top of page

Privacy Policy

1.0 Introduction

Kephala (referred to as “Kephala,” “we,” “our,” or “us”)  take our responsibilities under applicable data protection law, including the EU General Data Protection Regulation, very seriously. We are committed to protecting the privacy and confidentiality of personal information we process, including information processed on behalf of customers or shared with Kephala by suppliers, partners, employees and others.

 

This Privacy Policy describes the type of personal information we collect, how we use that information, and your rights and options regarding personal information we collect about you.

 

The commitments to the protection of privacy described in this policy applies to all  Employees of Kephala,  including permanent and temporary staff members, and contractors or third parties Kephala may share personal information with as part of the delivery of services to customers or the legitimate processing of personal information. Failure to comply with the requirements of this policy may result in disciplinary action.

Kephala is a data controller in respect of:

  • personal information collected through our sites and services, social media accounts, surveys or any communications that post a link to this Privacy Policy.

  • Personal information collected from employees, applicants for employment subcontractors, partners and suppliers

Kephala is a data processor in respect of:

  •  information collected your customers and uploaded to our Kephala Share platform

If you have questions about this Privacy Policy, you can reach us through the methods provided in the “Contact Us” Section at the end of this Privacy Policy.

2.0 Scope of this Privacy Policy

This Privacy Policy applies when you visit the Kephala website and related subdomains, (collectively, the “Sites”), and when you use Kephala Share product or and any other service where we gather data (collectively, along with “Sites”, the “Services”).

This Privacy Policy also applies to any communications you have with Kephala,  when you register for or attend our events, or contact us for product support or information.

This Privacy Policy applies when Kephala is acting as a data controller and controls the collecting and processing of personal information. This Privacy Policy does not apply when Kephala is acting at the direction of a customer using our Services where the customer is responsible for the collecting of that data and directing the purpose it is collected for and how it is processed.

Where a Customer is the Data Controller for personal information Kephala are processing, the Customer is solely responsible for establishing privacy policies for and ensuring compliance with all applicable laws and regulations, agreements or other obligations, relating to the processing of personal information of individuals processed by Kephala. Where this is the case the processing of your personal information will be subject to the Customer’s privacy practices, and you should contact that Customer for assistance with any requests or questions relating to the processing of your personal information.

This privacy policy also applies to personal information provided by employees of Kephala or related to their employment in Kephala and to personal information related to applications for employment in Kephala.

3.0 Your acceptance of this Privacy Policy

By accepting this Privacy Policy, you expressly consent to the information handling practices described in this Policy. Your continued use of our Sites and/or Services or any other content, products or other services covered by this Policy constitutes your acceptance and agreement to this Policy and any updates. You are therefore encouraged to read this policy before submitting information to Kephala.

4.0 Changes to this Privacy Policy

This Privacy Policy may be updated in response to developments in legal, technical, and business environments.

Changes to this Privacy Policy will be communicated to you in a way appropriate to the significance of the changes and as in accordance with applicable law. Your continued use of Kephala Services constitutes your acceptance and agreement to this Policy and any updates.

4.0 Principles of this Privacy Policy

  • Kephala will obtain and process your personal information fairly, and to retain and use it only for the specific purpose it was collected.

  • kephala are committed to keeping your personal information secure, accurate, up-to-date and complete.

  • Kephala shall not hold more information than is required for the purpose it was collected for and shall only hold it as long as required for that purpose.

  • Kephala will respond to any requests you make to access, correct or delete your personal information in a prompt manner and in accordance with applicable data privacy legislation

5.0 How Kephala collects data

  • Kephala collects information you provide to us in optional, voluntary submissions, such as in registration forms, user profiles, promotional sign ups, requests for product information, requests for customer service, resumes and curriculum vitae submissions.

  • Kephala may also obtain information, including Personal Information, from third party sources. If we directly combine information from third parties with Personal Information that we have collected, we will treat the combined information as Personal Information and handle it in accordance with this Policy.

  • Kephala may solicit third parties to collect Personal Information on our behalf and in such cases we instruct those third parties to comply with this Policy and all with applicable data privacy legislation.

  • Some Personal Information may be collected passively from you through the use of website cookies or similar technology that improve your experience on our website. Cookies are text files downloaded to your device when you visit websites. They collect small amounts of data such as your website preferences, geo-location and previous pages viewed on the website. This allows Kephala to recognize your device and personalise your website experience based on this information. Information collected by cookies is uploaded to the website on each visit. You can find more information about cookies at http://www.allaboutcookies.org.

6.0 Purpose for collecting personal information

  • Kephala uses your personal information to fulfil your requests of us, to contact you for customer satisfaction surveys, to support products or services you have obtained from us, and to fulfil our contractual obligations to you.

