- 02 Sep 2022
- Updated on 02 Sep 2022
Last Updated June 25, 2021
1. PERSONAL DATA WE COLLECT
We collect information that, alone or in combination with other information, could be used to identify you or could be associated with a particular device (“Personal Data”).
We obtain Personal Data from and about you as you use the Services, including when you create an account, use or access an App, the Kernel Cloud or Site, communicate with us (including through our Sites and Apps, by mail or by email), or participate in surveys (“Service Data”). We also collect information from you when you use the Kernel Product (“Kernel Product Data”). We need certain information to provide you the Services. If you choose not to provide us with certain information, or ask us to delete it, you may no longer be able to access or use the Services.
Personal Data You or Your Organization Provide Directly
When you use the App, Kernel Cloud, or Site or otherwise communicate with us, we collect the information you provide. This information generally includes the following:
- Contact and registration information: such as your name, email address, and for employees of organizations subject to a Subscription Agreement, your organization name.
- Transactional information: billing and payment information, if applicable.
- Survey information: information you provide if you participate in a survey that is collected using our Services.
- Inquiries and feedback: comments and questions you submit through customer service interactions with us.
- Additional optional information you may choose to provide when you use the Services, including in connection with your profile or a study, such as:
- A profile picture.
- Demographic information: such as your age, gender/gender identity, race, ethnicity, sexual orientation, education or income level.
- Interest, Health, Behavioral or Other Survey Information: including information related to your feelings and mood, health and fitness, and interests.
- Other information requested in connection with a study in which you participate, which will be disclosed at the time of the study and may be required to participate in the study.
Personal Data We Automatically Collect
Kernel Product Data
When you wear a Kernel Product, we collect data about your brain. That data is uploaded to the Kernel Cloud and may include, without limitation, information relating to brain activity and information about the position, orientation, and movement of the Kernel Product while it is in operation. We may also collect information relating to the activities you are engaged in (for example, whether you are listening to music, watching TV, or meditating) and your response to stimuli (for example, the way your brain reacts to a change in ambient light or noise). We may collect information from Product sensors such as your heartrate and eye movement. Sharing of this data is more limited; you generally control such sharing by directly instructing us to share information, through your settings and permissions (including, for example, informed consents with third-parties) or when you intentionally interact with a third-party through our Services.
Where the Kernel Product is used for third party research purposes, the data collected through the Product may include additional information depending on the researcher’s study and the tools used by the researcher available through the Product (such as our survey and analysis tools).
2. HOW WE USE PERSONAL DATA
We may use Service and Kernel Product Data to:
- Provide the Services;
- Verify your authorization to use the Services, if applicable;
- Conduct research in which you agree to participate;
- Analyze, maintain, and improve the Kernel Product and/or Services;
- Develop new Kernel Products or Services;
- Secure the Services;
- Comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
We may also use Service Data to:
- Provide you updates and information about your use of the Services, including password reset or application updates;
- Collect and analyze information about use of the Services with third-party analytics services;
- Prevent fraud and criminal activity, or misuses of our Services, and to ensure the security of our IT systems, architecture, and networks;
- With your permission (in accordance with legal requirements), contact you regarding research opportunities, our products, services, surveys, promotions, special events, and other subjects that we think may be of interest to you.
Aggregated and De-identified Information. The above uses relate to identifiable data. We may also de-identify (i.e. anonymize) and/or aggregate Personal Data, including Kernel Product Data, such that it can no longer be associated with you, therefore no longer qualifying as Personal Data. We may use and share the aggregated information for our legitimate business purposes without any restrictions.
3. SHARING AND DISCLOSURE OF PERSONAL DATA
In certain circumstances, we may share your Personal Data with the following categories of third parties, without further notice to you, unless required or permitted by the law, as set forth below:
- Vendors and Service Providers: We may share Service Data with service providers, who provide services or functions on our behalf, such as providers of data hosting, email communication services, and web analytics services. We may provide Kernel Product Data to limited service providers such as hosting services. These parties will access, process, or store Personal Data in the course of performing their duties to us. We take reasonable steps to ensure our service providers adhere to the security standards we apply to your Personal Data. Our service providers may be located in the U.S. or other foreign jurisdictions.
- Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, dissolution, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your Personal Data and other information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
- Legal Requirements: If required or permitted to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements (which may include lawful access by U.S., Canadian or foreign courts, law enforcement or other government authorities), (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Site, or the public, or (v) protect against legal liability.
- Researchers: We may share Personal Data including Kernel Product Data with the primary researchers with whom you signed up to participate in research pursuant to your agreement with such researcher. Depending on the research study, we may also provide researchers with insights derived from participant Personal Data. Researchers’ use of your Personal Data may be subject to the terms of such research and any notice you receive or consent you provide to them. If you have questions about the manner in which the researchers conducting the study in which you are a participant treat your Personal Data, please contact the researcher responsible for the relevant study.
- Third Parties: Where we have your permission, we may license your Personal Data and your Kernel Product Data or enable you to share such data with third party businesses and additional researchers who can use this data only for their own legitimate business purposes as described to you at the time we obtain your permission. Sharing of Kernel Product Data in this manner is controlled by you, but we may take instructions from you directly, or through your permissions and settings, and when you intentionally interact with a third-party through our Services.
- Your Consent: If you have consented to our sharing of your information for other purposes not listed above, we will also share your information consistent with your consent.
- With Your Organization: If you receive access to the Services as a researcher or employee of an organization that has an agreement, including a Subscription Agreement, with Kernel, we may share your information with your organization.
4. DATA RETENTION
The Services are not meant for users who are under the age of 16 or, as applicable, under the age of majority for consent in the user’s jurisdiction. Kernel does not knowingly collect Personal Data from such users, and Kernel reserves the right to delete the account of a user who is under the age of majority for consent in their jurisdiction according to the Kernel Terms of Service. If you have reason to believe that a child under the age of 16 or otherwise under the age of majority for consent in the user’s jurisdiction has provided Personal Data to Kernel through the Services please contact us and we will endeavor to delete that information from our databases.
In recognition of the importance of the Personal Data you entrust us with, we implement technical, administrative, physical, and organizational measures to protect Personal Data both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. While these measures do not guarantee the security of your Personal Data, our team regularly reviews our security practices in an effort to preserve the confidentiality of your Personal Data.
7. YOUR RIGHTS AND CHOICES
In certain circumstances providing Personal Data is optional. However, if you choose not to provide Personal Data that is needed to use some features of our Services, you may be unable to use those features. You can sign into your account or contact us to ask us to update, correct or delete your Personal Data. You may also contact us at email@example.com to make a data request. If you provide a verified deletion request, we will undertake reasonable efforts to delete or deidentify your information within time required by applicable law. Certain information may be exempt from such requests under applicable law, such as data we are required to retain for legal compliance, or in certain research circumstances. For example, in some circumstances, Personal Data provided in connection with a research study may: require you to make any such request to the researcher, not be able to be deleted or deidentified at the time of your request (such as when the research is still ongoing), or be subject to a deletion exception. Please note, we may need certain information in order to provide the Services to you; if you ask us to delete it, you may no longer be able to use the Services.
If you have access to the Services via an organization or employer, please contact your organization for requests regarding your data, including requests to delete your information. If you are a Kernel customer or research organization and have a request related to information you have provided in connection with our Services, please reach out to your Kernel contact.
8. European Residents
If you live in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, please review these additional provisions.
HI, LLC, d/b/a Kernel is your data controller. In addition, any entity to which you direct us to share or provide access to your data, including Product Data, may also be a controller of your data. For our contact information, please see the Contact Us section.
