Effective: February 28, 2024
1. Introduction and Overview.
Kepler Group LLC (together with its affiliated companies, “Kepler, “we,” “our,” or “us”) is a marketing services company. This Privacy Policy describes how Kepler collects, uses, and shares information about you as well as your rights and choices about such use and sharing, and applies to your use of any online service location that posts a link to this Privacy Policy, including our corporate website at www.keplergrp.com, and all features, content, and other services that we own, control, and make available through such online service location (collectively, the “Service”). By using the Service, you agree to our collection, use and disclosure practices and other activities as described in this Privacy Policy. If you do not agree and consent, you should immediately discontinue use of the Service.
This Privacy Policy does not apply to our information collection activities outside of the Service (unless otherwise stated below, at the time of collection, or for any offline location that makes this Privacy Policy available to you). For information about processing on behalf of our clients, please see the “Information on Behalf of Our Clients” section below.
If you have any questions about our privacy practices, please contact us as set forth in the section entitled “Contact Us” below.
2. Information Collection.
A. Information You Provide.
We collect information that you provide directly via the Service, such as when you access our content, contact customer support, or apply for a job. We may also use Service Providers (defined below) to collect this information where we are permitted to do so in accordance with applicable laws, for example from recruitment services, credit reference agencies, customer due diligence providers and analytics providers.
The information we collect includes information that identifies you personally (whether alone or in combination). The categories of information we collect and have collected in the last 12 months include:
Contact Data
We collect your first and last name, e-mail address, postal address, phone number, business details, and other similar contact data.
Demographic Data
We collect demographic information such as your age, gender, and country.
Content.
We collect the content of messages you send to us, such as your feedback or questions and information you provide to us.
Job Applicant Data
We collect data as necessary to consider you for a job opening if you submit an application to us, such as your name, contact details (i.e. address, home and mobile phone numbers, email address) and emergency contacts (i.e. name, relationship and home and mobile phone numbers), professional experience and education (including university degrees, academic records, professional licenses, memberships and certifications, awards and achievements, and current and previous employment details), financial information (including current salary information) language skills, information connected with your right to work (including your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information), and any other personal data that you present us with as part of your application related to the fulfilment of the role.
We will also collect and process information concerning your application and our assessment of it including references and any background checks we may make to verify information provided and any information connected with your right to work. This may include as necessary for your role (and subject to legislation in your jurisdiction) checks verifying your job history, qualifications and previous renumeration as well as credit, criminal record, social media and adverse media checks.
If necessary, we will also process information concerning your health, any disability and in connection with any adjustments to working arrangements.
You may choose to voluntarily submit information to us through the Service that we do not request, and, in such instances, you are solely responsible for such information.
B. Information Collected Automatically.
We automatically collect information about your device and how your device interacts with our Service and other services. We may use Service Providers to collect this information. The categories of information we automatically collect and have collected in the last 12 months include:
· Service Use Data. We collect data about the features you use, the pages you visit, the e-mails and advertisements you view, the products you purchase, the time of day you browse, your referring and exiting pages, and other similar information.
· Device Connectivity and Configuration Data. We collect data about the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings, and other similar information. This data also includes IP address, MAC address, device advertising Id (e.g., IDFA or AAID), and other device identifiers.
· Location Data. We collect data about your device’s location, which can be precise (e.g., latitude/longitude data) or imprecise (e.g., location derived from an IP address or data that indicates a city or postal code level).
We use various current – and later – developed technologies to collect this information (“Tracking Technologies”), including the following:
Log Files
A log file is a file that records events that occur in connection with your use of a website or service, such as your service use data.
Cookies
A cookie is a small data file stored on your device that acts as a unique tag to identify your browser. We use two types of cookies: session cookies and persistent cookies. Session cookies make it easier for you to navigate a website and expire when you close your browser. Persistent cookies help with personalizing your experience, remembering your preferences, and supporting security features. Additionally, persistent cookies allow us to bring you advertising. Persistent cookies may remain on your device for extended periods of time, and generally may be controlled through your browser settings.
Pixels
A pixel (also known as a web beacon) is code embedded in a website, video, e-mail, or advertisements that sends information about your use to a server. There are various types of pixels, including image pixels (which are small graphic images) and JavaScript pixels (which contains JavaScript code). When you access a website, video, e-mail, or advertisement that contains a pixel, the pixel may permit us or another party to drop or read cookies on your browser. Pixels are used in combination with cookies to track activity by a particular browser on a particular device. We may incorporate pixels from other parties that allow us to track our conversions, bring you advertising, and provide you with additional functionality.
