Kaharagian Information

ePortal Privacy Notice

This Privacy Notice constitutes a binding legal instrument explaining how personal data is collected, processed, retained, and protected in connection with the Kaharagian ePortal.

Published
24 January 2025
Last Reviewed
24 January 2025
Authority
Office of Laws & Justice, Secretariat of State

Scope and Application

This Privacy Notice explains the collection, processing, retention, and protection of personal data in connection with the Kaharagian ePortal, the official digital administrative portal of the Principality of Kaharagia.

This Notice applies to all administrative, civic, governmental, and institutional data processed through the ePortal. It does not apply to authentication and identity data processed by K-Connect, which is governed by the separate K-Connect Privacy Notice. Users of the ePortal are subject to both notices to the extent applicable.

This Privacy Notice forms an integral part of, and shall be read in conjunction with, the ePortal Terms of Service.

Data Controller and Responsible Authority

The data controller for personal data processed through the ePortal is the Principality of Kaharagia, acting through its competent sovereign institutions. Day-to-day oversight of data processing is exercised by the Office of Digital Government & Cybersecurity, Secretariat of State, in coordination with the relevant substantive authorities responsible for each administrative function.

Nature and Purpose of the ePortal

The ePortal is an instrument of sovereign public administration established to facilitate digital interaction between authorised users and Kaharagian governmental institutions. Through the ePortal, users may engage in a range of administrative activities, including but not limited to:

  • Submission of applications, petitions, declarations, and prescribed forms
  • Access to and retrieval of official records, certificates, and determinations
  • Management of personal status, identity credentials, and registered information
  • Communication with competent authorities regarding pending matters
  • Participation in administrative proceedings and public consultation processes

The ePortal may produce legally significant outcomes, including the issuance of official documents, registration of status changes, and determination of applications, but only where expressly authorised by law and subject to the decision of competent authority.

Categories of Personal Data Processed

The categories and scope of personal data processed through the ePortal vary according to the specific administrative function or service utilised. Personal data processed may include, without limitation:

Identification and Contact Data

  • Full legal name, including any former names or aliases
  • Date and place of birth
  • Nationality, citizenship status, and residency status
  • Government-issued identification numbers and document references
  • Contact details, including address, telephone number, and electronic mail address

Status and Relationship Data

  • Marital status, civil partnership status, and family relationships
  • Occupational status, employment details, and professional qualifications
  • Educational background and academic credentials
  • Membership in organisations, associations, or institutions
  • Legal status, including any restrictions, permissions, or special categories

Administrative and Transactional Data

  • Applications, submissions, declarations, and supporting documentation
  • Official determinations, decisions, certificates, and notices issued
  • Correspondence with institutions and records of communications
  • Payment information and financial transaction records where applicable
  • Audit trails, version histories, and procedural records

Technical and Operational Data

  • User account identifiers and authentication session references
  • Timestamps, access logs, and interaction metadata
  • Device information, browser characteristics, and connection data
  • System-generated identifiers necessary for service operation

The foregoing list is illustrative and not exhaustive. The specific data processed in any instance depends upon the nature of the service accessed and the requirements of the applicable legal framework.

Legal Basis for Processing

Personal data is processed through the ePortal on the following legal bases, as applicable:

Performance of Public Administration Functions Processing is necessary for the performance of official functions of public administration carried out in the exercise of sovereign authority, including the administration of laws, regulations, and decrees.

Compliance with Legal Obligations Processing is required to comply with legal obligations to which the Principality of Kaharagia is subject under Kaharagian law, including record-keeping, reporting, and archival requirements.

Performance of Contractual or Statutory Obligations Where the user has entered into a relationship with the State (such as employment, service provision, or formal undertaking), processing is necessary for the performance of obligations arising therefrom.

Legitimate Interests of Public Administration Processing is necessary for the legitimate interests of public administration, institutional integrity, and the effective operation of government, except where such interests are overridden by the fundamental rights of the individual under Kaharagian law.

Consent In limited circumstances, processing may be based upon the explicit consent of the data subject. Where consent is relied upon, it may be withdrawn at any time, but withdrawal does not affect the lawfulness of processing undertaken prior to withdrawal.

All processing is conducted in accordance with principles of lawfulness, necessity, proportionality, and purpose limitation as established under Kaharagian data protection law.

Purpose Limitation

Personal data processed through the ePortal is used exclusively for the following purposes:

  • Carrying out the administrative, governmental, and legal functions for which it was collected
  • Processing applications, petitions, declarations, and other submissions
  • Making determinations, issuing decisions, and communicating outcomes
  • Maintaining official registers, records, and archives as required by law
  • Communicating with users regarding their matters and responding to enquiries
  • Ensuring legal and regulatory compliance
  • Protecting institutional security and integrity
  • Fulfilling archival, historical, and statistical purposes as authorised by law

Personal data is not processed for purposes incompatible with those for which it was collected, except as expressly authorised by law.

Relationship to K-Connect Authentication Data

Access to the ePortal requires authentication through K-Connect, the official single sign-on service of the Principality of Kaharagia.

Authentication data processed by K-Connect—including credentials, session information, and login metadata—is processed separately from administrative data processed through the ePortal and is governed by the K-Connect Privacy Notice.

