Privacy Policy

1. Introduction and Legal Framework

Welcome to Carria Networks Limited ("Company," "we," "our," or "us"), a technology solutions provider incorporated under the laws of Kenya. This Privacy Policy constitutes a legally binding agreement between you ("User," "you," or "your") and Carria Networks Limited, governing the collection, processing, storage, and disclosure of personal information in connection with your use of our website located at carrianetworks.com and all related services, applications, and platforms (collectively, the "Services").

This Privacy Policy has been drafted in accordance with applicable data protection legislation, including but not limited to the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the California Consumer Privacy Act of 2018 ("CCPA"), the Kenya Data Protection Act No. 24 of 2019, and other relevant international privacy frameworks. We maintain the highest standards of data protection and privacy compliance across all jurisdictions where we operate or provide services.

By accessing, browsing, or utilizing any aspect of our Services, you expressly acknowledge that you have thoroughly read, understood, and agree to be legally bound by the terms and conditions set forth in this Privacy Policy. Your continued use of our Services following any modifications to this policy constitutes your acceptance of such changes. If you do not agree with any provision of this Privacy Policy, you must immediately discontinue use of our Services and refrain from providing any personal information to us.

2. Categories of Personal Information Collected

In the course of providing our comprehensive IT solutions and services, we collect various categories of personal information through multiple channels and methods. Our data collection practices are governed by the principles of data minimization, purpose limitation, and lawful basis for processing, ensuring that we only collect information that is necessary, relevant, and proportionate to the specific purposes for which it is intended.

2.1 Voluntarily Provided Personal Information

We collect personal information that you voluntarily and knowingly provide to us through various touchpoints, including but not limited to our website contact forms, service inquiries, account registration processes, consultation requests, and direct communications. This category encompasses all information that you consciously choose to share with us in the context of establishing or maintaining a business relationship.

• Identity and Contact Information: Full legal name, preferred name, professional title, business email address, personal email address (where applicable), primary and secondary telephone numbers, mobile phone numbers, business mailing address, residential address (where relevant), and any other contact details you provide
• Professional and Business Information: Company name, business registration details, industry sector, job title, department, professional responsibilities, business requirements, project specifications, technical needs assessment, budget parameters, and organizational structure information
• Communication and Correspondence Data: All messages, inquiries, feedback, support requests, consultation notes, meeting records, email correspondence, chat transcripts, phone call summaries, and any other communications exchanged between you and our organization
• Account and Authentication Information: Username, encrypted password, security questions and answers, account preferences, notification settings, access permissions, and authentication credentials for our client portals or service platforms
• Financial and Payment Information: Billing address, payment method details, credit card information (processed through secure third-party payment processors), bank account details (where applicable), invoicing information, purchase history, and transaction records
• Technical Project Information: Detailed technical requirements, system specifications, infrastructure needs, software preferences, security requirements, compliance standards, project timelines, and any proprietary or confidential information shared for service delivery purposes

2.2 Automatically Collected Technical Information

Through the use of various technological tools and methods, we automatically collect certain technical and usage information when you interact with our digital properties. This information is collected through cookies, web beacons, server logs, and other tracking technologies, and is essential for maintaining the security, functionality, and performance of our services while providing you with an optimized user experience.

• Device and System Information: Internet Protocol (IP) address, unique device identifiers, browser type and version, operating system and version, device manufacturer and model, screen resolution, color depth, hardware specifications, and network connection details
• Website Usage and Behavioral Data: Pages visited, time spent on each page, click-through patterns, navigation paths, search queries, referral sources, exit pages, download activity, form interactions, and user engagement metrics
• Geographic and Location Information: General geographic location derived from IP address, country, region, city, time zone, and language preferences, while respecting your privacy and not collecting precise location data without explicit consent
• Technical Performance Data: Page load times, error messages, system performance metrics, bandwidth usage, and other technical data necessary for optimizing our services and troubleshooting issues

2.3 Information Received from Third-Party Sources

We may receive personal information about you from legitimate third-party sources, including business partners, referral networks, public databases, and social media platforms. All such information is obtained in compliance with applicable privacy laws and the terms of service of the respective third-party platforms. We ensure that any third-party sources from which we receive information have appropriate legal bases for sharing such data with us.

