Kaseya Privacy Statement revised as of July 24, 2023
In many instances, the information we collect is “personal information” as that term is defined under various privacy laws. Personal information is generally information or data that can be used to identify or contact a specific individual, such as name, address, email address, phone number, device identifiers, and other information when linked or tied to a specific person’s device or account.
Before you access any Kaseya website, such as at https://www.kaseya.com (a “website”), purchase or use Kaseya Products, or provide any non- public information to us, you should review this Privacy Statement to understand our information collection and use practices.
2. Information We Collect
We collect certain categories of information about you and the device that you are using, particularly when you visit our websites but also when you use or purchase Kaseya Products, when you provide us information to deliver you newsletters and other communications, when you contact us with inquiries, or when you register for a webinar.
In particular, we collect:
Contact Information: Contact information is information or data that can be used to identify or contact a specific individual. For example, when you access our websites or use Kaseya Products, we ask you to provide certain contact information when you create an account, such as your name, address, phone number, e-mail address, user IDs and passwords, contact preferences, educational and employment background. If you do not wish to provide the information requested, you may not be able to proceed with the activity or receive the benefit for which the personal information is being requested.
Payment Information: If you purchase Kaseya Products from us, you will need to provide us with payment information. This may include billing and other transaction information, credit card numbers, or other financial information that we can use to ensure proper payment for the services you are purchasing.
Automatically-Collected Information: As is true of most websites and SaaS platforms, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.
Tracking and Location Information: We may collect and/or track certain information that is derived from the use of Kaseya Products such as usage patterns, travel patterns, web site page views and traffic patterns. We may use this tracking and location information for statistical purposes to improve Kaseya Products and to help users manage their environment and infrastructure more efficiently, and in sometimes for investigative purposes.
Mobile Device Information: When Kaseya Products are deployed to mobile devices via a Kaseya Application installed on the device, our servers automatically record information that may include: the MAC (Media Access Controller) addresses from the network card in or used with your devices; web requests, Internet Protocol addresses, phone numbers, browser types, browser languages, the date and time of request; and other information regarding internet connection activities. In addition, the information collected and tracked depends upon the system configurations chosen by the administrator and the options enabled by the users and may include device location, device identifier and device user name; status of the mobile device SIM card; MAC addresses and device serial numbers; phone number, signal strength, cell tower, carrier, IMEI#, and other WWAN attributes; first and last name and email address of device user; device check-out/check-in; who uses which device as well as the physical status of the device at the start of a shift and then again at the end of a shift; applications loaded on the device; real-time GPS location tracking and mapping, including analysis of location data and history; or mobile device remote control, including screen capture. The administrator of the device can perform partial or complete erasure of data on user devices, including restoring the device to its factory default. The mechanisms that allow smartphones and mobile devices to be monitored run in the background of the devices. Individuals are notified that these functions may occur but may not be aware when these functions are occurring in real time.
Kaseya Blog: If you use our blogs or any community forum on our websites, you should be aware that any information you submit (including personal information) can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. Although we are not responsible for the information you choose to submit in these forums, we will use reasonable efforts to remove that information from our blogs or community forums (or if we are unable to do so, we will tell you why), provided that you make such a request through our online portal.
Images: If you attend one of our live events, we may publish your image (in any form including photograph, film or livestream) on a Kaseya website, in print, via social media or other publication. We are the owner of any copyright and other intellectual property right in such images. If you upload images into our live event-related applications, we may retain, store and/or use these images.
Telephone Calls: From time to time, we may record phone calls for various purposes including customer service, fact confirmation and quality assurance. If you are in a jurisdiction which requires notice and opt in consent to record, we will provide a mechanism for you to do so.
Backedup Content: Many Kaseya Products provide for the backup and/or storage of customer information (“Backedup Content”) as a Product feature. Backedup Content may include the personal information of customers, the clients of those customers, and the end-users of the customers and clients. Kaseya collects Backedup Content under the direction of its customers, and often pursuant to settings and configurations in the Kaseya Products that are controlled by customers. Kaseya has no direct relationship with the individuals whose personal data is found in the Backedup Content and processed by Kaseya customers. Further, Kaseya generally is not aware of the information found in the Backedup Content. If your data is contained in Backedup Content and you no longer wish to have your data processed by Kaseya, please contact directly the customer (or client) that you interact with for removal of your information from Backedup Content. We may transfer Backedup Content to companies that help us provide our services. Transfers to subsequent third parties are covered by the service agreements with our customers.
