Website Privacy Notice
- Customer Terms of Service
- Product Privacy Notice
- CPRA Addendum
- Global Data Processing Addendum
- KMSAT, KCM GRC, PhishER, and SecurityCoach DPIA
- Security
- System Status
- Maintenance Windows
- Documentation Page
- Federal
- Code of Ethical Business Conduct
- KnowBe4 Global Privacy Compliance
- Transparency Report
- Data Transfer Impact Assessment
- ICO UK SCC Addendum
- Free Downloadable Software Tools EULA
- KnowBe4 Mobile App License Agreement - iOS
- KnowBe4 Mobile App License Agreement - Android
Data Protection Highlights
Thank you for visiting KnowBe4.com, kb4compliance.com, hackbusters.com, and all of their subdomains and aliases (collectively, the “Website”). These data protection highlights are intended to provide you with a few key highlights from our data protection notices and will tell you how KnowBe4, Inc., its affiliates, and wholly owned subsidiaries, as may be applicable (collectively, “KnowBe4,” “we,” “our,” or “us”) use Personal Data (as defined below) collected at this Website. Our data protection notices will provide you with more detail on KnowBe4’s global data protection practices. We encourage you to visit those notices for a more in-depth explanation of our data protection practices.
What is Personal Data?
“Personal Data” means any personally identifiable information that can be linked back to you such as your name, email address, or IP address.
How Does KnowBe4 Collect Personal Data?
We collect Personal Data when you visit our Website, submit information through our submission forms, contact us, send information to us directly, or upload information to our technology platforms. We also receive Personal Data collected by our affiliates, channel partners, service providers, and other third party providers.
How KnowBe4 Uses Personal Data
KnowBe4 uses Personal Data to respond to your inquiries, to provide marketing materials to you, to run our technology platform(s), to improve our services, for hiring/employment purposes, to comply with legal obligations, and as otherwise described in our data protection notice(s) and applicable agreements for services.
Your Rights
If you are not a customer or an end user:
If you are not a customer or an end user, please email privacy@knowbe4.com to access, amend, delete, rectify, withdraw consent, or object to the processing of your Personal Data. Our data protection notices have more information about these options.
If you are a customer or an end user:
If you are an end user and your organization uses the KnowBe4 platform, we recommend you reach out to your Account Owner (as defined in the Product Privacy Notice) to exercise your rights to rectify, erase, object to processing, restrict processing, and/or withdraw consent. You may also email privacy@knowbe4.com and we will reach out to your Account Owner for you. Please see our Product Privacy Notice for more information about these options.
Contact Us
If you would like more information on our data protection practices, you can review our full data protection notices contained on this Website. Please direct any complaints, requests, or inquiries to privacy@knowbe4.com. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA or other applicable jurisdictions, you have the right to lodge a complaint with the competent supervisory authority.
Full Website Privacy Notice
Thank you for visiting KnowBe4.com, kb4compliance.com, hackbusters.com, and all of their subdomains and aliases (collectively, the “Website”). KnowBe4 is committed to protecting your privacy. This Website Privacy Notice (the “Website Privacy Notice”) tells you how KnowBe4, Inc., its affiliates, and wholly owned subsidiaries, as may be applicable (collectively, “KnowBe4,” “we,” “our,” or “us”) use Personal Data (as defined below) collected at this Website.
The data protection practices set forth in this Website Privacy Notice are for websites owned by KnowBe4. The Website may contain links to other websites, applications, or services maintained by third parties. If you visit any of these third party websites, applications, or services, please review the data protection-related notice(s) posted at those websites as the information practices of such other third parties are governed by those third parties’ data protection notice(s).
By using this Website, you are accepting the practices described in this Website Privacy Notice. If you do not agree with the data practices provided in this Website Privacy Notice, you should not use the Website or other websites owned by KnowBe4. We encourage you to periodically review this Website Privacy Notice to stay informed about our collection, processing, and sharing of your Personal Data. Your continued use of this Website after we make changes to the Website Privacy Notice is deemed to be an acceptance of those changes.
KnowBe4 is the controller of your Personal Data as described in this Website Privacy Notice, unless expressly specified otherwise.
For the avoidance of doubt, this Website Privacy Notice does not apply to the extent we process Personal Data in the role of a processor on behalf of our customers.
