“Personal Information” is personally identifiable information such as your name, address, date of birth, phone number, and email address. In scope of the products and services provided, the personal data that is generally collected is first name, last name, and business email address. We will not use information stored in our products for direct marketing.
Personal Information is collected by KnowBe4 when it is shared by your organization’s admin, or otherwise the account owner (the "Account Owner"), at the discretion of your organization. KnowBe4 collects the minimum information necessary to provide its products and services to you, and the information located in the platform will be uploaded by your "Account Owner".
Our products and services are not directed at, or intended by use by, minors under the age of 18. Therefore, you hereby represent and warrant that you will not share or disclose such data to KnowBe4 unless expressly agreed to in a signed writing by an authorized representative of KnowBe4.
Below are the two types of cookies that are used on KnowBe4’s platform for its products and services:
Session based cookies – These are only used to determine how long you remain on the Platform and immediately expire when you leave our Platform or logout.
Support cookies – These cookies allow us to track onboarding times and other metadata to provide better products and services to our users.
Most browsers are set up to accept cookies. If you choose, you may refuse to accept cookies or select that your browser notifies you when you receive a cookie.
Protected Health Information (PHI), Payment Card Information (PCI) and other Sensitive Information
When you send us an e-mail, or when you make an inquiry via e-mail, we collect your email address and the information necessary to identify you as the correct data subject.
An Account Owner is the data subject responsible for owning the product or service and delivering said service to members of his/her respective organization. When you or your Account Owner uploads information (such as emails) into our products and services, you and/or the Account Order acknowledge that it has been done in the discretion of the organization in which you or your Account Owner represent. In this scenario, the Account Owner’s organization is the “controller” of the Personal Information and KnowBe4 is acting as a “processor” of the Personal Information. KnowBe4 is legally bound by our Terms of Service and/or Master Services Agreements and/or Data Processing Agreements to only process that data in scope of what is stated in the agreement(s). If you have any detailed questions regarding these agreements, please contact your “Account Owner”.
As an Account Owner, your Personal Information may be used to communicate with you for support purposes or to follow up on requests made by you or by a user and/or data subject.
Subject to legal and contractual requirements, you may refuse our collection of your data or withdraw consent to further collection. Your Personal Information will never be used outside of the scope for which KnowBe4 was contracted.
Since the products and services provided are at the request of your organization, you may contact your organization’s Account Owner in order to opt out of the products and services provided. Additionally, you may contact your Account Owner to make changes to your Personal Information. KnowBe4 does not have control over how your organization uses your business contact information for their purposes. You may also contact us to contact your organization on your behalf.
Commitment to Data Security
Your Personal Information is kept secure. Only authorized employees, agents and contractors (who have agreed to keep information secure and confidential) have access to this information.
We (and our third-party service providers) use a variety of industry standard security measures to prevent unauthorized access, use or disclosure of your Personal Information. These security measures consist of, but are not limited to, data encryption and physical security. No method of transmission or method of electronic storage over the internet is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
To provide our products and services, we may occasionally use third party businesses (“Third Party” or “Third Parties”) to perform specialized services in regard to data processing. When we provide data to these businesses, they are not permitted to use the data outside of the scope for which we contracted them.
Data Integrity and Purpose Limitation
KnowBe4 will use commercially reasonable measures to ensure information kept about you is accurate, complete, and current. We will not process Personal Information in a way that is incompatible with the purposes for which it has been collected. If your Personal Information has been disclosed to a third party, and it has been deemed incorrect by you, KnowBe4 will contact the Account Owner and will work with Third Parties (if applicable) to request a correction to the information.
Upon request, subject to legal and contractual limitations, KnowBe4 will provide you with information about whether we hold any of your Personal Information. If you would like to access your Personal Information and correct, amend, or delete the information where it is inaccurate, please contact your Account Owner or us at firstname.lastname@example.org and we will contact them on your behalf. Note that there may be specific circumstances in which we cannot delete your Personal Information. When we delete your Personal Information, it will be erased from our records, however, the Personal Information may still be archived in our backups.
We ask that you do not use our products and services for any means that are deceptive, malicious, or with the intention to abuse or misuse any computer system, organization, or natural person. Use of our Website or our products and services for any of the purposes outlined in this paragraph are strictly prohibited.
EU-U.S. and Swiss Privacy Shield Framework
KnowBe4, Inc. is responsible for processing of the personal data that it receives, under the Privacy Shield framework, and subsequently transfers to a third party acting as an agent on its behalf. KnowBe4, Inc. complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, KnowBe4, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, KnowBe4, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, KnowBe4 commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact KnowBe4 at: privacymanager@KnowBe4.com
Under certain conditions, more fully described on the Privacy Shield website (https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request
- By sending us an email at email@example.com; or
- By mailing us at KnowBe4, Inc. Suite 1200 33 N. Garden Ave, Clearwater, FL 33755 with attention to Legal.