Privacy Policy

Your privacy is important to A Kennedy Group, Inc, and we take our responsibility of caring for it seriously. This Privacy Policy describes how we, (“A Kennedy Group”, “AKG”, “we”, “our” or “us”), processes the personal data we may collect about you (“you”, “client”, “job applicant”) during your interactions with us.

These activities may include various Interactions, such as visiting our website, attending an event, applying for a job, partnering with us, or contacting us. During these activities, we may collect personal data depending on the nature of the interaction.

We refer to the websites (e.g., akennedygroup.com, bmet.akennedygroup.net, bmet.app, and bmet.io) we operate as our "Sites". Additionally, we offer specific Services, such as capital outlay planning and funding, program management, financial tracking and reporting, federal and state grant compliance, state reporting, web‐based reporting, information management, application programming, and program website design (collectively, “Services”). When you engage in our Services, we may collect additional personal data that is necessary to provide these Services to you. In some cases, our subsidiaries may be considered data controllers, either together with AKG or by themselves.

Data we Collect

We may collect various types of personal data from you depending on the specific Interaction or Service you are engaged in, to ensure that we offer you the best possible experience.

Data we Collect Directly from You

We may collect data that you give us directly, such as when you visit our Site, engage in our Services, attend live events, contact us, apply for a job, or partner with us. We may collect data that you provide directly to us for the following Services:

Visit Our Site: When you visit our website, we may collect data directly from you when you contact us, or comment on our content.
Engage in our Services: When you engage in our Services, we collect client data about you and your business during the sign‐up process. Depending on the specific Service you use, we may also collect usage data to provide you with a more personalized and effective experience. This may include information such as your browsing history, search queries, and other interactions with our platform. We provide a Client Privacy Notice at all points of collection and within our BMET Client Portal (“Portal”) to ensure that you are aware of our practices before you sign up.
Attend Events or Webinars: When you attend events or webinars hosted by us, we may collect event data, such as your name, email, and any additional information required for event registration or ticket purchases.
Contact Us: When you contact us we may collect data surrounding the nature of the request, such as your name, email, and message details. If you provide additional data in your message or subsequent messages, such as your phone number or a mailing address, we may also collect that data as well.
Apply for a Job: When you submit a job application to us, we may collect data you provide, to include name, address, email address, phone number, employment history, educational background, professional certifications or licenses, references, resume or CV, cover letter, salary expectations or history, availability for work, citizenship status, and other information you provide during the hiring process. We may also collect more data about you once you become an employee. As part of our commitment, we have implemented appropriate measures and protections for employee personal information. These protections are detailed in our internal policies, which are provided to employees during the onboarding process.
Partner with Us: When you partner with us in a shared business, promotion, or charity we may collect personal data such as name, email address, phone number, job title or business role, company or organization name, business address, and information about the nature of our partnership or collaboration.
When you engage with us through public channels, any text, audio, visual, and/or other electronic communications data that you disclose may be read, copied, may collected, or used by other community members, and may become publicly available. Please make sure your privacy settings reflect your preferences.

Data Collected Automatically

Our website automatically collects certain data related to your device and browsing history using technologies such as cookies and web beacons. We collect certain types of data related to your device and browsing experience automatically when you visit our Site or engage in our Services. This is enabled by various technologies that allow us to collect data without requiring your direct input. When you visit our website or engage in our Services, we may utilize technology that automatically collects data associated with your device and browsing history for that Site. Here are some examples of the types of data we automatically may collect:

Device and usage data: We collect data about your device and usage, such as your IP address, device type, operating system, browser type, and usage data. We do not assume your location based solely on your IP address, as it only serves as an approximate reference.
Cookies and other tracking technologies: We may use cookies and other tracking technologies on our Site and Portal, such as web beacons and pixel tags, to keep you signed into your accounts and to help personalize your experience. For more information on cookies, please see the Cookies Section.
Log data: We may collect log data, such as your device data, Activity engagement data, Service usage data, and any events that occurred in relation to your use of our Services to help us improve our offerings and diagnose and fix any issues that may arise.

Data collected automatically is used to help us understand your preferences and usage patterns, to personalize your experience, and to improve our Site and Services. We do not sell or rent any of the data collected automatically to third parties.

