Last Updated: December 31, 2019
Data Protection Highlights
Thank you for visiting KnowBe4.com, kb4compliance.com, hackbusters.com, and all of their subdomains and aliases (collectively, the “Website” or “Site”). These data protection highlights (”Highlights”) are intended to provide you with a few key highlights from our data protection notices and will tell you how KnowBe4, Inc. (“KnowBe4”, “we”, “our”, or “us”) uses Personal Data (as defined below) collected at this Site. Our data protection notices will provide you with more detail on KnowBe4’s global data protection practices. We encourage you to visit those notices for a more in-depth explanation of our data protection practices.
What is Personal Data?
“Personal Data” means any personally identifiable information that can be linked back to you such as your name, address, date of birth, phone number, and email address.
How Does KnowBe4 Collect Personal Data?
We collect Personal Data when you visit our Site, submit information through our submission forms, contact us, send information to us directly, or upload information to our technology platforms. We also receive Personal Data collected by our affiliates, channel partners, service providers, and other third party providers.
How KnowBe4 Uses Personal Data
KnowBe4 uses Personal Data to respond to your inquiries, to provide marketing materials to you, to run our technology platform(s), to improve our services, for hiring/employment purposes, to comply with legal obligations, and as otherwise described in our data protection notice(s) and applicable agreements for services.
If you are not a customer or an end user:
If you are not a customer or an end user, please email email@example.com to access, amend, delete, rectify, withdraw consent, or object to the processing of your Personal Data. Our data protection notices have more information about these options.
If you are a customer or an end user:
If you are an end user and your organization uses the KnowBe4 platform, we recommend you reach out to your Account Owner (as defined in the Product Privacy Notice) to exercise your rights. You may also email firstname.lastname@example.org and we will reach out to your Account Owner for you. Please see our Product Privacy Notice for more information about these options.
If you would like more information on our data protection practices, you can review our full data protection notices contained on this Site.
Please direct any complaints, requests or inquiries to email@example.com. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA or other applicable jurisdictions, you have the right to lodge a complaint with the competent supervisory authority.
Thank you for visiting KnowBe4.com, kb4compliance.com, hackbusters.com, and all of their subdomains and aliases (collectively, the “Website” or “Site”). KnowBe4 is committed to protecting your privacy. This Website Privacy Notice (the “Website Privacy Notice”) tells you how KnowBe4, Inc. (“KnowBe4”, “we”, “our”, or “us”) uses Personal Data (as defined below) collected at this Site.
The data protection practices set forth in this Website Privacy Notice are for websites owned by KnowBe4. The Site may contain links to other websites, applications, or services maintained by third parties. If you visit any of these third party websites, applications, or services, please review the data protection related notice(s) posted at those websites as the information practices of such other third parties are governed by those third parties’ data protection notice(s).
By using this Site, you are accepting the practices described in this Website Privacy Notice. If you do not agree with the data practices provided in this Website Privacy Notice, you should not use the Site or other websites owned by KnowBe4. We encourage you to periodically review this Website Privacy Notice to stay informed about our collection, processing and sharing of your Personal Data. Your continued use of this Site after we make changes to the Website Privacy Notice is deemed to be acceptance of those changes.
KnowBe4 is the controller of your Personal Data as described in this Website Privacy Notice, unless expressly specified otherwise.
For the avoidance of doubt, this Website Privacy Notice does not apply to the extent we process Personal Data in the role of a processor on behalf of our customers.
What This Notice Covers
This Website Privacy Notice applies to the processing of Personal Data collected by us when you:
Personal Data KnowBe4 Collects
“Personal Data”, as defined by the General Data Protection Regulation (“GDPR”) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
The Personal Data that we collect directly from you includes the following:
When you voluntarily submit information through our submission form, you expressly consent to the collection, use, and disclosure of your Personal Data in accordance with this Website Privacy Notice. You can withdraw your consent at any time by emailing firstname.lastname@example.org.
You may provide information to be published or displayed on public areas of the Website or transmitted to other users of the Website or third parties (“User Contributions”). Your User Contributions are posted and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
Visitors under the age of 16
Our Website is not intended for persons under the age of 16. Thus, we do not intentionally gather Personal Data from visitors who are under the age of 16. If you are under the age of 16, please do not submit your Personal Data via our submission forms.
Personal Data we collect from other sources
We also collect information about you from other sources, including third parties from whom we have purchased Personal Data, and combine this information with Personal Data we collect, or as otherwise provided by you. This helps us to update, expand, and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. In particular, we collect Personal Data from third party providers of business contact information, including mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media profiles, LinkedIn URLs and custom profiles, for purposes of targeted advertising, delivering relevant email content, event promotion, sales/marketing, business intelligence, and profiling.
Cookies and Other Identifiers
We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons and similar technologies to automatically collect information that may contain Personal Data from your computer or mobile device as you navigate our Site, use our services or interact with emails we have sent to you.
Cookies, web beacons and other tracking technologies on our website and in email communications
Pages of our Website may contain small electronic files known as web beacons (also referred to as clear gif, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or for other related website statistics (for example, recording the popularity of certain Website content and verifying system and server integrity).
Please review our Cookie Notice to see the types of cookies we use.
