What is personal information?
“Personal Information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal Information may include the following: name, address, date of birth, gender and contact data (i.e. e-mail address, telephone number and employer name).
We may also collect information that is related to you but that does not personally identify you (“Non-personal Information”). Non-personal Information also includes information that could personally identify you in its original form, but that we have modified (for instance, by aggregating, anonymizing or de-identifying such information) in order to remove or hide any Personal Information.
- Visitors to, or users of, its websites
- Prospective and current customers using Kinaxis services
- Service providers and business partners
- Prospective and current employees
- Other third-parties that it interacts with
Personal information collected by Kinaxis
1. Information Provided to Kinaxis for by Kinaxis Customers for Services
Kinaxis collects Personal Information about you, a customer of Kinaxis, in connection with our services according to what is provided by customers using our services and in order for us to provide these services to you. Kinaxis processes the Personal Information transferred by customers strictly in accordance with the respective agreement between us and the applicable customer and pursuant to the instructions of the customer.
2. Information Provided to Kinaxis for Employment Reasons
Kinaxis collects and processes Personal Information obtained directly from current or prospective employees for the purposes of human resource management including hiring, deployment, compensation, benefits, leave management, performance management, discipline and termination, as well as emergency contact. Kinaxis collects Personal Information as required by taxation law and as necessary to manage the workforce and contact employees, which may include:
- Full name and social security number
- Personal address
- Birth date
- Work schedule
- Hours worked
- Wages, including basic, overtime and incentive pay
- Total earnings
- Legally applicable deductions
- Date of payment and the pay period covered by the payment
- Performance assessment
- Date of end of employment
- Disciplinary measures and termination as the case may be
Should diversity and equality programs bring Kinaxis to collect special categories of data, such as ethnicity or race to ensure fair representation in its workforce, it would be voluntary and with the express consent of the employee.
3. Information Collected Automatically by Kinaxis
Kinaxis may collect Technical Information about you when you visit our website, which your web browser automatically sends whenever you visit a website on the Internet. "Technical Information" is information that does not, by itself, identify a specific individual but which could be used to indirectly identify you. Our servers automatically record this information, which may include your Internet Protocol ("IP") address, browser type, browser language, and the date and time of your request. Gathering your information helps us ensure our websites and other services work correctly and support out customer analytic efforts.
In order to obtain access to portions of the Kinaxis website, Kinaxis may ask you to complete a registration form that identifies Personal Information or solicits comments. Upon registration, email and other Personal Information is collected to allow the interface with the user. This is done with express consent of the user, prompted by a request to agree.
Email communication: We use pixel tags and cookies in our marketing emails so that we can track your interaction with those messages, such as when you open the email or click a URL link that’s embedded within them. When recipients click on one of those URLs, they pass through a separate web server before arriving at the destination page on a company website. We use tools like pixel tags and cookies so that we can determine interest in particular topics and measure and improve the effectiveness of our communications.
Cookies and Similar Technologies: We may collect information about your use of our websites through cookies and similar technology. A "cookie" is a unique numeric code that we transfer to your computer so that we can keep track of your interests and/or preferences and recognize you as a return visitor to the websites. For example, we may use these technologies to collect information about the ways visitors use our websites, to support the features and functionality of our websites, and to personalize your experience when you use our websites.
Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may not have access to all features available through our websites. For more information, visit the help page for your web browser or see www.allaboutcookies.org.
Please note that if you disable your web browser's cookies and other technologies, certain features of our website and services will be disabled and you will limit the functionality we can provide when you visit our site.
4. Information Collected from Social Media Applications
5. Information Collected from Other Sources
Kinaxis may also collect information about you from other sources to help us correct or supplement our records, improve the quality or personalization of our services to you, and prevent or detect fraud. In order to provide services to you and improve Kinaxis’ website, we may engage the services of third-party vendors. In the process of supplying services to Kinaxis, these third-party vendors may need to collect Personal Information about you.
