Privacy Policy

1. Purpose

The purpose of Kahuna Workforce Solution’s (KWS) Data Privacy Policy is to assist you in understanding how we collect and use personally identifiable information (“personal information”) that you provide to KWS and to assist you in making decisions when using the KWS website and services.

2. Overview

This Data Privacy Policy ensures that KWS:

Complies with data protection law and follows best practices.
Protects the rights of staff, customers and partners.
Is open about how it stores and process individuals’ data.
Protects itself from the risks of a data breach.

By visiting or using any part of the KWS website, you agree to the terms of this Data Privacy Policy. Be aware that the terms may be amended from time to time. As we update and expand the KWS website, this Data Privacy Policy may change, so please check this web page for updates. Further, this Data Privacy Policy is incorporated into and is a part of the KWS website’s Terms of Use Agreement, which also governs your use of this website.

2.1 Collection and Use of Information

When you visit the KWS website, we may collect information regarding your visit from your computer. Such information helps us to determine information about how you found our website, the date you visited the website and search engines that may have led you to the website. We collect this information to continually improve and enhance the functionality of the Kahuna software.

Generally, customers provide KWS with two types of information, user-provided information and website usage information, both of which are discussed in greater detail below.

3. Scope

Kahuna Workforce Solutions complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Kahuna Workforce Solutions has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Kahuna Workforce Solutions has also certified that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

4. Personal Information Customers Choose to Provide

In order to make your visits to the KWS website as enjoyable as possible, we may ask you for personal information. Personal information includes, for example, your name and email address, both of which you may be asked to provide when registering with Kahuna. A description of some of the ways that you may provide personal information to KWS, as well as further details on how we may use such personal information, is given below.

4.1 Contact Us

If you email KWS through a “Contact Us” link on the KWS website, we may ask you for information such as your name and email address so we can respond to your questions and comments. If you choose to correspond with us via email, we may retain the content of your email messages, your email address and our response to you. In certain cases, and with your permission, we may post content from your emails to us on the KWS website.

4.2 Surveys and Polls

We may occasionally ask users of the KWS website to complete online surveys and opinion polls about their activities, attitudes and interests. These surveys help us serve you better and improve the usefulness of Kahuna. In requesting your participation in these surveys, we may ask you to provide your name and email address.

4.3 Community Forums

The KWS website may offer its users the opportunity to use blogs and community forums and engage in discussions with other users. If you choose to use these features, you should be aware that any personal information you submit through these features can be read, collected or used by other users of these forums and could be used to send you unsolicited messages. We are not responsible for the personal information you choose to submit in these forums.

5. Website Usage Information

5.1 Cookies

When visiting the KWS website, we may use “cookies” on or in connection with the website to maintain information about you. A cookie is a very small text document that often includes an anonymous unique identifier and additional information necessary to support the website’s intended functionality. KWS employs the use of “session” cookies, which are temporary and disappear after you close your browser.

When you visit the KWS website, the website will send a session cookie to your browser if your browser’s preferences allow it. Your browser only permits the KWS website to access the cookies it has already sent to you and not the cookies sent to you by other websites. Except as otherwise set forth herein, all of our cookies are necessary for the provision of our services. We do not employ any third-party advertising cookies on our site. An example of a cookie we use, and its functionality, is included in the table below.

Name	Purpose	Description
Auth	Session	Contains the unique session identifier. Without this cookie, the KWS website will not function. Does not contain any personal information.

Most web browsers can be adjusted to inform you when a cookie has been sent to you and provide you with the opportunity to refuse that cookie. Refusing a cookie may, in some cases, preclude you from using the website or may negatively impact the display or function of the KWS website or certain areas or features of the website. There are many resources that can provide more information about how cookies work and how you can manage them. One suggested non-profit site is www.allaboutcookies.org.

