Skip to main content

KACE Company Privacy Policy

Last Updated: August 28, 2025

Introduction

KACE Company (“we,” “us,” or “our”) is committed to protecting the privacy and security of personal information in accordance with applicable laws, regulations, and best practices. This Privacy Policy describes how we collect, use, disclose, and safeguard information as part of our services provided to government contractors, federal agencies, and other clients. The policy is designed to remain flexible as our client base evolves, ensuring continued compliance with relevant privacy laws and contractual obligations.

Scope

This policy applies to all personal information collected, processed, or maintained by KACE Company in the course of providing our services, whether to government contractors, federal agencies, or other organizations and clients. Website visitor data collection, use, and disclosure are governed both by this policy and the Website-Specific Privacy Policy (Section 13), which applies solely to KACEcompany.com users.

  1. Information We Collect

KACE does not collect job applicant or recruitment data through KACEcompany.com; such matters are processed independently and governed by third-party policies.

  • Identifiers: Name, contact details, government-issued identifiers, user credentials.
  • Professional Information: Employment details, roles, and responsibilities related to client engagements.
  • System and Network Activity: Access logs, audit trails, and security monitoring data.
  • Other Information: Any information required by clients or contracts.

Sources of Information:

  • Directly from authorized users or client representatives.
  • Automatically through secure system operations, monitoring, and access controls.
  • As required or permitted by contracts and applicable law.
  1. Use of Information

We use personal information solely for:

  • Fulfilling our contractual obligations to clients.
  • Maintaining and securing information systems as required by applicable security frameworks.
  • Supporting authorized users and client operations.
  • Complying with applicable laws, regulations, and directives.

We do not use personal information for marketing, commercial purposes, or any non-contractual activity unless explicitly permitted by the data subject or required by law.

  1. Cookies and Tracking Technologies

Our systems may use cookies or similar technologies for purposes such as security, authentication, and session management, as required for authorized use. No tracking for advertising or analytics unrelated to contract performance or client requirements is conducted. For information specific to website cookies and third-party analytics, refer to Section 13.5.

  1. Sharing and Disclosure of Information

We do not sell personal information to third parties. Disclosure of information is limited to:

  • Clients: As required by contract and client instructions.
  • Authorized Service Providers/Subcontractors: Only as necessary for service delivery and subject to strict confidentiality, security, and compliance obligations.
  • Legal or Regulatory Requests: As required by law, regulation, or government order.
  • Security and Incident Response: In accordance with applicable incident reporting requirements.
  1. Your Privacy Rights

Privacy Act of 1974

When operating, maintaining, or developing a system of records on behalf of a federal agency, we comply with the Privacy Act of 1974 (5 U.S.C. § 552a). Individuals whose information is maintained in such systems have rights under the Act, including:

  • Right to Access: Request access to records maintained about you.
  • Right to Amendment: Request correction or amendment of your records.
  • Right to Disclosure Accounting: Request an accounting of disclosures of your information.

Requests should be submitted through the relevant federal agency, in accordance with agency procedures.

Other Applicable Rights

We comply with all privacy and security requirements set forth in our contracts, including those arising from the CCPA, CPRA, and other state or federal privacy laws, as applicable to the work performed or the client’s location. Website visitors should also refer to Section 13 for details specific to site data rights and contact methods.

  1. Data Retention

Personal information is retained only as long as necessary to fulfill contractual obligations, comply with retention schedules, or as otherwise required by law or regulation.

  1. Children’s Privacy

KACE Company recognizes the importance of protecting the privacy of children under the age of 16. In connection with certain federal government contracts, we may collect, process, or maintain personal information about children under 16 as specifically required by our client agencies and in accordance with applicable laws and regulations, including the Privacy Act of 1974 and any agency-specific requirements.

  • Purpose and Scope:
    Any collection, use, or disclosure of children’s personal information is strictly limited to what is necessary for the performance of our contractual obligations to the federal government and is conducted under the direction and oversight of the relevant agency.
  • Parental and Guardian Rights:
    Where required by law or contract, we provide mechanisms for parents or legal guardians to access, review, and request correction or deletion of their child’s personal information. Requests should be submitted through the relevant federal agency, following its established procedures.
  • Safeguards:
    We implement appropriate administrative, technical, and physical safeguards to protect the personal information of children, consistent with applicable federal requirements, including NIST SP 800-53, NIST SP 800-171, and agency-specific security standards.
  • No Commercial Use:
    We do not use children’s personal information for any commercial purposes or for marketing.
  • Questions or Concerns:
    For more information about our practices regarding children’s privacy or to exercise your rights, please contact us or the relevant federal agency as specified in the “Contact Us” section of this policy.
  1. Security Measures

We implement and maintain strong security controls in accordance with:

  • FedRAMP Security Requirements (when applicable)
  • NIST SP 800-53 and NIST SP 800-171 Controls
  • CMMC Practices
  • FAR and Agency-Specific Security Clauses (when applicable)
  • Other industry standards as required by client or contract

Security measures include, but are not limited to:

  • Encryption of sensitive data (in transit and at rest)
  • Access controls and multi-factor authentication
  • Continuous monitoring and regular security assessments
  • Incident response and breach notification procedures
  1. Accessibility

We are committed to making this Privacy Policy accessible to all authorized users, including those with disabilities. Please contact us if you require this policy in an alternative format.

