Privacy Policy

Last updated: February 27, 2024

This Privacy Policy includes important information about your personal data and we encourage you to read it carefully.

1. Content and Acceptance

For these purposes, the Website is also understood as the page and content owned by the Companies, which are accessed through the domain https://www.kyragroup.ai.

The Holder guarantees compliance with the United States' data protection regulations, specifically adhering to the Massachusetts Data Protection Law, as outlined in 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth. This commitment ensures the implementation of a comprehensive Written Information Security Program (WISP) and the adoption of appropriate security measures to protect the personal information of Massachusetts residents. Additionally, our practices are designed to safeguard digital rights and personal data in alignment with relevant U.S. federal and state regulations.

Access to and use of the Website implies full acceptance by the User of this Personal Data Processing document and is obliged to comply in full with the terms and conditions contained herein. Therefore, the User must carefully read the present Personal Data Processing document each time he/she intends to use the Website, as it may undergo modifications.

This Personal Data Processing document shall also apply to personal data provided or obtained by the Companies.

The use of this Web site implies the acceptance of this Privacy Policy, as well as the conditions included in the .

2. The identity of the data controller and the processing of personal data

In compliance with United States data protection regulations and specifically adhering to the Massachusetts Data Protection Laws as outlined in 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth, the User is informed that the data collected through the Website and/or any data collection forms on the Website will be incorporated into the personal data files owned by KYRA HOLDINGS LLC, with registered office at 110 Cambridge St, Cambridge, MA 02141. This ensures the management of the User's navigation through the Website, as applicable, as well as for the purposes indicated in each of the forms included in the Website. This adherence underscores our commitment to protecting personal information and upholding the digital rights of our users in accordance with relevant U.S. federal and Massachusetts state regulations.

The Companies guarantee the confidentiality of the personal data provided and compliance with all applicable regulations.

So that the information provided is always updated and does not contain errors, the User must communicate, as soon as possible, the modifications and rectifications of his/her personal data that may occur.

Likewise, by clicking on the "Accept" button (or equivalent) incorporated in the aforementioned forms, the User declares that the information and data provided therein are accurate and truthful.

The Companies inform the Users that it is responsible for all its processing, including that carried out on this Website, unless otherwise determined, and about what data it collects, how it uses them and the Users' options in relation to such data, including how to access and update them.

The User expressly and fully accepts the conditions stated in this Privacy Policy for the use of the Companies' Website and any of the services and/or processing incorporated therein and/or carried out by said Company.

For the purposes of EU law, and given that the Company may operate in Spain, in accordance with Articles 4.17 and 27 of the RGPD, it is determined that the corresponding representative shall be appointed on behalf of the Company for the purposes of performing the functions provided for in paragraph 4 of the aforementioned Article 27 of the RGPD.

3. The Data Protection Officer (DPD)

The data protection officer (DPO) is responsible for ensuring compliance with the data protection regulations to which the Companies are subject, and consequently of the Web site referred to in this privacy policy, as well as to assist you in any questions that may arise regarding the protection of your personal data. The User may contact the DPO appointed by the data controller using the following contact details: dpo@kyragroup.ai

4. Legal basis for the processing of personal data

The legal basis for the processing of personal data is the explicit consent of the data subject.  The Companies undertake to obtain the express and verifiable consent of the User for the processing of his/her personal data, for one or more specific purposes.

When a User completes any of the forms with the personal data requested, under the Massachusetts Data Protection Laws, specifically as outlined in 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth, the user must provide clear and explicit consent, which can be revoked at any time, without retroactive effects. This ensures that KYRA HOLDINGS LLC operates with a high standard of data protection and respect for user autonomy, in compliance with relevant U.S. federal and Massachusetts state regulations regarding the collection and processing of personal information

The User shall have the right to withdraw his/her consent at any time. It will be as easy to withdraw consent as to give it. As a general rule, the withdrawal of consent will not condition the use of the Website.

In the occasions in which the User must provide his data through forms to make inquiries, request information or for reasons related to the Content of the Web site, he will be informed in case the completion of any of them is mandatory because they are essential for the proper conduct of the operation performed.

