Privacy Policy

Introduction

This document sets forth the Privacy Policy of Kronos in collecting, storing and processing Personal Data received from Kronos customers (“Customers”), Customer employees, website visitors, Kronos employees and Kronos job applicants. For purposes of this Privacy Policy, “Personal Data” shall mean any information provided to Kronos that relates to an identified or identifiable individual.

Unless otherwise stated in this Privacy Policy, this policy shall be deemed to apply to Kronos Incorporated and our affiliates, and all references to “we”, “us” and/or “our” shall refer to Kronos Incorporated and those affiliates.

[Note: Because there are differences in the ways Kronos’ Talent Management Division collects and uses Personal Data consistent with the services it provides to Customers, Kronos has published a separate privacy statement that identifies those differences. Click here for the Privacy Statement that applies to the Kronos Talent Management Division only.]

1) PERSONAL DATA COLLECTED

From Kronos Customers and Customer Employees:

We may collect, process and/or store your Personal Data from a number of sources, primarily to provide products and services under our contracts with our Customers and to improve those products and services.

Sometimes we collect data, such as name, company name, IP address and email or physical address, directly from you when you provide contact and other information to us through a Kronos website (a “Site”), or when you ask us a question, make a comment, request support, or use certain services. By voluntarily providing us with Personal Data, you consent to our use of that information in accordance with this Privacy Policy. If you provide Personal Data to us electronically, you acknowledge and agree that such Personal Data may be transferred from their current location to offices and servers of ours and our subcontractors located in the United States and other countries in order to provide our services to you, consistent with applicable law.

We also may obtain Personal Data by recording how you use our products, for example through error reports or other usage data. When you visit a Site, certain Personal Data may be collected by recording how you interact with that Site via cookies or web beacons (see the “Information Collected via Cookies” and “Managing Cookies” sections below for further details). If you participate in Kronos Community online discussions about our products and services, you may opt to register as a participant and also provide us with a personal profile, a picture or other Personal Data.

Kronos, in delivering its workforce management products and services, also processes data supplied by its Customers about their employees in order to provide Customers with the full benefit of those products and services (see Section 2 below for further details). Such data, like name, employee number, and time and attendance and schedule information, are collected under instructions set forth in the contract between Kronos and its Customers. For Customers who choose to deploy Kronos terminals utilizing a biometric technology option, the collection of Customer employee finger scan data is undertaken and controlled by the Customer and may include information used to verify employee identity. Such data consists solely of templates created from mathematical algorithms, not fingerprints.

From Kronos Job Applicants and Kronos Employees:

We collect Personal Data from Kronos job applicants to conduct our applicant review and hiring activities. We collect Personal Data from our employees for the purposes of fulfilling our human resources obligations to our employees, such as conducting employee performance evaluations, administering payroll and benefits (and related record keeping), filing government reports, performing company network management and authentication, security, emergency notification management, and enhancing employee health and safety.

From Visitors to our websites:

Non-identifiable Information: When you utilize a Site, we may receive certain personally non-identifiable information about your use of the Site. We may store such information ourselves or it may be included in databases owned and maintained by us, our subcontractors, agents or our business partners. We may use such information and pool it with other information to track, for instance, the total number of visitors to a Site and the domain names of our visitors’ Internet service providers.

Information Collected via Cookies and Similar Technologies: Like most websites, we also collect and/or log specific Site visitor information, which may include both non-identifiable information and Personal Data, including what kind of browser visitors are on, what operating system they are using, their IP address, cookie information, time stamp and clickstream information. This data is collected through the use of log files, “cookies,” “web beacon” or other similar technologies. “Cookies” are small files of data that may be sent to your web browser and stored on your computer. With “web beacons,” when a visitor accesses certain pages on a Site, an anonymous notice of that visit is generated which may be processed by us. Web beacons work in conjunction with cookies to let us know what portions of our Sites are of interest to you and to help us provide you with tailored information from our Sites. We may collect and store this information and combine it with other Personal Data you have provided.