5.2 IP Address

KWS servers automatically collect data about your Internet Protocol (IP) address when you visit the KWS website. When you request pages from the website, KWS servers may log your IP address and sometimes your domain name. Servers may also record the referring page that linked you to us, e.g. another website or a search engine; the pages you visit on the website; the website you visit after the KWS website; other information about the type of web browser, computer, platform, related software and settings you are using; any search terms you have entered on the KWS website or a referral website; and other web usage activity and data logged by KWS web servers. KWS uses this information for internal system administration, to help diagnose problems with servers and to administer the website. Such information may also be used to gather broad demographic information such as country of origin and internet service provider. Personal information, including IP addresses, are not used to facilitate contact with users who have not provided their contact details to KWS. No information is shared with any third-party marketers.

6. Rights to Opt-Out

You have the opportunity to opt out of KWS’s promotional emails by clicking the “opt out” or “unsubscribe” link in the email you receive. You can also request to opt out by sending an email to info@kahunaworkforce.com, specifying whether (a) you would like to opt out of receiving promotional correspondence from KWS in general or just via email, postal mail and/or by phone, and/or whether (b) you would only like to opt out of certain KWS e-newsletters or correspondence.

Please understand that if you opt out of receiving promotional correspondence, KWS may still contact you in connection with your relationship, activities, transactions and communications with KWS.

7. Use, Disclosure and Sharing of Personal Information

7.1 Service Providers

KWS may use third-party partners to help operate and maintain the KWS website and deliver products and services. We may share your information with our service providers and other third parties that provide products or services for or through the KWS website or for our business, such as website or database hosting companies, address list hosting companies, communications providers, email service providers, analytics companies, distribution companies, fulfillment companies, credit card processing companies and similar service providers that use such information on KWS’s behalf.

Third-party service providers are contractually restricted from using or disclosing the information except as necessary to perform services on KWS’s behalf or to comply with legal requirements. Data can be processed depending upon contractual requirements and in accordance with legal jurisdictions for the regions to which KWS is subject.

7.2 Aggregated Statistics

KWS may disclose non-personally identifiable aggregated statistics regarding user behavior as a measure of interest in, and use of, the KWS website and emails to third parties. Such disclosures will be in the form of aggregated data such as overall patterns or demographic reports that do not describe or identify an individual user.

7.3 Legally Compelled Disclosures

KWS may disclose your personal information if required to do so by law or subpoena or if we believe that such action is necessary to (a) conform to law applicable to us, our group or our partners, comply with a judicial or court order or comply with legal processes served on us or third-party partners; (b) protect and defend our rights and property, the KWS website, the users of the website and/or third-party partners; or (c) act under circumstances to protect the safety of users of the KWS website, KWS or third-party partners.

7.3A FISA section 702 and EO12333

Specific to these regulations, KWS has assessed the impact of FISA Section 702 and Executive Order 12333 and believes that the risk of being subject to any interception of data under these regulations is minimal. This assessment is based on footnote 2 of the controller-to-processor Standard Contractual Clauses (SCCs), which states that laws requiring data to be turned over to government entities do not invalidate the SCCs where such laws “constitute a necessary measure to safeguard national security, defense, public security, the prevention, investigation, detection and prosecution of criminal offenses or of breaches of ethics for the regulated professions, an important economic or financial interest of the State, or the protection of the data subject or the rights and freedoms of others.”

There is no provision in EO 12333 that compels data importers to assist the government. KWS’s policy is to resist any attempts to disclose customer data unless legally compelled, and we do not believe the nature of the data contained within KWS systems would typically be subject to criminal investigation or enforcement. Furthermore, KWS maintains that governmental requests for customer data should be directed to the customer as the data owner and controller.

7.4 Use of Authorized Sub-Processors
KWS engages certain authorized third-party service providers (sub-processors) to assist in delivering and supporting our services. These sub-processors may process personal data on behalf of KWS as part of the services we provide to our customers. KWS maintains written agreements with all sub-processors, requiring them to adhere to applicable data protection laws, maintain robust security measures, and process personal data only in accordance with KWS’s documented instructions.

KWS conducts due diligence and ongoing oversight of its sub-processors to ensure they provide an equivalent level of protection for personal data. Upon request, KWS will provide a list of current sub-processors used in connection with our services.