5. Data collection and the duty to inform

The purpose of this document is to establish and regulate the rules of use, as well as the safeguarding of the data on the https://www.kyragroup.ai website.

Likewise, the Companies, as owners of the https://www.kyragroup.ai website, inform the Users of the same that it is responsible for the processing carried out on this website, unless otherwise stated in the processing in question.

The Companies respect the current legislation on the protection of personal data, the privacy of Users, and the secrecy and security of personal data, in accordance with the provisions of the applicable U.S. federal and Massachusetts state data protection regulations, specifically adhering to the Massachusetts Data Protection Laws outlined in 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth. To this end, the necessary technical and organizational measures are adopted to prevent the loss, misuse, alteration, unauthorized access, and theft of the personal data provided, taking into account the state of technology, the nature of the data, and the risks to which they are exposed.

In particular, Users of the Website are informed that their personal data may only be obtained for processing when they are adequate, relevant and not excessive in relation to the scope and the specific, explicit and legitimate purposes for which they have been obtained.

The User shall be solely responsible for the completion of the information with false, inaccurate, incomplete or outdated data.

The Companies are not responsible for the treatment of the personal data of the Website to which the User can access through the different links contained in our web pages.

The User guarantees that the Personal Data provided is true, accurate, complete and up to date and undertakes to notify any change or modification thereof. In the event that personal data of third parties is provided, the User is responsible for having informed and obtained the consent of the third parties to be provided, for the purposes indicated in the corresponding sections of this Privacy Policy.

In the event of any loss or damage caused to the Web site or to the person responsible for the same or to any other third party, through the communication of erroneous, inaccurate or incomplete information, through the forms inserted in the Website and specifically through the section relating to Registration, the responsibilities arising from such an act shall be imputed exclusively to the User.

6. Principles applicable to the processing of personal data

The processing of the User's personal data shall be governed by the following principles, which are adapted from those contained in Article 5 of the RGPD for the context of U.S. and specifically Massachusetts data protection laws, as outlined in 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth, and other applicable regulations:

Principle of lawfulness, fairness, and transparency: The express consent of the user will be required at all times, provided after fully transparent information regarding the purposes for which the personal data is collected is given.

Principle of purpose limitation: The personal data collected will be for specific, explicit, and legitimate purposes and not processed in a manner that is incompatible with those purposes.

Principle of data minimization: Only the personal data that is strictly necessary in relation to the purposes for which it is processed will be collected.

Principle of accuracy: Personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, with respect to the purposes for which they are processed, are erased or rectified without delay.

Principle of limitation of the storage period: Personal data shall be retained only for the time necessary for the purposes for which they are processed. Specifically, such data shall be processed for as long as the holder's relationship with the Companies is maintained.

Principle of integrity and confidentiality: Personal data will be treated in a way that ensures its security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures

7. Categories of personal data

In alignment with U.S. federal and Massachusetts state data protection regulations, particularly the Massachusetts Data Protection Laws as detailed in 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth, the Companies may collect personal data of individuals with whom it has relations. The scope of data collection can evolve based on technological advancements or the nature of the relationship among other factors.

The categories of data processed by the Companies through this website are limited to identification and administrative data necessary for the management of interactions with the Companies. At no point are special categories of personal data processed, as defined by Article 9 of the GDPR and similar data protection regulations, with adherence to the overarching goal of these laws to safeguard individuals' rights to dignity and privacy.

8. Your rights

About your personal data you have the right to:

Request access to stored data.

Request rectification or deletion.

Request the limitation of its processing.

Express objections to the processing.

Request the portability of your data.

The exercise of these rights is individual and, therefore, must be carried out directly by the person concerned. This means that any customer, subscriber or collaborator who has provided their data at any time has the right to communicate directly with the Entity.

You can request information about the data stored and how it was obtained, ask for the correction of any errors, request the transfer of your personal data, express your opposition to the processing, limit its use or request the deletion of such data from the Companies' files

To exercise your rights of access, correction, deletion, transfer and objection, you must send an email to dpo@kyragroup.ai together with valid proof of identification, such as a copy of your identity card or equivalent document.

You have the right to seek effective legal protection and file a complaint with the relevant supervisory authority, which in this case is the Spanish Data Protection Agency, if you consider that the processing of personal data concerning you is in breach of the Regulation.