Cookies

We use cookies on our website to enhance your browsing experience and analyze how users interact with our website.

By using our website, you consent to the use of cookies as described in this policy.

You can choose to disable or delete cookies through your browser settings, but please note that some features of our website may not function properly without cookies. Please refer to the Your Choices Section to learn more on how to manage your cookie preferences.

Types of Cookies

There are several types of cookies that may be used on our website:

Essential cookies: These cookies are necessary for the website to function properly and cannot be disabled. They are used to remember your preferences, login details, and other settings to provide you with a seamless browsing experience.
Performance cookies: These cookies are used to may collect data about how you use our website, such as which pages you visit most often. This data is used to improve the performance of our website and make it more user‐friendly.
Functional cookies: These cookies are used to remember your preferences and settings, such as your language preference or your choice of theme. They help enhance your experience by providing personalized and relevant content.

Use of Cookies

We use cookies on our website to improve your browsing experience and to personalize the content and ads that are displayed to you. We may also use cookies to analyze how you use our website and to track your browsing behavior.

We may use cookies when you:

Visit our Site;
Use our Services;
Engage in our Services; or
Interact with our content.

Our third‐party partners may also collect this data when you use other websites or applications that integrate with our services. We may collect this data in accordance with applicable laws and regulations, and it is used solely for the purposes described in our Privacy Policy.

Cookie Settings

You can control your cookie settings through your web browser. Most web browsers allow you to control the types of cookies that are set on your device, and to delete cookies that have already been set. However, disabling certain types of cookies may affect your browsing experience on our website.

Please refer to the Your Choices Section to learn more on how to manage your privacy choices.

Children

Although most of our Services are intended for adults, we recognize the importance of protecting the privacy of children who may access our Services online. We encourage parents and guardians to discuss with their children what data should be released on the Internet, especially personal data.

Our Sites, Services, and Software are not intended for children under the age of 13, and we do not knowingly collect data from children under 13. In some geographical areas, our Sites or Services may not be accessible to anyone under the age of 18, regardless of whether a parent or guardian has provided consent.

If you are under 13, we request that you do not submit personal data through any of our channels. If we later learn that we have inadvertently gathered personal data from a child under the age of 13, regardless of where that child resides, we will remove this data from our records as quickly as possible.

If you believe we have any data from or about a child under 13, please contact us, and we will promptly take the necessary steps to remove all such data.

Data we Process

Legal Bases for Processing

We process your personal data based on CCPA requirements, including type and context of data collection, and use four legal bases: consent, contractual necessity, legitimate interests, and legal obligations.

As a company operating in California and providing services to residents across the United States, we are committed to complying with the California Consumer Privacy Act (CCPA) and emerging state data protection laws. We process your personal data based on the requirements of CCPA, including the type of data we collect and the context in which we collect it. When you provide us with your personal data through our Services, we may ask for your country of residence, or we may determine your location based on your IP address or device registration country to ensure that we are complying with the CCPA.

Under the CCPA, we may process your personal data if it is necessary to fulfill a business purpose, to provide you with our Services, or to comply with a legal obligation. We may also process your personal data if you have provided us with your consent to do so, or if we have a legitimate interest in doing so, which does not outweigh your privacy rights. We will always ensure that we have a legal basis for processing your personal data under the CCPA.

For example, we typically rely on:

Consent: We ask for your consent when placing cookies on your device on the web (through our cookie consent manager), to send you email marketing, or to deliver third‐party targeted advertising to you on our Services.
Contractual Necessity: We rely on contractual necessity to process data when you participate in giveaways, make purchases through our online store, or otherwise use our Services to enable us to provide you with our Services.
Legitimate Interests: We rely on legitimate interest to respond to inquiries and provide information about our services through the website contact form, evaluate job applicants for employment through job applications, to prevent fraud, enhance security and improve website functionality and user experience through analytics.
Legal Obligations: We rely on a legal obligation basis to process your personal data when it is necessary for compliance with our legal obligations, such as tax and accounting obligations.

If you are a resident in a territory where our legitimate interests mentioned above are not recognized as a lawful basis under applicable law, we will identify and use other appropriate lawful bases to process your personal data such as contractual necessity or your consent.

