DATA PRIVACY FRAMEWORK NOTICE
Last Updated September 26th 2023
Kinetico respects your privacy. This Data Privacy Framework ("Notice") describes our standards and procedures for handling Personal Information transferred from our European offices (Denmark, France, UK, Belgium and Spain) to the U.S. in accordance with Kinetico’s obligations under the EU-U.S. Data Privacy Frameworks.
Data Privacy Framework Principles
- Kinetico’s Privacy Statement (“Privacy Statement”), in combination with this Notice, describes our privacy practices with respect to Personal Information received from the European Union in reliance on the Privacy Framework.
Kinetico has subscribed to and will adhere to the EU-U.S. Data Privacy Frameworks by adopting and implementing the Privacy Framework Principles ("Principles"). More information about the Data Privacy Framework can be found at www.dataprivacyframework.gov. Our Privacy Framework certification can be found at Participant Search (dataprivacyframework.gov).
For the purposes of this Notice, "Personal Information" means any data relating to an identified or identifiable individual, including name, address, telephone number and e-mail address, and "processing" means any operation performed on Personal Information, such as, for example, collection, use, management, consultation or disclosure. This Notice supplements the Privacy Statement. Unless specifically defined in this Notice, the terms in this Notice have the same meaning as in the Privacy Statement. In case of conflict between this Notice and the Principles, the Principles will govern.
How We Obtain Personal Information. Our offices in Europe obtain information from consumers who are interested in purchasing or have purchased our equipment and services. This information is used within those offices to do business with consumers in those countries. When a consumer purchases equipment or services from our European offices, the record of that sale and record of warranty is transferred to our U.S. data center for the purpose of backups relating to Disaster Recovery and to aggregate the data for financial and sales reporting. Our U.S. operation does not sell or share EU consumer data with any third-party entity outside of Kinetico Incorporated and its European offices. Consumers should contact the local Kinetico office in the country they are located for inquiries about correcting, amending, or deleting their personal data on file. Consent for collection and processing of EU consumer data is obtained at various points of contact with consumers.
Kinetico commits to comply with the Principles with respect to all Personal Information received from the EU in reliance on the Data Privacy Framework.
- When a consumer fills out a contact form on one of our European websites, or enters into a contractual relationship for the purchase, lease or rental of equipment and/or services, the consumer is given the option to opt in to be contacted for future marketing campaigns from the local European office. The consumer data transferred to the U.S. is not sold or shared with any third-party companies. Should a consumer, later want to make changes to the use of their data, they can contact their local Kinetico office listed below and asked to opt out.
- Accountability for Onward Transfer of Personal Information. Kinetico uses some cloud based software to manage leads and consumer records. The cloud based software is GDPR compliant and is certified under the Data Privacy Framework. Kinetico does not sell or share any data to third-party entities. Kinetico contractually requires it’s cloud based software vendors be in compliance with GDPR and Data Privacy Framework. Kinetico is liable for onward transfer to third parties
CROSS-BORDER TRANSFERS OF PERSONAL DATA
In sharing your personal data with the third parties described above, we may transfer your personal data outside of the country in which your personal data originates.
Specifically, with respect to personal data originating in the European Union (EU), we may transfer your personal data outside of the European Economic Area (EEA). Whenever we transfer your personal data originating in the EU out of the EEA, where required by law or regulation, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the U.S., we may transfer data to them if they are part of the Data Privacy Framework which requires them to provide similar protection to personal data shared between the Europe and the U.S. For further details, see the section below regarding the EU-U.S. Data Privacy Framework.
- Data Integrity and Purpose Limitation. Any Personal Information we receive may be used by Kinetico for the purposes indicated in the Privacy Statement or as otherwise notified to you. We will not process Personal Information in a way that is incompatible with these purposes unless subsequently authorized by you.
We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the purposes for which it was collected, and to ensure that such Personal Information is reliable, accurate, complete and current. Individuals are encouraged to keep their Personal Information with Kinetico up to date and may contact Kinetico as indicated below or in the Privacy Statement to request that their Personal Information be updated or corrected.
We will retain your Personal Information in an identifiable form only for the period necessary to fulfill the purposes outlined in the Privacy Statement, unless a longer retention period is required or permitted by law or by the Principles. We will adhere to the Principles for as long as we retain the Personal Information collected under the Data Privacy Framework.
- Kinetico takes reasonable and appropriate precautions, taking into account the risks involved in the processing and the nature of the Personal Information, to help protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
- Where appropriate, individuals have reasonable access to their Personal Information and may request corrections, deletions, or additions where the Personal Information is inaccurate or has been processed in violation of the Principles. We may limit or deny access to Personal Information where providing such access is unreasonably burdensome or costly under the circumstances, or as otherwise permitted by the Principles. You may request access to your Personal Information by contacting us as described below.
- Recourse, Enforcement and Liability. Kinetico has established procedures to periodically verify implementation of and compliance with the Principles. Kinetico conducts an annual self-assessment of its practices regarding Personal Information intended to verify that the assertions Kinetico makes about its practices are true and that such practices have been implemented as represented.
In the instance of disputes, individuals are able to seek resolution of their questions or complaints regarding the processing of their Personal Information in accordance with the Principles. If an individual feels that Kinetico is not abiding by this Notice or is not in compliance with the Principles, he or she should first contact Kinetico at the contact information provided below.
If an issue cannot be resolved through Kinetico’s internal dispute resolution mechanism, you may submit a complaint to JAMS, which provides, at no cost to you, an independent third-party dispute resolution option based in the U.S. To contact JAMS and/or learn more about the company’s dispute resolution services, including instructions for submitting a complaint, please visit www.jamsadr.com/dpf-dispute-resolution. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles available here.
Lawful Requests. With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, Kinetico is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission and/or the U.S. Department of Transportation, as applicable. In certain situations, Kinetico may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements
Amendments. This Notice may be amended to be consistent with the requirements of the EU-U.S.. Data Privacy Frameworks. When we update this Notice, we will also revise the "Last Updated" date at the top of this document.
Questions or Complaints. If you have any questions, concerns or complaints regarding our privacy practices, or if you’d like to exercise your choices or rights, you can contact your local Kinetico office listed below. If you do not feel you have been able to resolve the matter with them, you may contact our U.S. Corporate Office. If you feel your issue relating to data privacy has still not been resolved, you may contact our third-party arbitration company.
Mail: Bridge House, Park Gate Business Centre Chandler's Way, Park Gate, Hampshire, SO31 1FQ England
Mail: Industrieweg Daelemveld 1026 B-3540 Herk-de-Stad Belgium
Mail: ZAC des Beaux Soleils Parc GViO d'Osny - Bâtiment 6 / hall 603 9 Chaussée Jules César 95520 Osny France
Mail: Kinetico Incorporated, Attn: Legal, P.O. Box 193, Newbury, Ohio 44065 USA
Independent third-party dispute resolution option based in the U.S.