This website uses cookies to improve site functionality and to provide you with a better browsing experience. You can learn more about our use of cookies on the website by reading our Cookie Notice. By using this website or clicking OK, you consent to the use of cookies.

OK
 

KPF Privacy Notice

Notice last updated: 5 August 2019

This Privacy Notice ("Notice") is adopted by KPF and associated companies which directly or indirectly are controlled by KPF. You can contact us using the information in the contact us section.

KPF intends to comply with all privacy regulations that apply in the territories in which the company operates.

This Notice provides you with information about:

  • Who we collect information from and the information we collect
  • How we use the information we collect
  • Who we disclose your information to
  • International transfers
  • How we protect and store your information
  • Retention of your personal data
  • How this notice applies to links and third-party websites
  • Your rights relating to your personal data
  • How we notify you of changes to this privacy policy

European Union Privacy Protection (General Data Protection Regulation EU 2016/679)

KPF abides by the requirements of the European General Data Protection Regulation EU 2016/679 regarding the protection of the rights and freedoms of data subjects and their personal identifiable information.

EU-US Privacy Shield

KPF New York has registered with the EU-US Privacy Shield to establish and maintain an adequate level of Personal Data privacy protection when processing Personal Data that it obtains from any individual located in the European Union and when such Personal Data is exported or processed in the United States of America by KPF.

Privacy Shield Principles

"Privacy Shield Principles" means the principles issued by the US Department of Commerce and contained in Annex II to the European Commission’s decision of July 12, 2016 on the adequacy of the protection provided by the EU-US Privacy Shield.

Compliance to the EU-US Privacy Shield

KPF New York complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from individual data subjects in the European Union.

KPF New York has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, and accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Privacy Principles, the Privacy Shield Privacy Principles shall govern to the extent of the conflict. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.

All KPF employees who handle Personal Data from the European Union are required to comply with the Principles stated in this Policy.

Accountability for Onward Transfer

KPF discloses personal data that it collects to its customers for employment screening, due diligence, or similar purposes. KPF may disclose personal data to its service providers. KPF may also be required to disclose personal data in response to lawful requests by public authorities, including disclosures to meet national security or law enforcement requirements. KPF's disclosure of personal data to third parties is governed by the Notice and Choice Principles described above, and, for the purpose of providing consumer reports to third parties, KPF complies with FCRA requirements.

When transferring personal data to our customers or other third-party controllers (i.e., entities that will control how personal data is processed), we comply with the Notice and Choice Principles as described above. Consistent with Privacy Shield requirements for onward transfer compliance, KPF will enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles and will notify the organisation if it makes a determination that it can no longer meet this obligation. The contract shall provide that when such a determination is made, the third party controller ceases processing or takes other reasonable and appropriate steps to remediate.

As noted above, KPF may transfer personal data to service providers acting on its behalf. In such cases, consistent with Privacy Shield requirements for onward transfer compliance, KPF will

  1. transfer such data only for limited and specified purposes;
  2. ascertain that the service provider is obligated to provide at least the same level of privacy protection as is required by the Privacy Shield Principles;
  3. take reasonable and appropriate steps to ensure that the service provider effectively processes the personal data transferred in a manner consistent with KPF's obligations under the Principles;
  4. require the service provider to notify the organisation if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles;
  5. upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorised processing;
  6. provide a summary or a representative copy of the relevant privacy provisions of its contract with that service provider to the Department of Commerce upon request.

Furthermore, in cases of onward transfer to third parties of Personal Data received pursuant to the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, KPF is potentially liable.

In the context of an onward transfer KPF has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. KPF shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless KPF proves that it is not responsible for the event giving rise to the damage.

Recourse, Enforcement and Dispute Resolution

KPF internally monitors and assesses our compliance with our Privacy Shield Privacy statement and our Privacy Shield obligations.

Should you have an inquiry or complaint, you may contact us using the mailing or email address below and we will address your compliant in line with the Principles of the EU-US Privacy Shield.

In the case of European Union citizens’ data, KPF has agreed to cooperate with the applicable European Data Protection Authority created for that purpose and has an appointed representative in the European Union.

