Privacy Policy

ProminentContact LTD, trading as InFynd

‍Publication Date: 03 January 2024
Effective Date: 02 January 2026
Document Classification: Confidential & Proprietary
‍Version Control: V.3.0  


‍1. INTERPRETATION & GOVERNING LAW
This Privacy Notice ("Notice") explains how Klodev processes personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, the EU General Data Protection Regulation ("EU GDPR"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), and the India Digital Personal Data Protection Act, 2023 ("DPDP Act").  

This Notice governs the processing activities of Technologies LTD (Company Number 8056158581), trading as Klodev, whose registered office is situated at Lily Hill House, Lily Hill Road, Bracknell, England, RG12 2SJ  (ICO Registration Number: ZA599278), herein referred to as "the Company," "we," "us," or "our."

All capitalised terms herein shall have the meaning ascribed to them under relevant data protection law, or as defined within this document.

‍2. EXECUTIVE SUMMARY & KEY PRINCIPLES

Klodev operates as a global provider of cloud, AI, data services, and Zoho implementation solutions, enabling digital transformation for businesses in sectors including finance, HR, and public administration. " Our core operational principle is " Privacy by Design and by Default."

This Notice formalizes our unwavering commitment to the following foundational principles of data protection, aligned with our cloud, AI, data services, and Zoho implementation operations
‍
‍Lawfulness, Fairness & Transparency: We process personal data only under a valid legal basis and with clear transparency.
‍Purpose Limitation: Data is collected only for specified, legitimate purposes and not used incompatibly.
‍Data Minimization: We collect only the data that is adequate and necessary for our services.
‍Accuracy: We take steps to ensure personal data is kept accurate and up-to-date.
‍Storage Limitation: Data is retained only as long as necessary, then securely deleted or anonymized.
‍Integrity & Confidentiality: We protect data with robust technical and organisational security measures.
‍Accountability: We maintain comprehensive records of our processing activities and can demonstrate compliance.  


‍3. DEFINITIONS OF ROLES UNDER DATA PROTECTION LAW

Understanding the capacity in which we operate is critical to comprehending your rights and our obligations.

‍Data Controller: Klodev determines the purposes and means of processing personal data when handling it for our own operational needs within cloud, AI, and data engineering projects. This includes client account management for service delivery, billing for AWS/Azure deployments or data pipelines, and direct marketing of our cloud/AI solutions to prospective clients.  

‍Data Processor: Klodev processes personal data on behalf of clients (acting as Data Controllers) specifically for cloud configurations, AI automation workflows, and data engineering tasks—such as SQL/NoSQL integrations, data extraction/enrichment, or analytics pipelines. These activities follow client instructions under project-specific agreements that outline processing terms, security measures, and international transfer safeguards where required. Such agreements supersede conflicting terms in this Notice for processor roles.

‍
4. CATEGORIES OF PERSONAL DATA WE PROCESS

‍This section outlines the types of personal data Klodev processes, the sources from which such data is obtained, the legal basis under the UK/EU GDPR, and the purposes for which the data is used.


‍4.1 Account and Authentication Data

‍Data Processed:
Full legal name, corporate email address, encrypted or hashed password, unique user identifier, assigned user role and permissions, and single sign-on (SSO) identifiers.
Source:
Collected directly from the user or their employer during account creation or access provisioning.
‍Legal Basis:
Performance of a Contract (Article 6(1)(b) GDPR).
‍Purpose:
To create and manage user accounts, authenticate access to Klodev’s SaaS platform, apply role-based permissions, and maintain platform security.

‍4.2 Business Contact and Professional Profile Data
‍
‍Data Processed:
Full name, job title, employer details (including company size, industry, website, and public social profiles), business location (city and country), business telephone number, verified corporate email address, professional profile URLs (e.g., LinkedIn), and relevant employment history.
‍Source:
Publicly available sources (such as company websites, professional networks, and public registries), third-party data providers, and information provided directly by the data subject.
‍Legal Basis:
Legitimate Interests (Article 6(1)(f) GDPR).

‍Purpose:
To build and maintain a B2B intelligence database and to deliver sales intelligence, lead generation, and data enrichment services to Klodev’s business clients acting as data controllers.

‍ 4.3 Technical and Operational Data Data Processed:
IP address, device and browser information, operating system, login timestamps, activity and usage logs, feature interaction data, error reports, and cookie or similar tracking identifiers.
‍Source:
Automatically collected through platform usage, server logs, APIs, and tracking technologies.
‍Legal Basis:
Legitimate Interests (Article 6(1)(f) GDPR).
‍Purpose:
To ensure network and information security, monitor platform performance, detect and prevent fraud, and conduct aggregated analytics to improve Klodev’s services.

‍4.4 Commercial and Billing Information

‍Data Processed:
Client entity name, billing address, authorised contact details, subscription plan, payment and transaction history, invoice records, and reference numbers.
‍Source:
Provided directly by client organisations.
‍Legal Basis:
Performance of a Contract (Article 6(1)(b) GDPR) and Compliance with Legal Obligations (Article 6(1)(c) GDPR), including accounting and tax requirements.
‍Purpose:
To manage commercial relationships, process payments, issue invoices, and meet statutory financial and record-keeping obligations.


‍4.5 Communications and Support Data

‍Data Processed:
Email communications, support ticket submissions, chat transcripts, demo requests, and call recordings (where notice has been provided).
‍Source:
Collected directly from individuals when they contact Klodev.
‍Legal Basis:
Legitimate Interests (Article 6(1)(f) GDPR).
‍Purpose:
To respond to enquiries, provide customer and technical support, maintain service quality, and manage ongoing business relationships.

‍4.6 Derived and Inferred Data

‍Data Processed:
Non-reversible hashed email identifiers, professional categorisation (e.g., job function, industry classification), data linkage or confidence scores, and internal deduplication markers.
‍Source:
Generated internally through automated and algorithmic processing of existing data.
‍Legal Basis:
Legitimate Interests (Article 6(1)(f) GDPR).
‍Purpose:
To improve data accuracy, prevent duplication, and enable advanced segmentation and targeting functionalities for Klodev’s clients.


‍4.7 Data We Do Not Process

‍Klodev does not intentionally collect or process:
Special Category Data as defined under Article 9 GDPR (including health data, racial or ethnic origin, political opinions, or religious beliefs),
Personal data relating to criminal convictions or offences, or
Personal data of minors for marketing or profiling purposes.
‍Our services are not designed for such processing.


‍5. LEGITIMATE INTERESTS ASSESSMENT (LIA)
Pursuant to Article 6(1)(f) GDPR, KloDev relies on Legitimate Interests for processing in cloud/AI/data projects, such as:
Client/project communications to deliver AWS/Azure setups or data pipelines.
Billing and account management for engineering services.
Direct marketing of cloud/AI solutions to business contacts.


‍
Balancing Test (as per ICO guidance) for these activities, evaluating our interests against the potential impact on the data subject's rights and freedoms.

‍5.1. Our Legitimate Interests

We process personal data where necessary for the purposes of our legitimate interests, provided that such interests are not overridden by the rights and freedoms of data subjects. Our legitimate interests include:

Operating, improving, and maintaining our software, platforms, and technology services.
Providing high-quality digital solutions, development, and consulting services to businesses and professionals.
Communicating with clients, partners, and prospective customers about our services, products, and offerings where permitted by applicable law.
Enhancing, securing, and ensuring the proper functioning of our IT systems, infrastructure, and services.
Preventing fraud, misuse, and unauthorized access to our platforms and systems.
Supporting business development efforts, including responding to inquiries and promoting our services to relevant audiences.

‍5.2. Impact Assessment & Safeguards:
We conclude that our processing is necessary for these interests and does not override the fundamental rights of data subjects, due to the following inherent safeguards and contextual factors:

‍Nature of the Data:We process professional/business contact data only, typically limited to information an individual has made public in a professional capacity.
‍Limited Impact:The processing is unlikely to cause surprise or undue harm, as B2B marketing and professional networking are well-established commercial practices
‍Transparency & Control:This Notice provides clear transparency. We provide easily accessible opt-out mechanisms (see Section 11) for both our database and direct marketing, allowing any individual to object to processing without detriment.
‍Beneficial Purpose:The processing supports economic activity by helping businesses grow and connect.


