Contact KRM | Schedule a Security Consultation

This Privacy Policy applies to all data processed by Kennedy Risk Mitigation across its full operational ecosystem. It governs how information is handled from the point of initial interaction through service delivery, reporting, and post-engagement retention.

A. Digital Interactions

This includes all engagements through our website and digital platforms. Coverage extends to both active and passive interactions such as:

Users browsing pages, navigating content, or interacting with site features
Submission of contact forms, consultation requests, or service inquiries
Completion of Risk Guard assessments or other structured intake forms
Direct communications initiated via email or phone

This ensures that all user engagement—whether intentional (form submissions) or passive (site interaction)—falls within the scope of this policy.

B. Risk Mitigation & Investigation Services

This policy governs all data processed as part of our core service offerings. These services often involve complex and sensitive information required to assess, analyze, and mitigate risk.

This includes:

Risk Guard assessments and structured risk evaluations
Internal investigations involving corporate, operational, or personnel-related matters
Due diligence processes conducted for business or compliance purposes
Analytical reporting, findings, and mitigation recommendations

All such data is treated with a high level of confidentiality and is processed strictly within the defined purpose of the engagement.

C. Client Communications

All forms of communication that involve the exchange of information fall under this policy. This includes:

Email correspondence between clients and our team
Consultation discussions, whether preliminary or ongoing
Delivery of updates, findings, and investigative reports
Customer support interactions and follow-ups

These communications may contain personal, operational, or sensitive data and are handled in accordance with strict confidentiality protocols.

D. Contractual Engagements

This includes all data exchanged within formal business relationships. Such engagements are governed by legally binding agreements and structured documentation, including:

Master Service Agreements (MSA)
Statements of Work (SOW)
Service deliverables, reports, and documentation

Data processed within these engagements is used solely for fulfilling contractual obligations and ensuring service delivery.

E. Multi-Channel Coverage

This policy applies regardless of how data is collected or transmitted. This includes:

Website interactions and digital communications
Email exchanges and direct consultations
Offline interactions (e.g., signed documents, verbal discussions) that are later digitized

This ensures continuity of data protection across all operational touchpoints.

2. INFORMATION WE COLLECT

We implement a structured and intentional data collection framework designed to support efficient service delivery, enhance user experience, and ensure compliance with applicable legal and regulatory standards. The information we collect is limited to what is necessary to operate our services effectively and maintain high-quality engagement with our clients and stakeholders.

The categories of data collected include:

A. Personal Identification Information

This category includes information used to identify and communicate with individuals within our system. It forms the foundation of our client, tenant, and partner records.

We may collect:

Full name
Email address
Phone number
Mailing or residential address
Identification documents (where required for tenancy verification or legal compliance)

This data enables us to manage accounts, facilitate communication, verify identities, and maintain accurate service records.

B. Risk Assessment & Investigation Data

As part of our core services, we collect detailed information necessary to conduct assessments and investigations. This may include:

Information submitted through Risk Guard assessments
Case-specific data relevant to internal investigations
Supporting documents, records, or evidence provided by clients
Operational or organizational data required for risk analysis

This category represents the most sensitive data we process and is handled with enhanced security and confidentiality measures.

C. Communication Data

To ensure service quality and accountability, we may retain records of communications, including:

Email correspondence
Consultation discussions and meeting notes
Client feedback and service-related inquiries

These records support continuity, clarity, and dispute resolution where necessary.

D. Technical Data (Limited Use)

We may collect limited technical data for system functionality and security purposes, such as:

Basic system interaction logs
Device or access-related metadata (where applicable)

We do not currently deploy advanced tracking tools or behavioral analytics systems.

3. HOW WE USE YOUR INFORMATION

We operate within a strictly purpose-driven data utilization framework. Every category of information collected is mapped to a defined operational need, ensuring that data is never used arbitrarily or beyond the scope of its original intent. This disciplined approach reinforces both compliance and client trust, particularly given the sensitive nature of risk mitigation and investigative services.

A. Service Delivery

The primary use of your information is to enable the execution of our core services with precision and accountability. This includes:

Conducting structured Risk Guard assessments using submitted data inputs
Performing internal investigations that may require detailed analysis of organizational, operational, or individual-level information
Evaluating risk exposure across business processes, personnel, or environments
Developing tailored mitigation strategies based on findings and evidence
Producing formal reports, recommendations, and advisory outputs

All data used in this context is strictly confined to the engagement scope and handled under heightened confidentiality standards.