We will always ensure that the legal basis for processing your personal data is clearly identified and documented. We will also make sure that the processing of your personal data is fair, transparent, and proportionate to the purpose for which it is being collected and used.

If you have any questions or concerns about the legal basis for processing your personal data, please contact us using the details provided in the Contact Us Section of this Policy.

Data Management Overview

As part of our transparency efforts, we have created this matrix to provide an overview of the personal data we collect, process, and share, as well as the categories of third parties with whom we share this information.

Source	Category of Personal Information	Recipient Categories	Purpose	Processing Basis
Website Contact Form	Name, email address, phone number, message content	AKG employees	Respond to inquiries and provide information about our services	Legitimate interest
Job Application	Name, contact data, employment history, education, resume	AKG employees, thirdparty background check companies	Evaluate job applicants for employment	Legitimate interest
Client Engagement	Name, contact data, payment data, business data, project data	AKG employees, contractors, subcontractors, thirdparty service providers	Provide consulting services and manage client relationships	Contractual obligation
Marketing Campaigns	Name, email address, company name, job title	AKG employees, thirdparty email marketing providers	Promote AKG services and events	Consent
Analytics	IP address, device type, browser type, website interactions	AKG employees, thirdparty analytics providers	Improve website functionality and user experience	Legitimate interest

Data Purposes

We use your data to communicate with you, provide our Services, promote our Services and Events, evaluate employment applications, and comply with our legal obligations.

Communicate with You: We may use your personal data to communicate with you about our Services and promotions. We may also send you important updates about our Policies or Terms of Service.

Provide our Services: We process your personal data to provide you with the Services you request from us. We also use your personal data to improve our Services, such as by analyzing user behavior on our website to identify areas where we can improve.

Promote our Services: We may use your personal data to promote our products and services, but only with your consent. You can opt‐out of receiving marketing communications at any time.

Evaluate Employment Applications: If you apply for a job with us, we may use your personal data to evaluate your application and to contact you regarding employment opportunities.

Legal and Compliance: We may use your personal data to comply with applicable laws, regulations, and legal processes, such as tax and accounting obligations.

Data Disclosures

At times, we may need to share your personal data with other parties to provide you with our Services, to comply with legal obligations, or to protect our legitimate interests.

Data Transfers

We may need to transfer your personal data to third‐party recipients located outside of the jurisdiction in which you reside or the jurisdiction where the data was originally collected, for the purposes outlined in this Policy. When we transfer your data to recipients located in other jurisdictions, we will take steps to ensure that your data is protected in accordance with applicable data protection laws.

If you are in the European Economic Area or the United Kingdom, please note that transfers of personal data to recipients located outside of the European Economic Area or the United Kingdom will only be made in accordance with applicable data protection laws, including the use of appropriate safeguards such as standard contractual clauses (SCCs) approved by the European Commission or other appropriate measures.

If you have any questions or concerns about international data transfers, please contact us using the contact information provided in the Contact Us Section.

Disclosure Events

With your consent: We may disclose your data to other recipients with your express consent, unless otherwise described above. For example, you may agree to us sharing your data with a certain company or organization to hear about their products, services, or promotions. These recipients will process the data you agree to share according to their respective privacy notices.

To protect us or others: We may access, preserve, and disclose any data we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our or others' rights, property, or safety; enforce our policies or contracts; may collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

To cooperate in the event of merger, sale, or other asset transfer: In the event of a reorganization, divestiture, merger, sale, or bankruptcy, we may transfer all data we may collect to the relevant third‐party and will obtain your consent to do so if required by law or contract.

