Knovos, LLC (“Knovos”) is a global technology company which provides electronic discovery services, including information governance technology and data analytics services to law firms, corporations and government agencies who are parties to various types of litigations, investigations, commercial, arbitration and regulatory compliance proceedings.
All data collected in the course of Knovos’ activities are kept under strict privacy and confidentiality protocols since much of this information may constitute evidence in litigation and other sensitive proceedings. Indeed, it is Knovos’ practice (and the customary business practice in the industry in which Knovos conducts business) to enter into, with each client, a comprehensive Confidentiality and Non-Disclosure Agreement (C&NDA) as to data received in every engagement undertaken. Moreover, each of Knovos’ employees has executed C&NDAs pertaining to all information that comes into their possession in the course of their employment.
The facility in which Knovos processes (*processing by Knovos consists, typically, of the extraction and formatting of the data for review in a document review system) and stores data maintains extensive physical security features and the network infrastructure upon which data is stored is secured by some of the most advanced data security and disaster recovery technology found in the marketplace.
Much of the data processed and hosted by Knovos does not constitute “personal data” as the term is defined below. However, personal data will, on occasion, enter into the possession of Knovos, the bulk of it contained within the email accounts of individuals in the employ of parties to litigation.
Statement of Policy:
This policy applies to personal data that Knovos has received from the European Union (EU). Personal data refers to data that is (a) transferred to the United States from the EU; (b) is about, or relates to, an identified or identifiable individual; (c) can be linked to that individual, and (d) is recorded. Personal data may include, among other things, an individual’s name, address, phone number, e-mail address, or social security number, health insurance policy number or other like information. However, the term “personal data” does not include data that pertains to a specific individual, but from which that individual cannot reasonably be identified. Personal data also includes “sensitive personal data”, which is defined herein as a subset of personal data that pertains to an individual’s medical, or health condition, racial or ethnic origin, political opinions, religion, union membership, sexual orientation or actual or alleged criminal activity
Knovos’ website incorporates privacy controls which affect how Knovos will process any personal data. Knovos will not use any personal data other than for the purpose for which it was provided. Knovos may process data about your use of our website and services. The legal basis for this processing is consent and our legitimate interests, namely monitoring and improving our website and providing services.
If you have provided any personal data such as your name and email address, Knovos may process this data for communicating with you and taking steps, at your request. Knovos may process information contained in any inquiry you submit to us regarding products and/or services. The data may be processed for the purposes of offering relevant products and/or services to you.
Regarding International transfers of your personal data, the company has offices across the globe. The NDPA’s have made an "adequacy decision" with respect to the data protection laws of each of these countries or the data will be protected by appropriate safeguards and will never leave the company without express consent. The hosting facilities for our website are situated in the United States of America. The European Commission has made an "adequacy decision" with respect to the data protection laws of the United States of America.
Personal data that Knovos processes for any purpose shall not be kept for longer than is necessary for that purpose. Users can ask for their data to be expunged from our systems should they wish.
Where Knovos is the Data Controller you may instruct us to report/provide/rectify/erase any personal information Knovos hold about you; provision of such information will be subject to the payment of an admin fee; and the supply of appropriate evidence of your identity. Where Knovos is the Data Processor then such requests will need to be directed via the Controller.
EU-U.S. Privacy Shield Framework:
The EU-U.S. Privacy Shield Framework has been designed to provide companies with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.
As a Privacy Shield participating company, Knovos strongly affirms its commitment to the Privacy Shield principles and the Privacy Shield Framework, as follows:
Complaint Handling Mechanism:
Knovos is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) for compliance with this Policy and the EU-US Privacy Shield Framework.
Knovos has identified BBB EU Privacy Shield as our independent recourse mechanism for Privacy Shield privacy complaints, and we are providing below a hyperlink to our online complaint handling system for use by European Union individuals.
