Last Reviewed: April 5th, 2022
Data Protection Highlights
Thank you for visiting KnowBe4.com, kb4compliance.com, hackbusters.com, and all of their subdomains and aliases (collectively, the “Website” or “Site”). These data protection highlights (”Highlights”) are intended to provide you with a few key highlights from our data protection notices and will tell you how KnowBe4, Inc. (“KnowBe4”, “we”, “our”, or “us”) uses Personal Data (as defined below) collected at this Site. Our data protection notices will provide you with more detail on KnowBe4’s global data protection practices. We encourage you to visit those notices for a more in-depth explanation of our data protection practices.
What is Personal Data?
“Personal Data” means any personally identifiable information that can be linked back to you such as your name, email address, or IP address.
How Does KnowBe4 Collect Personal Data?
We collect Personal Data when you visit our Site, submit information through our submission forms, contact us, send information to us directly, or upload information to our technology platforms. We also receive Personal Data collected by our affiliates, channel partners, service providers, and other third party providers.
How KnowBe4 Uses Personal Data
KnowBe4 uses Personal Data to respond to your inquiries, to provide marketing materials to you, to run our technology platform(s), to improve our services, for hiring/employment purposes, to comply with legal obligations, and as otherwise described in our data protection notice(s) and applicable agreements for services.
If you are not a customer or an end user:
If you are not a customer or an end user, please email firstname.lastname@example.org to access, amend, delete, rectify, withdraw consent, or object to the processing of your Personal Data. Our data protection notices have more information about these options.
If you are a customer or an end user:
If you are an end user and your organization uses the KnowBe4 platform, we recommend you reach out to your Account Owner (as defined in the Product Privacy Notice) to exercise your rights to rectify, erase, object to processing, restrict processing, and/or withdraw consent. You may also email email@example.com and we will reach out to your Account Owner for you. Please see our Product Privacy Notice for more information about these options.
If you would like more information on our data protection practices, you can review our full data protection notices contained on this Site. Please direct any complaints, requests or inquiries to firstname.lastname@example.org. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA or other applicable jurisdictions, you have the right to lodge a complaint with the competent supervisory authority.
Full Website Privacy Notice
Thank you for visiting KnowBe4.com, kb4compliance.com, hackbusters.com, and all of their subdomains and aliases (collectively, the “Website” or “Site”). KnowBe4 is committed to protecting your privacy. This Website Privacy Notice (the “Website Privacy Notice”) tells you how KnowBe4, Inc. (“KnowBe4”, “we”, “our”, or “us”) uses Personal Data (as defined below) collected at this Site.
The data protection practices set forth in this Website Privacy Notice are for websites owned by KnowBe4. The Site may contain links to other websites, applications, or services maintained by third parties. If you visit any of these third party websites, applications, or services, please review the data protection related notice(s) posted at those websites as the information practices of such other third parties are governed by those third parties’ data protection notice(s).
By using this Site, you are accepting the practices described in this Website Privacy Notice. If you do not agree with the data practices provided in this Website Privacy Notice, you should not use the Site or other websites owned by KnowBe4. We encourage you to periodically review this Website Privacy Notice to stay informed about our collection, processing and sharing of your Personal Data. Your continued use of this Site after we make changes to the Website Privacy Notice is deemed to be acceptance of those changes.
KnowBe4 is the controller of your Personal Data as described in this Website Privacy Notice, unless expressly specified otherwise.
For the avoidance of doubt, this Website Privacy Notice does not apply to the extent we process Personal Data in the role of a processor on behalf of our customers.
What This Notice Covers
This Website Privacy Notice applies to the processing of Personal Data collected by us when you:
- Visit our websites that display or link to this Website Privacy Notice;
- Visit our branded social media pages;
- Visit our offices;
- Receive communications from us, including emails, phone calls, texts, or fax;
- Use our products and services (where we act as a controller of your Personal Data); and
- Register for, attend, and/or otherwise take part in our events, webinars or contests.