Permitted use of personal information
Kinaxis uses your Personal Information to provide you products and services, such as to fulfill your requests for products or to help us personalize our offerings to you. We also use your Personal Information to support our business functions, such as fraud prevention, marketing, and legal functions. To do this, we combine personal and non-Personal Information, collected online and offline, including information from third party sources.
- Fulfill Requests: To fulfill your requests for products and services and communicate with you about those requests;
- Understand Customer Behavior: To better understand customer behavior so that we may improve our marketing and advertising efforts and to improve the distribution of our products and services;
- Personalize Offerings: To help us personalize our service offerings, websites, mobile services, and advertising;
- Protection: To protect the security and integrity of our websites, mobile services, and our business;
- Legal: To comply with legal and/or regulatory requirements;
- Responding to Customer: To respond to reviews, comments, or other feedback you provide us;
- Employment Applications: In connection with a job application or inquiry, you may provide us with data about yourself, including your educational background or resume and other information, including your ethnicity where required or permitted by law. We may use this information throughout Kinaxis, its subsidiaries and affiliates, and its joint ventures for the purpose of employment consideration.
- Promotional Messaging or Advertising: With your consent, Kinaxis uses your contact information to recommend products and services that might be of interest to you, to send you marketing and advertising messages such as newsletters, announcements, or special offers or to notify you about our upcoming events. If, at any time, you would like to discontinue receiving any such email updates, you may unsubscribe by following the unsubscribe instructions included in each promotional email.
Disclosure of personal information
Kinaxis does not sell or otherwise disclose the Personal Information it holds to third parties, except for the following exceptional circumstances:
- Third Parties: Kinaxis will not rent or sell your Personal Information to others but may disclose Personal Information with third-party vendors and service providers that work with Kinaxis. We will only share Personal Information to these vendors and service providers to help us provide a product or service to you at your request and in accordance with our respective agreement. We will ensure appropriate contractual clauses are in place to ensure compliance with data protection legislation.
- Business Purposes: In a prospective business transaction, Kinaxis may disclose Personal Information where Kinaxis has entered into an agreement that restricts the use and disclosure of that data solely for purposes related to the transaction, protects the data by security safeguards appropriate to the sensitivity of the information, and if the transaction does not proceed, the data is returned to Kinaxis or destroyed within a reasonable time. With respect to employee data, Kinaxis may disclose Personal Information if it is necessary to establish, manage or terminate an employment relationship, as allowed by law.
- Legal and Safety Reasons: Kinaxis may be required to disclose Personal Information to law enforcement agencies, government agencies, or legal entities. We may disclose information by law, litigation, or as a matter of national security to comply with a valid legal process including subpoenas, court orders or search warrants, and as otherwise authorized by law. We may also need to disclose Personal Information in the event of an emergency that threatens an individual's life, health, or security. If the data requested is held on behalf of a customer, Kinaxis will consult the customer unless it is prohibited to do so by law. Kinaxis may be required to disclose information without your consent or knowledge if: (i) it is reasonable to expect that disclosure with your knowledge or consent would compromise an investigation of a breach of an agreement or a contravention of the law; (ii) it is reasonable for the purposes of preventing, detecting or suppressing fraud and it is reasonable to expect that the disclosure with your knowledge or consent would compromise the ability to prevent, detect or suppress the fraud; (iii) it is necessary to identify an individual who is injured, ill or deceased to a government institution or the individual’s next of kin or authorized representative and, if the individual is alive, with notification to the individual.
Onward transfer liability
In cases of onward transfer to third parties of your Personal Information, Kinaxis is potentially liable. In particular, Kinaxis remains responsible and liable under GDPR if third-party agents that it engages to process the Personal Information on its behalf do so in a manner inconsistent with its principles, unless Kinaxis proves that it is not responsible for the event giving rise to the damage.