  • Kephala sometimes uses personal information for marketing communications, but only if you have given permission for Kephala to use it for  that purpose. You can opt out of receiving promotional and marketing materials from us at any time, including by contacting privacy@kephala.com

  • Kephala may also use personal information you provide to personalise your experience while you are on our websites and to generate website usage statistics.

  • Kephala may use your information, including personal information, your website viewing activity, content viewed, your location and marketing preferences to display personalised content for you.

  • Kephala will use your information, including Personal Information and any other information you submit directly or through passive means to facilitate you connecting to others or sharing content. For example, we may provide you with the opportunity to email a link to specific website content to another person.

  • Kephala will use personal information provided to respond to any queries that you have submitted to us via our website, email  or other communications channels we provide for you to contact us

  • Personal data provided through may be required to perform services available  through our website or our Kephala Share platform

  • Personal data used in aggregate is used to improve and develop our website and Kephala Share platform to improve services features and the user experience.

  • Personal data may be used for fraud prevention, investigation and detection and for establishing, exercising or defending legal claims

  • Kephala will not sell or otherwise disclose personal information you provide to us to third parties unless such disclosure is necessary for the purposes set forth in this Policy or where we are legally obliged to do so.

7.0 Legal Basis for collecting personal information

  • Kephala’s legitimate interests in conducting our business, being the provision of a secure platform for the transfer, tracking and storage of complex clinical data.

  • Compliance with a legal or regulatory obligation that applies to us

  • The performance of a contract with you or in order to take steps at your request prior to entering into a contract including the configuration of your access to our services in accordance with our terms of use.

  • Promoting the security of our sites and services by verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies to the extent necessary for our legitimate interest in promoting the safety and security of the services and sites, and in protecting our rights and the rights of others.

8.0 Your choices in relation to personal data you provide

  • You are under no obligation to provide, and can decline to provide, any requested information at any time. However, if you decline to provide personal information that is reasonably necessary to participate in certain activities, you may not be able to participate in those activities on certain sites and/or services.

  • When we collect personal information from you directly (eg: through forms), you can advise what you want it to be used for and not used for. For example, whether or not you want to receive follow-up marketing communications on our products or services.

  • Where we collect website usage information from you indirectly (eg: through cookies), you can influence whether and what is shared. For example, you can turn off cookies in your web browser.

  • You may request a copy of any personal information we hold about you by using the contact details at the end of this policy document. You can also request that data be amended or removed.

9.0 Governance

  • Kephala is committed to complying with relevant applicable data protection legislation. This includes, but is not limited to, the Irish Data Protection Act of 2018, EU data privacy regulations (General Data Protection Regulation (EU) 2016/679), the California Consumer Privacy Act (CCPA).

  • Kephala is registered as a data processor with the Data Protection Commissioner in Ireland.

  • We communicate our privacy and data protection guidelines to Kephala employees and strictly enforce privacy safeguards within the company. This includes training and awareness on data protection topics and confidentiality agreements with employees.

  • Kephala reviews data privacy governance measures regularly. If a change to the privacy policy is required, we will publish details of those changes 30 days prior to the changes coming into effect.

10.0 Protection of children and minors

  • Kephala sites and services are not directed to individuals under the age of thirteen (13), or to minors as otherwise defined in local law or regulation, and do not knowingly collect personal information from these individuals.

  • We request that these individuals do not provide personal information through the sites and services. However, if you believe that we may have collected personal information from someone under the age of thirteen (13) or to minors as otherwise defined in applicable law or regulation, please let us know using the methods described in the Contact Us section and we will take appropriate measures to investigate and, if appropriate, delete that information.

11.0 Your rights

You have the following legal rights, in certain circumstances and subject to certain restrictions, in relation to your personal data:

  • Right to access the data– You have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data

  • Right to rectification – You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete

  • Right to erasure– You have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the “right to be forgotten”

  • Right to restriction of processing or to object to processing – You have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes

  • Right to data portability – You have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format

  • Right to Object – You have the right to object to the processing or use of your personal data at any time.

If you wish to exercise any of the above rights, then please do not hesitate to contact us using the contact details provided at the end of this Privacy Policy.

11.1 California Privacy Rights

In addition to the rights set forth in this Privacy Policy, California Consumer Privacy Act and its implementing regulations (“CCPA”) permits California residents who are individual consumers or users of Kephala sites and/or services to request certain information regarding its disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us using the contact details provided at the end of this Privacy Policy.

11.2 If you have a complaint

You also have the right to lodge a complaint with the Irish Data Protection Commission if you are not happy with the way we have used your information or addressed your rights. Details of how to lodge a complaint are available on the contact us page of the website of the Irish Data commissioner https://www.dataprotection.ie/en/contact/how-contact-us

Or you can call the Irish Data Protection Commissioner at + 353 (0)761 104 800.