We also use first-party and third-party cookies in online advertising efforts. When you visit a Site, third parties may set cookies on your computer and use those cookies to collect information about you, including about your computer and how you use the Site. These parties use such information to personalize and deliver targeted advertising to you on non-Kronos websites. For additional information about online behavioral advertising, visit the websites of the Network Advertising Initiative and the Digital Advertising Alliance.

Managing Cookies and Similar Technologies:

Most web browsers can be configured not to accept cookies, notify you if a cookie is sent to you, or otherwise manage cookies, web beacons and similar technologies. If you turn off cookies, web beacons and similar technologies will still detect anonymous visits, but the notices they generate cannot be associated with other anonymous information or personally-identifiable information and are disregarded. Similarly, if you would like to prevent third parties from setting and accessing cookies and similar technologies on your computer for advertising and other purposes, you can configure your browser to manage or block cookies and those technologies. Additionally, cookie preferences, including the ability to opt-out of first and third-party cookies, may also be set and managed using our cookie consent manager tool.

Social Media Features and Widgets:

Our Sites may include social media features, such as video links, “Like” buttons, and widgets such as “Share” buttons or interactive mini-programs. These features may collect your Personal Data such as your IP address and which website page you are visiting, and may set a cookie to enable the feature to function. Social media features and widgets may be hosted by a third party or hosted directly on our Sites. Your use and interactions with these features are at your option and are governed by the published privacy policy of the companies providing them.

Research: In an ongoing effort to better understand and serve all users of Kronos services, we may conduct research on user demographics and interests based on the Personal Data and other information provided to us. This research may be compiled and analyzed on an aggregate basis, and we may share this aggregated data with our affiliates, agents and business partners. This aggregate information does not identify you personally.

Do Not Track: Like many websites, our Sites do not currently respond to “do not track” browser headers. Cookie preferences, including the ability to opt-out of first and third-party cookies, may be set and managed using our cookie consent manager tool. Additionally, you can take steps to limit tracking by erasing cookies and similar technologies from your computer’s hard drive and by setting your browser to block all cookies or similar technologies or warn you before they are stored. Should you choose to remove all stored cookies, including the opt-out cookies set via our cookie consent manager tool, you may need to reestablish your cookie preferences with the tool.

2) How Kronos Uses Personal Data

We use the Personal Data you provide to us in a manner that is consistent with this Privacy Policy.

If you visit our Sites: We may use your Personal Data in the manner described in Section 1 above. You can use many features of our Sites without providing any Personal Data, however, you may not be able to use certain services.

If you provide Personal Data to us directly in another manner: We may use your Personal Data in connection with the reason for which it was provided, such as to deliver the product or service you requested, answer the question you posed, or diagnose a technical support issue. We also may use it to send you product or service notices that may be of importance to you, prevent, detect or investigate illegal or fraudulent activity, or use it as otherwise disclosed to you when you provide the information. We may use Personal Data information to contact you in the future to tell you about services we believe will be of interest to you. When we contact you in these ways, we will do so based on your prior consent to receive such communications, or upon our “legitimate interest” to communicate with you, for instance if we have information to share based upon your prior relationship with Kronos. In every case, we offer you the opportunity to “opt-out” from receiving further such communications.

If you are an employee of a Kronos Customer: When Kronos collects and processes Customer employee data in accordance with a Customer’s instructions set forth in our Customer contract, we only use that employee data to provide products and services consistent with those Customer instructions. If we process Customer employee finger scan data via biometric technology, as described in Section 1 above, we will only do so as directed by the Customer for employee verification purposes. The Customer has the means to permanently destroy such finger scan data which Kronos processes and which may be in the Customer’s possession once this purpose has been fulfilled (as determined by the Customer) or as otherwise required by applicable law, whichever occurs first. The collection, retention and destruction of all Customer employee data, including finger scan data, is, at all times, controlled by the Customer (as the employer), and any questions or requests with regard to a Customer employee’s Personal Data should be directed to that employer.

If you are a Kronos job applicant or Kronos employee: We collect Personal Data from Kronos job applicants to conduct our applicant review and hiring activities. We collect Personal Data from our employees for the purposes of fulfilling our human resources responsibilities as described in Section 1 above. Kronos employee Personal Data may be accessed by our human resources, IT and support personnel, and their subcontractors, in the United States and other countries as reasonably required to fulfill these obligations, consistent with applicable law. Kronos takes reasonable steps to ensure that all job applicant and employee data collected is accurate, complete and current for its intended use.

