GDPR Compliance

At Kalarit.ai, we are committed to protecting the privacy and security of your personal data. This page outlines our approach to compliance with the General Data Protection Regulation (GDPR).

Our Commitment to GDPR

The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas. We have implemented measures to ensure that our data processing activities comply with the GDPR principles.

Data Controller and Data Processor

Kalarit.ai acts as both a data controller and a data processor. As a data controller, we determine the purposes and means of processing personal data. As a data processor, we process personal data on behalf of our clients.

Lawful Basis for Processing

We process personal data on the following lawful bases:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
  • Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legal Obligation: Where processing is necessary for compliance with a legal obligation.
  • Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

Your Rights Under GDPR

The GDPR provides the following rights for individuals:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

To exercise any of these rights, please contact us at privacy@kalarit.ai.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO at dpo@kalarit.ai.

International Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Transfer to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Use of specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Transfer to providers based in the US who are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between Europe and the US.

Data Breach Notification

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Last updated: May 1, 2023