What This Notice Covers
This Website Privacy Notice applies to the processing of Personal Data collected by us, for example, when you:
- visit our websites that display or link to this Website Privacy Notice;
- visit our branded social media pages;
- visit our offices;
- receive communications from us, including emails, phone calls, texts, or fax;
- use our products and services (where we act as a controller of your Personal Data); and
- register for, attend, and/or otherwise take part in our events, webinars, contests, or promotions.
Personal Data KnowBe4 Collects
“Personal Data,” as defined by the General Data Protection Regulation (“GDPR”) means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who may be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
The Personal Data that we collect directly from you includes the following:
- Contact information: first name, last name, employer, city, state, country, phone number, and email addresses.
- Event Information: if you have attended an event, we may, with your further consent, scan your attendee badge which will provide us your Personal Data, such as name, title, company name, address, country, phone number, and email address.
- Office Visits: if you visit our offices, you will be required to register as a visitor and provide your name, email address, phone number, company name, time of arrival, and time of departure.
- Information gathered through submission forms: when you voluntarily submit Personal Data through our submission form, you expressly consent to the collection, use, and disclosure of your Personal Data in accordance with this Website Privacy Notice. You can withdraw your consent at any time by emailing privacy@knowbe4.com. You may provide information to be published or displayed on public areas of the Website or transmitted to other users of the Website or third parties (“User Contributions”). Your User Contributions are posted and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
The Personal Data that we collect indirectly about you includes the following:
- Automatically collected information: information collected via cookies and Web beacons, including IP address, browser name, operating system details, domain name, date, time of visit, the pages viewed, and other similar information.
- Information from third parties: we collect information about you from other sources, including third parties from whom we have purchased Personal Data, and combine this information with Personal Data we collect, or as otherwise provided by you. This helps us to update, expand, and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. In particular, we collect Personal Data from third party providers of business contact information, including mailing addresses, job titles, email addresses, phone numbers, user behavior data, IP addresses, social media profiles, LinkedIn URLs, and custom profiles, for purposes of targeted advertising, delivering relevant email content, event promotion, sales/marketing, business intelligence, and profiling.
- Cookies: we use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons, and similar technologies to automatically collect information that may contain Personal Data from your computer or mobile device as you navigate our Website, use our services, or interact with emails we have sent to you. Cookies and tracking technology are useful for gathering information such as browser type and operating system, tracking the number of visitors to the Website, and understanding how visitors use the Website. Cookies can also help customize the Website for visitors. Cookies alone cannot amount to the collection of Personal Data, but if you provided Personal Data, cookies can be tied to such information. Aggregate cookie and tracking information is shared with third parties. Please review our Cookie Notice to see the types of cookies we use.
- Web beacons: pages of our Website may contain small electronic files known as web beacons (also referred to as clear gif, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or for other related website statistics (for example, recording the popularity of certain Website content and verifying system and server integrity).
How We Use Your Personal Data
We collect and process your Personal Data for the purposes and on the legal bases identified in the following (where we act as a controller of your Personal Data):
Where we have obtained your consent, such as:
- for marketing purposes (such as you signing up for one of our newsletters);
- to follow up on an inquiry for our products and services (where you have requested a demo or a phone call); and
- for any other requests you have made where you have specifically authorized the use of your Personal Data.
Where we have entered into a contract, such as
- for your use of our free tools, KCM GRC console, KMSAT console, or other services provided to you that are under the applicable terms of service or applicable agreement for services between you, or your organization, and KnowBe4;
- for the use of our Website and services;
- for managing payments in order to complete a transaction with you;
- to provide support for our products and services (you can reach out to us by phone or email);
- for any managed services that we may provide to you from time to time;
- for webinars that you have registered to attend; and
- for KnowBe4 contests or promotions.
Where we have not entered into a contract with you, or obtained your consent, or have stated that another legal basis shall apply, then legitimate interest is the legal basis for the following processing activities:
- registering office visitors;
- assessing and improving your experience on the website (such as analyzing trends in order to overall improve your experience, or to track your usage and interactions with the Website);
- marketing purposes, such as personalized advertisements and content;
- security purposes such as investigations of suspicious activity or for compliance purposes (such as investigating fraud or misuse of our Website); and
- enhancing user experience and improving our products and services.
