Legal

GDPR & Data Processing

Our commitment to GDPR compliance and data processing standards for EU clients and global data protection.

Home / GDPR & DPA
Last Updated: 20 April 2026

1. GDPR Overview

The General Data Protection Regulation (GDPR) is a European Union regulation governing the handling of personal data of EU/EEA residents. While Kodelyth is based in Bangladesh, we are committed to upholding GDPR principles for all our clients and their customers globally.

2. Our Role Under GDPR

Kodelyth may act as either a Data Controller or Data Processor depending on the context:

  • Data Controller: When we collect data directly from users of our website and services (e.g., contact forms, course registrations)
  • Data Processor: When we process personal data on behalf of our clients as part of software development, data analysis, or managed services

3. Legal Bases for Processing

We process personal data under the following GDPR legal bases:

  • Article 6(1)(a) – Consent: For marketing communications and non-essential cookies
  • Article 6(1)(b) – Contract: For processing necessary to perform our services
  • Article 6(1)(c) – Legal Obligation: For compliance with applicable laws
  • Article 6(1)(f) – Legitimate Interests: For fraud prevention, security, and service improvement

4. Data Subject Rights

Under GDPR, EU/EEA residents have the following rights:

  • Right to Access (Art. 15): Request a copy of data we hold about you
  • Right to Rectification (Art. 16): Correct inaccurate personal data
  • Right to Erasure (Art. 17): "Right to be forgotten"
  • Right to Restrict Processing (Art. 18): Limit how we use your data
  • Right to Data Portability (Art. 20): Receive your data in machine-readable format
  • Right to Object (Art. 21): Object to data processing for direct marketing
  • Rights Related to Automated Decision-Making (Art. 22): Not to be subject to solely automated decisions

To exercise these rights, email support@kodelyth.com. Response within 30 days (extendable to 90 days for complex requests).

5. Data Processing Agreement (DPA)

Clients who require us to process personal data on their behalf may request a signed Data Processing Agreement (DPA). Our standard DPA includes:

  • Description of processing activities and purposes
  • Categories of personal data and data subjects
  • Sub-processor list and notification procedures
  • Technical and organizational security measures
  • Data breach notification procedures (72-hour notification)
  • Data transfer safeguards for international transfers
  • Audit rights for the data controller

To request a DPA, email business@kodelyth.com with subject "DPA Request – [Company Name]".

6. International Data Transfers

When transferring personal data from the EU/EEA to Bangladesh (a third country), we ensure adequate safeguards through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data transfer impact assessments where required
  • Implementing supplementary technical measures for sensitive data

7. Data Breach Notification

In the event of a personal data breach:

  • We will notify the relevant supervisory authority within 72 hours of becoming aware (Art. 33)
  • We will notify affected data subjects without undue delay if the breach is likely to result in a high risk to their rights (Art. 34)
  • For client data breaches affecting our systems, we will notify the client controller within 24 hours

8. Sub-processors

We use the following sub-processors who may process personal data:

  • Amazon Web Services (AWS): Cloud hosting and storage
  • Google LLC: Analytics, email (Google Workspace)
  • SSLCommerz: Payment processing
  • Cloudflare: Security and CDN services

We maintain an updated sub-processor list and will notify clients at least 30 days before adding new sub-processors.

9. Technical & Organizational Measures (TOMs)

We implement the following security measures to protect personal data:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Access controls and role-based permissions
  • Multi-factor authentication for internal systems
  • Regular security training for all staff
  • Annual penetration testing and security audits
  • Documented incident response procedures
  • Regular automated backups with tested restoration

10. Data Protection Officer

For GDPR-related inquiries and to exercise your rights:

  • Email: support@kodelyth.com
  • Response Time: Within 30 days
  • Address: Chanchkoir Bazarpara, Gurudaspur, Natore, Rajshahi 6440, Bangladesh

If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your EU country's DPA).

Accepted Payments
SSL Secured Bangladesh Registered 24/7 Support

Kodelyth — Bangladesh ICT Division Registered · Founded 2022 · Rajshahi · DBID: 227372954

This site is protected by SSL encryption. Payments are processed securely.