Privacy policy
Keywhake
In full transparency, the company informs you about the processing of your personal data, in a concise, transparent and comprehensible manner, through this privacy policy. All personal data is processed with loyalty, transparency and lawfulness by your service provider, who is responsible for processing personal data on this website.
Article 1. Applicable law – legal basis
This present confidentiality policy is ensured in compliance with the following legal requirements:
- Articles 12, 13 and 14 of the General Data Protection Regulation (GDPR) 2016/679 of the European Parliament and of the Council.
- Data Protection Act No. 78-17 of 6 January 1978 relating to data processing, files and freedoms amended by Law No. 2018-493 of 20 June 2018 relating to the protection of personal data for matters of processing of personal data.
- Law No. 2004-575 of 21 June 2004 for confidence in the digital economy: for any deletion of contentious content.
The legal bases are as follows:
- Consent (for subscribing to the newsletter and prospecting emails)
- Execution of a contract (for the performance of a service)
- Legal obligation (for invoicing)
Article 2. Collection of personal data
Personal data is collected automatically, for commercial, statistical and prospecting purposes, when a contact form is filled out, an appointment is made, an online quote request or the issuance of an invoice, as soon as necessary. The processing of personal data may not concern:
- racial or ethnic origin,
- political opinions,
- religious or philosophical beliefs,
- trade union membership,
- genetic data,
- biometric data for the purpose of uniquely identifying
- a natural person,
- data concerning health or data concerning sexual life
- the sexual orientation of a natural person,
- criminal convictions and offences.
The data collected are:
- Name
- First name
- Email address
- Telephone number (if means of contact desired by the client)
- Company information (name, identification and VAT numbers, address or any other legally required information)
- Contact details
- Client’s social networks (if necessary during the service)
- Website URL
Article 3. Purpose of processing personal data
The processing of personal data is deemed lawful when at least one of the conditions is met:
- The user of this website has consented to the processing of his/her personal data in order to have access to the company’s free services.
- The processing is necessary for the performance of a contract with the service provider.
- The processing is necessary for the company to comply with a legal obligation, to protect the vital interests of the data subject or another natural person or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
| Collected data | Purpose |
| Last name | Customer identification – invoices – contracts |
| First name | Customer identification – invoices – contracts |
| Bank details | Payment of an invoice |
| Postal address | Customer identification – invoices – contracts |
| Mobile phone number | Customer identification – invoices – contracts – contact during the service |
| Email address | Customer identification – invoices – contracts – sending files and/or prospecting messages (offers, discounts) |
| Social media profile | Service provision |
| Website URL | Service provision |
Article 4. Consent to the collection of personal data
The User must give his consent to the collection of personal data to benefit from the service provider’s services.
It is possible to withdraw this consent at any time, in the simplest of formalities, by written contact to the service provider. The User who withdraws his consent is aware that this does not call into question the legality of the previous processing of his personal data.
In accordance with Article 9 of the Civil Code, all customers have the right to the protection of their image, including their voice, and their privacy. The use of photographs, audio and videos concerning them must be the subject of a transfer of image rights consented to in writing, by the acceptance of this present legal document. The transfer of image rights consented to by the customer is valid for 5 years from his written authorization. This also includes the right to collect the customer’s personal data, within the framework of a collective event (masterclasses, workshops, training). The image rights assigned apply to all written, audio and video media necessary to promote the services provided by the company, produce advertising or prospecting content, on any media of any nature whatsoever. The exploitation of the media concerned by the image rights is restricted to the European Union.
Article 5. Recipients of data
The recipient of the personal data is the company responsible for processing personal data on this website. No personal data is transmitted, sold or rented to third parties. It does not use any personal data subcontracting services.
Article 6. Record of processing activities
In principle, each data controller must keep a register of the processing activities carried out under their responsibility, mentioning:
- The name and contact details of the data controller
- The purposes of the processing
- A description of the categories of persons concerned and the categories of personal data
- The categories of recipients who have become aware of the personal data or the methods of transferring personal data to a third country or an international organisation
- The deadlines provided for the erasure of the different categories of data
- The general description of the technical and organisational security measures
This register takes the form of a document which may be electronic or in paper form.
The CNIL supervisory authority must have access to it upon simple request, in particular when the company exceeds 250 employees or if its activities involve a recurring risk to the rights and freedoms of the persons concerned.
Article 7. Right of access to data
Any person concerned by the processing of his or her personal data has the right to obtain from the controller confirmation of the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients established in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, where not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- when the personal data are not collected from the data subject, any available information as to their source
- the existence of automated decision-making, including profiling.