B. Communication

We utilize collected data to establish and maintain effective communication channels with clients and stakeholders. This includes:

Responding to initial inquiries, consultation requests, and follow-ups
Providing status updates during ongoing assessments or investigations
Delivering reports, findings, and recommendations in a timely manner
Clarifying client requirements, objectives, and expectations

Communication records may also serve as a reference point for ensuring consistency, accuracy, and accountability throughout the engagement lifecycle.

C. Operational Management

To ensure seamless internal operations, we process data for administrative and governance purposes, including:

Structuring and managing contractual relationships (MSA/SOW)
Maintaining internal documentation and audit trails
Supporting internal workflows, task assignments, and case tracking
Ensuring consistency in service delivery standards across engagements

This internal usage is tightly controlled and limited to authorized personnel with a clear operational need.

D. Marketing & Strategic Communication (Limited Scope)

Where applicable and within permissible boundaries:

We may use contact information to share service updates, insights, or relevant communications
Outreach activities are conducted in a targeted and non-intrusive manner
No mass or automated marketing infrastructure is currently deployed
Users retain full control, including the ability to opt out at any time

Marketing use is secondary and never overrides the confidentiality expectations of our core services.

4. LEGAL BASIS FOR PROCESSING

We process data in accordance with recognized legal principles to ensure transparency, accountability, and full compliance with applicable data protection laws. Each instance of data processing is tied to a clearly defined legal basis, ensuring that information is handled lawfully, fairly, and only for legitimate purposes.

A. Contractual Necessity

Data is processed where required to:

Deliver agreed services in accordance with client expectations
Fulfill contractual obligations outlined in agreements such as MSAs and SOWs
Execute risk assessments, investigations, and related advisory services

Without the necessary data, we would be unable to perform our services effectively or meet our contractual commitments.

B. Legitimate Business Interests

We may process data to:

Improve service delivery, operational efficiency, and overall performance
Maintain system integrity, security, and reliability
Detect, prevent, and respond to fraud, misuse, or unauthorized activities

All processing under this basis is carefully evaluated to ensure it does not override the rights and freedoms of individuals. We apply appropriate safeguards and maintain a balanced approach to protect user interests.

C. Consent

Where applicable, we rely on user consent for:

Optional data collection beyond what is strictly necessary
Marketing communications or informational updates

Consent is obtained in a clear and transparent manner, and users retain full control over their preferences. Users may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5. DATA SHARING & DISCLOSURE

Kennedy Risk Mitigation operates under a strict data minimization and controlled disclosure framework. We do not indiscriminately share personal information; instead, any data transfer is carefully evaluated, purpose-specific, and limited to what is necessary to support our operations, comply with legal obligations, or protect stakeholder interests.

Your information may be disclosed under the following controlled circumstances:

A. Service Providers

We may engage trusted third-party vendors and partners to support the delivery of our services and operational infrastructure. These providers act strictly on our behalf and are contractually obligated to maintain the confidentiality, security, and integrity of all data they process.

These may include providers supporting:

Payment processing and financial transactions
Cloud hosting, data storage, and IT infrastructure
Property maintenance coordination and vendor management
Communication systems and customer support tools

All service providers are subject to due diligence assessments and are required to implement appropriate technical and organizational safeguards. They are not permitted to use your data for their own independent purposes.

B. Legal & Regulatory Authorities

We may disclose personal information where such disclosure is necessary to comply with applicable laws, regulations, or legally binding requests.

This includes situations where disclosure is required to:

Fulfill legal or regulatory obligations
Respond to court orders, subpoenas, or lawful investigations
Enforce our terms, agreements, or policies
Protect the rights, safety, or property of the Company, our clients, tenants, or the public

In all such cases, we ensure that disclosures are limited to what is legally required and handled with appropriate confidentiality.

C. Business Transfers

In the event of a corporate transaction such as a merger, acquisition, restructuring, or asset sale, personal data may be transferred as part of the business continuity process.

Under such circumstances:

Data will remain subject to confidentiality obligations
Appropriate safeguards will be maintained to protect user information
Affected users may be notified where required by applicable law

Any successor entity will be required to uphold privacy standards consistent with this policy.

D. Data Protection Principles in Sharing

Across all disclosure scenarios, we enforce key data protection principles, including:

Data minimization: Only necessary data is shared
Purpose limitation: Data is used solely for its intended function
Access control: Only authorized entities can access shared data
Security assurance: Appropriate safeguards are applied during transfer and processing

E. No Sale or Unauthorized Commercial Use

We maintain a strict non-commercialization stance regarding personal data.

