Skip to main content

Kyndryl Data Privacy Principles

When you choose Kyndryl, you gain the strength, experience, expertise, and reliability of a recognized global IT security and privacy leader.  

At Kyndryl trust is foundational to all we do, and we are committed to protecting the privacy and confidentiality of your personal information. We will only collect and process personal information which is relevant to and necessary for the purpose we describe, always in a secure, lawful, and transparent manner.   


As Chief Privacy and Regulatory Officer, I direct the company’s privacy and regulatory vision and compliance strategy and oversee our privacy and regulatory programs. My mission is to help Kyndryl maintain the trust of our customers through open, transparent and explainable privacy practices, while ushering new technologies into the world responsibly and with clear purpose. ” 

Dennis Tougas, Chief Privacy and Regulatory Officer


As a globally integrated enterprise, Kyndryl's business processes frequently extend beyond the borders of one country. Such globalization demands not only the availability of communication and information systems across the Kyndryl group of companies (Kyndryl), but also the world–wide processing and use of multiple types of information, including Personal Information. 

Kyndryl is committed to protecting the privacy and confidentiality of Personal Information about its Employees, Customers, Business Partners (including contacts within Customers and Business Partners) and other identifiable individuals. Uniform practices for collecting, using, disclosing, storing, accessing, transferring or otherwise processing such information assist Kyndryl to process Personal Information fairly and appropriately, disclosing it and/or transferring it only under appropriate circumstances. 

This Policy sets forth the general principles that underlie Kyndryl's specific practices for collecting, using, disclosing, storing, accessing, transferring or otherwise processing Personal Information, including the general principle of Privacy by Design and Default. These general principles apply to the processing of Personal Information world–wide by Kyndryl.  

In addition, Kyndryl recognizes the importance of protecting customers personal information against unlawful access by governments and their agencies in all jurisdictions where Kyndryl does business. 

In general, Kyndryl expects governments to deal directly with our enterprise customers when requesting access to data held by Kyndryl on their behalf. 

Kyndryl supports measures to increase the transparency, oversight and appropriate judicial review of government requests for data, including modernised international agreements on legal assistance. 


The general principles are: 

  • Fairness:

Kyndryl will collect and process Personal Information fairly, lawfully, and in a transparent manner. 

  • Purpose Limitation:

Kyndryl will only collect Personal Information that is relevant to and necessary for a particular purpose(s) and will only process Personal Information in a manner that is not incompatible with the purposes for which it is collected. 

  • Data Minimisation:

Kyndryl will only process Personal Information that is adequate, relevant and not excessive for the purpose for which it is processed. 

  • Accuracy:

Kyndryl will keep Personal Information as accurate, complete and up–to–date as is necessary for the purpose for which it is processed. 

  • Retention:

Kyndryl will keep Personal Information in a form that permits identification for no longer than necessary for the purpose for which such Personal Information was collected. 

  • Disclosure:

Kyndryl will only make Personal Information available inside or outside Kyndryl in appropriate circumstances. 

  • Security:

Kyndryl will implement appropriate technical and organizational measures to safeguard Personal Information and will instruct third parties processing Personal Information on behalf of Kyndryl, if any, to process it only in a manner that is consistent with processing it on Kyndryl's behalf, and to implement appropriate technical and organizational measures to safeguard the Personal Information. 

  • Individual Rights:

Kyndryl will provide individuals with appropriate rights such as right of access and correction relating to their Personal Information. 

  • Custodianship:

Kyndryl will have appropriate policies and practices for the safe handling of Personal Information that it processes on behalf of its customers. 

  • Accountability:

Kyndryl will have appropriate governance, including corporate instructions, guidelines, appropriately trained personnel and other measures to be able to demonstrate that the processing of Personal Information is performed in compliance with this Policy. 


Kyndryl Employees who come in contact with Personal Information must act consistently with the principles contained in this Policy.  

The application of these principles is more particularly described in the applicable Kyndryl Corporate Instructions (and any accompanying implementation guidelines) relating to processing Personal Information.

Learn more about Kyndryl Privacy.