Recipient Categories

Authorized Agents: If you authorize an agent to make rights requests on your behalf, we may disclose your personal data to them. This may include any data we hold about you. To ensure the security of your personal data, we require identity verification and your explicit authorization that the agent is authorized to request data deletion.
Affiliates and Subsidiaries: We may share personal data to other companies in which we have an ownership interest as necessary for the purposes outlined in this Policy. Types of personal data affiliates and subsidiaries receive include:
Business Partners: We may share personal data with our business partners who co‐offer our Services. These partners may include other businesses or individuals who receive your data for the purpose of assessing the effectiveness of the partnership and may receive data related to their partnership with us.
Vendors and Service Providers: We may share personal data with vendors and other service providers that help us operate our business and provide you with Services.
We require that any service provider processing your personal data only do so on our behalf and for purposes consistent with this Policy, such as the purposes described in the previous How We Use Your Data Section.
Law Enforcement / Courts: We may disclose personal data to law enforcement agencies, courts, or other government bodies as required by law or legal process, or to protect our rights or the rights of others. This may include responding to legal requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards. We may also disclose personal data to third parties if we believe that disclosure is necessary to prevent or investigate possible wrongdoing, such as fraud or identity theft, or to enforce our Terms of Service or other agreements. Additionally, we may share personal data with third parties if we believe that such sharing is necessary to protect the safety, property, or other rights of our users or the public, or to respond to an emergency.

Data Storage & Retention

We store and process your data in the United States and other countries where we operate.

When we store and process your data we utilize technical, physical, and administrative safeguards to meet data transfer requirements set by various privacy laws.

Storage: When you access our Services, including when available on third‐party platforms, your personal data is generally collected by us directly and processed in the United States. Personal data we may collect may be subsequently stored and processed for the purposes set out in this Privacy and Cookie Policy in the United States or any other country in which AKG, its subsidiaries, or third‐party agents operate. By consenting to the transfer of your personal data outside of your country of residence, you acknowledge that your personal data may be transferred to recipients in the United States and other countries that may not offer the same level of privacy protection as the laws in your country of residence or citizenship.
Retention: We retain the data we may collect for as long as necessary to provide our Services, and we may retain that data beyond that period if necessary for legal, operational, or other legitimate reasons.

Where possible, we may also de‐identify, anonymize, or aggregate the data we may collect, or may collect it in a way that does not directly identify you. We may use and share such data as necessary for our business purposes and as permitted by applicable law.

Data Security

We take the security of your personal data seriously and take appropriate measures to protect it. Our cybersecurity controls include Multi‐Factor Authentication (MFA), end point security, anti‐virus and antimalware protection, firewall and VPN protection, data backup, encryption, and phishing and spoof protection. We use a variety of physical, technical, and organizational measures to safeguard your personal data against accidental, unauthorized, or unlawful access, use, or disclosure. We also require our third‐party service providers to take appropriate security measures to protect the confidentiality and security of your personal data.

Despite our best efforts, no security measure is entirely foolproof. We cannot guarantee the security of your personal data, and we cannot be responsible for unauthorized access to or theft, alteration, or destruction of your personal data. You are responsible for keeping your login credentials and passwords confidential. If you believe your account has been compromised, please contact us immediately.

If we become aware of a data breach that affects your personal data, we will notify you as required by applicable law. We will also take appropriate measures to mitigate the impact of the breach and prevent future occurrences.

Please note that our Services may contain links to third‐party websites or services. We are not responsible for the security or privacy practices of those websites or services, so we encourage you to review their privacy policies and terms of use before using or accessing them.

Your Rights & Controls

We believe that respecting your privacy and providing you with control over your personal data is fundamental to our relationship with you. We understand that you have a right to make choices about how your data is used and shared. With that in mind, we strive to provide you with meaningful choices and controls when it comes to the may collection and use of your data. For example, if you no longer wish to receive marketing emails from us, you can easily unsubscribe by clicking the link in the footer of any marketing email we send you.