3) Our Disclosure of Your Personal Data

Kronos does not sell or rent your Personal Data to third parties for promotional purposes.

Kronos will not use, share or distribute your Personal Data except as follows: i) as necessary to maintain the security of our products, ii) as required by applicable law, iii) for Customer employees, as described in a contract between Kronos and our Customer, iv) or as otherwise set forth in the subsequent paragraphs of this Section directly below.

Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a sale, merger, reorganization, dissolution or similar event relating to all or a portion of our business, assets or a Site, Personal Data may be part of the transferred assets.

Service providers, subcontractors, agents: We sometimes hire other companies to perform certain business-related functions. Examples include hosting and/or maintaining databases, mailing information on our behalf and processing payments. When we employ another party to perform a service or function, we may need to provide them with access to certain Personal Data. In that event, we only provide them with the information that they need to perform their specific service or function. Kronos is accountable for any Personal Data that it receives from you and subsequently transfers to these third parties, in accordance with applicable privacy law. We remain responsible if a third-party that we engage to process Personal Data on our behalf does so in a manner inconsistent with applicable law, unless we can prove that we are not responsible for the activities or circumstances giving rise to the claim.

Partners and related third parties: We may share information with third party partners who resell our products and services and/or provide value added services. We may offer with third parties (solely or jointly) webinars, white papers, or other services related to our offerings or services. We may share your contact information and your expressed interest in these offerings or services with third parties, if you have provided prior consent to this use of your data, or if we believe we have a legitimate interest in doing so, based on our prior business relationship with you.

Legal Requirements: We also may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of users of a Site or the public, or (iv) protect against legal liability.

4) Access and Control of Personal Data

Visitors to Our Sites: You can use many Kronos Site features without providing any Personal Data, but you may not be able to use certain services. (You can learn how cookies and similar technologies collect data on our Sites in Section 1 above.) You can always choose whether you wish to receive promotional email, SMS messages, telephone calls and postal mail from Kronos. When you otherwise contact Kronos directly, you can control what Personal Data you provide to Kronos.

Employees of Kronos Customers: Employees of Kronos’ Customers should contact the appropriate person within their employer’s organization to understand, access, change and/or control what employee information is provided by the employer to Kronos so that Kronos may deliver its products and services to the employer under their contract.

Kronos Job Applicants: Job applicants to Kronos should reach out to their Kronos recruiter or human resources contact, as applicable, to understand, access, change and/or control Personal Data that has been provided to Kronos in the job application context.

Kronos Employees: Kronos employees should reach out to their Kronos human resources contact to understand, access, change and/or control Personal Data that has been provided to Kronos in the employment context.

5) Privacy Policy Exclusions

Unsolicited Information: This Privacy Policy shall not apply to any unsolicited information you provide to us through our Sites or any other means. This includes, but is not limited to, information posted to any public areas of our Sites, such as Kronos Community, bulletin boards, any ideas for new products or modifications to existing services, and other unsolicited submissions including all User Content as that term is defined in our applicable Terms of Use (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and we shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.

Publicly Available Information: Please also note that any Personal Data or other information you provide to be displayed in your publicly available online profile, or post in Site forums, will be displayed for others to see and thus will not be subject to the terms of this Privacy Policy. We cannot and will not be responsible for what third parties do with any Personal Data or other information that you choose to make publicly available. As such, we advise that you exercise great care in determining what Personal Data or other information you choose to make publicly available.

6) Children:We do not knowingly collect Personal Data from children under the age of 13. If you are under thirteen, please do not submit any Personal Data to Kronos. If you have reason to believe that a child under the age of 13 has provided Personal Data to Kronos, please contact us, and we will endeavor to delete that information from our databases.

7) Links to Other Websites:Our Sites may frame or contain references or links to other websites not owned, operated or controlled by Kronos, and their privacy policies may differ from ours (the “External Sites”). Kronos is not responsible for the privacy policies and procedures of External Sites and the privacy policies and procedures we describe here do not apply to External Sites. We recommend that you read and understand the privacy policies of External Sites.

