Privacy Policy
Introduction
Kimley-Horn and Associates, Inc. and its affiliated companies (collectively, “Kimley-Horn”) respect your privacy. This Privacy Policy applies to personal information collected by Kimley-Horn through the www.kimley-horn.com website, recruiting, and employment activities.
As used in this Privacy Policy, the term “personal information” means any information that is linked or reasonably linkable to an identified or identifiable natural person, or that otherwise is considered personal information under applicable laws or regulations. Personal information may be aggregated or de-identified so that it does not identify any individual. Aggregated or de-identified data is not considered personal information and is not subject to this Privacy Policy.
Types/Categories of Personal Information We Collect
Through our normal and necessary business operations, We collect personal information through our normal and necessary business operations. The type of information we collect depends on how we interact with you. Here is more detailed information about the personal information we collect:
Information You Provide to Us
When you complete a form on our website, apply for a job with us, or become an employee, we collect the information you give us. This information might include things like your name, email address, mailing address, phone number, job application and employment related information, or similar identifying and background information.
When A Third Party Gives It to Us
We may collect your personal information when a third party provides your information to us. For example, when you apply for a job, we may obtain information about your educational or employment background from third parties, or we may perform background checks as part of an employment application.
When You Use Our Websites
We collect technical information when you use our websites. Certain internet and electronic network activity information is created and recorded automatically. This might include information about your interactions with our website, such as content you view, the time you spend viewing the content, and the features you access. We may collect this information using cookies or other similar technologies. For more information, please refer to the “Cookies” section of this Privacy Policy.
How We Use/Process Your Personal Information
We collect and use your information so we can operate effectively and provide you with the best experience when you interact with us. More specifically, we may use your information for the following purposes:
- To respond to your service requests or support needs.
- For the purpose for which you provided the personal information, such as processing your job application, or maintaining your records as an employee.
- Human resources management such as performance assessment, training, employee benefits and compliance.
- Help you obtain an immigration visa or work permit.
- Improve our hiring process (only after personal information has been aggregated).
- Business processes and management used to run our business.
- Safety and security management to ensure the safety and protection of employees, property and the community.
- To identify and communicate with you.
- Improve our website and services such as conducting data analysis and audits, enhancing our website, market research, surveys, marketing, such as providing you information about our products and services.
- Legal proceedings and requirements, such as investigating, addressing, or defending claims or disputes, acquisitions, as required or allowed by law, or as requested by regulators, government entities, and official inquiries.
- Periodic correspondence, teamwork awards, bump boxes and other miscellaneous items may be sent by approved personnel, supervisors or other partners for personal or congratulatory reasons.
Kimley-Horn will not use your personal information in a manner that is inconsistent with the purpose of its original collection, unless we have provided you additional notice and you have consented.
Current employees who have questions about the use of and processing of their personal information can reach out to [email protected] for more information.
Use of Artificial Intelligence
We utilize AI technologies to enhance efficiency in recruiting and workplace operations. In the hiring process, AI may assist with scheduling, summarizing interview notes, and other administrative tasks. Interviews are recorded or transcribed only with the consent of the candidate; Recordings are retained in accordance with our data retention policy. The AI tools do not evaluate candidates, make decisions, or influence hiring outcomes.
AI tools used in our work environment operate within secure enterprise systems and are configured so that personal information is not used to train AI models. Humans are responsible for reviewing and verifying accuracy of all AI output.
How We Disclose/Share Your Personal Information
Kimley-Horn may share personal information with:
Our Wholly Owned Subsidiaries and Affiliates
We share information within the Kimley-Horn family of companies to provide our services or conduct business operations. If we were to engage in an acquisition, bankruptcy, dissolution, reorganization, or similar proceeding that involves the transfer of the information described in this Privacy Policy, we may share your information with a party involved in this process.
Third Party Companies, Service Providers or Business Partners
We rely on third parties to perform certain services on our behalf to help us operate our business. To do so, we may need to share your personal information with them. For example, from time to time, we may share your information with third parties such as a payroll service or a benefits administrator.
Legal Compliance
We may share personal information when it is necessary to comply with the law, enforce our policies and other agreements, or to protect the rights, property or safety of Kimley-Horn and our employees. We may also share your information to detect, prevent, or otherwise address fraud, security, or technical issues.
Where We Store Your Information
We are headquartered in the United States and may process personal information in the U.S. and other countries. If you are in Canada, we remain responsible for personal information transferred to our service providers (which may include cross-border transfers).
