LASHTRED INC. o/a KPI SIGHT
PRIVACY POLICY

  1. PURPOSE

    1. The purpose of this Privacy Policy is to establish a comprehensive framework for protecting the privacy of personal information collected, processed, and stored by KPI Sight. You may provide Personal Data through our Website and Platform.

    2. This Policy ensures that KPI Sight respects individual privacy rights, and maintains the trust of customers, employees, and other data subjects through compliance with applicable privacy laws and regulations, including SOC 2 and GDPR requirements for confidentiality and privacy.


  2. SCOPE

    1. This Policy applies to all employees, contractors, consultants, and third-party vendors of KPI Sight who handle personal information.

    2. This Policy applies only to the processing of Personal Data by us and does not address the privacy practices of other parties from which we are not responsible.

    3. We do not knowingly process or request Personal Data from persons under the age of 18. If you are such a person, please do not use the Platform or send us your data. We delete all the Personal Data about which we learn to have been provided by a person under the age of 18 without the consent of a parent or legal guardian.


  3. WHAT DATA DO WE PROCESS?

    1. Personal Data. We process Personal Data provided voluntarily while using the Platform or Website. This includes customer contact information, employee data (for access control), and vendor data. Personal Data encompasses all personally identifiable information (PII) regardless of format or storage medium.

    2. Operational & Dealership Data. In addition to Personal Data, KPI Sight processes Operational Data ingested from dealership management systems (DMS) and other business tools. This includes, but is not limited to:

      1. Inventory Data: Stock levels, vehicle identification numbers (VIN), and acquisition costs.

      2. Sales & Financial Data: Transaction records, gross profit analytics, and departmental performance metrics.

      3. Service & Parts Data: Work order details, technician efficiency, and parts turnover. This data is treated with the highest level of confidentiality under our SOC 2 security framework.

    3. Technical Data. We automatically collect technical data (IP addresses, browser type, surfing habits) for statistical purposes. We never use technical data to identify you as an individual unless required for security auditing or legal compliance.


  4.   PROCESSING PURPOSES

    1. We process your Personal Data for the purpose of performance of the contract concluded with you, based on your decision to use the Platform.

    2. This purpose includes the following processing activities:

      1. Informing about updates and new functions to our services

      2. Notification of updates to our Terms and Conditions and this Policy;

      3. Answering your queries about our services;

      4. Resolving any problems and disputes related to the contract between us.

    3. Training our algorithmic models.

      1. For this purpose, we process your anonymized Personal Data that you have voluntarily provided to us when using the Platform for model training.

      2. The legal basis for such processing is the performance of the contract in accordance with relevant privacy frameworks. You may opt-out at any time of your anonymized Personal Data being used to train our models.

    4. Improving our services. For this purpose, we collect anonymized information about how you use the Platform, such as your clicks, the features you use, the time you spend on each screen, and other analytical data.

    5. Marketing. We may offer services to you via e-mail if you have agreed to receive newsletters on our Website, thereby giving us your consent to the processing of your e-mail address for marketing purposes. In this case, we process your e-mail address on a legal basis, which is your consent in accordance with relevant privacy frameworks.


  5. THIRD PARTIES

    1. Your Personal Data is primarily processed by us. We do not share your Personal Data with any recipients unless one of the following circumstances occurs:

      1. It is necessary in order for us to fulfill our obligations to you: In the event that our subcontractors with whom we work to operate our Platform need access to your Personal Data, we have taken appropriate contractual and organizational measures to ensure that your Personal Data is processed in accordance with all applicable laws and regulations.

      2. It is necessary for legal reasons: We may share your Personal Data with recipients outside of the Company if we believe in good faith that specific access to your Personal Data and the corresponding use is proportional and necessary to (i) comply with all applicable laws; (ii) detect, prevent and resolve fraud and security or technical problems; and/or (iii) protect the interests, property or safety of the Company, our users or the public, in accordance with the law.

    2. Where Personal Data is shared with third-party recipients for the reasons set out above, KPI Sight ensures that such providers maintain an equivalent or higher standard of data protection and security.