We do not sell, rent, or trade personal information to third parties for marketing or profit-driven purposes.

This structured approach ensures that all data sharing activities are conducted responsibly, transparently, and in alignment with industry best practices and regulatory expectations.

6. DATA SECURITY FRAMEWORK

We implement industry-aligned security measures designed to protect personal data against unauthorized access, loss, misuse, or alteration. Our security framework combines technical, administrative, and organizational controls to ensure a high level of data protection across all operations.

These measures include:

Encryption (SSL/TLS): We use encryption protocols to secure data transmitted between users and our systems, ensuring that sensitive information remains protected during online interactions.
Secure Infrastructure: Our systems are hosted on secure servers supported by firewalls and advanced security configurations to prevent unauthorized access and external threats.
Access Control & Authentication: Access to personal data is strictly limited to authorized personnel based on role-specific permissions, supported by authentication mechanisms to prevent unauthorized use.
Monitoring & Risk Management: We conduct regular system monitoring, security checks, and vulnerability assessments to identify and address potential risks proactively.

In addition, we continuously review and enhance our security practices to adapt to evolving threats and industry standards. While no system can guarantee absolute security, we take all reasonable steps to safeguard your

information and maintain the integrity of our systems.

7. DATA RETENTION POLICY

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, while also meeting legal, regulatory, and operational requirements. Our retention approach is guided by the principles of necessity, relevance, and data minimization.

Personal data may be retained for the following reasons:

Service Fulfillment: To manage ongoing relationships, including active tenancies, property management services, and customer support
Legal & Regulatory Compliance: To meet obligations such as record-keeping, tax requirements, and compliance with applicable laws
Dispute Resolution & Enforcement: To resolve disputes, enforce agreements, and establish legal claims where necessary

Retention periods may vary depending on the type of data and the purpose for which it is processed. We periodically review stored data to ensure it remains relevant and necessary.

Once personal data is no longer required, it is securely deleted, anonymized, or otherwise disposed of using appropriate technical and organizational measures to prevent unauthorized access or recovery.

8. YOUR DATA RIGHTS

Depending on your location and the applicable data protection laws, you are granted specific rights that give you greater control over how your personal information is collected, used, and managed by Kennedy Risk Mitigation. These rights are designed to ensure transparency, accountability, and user empowerment within our data processing practices.

A. Right to Access

You have the right to request confirmation of whether we hold personal data about you, along with access to that data. This includes the ability to review the categories of information we store, the purposes for which it is used, and the parties with whom it may be shared.

B. Right to Rectification

If any of your personal information is inaccurate, incomplete, or outdated, you may request that we correct or update it. We are committed to maintaining accurate records to ensure effective service delivery and compliance.

C. Right to Erasure (Right to Be Forgotten)

You may request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent (where applicable). However, certain data may be retained where required by law or for legitimate business obligations such as compliance or dispute resolution.

D. Right to Restrict Processing

In certain circumstances, you may request that we limit the way your data is processed. This means we may store your data but temporarily suspend other processing activities, such as analysis or service usage, while a concern is being reviewed.

E. Right to Object

You have the right to object to certain types of processing, particularly where data is used for legitimate interests or direct marketing purposes. Where valid objections are raised, we will review and cease processing unless we demonstrate compelling legitimate grounds to continue.

F. Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of any processing carried out before consent was withdrawn.

G. Right to Data Portability

Where applicable, you may request a copy of your personal data in a structured, commonly used, and machine-readable format. You may also request that we transfer this data to another service provider where technically feasible.

H. Exercising Your Rights

To exercise any of the rights listed above, you may contact us using the contact details provided in this policy. We will respond to requests within a reasonable timeframe and in accordance with applicable legal requirements.

We may need to verify your identity before processing certain requests to ensure the security and protection of your data.

9. COOKIES & TRACKING TECHNOLOGIES

Kennedy Risk Mitigation uses cookies and similar tracking technologies as part of our digital infrastructure to ensure the website operates efficiently, securely, and in a way that supports an optimized user experience.

Cookies are small data files stored on your device when you visit our website. They play a key role in helping us understand how users interact with our platform and how we can continuously improve performance and usability.