Your Rights

Authorized Agents: You have the right to use an authorized agent to make a request to exercise your data privacy rights. If you choose to do so, we will require that you verify your identity based on data you have directly provided to us. If you use an authorized agent to submit a request to opt‐out of the sale or sharing of your personal data for targeted marketing purposes, we will require your signed permission demonstrating that you have authorized the agent to act on your behalf. We take your privacy seriously and want to ensure that you have control over your personal data.
Right to be Informed: You have the right to know what personal data we may collect, how we use it, and who we share it with. We provide this information in our Policy and in any other relevant notices at points of collection.
Right of Access: You have the right to access the personal data we hold about you. While you have the right to submit access requests directly to us, we have provided comprehensive information about our data processing practices in this Policy to address any general questions you may have. If you have any questions or concerns about our data processing practices, including how we may collect, use, share, or sell your personal data, please don't hesitate to contact us using the details provided in the Contact Us Section of this Policy.
Right to Rectification: Depending on the third‐party services our client may interact with, you may have access to selfservice tools that allow you to update your personal data directly. If you need further assistance, you have the right to request that any inaccurate or incomplete personal data we hold about you be corrected. To exercise this right or to request assistance with updating your personal data, please contact us using the contact details provided in the Contact Us Section of this Policy.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machinereadable format, and to transmit that data to another data controller. This right to data portability is intended to give you more control over your personal data and facilitate the movement of your data between different organizations. To exercise this right, please contact us using the contact details provided in the Contact Us Section of this Policy.
Right to Erasure: You have the right to request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent to our processing of your data. To exercise this right, or if you have any questions about whether your personal data can be deleted, please contact us using the contact details provided in the Contact Us Section of this Policy.

Right to Object

Data Processing: You have the right to object to the processing of your personal data in certain circumstances, such as when the processing is for direct marketing purposes or is based on our legitimate interests.
Automated Decision Making: You have the right to object to decisions made about you solely based on automated processing, including profiling, if these decisions have legal or significant effects on you. We do not engage in such automated decision‐making processes that may impact you, but if we do in the future, we will provide you with additional information and an opportunity to object. To exercise this right in either capacity, please contact us using the contact details provided in the Contact Us Section of this Policy.
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when the accuracy of the data is contested, or you object to the processing. To exercise this right, please contact us using the contact details provided in the Contact Us Section of this Policy. We take your privacy seriously and strive to provide you with the means to exercise your rights under CCPA/CPRA. We will not discriminate against you for exercising these rights. However, we may need to collect certain information from you to verify your identity and respond to your requests. If we are unable to verify your identity, we may not be able to process your requests. If you have any questions or would like to exercise any of your individual rights, please contact us using the contact details provided in the Contact Us Section of this Policy.

Your Controls

We respect your privacy and want to give you control over your personal information. Below are the choices you have with respect to the third‐parties we work with and how you can exercise them.

Opt-out options: If you're receiving emails such as newsletters, notifications, or other types of communications from us and wish to opt‐out, you can easily do so by clicking the "Unsubscribe" link at the bottom of the email. If you prefer not to receive marketing messages or sponsored content, please contact us using the contact details provided in the Contact Us Section of this Policy and we will ensure your preferences are updated accordingly.

Some third-party services we use may offer opt-out options to their data collection practices. You can find information about how to opt‐out of these services by visiting the following links:

Google Analytics Opt-Out
Facebook Pixel Ads Preferences
Twitter Personalization Settings

Cookie controls: You can manage the use of cookies on our Site through your browser settings. Most browsers allow you to control the types of cookies that are set on your device, and to delete cookies that have already been set. However, disabling certain types of cookies may affect your browsing experience on our Site.

If you have any questions or concerns regarding your privacy choices or how we handle your personal data, please do not hesitate to contact us at info@akennedygroup.com. You can also contact the support teams for each platform if you require further assistance managing your privacy settings.

Changes to Our Policy

We may occasionally update this Policy. When we do, we will revise the "last updated" date at the bottom of the Policy. If there are material changes to this Policy, we will use reasonable efforts to notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification.

Contacts

Contact Us

If you have questions about this Policy, please contact our Data Protection Officer (“DPO”) at the following address:

Attention: Data Protection Team

A Kennedy Group, Inc. (AKG)

PO Box 1111 North Fork, CA 93643

United States

Or email us at info@akennedygroup.com.

Contact a Data Protection Authority

If you have a concern about how we may collect and use data, please contact us. If you are a California resident, you have the right to file a complaint with the California Attorney General's office or any other relevant Data Protection Authority (“DPA”) if you believe your data privacy rights have been violated. We encourage you to contact us first so that we can try to resolve your concerns. However, you may also contact your local DPA directly.

To contact your local DPA, please refer to the links below:

California ‐ Attorney General of California
Europe ‐ DPA Directory

Where appropriate, your local DPA may also forward the matter to the Department of Commerce or FTC for consideration.

Last Updated: June 21, 2023