How we ensure privacy for users of the Keyfax application.
The questions and answers below are related specifically to the data collected and processed by the Keyfax web application when being used by tenants and / or call centre advisors.
Does Keyfax perform data matching and / or combining?
Yes. Datasets may be shared or replicated with the integrated system. This integrated system is typically an HMS, CRM or tenant portal.
Does Keyfax process data from vulnerable individuals?
Yes. Tenants submitting data may be elderly or vulnerable.
Does Keyfax process special categories of data?
Yes. Keyfax may process special categories of data such as vulnerabilities or criminal convictions.
Does Keyfax perform systematic and extensive evaluation (profiling) of user data?
No.
Does Keyfax perform systematic monitoring of a publicly accessible area?
No
Does Keyfax process data using new technologies such as AI/machine learning, IoT devices, facial recognition etc?
No.
Will the outcome of processing Keyfax data deny individuals access to a service or opportunity?
No.
How will personal data be collected?
Tenant and property details may be passed into Keyfax via a 3rd party host integration or Keyfax scripts may capture all or extra details via a web form as tenants' complete scripts.
During the completion of a Keyfax script users may also upload files such as images or video. These files may contain sensitive data. This data is deleted from the Keyfax web servers every 24 hours by default.
Where will data collected by Keyfax be geographically stored?
Keyfax customers can host data within an on-premises SQL Server database or within a cloud-based SQL Azure database.
Keyfax customers have complete control over where the Keyfax database is geographically located. For on-premises Keyfax installations this is not controlled by Omfax Systems.
How will data collected by Keyfax be used?
Data gathered during the completion of a Keyfax script will be used for communication with tenants for understanding tenant repair or enquiry issues.
How does Keyfax handle data anonymity for the data collected within the Keyfax application and / or database?
When personally identifiable information does need to be persisted Keyfax take measures to ensure this data is deleted when no longer needed. To comply with GDPR requirements customers can also define custom retention policies within Keyfax to periodically purge data within the Keyfax database that may contain personally identifiable information (PII). Options such as encrypting data at rest should ensure any long term personally identifiable information is unintelligible.
