Verification Privacy Notice
Scope and Application
This Privacy Notice explains the collection, processing, retention, and protection of personal data in connection with the Kaharagian Verification service at verify.kaharagia.org.
The Service is open to the public and may be used without registration. The personal data processed is therefore minimal, but lookup activity and any messages sent through the Alias Token contact channel are processed under this Notice.
This Notice forms an integral part of, and shall be read in conjunction with, the Verification Terms of Service.
Data Controller and Responsible Authority
The data controller is the Principality of Kaharagia, acting through its competent sovereign institutions. Day-to-day oversight of the Service is exercised by the Office of Digital Government & Cybersecurity, Secretariat of State, in coordination with the institutional authorities responsible for each underlying register.
Nature and Purpose of the Service
The Service exists to allow any member of the public to confirm the authenticity and status of a Kaharagian-issued Record (a document, credential, or animal registration), without disclosing the personal contact details of the Record Holder.
Privacy Invariant
A defining feature of the Service is that the Record can be verified without identifying or locating the Record Holder. The Service surfaces only the information necessary to make a verification meaningful, and routes any contact attempt through an Alias Token channel that protects the Record Holder's contact details.
Categories of Personal Data Processed
Lookup Activity
- The reference, registration number, or token used in the lookup
- The IP address and approximate technical metadata of the device making the lookup
- The timestamp of the lookup
- The verification result returned
Alias Token Contact Channel (data submitted by a User contacting a Record Holder)
- Sender name (where provided)
- Sender contact details (email, phone, where provided)
- Subject and content of the message
- The Alias Token of the targeted Record (which the Service resolves internally to the Record Holder, without disclosing the Record Holder's identity to the sender)
Record Holder Replies
- Where a Record Holder chooses to respond to a message, the content of their reply, and any contact details they voluntarily disclose in that reply, are transmitted to the original sender
General Contact Channel
- Identifying and contact information of any person who writes to the State through the contact form
- Subject and content of the enquiry
Records Returned by the Service
- The Service returns information about a Record from the underlying Kaharagian register. The information returned is filtered server-side to exclude personal contact details and any data not necessary for verification.
Legal Basis for Processing
Personal data is processed on the following legal bases:
Performance of Public Administration Functions: operating an official verification surface for State-issued records.
Compliance with Legal Obligations: security logging, audit, and law enforcement cooperation under Kaharagian law.
Legitimate Interests: protecting the security and integrity of the Service, detecting abuse of the lookup or contact channels, and enabling Record Holders to be reached without disclosure of their contact details.
Purpose Limitation
Lookup activity logs are used only for security, abuse detection, and operational diagnostics. Messages sent through the Alias Token channel are used only to facilitate communication between the sender and the Record Holder. General contact-form submissions are used only to address the matter raised.
The Service does not use lookup activity for behavioural profiling, marketing, or any commercial purpose.
Server-Side Filtering of Public Output
When a Record is returned by the Service, the response is filtered server-side to remove personal contact details and any field not necessary for verification. The filtering is applied before the response leaves the server. The presence of any field in the underlying register does not, in itself, mean that field is exposed by the Service.
Data Retention
- Lookup activity logs are retained for the period necessary for security analysis and abuse detection, under standard rotation, and longer where required for an ongoing investigation.
- Alias Token messages are retained for the period necessary to deliver the message and any reply, plus a reasonable retention period for audit and abuse-handling purposes, after which they are deleted or anonymised.
- General contact-form submissions are retained only as long as necessary to address the matter raised.
- Records in the underlying registers are retained according to the retention rules of those registers, which fall outside the scope of this Notice.
Security Measures
The State implements reasonable technical and organisational measures to protect personal data processed through the Service:
- Server-side privacy filtering applied to all Record output
- Encryption in transit using current TLS standards, with disk-level encryption of underlying storage
- Role-based access controls limiting backend access to authorised personnel
- Logging and audit of administrative access
- Rate limiting and abuse detection on the lookup and contact channels
Notwithstanding these measures, no system can be guaranteed to be absolutely secure.
Data Sharing and Disclosure
Personal data may be shared or disclosed in the following circumstances:
Intra-Governmental Sharing: between competent Kaharagian institutions where necessary for the operation of the Service or the underlying registers.
Legal and Regulatory Requirements: where required by Kaharagian law, judicial order, or lawful law enforcement request.
Alias Token Resolution: internally, the Service resolves an Alias Token to the relevant Record Holder in order to deliver a message. The sender is not informed of the Record Holder's identity, and the Record Holder is informed of the sender's identity only to the extent the sender voluntarily provides it.
The Service does not sell, rent, or trade personal data, and does not disclose Record Holder contact details to third parties through its public surfaces.
International Hosting and Data Transfers
The Service is currently hosted on technical infrastructure located in the Federal Republic of Germany, with the associated domain registered through a registrar also based in the Federal Republic of Germany. Hosting and registrar arrangements may change over time as operational requirements evolve.
Such arrangements do not alter the governing law applicable to personal data, which remains subject exclusively to Kaharagian data protection law and sovereign jurisdiction.
The Service is intentionally available to Users worldwide. Lookups originate from many jurisdictions; processing of lookup metadata of Users outside Kaharagia remains governed by Kaharagian law.
Rights of Data Subjects
Subject to applicable legal provisions, data subjects may:
- Request confirmation of whether personal data concerning them is being processed
- Access personal data held concerning them
- Request correction of inaccurate personal data
- Request deletion of personal data in limited circumstances
For data held in the underlying registers (rather than in the Service's lookup logs or contact channels), rights are exercised through the institution responsible for the register concerned.
Contact and Enquiries
External and Cross-Border Legal Matters
Office of Legal Affairs
legal@state.kaharagia.org
Internal Law and Data Subject Rights
Office of Laws & Justice
justice@state.kaharagia.org
Effect of Correspondence
Submission of correspondence does not create any obligation upon the State to respond within any particular timeframe, does not suspend or toll any proceedings, and does not replace formal legal procedures.
Amendment and Revision
This Privacy Notice may be amended at any time without prior notice. Continued use of the Service following publication constitutes acceptance.
Governing Law
This Privacy Notice is governed exclusively by the laws of the Principality of Kaharagia.