Cookies
We use third-party cookies and similar technologies such as web beacons or pixels (collectively “cookies”) to collect personal information about your interaction with our website to allow us to serve you better and improve your browsing experience. A cookie is a small file that is stored on your computer, to enable our site to store information such as your website preferences, so that we can remember certain choices you have made. Cookies can also be used to recognize your device so that you do not have to provide the same information more than once.
You may be able to refuse or disable cookies by adjusting your web browser settings. Some browsers have options that allow the visitor to control whether the browser will accept cookies, reject cookies, or notify the visitor each time a cookie is sent. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “help” section). Please note that you may need to take additional steps to refuse or disable local shared objects and similar technologies. If you choose to refuse, disable, or delete these technologies, some of the functionality of the web site may no longer be available to you, and any differences in services are related to the data. You can learn more about cookies by clicking here.
There are other local storage and internet technologies, such as local shared objects (also referred to as “flash cookies”) and HTML5 local storage, which operate similarly to the technologies discussed above and may also be used.
Do Not Track Signs and Similar Mechanisms
“Do Not Track” (DNT) is a privacy preference you can set in your browser to signal to operators of websites, web applications, and services (including behavioral advertising services) that you do not want such operators to track, collect, and share certain kinds of information about your online activity from party tracking services across different websites.
Our Website is not configured to read or respond to “Do Not Track” settings or signals in your browser headings.
Security
Kimley-Horn has implemented appropriate physical, administrative and technical safeguards to help us protect your personal information from unauthorized access, use and disclosure. Kimley-Horn also requires that its business partners and service providers protect such information from unauthorized access, use and disclosure.
You acknowledge that no method of transmission over the Internet, or electronic storage, is 100% secure, and that we cannot guarantee absolute security.
Selling or Sharing Personal Information
We do not “sell” or “share” your personal information as those terms are defined by California law.
Third-Party Websites
Our Website may contain hyperlinks to third-party websites. By clicking on these links, you are visiting websites outside of Kimley Horn’s control. We are not responsible for any content on third-party websites, or for the collection, use, maintenance, sharing, or disclosure of data and information by the operators of those websites. This Privacy Policy does not apply to information, including personal information, you provide when visiting third-party websites.
Retention
Kimley-Horn will retain your personal information for only as long as it is required for us to fulfill the purposes for which the information is processed or for other valid reasons to retain your personal information (for example, to comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements).
Children’s Privacy
Kimley-Horn’s Services are not directed at children, and we do not knowingly collect personal information from children under the age of 16. If you are a parent or guardian of a child under the age of 16 and believe that he or she has disclosed personal information to us, please contact us as set forth in the “Contact Us” section below. We will ensure their personal information is properly processed and disposed of with the consent of their parents or guardian.
How to Contact Us
If you would like to exercise any of your privacy rights, or if you have any questions about this Privacy Policy or any of Kimley-Horn’s privacy practices or use of your personal information, please contact us by mail at Kimley-Horn 421 Fayetteville Street, Suite 600, Raleigh, NC 27601, or by completing the form at https://www.kimley-horn.com/contact-us/request-data/.
If you exercise any of these rights, we may need to verify your identity. If we need to do so, we may ask you to provide certain information such as your driver’s license, or other form of identification. If we cannot verify your identity, we may deny your request. If that happens, we will let you know.
You can also have an authorized agent exercise your rights on your behalf using the same methods as described above. If you do so, we may also ask your authorized agent to provide proof that they are authorized to act on your behalf.
If you have any questions about this Privacy Policy or any of Kimley-Horn’s privacy practices or use of your personal information, please contact us by mail at Kimley-Horn 421 Fayetteville Street, Suite 600, Raleigh, NC 27601, or by email at [email protected].
Changes to This Privacy Policy
Kimley-Horn may change this Privacy Policy from time to time. The date of the last update will be indicated at the bottom of the Privacy Policy. We encourage you to periodically review this Privacy Policy for any changes or updates.
California Residents
The California Consumer Privacy Act (“CCPA”) regulates how we handle personal information of California residents in connection with our Services and gives California residents certain rights with respect to their personal information.
