Privacy Statement: KYOCERA Fleet Services (KFS)

Last modified: 7 November 2018

This Privacy Statement (“Statement”) applies to the KYOCERA Document Solutions company located in the country where your company is using KYOCERA Fleet Services (“KFS”). If KYOCERA Document Solutions is not located in the country where your company is using KFS, then this Statement applies to KYOCERA Document Solutions Europe B.V. A list of the applicable KYOCERA Document Solutions companies is located under the heading ‘Exercising your rights and contacting us’.

This Statement applies to the collection of personal information by KYOCERA Document Solutions in relation to KYOCERA Fleet Services.

INTRODUCTION

KYOCERA Fleet Services is a powerful, web-based service to perform device management and remote maintenance on a company’s fleet. KYOCERA Fleet Services enables companies and their service staff to view device status, quickly and easily identify and respond to issues and undertake key maintenance task, all from any location.

In this Statement, we will explain in detail the following:

Why are we processing your personal information (purpose)?

A. Billing and supply management. Counter information of your company’s device(s) is shared for the purpose of billing and supply management.

B. User account management. Your company may have directly or indirectly provided us with your name and email address so that we can set-up and manage a user account for you. Note that we provide this service as a data processor under our Data Processing Terms and Conditions, available at www.kyoceradocumentsolutions.eu.

C. Device management. Configuration and maintenance of the device, security settings, asset management, general administrative tasks (such as adding and removing devices). Note that we provide this service as a data processor under our Data Processing Terms and Conditions, available at www.kyoceradocumentsolutions.eu

D. Remote access. In individual cases and after the user has specifically accepted this, log files with device data are created and sent to the KFS server and used for the purpose of remote maintenance of the applicable device. Note that we provide this service as a data processor under our Data Processing Terms and Conditions, available at www.kyoceradocumentsolutions.eu.

E. Quality improvement. Device data, including IP-address and Serial Number of the device, is used for improving the quality and reliability of the device and consumables and system and network scalability.

On what legal basis are we processing your personal information?

The legal basis for processing your personal information for the purposes under A and E. is that we have a legitimate business interest to do so. Here is why:

For purpose (A) we have a legitimate interest to have a contact person available for billing and supply management purpose.

For purpose (E), we need to be able to assess and improve the reliability, quality and performance of the system and customer’s Kyocera devices.

For purposes B – D we are acting as a data processor on your behalf under our Data Processing Terms and Conditions, available at www.kyoceradocumentsolutions.eu.

We have made a careful assessment of your fundamental rights and freedoms and our legitimate business interests and are continuously monitoring the balance. Should you however wish to object to the processing of your personal information based on our legitimate business interest, please see the section ‘Your rights’ below.

Who are we sharing your personal information with?

Your personal information shall only be shared with:

  • KYOCERA Document Solutions Europe B.V. (Netherlands) for the purpose of user account management and quality improvement;
  • KYOCERA Document Solutions Inc. (Japan) for the purpose of quality improvement and managing the hosting of the KFS platform and data;
  • The external KFS hosting provider in the Netherlands (Microsoft Azure region West-Europe);
  • The external service provider for the purpose of quality improvement of KYOCERA products and services;
  • To the extent we are required by law, regulation or court order to disclose your personal information, we may have to share your personal information in compliance with that law, regulation, or court order.

International Transfers

Where we transfer (see above to whom we are sharing your personal information with) your personal information to a country that does not provide an adequate level of protection by domestic law according to the European Commission, we have ensured this adequate level of protection by agreeing on additional appropriate safeguards with that group company or third party through the Standard Data Protection Clauses adopted by the European Commission. A list of countries that have ensured an adequate level of protection according to the European Commission can be found here.

Where we use service providers from the US, such US based service provider has registered itself to be on the EU/US Privacy Shield list and has been self-certified with the US Department of Commerce. More information on the European Commission decision on the adequacy of the EU/US Privacy Shield can be found here.

Alternatively, we may ask you for your explicit consent to the proposed transfer. You may request a copy of the Standard Data Protection Clauses by sending us an email, motivating your request.

For how long do we keep your personal information?

Where possible, we have set specific retention periods for keeping your personal information. These specific retention periods are stated below, or we shall communicate these to you at or before we start processing your personal information.