8. Consent to Worldwide Transfer and Processing of Personal Information

By providing personal information to KWS through the KWS website, you agree that it may be used by us and KWS’s third-party partners for the purposes described herein and you further understand and consent to the collection, maintenance, processing and transfer of such information in and to the United States and other countries and territories, which may have different privacy laws from your country of residence and which may afford varying levels of protection of your personal information. Regardless of the laws in place in these countries, KWS will treat the privacy of your information in accordance with this Customer Privacy Policy. By providing your personal information to the KWS website, you consent to the transmission to and processing of your information in any jurisdiction in accordance with this Customer Privacy Policy.

Exception to this consent must be agreed upon in writing between you or your organization and KWS.

9. Data Privacy Framework

If there is any conflict between the terms in this privacy policy and the DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the DPF Principles, Kahuna Workforce Solutions commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union, the United Kingdom, and/or Switzerland with inquiries or complaints regarding our DPF policy should first contact their employer, as KWS data processing is customer data transfer on behalf of clients. KWS can be contacted at:

Attn: Kahuna Workforce Solutions
Address: 2401 Portsmouth St, Suite 280 Houston, TX 77098 USA
Email: info@kahunaworkforce.com

Kahuna Workforce Solutions has further committed to cooperate with the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved DPF complaints concerning data transferred from the EU, UK, and Switzerland.

If you do not receive timely acknowledgment of your complaint from KWS, or if we have not addressed your complaint to your satisfaction, you may contact the relevant DPA panel or the Swiss FDPIC for further information or to file a complaint. These services are provided at no cost to you.

Kahuna Workforce Solutions is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

It is also possible, under certain conditions, for individuals to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. For more information on this option, please visit the Data Privacy Framework website.

In the context of onward transfers, Kahuna Workforce Solutions has responsibility for the processing of personal information it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf. Kahuna Workforce Solutions remains liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

10. GDPR: General Data Protection Regulation

Our commitment to you and the Protection of your data

Kahuna is SOC2 Type 2 certified from an individual third-party auditor based on the criteria set forth in Regulation (EU) 2016/679 of the European Parliament (“General Data Protection Regulation” or “GDPR”) (“GDPR criteria”), and the suitability of the design and operating effectiveness of controls stated in the description throughout the current, to provide reasonable assurance that the Company’s service commitments and system requirements were achieved based on the trust services criteria relevant to security, availability, confidentiality, and privacy (“applicable trust services criteria”) set forth in TSP section 100,2017 Trust Services Criteria for Security, Availability, Confidentiality, and Privacy (AICPA, Trust Sendees Criteria) and the specified criteria set forth in GDPR criteria.

11. Third-Party Websites

When you are on the KWS website you may have the opportunity to visit or link to other websites, including other websites operated by KWS or by unaffiliated third parties. These websites may collect personal information about you and, because this Customer Privacy Policy does not address the information practices of those other websites, you should review the privacy policies of such other websites to see how they treat your personal information.

12. Privacy of Minors

The KWS website is not directed at children under the age of thirteen. We do not knowingly collect personal information from children under the age of thirteen on the KWS website. If KWS becomes aware that we have inadvertently received personal information from a visitor under the age of thirteen on the website, KWS will delete the information from our records.

13. Security

KWS uses commercially reasonable and industry-standard physical, managerial, and technical safeguards to preserve the integrity and security of your personal information. KWS employs measures such as Secure Sockets Layer (SSL) encryption when transmitting sensitive information and implements access controls and monitoring to help protect data.

Although KWS endeavors to protect the security and integrity of sensitive personal information provided to its website and services, no method of transmission over the internet or method of electronic storage is 100% secure. As such, KWS cannot guarantee absolute security.

Incident Response and Breach Notification:
In the unlikely event that KWS determines the security of your personal information in our possession or control has been compromised, KWS commits to notify affected individuals and, where applicable, regulatory authorities without undue delay and in accordance with applicable data protection laws. Notification may occur via email, website notice, or other methods permitted by law. If you would prefer KWS to notify you by an alternative method, please contact KWS at info@kahunaworkforce.com with your preferred contact details.