  6. CROSS-BORDER DATA TRANSFERS

    1. As a company headquartered in Canada, your Personal Data may be transferred to and processed in Canada, as well as other countries outside the European Union and European Economic Area. Canada has been recognized by the European Commission as providing an adequate level of Personal Data protection. For any transfers to other countries, we ensure appropriate safeguards are in place, such as standard contractual clauses and/or binding corporate rules.

    2. Regardless of where your Personal Data is processed, the Company will take appropriate technical, legal, and organizational measures to ensure that the level of protection is equivalent to that required within the European Union and the European Economic Area. If you would like to learn more about our international data transfers and the safeguards we have in place, please contact us at support@kpisight.com. In the event of a merger, acquisition, or other corporate reorganization, your Personal Data may be transferred as part of that transaction. We will notify you of any such event (for example, by email to the address associated with your account) and explain your options at that time.


  7. DATA SECURITY

    1. We take all proportional and appropriate security measures to protect us and our customers from unauthorized access or unauthorized alteration, disclosure, or destruction of Personal Data. Measures include, where appropriate, encryption, firewalls, secure devices, and access rights systems.

    2. Privacy compliance activities will be regularly monitored and audited to ensure compliance with this Policy and applicable regulations. This includes annual reviews of processing activities, data subject rights fulfillment, and privacy impact assessments.

    3. Should a data breach occur despite security measures that are likely to adversely affect your privacy, we will notify you as soon as reasonably possible.

    4. Privacy incidents and data breaches are handled according to established procedures:

      1. Immediate containment and assessment of privacy incidents

      2. Notification to supervisory authorities within required timeframes

      3. Communication to affected individuals when required

      4. Documentation of incident response and remedial actions

      5. Post-incident review and process improvement


  8. Data Subject Rights

    1. KPI Sight will respect and facilitate data subject rights as required by applicable privacy laws:

      1. Right of access to your Personal Data - you may at any time ask us to confirm whether or not your Personal Data is being processed, and if so, for what purposes, to what extent, to whom it is made available, for how long we will process it, whether you have the right to correct, delete, limit the processing or raise an objection from where we obtained Personal Data form and whether there is automatic decision-making based on the processing of your Personal Data, including possible profiling. You also have the right to obtain a copy of your Personal Data, the first provision being free of charge, and for the next provision, we may require a reasonable payment of administrative costs.

      2. Right to rectification - you may at any time request we correct or add to your Personal Data if it is inaccurate or incomplete.

      3. Right to erasure - you can also request the deletion of your Personal Data from our systems. We will comply with these requests unless we have a legitimate reason not to delete your Personal Data.

      4. Right to restrict processing - you can ask us to restrict certain processing of your Personal Data. If we restrict certain processing of your Personal Data, this may lead to limits on the use of our Platform and Website.

      5. Right to data portability - you have the right to receive your Personal Data from us in a structured, commonly used, and machine-readable format for the purpose of transferring Personal Data to another processor.

      6. How to exercise your rights - you can exercise your rights listed above free of charge e-mail to support@kpisight.com. Depending on your request, we may require verification of your identity.


  9. Can you file a complaint?

    1. If you believe that our processing of your Personal Data is not in accordance with applicable data protection laws, you may file a complaint with your local authorities.


  10. Compliance

    1. This policy is designed to help KPI Sight comply with any regulatory standards or requirements. This policy supports compliance with the following:

      1. SOC 2

      2. GDPR

    2. KPI Sight reserves the right to monitor and audit the use of its IT resources to ensure compliance with this Policy and applicable regulations. This includes but is not limited to network traffic analysis, system logs review, and periodic compliance assessments.


  11. Enforcement

    1. Any known violations of this policy should be reported to C-Suite. Violations of this policy can result in immediate withdrawal or suspension of system and network privileges and/or disciplinary action in accordance with company procedures up to and including termination of employment.


  12. Policy Review

    1. This policy will be reviewed and updated at least annually, or more frequently as needed, to reflect changes in technology, regulations, or business practices. This document shall be stored in a secure and accessible location and made available to all employees of KPI Sight. It is to be referenced in conjunction with other established policies and procedures.