8) Security: We utilize commercially reasonable physical, technical, and administrative controls and procedures to safeguard the Personal Data provided to Kronos and protect it from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from Kronos may not be secure. Therefore, you should therefore take special care in deciding what information you send to us via e-mail. Please keep this in mind when disclosing any Personal Data to us or our service providers electronically. Users of our Sites and online services are responsible for maintaining the security of their passwords, user name or ID or other form of authentication needed to access to secure areas or services. We may suspend your access to a Site or one of our services, without notice and pending our investigation, if a security breach is suspected.

9) Retention of information: We will retain your Personal Data for as long as any web registration you have with us is active, as needed to provide you (or your employer, as applicable) services or information requested, or for the period needed as described in this Policy or advised to you at the time of collection.

10) Opt-Outs: If at any time after providing contact or other Personal Data to us your Personal Data changes, or if you change your mind about receiving information, (e.g., types of marketing materials, newsletters and the like) from us, or wish to change any other use of your Personal Data described above which we control, send us your request with your updated information and/or your new choices. Send your request to privacy@kronos.com or by postal mail sent to Privacy Officer, Kronos Incorporated, 900 Chelmsford St, Lowell, MA 01851. We will respond to your request to access, change or delete your Personal Data within 30 days. Of course, we will retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

11) Contacting Us With Questions: You may contact us in the event you have questions about this Privacy Policy or any of our information practices, or if you have a question concerning the handling of your Personal Data, at: privacy@kronos.com, or by postal mail sent to Privacy Officer, Kronos Incorporated, 900 Chelmsford St, Lowell, MA 01851.

12) Privacy Shield and Other Compliance Mechanisms: Kronos complies with the EU-US and Swiss-US Privacy Shield Framework as published by the U.S. Department of Commerce covering the collection, use and retention of Personal Data transferred from the European Union and Switzerland to the United States, as applicable. Kronos has self-certified its compliance with the Privacy Shield to the Department of Commerce. In the event of any conflict between the terms of this privacy policy and the Privacy Shield Principles relative to our commitment to protect personal data covered by the Privacy Shield, the Privacy Shield Principles shall take precedence.

To view the Kronos Privacy Shield certification, see www.privacyshield.gov. We also receive and process some data from Customers who operate in the European Union and transfer data to us under other compliance mechanisms, such as agreements to process data under the EU Standard Contractual Clauses.

13) Privacy Shield and General Privacy Complaints: Kronos encourages you to contact us if you have a Privacy Shield or general privacy complaint. In compliance with the Privacy Shield Principles, we commit to work diligently to resolve complaints about our collection or use of your Personal Data. Individuals with inquiries or complaints regarding our privacy practices or our Privacy Shield policies should first contact the Kronos Privacy team at: privacy@kronos.com.

If you have a Privacy Shield complaint, and Kronos is unable to resolve that complaint directly, Kronos has committed to refer unresolved Privacy Shield complaints to the International Dispute Centre of the American Arbitration Association (“ICDR/AAA”), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit ICDR/AAA at http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of ICDR/AAA are provided at no cost to you.

Kronos EU Job Applicants and Employee Complaints: If you are a Kronos job applicant or employee in the EU or Switzerland with a Privacy Shield complaint about your human resources data, and that complaint cannot be resolved with Kronos directly, Kronos commits to cooperate with the panel established by the EU data protection authorities (DPAs) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable, with regard to that human resources data complaint. Please contact us to be guided to the relevant DPA office and contact information. A binding arbitration option will also be made available to you to address complaints not resolved by any other means.

The Federal Trade Commission has jurisdiction over Kronos Incorporated’s compliance with the Privacy Shield.

14) Changes to Our Privacy Policy

At times it may be necessary for us to make changes to this Privacy Policy. Accordingly, we reserve the right to update or modify this Privacy Policy at any time and from time to time without prior notice. Please review this policy periodically, and especially before you provide any Personal Data to us. Your continued disclosure of Personal Data to us after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.

