Effective Date: February 13, 2026

Last Updated: February 13, 2026

Kerem IT/AI Solutions ("KITS," "we," "us," or "our") is a faith-centered technology partner, providing AI-powered automation, integrated digital system (AI CRM & Sales, marketing automation, accounting, HRIS payroll, ERP, AI Websites & funnels, voice agents), curated hard/software distribution, cybersecurity solutions, building management systems (BMS), training programs, and related services to businesses worldwide.

We are committed to protecting your privacy and securing personal data in line with global standards, including the Philippines Data Privacy Act of 2012 (Republic Act 10173), EU General Data Protection Regulation (GDPR) (where applicable), California Consumer Privacy Act (CCPA/CPRA), and other relevant laws. This Policy explains our practices for data collected via https://www.keremitsolutions.com/ (the "Website"), inquiries, demos, consultations, client onboarding, training registrations, job applications, and service delivery. By using our Website, submitting information, or engaging our services, you agree to this Policy.

1. . Personal Data We Collect.

A. Data You Provide

• Contact & business details: full name, email, phone, company name, position, industry, business size
• Service-related: project requirements, goals, pain points, messages, files/documents uploaded via forms
• Registration & events: training/webinar details, preferences, attendance records
• Job applications: CV/resume, education, work history, references (via job registration form)
• Client onboarding: billing/ invoicing details (we use secure third-party processors; full card data not stored by us), contracts, access credentials for setup/integration

B. Automatically Collected Data

• Technical: IP address, browser/device type & version, OS, unique identifiers
• Usage: pages visited, time spent, actions (clicks, form submissions), referral source
• Cookies & trackers: essential (functionality/security), analytics (Google Analytics), functional (preferences, chat), marketing (if enabled)

C. From Third Parties

• Lead sources, partners, analytics providers (with consent or legitimate interest)

• Public sources or social media (when you interact with our profiles)

We avoid collecting special category/sensitive data unless strictly necessary for a service and with explicit consent.

2. Purposes & Legal Bases for Processing

We process data for:
• Providing consultations, demos, proposals, service delivery, setup, support, and training
• Managing client relationships, billing, and service performance (contract necessity)
• Improving AI systems, automation tools, and Website (legitimate interests)
• Marketing similar services/updates (consent or legitimate interests with opt-out)
• Recruitment and talent management
• Compliance, fraud prevention, security incident response (legal obligation / legitimate interests)
• Analytics and business insights (anonymized where possible)

Legal bases include: consent, contract/pre-contract, legitimate interests (balanced against your rights), legal obligations.

3. Security of Your Data
Security is core to our mission (we provide cybersecurity solutions ourselves).

We implement:
• Encryption: TLS 1.3+ in transit; AES-256 at rest where applicable
• Access controls: role-based, least privilege, multi-factor authentication (MFA) for internal systems
• Regular measures: vulnerability scanning, penetration testing, security audits, employee training
• Incident response: breach detection, notification protocols (within 72 hours for GDPR-reportable incidents)
• Third-party vendors: only vetted providers with DPA/GDPR-compliant agreements
• AI & automation safeguards: data minimization in models, no unauthorized training on client data, pseudonymization/anonymization where feasible

Despite best efforts, no system is 100% secure — we commit to prompt response and mitigation if incidents occur.

4. Cookies & Similar Technologies

We use:
• Essential: site operation, security, session management
• Analytics: performance & usage insights (Google Analytics — IP anonymized)
• Functional: preferences, live chat, forms
• Marketing: targeted communications (with consent)

You control non-essential cookies via our cookie banner (implement one) or browser settings. Analytics retention: up to 26 months

5. Sharing & Disclosure

We share data only when necessary:

• Service providers (cloud hosting, email, analytics, payment gateways, CRM tools) — bound by strict contracts & security standards
• Business partners/sub-processors for service delivery (with notice/consent where required)
• Legal authorities, regulators, or in mergers/acquisitions (with notice where possible)
• To protect rights, safety, or property

We do not sell personal data. No sharing for unrelated third-party marketing.

6. International Data Transfers

KITS operates from the Philippines with presence/partners in USA, Germany, Canada, Singapore, Switzerland, India. Data may transfer internationally.

Safeguards include:
• Philippine NPC registration & compliance
• Standard Contractual Clauses (SCCs) or equivalent
• Adequacy decisions (where applicable)
• Binding corporate rules or supplementary measures for high-risk transfers

7. Data Retention

We retain data only as needed:
• Inquiries/leads: up to 2 years after last interaction (or longer if client)
• Client/service data: contract term + 7 years (Philippine accounting/BIR requirements)
• Job applications: 1–2 years (or with consent for talent pool)
• Training records: duration + legal minimum
• Analytics logs: up to 26 months

Thereafter: secure deletion or irreversible anonymization.

8. Your Privacy Rights

You have rights under applicable laws (DPA, GDPR, CCPA/CPRA):
• Access, rectification, erasure ("right to be forgotten")
• Restriction, objection (including marketing)
• Withdraw consent (without affecting prior lawfulness)
• Portability

• Not be subject to solely automated decisions with legal/significant effect

Philippines: file complaints with National Privacy Commission (NPC).
EU/EEA: contact our EU representative if designated.
California: opt-out of any "sale/sharing" (we do not sell). To exercise rights: Email privacy@keremitsolutions.com with identity verification details. We respond within 30 days (extendable per law).

9. Children’s Privacy

Our Website and services target businesses/professionals — not children under 16. We do not knowingly collect minor data.

10. Updates to This Policy

We may revise this Policy. Changes posted here with updated date. Material changes notified via email (clients) or prominent Website notice.

11. Contact Information | Data Protection Officer / Privacy Contact
Kerem I.T. Solutions
Email: info@keremitsolutions.com
Phone: +63 917 535 3736
Main Office: 2nd Floor, 7373 Bakawan Street, Barangay San Antonio, Makati City, Metro Manila, Philippines For DPA complaints: contact us first, then the National Privacy Commission (Philippines).

Thank you for choosing KITS — we value your trust and are committed to protecting your data with integrity and excellence.

This Privacy Policy is intended for informational purposes and does not constitute legal advice.