Privacy Policy

1. Comprehensive Privacy Declaration

Corvya Global Ltd. ("Company", "we", "our") rigorously respects your privacy and is legally committed to protecting your Personal Data. This Privacy Policy details our data processing protocols in strict compliance with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and the California Consumer Privacy Act (CCPA). It applies unequivocally to all visitors, clients, and partners utilizing our web-based and physical service infrastructures.

2. Categorization of Collected Data

To fulfill our dual mandate of digital software provisioning and global trade facilitation, we systematically collect the following data categories:
Information You Provide: Identity Data (names, titles), Contact Data (emails, billing/shipping addresses, phone numbers), Financial Data (partial payment details, transaction histories), and Business Data (company registration, tax IDs).
Automated Technical Data: IP addresses, browser types, interaction tracking, cookies, and systemic diagnostic data collected during your session on our digital properties.

3. Lawful Basis and Purpose of Processing

We process your data strictly under recognized lawful bases, including the necessity of fulfilling a contract, compliance with legal/regulatory obligations, and legitimate business interests. Your data is utilized to: (a) authenticate your identity and mitigate fraud; (b) process payments securely via PCI-DSS compliant payment gateways (e.g., Stripe, PayPal); (c) execute international shipping and customs clearance documentation; and (d) optimize our digital solutions dynamically.

4. Data Sharing and Third-Party Disclosures

We explicitly never sell or unlawfully distribute your Personal Data to data brokers. Data is temporarily and securely shared exclusively with highly vetted third parties necessary for operational fulfillment. These include: Payment processors (Stripe, PayPal) for strict underwriting and transaction execution, international freight forwarders (for executing global sourcing deliveries), and secure cloud infrastructure providers (AWS, Google Cloud) hosting our environments. All partners are bound by strict Data Processing Agreements (DPAs).

5. Data Retention & Security Architectures

We deploy enterprise-grade cryptographic protocols (TLS/SSL), firewall configurations, and endpoint protection to shield your data from unauthorized access, alteration, or breach. Financial data is tokenized upon entry. We retain your Personal Data only for as long as reasonably necessary to fulfill the purposes we collected it for, including the strict satisfaction of any accounting, legal, or payment processor anti-money laundering (AML) regulatory reporting requirements (typically spanning 3 to 7 years).

6. User Rights & Subject Access Requests (SAR)

Under GDPR and CCPA, you retain definitive rights over your data ecosystem. You possess the right to: Request access to your data, demand correction of inaccuracies, request erasure (the "Right to be Forgotten", where legally permissible), object to specific processing, and request data portability. To execute a legal Subject Access Request, contact our Data Protection Officer at info@corvyaglobal.com with the subject line "Formal Privacy Request." Verification of identity will be legally mandated prior to fulfillment.