N-Kor Private Limited ("N-Kor") is committed to protecting the confidentiality, integrity, and availability of all data in its possession or control. This policy outlines the framework for securing personal, confidential, and proprietary information in accordance with applicable data protection regulations and industry best practices.
This policy applies to all employees, interns, contractors, consultants, vendors, and third-party partners who process, access, transmit, or manage data owned by or entrusted to N-Kor. It covers all forms of data, electronic, paper-based, and verbal and all systems used for data processing.
Personal Data: Any information related to an identified or identifiable individual (e.g., name, email, ID number).
Confidential Information: Proprietary or sensitive business data including client information, financial records, IP, trade secrets, source code, and internal strategies.
Sensitive Personal Data: Includes health data, biometric identifiers, financial credentials, etc. Processing: Any action performed on data (e.g., collection, storage, analysis, transfer, deletion). Data Subject: An individual whose personal data is being processed.
N-Kor collects data solely for legitimate business, legal, or operational needs, ensuring that all data collection practices are lawful, fair, and transparent. Where applicable, valid consent is obtained from individuals prior to collecting their data. The purpose of data collection is clearly specified, and the data is retained only for that stated purpose unless additional consent is obtained for further use. Furthermore, N-Kor follows the principle of data minimization by collecting only the minimum amount and type of data necessary to achieve the intended purpose.
Access to data at N-Kor is strictly limited to individuals based on their specific roles and operational necessity. Employees are expected to adhere to this principle and must not access, use, or share any data beyond their authorized scope of responsibility. To ensure data protection when engaging external parties, all third-party vendors are required to enter into binding agreements such as Non- Disclosure Agreements (NDAs) and Data Processing Agreements (DPAs), which include clear confidentiality clauses and defined security obligations.
N-Kor employs robust technical and organizational measures to safeguard all data from unauthorized access, processing, and loss.
These measures include:
Encryption: All sensitive data is encrypted both at rest and in transit.
Authentication: Multi-factor authentication (MFA) and strong password policies are enforced.
Access Management: Role-based access, regular access reviews, and user provisioning/de- provisioning controls.
Network & Endpoint Security: Firewalls, anti-malware, and intrusion detection/prevention systems (IDS/IPS) are utilized.
Physical Security: Restricted access to offices and data centers, with surveillance and entry logs.
Backups: Regular data backups and disaster recovery plans are in place.
Audit Trails: Logs of all data access and modifications are maintained and reviewed.
Data is retained only for as long as necessary to serve its intended purpose or to meet legal, contractual, or regulatory requirements. Once the retention period ends, it is securely disposed of to prevent unauthorized access or recovery - this includes permanently deleting electronic records and shredding physical documents.
Data at N-Kor is shared internally based on a strict need-to-know principle, ensuring that only authorized personnel access relevant information. External data sharing is restricted to approved partners or service providers and is permitted solely for valid business purposes under formal data protection agreements. Any international data transfers are conducted in accordance with applicable cross-border data transfer regulations, ensuring the recipient maintains adequate data protection measures.
In the event of a data breach, N-Kor will initiate its Data Breach Response Plan (DBRP), which includes immediate containment of the breach, thorough investigation, impact assessment, and detailed documentation. Affected individuals and relevant regulators will be notified promptly, in line with applicable legal requirements. Notifications will outline the nature of the breach, its potential impact, and the corrective actions taken to mitigate further risk. All employees are required to promptly report any suspected data breach or security incident to the IT or Compliance departments. The summary of the DBRP is provided below for quick reference.
All employees are responsible for maintaining the confidentiality of personal and proprietary information accessed during their employment. Mandatory training on data protection and confidentiality is provided to all employees and contractors, covering topics such as handling personal data, recognizing phishing attacks, and securing sensitive information. Employees are required to report any suspicious activity, phishing attempts, or incidents that may compromise data security.
N-Kor engages only with vendors and third parties that meet established data privacy and security standards. Any third-party handling data on behalf of N-Kor is required to sign a Data Processing Agreement (DPA), which clearly defines their responsibilities, data protection obligations, and breach notification procedures to ensure compliance and accountability.
N-Kor conducts regular monitoring and audits of its data protection practices to verify compliance with this policy and applicable legal requirements. These audits involve reviewing access logs, identifying system vulnerabilities, and assessing adherence to internal data protection standards. Any deficiencies or gaps identified during the audit process will result in appropriate corrective actions, which may include disciplinary measures where necessary.
Any violation of this policy including unauthorized access to or sharing of data, or failure to report security incidents will be treated seriously and may result in disciplinary action, up to and including termination of employment. Contractors and third-party vendors found in breach of this policy may be subject to contract termination and potential legal consequences.
For any questions, clarifications, or concerns regarding this policy, employees and stakeholders are encouraged to reach out to the info@kavion.ai for support and guidance.