Privacy Policy

Kyvvu BV
Nijmegen, the Netherlands
Email: privacy@kyvvu.com

Introduction

Kyvvu BV (“we,” “our,” or “Kyvvu”) respects your privacy. This policy explains how we handle personal data in connection with our website (kyvvu.com) and our compliance platform.

1. What Data We Collect

From Website Visitors

We collect minimal data:

  • Basic server logs (IP address, browser type, pages visited) automatically collected by our hosting provider
  • Any information you voluntarily provide when contacting us via email

We do NOT:

  • Use cookies or tracking technologies on our website
  • Collect email addresses through forms or newsletters
  • Use analytics tools that track individual users

From Customers and Pilot Participants

Contact and business information:

  • Name, email address, company name
  • Billing information (if applicable)
  • Communication history

This data is collected when:

  • You sign a pilot agreement or customer contract
  • You communicate with us about our services
  • You create an account to access our platform

Platform Data (Compliance Logs)

Important: The Kyvvu compliance platform runs on our clients’ / your infrastructure. We do not collect, store, or process your compliance logs or agent data unless you explicitly grant us access for support purposes.

  • Your compliance data remains on your systems
  • We may temporarily access it only with your authorization to provide technical support
  • We do not use your compliance data for any other purpose

We process personal data based on:

  • Contract performance: To deliver our services to customers (Art. 6(1)(b) GDPR)
  • Legitimate interest: To operate our website and respond to inquiries (Art. 6(1)(f) GDPR)
  • Consent: When you explicitly agree to specific processing (Art. 6(1)(a) GDPR)

3. How We Use Your Data

Website visitor data:

  • To operate and secure our website
  • To respond to inquiries sent to our contact email

Customer data:

  • To deliver the Kyvvu platform and services
  • To communicate about your account and services
  • To provide technical support
  • To fulfill contractual and legal obligations

We do NOT:

  • Sell or rent your personal data
  • Use your data for marketing without consent
  • Share your data with third parties except as described below

4. Who We Share Data With

Minimal sharing:

  • Hosting provider: Our website and infrastructure provider (within EU)
  • Implementation partners: Only when you engage them for pilot or implementation services, and only the information necessary for service delivery
  • Legal requirements: If required by law or legal process

We do not share data with advertisers, data brokers, or other third parties.

5. Data Location and Transfers

Our data is stored in:

  • Netherlands/European Union for business operations
  • Your own infrastructure for compliance platform data

We do not transfer personal data outside the EU except where you choose to deploy the Kyvvu platform on non-EU infrastructure (in which case you control that data).

6. How Long We Keep Data

  • Website server logs: 90 days
  • Business contact data: Duration of business relationship + 7 years (legal retention requirement)
  • Compliance platform data: You control retention; we do not store this data

After retention periods expire, data is securely deleted.

7. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict processing
  • Data portability (receive your data in machine-readable format)
  • Object to processing based on legitimate interest
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

To exercise your rights: Email privacy@kyvvu.com

We will respond within 30 days.

8. Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Access controls and authentication
  • Regular security assessments
  • Incident response procedures

The Kyvvu platform runs on your infrastructure, giving you direct control over security measures for compliance data.

9. Children’s Privacy

Our services are not directed to individuals under 16. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be posted on this page with an updated “Last Updated” date.

For significant changes affecting how we process your data, we will notify customers via email.

11. Contact Us

For privacy questions or to exercise your rights:

Email: privacy@kyvvu.com

Data Controller:
Kyvvu BV
Nijmegen, the Netherlands
Chamber of Commerce: 99594234

Supervisory Authority:
Autoriteit Persoonsgegevens (Dutch DPA)
autoriteitpersoonsgegevens.nl

This privacy policy complies with the EU General Data Protection Regulation (GDPR) and Dutch data protection law.