personal data we have on you.
Karuny as a data processor
Karuny provides many different services to our Customers. These services involves processing of the Customers’ data and may include processing of personal data. The purposes of this processing is determined by our Customers and not by Karuny. The Customer is then the data controller for the data subject’s data. Karuny do in such cases act as data processor and process the data on behalf of and according to instructions given by the Customer. When acting as data processor, Karuny is in accordance with the requirements in applicable data protection legislation always committed to enter into a data processing agreement (DPA) with the Customer. The Customer has agreed and guaranteed that:
- The Customer is the owner of or otherwise has the right to transfer the data to Karuny for processing and that he has the responsibility for the accuracy, integrity, content, reliability and legality of the personal data
- It is the Customer’s duty as data controller to notify, to the extent required by applicable law, the relevant supervisory authorities and/or the data subject in the event of any breach or unauthorized disclosure of personal data
When acting as data processor, Karuny is responsible for providing technical and organizational security measures in order to safeguard your privacy on behalf of our Customer – the data controller.
- As data processor, Karuny will not process personal data in any other manner or for any other purpose than as authorized in the agreement with the data controller.
Data subjects having questions, comments, claims or any other issues regarding their personal data that Karuny is data processor for, must submit these to the data controller. As data processor, Karuny will not give any data subjects access to their personal data without instructions given by the data controller to do so. If governmental authorities or the police request disclosure of personal data, Karuny will promptly notify the data controller and we will disclose such data only to comply with a court order.
Karuny will provide non-public information about internal systems and routines for data processing to Customers and collaboration partners upon request. This may be contingent upon a non-disclosure agreement.
Subcontractors and export of personal data
In some cases, Karuny will use subcontractors to process personal data. These subcontractors are typically vendors of cloud services or other IT hosting services. When using subcontractors, Karuny will always enter into a data processing agreement (DPA) in order to safeguard your privacy rights and/or to fulfil our obligations towards our Customers.
If the processing of data is performed outside of the EU, we will make sure that the DPA is based on the EU Standard Contractual Clauses or that the data importer is certified according to the EU/US Privacy Shield framework, if located in the US. In such cases, we will also inform our Customers about the export of data. Karuny is not responsible for providing such information to data subjects whose data is controlled by our Customers.
Changes to this Statement
If we modify our Privacy Statement, we will post the revised statement here, with an updated revision date. We encourage you to review the Statement regularly. If we make significant changes to our Statement that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our corporate website and/or social media pages prior to the changes taking effect.
The last update of this Privacy Statement was 15th of May 2018.
How to contact us