Kolbe Corp's WAREwithal Data Privacy and compliance with EU GDPR questions that you might have:

Where is the data held? The data is held in Phoenix, Arizona USA in a UTI Tier III Design Certified – Phase One, SOC1 Type 2, SOC2 Type 2 co-location facility on Kolbe Corp owned and managed servers. Documentation of certifications can be requested by emailing legal@kolbe.com.

How is this data protected? The data is protected in many ways, both physically and digitally, based on physical location, roles, and permissions. The data is encrypted while at rest and securely stored.

Is it shared with anyone? Non-Public Personally Identifiable Information is not shared with anyone outside of Kolbe Corp. We do not know what TNSI does with the data that they access. On occasion, we will contract with various research firms or universities to analyze cleansed data (no PII) for understanding the conative concept. The WAREwithal account holder governs how the data in their specific account is shared based on their compliance and standards. Kolbe Corp does not have control of this.

What user data is collected? The admin and/or user manually inputs a limited amount of personally identifiable information into the WAREwithal system. The required personal data processed: first name; last name; email address. (Optional: middle initial; gender for pronouns).

What steps does an Index Taker have to ensure that their Kolbe Index result is not shared with the group if they are not present? Due to the fact that the account holder/consultant is the person primarily governing this situation, Kolbe Corp has no direct controls to determine when to share the result. This action is controlled by the account holder/consultant.

Are there any HR compliance standards we (clients) should adhere to? HR compliance varies for each company and industry. For this reason, WAREwithal and Kolbe Corp leave those standards to you as the account holder in order to meet your businesses requirements. WAREwithal is able to meet a variety of HR standards when subscribed to and configured accordingly.

How can an Index Taker request that their information be deleted from WAREwithal? Best practice is to have the Index Taker go through the proper channels in their workplace to ensure that the account holder/consultant knows of the request and understands the implications. Kolbe Corp can purge the Index Taker's information if requested directly to do so via kolbecare@kolbe.com. However, the account holder/consultant will also need to be informed of this request. Keep in mind, according to the Kolbe Concept, the Kolbe A Index should only need to be taken once if the result is valid. If the Index Taker result is removed, they might have to take the Kolbe Index again in the future which might affect their actual result and incur additional fees. This also means that the Index Taker will be removed from ALL analysis compiled with those records, like team and/or role analysis. If costs are incurred, those costs will most likely be passed onto the account holder. We respect the Index Taker's right to privacy, but it is important to understand the ramifications of this request.

Is Kolbe Corp GDPR Compliant? According to GDPR, Kolbe Corp is classified as a "Data Processor" and we adhere within reason to GDPR as it relates to the role and responsibilities of a Data Processor. We do offer GDPR/Data Processing Addendum Terms for contracts that qualify for such terms. It is our practice to not include such an addendum due to our target audience and users being of the North American Continent where the laws and regulations are specific to the location of our services. Contact legal@kolbe.com for more information.