Therefore, the company must provide him with a copy upon simple written request.
Article 8. Right to modify personal data
Any person concerned may request the company to obtain the rectification of personal data concerning them, if they are inaccurate. They may also request to complete, in writing, the personal data that are collected by the service provider.
Article 9. Right to delete personal data
Every user or customer has the right to be forgotten. The persons concerned by the processing of their personal data may request the deletion of the data if one of the following cases arises:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws the consent on which the processing is based,
- the data subject objects to the processing;
- the personal data have been unlawfully processed;
- the personal data must be erased to comply with a legal obligation provided for by Union law or by the law of the Member State to which the controller is subject;
- the personal data have been collected in the context of the offer of information society services,
The personal data collected are automatically erased after 3 years of collection by the service provider.
Article 10. Right of opposition and limitation
Any person affected by the processing of personal data may refuse to consent to it, or freely limit its scope, where one element applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes their erasure and requests instead the restriction of their use;
- the controller no longer needs the personal data for the purposes of the processing, but they are still necessary for the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to the processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
Article 11. Right to portability
The portability of personal data is a right for any data subject who wishes to transmit their data to another data controller, without opposition from the service provider, when this is technically possible and does not infringe the rights of third parties. Any request to this effect must be made in writing to the service provider.
Article 12. Security of processing
To maintain a low risk of personal data leaks, the company can strengthen its data retention measures: implement pseudonyms, encryption, a crisis protocol or reassess the levels of the protocol in force.
The risks to be assessed in the context of processing are of several types, such as the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored or otherwise processed, or unauthorized access to such data, accidentally or unlawfully.
In the event of a proven risk of personal data breach, the data controller must communicate to the data subject, in clear and simple terms, any information and measures concerning the resolution of the problem.
Article 13. Controller of personal data
The person responsible for processing personal data is: Michee Amandine, whom you can contact at: support@keywhake.com and by mail at 231 rue Saint-Honoré 75001 Paris 01, France.
The data controller implements technical, organizational and professional measures to effectively review and update the collection and processing of your personal data. To do this, it takes into account the nature, scope, context and purposes of the processing as well as the risks, the degree of probability and severity of which varies, for the rights and freedoms of natural persons.
It undertakes to cooperate and work, in all intelligence, with the supervisory authority, upon simple request from the latter, as part of the execution of its missions.
Article 14. Moderation of comments
Any comment and opinion left on this website may be subject to moderation, and any abusive comment will be deleted by reporting or directly by the service provider.
Comments may be subject to moderation by the service provider, upon reporting or in the event of a finding of non-compliance by others, in accordance with Law No. 2004-575 of June 21, 2004 for confidence in the digital economy on any deletion of contentious content.
Article 15. Cookies
By browsing this site, you accept that the website can install cookies in your browser, in order to benefit from the services of the service provider.
The User has a right of access, rectification, portability and deletion of his data, or limitation of processing, in accordance with the law « Informatique et Libertés » of January 6, 1978 modified and the European Regulation n ° 2016/679 / EU of April 27, 2016.
Any complaint on this subject must be brought to the service provider.
You can therefore freely refuse the use of cookies by the settings menu of your browser.
In the event that you do not want us to collect your personal data, you will not be able to use all the services of the site, such as a request for contact or service, the collection of information to receive newsletters. Indeed, certain information concerning you is necessary for the use of our site, and can collect data on your IP address, your browser, your access times, automatic pre-filling.
This information collected by this website is used exclusively for internal statistical purposes, in order to improve the quality of the services offered to you.
The databases are protected by the provisions of the law of 1 July 1998 transposing Directive 96/9 of 11 March 1996 on the legal protection of databases.
- Cookies are used to:
Offer you an optimal experience. - Identify you once registered as a user.
- Monitor and analyse the performance, operation and efficiency of the website.
- Guarantee the security of our platform and the safety of its use.
Article 16. Complaints – CNIL
In accordance with Article 55 of the General Data Protection Regulation, if you believe that the company has violated your rights regarding the processing of personal data, you can write a complaint to the CNIL as soon as possible, ideally within 72 hours at the latest after becoming aware of it. The notification of the breach must:
- describe the nature of the personal data breach including, where possible, the categories and approximate number of data subjects affected by the breach and the categories and approximate number of personal data records affected;
- identify the name and contact details of the data protection officer or another point of contact from whom additional information may be obtained;
- describe the likely consequences of the personal data breach;
- describe the measures taken or that the controller proposes to take to address the personal data breach, including, where appropriate, measures to mitigate its possible negative consequences.
Last updated on: January 16th, 2025