 

12.0 Browsing our website

As an anonymous visitor to our website, we collect no personally identifiable information about you, apart from information which you volunteer (please see more on this in the next section below on submitting website forms).

We may use temporary third party Google Analytics cookies to collect an anonymous record of your site page views and to recognize return visits (also anonymously) using a unique cookie that Google Analytics stores in your browser.

We use the collected page-view information to understand how visitors use the website and to help us improve access to its information and functionality.

 

13.0 Submitting website forms

We have a number of (entirely optional) data collection forms on the company website  to facilitate users to “Request a Demo” or to  “Contact Us”. If you submit your details on any website form we will save your personal details in our Customer Relationship Management (CRM) database.

We may also record this activity with a temporary third party Google Analytics cookie to provide a best estimate of where you came from before you visited the Kephala website e.g. a Google advertisement, Ad-campaign, a search listing, or an external link to our site.

 

14.0 Using our Kephala Share platform

The Kephala Share platform is not part of our company website. Kephala serves as a data processor for the customers who use the platform and does not control or own the information submitted to this platform. The information that is submitted to this platform is instead subject to our customers’ own privacy policies.

As a customer using this platform you are entirely responsible for ensuring that you have all appropriate permissions from your own data subjects in order to collect and process their personal data. Accordingly, Kephala has absolutely no liability or responsibility whatsoever arising from our processing of that data on your behalf.

When you use the Kephala Share platform, we record a log of all significant actions taken by you while logged in, together with related information such as browser, Operating System type, and IP address. We use this information to plan system capacity, and to plan for system and product enhancements. The information will also be used to allow Kephala to investigate functionality and security incidents.

Kephala, as the data processor, maintains only the personal information which its customers have asked Kephala to process. As noted above, it is your responsibility as a user to ensure that the data you upload to Kephala Share is legally collected. You are responsible for providing your employees, users and other data subjects the appropriate level of notification that personal information is being collected and stored and for receiving the appropriate permissions from them as required under applicable legislation.

15.0 Transfer of personal data to other countries

As a global operation, Kephala may transfer, store, and process your personal information with our affiliates and service providers based throughout the world. This may result in your information being processed in a country where privacy legislation may be less stringent than the legislation in your country.  Where possible we take steps to treat personal information using the same privacy principles that apply in the country in which we first received your information. Before we share your information with any third party, we will enter into a written agreement that the third party provides at least the same level of protection for the personal information as required under applicable data protection laws.

16.0 Retention of personal data

We will not hold your personal data for longer than is necessary. We shall retain your personal data for as long as we need it for the purposes described in this privacy policy, or to comply with our obligations under applicable law, or, to provide you with our services, and, if relevant, to deal with any claim or dispute that might arise between you and us.

17.0 Security of personal data

Kephala is certified to the ISO27001 standard for information security. Kephala and our service providers employ industry-accepted levels of security on all data storage and transmission.

Where we make use of an external service provider, we will require the same commitment to the protection of your data as we ourselves implement.

Kephala use all reasonable efforts to protect your personal information from unauthorised access, use, or disclosure. However we cannot guarantee the security of your personal information. In the event of a security breach to your personal information we may notify you electronically, in writing, or by telephone, in accordance with applicable law.

18.0 Cookie Policy

Cookies are text files downloaded to your device when you visit websites. They collect small amounts of data such as your website preferences, geo-location and previous pages viewed on the website. This allows Kephala to recognize your device and personalise your website experience based on this information. You can find more information about cookies at http://www.allaboutcookies.org.

18.1 Cookie types

Kephala makes use of cookies and other tracking technologies on our company website kephala.com and our Kephala Share platform. We typically use two types of cookies:

● Session cookies

● Persistent cookies

Session cookies are temporary cookies that are not stored on your computer or mobile device. They are used as part of the login, authentication and session management flows of the Kephala Share platform websites.

Session cookies are also used to understand, for example, if a user interacting with our company website is a new visitor or a visitor returning as part of the same browsing session. These session cookies are erased when you close your browser, or after extended inactivity.

Persistent cookies are those placed on your computer or mobile device for a predetermined length of time when you visit this site. They are used on our company website, including, for example, to understand what areas of our website are most popular, and how customers and users engage with content on the website.

18.2 Cookie management

You have the ability to accept or decline the use of cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline all cookies, if you prefer. Alternatively, many web browsers can be configured to notify you each time a cookie is tendered,and permit you to accept or decline them on an individual basis or on a site-by-site basis.

Please note that disabling cookie support may prevent our website and Kephala Share platform from functioning properly and you may not be able to fully utilise all of its features and services.

19.0 Contact us

If you have any queries related to this Privacy Policy or about Kephala’s overall approach to the privacy of your personal information please contact our Data Privacy Officer, Bernard Kelleher at privacy@kephala.com.

bottom of page