  1. Policy Updates

This Privacy Policy is reviewed and updated at least annually, or as required by changes in law, regulation, or contract. The “Last Updated” date reflects the most recent revision. Material changes will be communicated to our clients as appropriate.

  1. Contact Us

For questions or concerns regarding this Privacy Policy or our privacy practices, contact:

  1. References to Key Laws, Regulations, and Standards

This policy is designed to comply with:

  • Privacy Act of 1974 (5 U.S.C. § 552a), when applicable
  • Federal Acquisition Regulation (FAR), when applicable
  • FedRAMP Security Requirements, when applicable
  • NIST SP 800-53 and NIST SP 800-171
  • Cybersecurity Maturity Model Certification (CMMC)
  • California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and other applicable state privacy laws
  • Other applicable federal, state, and international laws, regulations, and contract requirements

It also aligns with our internal Information Security and Privacy Policies.

  1. Website Privacy Addendum

13.0 Terms of Use Acceptance

By using the KACEcompany.com website, you agree to be bound by all posted terms of use, this Privacy Policy, and any applicable supplemental notices. If you do not agree, you must not use the Website.

13.1  Scope and Applicability

This section applies solely to the KACE Company public website (KACEcompany.com) and is intended to supplement and clarify the broader KACE Company Privacy Policy for site visitors and users.

13.2  Information Collection (Web-Only)

The website collects personal data only through forms or voluntary communications. Automated data such as IP address, browser, device details, pages visited, referral sources, and geolocation may be collected for technical and analytic purposes.

13.3  Purpose of Website Data Use

Site visitor information is used to respond to inquiries, analyze website performance, personalize content, support website security, and comply with legal obligations.

13.4  Employment and Third-Party Platforms

KACE Company does not collect job applications or recruitment-related information directly through KACEcompany.com. Employment-related data may be processed only via independent third-party platforms. Any links provided are for convenience only; please review the respective privacy policies of those platforms before submitting personal data. KACE disclaims responsibility or control over data practices of third-party sites.

13.5  Cookies and Log Files

Cookies and log files are used to enhance your experience and help us personalize content, understand website usage, and improve performance. You may manage or disable cookies through your browser settings; disabling cookies may affect some website functionality. The Website uses Google Analytics and may collect non-identifiable technical data (browser, OS, referring URLs, geolocation, time spent). Personally identifiable information is not shared with analytics providers, and IP addresses are partially masked for privacy. For further details, refer to Google Analytics’ privacy policy.

13.6  Regional and International Privacy Rights (Website Visitors)

Website users residing in California (CCPA), Canada (PIPEDA), Europe (GDPR), Brazil

(LGPD), or other jurisdictions have specific data rights. Requests for access, correction, or deletion may be made per the instructions in Section 5 (Your Privacy Rights) of this policy.

13.7  Disclosure for Website Data

KACE does not sell, rent, or trade website visitor data. Website data may be shared only with trusted service providers, for legal compliance, or in connection with corporate transactions, consistent with the KACE Privacy Policy.

13.8  Website Warranty, Limitation of Liability, and Indemnification

The website and all content are provided “as is” and “as available,” without warranties of any kind. KACE disclaims all express or implied warranties, including merchantability, fitness for a particular purpose, and non-infringement. KACE shall not be liable for any direct, indirect, incidental, consequential, punitive, or special damages arising from your use of the Website. You agree to indemnify, defend, and hold harmless KACE, its affiliates, employees, and authorized representatives, from any claims or liabilities arising out of your use of the Website or any violation of these terms, including infringement of third-party rights.

13.9  Website Security Standards

KACE applies reasonable technical, administrative, and physical safeguards for web data, but does not guarantee absolute security. See Section 8 (Security Measures) for detailed company security protocols.

13.10  Website Terms Modification and Governing Law

  • Website terms and privacy section may be modified at any time and continued use indicates acceptance. The website is governed by the laws of the Commonwealth of Virginia, with exclusive jurisdiction in Virginia courts for disputes
  • This policy is designed to comply with:
  • Privacy Act of 1974 (5 U.S.C. § 552a), when applicable
  • Federal Acquisition Regulation (FAR), when applicable
  • FedRAMP Security Requirements, when applicable
  • NIST SP 800-53 and NIST SP 800-171
  • Cybersecurity Maturity Model Certification (CMMC)

13.11 User Submissions

Any communications or content submitted through the Website (such as forms, contact messages, or feedback) are considered non-confidential and non-proprietary. Submission does not obligate KACE to respond or take any specific action, nor does it create any business relationship or guarantee compensation.

 

By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy.