Kephala (referred to as “Kephala,” “we,” “our,” or “us”) take our responsibilities under applicable data protection law, including the EU General Data Protection Regulation, very seriously. We are committed to protecting the privacy and confidentiality of personal information we process, including information processed on behalf of customers or shared with Kephala by suppliers, partners, employees and others.
The commitments to the protection of privacy described in this policy applies to all Employees of Kephala, including permanent and temporary staff members, and contractors or third parties Kephala may share personal information with as part of the delivery of services to customers or the legitimate processing of personal information. Failure to comply with the requirements of this policy may result in disciplinary action.
Kephala is a data controller in respect of:
Personal information collected from employees, applicants for employment subcontractors, partners and suppliers
Kephala is a data processor in respect of:
information collected your customers and uploaded to our Kephala Share platform
Where a Customer is the Data Controller for personal information Kephala are processing, the Customer is solely responsible for establishing privacy policies for and ensuring compliance with all applicable laws and regulations, agreements or other obligations, relating to the processing of personal information of individuals processed by Kephala. Where this is the case the processing of your personal information will be subject to the Customer’s privacy practices, and you should contact that Customer for assistance with any requests or questions relating to the processing of your personal information.
Kephala will obtain and process your personal information fairly, and to retain and use it only for the specific purpose it was collected.
kephala are committed to keeping your personal information secure, accurate, up-to-date and complete.
Kephala shall not hold more information than is required for the purpose it was collected for and shall only hold it as long as required for that purpose.
Kephala will respond to any requests you make to access, correct or delete your personal information in a prompt manner and in accordance with applicable data privacy legislation
5.0 How Kephala collects data
Kephala collects information you provide to us in optional, voluntary submissions, such as in registration forms, user profiles, promotional sign ups, requests for product information, requests for customer service, resumes and curriculum vitae submissions.
Kephala may also obtain information, including Personal Information, from third party sources. If we directly combine information from third parties with Personal Information that we have collected, we will treat the combined information as Personal Information and handle it in accordance with this Policy.
Kephala may solicit third parties to collect Personal Information on our behalf and in such cases we instruct those third parties to comply with this Policy and all with applicable data privacy legislation.
Some Personal Information may be collected passively from you through the use of website cookies or similar technology that improve your experience on our website. Cookies are text files downloaded to your device when you visit websites. They collect small amounts of data such as your website preferences, geo-location and previous pages viewed on the website. This allows Kephala to recognize your device and personalise your website experience based on this information. Information collected by cookies is uploaded to the website on each visit. You can find more information about cookies at http://www.allaboutcookies.org.
6.0 Purpose for collecting personal information
Kephala uses your personal information to fulfil your requests of us, to contact you for customer satisfaction surveys, to support products or services you have obtained from us, and to fulfil our contractual obligations to you.
Kephala sometimes uses personal information for marketing communications, but only if you have given permission for Kephala to use it for that purpose. You can opt out of receiving promotional and marketing materials from us at any time, including by contacting email@example.com
Kephala may also use personal information you provide to personalise your experience while you are on our websites and to generate website usage statistics.
Kephala may use your information, including personal information, your website viewing activity, content viewed, your location and marketing preferences to display personalised content for you.
Kephala will use your information, including Personal Information and any other information you submit directly or through passive means to facilitate you connecting to others or sharing content. For example, we may provide you with the opportunity to email a link to specific website content to another person.
Kephala will use personal information provided to respond to any queries that you have submitted to us via our website, email or other communications channels we provide for you to contact us
Personal data provided through may be required to perform services available through our website or our Kephala Share platform
Personal data used in aggregate is used to improve and develop our website and Kephala Share platform to improve services features and the user experience.
Personal data may be used for fraud prevention, investigation and detection and for establishing, exercising or defending legal claims
Kephala will not sell or otherwise disclose personal information you provide to us to third parties unless such disclosure is necessary for the purposes set forth in this Policy or where we are legally obliged to do so.
7.0 Legal Basis for collecting personal information
Kephala’s legitimate interests in conducting our business, being the provision of a secure platform for the transfer, tracking and storage of complex clinical data.
Compliance with a legal or regulatory obligation that applies to us
Promoting the security of our sites and services by verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies to the extent necessary for our legitimate interest in promoting the safety and security of the services and sites, and in protecting our rights and the rights of others.
8.0 Your choices in relation to personal data you provide
You are under no obligation to provide, and can decline to provide, any requested information at any time. However, if you decline to provide personal information that is reasonably necessary to participate in certain activities, you may not be able to participate in those activities on certain sites and/or services.
When we collect personal information from you directly (eg: through forms), you can advise what you want it to be used for and not used for. For example, whether or not you want to receive follow-up marketing communications on our products or services.
Where we collect website usage information from you indirectly (eg: through cookies), you can influence whether and what is shared. For example, you can turn off cookies in your web browser.
You may request a copy of any personal information we hold about you by using the contact details at the end of this policy document. You can also request that data be amended or removed.
Kephala is committed to complying with relevant applicable data protection legislation. This includes, but is not limited to, the Irish Data Protection Act of 2018, EU data privacy regulations (General Data Protection Regulation (EU) 2016/679), the California Consumer Privacy Act (CCPA).
Kephala is registered as a data processor with the Data Protection Commissioner in Ireland.
