We use cookies to enhance your experience. By continuing to visit this site you agree to our use of cookies.

Data Protection

Last Updated:

1. Introduction to Data Protection

At Klixarunphim, we are committed to protecting your personal data and respecting your privacy rights. This Data Protection policy explains our approach to data protection, the measures we implement to safeguard your information, and your rights regarding your personal data.

We comply with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR) for users in the European Economic Area, the California Consumer Privacy Act (CCPA) for California residents, and other relevant privacy legislation.

2. Data Protection Principles

We adhere to the following data protection principles in all our processing activities:

2.1 Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner. We provide clear information about how we collect and use your data, and we ensure that our processing activities have a valid legal basis.

2.2 Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes. We do not process data in a manner that is incompatible with those purposes without obtaining your consent or having another legal basis.

2.3 Data Minimization

We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. We do not collect excessive data or data that is not needed for our services.

2.4 Accuracy

We take reasonable steps to ensure that personal data is accurate and kept up to date. We provide mechanisms for you to update your information and correct any inaccuracies.

2.5 Storage Limitation

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. We have established retention periods for different categories of data.

2.6 Integrity and Confidentiality

We implement appropriate technical and organizational measures to ensure the security of personal data, protecting it against unauthorized or unlawful processing, accidental loss, destruction, or damage.

2.7 Accountability

We are responsible for demonstrating compliance with data protection principles. We maintain records of our processing activities and conduct regular reviews of our data protection practices.

3. Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

3.1 Consent

You have given clear consent for us to process your personal data for specific purposes. You have the right to withdraw your consent at any time.

3.2 Contract Performance

Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

3.3 Legal Obligation

Processing is necessary for compliance with a legal obligation to which we are subject.

3.4 Legitimate Interests

Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided that your interests and fundamental rights do not override those interests.

4. Your Data Protection Rights

Depending on your location and applicable laws, you may have the following rights regarding your personal data:

4.1 Right of Access

You have the right to request access to your personal data and obtain information about how we process it. We will provide you with a copy of your personal data upon request.

4.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. We will update your information promptly upon verification.

4.3 Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or when you withdraw consent.

4.4 Right to Restriction of Processing

You have the right to request restriction of processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.

4.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

4.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

4.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

4.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates applicable data protection laws.

5. Data Security Measures

We implement comprehensive security measures to protect your personal data:

5.1 Technical Measures

  • Encryption of data in transit using TLS/SSL protocols
  • Encryption of data at rest using industry-standard algorithms
  • Secure authentication mechanisms including multi-factor authentication
  • Regular security updates and patches
  • Intrusion detection and prevention systems
  • Firewall protection and network segmentation
  • Regular vulnerability assessments and penetration testing

5.2 Organizational Measures

  • Access controls limiting data access to authorized personnel only
  • Employee training on data protection and security
  • Confidentiality agreements with employees and contractors
  • Data protection impact assessments for high-risk processing
  • Incident response and breach notification procedures
  • Regular audits and compliance reviews
  • Vendor management and third-party security assessments

6. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and where feasible, within 72 hours of becoming aware of the breach.

Our breach notification will include:

  • Description of the nature of the breach
  • Categories and approximate number of individuals affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach
  • Contact information for further inquiries

7. International Data Transfers

We may transfer your personal data to countries outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions recognizing equivalent data protection
  • Binding corporate rules for intra-group transfers
  • Certification mechanisms such as Privacy Shield (where applicable)

8. Children's Data Protection

We do not knowingly collect or process personal data from children under the age of 13 without parental consent. If we become aware that we have collected personal data from a child under 13 without verification of parental consent, we will take steps to delete that information promptly.

Parents or guardians who believe we may have collected information from their child can contact us to request deletion of such data.

9. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and ensure compliance with applicable laws. You can contact our DPO regarding any questions or concerns about our data protection practices:

Data Protection Officer
Klixarunphim
345 E. 37th Street, Suite 202A
New York, NY 10016, USA
Email: helpdesk@klixarunphim.world

10. Third-Party Data Processors

We work with third-party service providers who process personal data on our behalf. We ensure that all processors:

  • Provide sufficient guarantees of appropriate technical and organizational measures
  • Process data only on our documented instructions
  • Maintain confidentiality of personal data
  • Implement appropriate security measures
  • Assist us in responding to data subject requests
  • Delete or return data upon termination of services

11. Automated Decision-Making

We may use automated decision-making processes, including profiling, to improve our services and personalize your experience. You have the right to:

  • Obtain information about the logic involved in automated decision-making
  • Request human intervention in the decision-making process
  • Express your point of view regarding automated decisions
  • Contest decisions made solely by automated means

12. Data Retention Periods

We retain different categories of personal data for varying periods based on legal requirements and business needs:

  • Account information: Retained for the duration of your account plus 3 years
  • Transaction records: Retained for 7 years for tax and accounting purposes
  • Marketing data: Retained until you opt out or for 2 years of inactivity
  • Support communications: Retained for 3 years
  • Usage logs: Retained for 1 year

13. Updates to This Policy

We may update this Data Protection policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes through our website or by email. We encourage you to review this policy periodically.

14. Contact Information

For questions, concerns, or requests regarding data protection, please contact us:

Klixarunphim
345 E. 37th Street, Suite 202A
New York, NY 10016, USA
Phone: +1 (844) 333-2777
Email: helpdesk@klixarunphim.world