• Business Network and Referral Information: Contact details, professional background, and business information received from our authorized partners, referral sources, industry contacts, and professional networks
• Social Media and Public Platform Data: Publicly available information from professional social media platforms such as LinkedIn, company websites, industry directories, and other public sources, collected only when you interact with our content or express interest in our services
• Public Records and Directory Information: Business registration details, professional licensing information, and other publicly available data from government databases, industry registries, and commercial directories
• Marketing and Analytics Platform Data: Aggregated and anonymized data from marketing platforms, analytics services, and advertising networks that help us understand market trends and improve our service offerings

3. Lawful Basis and Purposes for Processing Personal Information

We process your personal information only where we have established a clear and lawful basis for such processing under applicable data protection legislation. Our processing activities are conducted in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability. Each processing activity is carefully assessed to ensure it serves a legitimate purpose and is proportionate to the intended outcome.

3.1 Service Delivery and Contract Performance

We process your personal information as necessary for the performance of contracts to which you are a party, or to take steps at your request prior to entering into a contract. This includes the full spectrum of our IT solutions, consulting services, and technical support offerings. Our processing activities in this category are essential for delivering the services you have requested and maintaining our contractual obligations to you.

• Comprehensive IT Solutions Delivery: Designing, developing, implementing, and maintaining web development projects, structured cabling systems, security infrastructure, cloud integration solutions, and all other technical services as specified in our service agreements
• Contract Management and Administration: Processing service agreements, managing project timelines, coordinating deliverables, tracking milestones, handling change requests, and ensuring compliance with contractual terms and conditions
• Technical Support and Maintenance: Providing ongoing technical assistance, troubleshooting system issues, performing maintenance activities, implementing updates and patches, and ensuring optimal performance of delivered solutions
• Financial Processing and Billing: Processing payments, generating invoices, managing billing cycles, handling refunds or adjustments, maintaining financial records, and ensuring accurate accounting for all transactions
• Quality Assurance and Service Optimization: Monitoring service performance, conducting quality assessments, implementing improvements, and ensuring that all deliverables meet or exceed agreed-upon standards and specifications

3.2 Communication and Customer Relationship Management

We process your personal information to maintain effective communication channels and manage our ongoing business relationship with you. This processing is based on our legitimate interests in providing excellent customer service, maintaining professional relationships, and ensuring that you receive timely and relevant information about our services and any matters that may affect your business relationship with us.

• Inquiry Response and Information Provision: Responding to your questions, providing detailed information about our services, offering technical consultations, and ensuring that you have access to all necessary information to make informed decisions about our offerings
• Service Updates and Critical Notifications: Communicating important updates about your services, notifying you of scheduled maintenance, informing you of security updates, and providing other essential information related to your account or services
• Technical Support Communications: Facilitating technical support interactions, documenting support requests, tracking resolution progress, and maintaining comprehensive records of all support activities for quality assurance and continuous improvement purposes
• Professional Relationship Management: Maintaining ongoing professional relationships, scheduling meetings and consultations, coordinating project communications, and ensuring effective collaboration throughout our business relationship

3.3 Business Operations and Legal Compliance

We process your personal information to support our legitimate business interests in operating efficiently, maintaining security, preventing fraud, and complying with our legal obligations. This processing is essential for the proper functioning of our business and ensuring that we meet all regulatory requirements and industry standards applicable to our operations.

• Service Enhancement and Innovation: Analyzing usage patterns, identifying areas for improvement, developing new features and services, conducting research and development activities, and ensuring that our offerings remain competitive and meet evolving market needs
• Security and Fraud Prevention: Implementing robust security measures, monitoring for suspicious activities, preventing unauthorized access, protecting against cyber threats, and maintaining the integrity and confidentiality of all systems and data
• Legal and Regulatory Compliance: Meeting our obligations under applicable laws and regulations, maintaining required records, responding to legal requests, cooperating with regulatory authorities, and ensuring compliance with industry standards and best practices
• Business Analytics and Performance Monitoring: Conducting market research, analyzing business performance, generating reports for internal use, identifying trends and opportunities, and making data-driven decisions to improve our operations and service delivery

3.4 Marketing and Business Development (With Explicit Consent)

Where we have obtained your explicit consent, we may process your personal information for marketing and business development purposes. This consent-based processing allows us to provide you with information about new services, industry insights, and opportunities that may be of interest to you. You have the absolute right to withdraw your consent at any time, and we provide clear and easy mechanisms for you to do so.

