Kenexis Integrated Safety Suite Privacy and Data Protection Policy

Last Updated February 15, 2019

This policy applies to all information collection through use of the Kenexis Integrated Safety Suite (KISS) and/or any related services (we refer to them collectively in the policy as “services” or “applications”.

When you use our applications and services you trust us with your personal information and data.  We take protection of your privacy and data very seriously.  In this policy we detail how we collect, use and protect your private information and data. We seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important.  If there are any terms in the privacy policy that you do not agree with, please discontinue use of our applications and services.

1.     What data do we collect?

We collect personal information and data that you voluntarily provide to us when registering for a Kenexis Integrated Safety Suite software license.

The data we collect can include the following:

Name and Contact Data:

We collection your first and last name and email address

Credentials:

We collect passwords, and similar security information used for authentication and account access.  All security essential data is encrypted before storing.  Security essential data is never stored as plain text.

Usage Statistics:

We collect statistics about the time you spend using KISS software, including which applications you are accessing and for how long.

Application Data:

We collect data voluntarily entered by you when working with KISS applications.  This includes, but is not limited to, data entered for the purpose of storing/tracking process safety information or performing engineering calculations.

2.     How do we use your data?

Name and Contact Data:

We use your name and contact information to distribute important announcements about product updates or server maintenance.

Credentials:

We use your credentials to securely grant you access to KISS software.

Usage Statistics:

We use your usage statistics to help identify software usage trends and to improve our products.

Application Data:

We do not use your application data.  Application data is collected for the sole purpose of your consumption.  We never view, process, share or profit from this data in any way outside the sharing policy stated in Section 3 of this policy.

3.     Will your data be shared with anyone?

In general, your information will not be shared.  We only share information with your consent, to comply with laws, to protect your rights or to fulfill business obligations.

We may process or share data based on the following basis:

Consent:

We may process your data if you have given us specific consent to use your data in a specific purpose.  For example, generating custom tabulations of data to meet your business needs.

Performance of a Contract:

Where we have entered into a contract with you, we may process your data to fulfill the terms of our contract.  For example, performing work for hire which requires accessing data that you have entering using our applications or services.

Legal Obligations:

We may disclose your data where we are legally required to do so in order to comply with applicable laws, governmental requests, a judicial processing, court order, or legal process such as in response to a court order or a subpoena.

Vital Interests:

We may disclose your data where we believe it is necessary to investigate, prevent or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person or illegal activities, or as evidence in litigation in which we are involved.

Business Transfers:

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of out business to another company.

4.     Do we use cookies and other tracking technologies?

We use cookies to store authentication information and session state while you are accessing our applications and services.  All Cookies are removed and/or invalidated after 30 minutes of inactivity or following a logout.

We do not use any other web tracking technologies.

5.     How long do we keep Your data?

We will only keep your data for as long as it is necessary for the purposes set out in this policy, unless a longer retention period is required by Legal Obligations as stated in Section 3.  All data will be stored 1 year past the termination of your software subscription agreement as detailed in the Kenexis Integrated Safety Suite Subscription Agreement.

At any point during, or after the termination of, your software subscription you have the right to request deletion of any, or all, of your data.

6.     How do we keep your data safe?

We have implemented appropriate technical and organizational security measures designed to protect the security of any data we process. However please also remember that we cannot guarantee that the internet itself is 100% secure.  Although we will do our best to protect your data, transmission of data to and from our applications and services is at your own risk.  You should only access our applications and services from a secure and trusted environment.

Technical security measures include, but are not limited to:

  • Appropriate authentication and authorization mechanisms to limit site access
  • Encryption of all network traffic between the client and webserver
  • Encryption of all session state and authentication cookies stored on the client
  • Blocking the execution of scripts which do not originate from the Kenexis domain
  • At-Rest database encryption
  • Active threat monitoring and response

Organizational security measures include, but are not limited to:

  • Limit database access only to those who require it for the purposes of performing their job
  • Frequent auditing and penetration testing performed by Kenexis ICS professionals

7.     Do we collect information from minors?

We do not knowingly solicit data from, or market to, children under 18 years of age.  By using our services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the services.  If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.  If you become aware of any data we have collected from children under age 18 please contact us at [email protected].

8.     What are your privacy rights?

If you are a resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority.  You can find their contact details here:  https://ec.europa.eu/info/law/law-topic/data-protection_en

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can contact us using the contact information provided.  Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases.  Your data may still be stored in database backup for up to one year following the termination required.  Your data may be recovered follow account termination in the event that it is required for legal obligations or vital interests as detailed in Section 3 of this policy.

Account Cookies

Most web browser are set to accept cookies by default.  If you prefer, you can usually choose to set your browser to remove cookies or to reject cookies.  If you choose to remove cookies or reject cookies, this could affect certain features or services of our applications. 

We do not store cookies containing any identifying information about you, or which could be used by other sites for marketing purposes.  All cookies stored by Kenexis applications are encrypted and removed within 30 minutes of the last use of the application.

Opting out of email marketing

You can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us using the details provided below.  You will then be removed from the marketing email list – however, we will still need to send you service-related emails that are necessary for the administration and use of your account.

 9.    Controls for do-not-track features

Most web browser and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected.  No uniform technology standard for recognizing and implementing DNT signals has been finalized.  As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.  If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this policy.

10.   Do we make updates to this policy?

We may update this policy from time to time.  The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible.  If we make material changes to this policy, we many notify you either by prominently posting a notice of such changes or by directly sending you a notification.  We encourage you to review this policy frequency to be informed of how we are protecting your information.

11.   How can you contact us about this policy?

If you have any questions or comments about this policy, you may email us at [email protected] or contact us by post at:

Kenexis Consulting Corporation

3366 Riverside Drive

Suite 200

Columbus, OH 43221

United States