1) PERSONAL DATA COLLECTED
From Kronos Customers and Customer Employees:
We may collect, process and/or store your Personal Data from a number of sources, primarily to provide products and services under our contracts with our Customers and to improve those products and services.
We also may obtain Personal Data by recording how you use our products, for example through error reports or other usage data. When you visit a Site, certain Personal Data may be collected by recording how you interact with that Site via cookies or web beacons (see the “Information Collected via Cookies” and “Managing Cookies” sections below for further details). If you participate in Kronos Community online discussions about our products and services, you may opt to register as a participant and also provide us with a personal profile, a picture or other Personal Data.
Kronos, in delivering its workforce management products and services, also processes data supplied by its Customers about their employees in order to provide Customers with the full benefit of those products and services (see Section 2 below for further details). Such data, like name, employee number, and time and attendance and schedule information, are collected under instructions set forth in the contract between Kronos and its Customers. For Customers who use Kronos terminals with a biometric or finger scanning device for employee timekeeping, please see Section 10 (Biometric Data Privacy) of this Policy.
From Kronos Job Applicants and Kronos Employees:
We collect Personal Data from Kronos job applicants to conduct our applicant review and hiring activities. We collect Personal Data from our employees for the purposes of fulfilling our human resources obligations to our employees, such as conducting employee performance evaluations, administering payroll and benefits (and related record keeping), filing government reports, performing company network management and authentication, security, emergency notification management, and enhancing employee health and safety.
From Visitors to our websites:
Non-identifiable Information: When you utilize a Site, we may receive certain personally non-identifiable information about your use of the Site. We may store such information ourselves or it may be included in databases owned and maintained by us, our subcontractors, agents or our business partners. We may use such information and pool it with other information to track, for instance, the total number of visitors to a Site and the domain names of our visitors' Internet service providers.
Information Collected via Cookies and Similar Technologies: Like most websites, we also collect and/or log specific Site visitor information, which may include both non-identifiable information and Personal Data, including what kind of browser visitors are on, what operating system they are using, their IP address, cookie information, time stamp and clickstream information. This data is collected through the use of log files, "cookies," "web beacon" or other similar technologies. "Cookies" are small files of data that may be sent to your web browser and stored on your computer. With "web beacons," when a visitor accesses certain pages on a Site, an anonymous notice of that visit is generated which may be processed by us. Web beacons work in conjunction with cookies to let us know what portions of our Sites are of interest to you and to help us provide you with tailored information from our Sites. We may collect and store this information and combine it with other Personal Data you have provided.
We also use first-party and third-party cookies in online advertising efforts. When you visit a Site, third parties may set cookies on your computer and use those cookies to collect information about you, including about your computer and how you use the Site. These parties use such information to personalize and deliver targeted advertising to you on non-Kronos websites. For additional information about online behavioral advertising, visit the websites of the Network Advertising Initiative and the Digital Advertising Alliance.
Managing Cookies and Similar Technologies:
Most web browsers can be configured not to accept cookies, notify you if a cookie is sent to you, or otherwise manage cookies, web beacons and similar technologies. If you turn off cookies, web beacons and similar technologies will still detect anonymous visits, but the notices they generate cannot be associated with other anonymous information or personally-identifiable information and are disregarded. Similarly, if you would like to prevent third parties from setting and accessing cookies and similar technologies on your computer for advertising and other purposes, you can configure your browser to manage or block cookies and those technologies. Additionally, cookie preferences, including the ability to opt-out of first and third-party cookies, may also be set and managed using our cookie consent manager tool, where applicable.
Social Media Features and Widgets:
Research: In an ongoing effort to better understand and serve all users of Kronos services, we may conduct research on user demographics and interests based on the Personal Data and other information provided to us. This research may be compiled and analyzed on an aggregate basis, and we may share this aggregated data with our affiliates, agents and business partners. This aggregate information does not identify you personally.
Do Not Track: Like many websites, our Sites do not currently respond to "do not track" browser headers. Cookie preferences, including the ability to opt-out of first and third-party cookies, may be set and managed using our cookie consent manager tool. Additionally, you can take steps to limit tracking by erasing cookies and similar technologies from your computer's hard drive and by setting your browser to block all cookies or similar technologies or warn you before they are stored. Should you choose to remove all stored cookies, including the opt-out cookies set via our cookie consent manager tool, you may need to reestablish your cookie preferences with the tool.
2) How Kronos Uses Personal Data
If you visit our Sites: We may use your Personal Data in the manner described in Section 1 above. You can use many features of our Sites without providing any Personal Data, however, you may not be able to use certain services.
If you provide Personal Data to us directly in another manner: We may use your Personal Data in connection with the reason for which it was provided, such as to deliver the product or service you requested, answer the question you posed, or diagnose a technical support issue. We also may use it to send you product or service notices that may be of importance to you, prevent, detect or investigate illegal or fraudulent activity, or use it as otherwise disclosed to you when you provide the information. We may use Personal Data information to contact you in the future to tell you about services we believe will be of interest to you. When we contact you in these ways, we will do so based on your prior consent to receive such communications, or upon our “legitimate interest” to communicate with you, for instance if we have information to share based upon your prior relationship with Kronos. In every case, we offer you the opportunity to "opt-out" from receiving further such communications.
