KaiRiz Cyber Technologies: Privacy and Data Protection Policy

Introduction

At KaiRiz Cyber Technologies, protecting personal data is of utmost importance to us. We are committed to ensuring compliance with data protection laws and to maintaining the privacy of the data we collect and process. This includes personal data of our employees, clients, students, and instructors. As a UK-based company offering cybersecurity and AI services to international clients, along with providing online education for IT courses, we take extensive measures to ensure the security and privacy of all personal information. This policy is in place to ensure compliance with the UK Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR) (EU) 2016/679.

We are committed to transparency about how personal data is used and aim to provide clear guidelines to ensure privacy is respected at all levels of operation.

1. Employee Privacy (Managers, CTO, COO, Developers, Designers, Non-IT Staff)

Types of Personal Data Collected
In the course of employment, we collect and process various categories of personal data to manage the employment relationship effectively:

  • Contact Information: Full name, address, personal email address, business email address, phone number, emergency contact details
  • Employment Information: Job title, department, work location, work schedules, responsibilities, skills, employment contract, performance reviews, professional qualifications, educational background
  • Compensation and Benefits: Salary, tax codes, national insurance number, pension information, bonuses, healthcare benefits
  • Work Performance and Development: Training records, feedback, disciplinary actions, appraisals, employee development plans
  • Health Information: Medical conditions, workplace injury details, and special accommodations (if required)

Purpose of Data Processing
We process employee data for a number of purposes:

  • Legal Compliance: To meet obligations under employment law, including tax and health and safety regulations
  • Human Resource Management: To manage recruitment, compensation, training, performance, and other employment-related matters
  • Communication: To maintain contact with employees for day-to-day operational needs and to disseminate key information
  • IT Security: To ensure that systems and data are protected, and to support business continuity and disaster recovery measures

Data Retention
We will retain employee data for as long as necessary to comply with employment and legal requirements. This includes keeping data for taxation, health and safety, legal disputes, or insurance purposes.

Employee Rights
Employees have the right to:

  • Request access to their personal data held by the company
  • Update or correct any inaccurate personal information
  • Request the deletion of personal data where no longer needed
  • Withdraw consent at any time where applicable

2. Client Privacy (Cybersecurity and AI Services)

Types of Personal Data Collected
We collect various types of data from clients to deliver our services effectively:

  • Business Information: Company name, company registration number, VAT number, office addresses, legal representatives
  • Contact Information: Key contact persons, email addresses, phone numbers, title and role of personnel
  • Financial Information: Billing details, payment methods, invoicing details, and payment history
  • Service Usage Data: Access logs, client reports, project specifications, service delivery metrics, vulnerability assessment records, audit logs, security scans, and incident reports

Purpose of Data Processing
We process client data for several key purposes:

  • Service Delivery: To provide cybersecurity assessments, AI solutions, and IT support services as per contractual agreements
  • Project Management: To track progress, report performance, and monitor the successful delivery of solutions
  • Financial Management: To manage billing, payments, and contractual obligations
  • Customer Support: To facilitate ongoing client support, technical assistance, and project-related communications
  • Compliance and Risk Management: To ensure that our services meet industry regulations, enhance security, and reduce risks for clients

Data Retention
We retain client data for the duration of the contract and for a period thereafter to fulfill legal, financial, and operational obligations. Personal data is deleted securely when it is no longer required.

Client Rights
Clients have the right to:

  • Access their data upon request
  • Rectify any inaccuracies or discrepancies in their personal data
  • Request the deletion of their personal data, subject to legal exceptions
  • Restrict the processing of their data under certain conditions

3. Student and Instructor Privacy (Online Education)

Types of Personal Data Collected
For the purposes of delivering high-quality online education, we collect the following types of personal data:

  • Personal Information: Full name, date of birth, email address, home address, phone number
  • Academic and Professional Background: Academic qualifications, professional certifications, work experience, and previous training records
  • Course Enrollment Data: Enrollment details, course selection, course completion status, assignment submissions, grades, feedback, and certificates
  • Financial Data (for students): Payment information related to course enrollment fees, billing address
  • Instructor Content: Course materials, teaching resources, assessment feedback, lesson plans, and performance evaluations

