Knowmadics Data Privacy Policy

 

Introduction

Knowmadics complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Knowmadics has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  Knowmadics has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Definitions

“Data Subject” – an identified or identifiable natural person whose personal data is being collected, held, or processed by Knowmadics for the purposes of the 360° Aware^® application.

 “Personal Data” – any information relating to an identified or identifiable natural person (Data Subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Scope

Knowmadics complies with the Principles with respect to the Personal Data the company receives from its Data Subjects in the European Union and its Member States, the European Economic Area, the United Kingdom and/or Switzerland in connection with the use of the Knowmadics’ application and service, 360° Aware^®.

Data Privacy Framework Principles

Knowmadics will apply the following DPF Principles to Personal Data transferred from the European Union and its Member States, the European Economic Area, the United Kingdom and/or Switzerland to the United States.

Notice

Knowmadics notifies Data Subjects covered by this DPF Principles about its practices regarding Personal Data received by Knowmadics in the U.S. from the European Union and its Member States, the European Economic Area, the United Kingdom and/or Switzerland in reliance on the respective DPF Principles, including the types of Personal Data it collects about them, the purposes for which it collects and processes Personal Data, the types of third parties to which it discloses Personal Data and the purposes for which it does so, the rights of Data Subjects to access their Personal Data, the means for limiting its use and disclosure of Personal Data, how Knowmadics’ obligations under the DPF Principles are enforced, and how Data Subjects can contact Knowmadics with any inquiries or complaints.

Choice

In accordance with the DPF Principles, Knowmadics will offer Data Subjects an opportunity to choose whether to have their Personal Data used or disclosed, if the Personal data is to be disclosed to a third party, or used for a new purpose that is materially different than the purpose which the Personal Data was originally collected for or was subsequently authorized by the Data Subject.

As required by the DPF Principles, Knowmadics obtains opt-in consent for certain uses and disclosures of Sensitive Personal Data. If Sensitive Personal Data covered by this Data Privacy Policy is to be used for a new purpose that is different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a third party, Knowmadics will obtain the Data Subject’s explicit consent prior to such use or disclosure.

Requests to opt out of such uses or disclosures of Personal Data should be sent to the Knowmadics Data Privacy office by email to data.privacy@knowmadics.com.

Accountability for Onward Transfer

Knowmadics may transfer Personal Data to a client/customer third party acting as a controller whom they have been contracted with for the purposes of processing a Data Subject’s Personal Data. Consistent with the DPF Principles, when Knowmadics does transfer Personal Data covered by this Data Privacy Policy to a third-party controller, Knowmadics will do so consistent with any notice provided to Data Subjects and any consent they have given, and only if the third party has given us contractual assurances that it will:

• process the Personal Data for limited and specified purposes consistent with any consent provided by the Data Subjects,
• provide at least the same level of protection as is required by the DPF Principles and notify us if it makes a determination that it cannot do so; and
• cease processing of the Personal Data or take other reasonable and appropriate steps to remediate if it makes such a determination.

If Knowmadics has knowledge that a third party acting as a controller is processing Personal Data covered by this Data Privacy Policy in a way that is contrary to the DPF Principles, Knowmadics will take reasonable steps to prevent or stop such processing.

In the context of an onward transfer Knowmadics has responsibility for the processing of personal information it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf.  Knowmadics shall remain liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

Security

Knowmadics takes reasonable and appropriate measures including administrative, technical, personnel, and physical measures to protect Personal Data covered by this Data Privacy Policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data.

Data Integrity and Purpose Limitation

Knowmadics collects and processes Personal Data covered by this Data Privacy Policy that is relevant, specific and legitimate for the purposes of processing for the 360° Aware^®application. Knowmadics does not process such Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the Data Subject.

Knowmadics takes reasonable steps to ensure that such Personal Data is accurate, complete, current, and reliable for its intended use. Knowmadics takes reasonable and appropriate measures to comply with the requirement under the DPF Principles to retain Personal Data only for as long as it serves a purpose of processing, which includes Knowmadics’ obligations to comply with professional standards, Knowmadics’ business purposes and unless a longer retention period is permitted by law, and it adheres to the DPF Principles as stated above for as long as it retains such Personal Data.

Knowmadics may also disclose Personal Data as necessary to defend itself in any legal proceedings and/or to assist and comply with lawful requests by public authorities, including national security or law enforcement requirements.

Access

Knowmadics will cooperate with Data Subject’s reasonable requests to exercise their rights to access Personal data and to correct, amend, or delete Personal Data if it is inaccurate or has been processed in violation under the DPF Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or where the rights of persons other than the Data Subject would be violated).  Requests for access, correction, amendment, or deletion should be sent to: data.privacy@knowmadics.com.

Recourse, Enforcement, Liability

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Knowmadics commits to resolve DPF Principles-related complaints about our collection and use of your personal information.  EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Knowmadics at: data.privacy@knowmadics.com. Knowmadics has a policy of responding to individuals within forty-five (45) days of an inquiry or complaint.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Knowmadics commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

Under certain conditions detailed in the DPF, Data Subjects may be able to invoke binding arbitration before the DPF Panel to be created by the U.S. Department of Commerce and the European Commission. For more information about binding arbitration, please visit https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

Knowmadics’ participation in the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF is subject to investigation and enforcement by the Federal Trade Commission.

Knowmadics agrees to periodically review and verify its compliance with the DPF Principles, and to remedy any issues arising out of failure to comply with the DPF Principles. Knowmadics acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of DPF participants.

Changes to this Data Privacy Policy

This Data Privacy Policy may be amended from time to time consistent with the requirements of the DPF Principles. Appropriate notice regarding such amendments will be given.