Authentication through K-Connect serves solely to verify user identity and authorise access. Authentication data does not influence substantive administrative decisions and is not used for purposes beyond access control and security.

Data Retention and Archival

Personal data processed through the ePortal is retained in accordance with:

  • Kaharagian archival, records management, and retention law
  • Sovereign decrees and administrative regulations governing retention periods
  • Institutional retention schedules approved by competent authority
  • Requirements of ongoing administrative, legal, or audit proceedings

Retention periods vary according to the nature of the data, the administrative function concerned, and applicable legal requirements. Certain categories of records—including vital records, historical documents, and matters of enduring public interest—may be retained permanently in accordance with archival law.

Upon expiration of the applicable retention period, personal data is securely deleted, anonymised, or transferred to the national archives in accordance with established procedures.

Security Measures

The Principality of Kaharagia implements reasonable, proportionate, and state-of-the-art technical and organisational measures to protect personal data processed through the ePortal against unauthorised access, disclosure, alteration, loss, or destruction. Security measures include, without limitation:

  • Role-based access controls ensuring that data is accessible only to authorised personnel
  • Encryption of data in transit and at rest using industry-standard cryptographic protocols
  • Secure storage infrastructure with appropriate physical and environmental controls
  • Continuous monitoring, logging, and auditing of system access and data processing activities
  • Procedural safeguards, including staff training, security policies, and incident response protocols
  • Regular security assessments, penetration testing, and vulnerability management

Notwithstanding these measures, no system can be guaranteed to be absolutely secure. The State does not warrant that the ePortal is immune from security incidents, and users acknowledge the inherent risks of digital data processing.

Data Sharing and Disclosure

Personal data processed through the ePortal may be shared or disclosed in the following circumstances:

Intra-Governmental Sharing Data may be shared between competent Kaharagian institutions where necessary for the performance of their respective functions, coordination of administrative processes, or compliance with legal requirements.

Legal and Regulatory Requirements Data may be disclosed where required by Kaharagian law, sovereign decree, judicial order, or administrative requirement.

Oversight, Audit, and Enforcement Data may be disclosed to oversight bodies, auditors, inspectors, or law enforcement authorities where required for the discharge of their lawful functions.

International Cooperation Data may be disclosed to foreign authorities or international organisations where authorised by law, treaty, or formal agreement, and subject to appropriate safeguards.

Personal data is not sold, rented, traded, or otherwise disclosed for commercial purposes or to third parties for their independent use.

International Hosting and Data Transfers

The ePortal may be hosted on technical infrastructure located outside Kaharagian territory, including within the European Union or other jurisdictions.

Such hosting arrangements are made for technical and operational reasons and do not alter the governing law applicable to personal data, which remains subject exclusively to Kaharagian data protection law and sovereign jurisdiction.

Where personal data is transferred to or processed in a foreign jurisdiction, the State takes reasonable measures to ensure that appropriate safeguards are in place to protect the data, including contractual protections, security requirements, and access limitations.

Rights of Data Subjects

Rights relating to personal data processed through the ePortal exist only to the extent provided under Kaharagian law. Subject to applicable legal provisions and permissible restrictions, data subjects may have the right to:

  • Request confirmation of whether personal data concerning them is being processed
  • Access personal data held concerning them and receive copies thereof
  • Request correction of inaccurate or incomplete personal data
  • Request deletion or restriction of processing in limited circumstances
  • Object to processing in limited circumstances

These rights may be limited or excluded where necessary for:

  • The performance of public administration functions
  • Compliance with legal obligations
  • The conduct of legal proceedings or enforcement actions
  • The protection of the rights of third parties
  • National security, public safety, or public interest considerations

Requests relating to data subject rights should be submitted in writing to the appropriate contact authority as set forth below.

Contact and Enquiries

External and Cross-Border Legal Matters

All enquiries and correspondence relating to external legal matters, including data protection requests from foreign jurisdictions, international regulatory enquiries, cross-border data access requests, and correspondence from foreign data protection authorities, shall be directed exclusively to:

Office of Legal Affairs
legal@state.kaharagia.org

The Office of Legal Affairs is the sole competent authority for engagement with foreign data protection authorities, international legal processes, and cross-border legal matters.

Internal Law, Enforcement, and Administrative Matters

All enquiries and correspondence relating to Kaharagian data protection law, data subject rights requests, internal complaints, enforcement matters, and administrative data protection issues shall be directed exclusively to:

Office of Laws & Justice
justice@state.kaharagia.org

Effect of Correspondence

Submission of correspondence does not create any obligation upon the State to respond within any particular timeframe, does not suspend or toll any administrative or legal proceedings, and does not replace formal legal procedures or applications.

Amendment and Revision

This Privacy Notice may be amended, supplemented, or replaced at any time without prior notice. The current version shall be published on the ePortal and shall supersede all prior versions.

Continued use of the ePortal following publication of an amended Privacy Notice constitutes acceptance of the amended terms.

Governing Law

This Privacy Notice is governed exclusively by the laws of the Principality of Kaharagia. Any dispute arising from or relating to this Notice shall be resolved in accordance with Kaharagian law and by the competent authorities of the Principality of Kaharagia.