If you are a California resident, we are required to tell you certain things about your personal information and your rights regarding your personal information. Here is how your personal information is collected, used, and shared:
Table 1: Personal Information Collection, Use, and Disclosure
| Category of Personal Information (PI) | Sources of PI | Business or Commercial Purpose | Sold or Shared? | 3rd Parties Sold/Shared With | Disclosed for a Business Purpose? | Business Purpose Recipients | Purpose of Disclosure |
|---|---|---|---|---|---|---|---|
| Identifiers (name, address, email, SSN, driver’s license, background checks, job application info, health info, union data) | Consumer; Computer systems; Background check agencies; Government reporting sources | HR operations; Hiring | No | None | Yes | Benefits administrators; Payroll processors; Background check agencies | Benefits administration; Payroll processing; Eligibility verification; Regulatory reporting |
| Protected Classifications (race, sex, protected traits) | Consumer | Federal & state reporting | No | None | Yes | Government agencies | Mandatory compliance reporting |
| Internet / Network Activity | Consumer | Service improvement | No | None | No | None | N/A |
| Professional / Employment Information (payroll, benefits, background checks, certifications) | Consumer; Job references | HR operations; Hiring | No | None | No | None | N/A |
| Education Information (degrees, certificates, enrollment) | Consumer; Educational institutions | HR operations; Hiring | No | None | No | None | N/A |
| Sensitive Personal Information (medical info, drug screening, safety compliance) | Consumer; Physicians; Regulatory agencies | HR operations; Hiring | No | None | No | None |
Table 2: Retention Periods for Personal Information
| Category of Personal Information (PI) | Retention Period |
| Identifiers | Employees: Retained through employment 5 years; Applicants: 2 years |
| Protected Classifications | Employees: Employment 5 years; Applicants: 2 years |
| Internet / Network Activity | 1 year |
| Professional or Employment Information | Employees: Employment 5 years; Applicants: 2 years |
| Education Information | Employees: Employment 5 years; Applicants: 2 years |
| Sensitive Personal Information | Benefits: 6 years; HIPAA disclosures: 6 years; FMLA: 3 years; I-9: 3 years after hire or 1 year after termination (whichever is later); Immigration files: 5 years |
Sensitive Information
Kimley-Horn does not use or disclose sensitive personal information except to provide the services you may have requested, process job applications or provide benefits to our employees.
California “Shine the Light” Law
California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the businesses’ practices related to disclosing Personal information to third parties for the third parties’ direct marketing purposes. Residents of the State of California may ask us to provide them with a list of the types of Personal information that we have disclosed during the preceding year to third parties for their direct marketing purposes, and the identity of those third parties. If you are a California resident and would like such a list, please contact us by emailing or writing to us using the contact details in the Exercising Your Rights section of this Policy.
Rights Regarding Your Personal Information
You have several rights regarding your personal information. We will explain those rights to you and how you may exercise them.
- Right to Know: This means you have the right to know what personal information Kimley-Horn has collected about you, the categories of this personal information, the categories of sources from which the personal information was collected, the business or commercial purpose for collecting, selling, or sharing your personal information, the categories of third-parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you.
- Right to Delete: You have the right to request that we delete personal information that we have collected from you. However, keep in mind that this right is subject to certain exceptions.
- Right to Correct: You can request that we correct inaccurate personal information we maintain about you.
- Right to Data Portability: You have the right to have us provide your Personal Information in a portable and ready to use format.
- Right Not to Receive Discriminatory Treatment: You have the right not to be discriminated against based on your personal information, and the right not to be retaliated against for the exercise of your rights under California law.
Exercising Your Rights
You may exercise any of the rights listed above by calling us at 919-677-2000 or emailing [email protected].
In certain circumstances you may be able to designate an authorized person to make a request on your behalf. To determine if this applies to you, please send an email to [email protected].
Right to Opt-Out of Selling or Sharing Your Personal Information
In addition to the rights mentioned above, you also have the right to opt-out of Kimley-Horn “selling” or “sharing” your personal information with third parties for valuable consideration or for certain targeted advertising. To the extent our use of your Personal Information constitutes selling or sharing (as defined by California law), by clicking the “Do Not Sell Or Share My Personal information” link at the bottom of the home page of our Website you will learn more about this option and will have the opportunity to opt-out. Electing to opt-out will only work for the device you are using at the time you opt-out. If you would like to exercise your right to opt-out you can email us at [email protected], or click the link below:
Do Not Sell or Share My Personal Information
Response Timing and Format
If you exercise any of these rights, we may need to verify your identity. If we need to do so, we may ask you to provide certain information such as confirming at least three (3) information points of your information we maintain, or other information needed to verify your identity–depending on the sensitivity of the personal information in question. If we cannot verify your identity, we may deny your request. If that happens, we will let you know.
