Global Privacy Policy

1. Introduction and The "High-Water Mark" Principle

CKBR Property Limited is committed to the absolute protection of your corporate trade secrets and personal data. Because our digital SaaS platforms and remote consultancy services operate globally, we operate under a universal "High-Water Mark" principle.

Rather than maintaining fragmented policies for dozens of individual countries, we baseline our entire global data protection infrastructure against the stringent standards of the UK General Data Protection Regulation (UK GDPR) and the UK Data (Use and Access) Act 2025 (DUAA). By adhering universally to these rigorous standards, our data handling practices inherently satisfy or exceed the core requirements of major international privacy frameworks worldwide, extending premium protections to all users regardless of their geographic location.

2. Data Handling (SaaS vs. Remote Consultancy)

Because we offer both digital portals and bespoke online consultancy, our data retention policies are based on the service you use:

A. Document Handling (Zero-Data Retention for SaaS)

For users utilising our automated AI portals (SourcingTerms.com and ExpatTerms.com), we operate on a strict Transient Processing / Zero-Data Retention Model:

• Ingestion: You upload a contract to our secure, TLS-encrypted portal.
• Processing: The document is temporarily held in active memory (RAM) while our AI engine parses the text.
• Purging: Immediately upon the successful delivery of the report, the source document and its extracted contents are permanently and irreversibly purged. We do not store your contracts, nor do we use them for AI training.

B. Project Data Retention (For Remote Consultancy)

If you engage us for Tier 2 (Online Consultancy), we must retain the data necessary to execute the project.

• Data Held: Project briefs, advisory correspondence, and strategic business plans shared during consultations.
• Retention Period: We retain this project data for the duration of the engagement, plus a period of 6 years following the conclusion of the contract, strictly to comply with UK legal, tax, and professional indemnity insurance requirements.
• Confidentiality: This data is held in strictly access-controlled, UK/EU-based servers. We do not sell, lease, or expose your business intelligence to third-party data brokers.

3. The Information We Retain & Lawful Basis (All Users)

We process basic operational data on the following lawful bases:

• Account/Client Data: Name, email, corporate affiliation. (Lawful Basis: Contractual Necessity)
• Transactional Data: Billing information and service history. (Lawful Basis: Legal Obligation for tax/accounting)
• Telemetry & Security Data: IP addresses and access logs. (Lawful Basis: Recognised Legitimate Interests - specifically for crime prevention, fraud detection, and platform integrity).

4. Third-Party Sub-Processors

As a 100% digital business, we utilise specialised third-party infrastructure to deliver our services securely:

• Cloud Infrastructure: Enterprise-grade cloud hosting providers located within the UK/EU to manage portals and data transit securely.
• AI API Providers: We utilise advanced LLM APIs via Zero-Retention Enterprise endpoints. Your data is expressly prohibited from being used to train their foundational models.

(Note: CKBR does not utilise external physical contractors, local agents, or investigators for data processing).

5. International Data Transfers and Regulatory Acknowledgement

While we apply a universal global standard, the cross-border digital nature of our operations requires acknowledgement of international transfer mechanisms, including the PRC's Personal Information Protection Law (PIPL) where applicable. Users frequently upload or email us documents containing the personal information of individuals located in foreign jurisdictions.

• User Responsibility (Data Controllers): You warrant that you have established a lawful basis (e.g., contractual necessity) to export this data to our UK-based operations for digital processing or advisory review.
• Our Commitment (Data Processors): As the entrusted processor, CKBR applies UK GDPR-level security protocols to this data, fulfilling the protective requirements expected when handling cross-border data flows.

6. Universal Global Privacy Rights

Regardless of your country or state of residence, CKBR refuses to sell your personal information or share it for cross-context behavioural advertising. We grant all users the following comprehensive privacy rights:

• Right to Access & Portability: The right to request a copy of the operational and account data we hold about you.
• Right to Rectification: The right to correct inaccurate or incomplete data.
• Right to Erasure (Right to be Forgotten): The right to request the deletion of your account and associated telemetry data, subject to mandatory legal and tax retention periods.
• Right to Restrict or Object: The right to object to our processing of your data for marketing or non-essential analytics.
• Right to Non-Discrimination: The guarantee that we will not degrade service quality or increase prices should you choose to exercise your privacy rights.
• Automated Decision-Making Safeguards: While our SaaS platforms generate AI risk reports based on text analysis, these are advisory tools for human review. They are not legally binding automated decisions that produce significant legal effects on you.

7. Data Security and Breach Protocols

We implement rigorous technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. All data transit is secured via modern TLS encryption. In the highly unlikely event of a personal data breach affecting retained account or project data, we will notify the relevant supervisory authorities and affected users without undue delay, in strict accordance with UK GDPR breach notification protocols.

8. Cookies and Tracking Technologies

Our platforms employ essential cookies to ensure secure logins, manage sessions, and maintain platform stability. We respect your privacy and do not deploy intrusive third-party tracking pixels or behavioural advertising cookies across our portals. You may manage or disable cookies through your browser settings; however, disabling essential cookies may impact your ability to utilise the SaaS platforms effectively.

9. Policy Amendments and Updates

CKBR reserves the right to review and amend this Privacy Policy periodically to reflect changes in global data protection legislation, technological advancements, or our operational practices. Significant modifications will be communicated to active users via email or a prominent platform notification. Continued use of our services following such updates constitutes your acknowledgement of the revised policy.

10. Contact Information and Complaints

To exercise any of your universal privacy rights, submit a Subject Access Request (SAR), or lodge a complaint regarding data handling, please contact our Compliance Team: