Services Privacy Policy

This Privacy Policy (“Privacy Policy” or “Policy”) explains how HI, LLC, d/b/a Kernel (“Kernel,” “we,” “us”) collects, uses, and discloses your information.  This Policy applies to the information that we collect and process about users of our platform or cloud (“Kernel Cloud”) and the research or user portal websites (each a “Site” and together the “Sites”) that link to this Policy (collectively, the “Services”). By using the Services, you represent that you have read, understood, and agreed to this Privacy Policy, so please review this Privacy Policy carefully before using the Services. You understand that your information will be treated as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Services. 

Please note that this Privacy Policy does not apply to information about you collected through the Kernel corporate website at kernel.com. The kernel.com Privacy Policy governs the collection, use, and disclosure of that information.

1. PERSONAL DATA WE COLLECT

We collect information that, alone or in combination with other information, could be used to identify you or could be associated with a particular device (“Personal Data”). We obtain Personal Data from and about you as you use the Services, including when you create an account, or use or access the Kernel Cloud or the Sites, communicate with us (including through our Sites and by mail or by email).  We need certain Personal Data to provide you the Services. If you choose not to provide us with certain Personal Data, or ask us to delete it, you may no longer be able to access or use the Services.

Personal Data You or Your Organization Provide Directly

When you use the Services or otherwise communicate or interact with us in any form or medium, we collect Personal Data you provide, which generally includes the following:

• Contact and registration information: such as your name, email address and the name of the organization providing the account that you are using.
• Transactional information: billing, payment, and shipping information (e.g., shipping address), if applicable.
• Inquiries and feedback: comments and questions you submit through customer service interactions with us. 

Personal Data We Automatically Collect 

When you use the Services, we and our vendors automatically receive certain information about your device and use of the Services, including IP addresses, browser type, language, operating system, mobile device and application identifiers, the referring web page, pages visited, location (depending on the permissions you have granted us), cookie information (e.g., cookie IDs), and activity such as when you view content or create or log into your account. We and our vendors use cookies and similar tools to assist in collecting this information. You can learn more about our use of cookies and similar tools in the “Cookies and Similar Technologies” section below.  

2. HOW WE USE PERSONAL DATA

We may use Personal Data to:

• Provide the Services;
• Verify your authorization to use the Services, if applicable;
• Analyze, maintain, and improve the Services;
• Develop new Services;
• Secure the Services;
• Comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties;
• Provide you updates and information about your use of the Services, including password reset or application updates;  
• Prevent fraud and criminal activity, or misuses of our Services, and to ensure the security of our IT systems, architecture, and networks; and
• With your permission (in accordance with legal requirements), contact you regarding our products, services, surveys, promotions, special events, and other subjects that we think may be of interest to you. 

Aggregated and De-identified Information 

The above uses relate to identifiable data. We may also de-identify (i.e. anonymize) and/or aggregate Personal Data such that it can no longer be associated with you, therefore no longer qualifying as Personal Data. We may use and disclose the aggregated information for our legitimate business purposes without any restrictions.

3. DISCLOSURE OF PERSONAL DATA

In certain circumstances, we may disclose your Personal Data to the following categories of third parties, without further notice to you, unless required or permitted by law, as set forth below:

• Vendors and Service Providers: We may disclose Personal Data to service providers, who provide services or functions on our behalf, such as providers of data hosting, email communication services, and web analytics services. These parties will access, process, or store Personal Data in the course of performing their duties to us. We take reasonable steps to ensure our service providers adhere to the security standards we apply to your Personal Data. 
• Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, dissolution, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your Personal Data and other information may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
• Legal Requirements: If required or permitted to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements (which may include lawful access by U.S., Canadian or foreign courts, law enforcement or other government authorities), (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Site, or the public, or (v) protect against legal liability.
• Affiliates: We may disclose Personal Data to Kernel affiliates, meaning an entity that controls, is controlled by, or is under common control with Kernel. Our affiliates may use the data we disclose in a manner consistent with this Privacy Policy.
• Your Consent: If you have consented to our disclosure of your information for other purposes not listed above, we will also disclose your information consistent with your consent.
• With Your Organization: If you receive access to the Services as a researcher or employee of an organization that has an agreement with Kernel, we may disclose your information to your organization. 