Individuals also may be able to invoke binding arbitration, under certain circumstances where permitted by the Privacy Shield programme, if the individual believes there has been a violation of Privacy Shield requirements that has not been appropriately addressed by KPF.

KPF's compliance with its Privacy Shield obligations also is subject to investigation and enforcement by the U.S. Federal Trade Commission. KPF also is required by the Privacy Shield program to respond promptly to inquiries and requests for information from the U.S. Department of Commerce.

Public Record and Publicly Available Information

In accordance with Privacy Shield, in cases where KPF discloses public records or publicly available information from the EU without combining that information with non-public information, our general policies on Notice, Choice, and Accountability for Onward Transfer may not apply.

WHO WE COLLECT INFORMATION FROM AND THE INFORMATION WE COLLECT

We process personal data relating to:

  • Visitors to our web site;
  • Representatives of prospective and existing customers.
  • Representatives of suppliers / business partners.
  • Employment applicants

The information that we process is listed below:

Visitors to our web site

We collect personal data such as your name, address, telephone number, or email address when you voluntarily submit it through a site form or an email sent to one of our contact email addresses. Other information that may also constitute personal data (such as your browser type, operating system, IP address, domain name, number of times you visited the Site, dates you visited the Site, and the amount of time you spent viewing the Site) may be collected via cookies and other tracking technologies (such as transparent GIF files). Aggregate information (such as how many times visitors log onto this Site) may also be collected.

Representatives of prospective and existing clients

We process personal data of clients of KPF to develop and maintain our business relationships. This includes; Name, Company Address, Contact Telephone Numbers, Email Address and Title.
Personal data will also be processed by us when you enter into a contract with us or contact us to make enquiries or complaints via telephone, email or by post. We will also collect your business contact details if you attend meetings or events or sign up to our newsletters.

Representatives of suppliers and business partners

We may collect, store and process personal data of suppliers / business partners of KPF in order to manage our business relationship with you. This includes; Name, Company Address, Contact Telephone Numbers, Email Address and Title.

Personal data will also be processed when you enter into a contract with us, in the event that you work with us on a client project, if you attend meetings or events with us or sign up to our newsletters.

Employment applicants

We will process personal data of employment applicants when you apply for a position with KPF. This includes; Name, Home Address, Contact Telephone Numbers, Email Address, Education and Employment History.

Personal data will also be processed when you attend an interview and as part of the selection process. In addition, your details will be held on file with your consent if you wish to be considered for similar positions that arise in the next year in the event that you are unsuccessful with in your initial application.

HOW WE USE THE INFORMATION WE COLLECT

Legal basis for collecting and using your personal data

Where relevant under applicable laws, the use of your personal data will be justified by at least one condition for processing. In the majority of cases this condition will be that:

  • You have provided your consent to us using the personal data in that way, for example where you provide us with consent to send you marketing communication about our products and services;
  • Our use of your personal data is in our legitimate business interest as a commercial organisation, provided it is conducted at all times in a way that is proportionate, and that respects your privacy rights;
  • Our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you (e.g. to manage your account); and/or
  • Our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have.

The purposes for which we use your personal data

Your personal data will not be used for any other purpose than provided by this notice. We will use the information you supply:

  • To answer your specific enquiry or respond to your complaints.
  • For our general business purposes, such as the administration of your account, to invite you to events, deal with your queries or for marketing or sales purposes;
  • In connection with a proposed or actual sale, merger or transfer of all or a portion of the business;
    To satisfy legal or regulatory requirements;
  • As otherwise described in this notice; and
  • To send you relevant information on the services that we provide.

TO WHOM WE DISCLOSE YOUR INFORMATION

We work with third parties to help manage our business and deliver services. We and our service providers (as defined below) disclose and share your personal data:

  • Among KPF and our Affiliates;
  • To third party service providers (“Service Providers”) that perform services for us or on our behalf (including those which may process job applicant information, host investor relations content, provide courier services, help manage our IT and back office systems, or distribute marketing materials ). Such service providers are required under their contract with us, to handle your personal data in accordance with applicable laws and principles related to privacy and data protection;
  • To a third party in connection with a proposed or actual sale, merger, or transfer of all or a portion of a business or division; and
  • To other persons where we are under a legal obligation to disclose your personal data, and only as permitted or required by applicable law or regulation. Such disclosure could be made to courts, to respond to lawful requests by public authorities, regulators and law enforcement agencies in the European Union and around the world or to protect and defend our rights or property.