Our Legal Bases for Processing Your Personal Data
For personal data subject to the GDPR, we rely on several legal bases to process the data, including:
- When the processing is necessary to perform a contract with you, like our terms of service;
- Our legitimate business interests, including to operate our business and our Services; identify and fix any issues with our Services; secure the Services; learn more about how our customers use the Services; perform internal analytics; improve the Services; conduct marketing; provide you with certain information about new products, special offers or other information that we think you may find interesting using the email address which you have provided in accordance with applicable law; make and receive payments, if applicable; comply with legal requirements and defend our legal rights; prevent fraud; engage in a business change (e.g., sale, merger); and to know the customer to whom we are providing Services;
- When you have given your consent, which you may withdraw at any time by contacting us or using your account settings and other tools; and
- To comply with our legal obligations.
If you are a citizen of the European Economic Area (“EEA”), the United Kingdom, or Switzerland, you may request that we:
- provide access to and/or a copy of certain information we hold about you
- delete certain information that we are holding about you
- prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling)
- update or rectify information that is out of date or incorrect
- oppose, cancel, or restrict the way that we process and disclose certain of your information
- transfer your information to a third-party provider of services
- revoke your consent for the processing of your information
To make such a request, please contact us at firstname.lastname@example.org.
If applicable, you may make a complaint to the data protection supervisory authority in the country where you are based. Alternatively, you may seek a remedy through local courts if you believe your rights have been breached.
We currently store or may transfer personal data to countries other than your country of residence, including the United States, and may subcontract the processing of your data to, or otherwise share your data with trusted service providers in countries other than your country of residence, including the United States, in accordance with applicable law. By providing us with your information, you acknowledge any such transfer, storage, or use.
9. COOKIES AND SIMILAR TECHNOLOGIES
To collect the information in the “Personal Data We Automatically Collect ” section above, we and our service providers use web server logs, cookies, tags, tracking pixels, and other similar tracking technologies (“Cookies”) on Kernel Cloud and our Apps or Sites.
- A web server log is a file where website activity is stored.
- A cookie is a small text file that is placed on your computer or mobile device when you visit a website, and it enables us to: (i) recognize your computer; (ii) store your preferences and settings; (iii) understand the parts of the App or Site you have visited; (iv) enhance your user experience by delivering and measuring the effectiveness of content tailored to your interests; (v) perform searches and analytics; and (vi) assist with security and administrative functions.
- Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites and/or email that are designed to: (i) collect usage information like clicks; (ii) measure popularity of the Services; and (iii) access user cookies.
Cookies are typically classified as either “session cookies,” which do not stay on your device after you close your browser or “persistent cookies,” which will usually remain on your device until you delete them or they expire. Sometimes cookies are placed by us (“First-Party Cookies”) and sometimes they are placed by others (“Third-Party Cookies”). Different cookies are used to perform different functions on our Services:
- Essential Cookies: Some cookies are essential to the Apps or Site and enable you to use the features of the Apps or Sites and access secure areas of them. Without these cookies, we cannot enable appropriate content based on the type of device you are using (for example, essential cookies store user log-in information so that you don’t have to re-enter it for each page you visit on our website).
- Functional Cookies: These cookies allow us to remember choices you make on our App or Site (such as your preferred language or the region you are in).
- Analytics Cookies: We use our own cookies and/or third-party cookies to see how you use our App or Site and improve them.
There are a number of ways you can manage what cookies are set on your computer or mobile devices. If you do not allow certain cookies to be installed, certain aspects of Services may not be accessible to you and/or the performance or features of the Services may be compromised. See “Online Analytics” below for more information.
10. ONLINE ANALYTICS
We may use third-party web analytics services on our Apps or Sites to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; and provide certain features to you.
Notice Concerning Do Not Track.
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our website for third-party purposes, which is why we describe a variety of opt-out mechanisms above. However, we do not currently recognize or respond to browser-initiated DNT signals. Learn more about Do Not Track.
12. CONTACT US