- Complies with data protection law and follows best practices.
- Protects the rights of staff, customers and partners.
- Is open about how it stores and process individuals’ data.
- Protects itself from the risks of a data breach.
When you visit the KWS website, we may collect information regarding your visit from your computer. Such information helps us to determine information about how you found our website, the date you visited the website and search engines that may have led you to the website. We collect this information to continually improve and enhance the functionality of the Kahuna software.
Generally, customers provide KWS with two types of information, user-provided information and website usage information, both of which are discussed in greater detail below.
4. Personal Information Customers Choose to Provide
In order to make your visits to the KWS website as enjoyable as possible, we may ask you for personal information. Personal information includes, for example, your name and email address, both of which you may be asked to provide when registering with Kahuna. A description of some of the ways that you may provide personal information to KWS, as well as further details on how we may use such personal information, is given below.
4.1 Contact Us
If you email KWS through a “Contact Us” link on the KWS website, we may ask you for information such as your name and email address so we can respond to your questions and comments. If you choose to correspond with us via email, we may retain the content of your email messages, your email address and our response to you. In certain cases, and with your permission, we may post content from your emails to us on the KWS website.
4.2 Surveys and Polls
We may occasionally ask users of the KWS website to complete online surveys and opinion polls abut their activities, attitudes and interests. These surveys help us serve you better and improve the usefulness of Kahuna. In requesting your participation in these surveys, we may ask you to provide your name and email address.
4.3 Community Forums
The KWS website may offer its users the opportunity to use blogs and community forums and engage in discussions with other users. If you choose to use these features, you should be aware that any personal information you submit through these features can be read, collected or used by other users of these forums and could be used to send you unsolicited messages. We are not responsible for the personal information you choose to submit in these forums.
5. Website Usage Information
When visiting the KWS website, we may use “cookies” on or in connection with the website to maintain information about you. A cookie is a very small text document that often includes an anonymous unique identifier and additional information necessary to support the website’s intended functionality. KWS employs the use of “session” cookies, which are temporary and disappear after you close your browser.
When you visit the KWS website, the website will send a session cookie to your browser if your browser’s preferences allow it. Your browser only permits the KWS website to access the cookies it has already sent to you and not the cookies sent to you by other websites. Except as otherwise set forth herein, all of our cookies are necessary for the provision of our services. We do not employ any third-party advertising cookies on our site. An example of a cookie we use, and its functionality, is included in the table below.
Contains the unique session identifier. Without this cookie, the KWS website will not function. Does not contain any personal information.
Most web browsers can be adjusted to inform you when a cookie has been sent to you and provide you with the opportunity to refuse that cookie. Refusing a cookie may, in some cases, preclude you from using the website or may negatively impact the display or function of the KWS website or certain areas or features of the website. There are many resources that can provide more information about how cookies work and how you can manage them. One suggested non-profit site is www.allaboutcookies.org.
5.2 IP Address
KWS servers automatically collect data about your Internet Protocol (IP) address when you visit the KWS website. When you request pages from the website, KWS servers may log your IP address and sometimes your domain name. Servers may also record the referring page that linked you to us, e.g. another website or a search engine; the pages you visit on the website; the website you visit after the KWS website; other information about the type of web browser, computer, platform, related software and settings you are using; any search terms you have entered on the KWS website or a referral website; and other web usage activity and data logged by KWS web servers. KWS uses this information for internal system administration, to help diagnose problems with servers and to administer the website. Such information may also be used to gather broad demographic information such as country of origin and internet service provider. Personal information, including IP addresses, are not used to facilitate contact with users who have not provided their contact details to KWS. No information is shared with any third-party marketers.
6. Rights to Opt-Out
You have the opportunity to opt out of KWS’s promotional emails by clicking the “opt out” or “unsubscribe” link in the email you receive. You can also request to opt out by sending an email to firstname.lastname@example.org, specifying whether (a) you would like to opt out of receiving promotional correspondence from KWS in general or just via email, postal mail and/or by phone, and/or whether (b) you would only like to opt out of certain KWS e-newsletters or correspondence.
Please understand that if you opt out of receiving promotional correspondence, KWS may still contact you in connection with your relationship, activities, transactions and communications with KWS.
7. Use, Disclosure and Sharing of Personal Information
7.1 Service Providers
KWS may use third-party partners to help operate and maintain the KWS website and deliver products and services. We may share your information with our service providers and other third parties that provide products or services for or through the KWS website or for our business, such as website or database hosting companies, address list hosting companies, communications providers, email service providers, analytics companies, distribution companies, fulfillment companies, credit card processing companies and similar service providers that use such information on KWS’s behalf.
Third-party service providers are contractually restricted from using or disclosing the information except as necessary to perform services on KWS’s behalf or to comply with legal requirements. Data can be processed depending upon contractual requirements and in accordance with legal jurisdictions for the regions to which KWS is subject.
7.2 Aggregated Statistics
KWS may disclose non-personally identifiable aggregated statistics regarding user behavior as a measure of interest in, and use of, the KWS website and emails to third parties. Such disclosures will be in the form of aggregated data such as overall patterns or demographic reports that do not describe or identify an individual user.
7.3 Legally Compelled Disclosures
KWS may disclose your personal information if required to do so by law or subpoena or if we believe that such action is necessary to (a) conform to law applicable to us, our group or our partners, comply with a judicial or court order or comply with legal processes served on us or third-party partners; (b) protect and defend our rights and property, the KWS website, the users of the website and/or third-party partners; or (c) act under circumstances to protect the safety of users of the KWS website, KWS or third-party partners.
7.3A FISA section 702 and EO12333
Specific to these regulations, KWS offers the following perspective. Kahuna’s interpretation is that the risk is much reduced of being subject to any interception of data under these regulations. This is based on the following footnote 2 of the controller-to-processor SCCs, which is that laws that require data to be turned over to governmental entities do not invalidate the SCCs where, in a democratic society, they “constitute a necessary measure to safeguard national security, defense, public security, the prevention, investigation, detection and prosecution of criminal offenses or of breaches of ethics for the regulated professions, an important economic or financial interest of the State or the protection of the data subject or the rights and freedoms of others.”.
There is no provision in EO 12333 that forces data importers to assist the government. Kahuna’s stance would be to resist any attempts to disclose customer data as we do not believe the nature of the data contained within Kahuna is of any nature conceivably that would be subject to any criminal offense. Further, our stance would be that the government should work directly with the data provider on discovery as this data is owned and managed by the provider.
8. Consent to Worldwide Transfer and Processing of Personal Information
Exception to this consent must be agreed upon in writing between you or your organization and KWS.
9. Privacy Shield
In compliance with the Privacy Shield Principles, KWS commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union and the United Kingdom and/or Switzerland with inquiries or complaints regarding our Privacy Shield policy should first contact their employer, as KWS data processing is customer data transfer on behalf of clients. KWS can be contacted at:
Attn: Kahuna Workforce Solutions
Address: 2401 Portsmouth St, Suite 280 Houston, TX 77098 USA
PLEASE NOTE: As of July 16, 2020 Privacy Shield is no longer recognized by the EU Court of Justice.
KWS has taken additional steps under the SOC2 control standards for GDPR to ensure compliance. KWS will continue to maintain relevant GDPR controls under SOC2 standards and continue to be subject to an annual SOC2 audit of this control.
KWS has further committed to cooperate with EU data protection authorities (DPAs) and with the Swiss Federal Data Protection and Information Commissioner with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. If you do not receive timely acknowledgment of your complaint from KWS, or if KWS has not addressed your complaint to your satisfaction, please contact the EU DPAs or the Swiss Federal Data Protection and Information Commissioner for more information or to file a complaint. The services of the EU DPAs and the Swiss Federal Data Protection and Information Commissioner are provided at no cost to you.
KWS is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
It is also possible, under certain conditions, to invoke binding arbitration. Please visit the US Department of Commerce Privacy Shield website for additional information.
In the context of an onward transfer, a Privacy Shield organization has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. KWS will remain liable under the Privacy Shield Principles if its agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless the organization proves that it is not responsible for the event giving rise to the erroneous use of the personal information.
10. GDPR: General Data Protection Regulation
Our commitment to you and the Protection of your data
Kahuna is SOC2 Type 2 certified from an individual third-party auditor based on the criteria set forth in Regulation (EU) 2016/679 of the European Parliament (“General Data Protection Regulation” or “GDPR”) (“GDPR criteria”), and the suitability of the design and operating effectiveness of controls stated in the description throughout the current, to provide reasonable assurance that the Company’s service commitments and system requirements were achieved based on the trust services criteria relevant to security, availability, confidentiality, and privacy (“applicable trust services criteria”) set forth in TSP section 100,2017 Trust Services Criteria for Security, Availability, Confidentiality, and Privacy (AICPA, Trust Sendees Criteria) and the specified criteria set forth in GDPR criteria.
11. Third-Party Websites
12. Privacy of Minors
The KWS website is not directed at children under the age of thirteen. We do not knowingly collect personal information from children under the age of thirteen on the KWS website. If KWS becomes aware that we have inadvertently received personal information from a visitor under the age of thirteen on the website, KWS will delete the information from our records.
KWS uses commercially reasonable and industry-standard physical, managerial and technical safeguards to preserve the integrity and security of your personal information. KWS also uses Secure Sockets Layer (SSL) encryption when transmitting sensitive information. Although KWS endeavors to protect the security and integrity of sensitive personal information provided to its website, due to the inherent nature of the internet as an open global communications vehicle, KWS cannot guarantee information, during transmission through the internet or while stored on KWS systems or otherwise in KWS’s care, will be absolutely safe from intrusion by others such as hackers.
If you contact KWS by email or by a “Contact Us” or similar feature on the KWS website, be aware that your transmission might not be secure. An unaffiliated third party could view, in transit, information you send by these methods. KWS accepts no liability for disclosure of your information due to errors or unauthorized acts by third parties during or after transmission.
In the unlikely event KWS believes that the security of your personal information in our possession or control may have been compromised, KWS will notify you. If a notification is appropriate, KWS will endeavor to do so as promptly as possible under the circumstances, and, if available, KWS may notify you by email. You consent to KWS’s use of email as a means of such notification. If you would prefer KWS to use another method to notify you in this situation, please email KWS at email@example.com with the alternative and/or additional contact information you would like KWS to use.
14. Access and Removal of Your Personal Information
You retain the right to submit and correct your personal information by contacting your organization. You have the right to “opt in” and/or “opt out” of uses of your personal information that your organization has transferred to KWS. This includes correction, updates and removal of information where it is inaccurate or has been processed in violation of Privacy Shield Principles.
16. Conditions of Use
18. Contact Us
Address: 2401 Portsmouth St, Suite 280 Houston, TX 77098 USA
19. Related Standaards, Policies, and Processes
- US Department of Commerce Privacy Shield Principles