Where it is not possible for us to use set retention periods, we have stated below the criteria that we use to determine the retention periods.

Specific retention periods

Purpose (A) User account management. We shall keep your personal information related to your user account as long as you have an active user account with us. Inactive user accounts shall be erased after one year of last use. There is no obligation for you from our side to have your account set-up; if you don’t log in for the first time within 30 days of creation of the account, we shall erase it. You may always request us to delete your user account. In that instance, we shall erase your user account within 30 days after your request.

Purpose (B) Billing and supply management. Any (personal) information related to this purpose shall be kept for a period of 6 years (business information) or 10 years (accounting information).

Purpose (C and D) Device management and remote access. We will delete the device log files after one year of creation. When the service engineer comes across the device address book during a remote maintenance session, no information shall be stored from the address book.

Criteria for determining retention periods

In any other circumstances, we use the following criteria to determine the applicable retention period:

  • The assessment of your fundamental rights and freedoms;
  • The purpose(s) of processing your personal information. We shall not keep your personal information longer than is necessary for the purpose(s) we collected it for.
  • Any relevant industry practices or codes of conduct on keeping personal information;
  • The level of risk and cost associated with keeping your personal information (accurate and up-to-date);
  • Whether we have a valid lawful basis to keep your personal information;
  • The nature, scope and context of processing of your personal information and our relationship with you.
  • Any other relevant circumstances that may apply.

In any case, we shall keep your personal information in compliance with applicable legal requirements and we make periodical reviews of the personal information we hold.

Which technical and organisational measure we have taken

We take the security of your personal information very seriously and take all reasonable efforts to protect your personal information from loss, misuse, theft, unauthorized access, disclosure or modification.

In our continuous efforts to achieve excellence in security, all KYOCERA Document Solutions companies that are named in this Statement have acquired the ISO/IEC 27001 certification for Information Security Management System. In addition, specifically for the KFS service KYOCERA Document Solutions Inc. has acquired the ISO/IEC 27017 certification, which certification ensures additional information security controls applicable to the provision of KFS.

Your rights

You have certain legal rights that we wish to inform you of.

Access. You have the right to be informed on whether we process your personal information or not and to related information on that processing.

Rectification. You have the right to have your personal information rectified or completed by us without undue delay. If you have set up an account with us, you have the possibility to rectify or complete your personal information yourself.

Right to be forgotten. You have the right to have your personal information erased by us without undue delay. This right is limited to specific grounds, for example if you have withdrawn your consent, or if you object and there are no overriding legitimate grounds for us to maintain the processing. If you have an account with us, in many instances you have the option to erase your account yourself, in which case all your personal information is permanently deleted.

Restriction of processing. You have the right to request that we restrict the processing of your personal information based on specific grounds. These are (1) the time for us to verify the accuracy of your personal information on your request; (2) instead of erasure of unlawful processing, you request restriction of use instead; (3) you need personal information in legal proceedings; or (4) we are verifying whether our legitimate grounds override your objection to the processing.

Right to object. You have the right to object at any time to our processing of your personal information if such processing is (1) based on our legitimate interest (including us making a profile of you based on your consent); (2) for direct marketing purposes; or (3) necessary for the performance of a task carried out in the public interest or exercise of official authority vested in us. We shall cease to process your personal information based on your objection, unless we demonstrate compelling legitimate grounds overriding your interests, rights and freedoms or if we need your personal information in legal proceedings.

Data portability. We are required to inform you of your right to receive your personal information from us so that you can transmit that personal information to another service provider. For KFS that means that at your request we shall supply you with your personal information related to your user account. It does not include any device data, including data that was transmitted to us in a log file.

Consent withdrawal. If you have supplied us with your personal information based on your consent, you have the right to withdraw such consent at any time. You may do so by unsubscribing from the service that you have subscribed to if applicable. You may also do so by sending us an email to the applicable privacy email address as stated below. We shall then permanently remove your personal information from our database.

Lodging a complaint. You have the right to lodge a complaint with a supervisory authority, in particular in the country of your residence, about our processing of your personal information. You can find a complete list of supervisory authorities here.