Purpose of Data Processing
We process data for the following purposes:

  • Educational Delivery: To enroll students, manage coursework, provide learning materials, monitor academic progress, and issue certifications
  • Support Services: To offer personalized support for students and instructors during courses
  • Financial Management: To facilitate course payments, process refunds, and manage invoices
  • Course Improvement: To evaluate the effectiveness of courses through student feedback, course performance, and assessment results

Data Retention
We retain student and instructor data for the duration of the course and beyond to fulfill certification requirements, offer continued support, and comply with regulatory requirements.

Student and Instructor Rights

  • Right to Access: Students and instructors can request a copy of the personal data we hold about them
  • Right to Rectification: Students and instructors may request the correction of inaccurate or incomplete data
  • Right to Erasure: Students and instructors can request the deletion of their personal data when it is no longer required for business purposes
  • Right to Restriction of Processing: In specific circumstances, students and instructors may restrict how their data is processed
  • Right to Data Portability: Students and instructors have the right to receive their data in a structured, commonly used format for transfer to another provider

4. Data Security Practices

We adopt robust security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction:

  • Encryption: All sensitive data, including payment details and personal information, is encrypted both during transmission and at rest to prevent unauthorized access.
  • Access Controls: Only authorized personnel are granted access to personal data. Access is granted based on the principle of least privilege.
  • Firewalls and Anti-Virus: We use firewalls, intrusion detection systems, and anti-malware solutions to safeguard personal data from cyber threats.
  • Employee Training: All employees undergo regular data protection and security training to understand and comply with data protection laws and internal security procedures.
  • Penetration Testing: We routinely conduct penetration testing and vulnerability assessments to ensure the security of our IT systems and services.
  • Incident Response Plan: In the event of a data breach, we have a detailed incident response plan to mitigate the damage, inform affected individuals, and comply with GDPR breach notification requirements.

5. Data Sharing and Third-Party Processors

KaiRiz Cyber Technologies may share personal data with trusted third-party providers who assist us in business operations. These include:

  • Payment Processors: For processing course fees, service fees, and other transactions.
  • Cloud Storage Providers: For storing backups and data archives securely.
  • IT Infrastructure Providers: For hosting our services, including cybersecurity services, AI solutions, and online learning platforms.
  • Legal and Compliance Advisors: For auditing, legal compliance, and advisory services.

All third-party service providers are contractually bound to adhere to our privacy standards and ensure that personal data is handled securely and in compliance with data protection laws.

6. International Data Transfers

As we operate globally, personal data may be transferred to jurisdictions outside the UK or European Economic Area (EEA). In such cases, we ensure that:

  • Adequate Safeguards: Personal data is transferred in compliance with the GDPR’s safeguards, including using Standard Contractual Clauses (SCCs) or other lawful mechanisms for international data transfers.
  • Transparency: We notify individuals when their data is transferred outside of the EEA, ensuring transparency in how their data is handled across borders.

7. Rights of Data Subjects

Individuals have the right to exercise their rights under data protection laws, which include:

  • Right to Access: You can request a copy of your personal data.
  • Right to Rectification: You can request corrections or updates to your personal data.
  • Right to Erasure: You can request deletion of your personal data if it is no longer necessary for our purposes.
  • Right to Object: You can object to processing in certain circumstances, especially for direct marketing purposes.
  • Right to Restrict Processing: You can request a limitation on the processing of your personal data in specific situations.

If you wish to exercise any of your rights, please contact our Data Protection Officer (DPO).

8. Changes to This Privacy Policy

We will update this Privacy and Data Protection Policy periodically to reflect changes in our business, legal requirements, or industry practices. Any significant changes will be communicated to affected parties in a timely manner, either via email or through our website.

This Privacy and Data Protection Policy represents our commitment to maintaining the trust and confidence of our employees, clients, students, and instructors by handling their personal data securely and responsibly.