4. DATA RETENTION

We keep Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law (e.g. for tax, legal, accounting, or other purposes), whichever is longer.

5. CHILDREN

The Services are not meant for individuals under the age of 16 or, as applicable, under the age of majority for consent in their jurisdiction (“child” or “children”). Kernel does not knowingly collect Personal Data from children, and Kernel reserves the right to delete the account of a child according to the Kernel Terms of Service. If you have reason to believe that a child has provided Personal Data to Kernel through the Services please contact us and we will endeavor to delete that Personal Data.

6. SECURITY

We implement technical, administrative, physical, and organizational measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, transmitting information over the Internet is not 100% secure, so these measures do not guarantee the absolute security of your Personal Data. You provide us with Personal Data at your own risk. 

7. YOUR RIGHTS AND CHOICES

It is your choice whether to provide us with your Personal Data. However, if you choose not to provide Personal Data that is needed to use some features of our Services, you may be unable to use those features. 

You can make certain changes to your Personal Data through your account, such as adding or updating certain account information. 

In addition, the laws of your jurisdiction of residence may provide you with certain rights regarding your Personal Data, such as the right to access or correct certain Personal Data, the right to request certain information about our handling of your Personal Data, the right to request deletion of your Personal Data, or the right to decline or object to certain collection, uses, and disclosures of your Personal Data. 

To make such a request, please contact us at privacy@kernel.com. These rights are subject to certain exceptions and limitations, and certain Personal Data may be exempt from these requests under applicable law. For example, we need certain Personal Data to provide the Services to you or comply with applicable law.   We may take reasonable steps to verify your identity before responding to a request. Depending on the sensitivity of the Personal Data you are requesting and the type of request you are making, this may include verifying your name and email address. If we cannot verify your identity, we may be unable to respond to your requests. 

If you have access to the Services via an organization or employer, please contact your organization to request to exercise other choices regarding your Personal Data, including requests to delete your Personal Data.  If you are a Kernel customer or research organization and we process your business contact information (for example, in connection to entering into a contract with you), please contact your Kernel contact with any questions or requests regarding your Personal Data. In any other case, for more information and to request to exercise your rights, you may contact us as provided below under “Contact Us.”

Marketing Communications

If we send you marketing emails, you can opt-out by emailing us at privacy@kernel.com or by following the instructions at the bottom of the email messages. Even if you opt out of marketing emails, we may still contact you for non-marketing purposes. For example, you may still receive certain operational emails, such as those reflecting our relationship or transactions with you (e.g., emails informing you of updates to our Privacy Policy or Services). 

8. Supplementary Information for Residents of the EEA, UK, and Switzerland

If you live in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, please review these additional provisions. This section of the Privacy Policy only applies to residents of the EEA, UK, and Switzerland.

HI, LLC, d/b/a Kernel is your data controller.  In addition, any entity to which you direct us to disclose or provide access to your Personal Data may also be a controller of your Personal Data. For our contact information, please see the “Contact Us” section below.

Our Legal Bases for Processing Your Personal Data  

We rely on the following legal bases to use your Personal Data as set out in this Privacy Policy (as relevant given the type of Personal Data and the context and purpose for using it):

• When the processing is necessary to perform a contract with you, like our terms of service;
• Our legitimate business interests, including to operate our business and our Services; identify and fix any issues with our Services; secure the Services; learn more about how our customers use the Services; perform internal analytics; improve the Services; conduct marketing; provide you with certain information about new products, special offers or other information that we think you may find interesting using the email address which you have provided in accordance with applicable law; make and receive payments, if applicable; comply with legal requirements and defend our legal rights; prevent fraud; engage in a business change (e.g., sale, merger); and to know the customer to whom we are providing Services; 
• When you have given your consent, which you may withdraw at any time by contacting us or using your account settings and other tools; and 
• To comply with our legal obligations.