• Targeted Marketing Communications: Sending newsletters, promotional materials, service announcements, and other marketing content that is relevant to your interests and business needs, always with the option to unsubscribe
• Personalized Service Recommendations: Analyzing your preferences and requirements to provide customized recommendations for services that may benefit your organization, ensuring that our communications are relevant and valuable
• Industry Insights and Educational Content: Sharing relevant industry trends, technical insights, best practices, and educational materials that can help you make informed decisions about your IT infrastructure and technology investments
• Event Invitations and Networking Opportunities: Inviting you to relevant industry events, webinars, workshops, and networking opportunities that align with your professional interests and business objectives

4. Information Sharing, Disclosure, and Third-Party Relationships

Carria Networks Limited maintains a strict policy regarding the sharing and disclosure of personal information. We categorically do not sell, trade, rent, or otherwise monetize your personal information to third parties for commercial purposes. Our commitment to protecting your privacy extends to all aspects of our business operations, and we have implemented comprehensive policies and procedures to ensure that your personal information is shared only when necessary and under strict contractual and legal safeguards.

We recognize that certain business operations require the involvement of trusted third-party service providers and partners. In such cases, we ensure that all parties involved in processing your personal information are bound by contractual obligations that are no less protective than the standards set forth in this Privacy Policy. We conduct thorough due diligence on all third-party processors and maintain ongoing oversight of their data handling practices to ensure continued compliance with our privacy standards.

4.1 Authorized Service Providers and Processors

We engage carefully selected third-party service providers to assist us in delivering our services and maintaining our business operations. These relationships are governed by comprehensive data processing agreements that include strict confidentiality provisions, security requirements, and limitations on the use of personal information. All service providers are required to implement appropriate technical and organizational measures to protect your personal information and are prohibited from using your data for any purpose other than providing services to us.

• Technology Infrastructure Providers: Cloud hosting services, content delivery networks, database management systems, backup and disaster recovery services, and other technology infrastructure components necessary for delivering our services securely and reliably
• Financial Services and Payment Processors: Secure payment processing platforms, billing systems, financial institutions, and accounting services that handle transaction processing, invoice generation, and financial record keeping in compliance with applicable financial regulations
• Communication and Marketing Platforms: Email service providers, customer relationship management systems, marketing automation platforms, and communication tools that enable us to maintain professional relationships and provide you with relevant information about our services
• Analytics and Performance Monitoring Services: Website analytics platforms, performance monitoring tools, and business intelligence services that help us understand user behavior, optimize our services, and improve the overall user experience while maintaining data privacy
• Professional Services and Consultants: Legal advisors, auditors, consultants, and other professional service providers who may require access to personal information in the course of providing services to us, all of whom are bound by professional confidentiality obligations

4.2 Corporate Transactions and Business Transfers

In the event of a corporate transaction such as a merger, acquisition, consolidation, sale of assets, or other business combination involving Carria Networks Limited, your personal information may be transferred as part of the transaction. We are committed to ensuring that any such transfer maintains the same level of privacy protection outlined in this Privacy Policy. Prior to any such transaction, we will provide notice to affected individuals and ensure that the acquiring entity agrees to honor the commitments made in this Privacy Policy or provide equivalent protection for your personal information.

4.3 Legal Obligations and Regulatory Compliance

We may disclose your personal information when required by law, legal process, or regulatory authority, or when we believe in good faith that such disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of others. Such disclosures are made only to the extent necessary and in compliance with applicable legal requirements, and we will make reasonable efforts to notify affected individuals unless prohibited by law or court order.

• Legal Process Compliance: Responding to subpoenas, court orders, search warrants, and other legal processes issued by competent authorities in accordance with applicable procedural requirements and constitutional protections
• Regulatory Investigations and Inquiries: Cooperating with regulatory authorities, government agencies, and law enforcement officials in connection with investigations, audits, or inquiries related to our business operations or compliance with applicable laws
• Protection of Rights and Safety: Disclosing information when necessary to protect our intellectual property rights, enforce our terms of service, prevent fraud or abuse, or address security threats that may pose a risk to our systems or users
• Emergency Situations: Sharing information in emergency situations where there is an imminent threat to life, health, or safety, and where disclosure may help prevent or mitigate such threats

4.4 Consent-Based Sharing and Strategic Partnerships

We may share your personal information with third parties when you have provided explicit, informed consent for such sharing. This includes situations where you have requested that we share your information with specific partners or service providers, or where you have opted into programs or services that involve data sharing. In all cases, we will clearly explain the purpose of the sharing, the identity of the recipient, and the type of information to be shared before obtaining your consent.

