Overview
This privacy policy (amended in compliance with the General Data Protection Regulation — GDPR, May 2018), effective as of 25 May 2018, is a commitment made by and between Kandaka International Ltd, on behalf of itself and all individuals or entities we deal with in the ordinary course of business (the "Customer").
This policy outlines our commitment to protecting your personal data in accordance with GDPR and our transparency in how we collect, process, and store your information.
Definitions
All capitalised terms used but not defined herein shall have the meaning set forth in this policy. Lower-case terms such as personal data, personal data breach, processing, controller, processor, supervisory authority, and data subject have the meaning set forth in Article 4 of the GDPR.
Scope and Roles
This policy applies to the collection, storage, and processing of personal data by Kandaka International Ltd on behalf of Customers. The Customer is the controller or possessor of Customer personal data, and Kandaka International Ltd is the collector and processor of such data.
Data Processing
Our commitments
- Process personal data only on documented instructions or implied consent from the Customer.
- Ensure authorised persons commit to confidentiality.
- Take all measures required under Article 32 of the GDPR.
- Assist Customers with data-subject rights requests.
- Delete or return personal data upon service termination.
Data Processing Details
- Full name and contact information
- Email and postal addresses
- Telephone and mobile numbers
- Business cards and job titles
- Username and passwords
- Education and certifications
- Government-issued identification
- Financial information (when required)
- IP addresses and device data
- Representatives and end users
- Employees and contractors
- Temporary personnel
- Affiliates and partners
- Regulators
- Other individuals whose data is submitted by Customers
Sub-processing
Kandaka International Ltd may engage other processors for processing Customer personal data in accordance with GDPR safeguards. We maintain a list of such processors and provide at least 14 days' notice before authorising any new processor.
Customers may object to new processors without penalty by initiating our dispute-resolution process.
Data Subject Rights
Data Transfer
We ensure that personal-data transfers from the UK or EEA to countries without adequacy decisions are subject to appropriate safeguards providing adequate protection in accordance with GDPR requirements.
Security
- Pseudonymisation and encryption
- Ongoing confidentiality and integrity
- Timely data restoration capabilities
- Regular security testing and assessment
- Staff confidentiality commitments
- Access controls and authorisation
- Risk assessment procedures
- Incident response protocols
Personal Data Breach
Audit
Audits shall be:
- Subject to appropriate confidentiality undertakings.
- Conducted no more than twice per year, unless non-compliance is suspected.
- Performed upon thirty (30) days' written notice.
- Conducted at mutually agreed times and in an agreed manner.
Conflict & Jurisdiction
Conflict
In case of conflict between this policy and other terms, this policy will control to the extent required by law.
Jurisdiction
This policy is governed by UK / EEA member-state law, with exclusive jurisdiction primarily assumed to be the UK / EEA member state of the Customer.
Contact Information
- Address
- Izabella House 24-26 Regent Place, City Centre Birmingham B1 3NJ England
- Phone
- +44 121 752 2018
- support@kandaka.com
By using our services, you consent to this privacy policy. You have the right to opt out of data-collection activities as long as it doesn't violate regulatory requirements.