10521 Rosehaven Street, 3rd Floor
Fairfax, VA 22030
Attention: Data Protection Officer
Knovos has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Please note that if your complaint is not resolved through the aforesaid channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Adherence to EU-U.S. Privacy Shield Principles:
Knovos has adopted the EU – U.S. Privacy Shield Framework and hereby adheres to each of the Privacy Shield Principles with respect to data received from the EU in reliance on Privacy Shield. These Principles, as adhered to by Knovos, are described below:
Under most circumstances, Knovos does not collect personal data for processing directly from the party in possession, but receives the data for processing from counsel under an agreement to hold such data under strict rules of confidentiality and privacy. Therefore, when Knovos receives personal data from the EU for processing purposes and does not control the collection of the personal data, Knovos does not, typically, provide notification to the individuals to which such personal data relates (but, again, is mandated by the client to hold the data in the strictest confidence.). In such event, Knovos reserves the right to process personal data in the course of providing services to its clients without the knowledge of the individuals involved. Knovos never uses data for a purpose other than the purpose for which it was provided to Knovos. Neither does Knovos ever share information with third parties other than when lawfully directed by the client law firm or originating organization (that is, the owner of the data.) When specifically authorized by counsel or client to do so, Knovos will inform affected individuals about the purposes for which it collects and uses personal information about them, how to contact the organization with any inquires or complaints, the types of third parties to which it may disclose the information and any choices and means that Knovos may offer individuals for limiting the data’s use and disclosure.
Since Knovos does not share personal information with third parties, unless required by law or lawfully directed by the client law firm or originating organization to do so, nor does it ever use the data for a purpose incompatible with the purpose for which it was originally collected, there is no need to offer individuals the opportunity to opt out from having data disclosed. However, should the need ever arise, Knovos will provide individuals with reasonable notice and mechanisms to exercise their choice to opt-out from having personal data so disclosed.
3. Accountability for Onward Transfer (Transfer to Third Parties)
As mentioned above, Knovos does not share personal information with third parties, unless required by law or lawfully directed by the client law firm or originating organization to do so. However, should the need ever arise, prior to disclosing personal information to third parties, Knovos will utilize the notice and choice principles noted above. If Knovos ever were to engage in any onward transfers of your data with third parties for a purpose other than which it was originally collected or subsequently authorized, we would provide you with an opt-out choice to limit the use and disclosure of your personal data. Moreover, Knovos will only enter into written contracts with third parties to provide the same level of personal data protection as is maintained by Knovos. Nevertheless, in cases of onward transfer to third parties of data of EU individuals received pursuant to the Privacy Shield, Knovos is potentially liable.
Knovos takes reasonable precautions to protect personal information from loss, misuse, unauthorized access, disclosure, tampering, alteration, and destruction.
5. Data Integrity and Purpose Limitation
Knovos uses personal information only in a manner that is compatible with the purpose for which it was collected or subsequently authorized by the individual. Knovos takes reasonable steps to ensure that personal information is reliable for its intended use, and is accurate, complete, and current. We understand that we may also be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. This regulatory compliance will be adhered to under the guidance of our clients and their lawyers since we solely act on their behalf to collect, process and produce such personal information.
6. Access and Recourse
7. Enforcement and Liability
Knovos will conduct an annual self-assessment to ensure that this policy is published and disseminated within Knovos and on its website, that it is being adhered to and that it conforms to the seven principles set forth above. In addition, Knovos has deployed internal auditing measures to monitor its compliance with the Principles and to address all questions or complaints. Knovos will also self-certify annually with the U.S. Department of Commerce as being in full compliance with the Principles.
Individuals may raise any concerns or complaints regarding their personal data directly with Knovos by contacting Knovos at:
10521 Rosehaven Street, 3rd Floor
Fairfax, VA 22030
Attention: Data Protection Officer
If an individual files such a complaint, Knovos will investigate the matter and attempt to resolve all issues to the satisfaction of the complainant. If the matter cannot be settled, Knovos agrees to cooperate with the dispute resolution system set forth above.