Knoetic, Inc. (“Knoetic”) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Framework (the “Frameworks”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information (as defined below) that is transferred from the European Economic Area (“EEA”), the United Kingdom and Switzerland to the United States pursuant to Privacy Shield. Knoetic has certified that it adheres to the Privacy Shield Principles (the “Principles”) with respect to such data. If there is any conflict between this Privacy Shield Policy (“Policy”) and the Principles, the Principles will govern. To learn more about the Frameworks, and to view our certification, please visit www.privacyshield.gov.
Knoetic notes that the Court of Justice of the European Union issued a judgment declaring as “invalid” the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield. Knoetic will continue to abide by its Privacy Shield commitments, as further outlined below. In addition, where required by applicable EU law, Knoetic will rely on alternative mechanisms for transferring personal data from the EEA, the United Kingdom and Switzerland to the United States. This includes explicit consent, performance of our contract obligations, and standard contractual clauses.
This Privacy Shield Policy supplements our Privacy Policy. Capitalized terms used in this Privacy Shield Policy have the meaning given to them by our Privacy Policy, unless specifically defined in this Policy. In case of conflict between our Privacy Policy and this Policy with regard to our privacy practices under the Frameworks, this Policy prevails. This Policy applies to Knoetic, which is subject to the investigatory and enforcement powers of the Federal Trade Commission.
Personal Information Received from the European Economic Area, the United Kingdom, and Switzerland
Knoetic may receive from the EEA, the United Kingdom and Switzerland some or all of the information listed in our Privacy Policy. Some of that information may qualify as “personal information” or “personal data” (collectively, “Personal Information”) as defined in the Principles. To the extent that Knoetic receives Personal Information from the EEA, the United Kingdom and Switzerland in reliance on the Frameworks, Knoetic will handle such Personal Information in accordance with the Principles.
How We Obtain Personal Information
We obtain and process Personal Information in different capacities.
As a data controller, we collect and process Personal Information from the EEA, the United Kingdom and Switzerland directly from individuals as set forth in our Privacy Policy.
As a data processor, we process Personal Information from the EEA, the United Kingdom and Switzerland by or for a customer to our software products and services (i.e., our commercial customers). In that context, we only process Personal Information on behalf of and at the direction of our commercial customers. The Privacy Policy sets out the roles and responsibilities of our commercial customers, as controllers, and us, as processor, for the processing of Personal Information.
For all types of processing, Knoetic commits to the Principles of the Privacy Shield with respect to all Personal Information received from the EEA, the United Kingdom and Switzerland.
Notice
We provide information regarding our privacy practices in our Privacy Policy.
When we act as data processor, our commercial customers determine the categories of data we process on their behalf, and the purposes of the processing. Accordingly, our commercial customers are responsible for providing notice to individuals and you should review their privacy policies for more information regarding their data processing practices.
Data Integrity and Purpose Limitation
Knoetic may use the Personal Information it receives from the EEA, the United Kingdom and Switzerland for the purposes set forth in our Privacy Policy or as you may otherwise be notified. We take reasonable steps to ensure that the Personal Information we process is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Information. We will not process Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We will adhere to the Principles for as long as we retain the Personal Information collected under the Frameworks.
Onward Transfers
Our Privacy Policy describes the circumstances in which we may disclose your information to third parties. We remain responsible for the processing of Personal Information received under the Frameworks and subsequently transferred to a third party acting as an agent if the agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage. We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Data Security
We use reasonable and appropriate measures to protect your Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.
Choice
We will give you an opportunity to choose whether your Personal Information may be used for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized by you, or if we intend to disclose it to a third party acting as a data controller that we have not previously disclosed to you. In such circumstances, we will notify you and offer you the opportunity to opt-out of such uses and/or disclosures where non-sensitive Personal Information is involved, and to opt-in where sensitive Personal Information is involved. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@knoetic.com .
Access to Personal Information
Pursuant to the Privacy Shield Frameworks, EU, United Kingdom and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Where appropriate, Knoetic will provide you with access to the Personal Information that we maintain about you. Knoetic will also correct, amend or delete Personal Information that we maintain about you when it is inaccurate or has been processed in violation of the Principles and you send a written request to us using the information provided in the “Contact Information” section below. We will review your request in accordance with the Principles, and may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Principles.
When we act as data processor, our commercial customers control the type of information we process, how that information is used and disclosed, and how it can be modified. Accordingly, if you wish to request access, limit use or disclosure of your Personal Information, please contact the customer(s) that submitted your data to us. If you provide us with the name(s) of the customer(s), we will refer your request to those customer(s), and will support them as needed in responding to your request.
Recourse and Enforcement
We conduct an annual self-assessment of our Personal Information practices to verify that the attestations and assertions made in this Policy are true and have been implemented as represented.
If you have any questions or concerns, we encourage you to first write to us at the address listed below. We will investigate and attempt to resolve any complaints or disputes regarding our use and disclosure of Personal Information in accordance with the Principles.
If an issue cannot be resolved through our internal dispute resolution mechanism, Knoetic has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, JAMS Privacy Shield Dispute Resolution. Please visit https://www.jamsadr.com/eu-us-privacy-shield to file a claim. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Contact Information
If you have questions, concerns, or complaints about this Privacy Shield Policy or Knoetic’s privacy practices, or if you would like to exercise your rights and choices with regard to your Personal Information, please contact us by email at privacy@knoetic.com .
Privacy Shield Policy Changes
This Policy may be changed from time to time, consistent with the requirements of the Frameworks. You can determine when this Policy was last revised by referring to the “Last Updated” legend at the bottom of this Policy. Any changes to this Policy will become effective when posted to our website.
Last Updated: October 12, 2021