‍6. INTERNATIONAL DATA TRANSFERS & SAFEGUARDS International Data Transfers & Safeguards

Klodev operates globally. As a result, personal data may be transferred to, stored in, or accessed from countries outside the United Kingdom (“UK”) and the European Economic Area (“EEA”) that may not benefit from an official adequacy decision.

Where international transfers occur, we ensure they are carried out in full compliance with Chapter V of the UK GDPR and EU GDPR. Appropriate safeguards are implemented, including:

‍UK International Data Transfer Agreement (IDTA) and EU Standard Contractual Clauses (SCCs) with relevant service providers and partners
‍Binding Corporate Rules (BCRs) for intra-group data transfers, where applicable
‍Derogations, such as explicit consent or transfers necessary for contract performance, used only in limited circumstances


We maintain a detailed record of international data transfers, including recipients, locations, and safeguards, as part of our Record of Processing Activities (ROPA), which is available to supervisory authorities upon request.

‍7. DATA RETENTION & SECURE ERASURE

Klodev retains personal data only for as long as necessary to fulfil the purposes for which it was collected, including the satisfaction of legal, contractual, regulatory, accounting, and security obligations. Retention periods are defined by internal policy and are regularly reviewed to ensure compliance with the principles of data minimization and storage limitation under the UK/EU GDPR.

‍7.1 Retention Periods by Data Category

‍Prospect and Marketing Contact Data
Personal data relating to prospective customers and marketing contacts is retained for up to three (3) years from the date of the last meaningful interaction, such as an email engagement, website visit, or response to outreach.
Rationale: This period reflects typical B2B sales cycles and supports Klodev’s legitimate interest in business development, while ensuring data is not retained indefinitely without engagement.  

‍Client Account Data
Personal data associated with active client accounts is retained for the duration of the contractual relationship, and for a period of seven (7) years following contract termination.
Rationale: This enables Klodev to meet statutory limitation periods for contractual claims, regulatory audits, dispute resolution, and commercial record-keeping.


Billing and Financial Records
Billing, invoicing, and payment-related data is retained for seven (7) years from the end of the financial year in which the relevant transaction occurred.
Rationale: This retention period is required under applicable financial, tax, and corporate record-keeping laws, including UK Companies Act and HMRC obligations.

Technical Logs and Security-Related Data
System logs, access records, and security monitoring data are retained for periods ranging from 30 days to one (1) year, depending on the nature, sensitivity, and operational purpose of the data.
Rationale: This approach balances Klodev’s need to ensure platform security, investigate incidents, and prevent fraud with the principle of data minimisation.  


‍Professional Profile Data in Klodev’s Database
Business professional profile data forming part of Klodev’s B2B intelligence database may be retained on an ongoing basis, subject to continuous data accuracy checks, regular verification, and the availability of clear opt-out and objection mechanisms.
Rationale: Ongoing retention supports Klodev’s legitimate interest in maintaining an accurate and up-to-date business intelligence dataset, with immediate erasure applied where a valid objection, opt-out, or legal requirement is received.  


‍7.2 Secure Erasure and Destruction

At the end of the applicable retention period, or upon a valid erasure request, personal data is securely deleted or irreversibly anonymised using industry-standard methods. This includes secure deletion for electronic records and certified destruction (such as shredding) for any physical records.
Klodev maintains internal controls to ensure that data erasure is verifiable, timely, and consistently applied across all systems and processors.

‍8. Data Subject Rights & Request Procedure

As a provider of cloud, AI automation, and digital services, Klodev maintains a formal process to handle requests from individuals exercising their data protection rights in accordance with applicable privacy laws.

