Kenshoo d/b/a Skai and the GDPR

Updated: August 2022

What is the GDPR?

GDPR stands for the General Data Protection Regulation (Regulation (EU) 2016/679) – The European Union’s data protection regulation, which came into effect on May 25, 2018.
The GDPR imposes obligations on companies that offer goods and services to data subjects who are in the EU or monitor their behavior, and on some of such companies’ service providers.
In addition, the GDPR provides data subjects who are in the EU with a set of rights with respect to the processing of personal data related to them.
Under the GDPR, for the purposes of Kenshoo d/b/a Skai (“Company”) services, Company is a data processer, and Company’s customers are data controllers. As for personal data collected via Company’s website, Company is a data controller.

What is Personal Data?

The GDPR considers any information relating to an identified or identifiable natural person, a personal data.

Company collects individuals’ contact details if they submit them through Company’s website, including work related information if they apply for a position. Company also collects log-in credentials (usernames and passwords) of Company customers’ users and related usage data, and further collects online identifiers such as  IP addresses and related attribution data when processing data on behalf of its customers.

How is Company addressing the GDPR?

We have invested significant efforts to meet the GDPR requirements, and we continue to do so on an on-going basis.
Here are just a couple of examples of how we do it:

  • Company has designated an EU Representative to serve as a point of contact in the EU.
  • Company employs adequate information security measures, procedures and policies, backed by certifications and annual audits to the SOC II and ISO 27001 by external auditors.
  • Company has in place procedures and policies, including, for example, breach management procedures.
  • Company has in place appropriate transfer mechanisms for transferring data to non-EEA countries (including the adoption of the new SCCs).
  • Company assists its customers in exercising data subjects’ rights and responding to supervisory authorities’ investigations.
  • Company acts in accordance with its customers’ instruction for processing personal data on customer’s behalf.
  • Company executes with its sub-processors Data Processing Addendums, which includes its TOMs.
  • Company conducts periodical risk assessments to ensure proper management of personal data in accordance with GDPR requirements.
  • Company maintains and periodically revisits appropriate contractual terms, to perform as a data processor for our customers.
  • Company regularly monitors through its Chief Privacy Officer the guidance around GDPR compliance and ensures ongoing compliance with the GDPR through internal procedures and processes.
  • Company provides data subjects with opt-out options from mailing lists and from sharing data with third parties.

If you have any additional questions about the GDPR you are welcome to contact Company’s Data Protection Officer at: privacy@skai.io.