Personal Data KnowBe4 Collects
“Personal Data”, as defined by the General Data Protection Regulation (“GDPR”) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
The Personal Data that we collect directly from you includes the following:
- Contact information: first name, last name, employer, city, state, country, phone number, and email addresses
- Event Information: If you have attended an event, we may, with your further consent, scan your attendee badge which will provide us your information such as name, title, company name, address, country, phone number, and email address
- Office Visits: If you visit our offices, you will be required to register as a visitor and provide your name, email address, phone number, company name, time of arrival, and time of departure
- Information gathered through submission forms: When you voluntarily submit information through our submission form, you expressly consent to the collection, use, and disclosure of your Personal Data in accordance with this Website Privacy Notice. You can withdraw your consent at any time by emailing email@example.com. You may provide information to be published or displayed on public areas of the Website or transmitted to other users of the Website or third parties (“User Contributions”). Your User Contributions are posted and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
The Personal Data that we collect indirectly about you includes the following
- Automatically collected information: information collected via cookies and Web beacons, including IP address, browser name, operating system details, domain name, date, time of visit and the pages viewed, or other similar information
- Information from third parties: We collect information about you from other sources, including third parties from whom we have purchased Personal Data, and combine this information with Personal Data we collect, or as otherwise provided by you. This helps us to update, expand, and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. In particular, we collect Personal Data from third party providers of business contact information, including mailing addresses, job titles, email addresses, phone numbers, user behavior data, IP addresses, social media profiles, LinkedIn URLs and custom profiles, for purposes of targeted advertising, delivering relevant email content, event promotion, sales/marketing, business intelligence, and profiling.
- Cookies: We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons and similar technologies to automatically collect information that may contain Personal Data from your computer or mobile device as you navigate our Site, use our services or interact with emails we have sent to you. Cookies and tracking technology are useful for gathering information such as browser type and operating system, tracking the number of visitors to the Site, and understanding how visitors use the Site. Cookies can also help customize the Site for visitors. Cookies alone cannot amount to the collection of Personal Data, but if you provided Personal Data, cookies can be tied to such information. Aggregate cookie and tracking information is shared with third parties. Please review our Cookie Notice to see the types of cookies we use.
- Web beacons: Pages of our Website may contain small electronic files known as web beacons (also referred to as clear gif, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or for other related website statistics (for example, recording the popularity of certain Website content and verifying system and server integrity).
How We Use Your Personal Data
We collect and process your Personal Data for the purposes and on the legal bases identified in the following (where we act as a controller of your Personal Data):
Where we have obtained your consent:
- For marketing purposes (such as you signing up for one of our newsletters)
- To follow up on an inquiry for our products and services (where you have requested a demo, or a phone call)
- For any other requests you have made where you have specifically authorized the use of your personal data
Where we have entered into a contract:
- For your use of our free tools, KCM GRC console, KMSAT console or other services provided to you that are under the applicable terms of service or applicable agreement for services between you, or your organization, and KnowBe4
- For the use of our Website and services
- For managing payments in order to complete a transaction with you
- To provide support for our products and services (you can reach out to us by phone or email)
- For any managed services that we may provide to you from time to time
- For webinars that you have registered to attend
- For KnowBe4 contests or promotions
Where we have not entered into a contract with you, or obtained your consent, or have stated that another legal basis shall apply then legitimate interest is the legal basis for the following processing activities:
- Registering office visitors
- Assessing and improving your experience on the website (such as analyzing trends in order to overall improve your experience, or to track your usage and interactions with the Website)
- Marketing purposes, such as personalized advertisements and content
- Security purposes such as investigations of suspicious activity or for compliance purposes (such as investigating fraud or misuse of our Website)
- Enhancing user experience and improving our products and services
KnowBe4 processes and discloses Personal Data when cooperating with the appropriate regulatory and government authorities. When KnowBe4 processes Personal Data for this purpose, the legal basis for processing shall be for compliance with a legal obligation to which KnowBe4 is subject.
Visitors under the age of 16
Our Website is not intended for persons under the age of 16. Thus, we do not intentionally gather Personal Data from visitors who are under the age of 16. If you are under the age of 16, please do not submit your Personal Data via our submission forms.
Notices on behavioral advertising and opt-out for Website visitors
We use Microsoft to collect Personal Data from our Site to provide Bing Ads. Please review Microsoft’s Privacy Statement to learn more about Bing Ads.
If you would like more information on the technologies that we use on our Website, please contact firstname.lastname@example.org.
Who Do We Share Personal Data With?
We use third-party businesses to provide products and perform specialized services for data processing. When we provide Personal Data to these businesses, they are not permitted to use the Personal Data for any reason outside of the scope for which we contracted them.
The ways in which we may share your Personal Data include the following:
- When we use our third-party processors (such as Amazon Web Services) to improve the performance of our services. This is required for us to provide our services to you. We execute contracts with our third parties to ensure they fulfill their data protection obligations.
