Design System Privacy Notice
Scope and Application
This Privacy Notice applies to the Kaharagian Design System at design.kaharagia.org. The Service is a read-only reference site with documentation and downloadable Assets. It does not require registration and does not provide a contact form.
This Notice forms an integral part of, and shall be read in conjunction with, the Design System Terms of Service.
Data Controller
The data controller is the Principality of Kaharagia, acting through the Office of Digital Government & Cybersecurity, Secretariat of State.
Categories of Personal Data Processed
Browsing the Service
- IP address and approximate technical metadata of the device making the request
- Pages and components requested and timestamps
- Referrer URL where transmitted by the browser
Asset Downloads
- Where Assets are downloaded, the filename, size, and timestamp of the request are logged for operational and abuse-detection purposes
- The IP address and metadata of the requesting device are logged
Demonstration Widgets
- Where the Service includes interactive demonstration widgets (such as a country selector), inputs to those widgets are processed transiently to render the demonstration. They are not retained beyond the lifetime of the request, save in ordinary technical access logs.
The Service does not request or process any other personal data.
Cookies
The Service does not set tracking, analytics, or advertising cookies. It may use a small number of strictly necessary cookies or local storage entries for ordinary site functionality.
Legal Basis for Processing
Performance of Public Administration Functions: operating the official design reference.
Compliance with Legal Obligations: security logging, audit, and law enforcement cooperation.
Legitimate Interests: protecting the security and integrity of the Service and detecting abusive download patterns.
Purpose Limitation
Browsing and download logs are used only for security, abuse detection, and operational diagnostics. They are not used for behavioural profiling or marketing.
Data Retention
Browsing and download logs are retained under standard rotation, longer where required for an ongoing security investigation. The published documentation and Assets are not personal data and have no retention period applicable to data subjects.
Security Measures
- Encryption in transit using current TLS standards
- Disk-level encryption of underlying storage
- Logging and audit of administrative changes to the published Assets
- Rate limiting on Asset downloads to deter mass extraction
Data Sharing and Disclosure
Browsing and download data are not shared with third parties save where required by Kaharagian law or by lawful judicial or law enforcement request.
International Hosting and Data Transfers
The Service is currently hosted on technical infrastructure located in the Federal Republic of Germany, with the associated domain registered through a registrar also based in the Federal Republic of Germany. Such arrangements do not alter the governing law applicable to personal data, which remains subject exclusively to Kaharagian data protection law.
Rights of Data Subjects
Subject to applicable legal provisions, data subjects may exercise the rights afforded by Kaharagian law in respect of browsing- and download-log data.
Contact and Enquiries
For data-protection enquiries: justice@state.kaharagia.org. For correspondence from foreign data protection authorities: legal@state.kaharagia.org.
Amendment and Revision
This Privacy Notice may be amended at any time without prior notice. Continued use of the Service following publication constitutes acceptance.
Governing Law
This Privacy Notice is governed exclusively by the laws of the Principality of Kaharagia.