Data Protection Policy

KIS Cards Limited Data Protection Policy

1. Introduction
At KIS Cards Limited, we prioritize the security and protection of your data. We have implemented robust policies, procedures, and technical measures to ensure your personal and business information remains secure. This policy outlines how we collect, store, protect, and handle data in compliance with relevant data protection laws.

2. Scope
This policy applies to all customer data collected, processed, and stored by KIS Cards Limited, including digital business card data, customer details, and transaction information.

3. Data Collection and Usage
We collect data strictly for operational purposes, such as processing orders, providing digital business card services, and improving our platform. The data we collect may include:

Customer names, contact details, and business information.
Digital business card details and NFC/QR activation records.
Payment and transaction history (processed securely through third-party payment providers).

We do not sell or share customer data with third parties for marketing purposes.

4. Data Storage and Security
4.1 VPS Security

KIS Cards Limited operates a Virtual Private Server (VPS) to enable iOS and Android devices to read digital business cards.
Our VPS is independently managed and operated by KIS Cards Limited, ensuring no third-party providers have access to the internal environment.
The VPS is hosted by a trusted provider in Christchurch, New Zealand, in a secure data center with:
24/7 security monitoring.
Limited access control.
Zero external signage for added discretion.
Multiple firewalls, security-enabled software, and continuous monitoring are in place to detect and prevent unauthorized access.

4.2 Local Data Protection

Data stored locally in our office is kept on secure and separate hard drives.
Automatic IP banning protocols and network activity scans continuously monitor for malicious behavior.
Regular security software updates and firewalls are in place to protect our infrastructure.

5. Access and Control

Only authorized personnel have access to customer data, with strict authentication and access control measures in place.
Employees undergo data protection training to ensure compliance with security best practices.

6. Encryption and Secure Transmission

All data transmitted between users and KIS Cards Limited servers is encrypted using SSL/TLS protocols.
Stored data is encrypted where applicable to prevent unauthorized access.

7. Third-Party Services and Data Transfers

KIS Cards Limited may use third-party services (e.g., payment processors, hosting providers) to facilitate business operations.
These third parties are carefully selected and must comply with strict data protection standards.
No customer data is transferred outside of secure, trusted environments without proper safeguards in place.

8. Cookies and Tracking Technologies

KIS Cards Limited may use cookies and similar technologies to enhance user experience and analyze website traffic.
Users can manage cookie preferences through their browser settings.

9. Data Retention and Deletion

We retain customer data only as long as necessary for operational and legal purposes.
Customers may request data deletion at any time by contacting us at info@kiscards.co.nz or submitting a support ticket.
Upon request, data will be permanently removed from our network, unless retention is required by law.

10. Compliance with Data Protection Regulations

KIS Cards Limited is committed to complying with relevant data protection laws in New Zealand and any applicable international standards (e.g., GDPR if handling EU customer data).
If legally required, KIS Cards Limited will cooperate with authorities while maintaining customer privacy to the fullest extent possible.

11. Data Backup and Recovery

Regular backups of critical business and customer data are performed to ensure data integrity and recovery in case of unexpected incidents.
Backups are stored securely and protected from unauthorized access.

12. Incident Response and Breach Management

We have a response plan in place to handle any data security incidents or breaches.
In the event of a data breach, affected customers will be notified as soon as possible, along with the steps taken to mitigate risks.

13. Customer Rights
Customers have the right to:

Request access to their stored data.
Correct inaccurate or outdated information.
Request data deletion.
Withdraw consent for data usage, where applicable.

To exercise these rights, customers can contact us at info@kiscards.co.nz.

14. Policy Updates
This policy may be updated periodically to reflect security improvements and regulatory changes. The latest version will always be available on our website.
For any questions or concerns regarding this policy, please contact us at info@kiscards.co.nz.

KIS Cards Limited Data Protection Policy

Customer names, contact details, and business information.

Digital business card details and NFC/QR activation records.

Payment and transaction history (processed securely through third-party payment providers).

We do not sell or share customer data with third parties for marketing purposes. 4. Data Storage and Security 4.1 VPS Security

KIS Cards Limited operates a Virtual Private Server (VPS) to enable iOS and Android devices to read digital business cards.

Our VPS is independently managed and operated by KIS Cards Limited, ensuring no third-party providers have access to the internal environment.

The VPS is hosted by a trusted provider in Christchurch, New Zealand, in a secure data center with:

24/7 security monitoring.

Limited access control.

Zero external signage for added discretion.

Multiple firewalls, security-enabled software, and continuous monitoring are in place to detect and prevent unauthorized access.

4.2 Local Data Protection

Data stored locally in our office is kept on secure and separate hard drives.

Automatic IP banning protocols and network activity scans continuously monitor for malicious behavior.

Regular security software updates and firewalls are in place to protect our infrastructure.

5. Access and Control

Only authorized personnel have access to customer data, with strict authentication and access control measures in place.

Employees undergo data protection training to ensure compliance with security best practices.

6. Encryption and Secure Transmission

All data transmitted between users and KIS Cards Limited servers is encrypted using SSL/TLS protocols.

Stored data is encrypted where applicable to prevent unauthorized access.

7. Third-Party Services and Data Transfers

KIS Cards Limited may use third-party services (e.g., payment processors, hosting providers) to facilitate business operations.

These third parties are carefully selected and must comply with strict data protection standards.

No customer data is transferred outside of secure, trusted environments without proper safeguards in place.

8. Cookies and Tracking Technologies

KIS Cards Limited may use cookies and similar technologies to enhance user experience and analyze website traffic.

Users can manage cookie preferences through their browser settings.

9. Data Retention and Deletion

We retain customer data only as long as necessary for operational and legal purposes.

Customers may request data deletion at any time by contacting us at info@kiscards.co.nz or submitting a support ticket.

Upon request, data will be permanently removed from our network, unless retention is required by law.

10. Compliance with Data Protection Regulations

KIS Cards Limited is committed to complying with relevant data protection laws in New Zealand and any applicable international standards (e.g., GDPR if handling EU customer data).

If legally required, KIS Cards Limited will cooperate with authorities while maintaining customer privacy to the fullest extent possible.

11. Data Backup and Recovery

Regular backups of critical business and customer data are performed to ensure data integrity and recovery in case of unexpected incidents.

Backups are stored securely and protected from unauthorized access.

12. Incident Response and Breach Management

We have a response plan in place to handle any data security incidents or breaches.

In the event of a data breach, affected customers will be notified as soon as possible, along with the steps taken to mitigate risks.

13. Customer Rights Customers have the right to:

Request access to their stored data.

Correct inaccurate or outdated information.

Request data deletion.

Withdraw consent for data usage, where applicable.

We do not sell or share customer data with third parties for marketing purposes.

4. Data Storage and Security
4.1 VPS Security

13. Customer Rights
Customers have the right to: