Effective Date: January 2018

Kainos Worksmart, Inc. (“Kainos”) commits to subject to the Privacy Shield Principles all personal data that Kainos receives from the European Economic Area (“EEA”) in reliance on the respective EU-U.S. Privacy Shield. Information regarding the Privacy Shield framework and Kainos’ certification can be found at: https://www.privacyshield.gov

Types of personal data collected and purposes of collection and use

Kainos collects personal data about EEA personnel that customers and their authorized users either enter into Kainos’ Cloud-Based SaaS; or provide to Kainos under an implementation, support or professional services engagement to be input into or accessed within the Service (collectively, “Services Personal Data”).

Kainos acts as a data processor with respect to this data. Kainos processes Services Personal Data to provide and support the Service for which the Customer has engaged Kainos. Kainos processes Services Personal Data as instructed by its Customers, and does not control or own the Services Personal Data it processes.

Commitment to subject to the Principles

We subject to the Principles all European Services Personal Data that we receive from the EEA and Switzerland in reliance on the respective Privacy Shield. We also receive some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.

Type of third parties to which we disclose personal data and purposes

As a data processor, Kainos will disclose Services Personal Data only as instructed by the data controller. If Kainos goes through a business transition, such as a merger, acquisition by another company or sale of all or a portion of its assets. In all cases, Services Personal Data may only be transferred in accordance with the Customer agreement.

Requirement to disclose

In addition, Kainos may be required to disclose Services Personal Data in special cases when we have a good faith belief that such action is necessary to conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. Kainos will notify Customer of such request unless prohibited by law.

Right to access

Where Kainos is a data processor, individuals who seek access or who seek to correct, amend or delete inaccurate Services Personal Data, should contact the Kainos Customer (the data controller). If the Customer requests Kainos remove the Services Personal Data to comply with data protection regulations, Kainos will respond to the Customer’s request within 30 days.

Choices and means

Kainos retains Services Personal Data according to the timeframes set forth in the relevant Customer agreement. Individuals who would like to request that their personal data not be used for specific purposes or disclosed should contact the Kainos Customer (the data controller).

Independent dispute resolution body

If you are located in the EEA and Kainos has not been able to satisfactorily resolve your question or complaint regarding our privacy practices, you may raise your concern to the attention of your data protection authorities (“DPAs”) e.g. https://ico.org.uk/. The DPAs or the Commissioner will establish a panel to investigate and resolve complaints brought under the Privacy Shield and Kainos will comply with the advice of this panel or Commissioner, as applicable with regard to data transferred from the EU and Switzerland, as applicable. Furthermore, Kainos will comply with the advice given by DPAs and take necessary steps to remediate any non-compliance with the Privacy Shield Principles.

Investigatory and enforcement powers of the FTC

Kainos is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (https://www.ftc.gov/). Kainos also is committed to cooperating with EEA data protection authorities.

Arbitration

If you are located in the EEA or Switzerland and have exhausted all other means to resolve your concern regarding a potential violation of Kainos’ obligations under the Privacy Shield Principles, you may seek resolution via binding arbitration. For additional information about the arbitration process please see Annex I of the Privacy Shield: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Liability

If a third party service provider providing services on Kainos’ behalf processes personal data from the EEA or Switzerland in a manner inconsistent with the Privacy Shield Principles, Kainos will be liable unless we can prove that we are not responsible for the event giving rise to the damages.

Inquiries or Complaints

Please refer any inquiries or complaints regarding Kainos’ Privacy Practices to Kainoslegal@kainos.com
or by regular mail addressed to:
Kainos Worksmart, Inc.
Attn: Legal
4-6 Upper Crescent
Belfast
BT7 1NT
N. Ireland