Aggregated Data. To better understand and service our customers, we may compile, aggregate, and anonymize personal data which we may share among our group partner companies to: improve the functionality, service, safety, and reliability of our Products; to understand and analyze use, demand, and general industry trends, and; generally for any purpose related to our business. Such aggregate information does not contain personal information and may be derived from information provided by customers, from use of Kaseya Products or from passive data collection techniques described herein. Aggregated Data that does not include personal information may be shared with third parties; Kaseya does not sell its customers or end users’ personally identifiable information to third parties.
Marketing Data. We collect marketing data when you visit our websites, when you provide it to us (for example, on the phone, in person or by webform), when you register for or attend an event or when we collect it from public databases, partners, social media sites or other third parties. We are the controller of marketing data that we collect. Marketing data includes your contact information and “automatic identifiers” like IP addresses, geographic locations, browser type, operating system. We use marketing data to fulfill the purpose for which it was collected (for example, to send requested information, schedule demos, register for events and respond to questions). We also use marketing data to send marketing material about our products and services. We do not sell our marketing data to third parties.
Employment Recruitment Information. When we are recruiting for positions within Kaseya or its affiliates, we collect data about candidates which may vary based on the nature of the position, the candidate’s location and how far in the recruiting process a person advances. Such data may include contact information, resumes, qualifications, skills, educational history, interview notes, test or assessment results, background check results and other biographical information. We are the controller of the data that we collect when we recruit candidates. We collect some of this data directly from you, and also from recruiters, third-party employment sites, social media, personnel referrals, prior employers, references, Kaseya employees that you interviewed with, recruiting events and other sources. We use this information to identify and evaluate candidates for positions within our company, to comply with our legal and compliance obligations, and to improve our recruiting practices. We may share recruiting data among our affiliated companies and with third party service providers that help us in our recruiting efforts.
3. Cookies, Beacons and Similar Tracking Technologies
- Analyzing site usage trends;
- Administering and providing functionality to the site;
- Tracking users’ movements around the site;
- Gathering demographic information about our user base as a whole;
- Saving your shopping cart; and
- Identifying users to remember user settings (e.g. language preference).
Analytics, Targeting and Remarketing: We partner with third parties for analytics services (such as Google Analytics) as well as for remarketing services (such as Google, Bing, Facebook and G2) to: (a) allow Tracking on our Websites; (b) display advertising on our Websites; and/or (c) or provide advertisements about Kaseya on other sites that you may visit (“Remarketing”).
Google Analytics. Google Analytics is among the third party analytics companies that we work with, and most, if not all, of Kaseya Websites use Google Analytics. Google Analytics is a web analytics service offered by Google that performs Tracking and reports website traffic. Google uses the data collected to track and monitor the use of our Products and Websites. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt-out of having your activity available to Google Analytics in a number of ways. For more information on the privacy practices of Google and ways to minimize availability of your information to Google, please visit Google’s Privacy and Terms webpage as well as this Google page that focuses on how Google uses information it gets from its partners, such as Kaseya.
DO NOT TRACK. Kaseya honors Do Not Track (or “DNT”) signals across its Websites, and will not perform Tracking or Remarketing when a DNT browser mechanism is in place
4. How We Use the Information We Collect
We generally use the information we collect to provide and enhance Kaseya Products and to operate our business. Such activities may include, but are not limited to:
- billing and other accounting functions, and processing your transactions;
- establishing accounts and contacting you regarding important information about your Product instances including notices and updates;
- providing technical support and answering other questions you may have;
- editorial and feedback activities;
- marketing and promotion (including providing your contact information to third parties with whom Kaseya has a relationship);
- enforcing agreements;
- investigative and law enforcement activities;
- security and IT management;
- statistical analysis;
- product development;
- conducting surveys, contests and promotions;
- analyzing Kaseya Product and website use;
- responding to your inquiries; monitoring and maintaining our network, and;
- addressing issues that may arise concerning claims of abuse or inappropriate activity.
By providing us with your wireless phone number and agreeing to the prompts, you agree and acknowledge that Kaseya may send text messages to your wireless phone number for any purpose, including marketing. You may ask us to stop text messaging at any time by texting “STOP.”
