GDPR FAQ

Below is the Carr Knowledge Inc. GDPR FAQ. If you are looking for our Data Transparency Document click here.

General Data Protection Regulation (GDPR)

Carr Knowledge Inc. has prepared this FAQ to provide a high-level overview about GDPR for our clients and to provide some information about the manner in which we are accounting for GDPR obligations. This FAQ is not a replacement or substitute for our Data Privacy Transparency Statement, found here (link) and you should review that complete statement to understand our data protection policies.

For our customers, subscribers and other data subjects, our Transparency Statement describes to you our policies and procedures that we have enacted to collect and process personal data in compliance with the requirements and protections under the GDPR and this FAQ is intended to highlight key aspects of those policies and procedures.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law giving EU individuals control over their personal data at all times, where ever that data may be located and regardless of who may obtained it.

When does it come into effect?

GDPR was approved in April 2016 but and was enforced on May 25th 2018.

Carr Knowledge Inc. is a US company. Are US companies required to comply?

Yes. Any company that stores or process personally identifiable information for EU residents will be responsible for complying with the new law, even if that company is not based in the EU. However, we value all of our customers’ privacy and that is why we have decided to implement these changes across the board for all customers regardless of their country of residence. While not required for those outside of the EU, we will switch to new GDPR-compliant privacy policies going forward for all.

Does Carr Knowledge Inc. store “Personal Data” as defined by GDPR?

Yes. Personal Data is considered any information which can uniquely identify an individual either directly or indirectly. Carr Knowledge Inc. passes or stores various pieces of user information which would be considered personal data.

What Personal Data does Carr Knowledge Inc. store?

We collect account information that you voluntarily provide to us when signing up for services or seeking support. As a data controller, we may collect and store information such as name, email address, physical address and phone number for billing or payment purposes related to use of the service.

Additionally, we may collect service-related information such as IP addresses, account activity or usage levels to better assist with service delivery and security. We also collect subscriber information on your behalf.

Does Carr Knowledge Inc. Share or Transfer Personal Data?

No Carr Knowledge Inc. does not share or transfer personal data.

We do not expose or make this information available in any way to any third-parties that would identify individuals. We reserve the right to research specific IP Addresses as may be necessary to protect our services, our company, our people, and/or our systems. For example, we would research an IP Address that accessed our systems in the case of a suspected bot, rogue server or other issue that may be affecting service delivery or performance. The raw data/logs containing this information are routinely purged and are not kept long term.

Does any personal data leave Carr Knowledge Inc. or is it transported to non-EU countries?

Yes. Carr Knowledge Inc. has a global reach. This presence requires us to take a comprehensive look at privacy regulations. Our goal is to create the same privacy and security policies for all customers regardless of location and to work with each of our service providers and partners to protect personal data. Carr Knowledge Inc. uses a few third-party applications as part of service delivery.

For PCI and security/privacy reasons, credit card information is transferred directly to our third-party payment processor and is not retained by Carr Knowledge Inc. You will receive transaction information via the email you voluntary provide at the time you sign up or update your credit card information.

Additionally, the email address that you provide at the time of service activation will be used by Carr Knowledge Inc. for account, reporting, billing or support communications.

Carr Knowledge Inc. uses Green Arrow/DRH as its marketing messaging platform and your subscriber email addresses will be transferred to that third party application for processing on our behalf.

AWS and HostGator are utilized to provide service related and support interactions related to delivery of Carr Knowledge Inc. service. They are committed to privacy and specifically EU privacy standards.

Green Arrow/DRH use of your email is in accordance with their Privacy Policy and Terms. You can unsubscribe at any time from the footer of the emails you receive.

We will not otherwise distribute or sell your email address or the email addresses of your subscriber lists.

Are your data processing systems currently in line with GDPR?

Security and privacy of the information you provide to us as part of your Carr Knowledge Inc. account is extremely important. We have made changes for GDPR compliance and will continue to add account preference and security features going forward. As part of this, you can expect to see some of the following updates:

  • Changes to user consent upon sign up for Carr Knowledge Inc. services

  • Information on data transparency

  • Email communications or system notifications

Going forward you may see some more of the following updates:

  • Additional information on data transparency

  • Updates to Privacy Policy and ToS

  • Changes to user consent which may affect sign-up or opt-in to services

  • Further email communications or system notifications to confirm user consent and data use

  • Future changes to the UI for account preference related to security and privacy

We ask that you keep an eye for these changes and updates that may impact your account and take action when requested.

The below outlines our goals and an overview of policies being put into place to address GDPR. Official policies and statements will be reflected in our Terms of Service and Privacy Policy as noted above.

How can customers see the data that is being stored and how will data portability be addressed?

Users can request review of the information that they have voluntarily provided including email address, media files and metadata at any time by submitting a request to support@carrknowledge.com.

Carr Knowledge Inc. service related requests should be sent to support@carrknowledge.com. Account payment transaction information can be requested from billing@carrknowledge.com for Carr Knowledge Inc. customers.


 

What is the Carr Knowledge Inc. data retention period?

Carr Knowledge Inc.’s policy is to ensure data integrity and retention for the period that a customer has active service with the company.

We collect account information that you voluntarily provide to us when signing up for services or seeking support. As a data controller, we may collect and store information such as name, email address, physical address and phone number.

Additionally, we may collect service-related information such as IP addresses, account activity or usage levels to better assist with service delivery and security.

Carr Knowledge Inc. may retain account information, media files and metadata for a period of six months after service cancellation due to the nature of the automated process for suspending and closing accounts for nonpayment. When closing an account, users may delete all media files and metadata from the system before closing the account to ensure no data is actively retained.

Personal and credit card information is removed from our third-party merchant and no longer retained after service with Carr Knowledge Inc. is cancelled.

Account records and other financial documentation is retained for seven (7) years for tax purposes.

Additionally, a copy of internal email communications are archived and maintained indefinitely for legal purposes. These are maintained in an archived system with access restricted to systems personnel.

You may at any time, request that we delete your personal information. In the case where we must retain records according the company’s retention policy, you may request that your personal information be redacted from the accounting records.