Kiroyan Partners recognizes that the protection of data and confidential information is fundamental to maintaining trust, professional integrity, and responsible business conduct.
We handle sensitive information as a core part of our advisory work and are committed to ensuring that all data is managed securely, responsibly, and in accordance with applicable laws and global best practices.
Scope and Application
This Policy applies to all individuals and parties who have access to company data and information, including:
- Employees and management.
- Interns and project-based personnel.
- Technical experts and advisors.
- Business partners, consultants, and third parties.
It covers all forms of data and information handled by the firm, whether obtained internally or externally.
Principles of Data Protection
We adhere to the following principles in managing data and information:
- Lawful and transparent processing — Data is collected and used for legitimate and clearly defined purposes.
- Data minimization — Only relevant and necessary data is processed.
- Accuracy — Data is maintained to be accurate and up to date.
- Security and confidentiality — Data is protected against unauthorized access, disclosure, or misuse.
- Retention limitation — Data is not retained longer than necessary.
These principles are aligned with applicable regulations and supported by our Privacy Policy.
Confidentiality and Information Handling
All data and information entrusted to Kiroyan Partners are treated with strict confidentiality.
We ensure that:
- Access to sensitive information is restricted on a need-to-know basis.
- Confidential information is not disclosed without proper authorization.
- All parties handling information are bound by confidentiality obligations, including through Non-Disclosure Agreements (NDAs).
- Client identities and sensitive engagements are protected through internal coding and controlled disclosure practices.
Data Security and Protection Measures
We implement a combination of technical and organizational safeguards, including:
- Controlled access through secure systems and authorized accounts.
- Protection of digital files through password controls, encryption, and secure platforms.
- Secure storage and disposal of physical documents.
- Use of firewalls, antivirus systems, and data backup mechanisms.
- Secure deletion of data that has reached the end of its retention period.
These measures are continuously reviewed to address evolving risks and technological developments.
Data Subject Rights
Where applicable, individuals whose data is processed by the firm may:
- Request access to their data.
- Request correction or updates.
- Request deletion or restriction of processing.
Requests are handled in accordance with applicable laws and our Privacy Policy.
Third-Party Data Handling
We ensure that third parties who process or access data on our behalf:
- Are subject to confidentiality obligations.
- Maintain appropriate data protection standards.
- Use data only for agreed and legitimate purposes.
Where necessary, additional safeguards are applied to ensure responsible data handling across all engagements.
Incident and Breach Management
We take all data security incidents seriously and respond promptly.
Where a breach or potential breach occurs, we:
- Assess the nature and impact of the incident.
- Take immediate steps to contain and mitigate risks.
- Implement corrective actions to prevent recurrence.
- Escalate internally as appropriate.
Where required by law or contractual obligations, relevant parties may be notified.
Accountability and Awareness
Data protection is a shared responsibility across the organization.
We support this through:
- Regular training and awareness programs.
- Clear internal procedures and controls.
- Ongoing reinforcement of responsible data handling practices.
Alignment with Other Policies
This Policy should be read in conjunction with:
- Privacy Policy
- Code of Conduct
- Conflict of Interest
- Whistleblowing & Reporting Mechanism
Further Information
This page provides a high-level overview of our Data Protection & Confidentiality practices. Additional internal procedures and controls apply to ensure operational implementation.
For inquiries, please contact:
info@kiroyan-partners.com
Last updated: March 2026.