‍8.1 Rights under UK & EU GDPR

If you are located in the UK or European Union, you have the right to:

Access personal data processed through our cloud platforms, AI systems, and service operations
Request rectification of inaccurate or incomplete data
Request erasure of personal data (“right to be forgotten”), subject to legal and contractual obligations
Restrict processing of personal data
Request data portability, where technically feasible
Object to processing, including direct marketing and certain automated processing activities
Object to automated decision-making, including profiling, where applicable

‍8.2 Rights under CCPA/CPRA (California Residents)

If you are a California resident, you have the right to:
Know the categories and specific pieces of personal information collected through our cloud, AI, and automation services
Request deletion or correction of personal information
Opt out of the sale or sharing of personal information (Klodev does not sell personal data as defined under CCPA)
Not be discriminated against for exercising your privacy rights

‍8.3 Rights under India’s DPDP Act, 2023

If you are located in India, you have the right to:
Access personal data processed through our AI-driven and cloud-based services
Request correction or erasure of personal data
Raise grievances related to data processing activities
Nominate a representative in the event of death or incapacity

‍8.4 Submitting a Request

All data subject requests should be submitted to our Data Protection Office at:
📧 compliance@prominentcontact.com


We acknowledge requests within 5 business days
We aim to respond within 30 days, which may be extended by up to two additional months for complex or technically involved requests
Identity verification may be required to prevent unauthorised access or disclosure
Requests are processed free of charge, unless they are manifestly unfounded, repetitive, or excessive


‍9. SECURITY MEASURES & ORGANISATIONAL CONTROLS

We implement a layered security architecture aligned with ISO 27001 principles. Our measures include, but are not limited to:

‍Technical Measures: Encryption of data in transit (TLS 1.2+) and at rest (AES-256); rigorous vulnerability management and patch management programs; intrusion detection and prevention systems (IDS/IPS); stringent logical access controls with mandatory multi-factor authentication (MFA) for administrative access; comprehensive logging and monitoring of all privileged activities.

‍Organisational Measures: Mandatory annual data protection training for all staff; strict confidentiality agreements; a clear internal data breach response plan compliant with Article 33 GDPR; regular third-party security audits and penetration testing; and a dedicated Information Security Management Team.

‍10. THIRD-PARTY DISCLOSURES & SUB-PROCESSOR OVERSIGHT  
To deliver our cloud, AI automation, and digital services, Klodev engages a limited number of trusted third-party service providers (“sub-processors”). Each sub-processor is subject to appropriate due diligence, security assessments, and contractual obligations that are no less protective than those set out in this Privacy Notice and our Data Processing Agreements (DPAs).

Categories of sub-processors may include:
‍Cloud infrastructure and hosting providers (e.g., AWS, Google Cloud)
‍CRM, automation, and enterprise software providers
‍Payment service providers (PCI-DSS compliant, where applicable)
‍Analytics, logging, and performance monitoring tools
‍Communication, customer support, and collaboration platforms
Klodev remains responsible for the protection of personal data processed on its behalf by sub-processors. An up-to-date list of key sub-processors is available upon request.

11. MARKETING & PROFILING OPT-OUT MECHANISMS

‍Marketing & Profiling Opt-Out Mechanisms
Klodev respects your preferences regarding marketing communications and profiling activities.
‍
‍Email Marketing
All marketing emails sent by Klodev include a clear and accessible “Unsubscribe” link. Requests to opt out of marketing communications are processed within 10 business days.

‍Profiling & Data Processing Opt-Out
Where permitted by applicable law, individuals may object to or opt out of certain profiling or data processing activities related to marketing, analytics, or service optimization.
To submit an opt-out request, please contact our Data Protection Office at:
📧 compliance@prominentcontact.com
Alternatively, where available, you may submit a request through our Data Subject Rights request form on our website.
Opt-out requests are applied across Klodev’s systems in accordance with applicable legal requirements.



‍12. Policy Administration & Contact Information
This Privacy Notice is reviewed periodically and updated as necessary to reflect regulatory, operational, or service-related changes. The most current version of this Notice is always available on our website.

‍Data Protection Contact
For any questions, concerns, or requests related to this Privacy Notice or the processing of personal data in connection with Klodev’s cloud and AI automation services, please contact:
‍

‍Supervisory Authority Complaints
If you are located in the UK or European Union, you have the right to lodge a complaint with the relevant data protection authority. In the UK, this is the Information Commissioner’s Office (ICO).

We encourage you to contact us first so we can address your concerns directly.