Privacy Policy

Nayaka is committed to being compliant with all applicable data protection laws. This
document provides an overview of data protection at Nayaka and how it applies
exclusively to resale engagements we have with our customers
Data Protection Registration
Nayaka is registered with the Information Commissioner’s Office (ICO registration:
ZB419818). We are committed to operating in compliance with all applicable data
protection laws, including the Data Protection Act 2018 (DPA) and the requirements
of the General Data Protection Regulation.
Personal Information Held
For all individuals Nayaka will only hold limited personal data: name, job role,
business email and telephone numbers. Nayaka is the data controller of this
information and will respect data subjects’ rights under the GDPR, such as
requesting the personal data we hold or being removed from our systems.
Data exchange with most customers is limited to email and telephone conversations;
we do not record telephone calls or share private emails outside the scope of users
and subjects concerned.
Our Approach to Data Protection
As a small operation, we have only recently introduced bi-annual reviews of our data
protection compliance but this also affords Nayaka greater simplicity when managing
user access to shared personal data stores.
Software License Resale
Nayaka exclusively resells software licenses and consultancy services.
When Nayaka places an order onto a supplier we supply them with the limited
amount of personal information required to fulfil that order. Typically this is limited to
the name, email address and phone number of a license to contact. Nayaka

processes this information as a controller. The suppliers then becomes the data
controller of this information and may use it to contact individuals outside of
Nayaka’s control such as sharing product information, marketing, providing support
and renewals.
Alternative Contacts
If you have any specific questions relating to data protection please either contact
Nayaka’s managing director and data protection officer, Rowan Sinclair
([email protected]) or finance director, Melani Carreno Arispe
([email protected]).


Information Security Policy

1. Purpose
The purpose of this Policy is to safeguard information belonging to Nayaka Limited
and its staff, third parties and customers within a secure environment.
This Policy informs Nayaka’s staff of the principles governing the holding, use and
disposal of information.
It is the goal of Nayaka that:
● Information will be protected against unauthorised access or misuse.
● Confidentiality of information will be secured.
● Integrity of information will be maintained.
● Availability of information / information systems is maintained for service
● Business continuity planning processes will be maintained.
● Regulatory, contractual and legal requirements will be complied with.
● Physical, logical, environmental and communications security will be
● Infringement of this Policy may result in disciplinary action or criminal
● When information is no longer of use, it is disposed of in a suitable
● All information security incidents will be reported to the Data Protection
Officer, and investigated through the appropriate management channel.
Information relates to:
● Electronic information systems (software, computers, and peripherals)
owned or leased by Nayaka Limited.
● Hardware, software and data owned or leased by Nayaka Limited.
● Paper-based materials.
● Electronic recording devices or applications (principally video and audio).
2. The Policy
Nayaka requires all users to exercise a duty of care in relation to the operation and
use of its information systems.
2.1 Authorised users of information systems
With the exception of information published for public consumption, all users
of Nayaka’s information systems must be formally and exclusively authorised
by appointment as a member of staff by a director of the company. Authorised
users will be in possession of a unique user identity. Any password associated
with a user identity must not be disclosed to any other person and must be
changed on a quarterly basis.
Authorised users will pay due care and attention to protect Nayaka’s
information in their personal possession. Confidential, personal or private
information must not be copied or transported without consideration of:
● permission of the information owner
● the risks associated with loss or falling into the wrong hands
● how the information will be secured during transport and at its
2.2 Acceptable use of information systems
Use of Nayaka’s information systems by authorised users will be lawful,
honest and decent and shall have regard to the rights and sensitivities of
other people.
2.3 Information System Owners
Directors who are responsible for information systems are required to ensure
1. Systems are adequately protected from unauthorised access.
2. Systems are secured against theft and damage to a level that is
3. Adequate steps are taken to ensure the availability of the information
system, commensurate with its importance (Business Continuity).
4. Electronic data can be recovered in the event of loss of the primary
source. I.e. failure or loss of a computer system. It is incumbent on all
system owners to backup data and to be able to restore data to a level
commensurate with its importance (Disaster Recovery).
5. Data is maintained with a high degree of accuracy.
6. Systems are used for their intended purpose and that procedures are in
place to rectify discovered or notified misuse.
7. Any electronic access logs are only retained for a justifiable period to
ensure compliance with the data protection, investigatory powers and
freedom of information acts.
8. Any third parties entrusted with Nayaka’s data understand their
responsibilities with respect to maintaining its security.
2.4 Personal Information
Authorised users of information systems are not given rights of privacy in
relation to their use of Nayaka’s information systems. Duly authorised officers
of Nayaka may access or monitor personal data contained in any Nayaka
information system (mailboxes, web access logs, file-store etc).
2.5 Individuals in breach of this policy are subject to disciplinary procedures at the
instigation of the directors with responsibility for the relevant information
system, including referral to the Police where appropriate.
Nayaka will take legal action to ensure that its information systems are not
used by unauthorised persons.
3. Ownership
3.1 The Data Protection Officer has direct responsibility for maintaining this policy
and providing guidance and advice on its implementation.
Information system owners are responsible for the implementation of this
Policy within their area, and to ensure adherence.
Alternative Contacts
If you have any specific questions relating to information security please either
contact Nayaka’s managing director and data protection officer, Rowan Sinclair
([email protected]) or finance director, Melani Carreno Arispe
([email protected]).