Device Fingerprinting
Device fingerprinting is the process of analyzing and combining sets of information elements from your device’s browser, such as JavaScript objects and installed fonts, in order to create a “fingerprint” of your device and uniquely identify your device and apps.
Location-Identifying Technologies
Location data may be used for purposes such as verifying your device’s location and delivering or restricting relevant content and advertising based on that location.
For further information on Tracking Technologies and your rights and choices regarding them, see the “Social Media and Technology Integrations,” “Analytics and Advertising,” and “Your Rights and Choices” sections below.
C. Information on Behalf of Our Clients.
We provide agency services for our clients, such as campaign strategy and media buys, and collect and process information about individuals (including through Tracking Technologies) at the direction of our clients (“Client Data”). Client Data has historically included contact data, demographic data, content, service use data, device connectivity and configuration data, and location data, among other information. Our processing of Client Data is governed by the terms of our service agreements with our clients and their privacy policies, and not this Privacy Policy. We are not responsible for how our clients treat the information we collect on their behalf, and we recommend you review their own privacy policies.
We acknowledge that you may have rights in connection with Client Data. If your information has been processed by us on behalf of a client and you wish to exercise any rights you have with such information, please inquire with our client directly. If you wish to make your request directly to us, please provide the name of the Kepler client on whose behalf we processed your information. We will refer you request to that client, and will support them to the extent required by applicable law in responding to your request.
For further information on your rights and choices regarding Client Data, see the “Your Rights and Choices” section below.
D. Information from Other Sources
We also obtain information about you from other party sources. The categories of other sources from which we collect or have collected information from in the last 12 months include:
· Data suppliers or resellers from which we purchase demographic data to supplement the data we collect.
· Social networks when you reference our Service or grant permission to Kepler to access your data on one or more of these services.
· Partners with which we offer co-branded services, sell or distribute our products, or engage in joint marketing activities.
· Publicly-available sources such as data in the public domain.
E. Sensitive personal data (or ‘special category’ personal data) We may from time to time need to process sensitive personal data. We will only process sensitive personal data if we have a lawful basis for doing so under applicable laws, and, for the purposes of EU and UK laws, one of the special conditions for processing sensitive personal data applies. Sensitive personal data may include information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation and biometric or genetic data. For the purposes of this privacy notice, this also includes personal data relating to criminal offences and convictions.
3. Use of Information.
We use information we collect for business and commercial purposes in accordance with the practices described in this Privacy Policy. Our business purpose for collecting and using information, including in the last 12 months, include to:
· Operate and manage our Service.
· Perform services requested by you, such as to respond to your comments, questions, and requests, and provide customer service.
· Send you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages.
· Prevent and address fraud, breach of policies or terms, and threats or harm.
· Monitor and analyse trends, usage, and activities.
· Conduct research, including focus groups and surveys.
· Improve the Service or other Kepler websites, apps, marketing efforts, products and services.
· Develop and send you direct marketing, where permitted in accordance with applicable laws, including advertisements and communications about our and other party products, offers, promotions, rewards, events, and services.
· Serve and provide you with advertising, where permitted in accordance with applicable laws.
· Fulfill any other business or commercial purposes disclosed to you and with your consent.
· Recruit candidates for our job openings and for pre-employment screening.
· Administer our recruitment process.
· Comply with legal and regulatory obligations, including but not limited to fraud and anti-money laundering. Notwithstanding the above, we may use information that does not identify you (including information that has been de-identified) for any purpose except as prohibited by applicable law.
For information on your rights and choices regarding how we use your information, please see the “Your Rights and Choices” section below.
4. Sharing of Information.
We share information we collect in accordance with the practices described in this Privacy Policy. The types of entities to whom we disclose and have disclosed information with in the last 12 months include:
· Service Providers. We may share your information with our agents, vendors, and other service providers (collectively “Service Providers”) in connection with their work on our behalf. Service Providers assist us with services such as data analytics, marketing, website hosting, and technical support. Service Providers are prohibited from using your information for any purpose other than to provide this assistance, although we may permit them to use aggregate information which does not identify you or de-identified data for other purposes.
