KOSHER SUPERVISION
SERVICE INC. PRIVACY POLICY
Last Modified: 03/11/2024
Welcome to the
Kosher Supervision Service Inc.’s privacy policy.
Kosher
Supervision Service respects your privacy and is committed to protecting your
personal information. This privacy policy will inform you as to how we look
after your personal information when you visit any of our websites myikosher.com, kof-k.org, koshercertificate.com,
and b2bkosher.com,
including their respective subdomains (collectively, the “Website”) and mobile
applications iKosher Mobile and iKosher
Food Service Manager (collectively, the “App”), once you have downloaded them
onto your mobile telephone or handheld device (the “Device”) (regardless of
where you access or visit them from) and tell you about your privacy rights and
how the law protects you.
Because we offer our services on a global basis we have chosen to use the European Union (GDPR) model,
often considered as the strictest model for user
transparency, as the format for this privacy policy. Consequently, because of
the location from which you access our Website and/or
App, you may not necessarily understand the meaning of some of the terms used
in this privacy policy; we therefore refer you to our Glossary of terms at the
end of this privacy policy to help you make better sense of this document.
1. IMPORTANT
INFORMATION AND WHO WE ARE
2. THE DATA WE
COLLECT ABOUT YOU
3. HOW IS YOUR
PERSONAL INFORMATION COLLECTED?
4. HOW WE USE YOUR
PERSONAL INFORMATION
5. DISCLOSURES OF
YOUR PERSONAL INFORMATION
9. YOUR RIGHTS IN
RELATION TO YOUR PERSONAL INFORMATION
1. IMPORTANT
INFORMATION AND WHO WE ARE
Purpose
of this privacy policy
This privacy policy however does not
apply to any personal information processed in connection with the Kosher
Certification Services (our “Services”) that we provide to our clients (our
“Customers”).
In our processing of Personal Information
in connection with Services we provide to our Customers,
we act as a data processor under applicable data privacy laws, and in that
context our Customers act as data controllers on behalf of whom we process data
for purposes of the Services.
When we act as data processor
our processing of Personal Information isn’t governed by this privacy policy
but by our Data Processing Addendum or other data processing terms in place
between Kof-K Kosher Supervision and each Customer.
For more information on our processing of your Personal Information as a data
processor, please contact the Customer that collected your Personal Information
in connection with the Services.
By accessing and using our Website and
App, you agree that you have read and understand this privacy policy and you
consent to the privacy practices (and any uses and disclosures of information
about you) that are described in this privacy policy.
Our
Website and Apps are not intended for children under 16 years of age. No one
under age 16 may provide any information to or on the Website or App. We do not
knowingly collect personal information from children under 16. If you are under
16, do not use or provide any information on the Website or App, or on or
through any of their respective features, or provide any information about
yourself to us, including your name, address, telephone number, or email
address. If we learn we have collected or received personal information from a
child under 16 without verification of parental consent, we will delete that
information. If you believe we might have any information from or about a child
under 16, please contact us by email at privacy@kof-k.org.
Contact details
Full
name of legal entity: Kosher Supervision Service Inc.
Email
address: privacy@kof-k.org
Postal address: 201 The Plaza
Teaneck,
NJ 07666
United
States
If
you are based in the European Union or in the United Kingdom you also have the right to make a complaint at any time to
your national supervisory authority for data protection issues. We would,
however, appreciate the chance to deal with your concerns before you approach
the regulator so please contact us in the first
instance.
Changes to the privacy policy and your duty to inform us of
changes
We
keep our privacy policy under regular review. This version was last updated
on 02/XX/2024.
We reserve the right
to change the terms of this privacy policy at any time. When we do, we will
post the revised privacy policy to our Website and
make it accessible from our App, and the last revision date of revision will be
updated so that you will always be able to understand what information about
you we collect, how we use your information, and under what circumstances we
may share your information with others. We will notify you of any material
changes by way of a pop-up notice on the Website and App announcing that the
privacy policy has changed, and pointing the changes
to your attention.
It
is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal
information changes during your relationship with us.
Our
Website and App may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling
those connections may allow third parties to collect or share information about
you. We do not control these third-party websites and are not responsible for
their privacy statements. When you leave our Website
or App, we encourage you to read the privacy policy of every website you visit.
