EU-U.S. Data Privacy Framework

Knack complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce.  Knack has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

In compliance with the EU-U.S. DPF, Knack commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF.

Knack is aware of the Court Justice of the EU’s decision invalidating the Privacy Shield as a mechanism for authorizing data transfers to the U.S. from the European Union. Knack currently maintains a dedicated data center for its EU customers within the EU and only allows limited “view-only access” by U.S. staff for troubleshooting and technical support purposes. Although Knack participates in the Privacy Shield, Knack routinely executes Data Protection Addendums with its EU customers which incorporate the Standard Contractual Clauses. Knack remains committed to compliance with the Privacy Shield as required by the U.S. Department of Commerce. In the event of a conflict, we will comply with the requirement that would be more protective of our customers. We will await further guidance from the European Data Protection Board and our applicable data protection authority regarding the use of the Standard Contractual Clauses moving forward.

Accountability for Onward Transfer

Knack; by default; does not transfer any Personal Data to third parties, outside of those listed as a vendor under the Regional Data Protection Policy, as required to provide the services of Knack. We only do so consistent with any notice provided to Data Subjects and any consent they have given, and only if the third party has given us contractual assurances that it will (i) process the Personal Data for limited and specified purposes consistent with any consent provided by the Data Subjects, (ii) provide at least the same level of protection as is required by the Privacy Shield Principles and GDPR and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the Personal Data or take other reasonable and appropriate steps to remediate if it makes such a determination.

Data Protection Authorities

Knack has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you.

“Personal Data” means any information relating to an individual residing in the European Union and Switzerland that can be used to identify that individual either on its own or in combination with other readily available data.

“Data Subject” means the individual to whom any given Personal Data covered by this Privacy Shield Policy refers.