Kimo logo

PRIVACY POLICY KIMO B.V.

October 5th, 2020

OVERVIEW

At Kimo, we are committed to protecting the privacy of your data. We do this via five principles (see the Five Principles chapter in this document for more information). This Privacy Policy explains more specifically what information Kimo B.V., established and with offices In Amsterdam, The Netherlands (Chamber of Commerce no 80344585, 'Kimo', 'we', 'us') collects from Account Holders and End Users ("you") through Kimo's websites, browser plug-ins and applications, which we refer to collectively as "the Service." The Service includes the Kimo software.

Please note, if you use Kimo Free, Premium, or Pro, you are both the Account Holder and End User of a Kimo service account. If you use Kimo Business, the Account Holder is the Customer who has contracted with Kimo as defined in our Kimo Business Agreement and the End Users are the individuals whose user accounts are linked to that Kimo Business account. You can find these, and other defined terms used in this policy in our Glossary at the end of this page.

Although significant changes are rare, this policy may be amended as new features, technology, or legal requirements arise, so please check back from time to time. We'll notify you if we make a significant change and, where required, seek your consent.

WHAT PRINCIPLES GOVERN YOUR POLICIES?

Kimo processes your data in accordance with the General Data Protection Regulation (GDPR), the law on data protection and privacy which is applicable in the European Union (EU) and European Economic Area (EEA). At Kimo, we uphold five central principles around data protection, as we believe the future of Artificial Intelligence has to be one of explainable models, transparency and mutual trust. It is our aim to go beyond laws like GDPR and the California Consumer Privacy Act (CCPA) and provide a leading example of how to combine deep technology expertise with sound ethical principles. You can find our principles below, along with an explanation.

  1. Privacy first, intelligence second

Kimo is not a company that makes money from selling your data to third parties for advertising purposes. Our business model is simple: we make money when you decide to pay us for a service that is valuable to you. This means that trust is our biggest asset and keeping your data private is fundamental.

Kimo uses artificially intelligent ('AI') models that can at time be optimized by seeing new data. This optimization makes the models more precise over time, and with that more valuable to End Users. By using our products, you give Kimo opportunity to do certain things with your data so that we can run our service and improve it over time. For example, we back it up, send it over a network, index it for searching, optimize our models with etc. Some of these operations may require us to send your data to our normal business partners – such as the Cloud Partners we use (Google Cloud and Amazon Web Services at this point in time) – that we have contracted with to provide parts of the Kimo Service. Before we do this, we'll always make sure that our contracts with such partners protect your data protection rights as much as possible. The Cloud Partners act as data processors and are not allowed to use the data for any of their own purposes.

Personal data is pseudonymized at all times in our database. In practice, this means that - in the case of a data breach - users have unique URLs as ID-tokens that cannot be traced back to the user. Other data that can be traced back to the user (e.g. addresses for invoicing purposes) are stored in a separate location. This also means that when KIMO uses your data for optimization purposes, it does so at all times by using your data in a pseudonymized form. After this process, we only keep aggregated, anonymous data and delete any data that can be traced back to you.

  1. Your data is secured

Kimo takes appropriate technical and organizational measures to keep everything you put into KIMO secure. We take many precautions to protect your data from accidental loss and theft. Everything you put into Kimo is stored in a highly secure Cloud environment with the highest level of protection available today. This environment also provides automated (offsite) backups for your data, should a server go offline due to unforeseen circumstances (e.g. flooding, earthquake).

There may be features in Kimo where you share notes, insights, or elements of your learning journey (including, in relation to Kimo Business, the Account Holder) with others via Social Media or other means, but these features are optional and whether or not you use them is up to you.

Communications between Kimo clients and servers (and between our various data centers) are all encrypted. We provide industry-leading security technologies, like two factor authentication, to all users, and we're constantly investing in ways to improve data security. We take the utmost care in protecting your password and no one at Kimo will ever ask you for it.

  1. You control your data (and we don't hide it)

You have full control over the data you put into Kimo. Personal data can be requested at any time by users. It can also be deleted instantly by users if desired. KIMO provide this functionality openly and without hiding it from users.

  1. You determine how your data flows

We recognize that learning new materials requires users to write down personal things (e.g. learning notes). These notes belong to the End Users, not to Kimo. For all of those End Users, we are committed to making it straightforward to get all of your data into, and out of, Kimo at any time. For this reason, our platform facilitates easy imports and exports of data.

  1. We provide one Kimo across devices

To ensure Kimo is available across platforms and remembers the context of your learning journey, you have a unique ID that can be used to access Kimo recommendations and notes across devices. Whether you login on your laptop or your smartphone, Kimo will recognize who it is talking to.

WHAT INFORMATION DO WE COLLECT?