Please
note that we also do not control third parties' collection or use of your
information to serve interest-based advertising. However
these third parties may provide you with ways to choose not to have your
information collected or used in this way. If you are based in the United States you can opt out of receiving targeted ads from
members of the Network Advertising Initiative ("NAI") on the NAI's website at http://optout.networkadvertising.org. If you are based in the European Union you may visit
the website of the European Interactive Digital Advertising Alliance (“EIDAA”)
at https://www.edaa.eu as
well as of the European Advertising Standards Alliance (“EASA”)
at http://www.easa-alliance.org. If you are based in the UK
you can contact the Advertising Standards Authority at https://www.asa.org.uk/.
Residents of certain states may have additional personal information rights and choices. Please see Your State Privacy Rights on page 9 for more information.
Social
Media Features
Our Website and App include
Social Media Features, such as links to our company pages on Facebook and
Instagram. As a result of you liking us on Facebook
or following our company on Instagram these features may collect your IP
address or Mobile ID, information on which page you are visiting on our Website and/or App, and may set a cookie to enable the
feature to function properly. Social Media Features are either hosted by a
third party or hosted directly on our Website and/or
App. Your interactions with these Features are governed by the privacy policies
of the companies providing them.
2. THE
DATA WE COLLECT ABOUT YOU
· Identity
Data includes first name, maiden name, last name, username
or similar identifier, title.
· Contact
Data includes billing address, delivery address, email
address and telephone numbers.
· Device Data includes the type of mobile device you use your
mobile operating system, the type of mobile browser you use, time zone setting.
·
Technical Data includes
internet protocol (IP) address, your login data, browser type and version, time
zone setting and location, browser plug-in types and versions, operating system
and platform, and other technology on the devices you use to access this
Website.
· Profile
Data includes your username and password.
· Usage
Data includes information about how you use our Website
and App.
· Marketing
and Communications Data includes your preferences
in receiving marketing from us and our third parties and your communication
preferences.
We also collect, use and share Aggregated Data such as
statistical or demographic data for any purpose. Aggregated Data could be
derived from your personal information but is not considered personal
information in law as this information will not directly or
indirectly reveal your identity. For example, we may aggregate Usage Data to
calculate the percentage of users accessing a Website or
App feature. However, if we combine or connect Aggregated Data with your
personal information so that it directly or indirectly identifies you, we treat
the combined data as personal information in accordance with this privacy
policy.
We do not collect
any Special Categories of Personal Data about you (this
includes details about your race or ethnicity, religious or philosophical
beliefs, sex life, sexual orientation, political opinions, trade union
membership, information about your health, and genetic and biometric data),
except at your initiative when, for instance, you contact us mentioning your
title of “Rabbi” or when, in order to provide our Services, we need to collect
information on your religious beliefs.
When we collect
these Special Categories of Personal Data we take the
greatest care and adopt all appropriate measures in order to ensure the highest
level of security is applied to the data.
We do not collect
any information about criminal convictions and offences.
If you fail to provide personal information
Where we need to
collect personal information by law, or under the terms of a contract we have
with you, and you fail to provide that information when requested, we may not
be able to perform the contract we have or are trying to enter
into with you (for example, to provide you with our Kosher certification
services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
3. HOW
IS YOUR PERSONAL DATA COLLECTED?
We
use different methods to collect data from and about you including through:
Direct
interactions
You may give us your
Identity and Contact Data by filling in forms or by corresponding with us by
post, phone, email or otherwise. This includes personal information you provide
when you:
· apply
for our Services;
· create
an account on our Website;
· ask
to view one of our KOF-K certified products;
· subscribe
to our newsletter;
· sign
up to receive a Free Kosher Consultation;
· send
us a Kashrus question through our Ask The Rabbi form;
· request
marketing to be sent to you; or
· give
us feedback or contact us through our Contact The KOF-K form.
This
also includes information (including Identity and Contact) you consent to
giving us about you by filling in forms on the App or that you provide provide
when you download, or log in to access, our App, or when you report a problem
with our App. If you contact us, we will keep a record of that correspondence.
Automated
technologies or interactions
As you interact with
our Website or App, we will automatically collect
Technical, Device, and Usage Data about your equipment, browsing actions and
patterns. We collect this personal information by using cookies, server logs
and other similar technologies. We may also receive Technical, Device and Usage
Data about you if you visit other websites employing our cookies. Please see
our cookie policy for
further details.
Third
parties sources
Your Technical Data
is processed by Analytics and IT Security providers such as Google Analytics, StatCounter and CloudFare all
based in the U.S.