- When you register for a webinar, it is done through one of our third-party partners.
- With KnowBe4 affiliates and other companies that become part of KnowBe4 in the future.
- We will disclose your information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding. Finally, given your implied or affirmative consent, we reserve the right to disclose your information for other purposes.
- KnowBe4 reserves the right to disclose your Personal Data under the following conditions: (1) when permitted or required by law; (2) when trying to protect against or prevent actual or potential fraud or unauthorized transactions; or (3) when investigating suspected fraud which has already taken place.
Sale of Personal Data
KnowBe4 will never sell your Personal Data.
International Transfers of Personal Data
Your Personal Data will be collected, transferred to, and stored by us in the United States or by our affiliates in other countries where we operate.In the event that your Personal Data is processed outside the European Economic Area (EEA), we will ensure that the recipient of your Personal Data offers an adequate level of protection by entering into an agreement to abide by Standard Contractual Clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR), or another mechanism approved by the EU.
Data Security and Retention
Your Personal Data is kept secure. Only authorized employees, agents, and contractors (who have agreed to keep information secure and confidential) have access to this information.
We (and our third-party service providers) use a variety of industry standard security measures to prevent unauthorized access, use, or disclosure of your Personal Data. These security measures consist of but are not limited to data encryption and physical security. No method of transmission or method of electronic storage over the internet is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
KnowBe4 will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Website Privacy Notice or until you request its deletion, unless a longer retention period is required by applicable data privacy law.
We take reasonable steps to ensure that your Personal Data is accurate, complete, current, and otherwise reliable for its intended use.
If KnowBe4 obtains knowledge that one of our service providers or employees is in violation of this Website Privacy Notice, KnowBe4 will take commercially reasonable steps to prevent the unauthorized use or disclosure of your Personal Data. KnowBe4 takes data privacy seriously. Therefore, we agree to take commercially reasonable measures to ensure the proper handling of your Personal Data by our employees and service providers.
You have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws and, in particular, if you are located in the EEA, these rights may include:
- Accessing, correcting, amending, deleting your Personal Data;
- Objecting to any processing of your Personal Data carried out on the basis of our legitimate interests (right to object). Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
- Not being subject to a decision based solely on automated processing, including profiling, which produces legal effects. Automated Decision-Making currently does not take place on our Website or in our products; and
- If the collection of your Personal Data is based on consent, withdrawing your consent at any time.
How to exercise your rights
To exercise your rights, please contact us at email@example.com.
More Important Information
California Consumer Protection Act
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA.”
We do not provide services, or other items of value, as consideration for your, or your end users’, personal information protected by the CCPA.
You are responsible for ensuring your compliance with the requirements of the CCPA in your use of the services we provide to you and your own processing of personal information.
Here are a few things that KnowBe4 will NOT do with personal information in the scope of acting as a service provider, as defined by CCPA:
- sell, rent, or otherwise disclose your personal information to third parties in exchange for money or something else of value
- use your information outside the scope of the agreement(s) for services that we have with you
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this personal information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at firstname.lastname@example.org. We will verify your request using the information associated with your account, including email address. Consumers can also designate an authorized agent to exercise these rights on their behalf.
KnowBe4 agrees to act in compliance with the United States CANSPAM Act. In order to comply, we have taken appropriate measures for our commercial electronic messages (including emails). You can learn more about the CANSPAM act by visiting the FTC official website by following this link https://www.ftc.gov/.
PIPEDA and Canadian Anti-Spam Legislation (CASL)
We protect and use your information by observing principles and guidelines in the Personal Data Protection and Electronic Documents Act and Canada's Anti-Spam Legislation. We obtain either express or implied consent, or use other lawful mechanisms, in order to send commercial electronic messages as is defined by CASL. If KnowBe4 seeks to use your Personal Data for a new purpose, we will contact you to obtain the appropriate consent. If you choose to opt-out of receiving our emails, you will be unsubscribed upon your request.
KnowBe4 takes appropriate steps to comply with the Protection of Personal Information Act (“POPIA”) of South Africa.
To exercise your rights regarding your Personal Data, or if you have questions regarding this Website Privacy Notice or our privacy practices please send an email to email@example.com. Alternatively, you may send notice by way of mail at the address listed below:
33 N Garden Avenue, Suite 1200
Clearwater, FL 33755, USA
Attn: KnowBe4 Privacy Team
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA, you have the right to lodge a complaint with the competent supervisory authority.