EU General Data Protection Regulation (GDPR)
Personal Data Protection Policy
KohaSupport
Last updated: January 11, 2022
Introduction
We at KohaSupport are committed to processing personal data securely and respecting the privacy of all individuals whose data we process.
This policy explains how we collect, use, and protect personal data in compliance with the EU General Data Protection Regulation (GDPR).
Data Controller
KohaSupport
Email: support@kohasupport.com
Website: https://kohasupport.com
Personal Data We Collect
We collect and process the following categories of personal data:
Contact Information
- Name
- Email address
- Phone number
- Organization name
- Job title
Account Data
- Username
- Encrypted password
- Account preferences
- Service usage data
Technical Data
- IP address
- Browser type and version
- Device information
- Cookies and similar technologies
Service Data
- Library catalog data (as data processor for our clients)
- Support tickets and communications
- Billing and payment information
Legal Basis for Processing
We process personal data under the following legal bases:
- Contract Performance: To provide services you’ve requested
- Legitimate Interests: To improve our services and communicate with you
- Consent: Where you’ve given explicit consent
- Legal Obligation: To comply with legal requirements
How We Use Personal Data
We use personal data for:
- Providing and managing our services
- Customer support and communication
- Service improvement and development
- Billing and account management
- Marketing (with consent)
- Legal compliance
Data Sharing
We may share personal data with:
- AWS (Amazon Web Services): For hosting and infrastructure
- Payment processors: For billing services
- Analytics providers: For service improvement
- Legal authorities: When legally required
We do not sell personal data to third parties.
International Data Transfers
Your data may be transferred to and processed in countries outside the EU. We ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework
- Standard Contractual Clauses
- Adequacy decisions by the EU Commission
Data Retention
We retain personal data for as long as:
- You maintain an active account with us
- Required to provide services
- Necessary for legal obligations
- Required for legitimate business purposes
After this period, data is securely deleted or anonymized.
Your Rights Under GDPR
You have the right to:
1. Access
Request a copy of your personal data
2. Rectification
Correct inaccurate or incomplete data
3. Erasure (“Right to be Forgotten”)
Request deletion of your personal data
4. Restriction
Limit how we use your data
5. Data Portability
Receive your data in a structured, commonly used format
6. Object
Object to processing based on legitimate interests
7. Withdraw Consent
Withdraw consent at any time (where processing is based on consent)
8. Lodge a Complaint
File a complaint with your local data protection authority
How to Exercise Your Rights
To exercise any of these rights, please contact us:
- Email: support@kohasupport.com
- Subject: GDPR Data Rights Request
We will respond within 30 days.
Data Security
We implement appropriate technical and organizational measures to protect personal data:
- Encryption in transit and at rest
- Access controls and authentication
- Regular security assessments
- Employee training
- Incident response procedures
Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours
- Notify affected individuals without undue delay
- Take immediate steps to mitigate the breach
Children’s Privacy
Our services are not directed at children under 16. We do not knowingly collect personal data from children.
Changes to This Policy
We may update this policy periodically. We will notify you of material changes by:
- Email notification
- Website announcement
- Service dashboard notice
Data Processing Agreement
For clients using our services to process library patron data, we provide a separate Data Processing Agreement (DPA) that defines:
- Roles and responsibilities
- Data processing instructions
- Security measures
- Sub-processor arrangements
Contact Us
Data Protection Officer
KohaSupport
Email: support@kohasupport.com
Website: https://kohasupport.com/contact/
EU Representative (if applicable)
Contact details available upon request
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority. In the EU, you can find your local authority at: https://edpb.europa.eu/about-edpb/board/members_en
KohaSupport
Committed to GDPR Compliance