Any access to such information will be limited to the purpose for which such information was provided to us or our service providers, as explained in the "How we use the information we collect" section above.

INTERNATIONAL TRANSFERS

KPF offices and service providers are located throughout the world. Accordingly, your personal data may be sent to countries which have different levels of data protection laws than your country of residence. For instance, if you inquire about services we provide in outside the UK, we will forward your enquiry to our office in such countries. We may also make other disclosures of your personal data overseas, for example if we receive a legal or regulatory request from a foreign law enforcement body. KPF complies with all applicable laws before transferring personal data to a recipient in a country with data protection laws that do not have a data protection standard equivalent to the laws where you live.

We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests:

  • We will only transfer your personal data to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights,
  • Transfers between KPF, its subsidiaries and its Affiliates will be covered by intra-group data transfer agreements (based on EU Commission approved standard contractual clauses) which gives specific contractual protections designed to ensure that your personal data receives an adequate and consistent level of protection wherever it is transferred within KPF.
  • KPF complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. KPF has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
  • We are also further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland and you may have the possibility to engage in binding arbitration through the Privacy Shield Panel.
  • Transfers to service providers and other third parties will always be protected by contractual commitments and where appropriate further assurances, such as certification schemes such as Privacy Shield.
  • Any requests for information we receive from law enforcement or regulators will be carefully checked before personal data is disclosed

We will, upon request, provide you with further details regarding the categories of recipient of your personal data and the countries to which it may be transferred. You have the right to ask us for more information about the safeguards we have put in place as mentioned above. Contact us as set out in “Contact Us” Section if you would like further information.

HOW WE PROTECT AND STORE YOUR INFORMATION

We take the security of the information we collect seriously. We have implemented and we maintain technical and organisational security measures, policies and procedures intended to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to such information appropriate to the nature of the data concerned. Some of the steps we take are: placing confidentiality requirements on our staff members and service providers; destroying or permanently anonymising personal data if it is no longer needed for the purposes for which it was collected.

RETENTION OF YOUR PERSONAL DATA

We will retain your personal data for as long as is reasonably necessary for the purposes for which it was collected, as explained in this notice. In some circumstances it may be retained for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements.

In specific circumstances we may retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.

Where we have obtained your personal data in order to provide you with marketing information for our services, it will be stored by us only as long as you do not change your mind to receive such materials from KPF. In order to avoid future contact with you for marketing purposes, we maintain a marketing suppression list which we apply to records in our care. Where your personal data is no longer required we will ensure that it is securely deleted.

LINKS AND THIRD-PARTY WEB SITES

In addition to the information collected offline, this notice applies to the personal data collected on this site. This site includes links to non-affiliated web sites. We advise you to familiarise yourself with the individual privacy notice and other terms for each linked web site prior to submitting your personal data to them. We are not responsible for and do not have control over their terms of use or privacy notices, have not reviewed them and we do not accept any liability with respect to the content of these web sites or how they use, store or secure your personal data.

YOUR RIGHTS AND HOW TO OPT OUT OR REQUEST CHANGES

Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal data as follows.

  • To access a copy of your personal data
  • To rectify / erase personal data
  • To restrict the processing of your personal data
  • To withdraw consent for processing personal data
  • To transfer your personal data
  • To object to the processing of personal data
  • To object to how we use your personal data for direct marketing purposes
  • To obtain a copy of safeguards used for transfers outside your jurisdiction
  • To lodge a complaint with your local supervisory authority

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us. We will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

NOTIFICATION OF CHANGES

We recommend that you check this notice every time you visit our site or provide us with your personal data offline as we may update this notice from time to time. Any changes will be effective when posted and your continued use of the site or not objecting to the use of your personal Data will indicate your acknowledgement of any changes.

Questions regarding this Notice

If you have questions concerning this notice, please contact our privacy team at privacy@kpf.com. Our senior privacy representative is the Firmwide IT Principal.