A. Purpose of Cookies

We utilize cookies for several operational and analytical purposes, including:

Enhancing User Experience:
Cookies help remember user preferences, improve navigation, and enable a more seamless interaction with our website across multiple visits.
Website Performance & Analytics:
We analyze aggregated usage patterns to understand how visitors engage with our pages, which allows us to identify areas for improvement, optimize content delivery, and enhance overall site performance.
Functionality Support:
Certain cookies are essential for the proper functioning of core website features, ensuring that pages load correctly and services operate as intended.
Content Personalization (where applicable):
Cookies may be used to tailor content or display relevant information based on user interaction patterns, improving relevance and engagement.

B. Types of Cookies We May Use

Depending on functionality, we may use:

Strictly Necessary Cookies: Required for basic website operations and security features.
Performance Cookies: Help us measure traffic, usage patterns, and system performance.
Functional Cookies: Enable enhanced features such as remembering preferences or form inputs.
Analytics Cookies: Provide insights into user behavior to support continuous improvement.

C. Third-Party Tracking Technologies

In some cases, we may use trusted third-party services (such as analytics or embedded tools) that also place cookies or similar technologies on your device. These third parties operate under their own privacy policies, and we ensure that their integration aligns with our data protection standards.

D. Cookie Management & User Control

You have full control over how cookies are managed on your device. Most web browsers allow you to:

Accept or reject cookies
Delete stored cookies
Configure notifications before cookies are placed

However, disabling or restricting cookies may impact certain features of our website, potentially limiting functionality, personalization, or overall user experience.

E. Continuous Improvement

We periodically review our use of cookies and tracking technologies to ensure alignment with evolving privacy standards, regulatory requirements, and best practices in data protection.

10. THIRD-PARTY LINKS

Kennedy Risk Mitigation may, from time to time, include links on our website that direct users to external or third-party websites. These links are provided strictly for convenience, reference, or supplementary information purposes.

A. External Website Independence

Once you leave our website and access a third-party platform, that external site operates independently and is governed by its own privacy policy, terms of use, and data handling practices. We do not have control over, and are not responsible for, the content, security, or privacy standards of these external websites.

B. User Awareness & Responsibility

We encourage users to exercise due diligence when navigating external links. This includes reviewing the privacy policies and terms of any third-party websites before providing personal information or engaging with their services. Each platform may have different standards regarding data collection, storage, and usage.

C. No Endorsement or Liability

The inclusion of third-party links does not constitute an endorsement, partnership, or recommendation unless explicitly stated. Kennedy Risk Mitigation assumes no responsibility for any loss, damage, or issues arising from the use of third-party websites, services, or content accessed through our platform.

D. Security Considerations

While we strive to link only to reputable and relevant sources, we cannot guarantee the security or integrity of external websites. Users should remain cautious when interacting with unfamiliar platforms, particularly when sharing sensitive or personal information.

E. Continuous Monitoring

We may periodically review external links for relevance and accessibility; however, the responsibility for maintaining and securing those websites remains solely with their respective owners or operators.

11. CHILDREN’S PRIVACY

Kennedy Risk Mitigation takes the protection of children’s personal data seriously and maintains strict safeguards to ensure compliance with applicable data protection and privacy regulations.

Our services, website, and Risk Guard offerings are intended exclusively for use by adults, typically individuals who are 18 years and older, or the age of legal majority in their respective jurisdiction. We do not design, market, or knowingly direct any part of our services toward children or minors under the age of 13 (or the applicable minimum age defined by local law).

A. No Intentional Collection of Minors’ Data

We do not knowingly collect, request, or process personal information from individuals under the age of 13. This includes identifiable data such as names, contact details, identification documents, or any other personal or sensitive information.

B. Unintentional Data Collection

In the unlikely event that we become aware that personal data from a minor has been collected without verified parental or guardian consent, we will take immediate steps to:

Review and verify the information
Delete or securely remove the data from our systems
Prevent further processing of such information

These actions are taken in accordance with applicable legal requirements and internal data protection protocols.

C. Parental & Guardian Responsibility

We encourage parents, guardians, and responsible adults to monitor and guide the online activities of minors. If you believe that a child has provided personal information to us without appropriate consent, you are advised to contact us immediately so that we can take corrective action.

D. Compliance Commitment

We remain committed to complying with global child data protection standards and continuously review our systems to prevent unauthorized data collection from minors.

12. INTERNATIONAL DATA TRANSFERS

In certain operational scenarios, Kennedy Risk Mitigation may process, store, or transmit personal data outside the country in which it was originally collected. This typically occurs due to the global nature of modern digital infrastructure and the use of internationally distributed service providers.

A. Cross-Border Processing Environment

Our systems may rely on secure third-party platforms, cloud hosting services, or technical infrastructure that operate in multiple jurisdictions. As a result, personal data may be accessed or processed in locations outside your country of residence, including regions with different data protection frameworks.

This approach enables us to maintain system reliability, scalability, and service continuity across all operational touchpoints.

B. Safeguards for Data Protection

Where international transfers occur, we implement appropriate technical, organizational, and contractual safeguards to ensure that your personal data remains protected at a standard consistent with applicable data protection principles. These safeguards may include:

Encryption of data during transfer and storage
Restricted access controls for authorized personnel only
Secure hosting environments with industry-standard security protocols
Contractual data protection obligations imposed on third-party processors

These measures are designed to preserve confidentiality, integrity, and availability of personal data regardless of location.

C. Regulatory Alignment

We take reasonable steps to ensure that any cross-border data transfer complies with relevant legal and regulatory requirements. Where required, we rely on recognized legal mechanisms or adequacy frameworks that ensure an equivalent level of data protection in the receiving jurisdiction.

D. Commitment to Data Integrity

Regardless of where data is processed, we remain committed to maintaining consistent privacy standards. All international handling of personal information is governed by the same principles of accountability, transparency, and data minimization that apply throughout our organization.

E. User Awareness

By using our services, you acknowledge that your information may be transferred and processed in jurisdictions outside your own, subject to the protections outlined in this policy

13. POLICY UPDATES

Kennedy Risk Mitigation operates in a dynamic regulatory, technological, and operational environment. As such, we reserve the right to review, modify, and update this Privacy Policy periodically to ensure it remains accurate, relevant, and aligned with current legal requirements and business practices.

A. Reasons for Updates

Updates to this Privacy Policy may be necessary for several key reasons, including:

Regulatory Changes:
Adjustments may be made to comply with new or amended data protection laws, industry regulations, or governmental requirements.
Operational Enhancements:
As our services evolve, we may update this policy to reflect changes in how we collect, use, or manage personal data within our property management operations.
Technological Advancements:
Improvements in systems, infrastructure, security protocols, or digital tools may require updates to ensure the policy accurately represents current practices.

B. Notification of Changes

When updates are made, the revised version of this Privacy Policy will be published on our official website. The “Effective Date” at the top of the policy will also be updated to reflect the most recent revision.

Where required by applicable law or where changes are material in nature, we may also provide additional notice through appropriate communication channels such as email notifications or website alerts.

C. User Responsibility & Continued Use

We encourage users to review this Privacy Policy periodically to stay informed about how their information is being handled.

Continued access to or use of our website and services after any updates have been posted will be considered as acknowledgment and acceptance of the revised Privacy Policy, to the extent permitted by applicable law.

D. Commitment to Transparency

All updates are made with the intention of maintaining transparency, strengthening data protection standards, and ensuring that users remain fully informed about how their personal information is managed.

14. CONTACT INFORMATION

Kennedy Risk Mitigation maintains a dedicated communication channel to ensure that all privacy-related inquiries, data requests, and service concerns are handled in a timely, structured, and professional manner. We value transparency and accountability, and we are committed to providing clear pathways for users to engage with us regarding their personal data or any aspect of this Privacy Policy.

A. Purpose of Contact Channels

Our contact details are provided to support a wide range of user needs, including but not limited to:

Requests to access, update, or delete personal data
Questions regarding how personal information is collected or processed
Submission of complaints, concerns, or privacy-related disputes
General inquiries about our operational or compliance practices

This ensures that users have a direct and reliable route to communicate with us on any data protection or service-related matter.

B. Communication Standards

All inquiries submitted through our official channels are reviewed and handled with:

Confidentiality: Ensuring personal information shared during correspondence is protected
Timeliness: Responding within a reasonable timeframe in accordance with applicable legal or operational standards
Accountability: Ensuring requests are properly documented, tracked, and resolved where applicable
Clarity: Providing clear, actionable responses to support user understanding and resolution

C. Preferred Contact Methods

Users are encouraged to reach us through the following official channels:

Website: https://kennedyrm.com/
Email: : JRobinson@KennedyRM.com
Phone: +18152749904

Where multiple contact options are available, email is typically preferred for formal data requests as it allows for proper documentation and tracking.

Privacy Policy

Contents

SCOPE OF POLICY