If you contact KWS by email or by a “Contact Us” or similar feature on the KWS website, please be aware that your transmission might not be secure. An unaffiliated third party could view, in transit, information you send by these methods. KWS accepts no liability for disclosure of your information due to errors or unauthorized acts by third parties during or after transmission.

Encryption Practices:
KWS protects personal data through the use of encryption technologies. Personal data is encrypted both at rest and in transit using industry-standard encryption protocols. KWS employs Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to safeguard data transmitted over public networks, and data at rest is encrypted using advanced encryption standards (AES-256 or equivalent). Encryption keys are managed in accordance with industry best practices, with appropriate access controls and monitoring in place.

14. Access and Control of Your Personal Information

You retain the right to submit and correct your personal information by contacting your organization. You have the right to “opt in” and/or “opt out” of uses of your personal information that your organization has transferred to KWS. This includes correction, updates, and removal of information where it is inaccurate or has been processed in violation of the Data Privacy Framework Principles (DPF Principles).
In addition to these rights, subject to applicable laws, you may have the following rights regarding your personal data:

Access: You have the right to request access to the personal data we hold about you.
Rectification: You have the right to request correction of inaccurate or incomplete personal data.
Erasure: You have the right to request deletion of your personal data where applicable.
Restriction: You have the right to request restriction of processing of your personal data.
Portability: You have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format.
Objection: You have the right to object to the processing of your personal data under certain circumstances.
Automated Decision-Making: You have the right not to be subject to automated decision-making, including profiling, where such produces legal or similarly significant effects concerning you.

Requests to exercise these rights can be submitted by contacting KWS at:
Email: info@kahunaworkforce.com
Mail: Kahuna Workforce Solutions, 2401 Portsmouth St., Suite 280, Houston, TX 77098 USA

KWS will respond to requests in accordance with applicable data protection laws.

15. Updates to KWS’s Customer Privacy Policy

This Customer Privacy Policy may be updated periodically and without prior notice to you to reflect changes in KWS online information practices. KWS will post a prominent notice on this website to notify you of any significant changes to the KWS Customer Privacy Policy and indicate at the top of the page when it was most recently updated.

16. Conditions of Use

If you choose to visit kahunaworkforce.com, your visit and any dispute over privacy are subject to this Customer Privacy Policy and our Terms of Use Agreement (between KWS and the entity granting you access, e.g. your employer) including limitations on damages, arbitration of disputes and application of the law of the State of Texas.

17. Language

The governing language of this Customer Privacy Policy is English, which will prevail over any other language used in any translated document.

18. Contact Us

If you have any questions or comments about this Customer Privacy Policy, or if you would like to review, delete or update information KWS has about you or your preferences, please contact us as follows:

Attn: KWS Customer Privacy Policy
Address: 2401 Portsmouth St., Suite 280, Houston, TX 77098
Email: info@kahunaworkforce.com

19. Related Standards, Policies, and Processes

US Department of Commerce Data Privacy Framework Principles
GDPR (General Data Protection Regulation) compliance under SOC 2 audit controls
KWS Website Terms of Use Agreement

20. Data Retention Policy

KWS retains personal data only for as long as necessary to fulfill the purposes outlined in this policy, including to provide services to our customers, comply with our legal obligations, resolve disputes, and enforce our agreements. When personal data is no longer necessary for these purposes, KWS securely deletes or anonymizes such data in accordance with our data retention schedules and applicable laws.

Upon expiration of the applicable retention period, personal data processed by KWS is securely deleted or, where deletion is not possible (for example, in backup archives), access to the data is restricted and isolated until deletion is possible.

21. Audit and Compliance

Kahuna Workforce Solutions is committed to maintaining the security, confidentiality, and integrity of personal data. As part of this commitment, KWS undergoes regular independent audits and maintains a SOC 2 Type II certification conducted by an accredited third-party auditor. These audits assess the design and operational effectiveness of KWS’s controls based on the Trust Services Criteria relevant to security, availability, confidentiality, and privacy.

KWS’s security and privacy practices are continuously monitored and enhanced to meet evolving industry standards and customer requirements.