If you are an employee of a Kronos Customer: When Kronos receives Customer employee data in accordance with a Customer's instructions set forth in our Customer contract, we only use that employee data to provide products and services consistent with those Customer instructions. The collection, retention and destruction of all Customer employee data is, at all times, controlled by the Customer (as the employer), and any questions or requests with regard to a Customer employee’s Personal Data should be directed to that employer. For employees of Customers who use Kronos terminals with a biometric or finger scanning device for employee timekeeping, please see Section 10 (Biometric Data Privacy) of this Policy.
If you are a Kronos job applicant or Kronos employee: We collect Personal Data from Kronos job applicants to conduct our applicant review and hiring activities. We collect Personal Data from our employees for the purposes of fulfilling our human resources responsibilities as described in Section 1 above. Kronos employee Personal Data may be accessed by our human resources, IT and support personnel, and their subcontractors, in the United States and other countries as reasonably required to fulfill these obligations, consistent with applicable law. Kronos takes reasonable steps to ensure that all job applicant and employee data collected is accurate, complete and current for its intended use.
3) Our Disclosure of Your Personal Data
Kronos does not sell or rent your Personal Data to third parties for promotional purposes.
Kronos will not use, share or distribute your Personal Data except as follows: i) as necessary to maintain the security of our products, ii) as required by applicable law, iii) for Customer employees, as described in a contract between Kronos and our Customer, iv) or as otherwise set forth in the subsequent paragraphs of this Section directly below.
Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a sale, merger, reorganization, dissolution or similar event relating to all or a portion of our business, assets or a Site, Personal Data may be part of the transferred assets.
Service providers, subcontractors, agents: We sometimes hire other companies to perform certain business-related functions. Examples include hosting and/or maintaining databases, mailing information on our behalf and processing payments. When we employ another party to perform a service or function, we may need to provide them with access to certain Personal Data. In that event, we only provide them with the information that they need to perform their specific service or function. Kronos is accountable for any Personal Data that it receives from you and subsequently transfers to these third parties, in accordance with applicable privacy law. We remain responsible if a third-party that we engage to process Personal Data on our behalf does so in a manner inconsistent with applicable law, unless we can prove that we are not responsible for the activities or circumstances giving rise to the claim.
Partners and related third parties: We may share information with third party partners who resell our products and services and/or provide value added services. We may offer with third parties (solely or jointly) webinars, white papers, or other services related to our offerings or services. We may share your contact information and your expressed interest in these offerings or services with third parties, if you have provided prior consent to this use of your data, or if we believe we have a legitimate interest in doing so, based on our prior business relationship with you.
Legal Requirements: We also may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of users of a Site or the public, or (iv) protect against legal liability.
Finger Scan Data: For employees of Customers who use Kronos terminals with a biometric or finger scanning device for employee timekeeping, please see Section 10 (Biometric Data Privacy) of this Policy.
4) Access and Control of Personal Data
Visitors to Our Sites: You can use many Kronos Site features without providing any Personal Data, but you may not be able to use certain services. (You can learn how cookies and similar technologies collect data on our Sites in Section 1 above.) You can always choose whether you wish to receive promotional email, SMS messages, telephone calls and postal mail from Kronos. When you otherwise contact Kronos directly, you can control what Personal Data you provide to Kronos.
Employees of Kronos Customers: Employees of Kronos' Customers should contact the appropriate person within their employer's organization to understand, access, change and/or control what employee information is provided by the employer to Kronos so that Kronos may deliver its products and services to the employer under their contract. For employees of Customers who use Kronos terminals with a biometric or finger scanning device for employee timekeeping, please see Section 10 (Biometric Data Privacy) of this Policy.
Kronos Job Applicants: Job applicants to Kronos should reach out to their Kronos recruiter or human resources contact, as applicable, to understand, access, change and/or control Personal Data that has been provided to Kronos in the job application context.
Kronos Employees: Kronos employees should reach out to their Kronos human resources contact to understand, access, change and/or control Personal Data that has been provided to Kronos in the employment context.
6) Children: We do not knowingly collect Personal Data from children under the age of 13. If you are under thirteen, please do not submit any Personal Data to Kronos. If you have reason to believe that a child under the age of 13 has provided Personal Data to Kronos, please contact us, and we will endeavor to delete that information from our databases.
7) Links to Other Websites: Our Sites may frame or contain references or links to other websites not owned, operated or controlled by Kronos, and their privacy policies may differ from ours (the "External Sites"). Kronos is not responsible for the privacy policies and procedures of External Sites and the privacy policies and procedures we describe here do not apply to External Sites. We recommend that you read and understand the privacy policies of External Sites.