 

Privacy Statement for Kronos Talent Management Division

Workforce Acquisition™ products

The following statement sets out those privacy policies and practices of the Kronos Talent Management Division (“Kronos TMD”) which are different from and/or supplement the above Privacy Policy with respect to Kronos TMD’s Workforce Acquisition products. This Privacy Statement applies to the collection, use, processing and disclosure of Personal Data under the terms of our Customer contracts for those products. Your continued use of the Kronos TMD websites constitutes your agreement to all such terms, conditions, and notices provided in this Privacy Statement and your consent to the collection, use, processing disclosure, and retention of Personal Data in accordance with this Privacy Statement.

Personal Data Collected – Customer Employment Applications: If you apply for employment at one of our Customers through a Kronos TMD hosted web site, Personal Data about you will be collected by the employer and Kronos TMD for use in connection with the application, interview and employment (on-boarding) process. This data may include but will not be limited to your name, physical and e-mail address, other contact information, social security number (social insurance number is not collected in Canada), prior work history, and other background information. This data will be used by the employer and Kronos TMD for purposes such as assessing your suitability for employment with the employer and its branches or affiliates, conducting background investigations, verifying information about you, conducting applicant and employment-related statistical evaluation and record keeping, to comply with legal obligations or as reasonably necessary or advisable to defend or enforce the legal rights or business interests of Kronos TMD, its users, Customers or affiliates, or for such other purposes as are identified at or before the time of collection of the data or to which you consent from time to time.

Disclosures to Third Parties: In the course of the employment application process described above, Personal Data may also be disclosed to others such as companies engaged to perform background investigations or to verify the accuracy of the information contained in your application, to government agencies evaluating the application process, to third party vendors who assist the employer in performing its business functions. This data is also subject to disclosure as may be required by law. Kronos TMD may also disclose Personal Data to insurers or to legal, financial, and other professional advisors or in connection with a reorganization, sale, merger, change in control, transfer of assets, or other business transaction.

Tracking Customer Employment Advertising Effectiveness: Tracking information about visits to Kronos TMD hosted sites, referring sites, and unique identifiers associated with completed employment applications may also be shared with third party advertising vendors retained by the employer to measure advertising effectiveness. Kronos TMD hosted sites do not alter behavior as a result of ‘Do not track’ settings in web browsers, but do not collect information about a user’s browsing habits over time other than the referring site and activity on TMD hosted sites.

Kronos TMD Business Transitions: In the event Kronos TMD goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets, users’ Personal Data, in most instances, will be part of the assets transferred Kronos TMD will provide its collected data to law enforcement agencies if legally required to do so pursuant to law, court order or other governmental action.

Customer Desktop/Console Site: The hiring manager desktop/console products are private, password-protected, web-based software applications used by our Customers to manage the hiring process. During the course of normal business processes, Customers utilizing our desktop/console products may need to enter additional information about job applicants or employees hired using Kronos TMD’s hiring management systems. Applicant or employer Personal Data may be transmitted, via the desktop/console products, to different locations or branches within the same Customer company. This allows job applications to be available to multiple locations of the same company when appropriate.

Kronos Access to Applicant Data for Support: Applicant Personal Data may be viewed by authorized Kronos TMD staff in order to support the application and administrative needs of job seekers and our Customers. For instance, if there is a problem or error in a job application, members of Kronos TMD’s development team or client services department may review applications to assist in resolving the issue.

Responsibility for Restart Codes and Passwords: For web applications where you create a restart code and password, it is solely your responsibility to maintain the confidentiality of your password. You are entirely responsible for any and all activities that occur under your account. Kronos TMD will not be liable for any loss that you may incur as a result of someone else having used your password, either with or without your knowledge. You could be held liable for losses incurred by Kronos TMD or another party due to someone else having used your password. You may not use anyone else’s password at any time. Kronos TMD is not responsible for Personal Data which is lost or altered or for any data which you enter and submit to employers. Kronos TMD is not responsible in the event a candidate is not hired for a job.

Special Notice to Canada Applicants: Personal Data collected and processed in the manners described above may be stored and accessed outside Canada (including in the United States). Please note that social insurance numbers will not be collected during the application process for applicants applying in Canada.

 

Kronos Privacy Policy Rev Date: 25 May 2018