Some of the information we collect allows us to differentiate users on our network, and in some cases, we act as a pass-through for certain pieces of information to obtain authentication for Internet access. We may compile and otherwise use for any purpose any usage data or other data as set forth in the Kaseya Master Agreement or such other agreement(s) that may exist between you and Kaseya (“Service Agreements”), including information that we may receive by providing support or professional services to you. If you have purchased Kaseya Products, please refer to the Service Agreements to which you are party for further information regarding how we collect and process usage data.If our use of your data is governed by the European Union’s General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”) or under other similar privacy regulations, you should know that we rely on the following legal grounds to process your personal information:
- Performance of a contract – To the extent you have purchased a Kaseya Products, we may need to collect and use your personal information to perform the services which you have purchased. For example, we may use your personal information to respond to requests you make via our website and provide you with such services, and your personal information may be contained in Backedup Content.
- Compliance with law – In certain circumstances we may be required to process your data to comply with legal obligations to which Kaseya is subject.
- Consent – Some of the personal information we collect is provided by you voluntarily, for example when you sign up to join a mailing list or register for an event, and is therefore collected and used with your permission. To withdraw your consent to such use, you can make such a request through our online portal.
- Legitimate interests – We may use your personal information for our legitimate interests, such as to improve Kaseya Products and the content on Kaseya websites.
- Vital interests – We may use your personal information to protect the vital interests of you or of another natural person.
- Public interest – We may also use your personal information when processing is necessary for the performance of a task carried out in the public interest.
- Notification – We may also use your contact information to keep you and others who have provided us with their contact information up-to-date on recent product and service developments. It you wish us to stop using your contact information in this manner, you can make such a request through our online portal.
5. How We Share Information We May Collect
We occasionally hire other companies to assist us in providing Kaseya Products and running our business which may include, for example: handling the processing and delivery of mailings; providing customer support; hosting websites; customer billing; processing transactions; producing events; or performing statistical analysis of Kaseya Products. Those companies will be permitted to obtain only the information they need to fulfill their obligations to Kaseya. They are required to maintain the confidentiality of the information and are prohibited from using it for any other purpose.
We may disclose any information we collect from you if we believe such action is necessary to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information as required by other laws, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure in necessary to protect our rights, protect the property or safety, investigate fraud, avoid damage, or comply with the law.
If we are acquired by or merged with a third party, or if we buy or sell a third party, in most instances this will be announced on our website. In the even of a sale, merger, reorganization, dissolution, or similar event, personal data may be part of the transferred assets.
California Consumer Privacy Act (“CCPA”) Data Collection Practices
The CCPA requires that we provide a description of data collection practices, including specific categories. The following table is provided:
|Categories of Personal Information We Collect||Business Purposes for Which Information May be Used/Disclosed||Parties to Whom Personal Information May Be Shared.|
|Identifiers such as name, email address and unique identifiers tied to your browser or device.||Protection against security threats, abuse, fraud and illegal acts. We use and disclose information to detect, prevent and respond to security incidents and for protection against other malicious, deceptive or fraudulent activity.||Service providers such as security service vendors.|
|Commercial information such as your payment information.||Billing, analytics and auditing. We use information for billing purposes, to understand how our services are used, and to fulfill obligations to our customers. We may also disclose non-personally identifiable information for auditing purposes and similar billing-related purposes.||Service providers, such as trusted businesses or persons that process information on our behalf based on our instruction and in compliance with our Privacy Statement and any other appropriate confidentiality and security measures.|
|Internet, network, and other activity information.||Maintaining our services. We use information to provide services and ensure they work as intended, such as tracking outages or troubleshooting.||Service providers, such as vendors providing security and monitoring services.|
6. Accessing And Changing Your Personal Information: Data Subject Access, Correction, and Deletion Requests under the CCPA, GDPR and other Privacy Laws
Depending on the relevant jurisdiction, you may have certain rights granted to you by law with respect to the personal information Kaseya and others have collected about you. For example, if the GDPR or CCPA applies to the data we have collected about you, you may have the right to access and correct such data, to object to the processing of data, and to request that any information we have about you be erased. Please make this type of request through the online portal or by calling toll free at (877) 926-0001. We will respond to your request within a reasonable timeframe, but no later than one month after you submit the request unless applicable law allows or requires otherwise.
To protect your privacy and security, we may require steps to verify your identity, such as a password and user ID, before granting access to your data. This Section 6 may not apply to Backedup Content, which typically is controlled by the applicable Kaseya customer (or the that customer’s client), and may need to be addressed through that third party as further described in Section 2, above.
7. Third Party Sites and Services
Third-parties with links from Kaseya’s websites (“Linked Sites”) have their own privacy policies which can obtained from those third parties. All such third-parties that have a business relationship with Kaseya are encouraged to participate in industry-standard privacy initiatives and take a responsible attitude towards customer and consumer privacy.
We do not have control the policies or practices of third parties or Linked Sites, and we are not responsible for the privacy practices or content of those sites. We recommend and encourage you to always review the privacy policies of those third parties before you provide any personal information or complete any transaction with such parties.
Our website also includes social media features, such as the Facebook “Like” button and widgets, the “Share this” button and interactive mini-programs. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website, therefore your interactions with these features are governed by the privacy statement of those third parties.
8. Collection and Use of Children’s Personal Information
Kaseya does not knowingly collect or use personal information from children under the age of 13, or equivalent minimum age in the respective jurisdiction. We encourage parents and legal guardians to closely monitor their children’s internet usage and to never provide personal data without their permission.
Other than information held in Backedup Content, if you believe that Kaseya has personal information on your child under the age of 13, or equivalent minimum age depending on jurisdiction, please immediately contact us through Kaseya’s online portal and we will take steps to delete that information from our systems. Backedup Content, which is controlled by the applicable Kaseya customer (or the customer’s client), and must be addressed through that third party as further described in Section 2, above.
9. Cross-Border Data Transfers
For cross-border data transfers from the EU, UK, or Switzerland, Kaseya adheres to the EU-U.S. Data Privacy Framework (DPF) Principles and, as applicable, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
Kaseya may also rely on Standard Contractual Clauses to the Data Processing Agreement for cross-border data transfers from the EU, UK, or Switzerland. Kaseya commits to cooperate with EU Data Protection Authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC), and will comply with the advice given by the applicable authorities with regard to personal data transferred from the EU, UK, and Switzerland.
Kaseya takes information security seriously and uses reasonable measures to protect your information from unauthorized access. For information about our security measures, SOC reports, security advisories, security processes and other information, please visit the Kaseya Trust Center.
When you place orders on our websites, your order information, including your credit card number and delivery address, is transmitted through the Internet using Transport Layer Security (TLS) technology. TLS technology causes your browser to encrypt your order information before transmitting it to our secure server. We use a variety of other security technologies depending on the situation to help protect your information from unauthorized access, use, or disclosure, such as physical access controls, TLS, Internet firewalls, and network monitoring. However, no security system is fully secure, and therefore we cannot guarantee the security of your information or assume liability for improper access to it. By continuing to use our websites and Products, you accept a level of vulnerability despite the security measures we employ, and understand that we are not immune to security breaches, viruses and other such threats and risks. If you use a password to help protect your information, it is your responsibility to keep your password confidential, change the password frequently and use a strong password. We strongly recommend that you do not share this password with anyone.
11. Data Retention
We will retain your information for as long as your account is active, as needed to provide you the Kaseya Product, and/or as provided by law. After your account is closed, we may continue to communicate with you about Kaseya Products or give you important business updates that may affect you unless you have opted out of receiving such communications. If you wish to request that we no longer use your information to provide you Kaseya Products, contact us through the online portal. We will retain and use your information as necessary to comply with our legal obligations, for security and fraud prevention, to resolve disputes, and enforce our agreements. We set retention timeframes based on the type of data.
We will retain Backedup Content for such periods as described in the applicable Kaseya Product Specifications. Such periods are often configurable by Kaseya customers as part of the Product offering. In addition, Kaseya will retain Backedup Content as necessary to comply with our legal obligations, for security and fraud prevention, to resolve disputes, and enforce our agreements.
12. Communication Preferences
You can stop delivery of promotional e-mail or other Kaseya communications by contacting Kaseya through the online portal. Additionally, when you purchase Kaseya Products, we may deliver non-promotional communications related to those products or services which may not be canceled unless you cease use of the product or service.
13. Changes to this Statement
We reserve the right to modify this Privacy Statement at any time, so please review it frequently. If We make material changes to this Statement, We will notify you here, by email, or by means of a notice on Our home page prior to the change becoming effective. Your continued use of Kaseya Products or websites or communication with Kaseya constitutes your agreement to this Privacy Statement and any updates.
14. Contacting Us
If you have questions or concerns, you should first contact the Kaseya Privacy Administrator through the online portal; call (877) 926-0001 or send mail to Kaseya Privacy Administrator 701 Brickell Avenue, Suite 400, Miami, FL 33131.