In compliance with global and regional privacy laws, KORE has documented the process for handling Requests To Be Informed and Requests To Be Forgotten for all KORE products. The requirements regarding data requests vary between regulations. If you have any specific questions not covered in the documentation below regarding how KORE complies with a specific regulation, please contact your customer success representative.
In compliance with global and regional privacy laws, KORE has documented the process for handling Requests To Be Informed and Requests To Be Forgotten for all KORE products. The requirements regarding data requests vary between regulations. If you have any specific questions not covered in the documentation below regarding how KORE complies with a specific regulation, please contact your customer success representative. Provided here are details on a subset of data privacy regulations that KORE is compliant with and monitoring.
The EU's General Data Protection Regulation is a replacement for the 1995 Data Protection Directive and applies to all EU citizens. It is focused on
Right to be Forgotten and Right to Data Portability allow data subjects to:
The GDPR builds on previously existing data access rights. Data subjects are still able to request access to their data, however now organizations cannot charge for processing an access request unless required, excessive cost it can be demonstrated. Access requests must now be processed within 30 days and can only be refused if the organization has clear refusal policies and can demonstrate why the request meets those policies.
While consent of data subjects is already required, the GDPR increases the standards for disclosure when obtaining consent to process or store personal information. The GDPR states that controllers must use "clear and plain" legal language that is "clearly distinguishable from other matters". It also states that any consent must be "freely given, specific, informed and unambiguous". This closes the door for "opt-out" systems or inferred consent. KORE's products are not consumer facing and do not allow consumers to input their information directly. However, as a controller, you will need to put processes in place to prevent unauthorized data from being entered into your KORE system. Under the GDPR, it is essential to make it clear to your users that they are opting in to sharing their data.
CCPA takes the position that consumers own their privacy information and provides them with 5 general rights for their personal information:
These rights allow California residents to request a business:
A sub-processor is a person or business which processes personal data on behalf of KORE's customers as a result of using KORE's products or services. Sub-processers act on behalf of KORE to provide services to customers. Below is a list of KORE's current sub-processors and the function they serve for KORE.
KORE partners with Amazon Web Services (AWS) to provide infrastructure, platform and software services to operate KORE's products and services. AWS does not have direct access to any KORE customer data and is unable to extract KORE customer data from AWS hosted systems. KORE maintins a strict data protection agreement with AWS with well-defined assignment of responsibilities in data protection. More information on AWS is available here
KORE partners with NewRelic to monitor and gather metrics around application performance, log data and usage. NewRelic does not have direct access to customer data stores. The data gathered by NewRelic is abstracted to a high-level but can contain customer specific data points in log messages. KORE maintains a strict data protection agreement with NewRelic. More information on NewRelic is available here