This Privacy Policy describes how Tharass ("we", "us", or "our") collects, uses, and protects your personal information when you use the KeyCase platform and services ("Service"). We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.
1. Data Controller Information
Tharass is the data controller responsible for your personal data.
Company Registration Number: 53000102
Address: Jan Rebelstraat 16-E, 1069CC Amsterdam, Netherlands
Email: info@keycase.io
2. What Personal Data We Collect
We collect the following types of personal data:
Account Information: Name, email address, and password when you create an account.
Usage Data: Information about how you use our Service, including IP address, device information, browser type, pages visited, and time spent on pages.
Communication Data: Information you provide when contacting us, including support requests and feedback.
Payment Information: Billing details and payment card information (processed by secure third-party payment processors).
Cookies and Tracking Data: Information collected through cookies and similar tracking technologies.
3. Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR:
Contract Performance: To provide our Service and fulfill our contractual obligations to you.
Legitimate Interests: To improve our Service, conduct analytics, and maintain security.
Consent: For marketing communications and non-essential cookies (where required).
Legal Obligation: To comply with applicable laws and regulations.
4. How We Use Your Personal Data
We use your personal data for the following purposes:
Service Provision: To provide, maintain, and improve the KeyCase platform.
Account Management: To create and manage your user account.
Communication: To respond to your inquiries and provide customer support.
Security: To protect against fraud, abuse, and security threats.
Analytics: To understand how users interact with our Service and improve functionality.
Marketing: To send you updates about our Service (with your consent where required).
Legal Compliance: To comply with legal obligations and protect our rights.
5. Data Sharing and Disclosure
We do not sell your personal data. We may share your data in the following circumstances:
Service Providers: With trusted third-party vendors who help us operate our Service (e.g., hosting, payment processing, analytics).
Legal Requirements: When required by law, court order, or to protect our rights and safety.
Business Transfers: In connection with a merger, acquisition, or sale of assets.
Consent: With your explicit consent for specific purposes.
All third parties are bound by data protection agreements and are required to protect your data.
6. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure adequate protection through:
Adequacy Decisions: Transfers to countries with adequate data protection as recognized by the European Commission.
Standard Contractual Clauses: Using EU-approved standard contractual clauses with service providers.
Certification Programs: Working with providers certified under approved data protection frameworks.
7. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy:
Account Data: Retained while your account is active and for 30 days after account deletion.
Usage Data: Retained for up to 2 years for analytics and service improvement.
Communication Data: Retained for up to 3 years for customer service purposes.
Legal Requirements: Some data may be retained longer to comply with legal obligations.
8. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
Right of Access: Request a copy of your personal data we hold.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing: Request limitation of processing in certain circumstances.
Right to Data Portability: Request transfer of your data to another service provider.
Right to Object: Object to processing based on legitimate interests or for marketing purposes.
Right to Withdraw Consent: Withdraw consent for processing based on consent.
To exercise these rights, contact us at info@keycase.io.
9. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience:
Essential Cookies: Necessary for the Service to function properly.
Analytics Cookies: Help us understand how users interact with our Service.
Functional Cookies: Remember your preferences and settings.
Marketing Cookies: Used for targeted advertising (with your consent).
You can control cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
Encryption: Data is encrypted in transit and at rest.
Access Controls: Strict access controls and authentication procedures.
Regular Audits: Regular security assessments and vulnerability testing.
Staff Training: Regular training on data protection and security best practices.
Incident Response: Procedures for detecting, reporting, and investigating security incidents.
While we strive to protect your data, no method of transmission over the internet is 100% secure.
11. Children's Privacy
Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us immediately.
12. Data Protection Officer
For data protection inquiries, you can contact our Data Protection Officer at:
Email: dpo@keycase.io
Address: Jan Rebelstraat 16-E, 1069CC Amsterdam, Netherlands
13. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. In the Netherlands, the supervisory authority is:
Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
Website: autoriteitpersoonsgegevens.nl
Email: info@autoriteitpersoonsgegevens.nl
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
Email notification to registered users
Prominent notice on our website
In-app notifications
Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.
15. Contact Information
If you have any questions about this Privacy Policy or our data practices, please contact us:
Tharass
Email: info@keycase.io
Address: Jan Rebelstraat 16-E, 1069CC Amsterdam, Netherlands
Data Protection Officer: dpo@keycase.io