Security measures taken to protect personal information by kinaxis
Security of all information is of the utmost importance for Kinaxis. Kinaxis uses technical safeguards such as encryption, physical safeguards such as secure areas, and organizational measures such as access controls and due diligence to protect the security of your Personal Information from unauthorized disclosure. Data held on behalf of Kinaxis’ customers is secure and available only to registered users in the customer’s organization.
We also make all attempts to ensure that only necessary people and third parties have access to Personal Information. We require that our third party service providers and channel partners agree to keep all confidential information we share with them and to use the information only to perform their obligations in the agreements we have in place with them. These third party service providers and channel partners are expected to maintain privacy and security protections that are consistent with Kinaxis’ privacy and information security policies.
Data retention and storage
All Personal Information is retained only for as long as it is necessary for the purposes for which it was collected or transferred. Kinaxis retains your information for business purposes, for as long as your account is active, and/or as long as is reasonably necessary to provide you with our products and services. Kinaxis will also retain your information as reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements. We may also retain cached or archived copies of your information for a reasonable period of time. At any point in time, you can withdraw consent and we will immediately stop processing your data.
International transfer of personal information
Kinaxis may share customer information within our family of companies for a variety of purposes, for example to provide you with the latest information about our products and services and offer you our latest promotions. To facilitate our global operations, Kinaxis may transfer Personal Information from your home country to other Kinaxis locations across the world. To protect your Personal Information, we will only transfer data to countries who provide an "adequate" level of Personal Information protection. If the data is transferred to counties without 'adequate' protection as determined by the European Parliament, we will use additional safeguards to ensure your data is protected.
- Right of Access: At any point in time, you can confirm your Personal Information is being processed and request to access your Personal Information.
- Right to Consent: Before collecting and using your Personal Information, Kinaxis will obtain consent. At any point in time, you can revoke consent and Kinaxis will stop using and processing your Personal Information.
- Right to Erasure: You have the right to request Kinaxis erases all of your Personal Information on a number of grounds, including if the data is no longer necessary for its original purpose or if you withdraw consent. If Kinaxis receives a request, we will inform all third parties who have the data of this request.
- Right to Rectification: If any Personal Information is inaccurate or incomplete, you can request Kinaxis corrects the data. When this occurs, Kinaxis will notify third parties who have access to the data of the change.
- Right to Restrict Processing: Even if Personal Information is still stored by Kinaxis, now or in the future, you can request Kinaxis stops using or processing your data.
- Right to Object: You have the right to object to your Personal Information being processed for profiling, direct marketing, scientific research, and statistics.
- Rights Related to Automatic Decision Making and Profiling: At any point in time, you can contact a Kinaxis representative to express your point of view, challenge an explanation of data use, or otherwise obtain further information on automatic data processing.
- Right to Data Portability: You have the right to transfer your Personal Information from one electronic processing system to another without being prevented from doing so by Kinaxis' data processor.
Kinaxis’ response to a data request and/or security breach
In regard to the aforementioned rights to voice questions, make requests regarding your data privacy or withdraw consent, we will respond to your request within 30 days. In some cases, however, we may limit or deny your request if: the law permits or requires us to do so, if it infringes on the privacy of other individuals or internal procedures, if we find the request to be unfounded or excessive or if we are unable to verify your identity.
If the volume or complexity of the request requires internally processing at Kinaxis beyond 30 days, Kinaxis will inform the requester within 30 days of the reasons for an extension and may charge a reasonable fee to cover administrative costs.
Security of all information is of the utmost importance for Kinaxis. Kinaxis uses technical and physical safeguards to protect the security of your Personal Information from unauthorized disclosure. We use encryption technology to keep all information secure. We also make all attempts to ensure that only necessary people and third parties have access to Personal Information. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of Personal Information and, unless otherwise agreed in a written agreement between Kinaxis and the applicable party, we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. In the case of a data breach, we will notify you without undue delay of any loss, misuse or alteration of Personal Information that may affect you. We will notify relevant regulatory bodies within 72 hours of a breach.
Last updated: May 23, 2018