Notice last updated: 5 August 2019
This Privacy Notice ("Notice") is adopted by KPF and associated companies which directly or indirectly are controlled by KPF. You can contact us using the information in the contact us section.
KPF intends to comply with all privacy regulations that apply in the territories in which the company operates.
This Notice provides you with information about:
European Union Privacy Protection (General Data Protection Regulation EU 2016/679)
KPF abides by the requirements of the European General Data Protection Regulation EU 2016/679 regarding the protection of the rights and freedoms of data subjects and their personal identifiable information.
EU-US Privacy Shield
KPF New York has registered with the EU-US Privacy Shield to establish and maintain an adequate level of Personal Data privacy protection when processing Personal Data that it obtains from any individual located in the European Union and when such Personal Data is exported or processed in the United States of America by KPF.
Privacy Shield Principles
"Privacy Shield Principles" means the principles issued by the US Department of Commerce and contained in Annex II to the European Commission’s decision of July 12, 2016 on the adequacy of the protection provided by the EU-US Privacy Shield.
Compliance to the EU-US Privacy Shield
KPF New York complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from individual data subjects in the European Union.
All KPF employees who handle Personal Data from the European Union are required to comply with the Principles stated in this Policy.
Accountability for Onward Transfer
KPF discloses personal data that it collects to its customers for employment screening, due diligence, or similar purposes. KPF may disclose personal data to its service providers. KPF may also be required to disclose personal data in response to lawful requests by public authorities, including disclosures to meet national security or law enforcement requirements. KPF's disclosure of personal data to third parties is governed by the Notice and Choice Principles described above, and, for the purpose of providing consumer reports to third parties, KPF complies with FCRA requirements.
When transferring personal data to our customers or other third-party controllers (i.e., entities that will control how personal data is processed), we comply with the Notice and Choice Principles as described above. Consistent with Privacy Shield requirements for onward transfer compliance, KPF will enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles and will notify the organisation if it makes a determination that it can no longer meet this obligation. The contract shall provide that when such a determination is made, the third party controller ceases processing or takes other reasonable and appropriate steps to remediate.
As noted above, KPF may transfer personal data to service providers acting on its behalf. In such cases, consistent with Privacy Shield requirements for onward transfer compliance, KPF will
Furthermore, in cases of onward transfer to third parties of Personal Data received pursuant to the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, KPF is potentially liable.
In the context of an onward transfer KPF has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. KPF shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless KPF proves that it is not responsible for the event giving rise to the damage.
Recourse, Enforcement and Dispute Resolution
KPF internally monitors and assesses our compliance with our Privacy Shield Privacy statement and our Privacy Shield obligations.
Should you have an inquiry or complaint, you may contact us using the mailing or email address below and we will address your compliant in line with the Principles of the EU-US Privacy Shield.
In the case of European Union citizens’ data, KPF has agreed to cooperate with the applicable European Data Protection Authority created for that purpose and has an appointed representative in the European Union.
Individuals also may be able to invoke binding arbitration, under certain circumstances where permitted by the Privacy Shield programme, if the individual believes there has been a violation of Privacy Shield requirements that has not been appropriately addressed by KPF.
KPF's compliance with its Privacy Shield obligations also is subject to investigation and enforcement by the U.S. Federal Trade Commission. KPF also is required by the Privacy Shield program to respond promptly to inquiries and requests for information from the U.S. Department of Commerce.
Public Record and Publicly Available Information
In accordance with Privacy Shield, in cases where KPF discloses public records or publicly available information from the EU without combining that information with non-public information, our general policies on Notice, Choice, and Accountability for Onward Transfer may not apply.
WHO WE COLLECT INFORMATION FROM AND THE INFORMATION WE COLLECT
We process personal data relating to:
The information that we process is listed below:
Visitors to our web site
We collect personal data such as your name, address, telephone number, or email address when you voluntarily submit it through a site form or an email sent to one of our contact email addresses. Other information that may also constitute personal data (such as your browser type, operating system, IP address, domain name, number of times you visited the Site, dates you visited the Site, and the amount of time you spent viewing the Site) may be collected via cookies and other tracking technologies (such as transparent GIF files). Aggregate information (such as how many times visitors log onto this Site) may also be collected.
