+965 9667 4667Order Tracking
Cart (0) Compare (0) Wishlist (0)  Login
Start Free Trial

Your Cart

×
No products in the cart.

Privacy policy - Kuwait Corporation Limited

 

AVIOX TECH SOLUTIONS LTD – PRIVACY, DATA PROCESSING, AND COOKIES POLICY

Last Updated: 25 January, 2025

AVIOX Tech Solutions Ltd (“AVIOX,” “we,” “us,” or “our”) provides software-as-a-service (SaaS) platforms, including but not limited to sschool.online, hms.hospital, aviox.net, and avioxcloud.com. AVIOX acts exclusively as a data processor for clients. We provide software services, tools, and infrastructure, but do not independently control or access client data for any purpose other than providing services. All clients remain the data controllers, determining the purpose and means of processing their personal data.

This document outlines our Privacy Policy, Data Processing Addendum (DPA), Cookies Policy, and cookie consent practices, ensuring full compliance with GDPR, UK GDPR, and PECR.

1. Privacy Policy

1.1 Scope and SaaS Role

AVIOX provides SaaS platforms and subdomains where the clients control the data. AVIOX acts solely as a processor and only processes data under the instructions of clients. We do not access client data for independent purposes, and all operations are restricted to providing and maintaining the SaaS services.

1.2 Categories of Personal Data Processed

AVIOX processes the following categories of data on behalf of clients:

  • Identity Data: Usernames, account IDs, and user roles.

  • Technical Data: IP addresses, login timestamps, and device/browser information.

  • Usage Data: Session logs, feature usage, and audit trails.

  • SaaS Metadata: Document timestamps and file upload information.

Note: AVIOX does not store sensitive payment information, health records, or student data.

1.3 Legal Basis for Processing

Processing personal data is based on:

  • Contractual necessity to provide SaaS services.

  • Client instructions regarding data management.

  • Technical and security obligations to maintain platform security.

1.4 Data Retention and Deletion

  • Data is retained only for the duration of the client’s contract.

  • Upon termination or client request, all personal data is deleted or returned, including from backups, ensuring full compliance with GDPR and UK GDPR.

1.5 Security Measures

AVIOX implements robust technical and organizational measures:

  • Encryption of data at rest (AES-256) and in transit (TLS 1.3).

  • Role-based access control, multi-factor authentication, and audit logging.

  • Daily encrypted backups and disaster recovery plans.

  • Regular penetration testing and vulnerability assessments.

1.6 Sub-Processors

AVIOX engages GDPR-compliant sub-processors including cloud hosting providers, SMS/email services, analytics tools, and PCI-compliant payment gateways. Sub-processors process data solely under AVIOX instructions. 

1.7 Data Subject Rights

End-users may exercise rights including access, rectification, erasure, restriction, objection, and data portability. AVIOX assists clients in fulfilling these rights in accordance with client instructions.

1.8 International Data Transfers

Data may be transferred outside the UK or EU using Standard Contractual Clauses, adequacy decisions, or encryption to ensure GDPR compliance.

1.9 Data Breach Notifications

In the event of a personal data breach, AVIOX will notify clients without undue delay. Clients remain responsible for any regulatory notifications to authorities.

2. Data Processing Addendum (DPA)

2.1 Roles and Responsibilities

  • Controller: Client determines the purpose and means of processing personal data.

  • Processor: AVIOX processes data only under client instructions and maintains security and compliance standards.

2.2 Categories and Purpose of Processing

Data processed includes identity, technical, usage, and SaaS metadata. The purpose is limited to enabling SaaS functionality, authentication, operational performance, analytics, support, and data security.

2.3 Duration of Processing

Processing occurs only for the length of the client contract. Data is deleted or returned upon termination according to client instructions.

2.4 Security Measures

AVIOX implements encryption, access control, audit logs, penetration testing, and disaster recovery procedures to ensure the security of client data.

2.5 Sub-Processors

Sub-processors are engaged for operational purposes only and bound by GDPR obligations. A full list of sub-processors is available upon request.

2.6 Data Subject Rights Assistance

AVIOX assists clients in responding to data subject rights requests, including access, correction, erasure, restriction, objection, and data portability.

2.7 Data Breach Notification

AVIOX notifies clients of breaches without undue delay and provides all necessary information for clients to fulfill regulatory obligations.

2.8 International Transfers

Transfers outside the UK/EU comply with GDPR using SCCs, adequacy decisions, or appropriate encryption mechanisms.

2.9 Data Deletion/Return

All client data is deleted or returned upon contract termination, including copies in backups, according to client instructions.

2.10 Audits

Clients may audit AVIOX’s compliance and security measures with reasonable notice.

2.11 Governing Law

This DPA is governed by the laws of England and Wales.

3. Cookies Policy

3.1 What Are Cookies

Cookies are small text files stored on a user’s device to enhance platform functionality, remember preferences, maintain sessions, and collect usage analytics.

3.2 Types of Cookies Used

  • Necessary Cookies: Essential for authentication, login, and session management.

  • Functional Cookies: Remember language preferences, display settings, and other customization features.

  • Analytics Cookies: Collect anonymous data on platform usage and performance to improve services.

  • Marketing Cookies: Activated only with explicit user consent for aggregated tracking and analytics.

3.3 Third-Party Cookies

Third-party services such as analytics providers and cloud hosting platforms may set cookies for performance monitoring. AVIOX ensures that all third-party cookie usage is GDPR-compliant.

3.4 Consent Management

Users are informed via a consent banner upon first visit, allowing them to accept all cookies, reject non-essential cookies, or customize preferences. Users can modify cookie settings at any time via their browser or platform settings.

3.5 Data Retention

Analytics cookies generally expire after 12 months. Session cookies expire upon logout or closing the browser. Blocking necessary cookies may impact platform functionality.

4. Contact Information

For any privacy, data processing, or cookie-related queries, please contact AVIOX Tech Solutions Ltd at:

AVIOX is committed to the highest standards of data security, privacy, and compliance. We ensure client data is processed securely, transparently, and only for the purposes instructed by clients. Our SaaS platforms are designed to protect end-user privacy while providing reliable, professional software services.

 

 

Image NewsLetter
Icon primary
Newsletter

Subscribe our newsletter

By clicking the button, you are agreeing with our Term & Conditions

Your experience on this site will be improved by allowing cookies Cookie Policy

These cookies are essential for the website to function properly.

These cookies help us understand how visitors interact with the website.

These cookies are used to deliver personalized advertisements.