Excercizing your rights and contacting us

At KYOCERA Document Solutions we have a network of privacy professionals available, including Data Protection Officers, to assist you with your queries. If you wish to exercise any of your rights, or you have a question about this document, please contact us via email, or send us a letter.

KYOCERA Document Solutions Europe B.V.
Attn.: Data Protection Officer
Bloemlaan 4
2132 NP Hoofddorp
The Netherlands
e-mail: privacy@deu.kyocera.com

Please note that in exercising your rights, we may ask you to complete a request form. We shall then inform you of the process of handling your request.

België/Belgique/Belgien
KYOCERA Document Solutions Belgium N.V.
Attn.: Data Protection Officer
Sint-Martinusweg 199-201
1930 Zaventem
e: privacy@dbe.kyocera.com

Danmark
KYOCERA Document Solutions Danmark A/S
Attn.: Data Protection Officer
Eljby Industrivej 60
2600 Glostrup
e: privacy@ddk.kyocera.com

España
KYOCERA Document Solutions España SA
Attn.: Data Protection Officer
Avenida Manacor 2, Parque Rozas,
28290 Las Rozas, Madrid
e: privacy@des.kyocera.com

France
KYOCERA Document Solutions France S.A.S.
Attn.: Data Protection Officer
Parc Technologique Route de l’Orme
91195 Saint Aubin
e: privacy@dfr.kyocera.com

Nederland
KYOCERA Document Solutions Nederland B.V.
Attn.: Data Protection Officer
Beechavenue 25
1119 RA Schiphol-Rijk
e: privacy@dnl.kyocera.com

Portugal
KYOCERA Document Solutions Portugal Lda.
Attn.: Data Protection Officer
Ruaa do Centro Cultural 41
1700-106 Lisbon
e: privacy@dpt.kyocera.com

Sverige
KYOCERA Document Solutions Nordic AB
Attn.: Data Protection Officer
Box 1273
164 29 Kista
e: privacy@dnr.kyocera.com
 

Turkiye
KYOCERA Bilgitaş Turkey Doküman Çözümleri A.Ş
Attn.: Data Protection Officer
Altunizade Mah. Prof. Fahrettin Kerim Gökay Cad.
No:45 34662 ÜSKÜDAR İSTANBUL
e: privacy@deu.kyocera.com

 

Ceska Republica
KYOCERA Document Solutions Czech, s.r.o.
Attn.: Data Protection Officer
Harfa Office Park Českomoravská 2420/15
Praha 9, 190 00
e: privacy@deu.kyocera.com

Deutschland
KYOCERA Document Solutions Deutschland GmbH
Attn.: Data Protection Officer
Otto Hahnstrasse 12
40670 Meerbusch
e: datenschutz@dde.kyocera.com

Finland
KYOCERA Document Solutions Finland oy
Attn.: Data Protection Officer
Atomite 5 C, 4 krs
00370 Helsinki
e: privacy@dfi.kyocera.com

Italia
KYOCERA Document Solutions Italy S.P.A.
Attn.: Data Protection Officer
Via Monfalcone 15
20132 Milan
e: privacy@dit.kyocera.com

Österreich
KYOCERA Document Solutions Austria GmbH
Attn.: Data Protection Officer
Wienerbergstrasse 11
Turm A, 18. OG, 1100, Vienna
e: privacy@dat.kyocera.com

Rossiya
KYOCERA Document Solutions Russia L.L.C.
Attn.: Data Protection Officer
Shchepkina Street, Building 51/4, Block 2
129110 Moscow
e: privacy@deu.kyocera.com

South Africa
KYOCERA Document Solutions South Africa Pty. Ltd.
Attn.: Data Protection Officer
Hertford Office Park, 90 Bekker Road CNR Allandale, Vorna Valley, 1682
e: privacy@deu.kyocera.com

United Kingdom
KYOCERA Document Solutions (U.K.) Limited
Attn.: Data Protection Officer
Eldon Court 75-77 London Road, Berkshire
RG1 5BS Reading
e: privacy@duk.kyocera.com

Changes to this document

In the event that we modify this document, we will publish it on our website with a revised publication date and, if applicable, notify you of the changed document via your user account.

Other privacy statements

In addition to this Statement, there is an online privacy statement available here.

Scroll to top