Skip to main content

Kyndryl Privacy Statement

This Privacy Statement is effective as of 04 November 2021

Introduction

At Kyndryl we value your privacy and are committed to protecting and processing your personal information responsibly.

This privacy statement describes how Kyndryl collects, uses and shares your information. It applies to Kyndryl Corporation and Kyndryl subsidiaries except where a subsidiary presents its own statement without reference to Kyndryl’s.  

We may provide additional data privacy information by using a supplementary privacy notice. 

Personal Information We Collect and Use

This section describes the various types of information that we collect and how we use it.

Sharing Personal Information  

We may share your personal information internally and externally with suppliers, advisors, or Business Partners for Kyndryl’s legitimate business purposes, and only on a need-to-know basis. 

This section describes:

When sharing personal information, we implement appropriate checks and controls to confirm that the information can be shared. 

 

If we decide to sell, buy, merge, or otherwise reorganize businesses in some countries, such a transaction may involve disclosing some personal information to prospective or actual business purchasers, or the collection of personal information from those selling such businesses.  

 

Internally, personal information is shared for our legitimate business purposes, such as managing our relationship with you and other external parties, compliance programs, or systems and networks security. We do this to improve efficiency, for cost savings, and internal collaboration between our subsidiaries. Our internal access to personal information is restricted and granted only on a need-to-know basis. Sharing of this information is subject to the appropriate intracompany arrangements, our policies, and security standards. 

 

Externally,

  • our business with suppliers may include the collection, use, analysis, or other types of processing of personal information on our behalf
  • our business model includes cooperation with independent Business Partners for marketing, selling, and the provision of Kyndryl products and services. Where appropriate, we share business contact information with selected Business Partners
  • we may share personal information with professional advisors, including lawyers, auditors, and insurance companies to receive their services
  • we may share contractual relationship information with others, for instance, our Business Partners, financial institutions, shipping companies, postal, or government authorities, such as the customs authorities that are involved in fulfillment.  

 

In certain circumstances, personal information may be subject to disclosure to government agencies in accordance with judicial proceedings, court orders, or legal processes. We may also share personal information to protect the rights of Kyndryl or others when Kyndryl believes that such rights may be affected, for example to prevent fraud.

 

 

Your information may be transferred to or accessed by Kyndryl subsidiaries and third parties around the world. Kyndryl complies with laws on the transfer of personal information between countries to keep your personal information protected, wherever it may be.

We have implemented various safeguards including:

  • Contractual Clauses, such as those approved by the EU Commission and accepted in several other countries. You can request a copy of the EU Standard Contractual Clauses (EU SCCs) by clicking Contact Us

  • The APEC Cross Border Privacy Rules (CBPR) system that provides protection of personal information that is transferred among participating APEC economies as it pertains to online information collected through Kyndryl.com. 

Controller and Representative Information

Kyndryl does business through its subsidiaries worldwide. The privacy laws in some countries consider a Controller to be the legal entity (or natural person) who defines the purposes for which the processing of personal information takes place and how that information is processed. Parties that are involved in processing operations on behalf of a Controller may be designated as Processors. Designations and associated obligations differ, depending on the jurisdiction.

Where this is relevant for the privacy laws in your country, the Controller of your personal information is Kyndryl’s main subsidiary in your country or region, unless Kyndryl or another Kyndryl subsidiary identifies itself as the Controller for a specific interaction with you.

The contact details of our main subsidiary of a country or region can be found by selecting your country or region and selecting Contact on the footer of Kyndryl.com websites. Kyndryl can be contacted at: Kyndryl Inc., One Vanderbilt Avenue, 15th Floor, New York, United States.

Where Kyndryl or a subsidiary it controls is required to appoint a legal representative, the following representatives have been appointed.

European Economic Area (EEA) 

Kyndryl 1 B.V., 
Johan Huizingalaan 765, 1066 VH 
Amsterdam, The Netherlands  

United Kingdom (UK)

Kyndryl UK Limited, 

100 Liverpool Street, EC2M 2RH 
London, United Kingdom

Information Security and Retention

To protect your personal information from unauthorized access, use, and disclosure, we implement reasonable physical, administrative, and technical safeguard. These safeguards include role-based access controls and encryption to keep personal information private while in transit. When needed, we also require our Business Partners, suppliers, and third parties to implement suitable safeguards, such as contract terms and access restrictions, to protect information from unauthorized access, use, and disclosure.

We only retain personal information as long as necessary to fulfill the purposes for which it is processed, or to comply with legal and regulatory retention requirements. Legal and regulatory retention requirements may include retaining information for:

  • audit and accounting purposes,
  • statutory retention terms, 
  • the handling of disputes, 
  • and the establishment, exercise, or defense of legal claims in the countries where we do business.

We retain any contractual relationship information for administrative purposes, legal and regulatory retention requirements, defending Kyndryl rights, and to manage Kyndryl's relationship with you. The information that is provided in a supplementary privacy notice may provide more detailed information on applicable retention terms.

When personal information is no longer needed, we have processes in place to securely delete it, for example by erasing electronic files and shredding physical records. 

Your Rights  

You have certain rights when it comes to the handling of your personal information. The Contact Us form can be used to:

  • request access to the personal information that we have on you, or have it updated. Depending on the applicable law, you may have additional rights concerning your personal information.

  • ask questions related to this Privacy Statement and privacy practices. Your message is forwarded to the appropriate member of Kyndryl's Data Privacy Team, including the responsible Data Protection Officers.

  • submit a complaint to Kyndryl if you are not satisfied with how Kyndryl is processing your personal information.

Information about additional rights and when they apply can be found at Your Additional Rights. Your rights may be subject to limitations and exceptions resulting from applicable laws. For example, there may be situations where we cannot share certain information that you seek if disclosing this means disclosing information about others.  

You may also have the right to complain to the competent supervisory authority. Contact details of Data Protection Authorities in the European Economic Area can be found here, and in the UK here. If complaints are not resolved to your satisfaction, you can also use the TRUSTe Feedback and Resolution System here, our independent US-based third-party dispute resolution provider. This service is provided free of charge.

For marketing communications, you can also submit an opt-out request, or select Unsubscribe at the end of each marketing email.

Privacy Statement Updates

 

If a material change is made to this Privacy Statement, the effective date is revised. By continuing to use our websites and services after a revision takes effect, it is considered that users have read and understand the changes.

 

 

Learn more about Kyndryl Privacy.