Privacy Policy

Last updated: December 10, 2024

Kong is committed to protecting and respecting your privacy. We want you to feel confident when we process your personal data. This Privacy Notice explains how we handle your personal data in accordance with applicable laws. It applies to:

  • Customers
  • Users invited by a Customer
  • Participants recorded by a Customer
  • Visitors to our websites
  • Other business contacts

When we provide services to a Customer (the organization that invited you), we may act as a data processor or service provider on their behalf. In these cases, the Customer is responsible for its own privacy practices and for informing you of your rights. We will assist our customers in addressing any privacy concerns you raise with them. If we receive or process deidentified data on their behalf, we will never try to re-identify it.

We only use your personal data for the purposes described here and not in ways incompatible with those purposes.

1. Who We Are

Sales Kong AB (reg. no. 559497–0062) ("Kong," "we," "us," or "our") is responsible for ensuring your personal data is handled lawfully. We primarily process your personal data within the European Union (EU), where data protection standards are high and well-regulated.

2. Data Controller

Kong is the data controller for personal data when we act on our own behalf. If we act as a data processor or service provider to a Customer, that Customer is the data controller for that processing.

3. How We Use Your Personal Data

Purposes:

We may use your personal data for:

  • Providing and Managing Services: To create and manage user accounts, enable features, and support your use of our services.
  • Administering Agreements: To handle contracts and relationships with our Customers.
  • Support and Account Services: To help when you contact us, troubleshoot issues, and maintain service quality.
  • Improving Our Services: To refine our products and services by using feedback and user interaction data. (We may pseudonymize or anonymize data where possible.)
  • Statistics, Analysis, and Business Development: To understand usage patterns, improve performance, develop new features, and sometimes share general, anonymized comparative insights with other users.
  • Marketing Our Services: To send newsletters, inform you about updates, events, and offers (where legally allowed).
  • Preventing Fraud and Abuse: To safeguard our services and users from misuse.
  • Legal Compliance: To meet our obligations under laws and regulations (e.g., accounting or anti-money laundering laws).
  • Legal Claims: To establish or defend against legal claims.
  • Corporate Transactions: To support activities like mergers, reorganizations, or asset transfers.
  • The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements. This is only applicable to users who have signed in with a Google account.

No Large Language Model Training: We do not use your data to train large language models.

Data Categories:

Depending on your interactions with us, we may process:

  • User Data (e.g., name, email, username)
  • Content (e.g., text, audio, video you submit)
  • Performance Data (e.g., progress, completion records)
  • Device Data (e.g., IP address, browser info)
  • Activity Data (e.g., event logs, cookies, session info)
  • Telemetry Data (e.g., technical info like network type)
  • Support Data (e.g., troubleshooting info)
  • Billing Data (e.g., contact details, payment info)

Legal Basis:

We process personal data on different legal grounds:

  • Contractual necessity: For providing and managing services to the Customer that invited you.
  • Legitimate interests: For improving services, analysis, fraud prevention, marketing, and legal claims, unless these interests are overridden by your privacy rights.
  • Legal obligation: For compliance with applicable laws.
  • Consent: For certain marketing or analytics cookies if required by law.

Retention:

We keep personal data only as long as needed for the purpose it was collected. After that, we either delete it or anonymize it. For data used to improve services or for analytics, we keep it as short a time as possible (usually not longer than one year without anonymization). For legal compliance, we may keep certain data longer.

You have rights to access, correct, or request deletion of your data, object to processing based on legitimate interests, and withdraw consent where applicable. See Section 9 for details.

4. How We Collect Data

We collect personal data directly from you (e.g., when you create an account, use our services, contact support) or from other sources (e.g., Customers, public records, analytics providers).

5. Automated Decision-Making

We do not use automated decision-making that significantly affects you.

6. Retention of Personal Data

We only retain personal data as long as necessary for the purposes described. After that, we delete or anonymize it. If we are required by law to retain data longer (e.g., for accounting), we will comply.

7. Sharing Your Data

We may share personal data with:

  • The Customer that invited you.
  • Trusted third-party service providers (e.g., IT, hosting, analytics, payment, marketing).
  • Our subsidiaries and affiliates.
  • A buyer or successor if our company undergoes a merger, sale, or similar transaction.

We do not sell your personal data.

8. International Transfers

We primarily process your personal data in the EU. If we ever transfer personal data outside the EU, we use safeguards like Standard Contractual Clauses or rely on adequacy decisions such as the EU-U.S. Data Privacy Framework.

9. Your Rights

You have the right to:

  • Access: Ask what data we hold about you.
  • Rectify: Correct inaccuracies.
  • Erase: Request deletion when data is no longer needed.
  • Restrict: Limit how we process your data in certain situations.
  • Object: Object to processing based on legitimate interests.
  • Withdraw Consent: If processing is based on consent, you can withdraw it at any time.
  • Data Portability: Get a copy of certain data in a machine-readable format.
  • Complaint: Lodge a complaint with a supervisory authority if dissatisfied with our handling of your data.

To request deletion, email "Erasure of Personal Data Request" to team@saleskong.com. We will verify your identity before processing your request.

10. Security Measures

We take strong security measures to protect your personal data. Our safeguards include secure servers, encryption, controlled access, and regular security testing. We continuously review and update our protections to guard against unauthorized access, loss, alteration, or disclosure of your data. If a breach occurs that may significantly affect you, we will inform you and advise on steps you can take.

You are responsible for keeping your login details confidential and using our services in a secure environment.

11. Cookies

We use cookies and similar technologies to improve and analyze our websites and services. For more details, see our Cookie Notice.

12. Changes to This Privacy Notice

We may update this Privacy Notice at any time. Your continued use of our services after changes means you accept the updated terms.

13. Contact Us

For questions, concerns, or to exercise your rights, please contact us at:

Sales Kong AB (org. no. 559497–0062)
Email: team@saleskong.com
Website: https://saleskong.com/

By using our services, you acknowledge that you have read, understood, and agree to this Privacy Notice as updated.