We may also enter into strategic partnerships with other organizations to provide enhanced services or solutions to our clients. In such cases, any sharing of personal information will be governed by strict contractual provisions and will be limited to what is necessary to deliver the agreed-upon services. Partners will be required to maintain the same level of data protection as outlined in this Privacy Policy.

5. Data Security

We implement comprehensive security measures to protect your personal information:

5.1 Technical Safeguards

• Encryption: Data transmission and storage using industry-standard encryption (SSL/TLS)
• Access Controls: Multi-factor authentication and role-based access restrictions
• Network Security: Firewalls, intrusion detection, and regular security monitoring
• Secure Infrastructure: Cloud hosting with enterprise-grade security certifications

5.2 Administrative Safeguards

• Regular security training for all employees
• Strict data handling policies and procedures
• Background checks for personnel with data access
• Incident response and breach notification procedures

5.3 Physical Safeguards

• Secure facilities with controlled access
• Environmental controls and monitoring
• Secure disposal of physical media
• Equipment security and asset management

6. Data Retention Policies and Secure Disposal Procedures

Carria Networks Limited has established comprehensive data retention policies that balance our legitimate business needs, legal obligations, and your privacy rights. Our retention practices are designed to ensure that personal information is retained only for as long as necessary to fulfill the specific purposes for which it was collected, while also meeting our regulatory compliance requirements and enabling us to defend our legal interests when necessary. We have implemented systematic procedures for the regular review and disposal of personal information in accordance with predetermined retention schedules.

Our data retention framework is built upon the principles of proportionality, necessity, and accountability. We regularly assess our retention practices to ensure they remain appropriate and justified, taking into account changes in our business operations, legal requirements, and industry best practices. All retention decisions are documented and subject to periodic review by our data protection team to ensure ongoing compliance with applicable privacy laws and regulations.

6.1 Comprehensive Retention Schedule and Legal Basis

We have established detailed retention periods for different categories of personal information based on the nature of our relationship with you, the purposes for which the information was collected, and applicable legal requirements. These retention periods are regularly reviewed and updated to reflect changes in our business operations and legal obligations.

• Active Client Relationships and Service Delivery: Personal information related to active clients and ongoing service delivery is retained for the duration of the contractual relationship plus a period of seven (7) years following the termination or completion of services. This extended retention period is necessary to comply with corporate record-keeping requirements, tax obligations, potential warranty claims, and to defend against any legal proceedings that may arise from our business relationship.
• Prospective Clients and Business Development: Information collected from prospective clients, including contact details, business requirements, and communication records, is retained for a maximum period of three (3) years from the date of last meaningful contact or until you explicitly request removal from our systems. This retention period allows us to maintain continuity in our business development efforts while respecting your right to be forgotten.
• Website Analytics and Usage Data: Technical information collected through our website, including IP addresses, browser information, and usage patterns, is retained for a maximum period of twenty-six (26) months from the date of collection. This retention period aligns with industry standards for web analytics and allows us to identify trends, improve our services, and maintain website security.
• Marketing Communications and Consent Records: Information related to marketing communications, including email addresses, communication preferences, and consent records, is retained until you withdraw your consent or unsubscribe from our communications. We maintain detailed records of consent and withdrawal to demonstrate compliance with applicable marketing regulations.
• Legal and Regulatory Compliance: Certain categories of personal information may be retained for extended periods as required by applicable laws, regulations, or legal proceedings. In such cases, we will retain the minimum amount of information necessary to meet our legal obligations and will implement additional safeguards to protect the confidentiality and integrity of such information.

6.2 Secure Deletion and Data Destruction Protocols

Upon expiration of the applicable retention period, we implement comprehensive data destruction procedures to ensure that personal information is permanently and irreversibly deleted from all of our systems and storage media. Our secure deletion protocols are designed to prevent any possibility of data recovery or reconstruction, utilizing industry-standard methods and technologies that meet or exceed international standards for data destruction.

Our data destruction procedures include multiple layers of security measures, including cryptographic erasure, physical destruction of storage media where necessary, and verification procedures to confirm successful deletion. We maintain detailed logs of all data destruction activities, including the date of destruction, the method used, and the personnel responsible for overseeing the process. These logs are retained for audit purposes and to demonstrate compliance with our data protection obligations.