However, it is essential to emphasize that the exercise of your rights does not include any data that Companies are obliged to retain for administrative, legal or security purposes.

9. Purposes of treatment

The collection of personal data will only be carried out when it is appropriate and relevant in relation to the specific, clear and legitimate purpose for which it was obtained.

Personal data are collected and managed by the Companies in order to facilitate, expedite, and fulfill the commitments established between the Website and the User, or the maintenance of the relationship established in the forms that the latter fills out, or, where appropriate, to respond to a request or inquiry.

Your personal data are collected for the treatment of the same with some of the following purposes:

To maintain a relationship with the Client and/or Supplier and other persons linked to the Companies KYRA HOLDINGS LLC, through the remission of informative and commercial communications by e-mail, social networks or any other electronic or physical means, present or future, that makes it possible to carry out commercial communications.

Likewise, the data may be used for the commercial purpose of personalization, operational, statistical, valuation and analysis activities of the corporate purpose of the Companies, as well as for the extraction, storage of data and marketing studies to adapt the content offered to the User, as well as to improve the quality, operation, and navigation through the website, always through the use of anonymized data.

The data requested are appropriate and necessary for the purpose for which they are collected, and will not be used for a purpose other than that for which they were collected, and in no case will be disclosed to third parties without the consent of the owner.

The User is not obliged to provide his personal data, however, they are absolutely necessary to be able to carry out the relationship that binds the persons who at any time are related to the Companies.

Incorrect data must be corrected or deleted, and will be deleted when they are no longer necessary or relevant for the purpose for which they were collected.

At the time the personal data is obtained, the User will be informed about the specific purpose or purposes of the processing for which the personal data will be used; that is, the use or uses to which the collected information will be put.

Unless specifically stated otherwise, it will be considered necessary to fill in all the fields of each form, for which the User will have to provide true, accurate, complete and updated data.

The User expressly declares that the data provided through the forms on the Website are true, accurate, and that he himself has sufficient capacity to be able to dispose in relation to them.

Therefore, the User will be solely responsible for any damage or harm, direct or indirect, caused to the Companies or any third party, for completing the forms with false, inaccurate, incomplete, outdated or third party data.

The Companies reserve the right to decide whether or not to include the personal data of such persons in their files or processing.

The User who makes a false declaration of data, impersonates third parties, or carries out any other illegal action similar to the above may be prosecuted.

10. Retention periods of personal data

Personal data will only be retained for the minimum time necessary for the purposes of their processing and, in any case, for the duration of the relationship and/or relationship of the owner of the data with the Companies, and in any case, for the period corresponding to the statute of limitations of the actions of the underlying legal business from which the personal data being processed is obtained.

Consequently, the time of conservation of the personal data of the Users is subject to the criterion of the statute of limitations of the actions deriving from the underlying legal business, from which the data of the Users that are the object of processing have been obtained.

11. Personal data of minors

In compliance with U.S. federal and Massachusetts state data protection regulations, including the Massachusetts Data Protection Laws outlined in 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth, the Companies will only process the personal data of individuals aged 14 and over with their lawful consent.

For minors under the age of 14, the Companies require the consent of the parents or legal guardians for the processing of the minors' personal data. Such consent must be given explicitly, and parents or guardians can provide it by contacting the designated email address: dpo@kyragroup.ai.

As a general rule, the Companies intentionally do not process personal information of children under 14 years of age. If it comes to the Companies' attention, through any form of control or verification, that information from minors under 14 has been inadvertently collected, immediate actions will be taken to remove this information promptly, in accordance with content provider obligations under the law, unless legal reasons necessitate its retention or explicit consent has been obtained from the parents, guardians, or legal representatives of the minor as outlined above.

12. Secrecy and confidentiality of personal data

The data collected in all private communications between the Companies and the Users will be treated with utmost confidentiality. The Companies commit to the obligation of secrecy regarding personal data, their duty to safeguard them, and to implement all necessary measures to prevent their alteration, loss, and unauthorized access or processing. This commitment is in line with U.S. federal and Massachusetts state data protection regulations, including the Massachusetts Data Protection Laws outlined in 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth. While the original commitment was aligned with the European Union's General Data Protection Regulation (GDPR) and the Organic Law 3/2018 on the Protection of Personal Data and guarantee of digital rights, the Companies now ensure compliance with applicable U.S. and Massachusetts laws governing the collection and processing of personal data.