4. HOW
WE USE YOUR PERSONAL INFORMATION
· Where
we need to perform the contract
we are about to enter into or have entered into with you.
· Where
it is necessary for our legitimate interests (or those of a third party) and
your interests and fundamental rights do not override those interests.
· Where
we need to comply with a legal obligation.
·
Where we have obtained your active agreement to use your
personal data for a specified purpose, for example if you subscribe to an email
newsletter.
Click here to
find out more about the types of lawful basis that we will rely on to process
your personal information.
Purposes for which we will
use your personal information
Purpose/Activity |
Type of data |
Legal basis |
To register you as a new customer and allow you to install our App and
use their respective contents |
Identity Contact Device |
Performance of a contract with you |
To process and deliver your order including: (a) Process your purchases, send you updates about your order, deliver and manage your order (b) Manage payments, fees and charges (c) Collect and recover money owed to us |
Identity Contact Marketing and Communications |
Performance of a contract with you (process your purchases, send you updates
about your order, deliver, and manage your order, including to collect
payments, fees and charges) Necessary for our legitimate interests (to start legal proceedings to
recover debts due to us) |
To manage our relationship with you which will include notifying you
about changes to our privacy policy |
Identity Contact Profile |
Necessary to comply with a legal obligation (to inform you of any
changes to our privacy policy) |
To administer and protect our business, this Website and our App (including
troubleshooting, data analysis, testing, system maintenance, support,
reporting and hosting of data) |
Identity Contact Technical Device |
Necessary for our legitimate interests (for running our business,
provision of administration and IT services, network security, to prevent
fraud and in the context of a business reorganization or group restructuring
exercise) |
To deliver relevant Website content to you |
Identity Contact Profile Usage Marketing and Communications Technical |
Necessary for our legitimate interests (to study how customers use our
services, to develop them, to grow our business and to inform our marketing
strategy) |
To use data analytics to improve our Website and App, services,
marketing, customer relationships and experiences |
Technical Usage Device |
Necessary for our legitimate interests (to define types of customers
for our services, to keep our Website and App updated and relevant, to
develop our business and to inform our marketing strategy) |
To make suggestions and recommendations to you about goods or services
that may be of interest to you |
Identity Contact Technical Usage Profile Marketing and Communications |
Necessary for our legitimate interests (to develop our services and
grow our business) |
To provide technical and customer support to you |
Identity Contact Technical Usage Profile Device |
Necessary to provide an optimal customer support experience |
Marketing
We will get your
express opt-in consent before we share your personal information with any third
party for marketing purposes, including service providers who perform marketing
services on our behalf, such as sending communications to you on our behalf, or
serving advertisements to you.
You can ask us or
third parties to stop sending you marketing messages at any time by contacting
us by email at unsubscribe@kof-k.org.
Where you opt out of
receiving these marketing messages, this will not apply to personal information
provided to us as a result of a service purchase,
warranty registration, service experience or other transactions.
U.S
Residents: Your State Privacy Rights
California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents with rights to:
· Confirm whether we process their personal information.
· Access and delete certain personal information.
· Correct inaccuracies in their personal information, taking into account the information's nature processing purpose (excluding Iowa and Utah).
· Data portability.
· Opt-out of personal data processing for:
- targeted advertising (excluding Iowa);
- sales; or
- profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).
· Either limit (opt-out of) or require consent to process sensitive personal information.
The exact scope of these rights may vary by state. To exercise any of these rights please send an email to privacy@kof-k.org.
Do
Not Track “DNT” Signals
While we take all
reasonable steps to protect the privacy of our Website
visitors, we cannot promise that the current limitations of our online
applications programming will address every browser setting or honor every
personal browser preference. In particular, we have
not implemented the necessary program changes to honor “Do Not Track” or “DNT”
browser signals. As our online applications programming is refined, we will
take all reasonable steps to honor such requests in the future. Please return
to this privacy policy for further updates on this topic.
Cookies
You
can set your browser to refuse all or some browser cookies, or to alert you
when websites set or access cookies. If you disable or refuse cookies (or
mobile cookies), please note that some parts of this Website or our App may
become inaccessible or not function properly. For more information about the
cookies we use, please see our Cookie
Policy.
5. DISCLOSURES
OF YOUR PERSONAL INFORMATION
We
may share your personal information with the parties set out below for the
purposes set out in the table Purposes
for which we will use your personal information above.