7. Your Privacy Rights

You have the following rights regarding your personal information:

7.1 Access and Portability

• Right to Access: Request a copy of the personal information we hold about you
• Data Portability: Receive your data in a structured, machine-readable format

7.2 Correction and Updates

• Right to Rectification: Correct inaccurate or incomplete personal information
• Account Updates: Modify your contact preferences and account settings

7.3 Deletion and Restriction

• Right to Erasure: Request deletion of your personal information (subject to legal requirements)
• Right to Restriction: Limit how we process your personal information

7.4 Consent and Objection

• Withdraw Consent: Opt out of marketing communications at any time
• Right to Object: Object to processing based on legitimate interests

7.5 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@carrianetworks.com. We will respond to your request within 30 days and may require identity verification for security purposes.

8. Cookies, Tracking Technologies, and Digital Analytics Framework

Carria Networks Limited employs a sophisticated array of cookies, web beacons, pixel tags, local storage technologies, and other digital tracking mechanisms to enhance your browsing experience, optimize our website performance, and gather valuable insights about user behavior and preferences. Our use of these technologies is governed by applicable privacy laws, including the EU Cookie Directive, GDPR requirements for consent, and other relevant regulations that mandate transparency and user control over tracking technologies.

We are committed to providing you with comprehensive information about our use of tracking technologies and ensuring that you have meaningful control over how these technologies collect and process your information. Our cookie policy is designed to be transparent, user-friendly, and compliant with the highest standards of privacy protection, while enabling us to deliver the personalized and optimized digital experience that our users expect.

8.1 Comprehensive Classification of Tracking Technologies

We utilize various categories of tracking technologies, each serving specific purposes and operating under different legal bases. Our classification system ensures that we apply appropriate consent mechanisms and provide clear information about the purpose and duration of each type of tracking technology deployed on our digital properties.

• Strictly Necessary and Essential Cookies: These cookies are absolutely essential for the proper functioning of our website and cannot be disabled without severely impacting your ability to use our services. They include session management cookies, authentication tokens, security cookies that protect against cross-site request forgery attacks, load balancing cookies that ensure optimal server performance, and accessibility cookies that remember your accessibility preferences. These cookies are deployed based on our legitimate interest in providing a functional and secure website experience.
• Performance and Analytics Cookies: These sophisticated tracking mechanisms collect detailed information about how visitors interact with our website, including page views, session duration, bounce rates, conversion funnels, and user journey mapping. We use this data to identify areas for improvement, optimize our content strategy, and enhance the overall user experience. These cookies help us understand which pages are most popular, how users navigate through our site, and where they encounter difficulties or abandon their sessions.
• Functional and Personalization Cookies: These cookies enable enhanced functionality and personalization features that improve your browsing experience. They remember your language preferences, display settings, form data, previous searches, and other customization options that you have selected. These cookies allow us to provide a more tailored and user-friendly experience by remembering your preferences across multiple sessions and visits to our website.
• Marketing and Advertising Cookies: Subject to your explicit consent, we may deploy marketing cookies that enable us to deliver targeted advertisements, measure the effectiveness of our marketing campaigns, and build detailed user profiles for advertising purposes. These cookies track your browsing behavior across multiple websites and platforms to create comprehensive profiles that inform our advertising strategies and enable us to deliver more relevant promotional content.

8.2 Advanced Cookie Management and User Control Mechanisms

We provide you with comprehensive tools and options to manage your cookie preferences and exercise control over the tracking technologies deployed on our website. Our cookie management system is designed to be user-friendly, accessible, and compliant with applicable privacy regulations that require meaningful consent and easy withdrawal mechanisms.

• Browser-Based Cookie Controls: All modern web browsers provide built-in cookie management tools that allow you to block all cookies, accept only first-party cookies, delete existing cookies, set expiration preferences, and receive notifications when websites attempt to set cookies. We provide detailed instructions for managing cookies in popular browsers including Chrome, Firefox, Safari, Edge, and others.
• Granular Consent Management: Our website features a sophisticated consent management platform that allows you to provide or withdraw consent for specific categories of cookies. You can access these controls at any time through our cookie preference center, which provides detailed information about each category of cookies and allows you to make informed decisions about your privacy preferences.
• Opt-Out Mechanisms and Industry Tools: We support various industry-standard opt-out mechanisms that allow you to withdraw from behavioral advertising and cross-site tracking. These include browser-based "Do Not Track" signals, industry opt-out tools provided by organizations such as the Network Advertising Initiative (NAI) and Digital Advertising Alliance (DAA), and platform-specific opt-out mechanisms.
• Mobile Device Controls: For users accessing our website through mobile devices, we provide information about device-level privacy controls, including advertising identifier reset options, location services management, and app-specific privacy settings that may affect how tracking technologies function on mobile platforms.