We built Kimo to help you learn more effectively and stay relevant in the jobs market. This purpose means that Kimo has access to data around your learning process, and we recognize that those datapoints can contain private information. We collect and receive the following types of information that relate to the user:

  • Basic subscriber information. To open your account and process payments, we collect and receive basic information like your email address and, depending on how you purchase a subscription to Kimo Student, Premium, Pro or Business (each a "Paid Service"), your billing address and other payment information. If you login to KIMO for the first time using an existing account (e.g. Facebook, Google, LinkedIn), we receive basic subscriber information from their APIs.
  • Usage data. We collect and log data on how you use Kimo, for example, the act of creating a note, asking for recommended materials or a summary, or clicking on content. This usage data may be collected through cookies, and similar technologies. This data is used to optimize Kimo for users.
  • Conversation data - video chat. When you talk to Kimo in the 'enhanced' chat (e.g. video chat, where the Kimo software utilizes the camera to see the user), Kimo 'classifies' user data but does not store those data points. Specifically, it collects estimations of i) age, ii) posture, iii) gender, iv) objects in your surroundings, v) sentiment, and vi) facial landmarks - and shows all of these classifications in real time transparently. These 'real time' datapoints are not stored in the database. The profile at the end of the video chat is stored for 72 hours to allow sharing on behalf of the user. The main reason of the video chat is to show transparently what current AI models can capture, and to spark a discussion about its proper use.
  • Conversation data - normal chat. When you talk to Kimo in the normal chat window (e.g. chatbot in the browser or app, without the camera), Kimo can recognize i) sentiment (positive/negative) in the text, ii) intents of the user (e.g. a request for specific content), and iii) discover unrecognized intents (user intents that are unclear to Kimo at this point in time). Kimo can also receive iv) feedback from users through labeling the provided content directly, e.g. with the thumbs-up and thumbs-down symbols provided. Unrecognized intents made by users and feedback data are used anonymously to optimize the Kimo software, as they generally provide us with proof of an unsatisfactory user experience.
  • Location information. We collect the IP address you use to connect to the Service, and — if you choose to share it — your location information from a mobile device.
  • Device information. We collect information about the number and type of devices you use to connect to the Service, as well as information about the operating systems on those devices (e.g., iOS, Android, Windows).

HOW DO WE USE INFORMATION?

As described in our principles, we are committed to protecting the privacy of your information. Below, we describe the ways in which we use the information we collect and receive to provide, maintain, and improve the Service; to provide troubleshooting and customer support; to protect the Service for all our users; to contact you; and to administer Kimo Business accounts.

  • We use a number of technologies to help you get the most out of the Service. Our systems automatically analyze your data to power Kimo features and to continually improve the Service for you in a way that does not require anyone to look at your Content. This may include, for example:
    • Provide you with fitting content to upgrade yourself.
    • Provide you (back) the notes that you stored in Kimo.
    • Suggesting actions to take (e.g. learning tips, breaks to take, more study time to be planned).
    • For Kimo Business users, recommending people in your surroundings as experts. Note that experts will only become experts with their permission.
  • To provide troubleshooting and customer support, our Customer Support team may need to access your information, such as your account email address and information about the Kimo application you are using, subject to the protections described below.
  • In accordance with your communication preferences, we'll occasionally contact you to announce new products and features we build for you, share tips for using Kimo to get more done, make special offers, and provide information about how Kimo works with products and services from our business partners.
  • If you are an End User of a Kimo Business account, please note that the Account Holder of your Kimo Business account (such as your employer or organization) may have established its own rules regarding End Users' access, use, disclosure, or retention of data stored in that account. Also note that while an Administrator of a Kimo Business account has access to the End User accounts linked to that Kimo Business account, an Administrator cannot access an End User's personal Kimo account.
  • Note that our team at Kimo cannot access individual user profiles of Kimo End Users at any time, unless this access is provided by the End User him- or herself.

WHEN AND WHERE DO WE SHARE INFORMATION?

Kimo is not in the business of selling or renting your information, but we work with partners to ensure our Service can be delivered. Here are instances when we may disclose your information — and then only the minimum information necessary:

  • We share your information with Service Providers who process data on our behalf, such as credit card processors and customer management systems (CMS). For example, these Service Providers help us:
    • Operate, develop, and improve the features and functionality of the Service
    • Complete your payment transactions
    • Fulfill your sales and support requests
    • Communicate with you as described elsewhere in this policy
  • We require these providers to agree to strict data protection requirements in keeping with our privacy policy standards and the European Union's General Data Protection Regulation ("GDPR").
  • We do not share your information with any third parties for their own advertising purposes.
  • Your Content is private unless you decide you want to share it. You may choose to share using public links or through any of the Service's features that allow you to share or collaborate on Content ("Collaboration Features"). If you choose to share, we may need to take steps to facilitate your collaboration.
  • In the event of a merger, sale, or reorganization of all or part of our business, information covered by this policy may be transferred in connection with that deal.
  • We might, with your permission, contract with third-party advertising networks in order to deliver relevant KIMO advertisements to you across the Internet and to manage our communications with you. We do not use your Content for these purposes. In addition, we may share with partners or Service Providers a hashed identifier to serve you relevant Kimo ads when you visit partners' and providers' websites, applications or platforms. We may, for instance, participate in the Google Adwords Remarketing, Twitter Tailored Audience and Facebook Custom Audience services. To learn more about the privacy controls that Google, Twitter and Facebook offer and honor for those respective services, please visit here for Google, here for Twitter, and here for Facebook. You may opt out of certain ad targeting and retargeting services by visiting the Digital Advertising Alliance's opt-out page, or the Network Advertising Initiative's opt-out page.
  • We also may share information about you with third parties whenever you consent to or direct such sharing. This includes, for example, if you connect your Kimo account with a third-party app in our App Center.
  • We will not disclose your information to law enforcement or other governmental authorities unless we believe it is required to comply with warrants, court orders, subpoenas, or other lawful government requests. This may include responding to legal requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards of due process. We narrowly interpret all information requests, and we only disclose Content in your account that is specifically responsive to a government warrant or where you have provided your explicit consent.
  • If allowed, we will notify you if we believe we are compelled to comply with a third party's legal demand for your information.
  • In addition, in rare cases, we may share your information as necessary to investigate or take action regarding illegal activities, suspected fraud, or potential threats against persons, property or the systems on which we operate the Service, or as otherwise necessary to comply with our legal obligations.

WHO HAS ACCESS TO INFORMATION?

Consistent with the principles we uphold at Kimo—your data is yours—in most cases, you can manage your information simply by logging into your account and editing your information directly within the Kimo service.

However, if you prefer, you can contact us at legal@kimo.ai to ask us to provide access to, correct, update, or delete your personal information. Please note that we may ask you for proof of account ownership and/or identity before fulfilling your request. We will comply with such requests to the extent required by applicable law.

DATA PROCESSING GROUNDS AND DATA ACCESS RIGHTS

We process Account Holder or End User personal information on one of three grounds, depending on the circumstances: (i) your affirmative consent, in which case you will have the right to withdraw consent at any time; (ii) contractual necessity; or (iii) our legitimate interest in providing the Service.

DATA SUBJECT RIGHTS

You have the right to request us to give you access to your data. If the data are incorrect, incomplete or irrelevant, you have the right to ask us to alter or supplement them. You also have the right to object to the processing of these data and to ask us to erase them.

To the extent that our data processing is based on your consent, you at all times have the right to withdraw your consent. Withdrawal does not affect the lawfulness of the processing that was based on your consent before you withdrew it.

If you wish to make use of the aforementioned rights, please contact us by letter or email, using the contact details shown below. We will take a decision on your request within four weeks.

You also have the right to submit a complaint to the supervisory authority. The competent supervisory authority is the Dutch Data Protection Authority.

HOW LONG IS INFORMATION STORED?

Kimo's mission is to help you learn more effectively. In order to do that, we make the Content you store in Kimo readily accessible to you, until you make the decision to delete it. If you delete your Kimo account and/or your personal data, it will no longer be accessible. As described in our principles, your data is portable and can be exported from Kimo.

Note that Kimo's back-up system, provided by Cloud partners, may retain individual copies of your deleted Content for up to one year due to the nature of those system's operations.

For users who are inactive for extended periods of time, we may close your account to satisfy our obligations under applicable law, and in accordance with our data retention policy. If that happens, we will try to notify you before taking any action.

If Kimo deactivates your account due to a ToS (Terms of Service) violation, then you may contact us to request deletion of your Content, and we will evaluate such requests on a case by case basis, pursuant to our legal obligations.

WHERE IS INFORMATION STORED?

When you use KIMO Software on your computing device, such as by using one of our downloadable applications, some of your data will be stored locally on that device. When you sync your computing device with the Service, that data will be replicated on servers maintained in the EU. This means that if you store information in or submit data to the KIMO website, app or browser plugin, you acknowledge your personal information will be transmitted to, hosted, and accessed in the EU.

ALTERATIONS

We reserve the right to make changes to this privacy statement at any time in accordance with applicable legislation and regulations. Please check this webpage from time to time to see whether any changes have been made.

HOW DO I CONTACT YOU?

Kimo welcomes your feedback regarding this Privacy Policy. If you have questions, comments or concerns about this Policy, please contact us by email at privacy@kimo.ai. Alternatively, you can also send letters to:

Kimo B.V.

Haparandadam 2E3

1013AK Amsterdam

The Netherlands

GLOSSARY

  • Account Holder means the person or entity who has contracted with KIMO as either an individual Free, Premium, or Business user.
  • Collaboration Features means any of the Service's features that allow you to share or collaborate on Content.
  • Content means the text (e.g. notes), images (e.g. pictures of highlighted notes), and other data you choose to input, upload, and store in Kimo.
  • End User means the individual who uses an account on the KIMO service.
  • Kimo (or sometimes "we" or "us") means Kimo B.V.
  • Kimo Service means the Kimo Software (as defined below) and other products, services and websites hosted or made available by Kimo.
  • Kimo Software means the software hosted on Kimo's servers and the software we make available to be deployed by you or a third party to enable capturing of Content originating outside the Service, such as the Kimo browser plugin.
  • Paid Service means Kimo Student, Premium, Pro and Business, and any other Kimo offering for which we collect payment.