Representatives of prospective and existing clients
We process personal data of clients of KPF to develop and maintain our business relationships. This includes; Name, Company Address, Contact Telephone Numbers, Email Address and Title.
Personal data will also be processed by us when you enter into a contract with us or contact us to make enquiries or complaints via telephone, email or by post. We will also collect your business contact details if you attend meetings or events or sign up to our newsletters.
Representatives of suppliers and business partners
We may collect, store and process personal data of suppliers / business partners of KPF in order to manage our business relationship with you. This includes; Name, Company Address, Contact Telephone Numbers, Email Address and Title.
Personal data will also be processed when you enter into a contract with us, in the event that you work with us on a client project, if you attend meetings or events with us or sign up to our newsletters.
We will process personal data of employment applicants when you apply for a position with KPF. This includes; Name, Home Address, Contact Telephone Numbers, Email Address, Education and Employment History.
Personal data will also be processed when you attend an interview and as part of the selection process. In addition, your details will be held on file with your consent if you wish to be considered for similar positions that arise in the next year in the event that you are unsuccessful with in your initial application.
HOW WE USE THE INFORMATION WE COLLECT
Legal basis for collecting and using your personal data
Where relevant under applicable laws, the use of your personal data will be justified by at least one condition for processing. In the majority of cases this condition will be that:
The purposes for which we use your personal data
Your personal data will not be used for any other purpose than provided by this notice. We will use the information you supply:
TO WHOM WE DISCLOSE YOUR INFORMATION
We work with third parties to help manage our business and deliver services. We and our service providers (as defined below) disclose and share your personal data:
Any access to such information will be limited to the purpose for which such information was provided to us or our service providers, as explained in the "How we use the information we collect" section above.
KPF offices and service providers are located throughout the world. Accordingly, your personal data may be sent to countries which have different levels of data protection laws than your country of residence. For instance, if you inquire about services we provide in outside the UK, we will forward your enquiry to our office in such countries. We may also make other disclosures of your personal data overseas, for example if we receive a legal or regulatory request from a foreign law enforcement body. KPF complies with all applicable laws before transferring personal data to a recipient in a country with data protection laws that do not have a data protection standard equivalent to the laws where you live.
We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests:
We will, upon request, provide you with further details regarding the categories of recipient of your personal data and the countries to which it may be transferred. You have the right to ask us for more information about the safeguards we have put in place as mentioned above. Contact us as set out in “Contact Us” Section if you would like further information.
HOW WE PROTECT AND STORE YOUR INFORMATION
We take the security of the information we collect seriously. We have implemented and we maintain technical and organisational security measures, policies and procedures intended to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to such information appropriate to the nature of the data concerned. Some of the steps we take are: placing confidentiality requirements on our staff members and service providers; destroying or permanently anonymising personal data if it is no longer needed for the purposes for which it was collected.
RETENTION OF YOUR PERSONAL DATA
We will retain your personal data for as long as is reasonably necessary for the purposes for which it was collected, as explained in this notice. In some circumstances it may be retained for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements.
In specific circumstances we may retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
Where we have obtained your personal data in order to provide you with marketing information for our services, it will be stored by us only as long as you do not change your mind to receive such materials from KPF. In order to avoid future contact with you for marketing purposes, we maintain a marketing suppression list which we apply to records in our care. Where your personal data is no longer required we will ensure that it is securely deleted.
LINKS AND THIRD-PARTY WEB SITES
YOUR RIGHTS AND HOW TO OPT OUT OR REQUEST CHANGES
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal data as follows.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us. We will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
NOTIFICATION OF CHANGES
We recommend that you check this notice every time you visit our site or provide us with your personal data offline as we may update this notice from time to time. Any changes will be effective when posted and your continued use of the site or not objecting to the use of your personal Data will indicate your acknowledgement of any changes.
Questions regarding this Notice
If you have questions concerning this notice, please contact our privacy team at firstname.lastname@example.org. Our senior privacy representative is the Firmwide IT Principal.