We communicate our privacy and data protection guidelines to Kephala employees and strictly enforce privacy safeguards within the company. This includes training and awareness on data protection topics and confidentiality agreements with employees.
10.0 Protection of children and minors
Kephala sites and services are not directed to individuals under the age of thirteen (13), or to minors as otherwise defined in local law or regulation, and do not knowingly collect personal information from these individuals.
We request that these individuals do not provide personal information through the sites and services. However, if you believe that we may have collected personal information from someone under the age of thirteen (13) or to minors as otherwise defined in applicable law or regulation, please let us know using the methods described in the Contact Us section and we will take appropriate measures to investigate and, if appropriate, delete that information.
11.0 Your rights
You have the following legal rights, in certain circumstances and subject to certain restrictions, in relation to your personal data:
Right to access the data– You have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data
Right to rectification – You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete
Right to erasure– You have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the “right to be forgotten”
Right to restriction of processing or to object to processing – You have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes
Right to data portability – You have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format
Right to Object – You have the right to object to the processing or use of your personal data at any time.
11.1 California Privacy Rights
11.2 If you have a complaint
You also have the right to lodge a complaint with the Irish Data Protection Commission if you are not happy with the way we have used your information or addressed your rights. Details of how to lodge a complaint are available on the contact us page of the website of the Irish Data commissioner https://www.dataprotection.ie/en/contact/how-contact-us
Or you can call the Irish Data Protection Commissioner at + 353 (0)761 104 800.
12.0 Browsing our website
As an anonymous visitor to our website, we collect no personally identifiable information about you, apart from information which you volunteer (please see more on this in the next section below on submitting website forms).
We may use temporary third party Google Analytics cookies to collect an anonymous record of your site page views and to recognize return visits (also anonymously) using a unique cookie that Google Analytics stores in your browser.
We use the collected page-view information to understand how visitors use the website and to help us improve access to its information and functionality.
13.0 Submitting website forms
We have a number of (entirely optional) data collection forms on the company website to facilitate users to “Request a Demo” or to “Contact Us”. If you submit your details on any website form we will save your personal details in our Customer Relationship Management (CRM) database.
We may also record this activity with a temporary third party Google Analytics cookie to provide a best estimate of where you came from before you visited the Kephala website e.g. a Google advertisement, Ad-campaign, a search listing, or an external link to our site.
14.0 Using our Kephala Share platform
The Kephala Share platform is not part of our company website. Kephala serves as a data processor for the customers who use the platform and does not control or own the information submitted to this platform. The information that is submitted to this platform is instead subject to our customers’ own privacy policies.
As a customer using this platform you are entirely responsible for ensuring that you have all appropriate permissions from your own data subjects in order to collect and process their personal data. Accordingly, Kephala has absolutely no liability or responsibility whatsoever arising from our processing of that data on your behalf.
When you use the Kephala Share platform, we record a log of all significant actions taken by you while logged in, together with related information such as browser, Operating System type, and IP address. We use this information to plan system capacity, and to plan for system and product enhancements. The information will also be used to allow Kephala to investigate functionality and security incidents.
Kephala, as the data processor, maintains only the personal information which its customers have asked Kephala to process. As noted above, it is your responsibility as a user to ensure that the data you upload to Kephala Share is legally collected. You are responsible for providing your employees, users and other data subjects the appropriate level of notification that personal information is being collected and stored and for receiving the appropriate permissions from them as required under applicable legislation.
15.0 Transfer of personal data to other countries
As a global operation, Kephala may transfer, store, and process your personal information with our affiliates and service providers based throughout the world. This may result in your information being processed in a country where privacy legislation may be less stringent than the legislation in your country. Where possible we take steps to treat personal information using the same privacy principles that apply in the country in which we first received your information. Before we share your information with any third party, we will enter into a written agreement that the third party provides at least the same level of protection for the personal information as required under applicable data protection laws.
16.0 Retention of personal data
17.0 Security of personal data
Kephala is certified to the ISO27001 standard for information security. Kephala and our service providers employ industry-accepted levels of security on all data storage and transmission.
Where we make use of an external service provider, we will require the same commitment to the protection of your data as we ourselves implement.
Kephala use all reasonable efforts to protect your personal information from unauthorised access, use, or disclosure. However we cannot guarantee the security of your personal information. In the event of a security breach to your personal information we may notify you electronically, in writing, or by telephone, in accordance with applicable law.
Cookies are text files downloaded to your device when you visit websites. They collect small amounts of data such as your website preferences, geo-location and previous pages viewed on the website. This allows Kephala to recognize your device and personalise your website experience based on this information. You can find more information about cookies at http://www.allaboutcookies.org.
18.1 Cookie types
● Session cookies
● Persistent cookies
Session cookies are temporary cookies that are not stored on your computer or mobile device. They are used as part of the login, authentication and session management flows of the Kephala Share platform websites.
Session cookies are also used to understand, for example, if a user interacting with our company website is a new visitor or a visitor returning as part of the same browsing session. These session cookies are erased when you close your browser, or after extended inactivity.
Persistent cookies are those placed on your computer or mobile device for a predetermined length of time when you visit this site. They are used on our company website, including, for example, to understand what areas of our website are most popular, and how customers and users engage with content on the website.
18.2 Cookie management
Please note that disabling cookie support may prevent our website and Kephala Share platform from functioning properly and you may not be able to fully utilise all of its features and services.
19.0 Contact us