You can also have an authorized agent exercise your rights on your behalf using the same methods as described above. If you do so, we may also ask your authorized agent to provide proof that they are authorized to act on your behalf, such as a power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf.
- We use good faith efforts to respond to a verifiable consumer request within forty-five (45) days after its receipt. If we need more time (up to 90 days), we will inform you of the reason and the extension period needed in writing. We will deliver our written response by email or postal mail.
- Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. If we cannot comply with any portion of a request, the response we provide will also explain why, if applicable. For data portability requests, we will select a commercially reasonable format to provide your personal information that is commonly useable and should allow you to transmit the information from one entity to another entity without hindrance, but we do not guarantee that all formats are useable in all media. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Canada Privacy Rights
This Supplement applies when Kimley-Horn collects, uses, discloses, or otherwise handles personal information in Canada. It should be read together with our main Privacy Policy. If there is a conflict, the stricter requirement applies.
Privacy Principles: We manage personal information in accordance with the following principles, as defined by the Personal Information Protection and Electronic Documents Act (PIPEDA):
- Accountability: A designated Privacy Officer is responsible for compliance.
- Identifying Purposes: We explain why information is collected before or at the time of collection.
- Consent: We obtain valid consent (express or implied, as permitted by law) and provide withdrawal mechanisms.
- Limiting Collection, Use & Disclosure: We limit what is necessary for stated purposes and retain only as long as needed.
- Accuracy: We keep information accurate and up to date where appropriate.
- Safeguards: We protect information using administrative, physical, and technical measures proportional to sensitivity.
- Openness & Access: We explain our practices and provide access/correction requests.
- Challenging Compliance: Individuals may contact us to raise concerns or complaints.
What We Collect & Why
We collect categories of personal information such as identifiers, contact details, professional and transactional data, usage and device data, and—if applicable—geolocation or precise location (with consent where required). We use this information to provide services, operate our business, secure our systems, comply with legal obligations, and improve user experience. Detailed purposes appear in our main Privacy Policy.
Cross Border Transfers
Personal information may be stored or accessed outside of Canada (in the United States). We use contractual and other measures to protect information when transferred across borders.
Your Rights
Subject to legal limits, individuals may:
- Request access to and correction of their personal information.
- Withdraw consent for non essential processing.
- Ask about our policies and practices, including service providers outside Canada.
- File a complaint with us and/or with the Office of the Privacy Commissioner of Canada.
Security & Breach Notification
We apply safeguards appropriate to the sensitivity of the information. If a security incident creates a real risk of significant harm, we will notify affected individuals and the appropriate privacy regulator, and keep records of incidents, as required by applicable law.
Cookies, Analytics & Targeted Ads
We explain our use of cookies and similar technologies in our Cookie Notice.
Contact & Privacy Officer
To exercise your rights or ask questions, contact our Privacy Officer:
- Name/Title: Ashley Keil
- Email: [email protected]
- Mailing Address: 421 Fayetteville St., Suite 600 Raleigh NC 27601
You may also contact the Office of the Privacy Commissioner of Canada or the relevant provincial privacy authority.
Puerto Rico Privacy Rights
This supplement applies to residents of Puerto Rico and complements our main Privacy Policy.
Website/App Privacy Policy Notice
If we collect personal information from Puerto Rico residents through our websites or online services, we provide a clear, conspicuous privacy policy describing: (a) the categories of personal information collected/retained; (b) the categories of third parties with whom it is shared; (c) any process to review or request changes; and (d) how we will notify users of policy changes.
Security Breach Notifications
If a breach of system security affects your personal information and the information was protected only by a password (and not robust encryption), we will notify you without unreasonable delay and report the incident to the Puerto Rico Department of Consumer Affairs (DACO) within ten (10) days of discovery, as required by Puerto Rico law. DACO may issue public notice within twenty-four (24) hours of our report.
Use of Social Security Numbers (Employees)
For our Puerto Rico employees, we do not use or display Social Security Numbers on identification cards or documents of general circulation, consistent with Puerto Rico law.
Spanish Version
We can provide this policy and the Puerto Rico supplement in Spanish upon request: [email protected]
Last updated: June 1, 2026