Privacy Rights

If you are a citizen of the EEA, UK, or Switzerland, you may request that we:

• provide access to and/or a copy of certain Personal Data we hold about you
• delete certain Personal Data that we are holding about you
• prevent the processing of your Personal Data for direct-marketing purposes (including any direct marketing processing based on profiling);
• update or rectify Personal Data that is out of date or incorrect;
• oppose, cancel, or restrict the way that we process and disclose certain of your Personal Data;
• transfer your Personal Data to a third-party provider of services; or
• revoke your consent for the processing of your Personal Data.

To make such a request, please contact us at privacy@kernel.com. 

If applicable, you may make a complaint to the data protection supervisory authority in the country where you reside. Alternatively, you may seek a remedy through local courts if you believe your rights have been breached.

These rights are subject to certain exceptions and limitations, and certain Personal Data may be exempt from these requests under applicable law. For example, we need certain Personal Data to provide the Services to you or comply with applicable law.  We may take reasonable steps to verify your identity before responding to a request. Depending on the sensitivity of the Personal Data you are requesting and the type of request you are making, this may include verifying your name and email address. If we cannot verify your identity, we may be unable to respond to your requests. 

9. INTERNATIONAL DATA TRANSFERS

We currently store or may transfer Personal Data to countries other than your country of residence, including the United States, and may subcontract the processing of your Personal Data to, or otherwise provide your Personal Data to trusted service providers in countries other than your country of residence, including the United States, in accordance with applicable law. The applicable data protection laws in these countries may differ from those in your country of residence. By using the Services, including accessing the Sites, you acknowledge and (to the extent legally allowable) consent to these transfers.

10. COOKIES AND SIMILAR TECHNOLOGIES 

To collect the information in the “Personal Data We Automatically Collect ” section above, we and our service providers use web server logs, cookies, tags,  and other similar tracking technologies (“Cookies”) on the Services.  

• A web server log is a file where website activity is stored.
• A cookie is a small text file that is placed on your computer or mobile device when you visit a website, and it enables us to: (i) recognize your computer; (ii) store your preferences and settings; (iii) understand the parts of the Site you have visited; (iv) enhance your user experience by delivering and measuring the effectiveness of content tailored to your interests; (v) perform searches and analytics; and (vi) assist with security and administrative functions.

Cookies are typically classified as either “session cookies,” which do not stay on your device after you close your browser or “persistent cookies,” which will usually remain on your device until you delete them or they expire. Sometimes cookies are placed by us (“First-Party Cookies”) and sometimes they are placed by others (“Third-Party Cookies”). Different cookies are used to perform different functions on our Services: 

• Essential Cookies: Some cookies are essential to the Site and enable you to use the features of the Sites and access secure areas of them. Without these cookies, we cannot enable appropriate content based on the type of device you are using (for example, essential cookies store user log-in information so that you don’t have to re-enter it for each page you visit on our website).
• Functional Cookies: These cookies allow us to remember choices you make on our Site (such as your preferred language or the region you are in).
• Personalization Cookies: We also use cookies to change the way our Sites behave or look in order to personalize your experience from information we infer from your behavior on the Site. 
• Analytics Cookies: We use our own cookies and/or third-party cookies to see how you use our Site and improve it. 

There are a number of ways you can manage what cookies are set on your computer or mobile devices. If you do not allow certain cookies to be installed, certain aspects of Services may not be accessible to you and/or the performance or features of the Services may be compromised.  

Analytics 

We may use third-party web analytics services on our Sites to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; and provide certain features to you. 

Notice Concerning Do Not Track.

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Because there are not agreed-upon standards for DNT, we do not currently recognize or respond to browser-initiated DNT signals. You can learn more about Do Not Track.

11. CHANGES TO THIS PRIVACY POLICY

We reserve to modify this Privacy Policy at any time. We will notify you of material changes to this Privacy Policy in accordance with applicable law. By continuing to use our Services, you are confirming that you have read and understood the revised Privacy Policy and practices described in it.

12. CONTACT US

If you have any questions about our Privacy Policy, information practices, or about the manner in which our service providers treat your Personal Data, please feel free to contact Kernel at privacy@kernel.com.