· Third party recruitment consultants and similar businesses (including online recruitment portals). We may share your information with recruitment consultants as a part of the recruitment process
.· Affiliates. We may share your information with our related entities including our parent and sister companies. For example, we may share your information with our affiliates for customer support, marketing, and technical operations.
· Clients. We share your information with our clients in connection with us processing your information on their behalf. For example, we share your information with our clients to provide them with strategic guidance, execute and optimizes media buys on their behalf, respond to your questions and comments, comply with your requests, and otherwise comply with applicable law.
· Business Partners. We may share your information with our business partners in connection with offering you co-branded services, selling or distributing our products, or engaging in joint marketing activities.
· Vendors and Other Parties. We may share your information with vendors and other parties for business and commercial purposes of facilitating your requests (such as when you choose to share information with a social network about your activities on the Service) and in connection with tailoring advertisements, measuring and improving content and advertising effectiveness, processing data and enabling other enhancements. Vendors and other parties may act as our service providers, or in certain contexts, independently decide how to process your information. For more information on advertising, see the “Analytics and Advertising” section below.
· Merger or Acquisition. We may share your information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
· Security and Compelled Disclosure. We may share your information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also share your information to protect the rights, property, life, health, security and safety of us, the Service or any other party. We may also need to share your personal data with external auditors to ensure compliance with legal and regulatory requirements.
· Consent. We may share your information for any other purpose disclosed to you and with your consent.
Without limiting the foregoing, in our sole discretion, we may share aggregated information which does not identify you or de-identified information about you with other parties or affiliates for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we share your information, please see the “Your Rights and Choices” section below. We only allow third parties to handle your personal data if we are satisfied they take appropriate measures to protect it. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
5. Social Media and Technology Integrations.
Our Service contains content from and hyperlinks to websites, locations, platforms, and services operated and owned by other parties, and/or integrations with technologies operated or controlled by other parties. In addition, we may host parts of our service on other party platforms. For example, we may offer our content on social networks such as a Facebook and Twitter. Any information you provide to us when you engage with our content (such as through our brand page) is treated in accordance with this Privacy Policy. If you publicly reference our Service on another party’s service (e.g., by using a hashtag associated with Kepler in a tweet or post), we may use your reference on or in connection with our Service.
These other parties may use Tracking Technologies to independently collect information about you and may solicit information from you. The information collected and stored by other parties, whether through our Service, or another party’s service or device, remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We are not responsible for and makes no representations regarding the privacy practices of such other parties. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.
6. Analytics and Advertising.
Our Service contains Tracking Technologies, some of which are owned and operated by other parties. For example, we use Tracking Technologies from analytics provides, such as Google Analytics, to help us analyze your use of the Service, compile statistic reports on the Service’s activity, and provide us with other services relating to Service activity and internet usage. We also work with ad serving services, advertisers, and other parties to serve advertisements. These other parties may use Tracking Technologies on our Service (including in emails) and other services (including in advertisements) to track your activities across time and services for purposes of associating the different devices you use, and delivering relevant ads and/or other content to you on the Service and other services after you have left the Service (“Interest-based Advertising”).
Kepler may help its clients with analytics and advertising services, including through the use of Tracking Technologies and matched ad services. Our processing of Client Data is governed by the terms of our service agreements with our clients and their privacy policies, and not this Privacy Policy. For more information about processing on behalf of our clients, please see “Information on Behalf of Our Clients” section above.
For further information on Tracking Technologies and your rights and choices regarding them, please see the sections entitled “Information Collected Automatically” above and “Your Rights and Choices” below.
7. Your Rights and Choices.
A. Tracking Technology Choices.
· Cookies and Pixels. Most browsers accept cookies by default but you can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations. Under certain laws, we may not place cookies on your device without your consent, unless they are strictly necessary to the operation of the Service that we provide on our website.
· Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to “Do Not Track” signals or other mechanisms. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.
Please be aware that if you disable or remove Tracking Technologies some parts of the Service may not function correctly. If you have any queries about the cookies that we use, or would like more information, please contact us using the details in the “Contact Us” section below.
B. Analytics and Interest-Based Advertising.
You can opt-out of your data being used by Google Analytics through cookies by visiting https://tools.google.com/dlpage/gaoptout and downloading the Google Analytics Opt-out Browser Add-on.