8) Security: We utilize commercially reasonable physical, technical, and administrative controls and procedures to safeguard the Personal Data provided to Kronos and protect it from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from Kronos may not be secure. Therefore, you should therefore take special care in deciding what information you send to us via e-mail. Please keep this in mind when disclosing any Personal Data to us or our service providers electronically. Users of our Sites and online services are responsible for maintaining the security of their passwords, user name or ID or other form of authentication needed to access to secure areas or services. We may suspend your access to a Site or one of our services, without notice and pending our investigation, if a security breach is suspected. For employees of Customers who use Kronos terminals with a biometric or finger scanning device for employee timekeeping, please see Section 10 (Biometric Data Privacy) of this Policy.
9) Retention of information: We will retain your Personal Data for as long as any web registration you have with us is active, as needed to provide you (or your employer, as applicable) services or information requested, or for the period needed as described in this Policy or advised to you at the time of collection.
10) Biometric Data Privacy: Kronos does not collect or control Customer employee data. For Customers who use Kronos terminals with a biometric or finger scanning device, the collection of Customer employee finger scan data is undertaken and controlled by the Customer. This data is used by the Customer for employee verification in connection with its employee timekeeping purposes. Such data consists solely of templates created from mathematical algorithms, not fingerprints.
Kronos does not perform or control the collection of such data. Rather, Kronos Customers collect such employee data through its use of the finger scanning devices and related software, and either store the data at the Customer controlled site or on secure space (in accordance with applicable law) made available by Kronos in a cloud environment for that purpose.
Customer employee finger scan data, or templates as described above, may be among the Customer employee data collected or stored by Kronos Customers. A copy of Kronos’ data security policy applicable to the secure space on which Customers can store employee data can be accessed at: www.kronos.ca/security. Kronos has put reasonable measures in place to minimize its access to Customer employee finger scan data from its Customers, On the rare occasions when Kronos accesses Customer employee finger scan data (e.g. for technical support), it is done pursuant to a Customer’s instruction, and subject to strict handling procedures, and Kronos permanently destroys such data promptly after the specific purpose for accessing the data has been satisfied. Customers are responsible for destroying Customer employee finger scan data that they collect, control, possess or store. Any questions with regard to Customer biometric or finger scan employee data, including any applicable retention schedule or destruction process, should be directed to the appropriate employer.
11) Opt-Outs: If at any time after providing contact or other Personal Data to us your Personal Data changes, or if you change your mind about receiving information, (e.g., types of marketing materials, newsletters and the like) from us, or wish to change any other use of your Personal Data described above which we control, send us your request with your updated information and/or your new choices. Send your request to [email protected] or by postal mail sent to Privacy Officer, Kronos Incorporated, 900 Chelmsford St, Lowell, MA 01851. We will respond to your request to access, change or delete your Personal Data within 30 days. Of course, we will retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
900 Chelmsford St.
Lowell, MA 01851
We have designated Kronos Systems, Ltd. as our representative in the European Union for purposes of the GDPR. Our representative may be contacted as follows:
Kronos Systems Limited
The Capitol Building
2nd Floor, South Wing
UK RG12 8FZ
Attn: Law Department
Phone: +44 118 978 9784
To view the Kronos Privacy Shield certification, see www.privacyshield.gov. We also receive and process some data from Customers who operate in the European Union and transfer data to us under other compliance mechanisms, such as agreements to process data under the EU Standard Contractual Clauses.
14) Privacy Shield and General Privacy Complaints: Kronos encourages you to contact us if you have a Privacy Shield or general privacy complaint. In compliance with the Privacy Shield Principles, we commit to work diligently to resolve complaints about our collection or use of your Personal Data. Individuals with inquiries or complaints regarding our privacy practices or our Privacy Shield policies should first contact the Kronos Privacy team at: [email protected].
If you have a Privacy Shield complaint, and Kronos is unable to resolve that complaint directly, Kronos has committed to refer unresolved Privacy Shield complaints to the International Dispute Centre of the American Arbitration Association (“ICDR/AAA”), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit ICDR/AAA at go.adr.org/privacyshield.html for more information or to file a complaint. The services of ICDR/AAA are provided at no cost to you.
Kronos EU Job Applicants and Employee Complaints: If you are a Kronos job applicant or employee in the EU or the United Kingdom or Switzerland with a Privacy Shield complaint about your human resources data, and that complaint cannot be resolved with Kronos directly, Kronos commits to cooperate with the panel established by the EU data protection authorities (DPAs), the United Kingdom Information Commissioner’s Office, and/or the Swiss Federal Data Protection and Information Commissioner, as applicable, with regard to that human resources data complaint. Please contact us to be guided to the relevant DPA office and contact information. A binding arbitration option will also be made available to you to address complaints not resolved by any other means.
The Federal Trade Commission has jurisdiction over Kronos Incorporated’s compliance with the Privacy Shield.