Privacy Policy

---

1. Introduction

Kybri Consulting Limited is a company incorporated in the Isle of Man. We provide business and regulatory consulting services to a wide array of businesses operating in the Digital Sector. In this Policy, “the business”, “we”, “us” and “our” refers to Kybri Consulting Limited.
This website collects personal data from users and visitors, and we would recommend you read this privacy policy carefully as it contains important information on who we are, and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

2. Personal Data

Personal data is defined as any information that can identify an individual, either directly or when combined with other data as well as data concerning health, sex life or sexual orientation. The Data subject is the individual that the personal data relates to.

We collect, use, and retain certain personal data about you subject to the Isle of Man Data Protection Act 2018 and/or the United Kingdom General Data Protection Regulation (UK GDPR). This personal data enables us to provide services to you. If you do not provide personal data we ask for, it may delay or prevent us from providing these services to you.

3. How, why, and types of personal data we collect

Below we outlines the types of personal data we collect, how and why we collect your personal data and what we, and third parties will use your data for:
 

How we collect your data?

Directly from you (telephone, text, email) and via our website (e.g. registration and during the course of the business relationship with you). In addition, we may collect information from credit reference agencies, due diligence providers, sanctions screening providers, third parties (e.g. banks and building societies), website cookies, and  IT systems (e.g. performance monitoring and tracking solutions).

Why do we use your personal data (subject to your consent)?

Your personal data can only be used if there is a valid reason and in the following circumstances:

• To comply with legal and regulatory obligations
• Where you have given your consent
• The execution and pre-requisites of a contract with you
• Our legitimate interests
• A third party’s legitimate interests

What we and third parties use your personal data for

• To create and manage your account with us
• To improve our services
• Preventing and detecting fraud against you or us
• Provide services to you
• Auditing
• Investigations
• Regulation
• Legal requirements
• Compliance
• Privacy
• Analysis
• Security
• Statutory requirements
• Marketing
• Credit checks

Who we may share your personal data with (third parties)

• Regulators
• Credit reference agencies
• Insurers
• Banks
• Social media platforms
• Marketing agencies
• Law enforcements agencies
• Regulatory bodies
• Auditors
• Service providers

If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).

4. Sharing data

We take all reasonable measures to ensure third parties take appropriate actions to protect your personal data. It may be necessary for us to share your personal data with third parties outside the Isle of Man and UK if you are based outside the Isle of Man and UK or where there is an international requirement to the services, we are providing to you.

Under data protection law, we can only transfer your personal data to a country or international organisation outside the Isle of Man and the UK where:

• the UK government has decided the country or international organisation has an adequate level of protection of personal data (known as an ‘adequacy decision’). For a list of the current UK Data partnerships please see UK adequacy approved countries
• there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects. Other countries or international organisations we are likely to transfer personal data to do not have the benefit of an
• adequacy decision. This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring appropriate safeguards are in place or relying on an exception
• a specific exception applies under data protection law e.g. you have explicitly consented to the proposed transfer after having been informed of the possible risks and/or the transfer is necessary to establish, exercise or defend legal claims

If you would like further information about data transferred outside the Isle of Man and the UK, please contact us (see ‘How to contact us’ below).

5. Retention of data

Your Personal data may be held at our offices, third party agencies, service providers, representatives and agents and will be kept for as long as you have an account with us or we are providing services to you. Once you terminate your account with us or there is a period of 12 months of no activity on the account then we will keep your personal data for as long as is necessary: to respond to any questions, complaints or claims made by you or on your behalf

• to show that we treated you fairly
• to keep records required by regulation and law.

We will not keep your personal data for longer than necessary and when it is no longer necessary to keep your personal data, we will delete or anonymise it.

6. Marketing

We, and third parties may use your data for marketing purposes. You have the right to opt out of receiving marketing communications at any time by:

• contacting us (see ‘How to contact us’ below)

You have the following rights, which you can exercise free of charge:

• Access: The right to be provided with a copy of your personal data
• Rectification: The right to require us to  correct any mistakes in your personal data
• Erasure: The right to require us to delete your personal data—in certain situations
• Restriction of processing: The right to require us to restrict processing of your personal data in certain circumstances, e.g. if you contest the accuracy of the data
• Data portability: The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in      certain situations
• To object: The right to object at any time to your personal data being processed for direct marketing (including profiling) and, in certain other situations, to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests
• Not to be subject to automated individual decision-making: The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

7. Rights

For further information on each of those rights, including the circumstances in which they apply, please see the Isle of Man Information Commissioner’s website at https://www.inforights.im/individuals/data-protection/your-data-protection-rights/ or Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights.

If you would like to exercise any of these rights, please contact us (see ‘How to contact us’ below).

You also have the right to lodge a complaint with the Isle of Man Information Commissioner, the UK Information Commissioner or any relevant European data protection supervisory authority. The Isle of Man Information Commissioner may be contacted at https://www.inforights.im/contact-us / or telephone +44 1624 693260 and UK Information Commissioner may be contacted at https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113.

8. Security

We have implemented appropriate security measures to prevent personal data from being accidentally lost, used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

To ensure you are protecting your information please visit Get safe online. Get Safe Online is supported by HM Government and leading businesses.

Please contact us if you have any query or concern about our use of your information (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.

9. How to contact us

Please contact us if you have any questions about this policy or the information we hold about you.

If you wish to contact us, please send an email to admin@kybri.io or write to us at our registered address Kybri Consulting Limited, Flat 5 Derby Court, 42 The Promenade, Castletown, Isle of Man, IM9 1BG.