Some of the parties that collect information from or about you on the Service in order to provide more relevant advertising to you participate in the Digital Advertising Alliance (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. This program offers a centralized location where users can make choices about the use of their information for online behavioral advertising. To learn more about the DAA and your opt-out options for their members for websites, please visit http://www.aboutads.info/choices. In addition, some of these other parties may be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt-out options for their members, please visit http://www.networkadvertising.org/choices/. Please note that if you opt-out of online behavioral advertising using any of these methods, the opt-out will only apply to the specific browser or device from which you opt-out. Further, opting-out only means that the selected members should no longer deliver certain Interest-based Advertising to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). We are not responsible for effectiveness of, or compliance with, any other parties’ opt-out options or programs or the accuracy of their statements regarding their programs.
C. Communications.
You can opt-out of receiving promotional e-mails from us at any time by following the instructions as provided in e-mails to click on the unsubscribe link, or e-mailing us at the e-mail address set forth in the “Contact Us” section below with the word UNSUBSCRIBE in the subject field of the e-mail. Please note that you cannot opt-out of non-promotional e-mails, such as those about your account, transactions, servicing, or Kepler’s ongoing business relations.
Please note that your opt-out is limited to the e-mail address used and will not affect subsequent subscriptions.
8. Children.
The Service is intended for a general audience and not directed to children under thirteen (13) years of age. Kepler does not knowingly collect personal information as defined by the U.S. Children’s Privacy Protection Act (“COPPA”) in a manner that is not permitted by COPPA. If you are a parent or guardian and believe Kepler has collected such information in a manner not permitted by COPPA, please contact us as set forth in the section entitled “Contact Us” below, and we will remove such data to the extent required by COPPA. We do not knowingly “sell,” as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents.
9. Data Security.
We implement reasonable security measures designed to protect the information in our care, both during transmission and once we receive it. This includes, but is not limited to the use of encryption, the implementation of business continuity policies and incident management procedures and all staff receive training on this. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.
10. Data Retention
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, or otherwise as required under applicable laws. In some circumstances we may anonymize your personal information so that it can no longer be associated with you.
If you apply for a job and are successful in becoming employed by us, we will keep your personal data for the duration of your employment and a period afterwards. If you are unsuccessful in gaining employment with us, we will likely keep your personal data for a short period after informing you that you were unsuccessful. In considering how long to keep your data, we will take into account its relevance to our business and your potential employment either as a record or in the event of a legal claim.
Personal data relating to job applicants (other than the person who is successful) will normally be deleted after 6 months.
11. International Transfer
If you are accessing the Service from outside of the U.S., please be aware that information collected through the Service may be transferred to, processed, stored, and used in the U.S. and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may be different from those of your country of residence. Where permissible by law, your use of the Service or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of your information in the U.S. and other jurisdictions as set forth in this Privacy Policy. If your data is collected in the EEA or the UK, we will transfer your personal data subject to appropriate or suitable safeguards, such as approved Standard Contractual Clauses.
12. Access to your Personal Data and Other Rights
If you are an individual whose personal data we process is subject to the GDPR and/or the UK GDPR you have a right to make a subject access request to receive information about the data that we process about you. If you exercise this right and we hold personal data about you, we are required to provide you with information on it, including:
· Giving you a description and copy of the personal data
· Telling you why we are processing it.
As well as your right to make a subject access request, you may have a number of other rights. These include a legal right to:
require the organisation to erase some but not all of the information we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances.
require the organisation to change incorrect or incomplete data;
require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing; and
ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether your interests override the organisation's legitimate grounds for processing data.
If you have provided us with data about yourself (for example your address or bank details), you may have the right to be given the data in machine readable format for transmitting to another data controller. This only applies if the ground for processing is Consent or Contract.
If you would like to exercise any of these rights, please contact privacy@keplergrp.com.
Individuals may also have the right to make a complaint relating to our data processing practices to their local Supervisory Authority. In the UK, this is the ICO.
13. Changes to this Privacy Policy.
We reserve the right to revise and reissue this Privacy Policy at any time. If we make any material or substantive changes, we will post a clear and conspicuous notice of those changes on the Services and in this Privacy Policy, and may provide you additional notice to your e-mail address. Any changes will be effective immediately upon posting of the revised Privacy Policy. Your continued use of our Service indicates your consent to the Privacy Policy then posted. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
14. Contact Us.
If you have any questions or comments about this Privacy Policy, our data practices, or our compliance with applicable law, please contact us by email at privacy@keplergrp.com.