Notices on behavioral advertising and opt-out for Website visitors
We use Microsoft to collect Personal Data from our Site to provide Bing Ads. Please review Microsoft’s Privacy Statement to learn more about Bing Ads.
If you would like more information on the technologies that we use on our Website, please contact email@example.com.
How We Use Your Personal Data
We collect and process your Personal Data for the purposes and on the legal bases identified in the following (where we act as a controller of your Personal Data):
Where we have obtained your consent:
Where we have entered into a contract:
Where we have not entered into a contract with you, or obtained your consent, or have stated that another legal basis shall apply then legitimate interest is the legal basis for the following processing activities:
KnowBe4 processes and discloses Personal Data when cooperating with the appropriate regulatory and government authorities. When KnowBe4 processes Personal Data for this purpose, the legal basis for processing shall be for compliance with a legal obligation to which KnowBe4 is subject.
Who Do We Share Personal Data With?
We may occasionally use third-party businesses to provide products and perform specialized services for data processing. When we provide Personal Data to these businesses, they are not permitted to use the Personal Data for any reason outside of the scope for which we contracted them.
The ways in which we may share your Personal Data include the following:
KnowBe4 reserves the right to disclose your Personal Data under the following conditions: (1) when permitted or required by law; (2) when trying to protect against or prevent actual or potential fraud or unauthorized transactions; or (3) when investigating suspected fraud which has already taken place.
Sale of Personal Data
KnowBe4 will never sell your Personal Data.
International Transfers of Personal Data
Your Personal Data may be collected, transferred to, and stored by us in the United States and by our affiliates in other countries where we operate.
Therefore, your Personal Data may be processed outside the European Economic Area (EEA), and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection as the EEA. In this event, we will ensure that the recipient of your Personal Data offers an adequate level of protection, for instance by entering into an agreement to abide by standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR), or another mechanism approved by the EU Commission. KnowBe4 is also EU-US Privacy Shield Certified for the lawful transfer of data to the United States.
Data Security and Retention
Your Personal Data is kept secure. Only authorized employees, agents, and contractors (who have agreed to keep information secure and confidential) have access to this information.
We (and our third-party service providers) use a variety of industry standard security measures to prevent unauthorized access, use, or disclosure of your Personal Data. These security measures consist of but are not limited to data encryption and physical security. No method of transmission or method of electronic storage over the internet is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
KnowBe4 will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Website Privacy Notice unless a longer retention period is required by applicable data privacy law.
We take reasonable steps to ensure that your Personal Data is accurate, complete, current, and otherwise reliable for its intended use.
If KnowBe4 obtains knowledge that one of our service providers or employees is in violation of this Website Privacy Notice, KnowBe4 will take commercially reasonable steps to prevent the unauthorized use or disclosure of your Personal Data. KnowBe4 takes data privacy seriously. Therefore, we agree to take commercially reasonable measures to ensure the proper handling of your Personal Data by our employees and service providers.
You have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws and, in particular, if you are located in the EEA, these rights may include:
How to exercise your rights
To exercise your rights, please contact us at firstname.lastname@example.org.
EU-U.S. and Swiss Privacy Shield Framework
With the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom and Switzerland to the United States, respectively. KnowBe4, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Website Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
KnowBe4, Inc. is responsible for processing of the personal data that it receives, under the Privacy Shield framework, and subsequently transfers to a third party acting as an agent on its behalf. KnowBe4, Inc. complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, KnowBe4, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, KnowBe4, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, KnowBe4 commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact KnowBe4 at: email@example.com.
Under certain conditions, more fully described on the Privacy Shield website (https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
California Consumer Protection Act
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA.”
We do not provide services, or other items of value, as consideration for your, or your end users’, personal information protected by the CCPA.
You are responsible for ensuring your compliance with the requirements of the CCPA in your use of the services we provide to you and your own processing of personal information.
Here are a few things that KnowBe4 will NOT do with personal information in the scope of acting as a service provider, as defined by CCPA:
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this personal information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at firstname.lastname@example.org. We will verify your request using the information associated with your account, including email address. Consumers can also designate an authorized agent to exercise these rights on their behalf.
KnowBe4 agrees to act in compliance with the United States CANSPAM Act. In order to comply, we have taken appropriate measures for our commercial electronic messages (including emails). You can learn more about the CANSPAM act by visiting the FTC official website by following this link https://www.ftc.gov/.
PIPEDA and Canadian Anti-Spam Legislation (CASL)
We protect and use your information by observing principles and guidelines in the Personal Data Protection and Electronic Documents Act and Canada's Anti-Spam Legislation. We obtain either express or implied consent, or use other lawful mechanisms, in order to send commercial electronic messages as is defined by CASL. If KnowBe4 seeks to use your Personal Data for a new purpose, we will contact you to obtain the appropriate consent. If you choose to opt-out of receiving our emails, you will be unsubscribed upon your request.
To exercise your rights regarding your Personal Data, or if you have questions regarding this Website Privacy Notice or our privacy practices please send an email to email@example.com. Alternatively, you may send notice by way of mail at the address listed below:
33 N Garden Avenue, Suite 1200
Clearwater, FL 33755, USA
Attn: KnowBe4 Privacy Team
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA, you have the right to lodge a complaint with the competent supervisory authority.