KORE Software Data Privacy Request Overview

Right To Be Forgotten and Right To Be Informed


KORE Products

In compliance with global and regional privacy laws, KORE has documented the process for handling Requests To Be Informed and Requests To Be Forgotten for all KORE products. The requirements regarding data requests vary between regulations. If you have any specific questions not covered in the documentation below regarding how KORE complies with a specific regulation, please contact your customer success representative.

In KORE Activate, end-users are able to delete and retrieve all personal information via the user interface. The only personal information stored is on the contact records. Upon receiving a data request, KORE recommends clearing any personal information from the contact records.
In KORE Suites & Premium, end-users are able to delete and retrieve all personal information via the user interface. The only personal information stored is on records that are stored within the CRM system. Upon receiving a data request, KORE recommends clearing any personal information from the relevant CRM records. These changes will automatically synchronize into the KORE database and clear any relevant information.
In KORE Sponsorship, end-users are able to delete and retrieve all personal information via the user interface. The only personal information stored is on records that are stored within the CRM system. Upon receiving a data request, KORE recommends clearing any personal information from the relevant CRM records. These changes will automatically synchronize into the KORE database and clear any relevant information.
In KORE Ticketing, end-users are able to delete and retrieve all personal information via the user interface. Personal information stored is on records that are stored within the CRM system. Upon receiving a data request, KORE recommends clearing any personal information from the relevant CRM records. These changes will automatically synchronize into the KORE database and clear any relevant information.

In addition to the CRM records, the ticketing system that KORE integrates with contains personal information. KORE recommends clearing the information in the sources ticketing system. These changes will automatically synchronize into the KORE database and clear any relevant information.
KORE DWA receives information from many 3rd party systems. To handle a data request, it is important that the relevant personal information is cleared from all integrated 3rd party systems or it may be re-ingested into the warehouse in the future. To process a request, please complete the below form. You are required to supply contact information for KORE to validate the authenticity of the request prior to processing.

Upon submission, the following steps will be executed:

1. KORE Support will receive a new ticket with the details of the requests
2. KORE Support will contact the requestor to validate the authenticity of the request
3. KORE Support will create internal tickets to process the requests
4. Within 45 days of receiving the requests, the requests for deletion will be executed
5. Within 45 days of receiving the requests, the requests for data will be executed and provided to the requestor
6. Upon completion of the internal tickets, KORE Support will inform the requestor of the completion and the support ticket will be closed

Note that the contact e-mail supplied must be registered with KORE Software's support portal prior to submission. If your e-mail is not registered, you can create an account in KORE Software's support portal here





Data Privacy Regulations

In compliance with global and regional privacy laws, KORE has documented the process for handling Requests To Be Informed and Requests To Be Forgotten for all KORE products. The requirements regarding data requests vary between regulations. If you have any specific questions not covered in the documentation below regarding how KORE complies with a specific regulation, please contact your customer success representative.

Provided here are details on a subset of data privacy regulations that KORE is compliant with and monitoring.

Overview

The EU's General Data Protection Regulation is a replacement for the 1995 Data Protection Directive and applies to all EU citizens. It is focused on

  • Improving data protection for all data subjects in the EU
  • Giving EU data subjects rights to their data
  • Increasing transparency with how companies process and control data.
The regulations took effect on May 25th, 2018 and expand on the Data Protection Directive from 1995.

The full GDPR text can be found here


Right to be Forgotten and Data Portability

Right to be Forgotten and Right to Data Portability allow data subjects to:

  • Have their personal data removed from a controller and any downstream systems
  • Demand a copy of their personal data in a common format
These rights make it easier for users to demand that they be completely removed from a system. As a controller, these requests will be made to you and you will be required to notify all downstream systems, including KORE.

To notify KORE of a request, see the product specific details at the bottom of this page. Request handling will vary from product to product. If you have any questions. Contact help@koresoftware.com


Access

The GDPR builds on previously existing data access rights. Data subjects are still able to request access to their data, however now organizations cannot charge for processing an access request unless required, excessive cost it can be demonstrated. Access requests must now be processed within 30 days and can only be refused if the organization has clear refusal policies and can demonstrate why the request meets those policies.


Consent

While consent of data subjects is already required, the GDPR increases the standards for disclosure when obtaining consent to process or store personal information. The GDPR states that controllers must use "clear and plain" legal language that is "clearly distinguishable from other matters". It also states that any consent must be "freely given, specific, informed and unambiguous". This closes the door for "opt-out" systems or inferred consent.

KORE's products are not consumer facing and do not allow consumers to input their information directly. However, as a controller, you will need to put processes in place to prevent unauthorized data from being entered into your KORE system. Under the GDPR, it is essential to make it clear to your users that they are opting in to sharing their data.

Overview

CCPA takes the position that consumers own their privacy information and provides them with 5 general rights for their personal information:

  • To know hwat personal information is collected about them
  • To know whether and to whom their personal information is sold/disclosed, and to opt-out of its sale
  • To access their personal information that has been collected
  • To have a business delete their personal information
  • To not be discriminated against for exercising their rights under the Act
The regulations took effect on January 1st, 2020 and are applicable all California residents.

The full CCPA text can be found here


Right to be know and right to delete

These rights allow California residents to request a business:

  • Have their personal data deleted from any systems controlled by the business
  • Demand a copy of their personal data in a common format
These rights make it easier for users to demand that they be completely removed from a system. As a controller, these requests will be made to you and you will be required to notify all downstream systems, including KORE.

To notify KORE of a request, see the product specific details at the bottom of this page. Request handling will vary from product to product. If you have any questions. Contact help@koresoftware.com

The New York Privacy Act is currently in committee and being reviewed. There is not currently a known date for the legislation to be passed.
Massachussets S120 is currently in committee and being reviewed. There is not currently a known date for the legislation to be passed.
Nevada SB220 went into effect on October 1, 2017 and focused on requiring websites to have visible and comprehensive privacy policies. It does not cover rights to be forgotteon or informed.
Maryland SB613 is currently in committee and being reviewed. There is not currently a known date for the legislation to be passed.



KORE Data Sub-Processors

A sub-processor is a person or business which processes personal data on behalf of KORE's customers as a result of using KORE's products or services. Sub-processers act on behalf of KORE to provide services to customers.

Below is a list of KORE's current sub-processors and the function they serve for KORE.

KORE partners with Amazon Web Services (AWS) to provide infrastructure, platform and software services to operate KORE's products and services. AWS does not have direct access to any KORE customer data and is unable to extract KORE customer data from AWS hosted systems.

KORE maintins a strict data protection agreement with AWS with well-defined assignment of responsibilities in data protection.

More information on AWS is available here

KORE partners with NewRelic to monitor and gather metrics around application performance, log data and usage. NewRelic does not have direct access to customer data stores. The data gathered by NewRelic is abstracted to a high-level but can contain customer specific data points in log messages.

KORE maintains a strict data protection agreement with NewRelic.

More information on NewRelic is available here