KnowBe4 processes and discloses Personal Data when cooperating with the appropriate regulatory and government authorities. When KnowBe4 processes Personal Data for this purpose, the legal basis for processing shall be for compliance with a legal obligation to which KnowBe4 is subject.
Visitors under the age of 16
Our Website is not intended for persons under the age of 16. Thus, we do not intentionally gather Personal Data from visitors who are under the age of 16. If you are under the age of 16, please do not submit your Personal Data via our submission forms.
Notices on behavioral advertising and opt-out for Website visitors
We use AdRoll for the tracking and collection of the Website’s visitor information. AdRoll uses cookies, tracking pixels, and related technologies to identify your device when you move between different websites and applications to provide targeted advertising on other websites or applications based on your online activity. To opt-out of receiving targeted advertisements from AdRoll, you may visit the NAI website opt-out page here: http://www.networkadvertising.org/choices/ or the DAA opt-out page here: http://www.aboutads.info/ or, for EU users, the EDAA opt-out page here: http://youronlinechoices.eu/.
We also use Google Analytics, a web analytics service provided by Google, Inc. (“Google”), to collect information relating to your use of the Website. Google Analytics uses cookies to help us analyze how users are interacting with the Website and provide you the most relevant content. For more information on Google Analytics, please visit Google’s website and their various pages describing Google Analytics, such as www.google.com/analytics/learn/privacy.html.
We use Microsoft to collect Personal Data from our Site to provide Bing Ads. Please review Microsoft’s Privacy Statement to learn more about Bing Ads.
If you would like more information on the technologies that we use on our Website, please contact privacy@knowbe4.com.
Who Do We Share Personal Data With?
We use third-party businesses to provide products and perform specialized services for data processing. When we provide Personal Data to these businesses, they are not permitted to use the Personal Data for any reason outside of the scope for which we contracted them.
The ways in which we may share your Personal Data include the following:
- When we use our third-party processors (such as Amazon Web Services) to improve the performance of our services. This is required for us to provide our services to you. We execute contracts with our third parties to ensure they fulfill their data protection obligations.
- When you register for a webinar, it is done through one of our third-party partners. In these circumstances, your information will, additionally, be subject to such partners’ or sponsors’ privacy statements. If you do not wish for your information to be shared, you may choose to not opt-in via the applicable event/webinar registration.
- With KnowBe4 affiliates and other companies that become part of KnowBe4 in the future.
- We will disclose your information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding. Finally, given your implied or affirmative consent, we reserve the right to disclose your information for other purposes.
- KnowBe4 reserves the right to disclose your Personal Data under the following conditions: (1) when permitted or required by law; (2) when trying to protect against or prevent actual or potential fraud, unauthorized transactions, or other suspected illegal activity; or (3) when investigating suspected fraud or other suspected illegal activity, which has already taken place.
Sale of Personal Data
KnowBe4 will never sell your Personal Data.
International Transfers of Personal Data
Your Personal Data will be collected, transferred to, and stored by us in the United States or by our affiliates in other countries where we operate. In the event that your Personal Data is processed outside the European Economic Area (EEA), we will ensure that the recipient of your Personal Data offers an adequate level of protection by entering into an agreement to abide by Standard Contractual Clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR) or another mechanism approved by the EU.
Data Security and Retention
Your Personal Data is kept secure. Only authorized employees, agents, and contractors (who have agreed to keep information secure and confidential) have access to this information.
We (and our third-party service providers) use a variety of industry standard security measures to prevent unauthorized access, use, or disclosure of your Personal Data. These security measures consist of but are not limited to data encryption and physical security. No method of transmission or method of electronic storage over the internet is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
KnowBe4 will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Website Privacy Notice or until you request its deletion, unless a longer retention period is required by applicable data privacy law.
We take reasonable steps to ensure that your Personal Data is accurate, complete, current, and otherwise reliable for its intended use.
If KnowBe4 obtains knowledge that one of our service providers or employees is in violation of this Website Privacy Notice, KnowBe4 will take commercially reasonable steps to prevent the unauthorized use or disclosure of your Personal Data. KnowBe4 takes data privacy seriously. Therefore, we agree to take commercially reasonable measures to ensure the proper handling of your Personal Data by our employees and service providers.
Your Rights
You have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws and, in particular, if you are located in the EEA or other applicable location, these rights may include:
- accessing, correcting, amending, deleting your Personal Data;
- objecting to any processing of your Personal Data carried out on the basis of our legitimate interests (right to object). Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
- not being subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"). Automated Decision-Making currently does not take place on our Website or in our products; and
- if the collection of your Personal Data is based on consent, withdrawing your consent at any time.
- request to limit the use or disclosure of your personal data
How to exercise your rights
To exercise your rights, please contact us at privacy@knowbe4.com.
More Important Information
EU-U.S. Data Privacy Framework Notice
On July 10, 2023, the European Commission’s adequacy decision for the EU-U.S. Data Privacy Framework entered into force.
KnowBe4, Inc. (“KnowBe4,” “we,” “our,” or “us”) complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. KnowBe4 has certified to the U.S. Department of Commerce that we adhere to the EU-U.S. DPF Principles with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. KnowBe4 has certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. DPF Principles with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the EU.-U.S. DPF and/or Swiss-U.S. DPF Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, please visit https://www.dataprivacyframework.gov/.
To view our certification, please visit this page and search for ”KnowBe4”.
As required under the principles, when we receive Personal Data under the DPF program and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the DPF. If the agent processes the Personal Data in a manner inconsistent with the DPF, we are responsible for the event giving rise to the damage.
We encourage you to contact us at privacy@knowbe4.com if you have a DPF-related (or general privacy-related) complaint. If you have an unresolved privacy or data use complaint that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) available here. Through this third-party dispute resolution provider, we have also committed to cooperating and complying with the information and advice provided by an informal panel of data protection authorities in the European Economic Area, the Swiss Federal Data Protection, and/or the UK Information Commissioner (as applicable) in relation to unresolved complaints (as further described in the DPF program). You may also contact your local data protection authority within the European Economic Area or Switzerland (as applicable) for unresolved complaints.
Under certain conditions, more fully described on the Data Privacy Framework website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration.
KnowBe4 is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). KnowBe4 may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
California Consumer Protection Act
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA.”
We do not provide services, or other items of value, as consideration for your, or your end users’, personal information protected by the CCPA.
You are responsible for ensuring your compliance with the requirements of the CCPA in your use of the services we provide to you and your own processing of personal information.
Here are a few things that KnowBe4 will NOT do with personal information in the scope of acting as a service provider, as defined by CCPA:
- sell, rent, or otherwise disclose your personal information to third parties in exchange for money or something else of value
- use your information outside the scope of the agreement(s) for services that we have with you
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this personal information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at privacy@knowbe4.com. We will verify your request using the information associated with your account, including email address. Consumers can also designate an authorized agent to exercise these rights on their behalf.
CANSPAM
KnowBe4 agrees to act in compliance with the United States CANSPAM Act. In order to comply, we have taken appropriate measures for our commercial electronic messages (including emails). You can learn more about the CANSPAM act by visiting the FTC official website by following this link https://www.ftc.gov/.
PIPEDA and Canadian Anti-Spam Legislation (CASL)
We protect and use your information by observing principles and guidelines in the Personal Data Protection and Electronic Documents Act and Canada's Anti-Spam Legislation. We obtain either express or implied consent, or use other lawful mechanisms, in order to send commercial electronic messages as is defined by CASL. If KnowBe4 seeks to use your Personal Data for a new purpose, we will contact you to obtain the appropriate consent. If you choose to opt-out of receiving our emails, you will be unsubscribed upon your request.
POPIA
KnowBe4 takes appropriate steps to comply with the Protection of Personal Information Act (“POPIA”) of South Africa.
Contacting Us
To exercise your rights regarding your Personal Data, or if you have questions regarding this Website Privacy Notice or our privacy practices please send an email to privacy@knowbe4.com. Alternatively, you may send notice by way of mail at the address listed below:
KnowBe4, Inc.
33 N Garden Avenue, Suite 1200
Clearwater, FL 33755, USA
Attn: KnowBe4 Privacy Team
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA, you have the right to lodge a complaint with the competent supervisory authority.