This Privacy Policy covers the privacy practices Kainos employs when Kainos customers (“Customers”) use our Smart Cloud-Based SaaS and Workday associated services (“Smart” and “Service(s)”). This Privacy Policy does not cover any information or data collected by Kainos for other purposes, such as information collected for marketing purposes. Please see our main Legals page.

Personal Information Kainos Processes

In the normal course of using the Smart service, Customers will input electronic data into the Smart systems and Kainos will process electronic data during the course of providing Smart associated on boarding to the Customer (“Customer Data”). In the course of providing Services, Kainos will process electronic data stored in the Workday application. The use of information processed through our Smart and Services shall be limited to the purpose of providing the services for which the Customer has engaged Kainos. Kainos may access Customer Data for the purposes of providing the services, preventing or addressing service or technical problems, responding to support issues, responding to Customer’s instructions or as may be required by law, in accordance with the relevant agreement between Customer and Kainos.

Kainos processes Customer Data under the direction of its Customers, and has no direct control or ownership of the personal data it processes. Customers are responsible for complying with any regulations or laws that require providing notice, disclosure and/or obtaining consent prior to transferring the data into Smart and/or Workday for processing purposes.

An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his or her query to the Kainos Customer (the data controller). If the Customer requests Kainos to remove the personal data to comply with data protection regulations, Kainos will respond to their request within 30 business days.
Kainos will refer any request for disclosure of personal data by a law enforcement authority to the Customer. Kainos may, where it concludes that it is legally obligated to do so, disclose personal data to law enforcement or other government authorities. Kainos will notify Customer of such request unless prohibited by law.

Accessing Smart

Customers and their authorized users may access the Smart service directly through a URL unique to their individual tenant, or may elect to use internal launch pages for single sign on or other purposes. Customers input information for processing and storage as they use the service.

Data Retention

Kainos retains Customer Data according to the timeframes set forth in the relevant agreement with its Customers.

Security

The security of Customer Data, including personal data, is very important to Kainos. Kainos maintains a comprehensive, written information security program that contains industry standard, administrative, technical, and physical safeguards designed to prevent unauthorized access to Customer Data. Kainos designs its applications to allow Customers to achieve differentiated configurations, enforce user access controls, and manage data categories. Configuring these settings appropriately is the Customer’s responsibility. Additional information about the security settings and configurations can be found in the Kainos Smart documentation made available to Customers.

EU – U.S. Privacy Shield Statement

Kainos complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States, respectively. Kainos has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Please click link to EU–US Privacy Shield Privacy Notice to view our EU-US Privacy Shield Privacy Notice.

Changes to this Privacy Policy

We reserve the right to change or update this Privacy Policy at any time. Changes to the Privacy Policy will be posted on this website and links to the Privacy Policy will indicate that the policy has been changed or updated. We encourage you to periodically review this Privacy Policy for any changes. For new Customers, changes or updates are effective upon posting. For existing Customers, changes or updates are effective 30 days after posting.

Compliance

If you have further questions related to this policy, please ask your Kainos Contact to log a customer care case with the privacy question. If you have an unresolved EEA privacy or data use concern that we have not addressed satisfactorily, please contact the relevant EU data protection authority (DPA) in your country (e.g. https://ico.org.uk/ in the UK). If you have a non-EEA privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider American Arbitration Association at https://www.adr.org/.