8.3 Third-Party Analytics and Cross-Platform Tracking Disclosure

We partner with reputable third-party analytics providers and marketing platforms to gain deeper insights into user behavior and measure the effectiveness of our digital marketing efforts. These partnerships involve the sharing of certain user data and the deployment of third-party tracking technologies that may collect information across multiple websites and platforms.

Our primary analytics partner is Google Analytics, which provides comprehensive website analytics, user behavior tracking, and conversion measurement services. Google Analytics uses cookies and other tracking technologies to collect information about your interactions with our website, which is then processed according to Google's privacy policy and data processing terms. We have implemented privacy-focused configurations in Google Analytics, including IP anonymization, data retention controls, and enhanced privacy settings that limit data sharing with Google's advertising services.

9. Third-Party Services

Our website and services integrate with various third-party platforms:

9.1 Service Integrations

• Payment Processors: Secure payment handling (PayPal, Stripe, etc.)
• Cloud Services: Data storage and processing (AWS, Google Cloud)
• Communication Tools: Email services, chat support, video conferencing
• Analytics Platforms: Website performance and user behavior analysis

9.2 Social Media

Our website may include social media features and widgets. These features may collect information about your visit and are governed by the privacy policies of the respective social media companies.

9.3 External Links

Our website contains links to external sites. We are not responsible for the privacy practices of these third-party websites. We encourage you to review their privacy policies before providing any personal information.

10. Cross-Border Data Transfers and International Compliance Framework

As a technology solutions provider operating in an increasingly interconnected global marketplace, Carria Networks Limited may, in the course of delivering our comprehensive IT services and maintaining our business operations, transfer your personal information across international borders to various jurisdictions worldwide. These cross-border data transfers are essential for providing seamless, integrated services to our clients, leveraging global technology infrastructure, and maintaining partnerships with international service providers and technology platforms.

We recognize that international data transfers present unique privacy challenges and regulatory complexities, particularly in light of varying data protection standards across different jurisdictions. Therefore, we have implemented a robust international compliance framework that ensures all cross-border transfers of personal information are conducted in accordance with the highest standards of data protection, regardless of the destination country or the specific legal requirements that may apply.

10.1 Comprehensive Transfer Safeguards and Legal Mechanisms

We employ multiple layers of legal and technical safeguards to ensure that your personal information receives adequate protection when transferred internationally. Our approach combines various legal mechanisms, contractual safeguards, and technical measures to create a comprehensive protection framework that meets or exceeds the requirements of applicable data protection laws.

• European Commission Adequacy Decisions and Equivalent Frameworks: Where possible, we prioritize transfers to countries that have been recognized by the European Commission as providing an adequate level of data protection, or to jurisdictions that have implemented equivalent adequacy frameworks under other privacy regimes. These adequacy decisions represent a formal recognition that the destination country's data protection laws and enforcement mechanisms provide substantially equivalent protection to that required under European data protection law.
• Standard Contractual Clauses and Approved Transfer Mechanisms: For transfers to countries without adequacy decisions, we utilize Standard Contractual Clauses (SCCs) approved by the European Commission, along with equivalent approved transfer mechanisms under other applicable privacy frameworks. These contractual safeguards include detailed provisions regarding data processing limitations, security requirements, data subject rights, and remedies for data protection violations.
• Binding Corporate Rules and Internal Data Protection Policies: We have developed comprehensive Binding Corporate Rules (BCRs) and internal data protection policies that establish consistent privacy standards across all of our global operations. These internal frameworks ensure that personal information receives the same level of protection regardless of where it is processed within our organization or by our authorized service providers.
• Certification Programs and Privacy Framework Compliance: We actively participate in recognized international privacy certification programs and frameworks that provide additional safeguards for cross-border data transfers. While the EU-US Privacy Shield framework is no longer operational, we continue to monitor and participate in successor frameworks and alternative certification programs that provide appropriate safeguards for international transfers.
• Enhanced Due Diligence and Transfer Impact Assessments: Before initiating any international data transfer, we conduct comprehensive Transfer Impact Assessments (TIAs) that evaluate the legal and practical protections available in the destination country. These assessments consider factors such as local surveillance laws, data access requirements, judicial oversight mechanisms, and the availability of effective remedies for data subjects.