· Third
Parties as set out in the Glossary.
· Third
parties to whom we may choose to sell, transfer or merge parts of our business
or our assets. Alternatively, we may seek to acquire other businesses or merge
with them. If a change happens to our business, then the new owners may use
your personal information in the same way as set out in this privacy policy.
We require all third
parties to respect the security of your personal information and to treat it in
accordance with the law. We do not allow our third-party service providers to
use your personal information for their own purposes and only permit them to
process your personal information for specified purposes and in accordance with
our instructions.
6. INTERNATIONAL
TRANSFERS
Please note that we are a U.S.-based company. When you connect to our Website your personal information will automatically be stored in our data centers, which are also based in the U.S.
EU and UK residents
We
share your personal information within KOF-K. If you are based in the United
Kingdom or the European Union, this will involve transferring your information
outside the United Kingdom or the European Economic Area (EEA).
· We
will only transfer your personal information to countries that have been deemed
to provide an adequate level of protection for personal information by the
European Commission. For further details, see European Commission: Adequacy of the protection
of protection of personal data in non-EU countries.
· Where
we transfer your personal information within our company or where we use
certain service providers, we may use specific contracts approved for use
in the UK or by the European Commission (as applicable) which give personal information
the same protection it has in Europe, namely the UK International Data Transfer
Agreement or the UK International Data Transfer Addendum to the European
Commission’s standard contractual clauses for international data transfers, or
the EU Commission’s standard contractual clauses (as applicable). For further
details, see European Commission: Model
contracts for the transfer of personal data to third countries and UK Information Commissioner’s Office:
International data transfer agreement and guidance
· Where
we use providers based in the US, we may transfer your personal information to
them if they are part of the EU-U.S. and/or Swiss-U.S. Data Privacy Framework which
require them to provide similar protection to personal information shared
between Europe and the U.S. For further details, see Data Privacy Framework .
Please contact us
at privacy@kof-k.org if you want further
information on the specific mechanism used by us when transferring your
personal information out of the UK or the EEA.
Canadian residents
If you are based in Canada
please note that our company is based in the United States and that when you
connect to our Website or when we provide you with our services we will
transfer your personal information to the United States for processing in
accordance with this privacy policy.
We will also transfer outside of Canada the personal
information about you that we collect, that we receive from third parties or
that you provide to us as described in this privacy policy to contractors,
service providers, and other third parties we use to support our business (such
as analytics and search engine providers that assist us with Website
improvement and optimization).
When we transfer your personal information in and to a
foreign country, these countries have different privacy laws that may or may
not be as comprehensive as Canadian law. In these circumstances, the
governments, courts, law enforcement, or regulatory agencies of that country
may be able to obtain access to your personal information through the laws of
the foreign country. Whenever we engage a service provider, we require that its
privacy and security standards adhere to this policy and applicable Canadian
privacy legislation. For more information on our policies and practices with
respect to the use of service providers located outside of Canada please
contact us at privacy@kof-k.org.
By
submitting your personal information or engaging with the Website, you consent
to this transfer, storage, or processing.
7. INFORMATION SECURITY
We have put in place
appropriate security measures to prevent your personal information from being
accidentally lost, used or accessed in an unauthorized
way, altered or disclosed. In addition, we limit access to your personal
information to those employees, agents, contractors and other third parties who
have a business need to know. They will only process your personal information
on our instructions and they are subject to a duty of
confidentiality.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website or App, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted through our Website and/or App. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures we provide.
We have put in place
procedures to deal with any suspected personal data breach and will notify you
and any applicable regulator of a breach where we are legally required to do
so.
Should
you wish to receive any additional information about our information security
please contact us by email at privacy@kof-k.org.
8. INFORMATION
RETENTION
How long will you use my personal information for?
We
will only retain your personal information for as long as reasonably necessary
to fulfill the purposes we collected it for, including for the purposes of
satisfying any legal, regulatory, tax, accounting or reporting requirements. We
may retain your personal information for a longer period in the event of a
complaint or if we reasonably believe there is a prospect of litigation in
respect to our relationship with you.
To determine the
appropriate retention period for personal information, we consider the amount,
nature and sensitivity of the personal information, the potential risk of harm
from unauthorized use or disclosure of your personal information, the purposes for
which we process your personal information and whether we can achieve those
purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details
of retention periods for different aspects of your personal information can be
obtained by contacting us by email at privacy@kof-k.org.
In
some circumstances, you can ask us to delete your information: see your
rights in relation to your personal information below
for further information.
9. YOUR
RIGHTS IN RELATION TO YOUR
PERSONAL INFORMATION
If you
are a Data Subject in the EEA, Switzerland or the UK and wish to exercise
rights in accordance with the EU or UK data protection laws,
please contact the organization that shared your personal information with us.
Under
certain circumstances, you have rights under data protection laws in relation
to your personal information. Please click on the links below to find out more
about these rights:
· Request access to your
personal information.
· Request correction of your
personal information.
· Request erasure of your
personal information.
· Object to processing of
your personal information.
· Request restriction of
processing your personal information.
· Request transfer of your
personal information.
If you wish to
exercise any of the rights set out above, please contact us by email at privacy@kof-k.org.
No fee usually required
You
will not have to pay a fee to access your personal information (or to exercise
any of the other rights). However, we may charge a reasonable fee if your
request is clearly unfounded, repetitive
or excessive. Alternatively, we could refuse to comply with your request in
these circumstances.
Time limit to respond
We
try to respond to all legitimate requests within one month. Occasionally it
could take us longer than a month if your request is particularly complex or
you have made a
number of
requests. In this case, we will notify you and keep you updated.
10. GLOSSARY
LAWFUL BASES
Legitimate
Interest means
the interest of our business in conducting and managing our business to enable
us to give you the best service and the best and most secure experience. We
make sure we consider and balance any potential impact on you (both positive
and negative) and your rights before we process your personal information for
our legitimate interests. We do not use your personal information for
activities where our interests are overridden by the impact on you (unless we
have your consent or are otherwise required or permitted to by law). You can
obtain further information about how we assess our legitimate interests against
any potential impact on you in respect of specific activities by contacting us.
Performance
of Contract means
processing your information where it is necessary for the performance of a
contract to which you are a party or to take steps at your request before entering into such a contract.
Comply
with a legal obligation means
processing your personal information where it is necessary for compliance with
a legal obligation that we are subject to.
Consent
means processing your personal information where you have signified your
agreement by a statement of clear opt-in to processing for a specific purpose. Consent will only be valid if it is a freely
given, specific, informed and unambiguous indication
of what you want. You can withdraw your consent at any time by contacting us.
Service providers
acting as processors, based in the U.S., who provide analytics and IT security
such as Google, CloudFare or StatCounter.
Service providers
acting as processors, based in the U.S., who provide help desk and customer
service systems, such as Zendesk.
YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION
Request access to
your personal information (commonly known as a "data subject access
request"). This enables you to receive a copy of the personal information
we hold about you and to check that we are lawfully processing it.
Request
correction of
personal information that we hold about you. This enables you to have any
incomplete or inaccurate information we hold about you corrected, though we may
need to verify the accuracy of the new information you provide to us.
Request erasure of
your personal information. This enables you to ask us to delete or remove
personal information where there is no good reason for us continuing
to process it. You also have the right to ask us to delete or remove your
personal information where you have successfully exercised your right to object
to processing (see below), where we may have processed your information
unlawfully or where we are required to erase your personal information to
comply with local law. Note, however, that we may not always be able to comply
with your request of erasure for specific legal reasons which will be notified
to you, if applicable, at the time of your request.
Object
to processing of
your personal information where we are relying on a legitimate interest (or
those of a third party) and there is something about your particular
situation which makes you want to object to processing on this ground as
you feel it impacts on your fundamental rights and freedoms. You also have the
right to object where we are processing your personal
information for direct marketing purposes. In some cases, we may demonstrate
that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of
your personal information. This enables you to ask us to suspend the processing
of your personal information in the following scenarios:
o If
you want us to establish the information's accuracy.
o Where
our use of the information is unlawful but you do not
want us to erase it.
o Where
you need us to hold the information even if we no longer require it as you need
it to establish, exercise or defend legal claims.
o You
have objected to our use of your information but we
need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of
your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your
personal information in a structured, commonly used, machine-readable format.
Note that this right only applies to automated information which you initially provided consent for us to use or where we used the
information to perform a contract with you.
Withdraw
consent at any time where
we are relying on consent to process your personal information. However, this
will not affect the lawfulness of any processing
carried out before you withdraw your consent. If you withdraw your consent, we
may not be able to provide certain services to you. We will advise you if this
is the case at the time you withdraw your consent.