In addition, information of any kind that the parties exchange with each other, that which they agree to be of such nature, or that which simply concerns the content of such information, shall also have the status of confidential. The visualization of data through the Internet shall not imply direct access to the same, except with the express consent of its owner for each occasion. The Companies shall not be liable for any possible leakage of information that may occur due to mismanagement of the information by the User.

Likewise, the Companies guarantee the User the fulfillment of the duty of professional secrecy with respect to the User's personal data and the duty to keep them. The User can access at any time to the Privacy Policy of the Companies KYRA HOLDINGS LLC, and of this Website, as well as configure his profile to guarantee his privacy.

The Companies will take all reasonable precautions and will carry out best practices to prevent the loss, misuse, improper access, disclosure, alteration or destruction of personal data.

The User is advised not to provide any third party with your identification, password or reference numbers that the Companies may provide to you. Likewise, to ensure that the protection of professional secrecy between the Companies and the User is preserved in all communications, the User must not disclose confidential information to third parties.

13. Integrity and security of personal data

The Companies undertake to adopt the necessary technical and organizational measures, according to the level of security appropriate to the risk of the data collected, so as to ensure the security of personal data and to prevent the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or the unauthorized communication of or access to such data.

However, because the Companies cannot guarantee the impregnability of the Internet, nor the total absence of hackers or others who fraudulently access personal data, the data controller undertakes to communicate to the User without undue delay, when a breach of security of personal data occurs, which is likely to involve a high risk to the rights and freedoms of natural persons.

Following the guidelines similar to those established in Article 4 of the GDPR regarding the security of personal data, a security breach in the context of U.S. and Massachusetts laws refers to any incident leading to the accidental or unlawful destruction, loss, alteration of personal data transmitted, stored, or otherwise processed, or unauthorized disclosure of or access to such data.

Personal data shall be treated as confidential by the data controller, who is committed to informing and ensuring, through legal or contractual obligations, that this confidentiality is upheld by its employees, associates, and any other individual who has access to the information.

In adherence to U.S. federal and Massachusetts state data protection regulations, including the Massachusetts Data Protection Laws outlined in 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth, the Companies uphold the protection of personal data, user privacy, and the secrecy and security of personal data. This commitment involves adopting necessary technical and organizational measures to prevent the loss, misuse, alteration, unauthorized access, and theft of personal data provided, taking into account current technology, the nature of the data, and the risks they face from both human activities and the physical or natural environment. The Companies ensure that personal data is only stored in files that comply with the required conditions for their integrity and security, as well as the processing centers, premises, equipment, systems, and programs, paralleling the standards set forth in the GDPR and related regulations.

14. Rights deriving from the processing of personal data

The User may exercise against the data controller the following rights as recognized under Massachusetts Data Protection Law, the Massachusetts Consumer Protection Act, and applicable federal laws:

Right of Access: Users have the right to confirm whether their personal data is being processed, access their specific personal data, and obtain information on how their data is processed, including the origin and recipients of their data.

Right of Rectification: Users can have their inaccurate or incomplete personal data corrected, in line with the purposes of the processing.

Right of Erasure ("Right to be Forgotten"): Users can request the deletion of their personal data when it's no longer necessary for its collected purposes, consent is withdrawn without other legal ground for processing, or if the data was unlawfully processed, among other conditions.

Right to Limitation of Processing: Users can request a limitation on the processing of their personal data under certain circumstances, such as disputing the accuracy of the data or when processing is unlawful.

Right to Data Portability: When processing is carried out by automated means, users can receive their personal data in a structured, commonly used format, and transmit it to another controller where technically feasible.

Right of Opposition: Users can object to the processing of their personal data.

Right not to be subject to Automated Decision-Making, including Profiling: Users have the right not to be subject to decisions based solely on automated processing of their personal data, including profiling, with certain exceptions as provided by law.