10.2 Data Localization Requirements and Regional Compliance

We maintain a comprehensive understanding of data localization requirements and data residency obligations across all jurisdictions where we operate or provide services. Our global compliance framework includes detailed procedures for identifying, implementing, and maintaining compliance with local data residency requirements, while ensuring that such compliance does not compromise the overall security and integrity of our data protection measures.

Where specific jurisdictions require that certain categories of personal information be stored or processed within their territorial boundaries, we have established local data processing capabilities and partnerships with certified local service providers to ensure full compliance with such requirements. Our data localization procedures include regular audits, compliance monitoring, and coordination with local legal counsel to ensure ongoing adherence to evolving regulatory requirements.

11. Protection of Minors and Children's Privacy Rights

Carria Networks Limited is firmly committed to protecting the privacy and safety of children and minors in all aspects of our business operations and digital presence. Our services, platforms, and marketing activities are specifically designed for and directed toward business professionals, corporate entities, and adult decision-makers in the technology sector. We do not knowingly target, market to, or collect personal information from individuals under the age of sixteen (16) years, or the applicable age of digital consent in their jurisdiction, whichever is higher.

We recognize that children and minors require special protection when it comes to their personal information, and we have implemented comprehensive policies and procedures to ensure that our data collection and processing activities comply with all applicable laws governing children's privacy, including but not limited to the Children's Online Privacy Protection Act (COPPA) in the United States, the General Data Protection Regulation (GDPR) provisions regarding children's consent in the European Union, and similar protective legislation in other jurisdictions where we operate.

11.1 Age Verification and Parental Consent Framework

While our services are not intended for use by minors, we acknowledge that children may occasionally access our website or attempt to use our services. In such cases, we have implemented robust age verification mechanisms and parental consent procedures to ensure compliance with applicable children's privacy laws and to protect the rights and interests of minors who may inadvertently interact with our digital properties.

Our age verification procedures include clear age-related disclaimers on our registration forms, terms of service acknowledgments that require users to confirm they meet minimum age requirements, and automated systems that flag potentially underage users based on the information provided during account creation or service inquiries. When we have reason to believe that a user may be under the applicable age of consent, we implement additional verification procedures and, where required by law, seek verifiable parental consent before collecting or processing any personal information.

11.2 Immediate Response and Data Deletion Protocols

In the event that we become aware, through our own monitoring systems, user reports, parental notifications, or regulatory inquiries, that we have inadvertently collected personal information from a child under the applicable age of consent without proper parental authorization, we immediately initiate our emergency data deletion protocols. These protocols are designed to ensure the prompt and complete removal of all personal information related to the minor from our systems, databases, and backup storage facilities.

Our immediate response procedures include the suspension of all processing activities related to the minor's personal information, notification of relevant personnel and management, documentation of the incident for compliance purposes, and coordination with legal counsel to ensure appropriate regulatory notifications are made where required by applicable law. We maintain detailed logs of all such incidents and our response actions to demonstrate our commitment to children's privacy protection and regulatory compliance.

11.3 Parental Rights and Communication Channels

We provide parents and legal guardians with multiple channels for reporting concerns about their child's interaction with our services and for exercising their rights under applicable children's privacy laws. Parents who believe that their child has provided personal information to us, or who have concerns about their child's privacy in relation to our services, are encouraged to contact us immediately through our dedicated privacy contact channels.

Upon receiving a parental inquiry or concern, we will promptly investigate the matter, provide detailed information about any personal information we may have collected, and take immediate action to delete such information if it was collected without proper authorization. We also provide parents with information about steps they can take to protect their children's privacy online and resources for educating children about safe internet practices.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements:

12.1 Notification of Changes

• Material Changes: We will provide prominent notice on our website and via email
• Minor Updates: Posted on our website with updated "Last Modified" date
• Legal Changes: Immediate updates to comply with new regulations

12.2 Your Continued Use

Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy. If you disagree with changes, please discontinue use of our services.

13. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: