Regional Data Protection Policy

Last modified May 24th, 2018.

EU Privacy Policy Addendum

For those Customers residing in the European Union ("EU"), the following additional EU-specific provisions apply to our processing of your personal data. Personal data includes Account Information and Customer Data, as described more specifically in our Privacy Policy and this Regional Privacy Policy Addendum. Processing of personal data may be undertaken by Knack as a data controller or as a data processor.

This Regional Privacy Policy Addendum is intended to comply with the General Data Protection Regulation, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation and referred to hereinafter as the “GDPR”), together with any replacement legislation or any equivalent legislation of any other applicable jurisdiction and all other applicable laws and regulations in any relevant jurisdiction relating to the processing of personal data and privacy (such as, without limitation, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector as may be amended from time to time).

Information We Obtain through Cookies and Similar Tracking Means

This Regional Privacy Policy Addendum remains subject to the Terms of Service and Regional Data Processing Addendum, as applicable between you and Knack, and supplements the Knack Privacy Policy. This Regional Privacy Policy Addendum will prevail over any conflicting information in the Knack Privacy Policy. We may update this Regional Privacy Policy Addendum at any time, and without prior notice, and any changes will be effective as of the Effective Date listed on the updated Regional Privacy Policy Addendum.

To the extent required by applicable law, we will obtain your consent before collecting information by automated means using cookies or similar devices. Please refer to the Knack Privacy Policy at https://knack.com/privacy for more information on our Cookie Policy. We may also use personal data that you may provide in connection with such use of the website, through one or more vendors or partners, including but not limited to in connection with a request for information related to the Knack Services, products, forums or service information, or registration for email communications. We may also use this personal data to improve our website and services, or ensure security of our website.

Processing of Other Information

Knack processes personal data in order to provide the Knack Services and as described more specifically in the Terms of Service and Privacy Policy. In order to provide the Knack Services, Knack processes the following personal data in connection with your creation and operation of a Knack Account and as further described in the Privacy Policy: name, title, address, company information (if applicable), company website (if applicable), occupation, type of business/industry, telephone numbers, and email addresses. Knack may also process the last four digits of your credit card number, expiration date and billing address. All other credit card and other payment information is processed by Knack’s credit card processing vendor identified at the bottom of this Regional Privacy Policy Addendum. Collectively, all such Customer personal data collected, maintained and used in connection with your Knack Account is referred to as “Account Information”. Knack is a data controller with respect to the processing of your Account Information.

Knack may also process other data on your behalf which includes the personal data of your end-users, customers, clients, employees, patients or other individuals (Data Subjects”) that you may create, maintain, use, disclose, provide or otherwise make available to Knack in connection with the Knack Services and as described in the Privacy Policy. Collectively, all such personal data of Data Subjects is referred to for purposes of this Regional Privacy Policy Addendum as Customer Data. Knack processes such Customer Data as a data processor. You are solely responsible for how you may further process Customer Data in connection with the Knack Services, including your processing of any personal data in compliance with the GDPR. Knack will never use or disclose Customer Data for marketing, advertising or other similar commercial purposes.

We may process the personal data we obtain as described in this Regional Privacy Policy Addendum for the duration of the Knack Services that we provide in accordance with the Terms of Service or as reasonably related to your use of the Knack website. We may process personal data where processing is necessary for compliance with a legal obligation to which Knack is subject. We may also be required to process and retain limited Account Information after you have terminated use of the Knack Services in order to maintain accurate business records of the Knack Services that we provided to you.

Access, Correction and Erasure

You have a right of access to certain personal data under the GDPR. You also have the opportunity to correct, amend or delete personal data which may be inaccurate or which Knack may have processed in violation of the Applicable Data Protection Laws. You may update, change or delete your Account Information with Knack at any time by logging into your Account and updating such information. Any such change would take immediately except to the extent that Knack would not be required to agree to the requested change.

For all other Customer Data that you maintain or otherwise process in your Account, you have access and control over such personal data, including the ability to correct, amend or delete any and all personal data which may be collected through or maintained in your Account. You are able to transfer Customer Data to and from your Account at any time, and we recommend that you do so prior to deleting your Account for any reason. To the extent that you maintain personal data of any Data Subject in your Account, you are solely responsible for according the Data Subject any right of access, right of erasure, opportunity to correct, and any other applicable rights to which she or he may be entitled under the GDPR.

Please contact the Data Protection Officer by visiting https://knack.com/contact if you have any questions about your rights under the GDPR with respect to Knack’s processing of your personal data.

Data Transfers and Location

Knack complies with the EU-US Privacy Shield Framework when processing or transferring personal data outside of the EU. The Framework is designed to ensure continuing levels of protection when personal data collected, used, and retained under the Framework (i.e., personal data collected from EU Data Subjects) is transferred to third parties. If there is any conflict between the terms in this Regional Privacy Policy Addendum and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. Knack's participation in the EU-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission. Knack has further committed to cooperate with EU data protection authorities with regard to unresolved Privacy Shield complaints.

Knack commits to resolve complaints about our collection or use of your personal information. EU individuals with questions or complaints regarding Knack’s compliance with the EU-US Privacy Shield Framework should contact: complaints@knack.com or visit https://knack.com/contact. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EEU data protection authorities for more information or to file a complaint. The services of EU DPAs are provided at no cost to you. Under certain conditions, more fully described on the Privacy Shield website, you may also invoke binding arbitration when other dispute resolution procedures have been exhausted.

Account Information and Customer Data may be accessed by our support staff employees and agents who reside within the United States for debugging, troubleshooting, programming and other related administrative or technical activities required to provide the Knack Services. In the event that personal data covered by this Regional Privacy Policy Addendum would be transferred to a third party outside of the EU, including any processors or sub-processors, we would do so: (i) consistent with any notice required to be provided to you, any applicable consents, and/or the Regional Data Processing Addendum; (ii) if required or permitted by the GDPR or applicable law; or (iii) if the third party has provided contractual assurances that it will (a) process the personal data for limited and specified purposes consistent with any consent required by applicable law, (b) provide the same level of protection as is required by the Regional Data Processing Addendum, the EU-U.S. Privacy Shield Framework, and/or the GDPR and notify Knack if it makes a determination that it cannot do so; and (c) cease processing of the personal data or take other reasonable and appropriate steps to remediate if it makes such a determination.

We may, in connection with your use of our website, or in connection with the provision of the Knack Services, utilize one or more data processors or sub-processors, or share your personal data with another third party data controller. We will comply with the GDPR when transferring your personal data to any such third party. We will additionally comply with the terms of the Regional Data Protection Addendum when providing your personal data to any sub-processor.

Our Vendors

Sub-processors and data controllers which Knack has a relationship with include:

  • Stripe – processes the credit card information you provide in connection with your payment for the Knack Services.
  • Google Analytics – collects information about visitors to our website through use of cookies and other browser session information. Information also may be collected in order to maintain your identity when logged into your Knack Account. Please refer to the Cookie Policy, available at https://knack.com/cookies.
  • Amazon Web Services – used to host user data and provides the infrastructure Knack runs on.
  • MailChimp – user data for any email marketing uses is maintained in MailChimp.
  • Slack – user and applicant data is discussed in chat in Slack.
  • Google – user, employee and applicant data is maintained in Google through products like Gmail or Drive.
  • Intercom – user data for product troubleshooting & support and product news is maintained in Intercom.
  • Zendesk – user data for product support and troubleshooting is maintained in Zendesk.
  • Logrocket – app builder usage is logged, recorded and maintained through Logrocket for help in providing better product support and improving Knack.
  • Profitwell - Stripe analytic data is maintained in Profitwell.

We will use reasonable efforts to keep this list of current and notify you in the event of any changes through this Regional Privacy Policy Addendum.

Additional Information on Privacy Practices

Please refer to the full Knack Privacy Policy for additional information on our privacy practices, available at https://knack.com/privacy.