To exercise these rights, Users should contact the Data Protection Officer (DPO) of the data controller at the e-mail address: dpo@kyragroup.ai, providing:

Full name and a copy of an identification document (e.g., driver's license or passport). If representation is claimed, identification of the representative and proof of representation are also required.

A detailed request specifying the desired action or information.

A contact address or email for notifications.

Date and signature of the applicant.

Any document that substantiates the request.

This request, along with any accompanying documents, should be sent to the email address provided:

E-mail: dpo@kyragroup.ai

15. Web Browsing

When browsing www.kyragroup.ai non-identifying data may be collected, which may include IP address, geolocation, a record of how services and sites are used, browsing habits and other data that cannot be used to identify you.

The information will be used to obtain statistical data, analyze trends, administer the site, study browsing patterns and to gather demographic information.

16. Data transfers

The Companies will not communicate the User's personal data to third party companies without obtaining prior consent, unless the transfer of your data is necessary for the maintenance of the relationship with the User, in which case you will be previously informed of such transfer.

In any case, when the transfer is not necessary for the maintenance of the relationship with the User, in the data collection forms the Companies will inform the User of the purpose of the processing and the identity or sectors of activity of the possible assignees of the personal data, previously offering the User the possibility of accepting or not the transfer, depending on the purpose.

17. Accuracy and truthfulness of personal data

The data provided must be correct, complete, accurate and current, and must be kept duly updated.

The accuracy of the data is a fundamental element of the quality of the information, and the values stored must be correct and represented in a consistent and unambiguous manner.

18. Commercial communications

The purpose of the processing of your personal data is to send electronic communications with information that the Companies may consider of interest or relevant to the Users. Such communications are considered to be part of the data owner's relationship status with KYRA HOLDINGS LLC, so it will not be necessary to provide additional consent to that effect, as long as such personal relationship lasts.

The Companies could contact the User by ordinary email, WhatsApp or any other equivalent means of electronic communication, to send communications about their services or; as the case may be; communications about services of third parties identified, or belonging to the sectors indicated, in the corresponding box.

Likewise, the Companies may send communications through social networks such as Facebook, X, Instagram, among others, with similar characteristics.

Any communication made on the basis of the above described will be sent only and exclusively to Users who have accepted the remission of these, through the box inserted for this purpose and that, therefore, it is understood that the User has given his consent expressly.

In any case, the User may request the cancellation of the link he/she has with the Companies and they are not obliged to receive the aforementioned information. Thus, if at a certain moment the User does not wish to continue receiving communications of this nature, he/she will be able to revoke his/her consent requesting the cancellation of the Service by sending a communication to the following address dpo@kyragroup.ai providing a copy of a document that allows to prove his/her identity, or by using the link enabled for this purpose in the commercial communications that he/she receives.

19. Data hosting

For technical reasons and quality of services, the website http://www.kyragroup.ai is hosted on servers within the European Union.

20. Data availability

The availability of data on the Internet may be limited by many external factors which cannot be controlled or foreseen, the Companies shall not be liable for any damages or losses that these may cause trying to provide the Services by alternative means to the Internet.

The Companies will maintain the highest security standards to ensure confidentiality, integrity and availability.

21. Claims before the control authority

In the event that the User considers that there is a problem or infringement of the regulations in force in the way in which his personal data is being processed, he will have the right to effective judicial protection and to file a claim before a supervisory authority, in particular, in the state in which he has his habitual residence, place of work or place of the alleged infringement.

22. Acceptance and changes to this Privacy Policy

It is necessary that the User has read and agrees with the conditions on the protection of personal data contained in this Privacy Policy, as well as that makes the processing of your personal data so that the controller can proceed in the same manner, during the periods and for the purposes indicated.

The use of the Website will imply the acceptance of its privacy policy.

The Companies reserve the right to modify its Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the supervisory authority.

This Privacy Policy is adapted to comply with relevant U.S. federal privacy laws and the Massachusetts Data Protection Laws, particularly the Standards for The Protection of Personal Information of Residents of the Commonwealth as outlined in 201 CMR 17.00. This ensures the safeguarding of personal data with regard to its processing, storage, and the free movement of such data, reflecting our commitment to privacy, security, and the digital rights of individuals