Kastle Systems’ Privacy Policy

Privacy is important to Kastle Systems (“Kastle,” “we” or “us”) and we take seriously our responsibility to secure and protect personal data whether it is used in providing access to our customer’s facilities or detecting threats to those assets. Whether you are a customer, business partner or simply a visitor interested in the services Kastle provides, we have developed a privacy policy (“Privacy Policy”) that covers how we collect, use, disclose, transfer, and store personal identifying information when you purchase, download, install, register with, access, or use any of the Kastle products and solutions including, but not limited to, the myKastle and myKastle Multifamily PLATFORMS; KastlePresence, KastleResident, KastleVisitorPass, and KastleAlert APPLICATIONS; KastleVideo and KastleVisitor SOLUTIONS, and KastleConnect APIs such as EventConnect, VisitorConnect and IdentityConnect.

This Privacy Policy describes Kastle’s privacy practices in relation to general business practices and applies to information we collect through our platforms applications and solutions, via e-mail, text and other electronic communications or transmissions protocols. Please read this Privacy Policy carefully. If you do not agree with our policies and practices, do not download, install, register with, access, or use our applications and services. By visiting our website and providing us with your personal information, you consent to the collection, processing and storage of your personal information as described in this Privacy Policy

By using Kastle’s products, or its services, features, and content (the “Service” or “Services”), you consent to the collection and use of information that you provide us in accordance with this Privacy Policy. We do update this Privacy Policy from time-to-time so please review this Privacy Policy on a regular basis. Your continued use of Kastle’s solutions will be deemed your agreement with and acceptance of any changes to our Privacy Policy. If you do not agree with or accept the changes, then you should stop using Kastle’s services and you should notify us that you do not want your information used in accordance with the changes.

This Privacy Policy does not apply to the practices of third parties that we do not own or control, or to individuals that we do not employ or manage. This Privacy Policy does not apply to information that we collect offline or through any other applications or websites and does not apply to any information you provide to or is collected by any third party.

Collection and Use of Personal Information

Personal information is data that can be used to identify or contact a single person. You may be asked to provide your personal information anytime you are in contact with Kastle or a Kastle affiliated company. You are not required to provide the personal information that we have requested, but, if you chose not to do so, in many cases we will not be able to provide you with our products or services or respond to any queries you may have. We may also automatically collect your information and data through your use of Kastle’s Solutions and the Services. In using Kastle’s Solutions and Services, we may collect and process the following data about you:

A. Information you provide directly to us:

  • By creating a user account (for example, your name, password, PIN, mobile phone number, business e-mail address, and photograph);
  • By filling in forms (for example, to contact us, you may be asked to provide your name, e-mail address, phone number, and PIN);
  • By communicating with Kastle for any reason (for example, service-related emails, like account verification, security and updates).

B. Information that we collect through your use of Apps or the Services:

  • Usage Details. When you access and use any Kastle App, we may automatically collect certain details of your access to and use of the App, including traffic data, location data, logs and other communication data and the resources that you access and use on or through the App.
  • Device Information. We may collect information about your mobile device and internet connection, including the device’s unique device identifier, operating system, browser type, mobile network information and the device\’s telephone number.
  • Location Information. KastlePresence collects real-time information about the location of your device through GPS, WiFi, IP address, Bluetooth services or wireless network triangulation in order to obtain your location to provide the Services. For more information, please see Location-Based Services below.
  • We may collect information such as occupation, zip code, area code and the time zone where our app is used so that we can better understand customer behaviour and improve our products and services.
  • We also record your IP addresses for security and monitoring purposes.
  • If you do not want us to collect this information do not download any of the Kastle Apps. If you do not want us to collect this information and have already installed or downloaded a Kastle App, please delete it from your device.

How We Use Your Information
We use the information that we collect about you or that you provide to us, including personal information, to:

  • Provide you with Kastle Products and the Services, and any other information, products or services that you request from us.
  • Keep you posted on Kastle’s latest software updates.
  • Help us create, develop, operate, deliver, and improve our products, services, and content, and for loss prevention and anti-fraud purposes.
  • Verify your identity, assist with identification of users, and to determine correct services and access.
  • From time-to-time, we may use your personal information to send important notices, such as communications about changes to our terms, conditions, and policies. Because this information is important to your interaction with Kastle, you may not opt out of receiving these communications.
  • For internal purposes such as auditing, data analysis, and research to improve Kastle’s products, services, and customer communications.

We also collect data in a form that does not, on its own, permit direct association with any specific individual, such as zip code, area code, unique device identifier, location, and the time zone where the Kastle app is used so that we can better understand customer behaviour and improve our products, and services. We may collect, use, transfer, and disclose non-personally identifiable information for any purpose.

We may strip data of all personally identifying characteristics and may aggregate the data. This Privacy Policy in no way limits or restricts our collection of aggregate information or of non-personally identifiable information.

If we do combine non-personal information with personal information the combined information will be treated as personal information for as long as it remains combined.

As a Data Processor, we collect and process Account Data on behalf of our customers in accordance with our contractual agreements with them and/or as defined in our Standard Terms and Conditions and/or as required or permitted by law. Personal information entered or captured by our systems on behalf of our customers regarding their employees, visitors or other parties is considered Account Data. Our customers are responsible as Data Controllers for ensuring (i) their Data Subjects receive proper notice of the Data Controllers’ privacy practices, and that (ii) Account Data is obtained in accordance with all applicable laws. Since Account Data is managed by Data controllers, the Data Controller is responsible for providing appropriate notice and choice to its Data Subjects regarding out processing of Account Data on its behalf.  If a Data Subject has any questions or concerns related to our handling of their data, the Data Subject may contact our Data Protection Officers via (insert email here) and we will address the concern by working with the Data Controller, our customer.

Location-Based Services

To provide location-based services via KastlePresence, Kastle may collect and use precise location data, including the real-time geographic location of your device running KastlePresence. Where available, location-based services may use GPS, Bluetooth, and your IP Address, along with crowd-sourced Wi-Fi hotspot and cell tower locations, and other technologies to determine your devices’ approximate location. This location data is collected anonymously in a form that does not personally identify you and is used by Kastle to provide and improve location-based services, unless you otherwise provide us with consent to report the information. All location-based services offered by Kastle require your personal information for the feature to work.

Disclosure of Your Information

Kastle and its affiliates may share this personal information with each other and use it consistent with this Privacy Policy. They may also combine it with other information to provide and improve our products, services, and content.

Kastle and its affiliates may share this personal information with your employer or building operator that is made available through access control readers (for instance, access through secured doors) just as we do today with access control cards to report on and verify access activity, and to indicate location status (for instance, an indication as to whether an individual is in the office).

We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of a reorganization, merger, or sale we may transfer any and all personal information we collect to the relevant third party. In addition, we may share personal information that we collect from you or you provide to us with Kastle’s affiliates and subsidiaries.

We may also disclose personal information that we collect or you provide to us to contractors, service providers, third-party business partners, vendors and consultants who perform services on Kastle’s behalf and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.

It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence − for Kastle to disclose your personal information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate. For example, if there is an emergency evacuation of your building we may share your location status with first responders in the interest of life and safety measures.

We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of reorganization, divestiture, restructuring, dissolution, merger, or other sale or transfer, we may transfer any and all personal information we collect to the relevant third party.

Kastle GDPR Compliance Statement

The EU’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018 and it broadens the scope of the EU data protection law to all foreign companies processing data of EU residents. The GDPR seeks to make consistent the data protection regulations throughout the EU in order to make it easier for companies to comply with its requirements. At Kastle, we strive to exceed the requirements imposed by regulations to secure privacy of individuals who use our Services and visit our platforms. As the regulatory landscape changes, Kastle endeavours to constantly build on the success of 47 years and state of the art engineering to make required operational changes resulting from new legislation.  We are committed to compliance with the GDPR and are actively developing systems to meet its requirements.

Protection of Personal Information

Kastle takes the security of your personal information very seriously. We use commercially reasonable physical, administrative and technological safeguards to protect the information we collect. When your personal information is stored by Kastle, we use computer systems with limited access housed in facilities using physical security measures. Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted through any Kastle app. Any transmission of personal information is at your own risk.

Integrity and Retention of Personal Information

We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

Our Companywide Commitment to Your Privacy

To endeavour to keep your personal information is secure, we communicate our privacy and security guidelines to Kastle employees and strictly enforce privacy safeguards within the company. Our commitment to privacy and security means that from time to time we may change this Policy Statement to accommodate new technologies and practices and improve our practices in order to be compliant with the law.

Privacy Questions

If you have any questions or concerns about Kastle’s Privacy Policy or data processing or if you would like to make a complaint, please contact us at (703) 528-8800. All such communications are examined and replies issued where appropriate as soon as reasonably possible. Kastle may update its Privacy Policy from time to time. When we change the policy in a material way, a notice will be posted on our website along with the updated Privacy Policy.