PRIVACY POLICY

Keywhake

In full transparency, the company informs you about the processing of your personal data in a concise, transparent, and understandable manner through this privacy policy.

Any personal data is processed fairly, transparently, and lawfully by your service provider, who acts as the data controller for this website.

Who we are

Our website address is: https://www.keywhake.com.

Article 1. Applicable Law – Legal Basis

This privacy policy complies with the following legal requirements:

Articles 12, 13, and 14 of the General Data Protection Regulation (GDPR)
Regulation (EU) 2016/679 of the European Parliament and of the Council.
French Data Protection Act (Loi Informatique et Libertés) No. 78-17 of January 6, 1978, as amended by Law No. 2018-493 of June 20, 2018.
Law No. 2004-575 of June 21, 2004, for confidence in the digital economy, regarding the removal of unlawful content.

The legal bases for processing are:

Consent (for newsletter subscriptions and marketing emails)
Performance of a contract (for service delivery)
Legal obligation (for invoicing)

Article 2. Collection of Personal Data

Personal data is collected automatically for commercial, statistical, and marketing purposes when a contact form is completed, an appointment is booked, a quote request is made, or an invoice is issued, when necessary.

The processing of personal data does not concern:

Racial or ethnic origin
Political opinions
Religious or philosophical beliefs
Trade union membership
Genetic data
Biometric data for uniquely identifying a person
Health data
Data concerning a person’s sex life or sexual orientation
Criminal convictions or offenses

The data collected includes:

Last name
First name
Email address
Phone number (if chosen as a preferred contact method)
Company information (name, registration number, address, or other legally required information)
Contact person details
Client’s social media accounts (if required during service delivery)

Article 3. Purpose of Processing Personal Data

The processing of personal data is considered lawful when at least one of the following conditions is met:

The user has given consent for the processing of their personal data to access the company’s free services.
The processing is necessary for the performance of a contract.
The processing is required for compliance with a legal obligation, the protection of vital interests, or the performance of a task carried out in the public interest or under official authority.

Data Collected	Purpose
Last name	Client identification – communication - invoices – contracts
First name	Client identification – communication - invoices – contracts
Email address	Client identification – invoices – contracts – file delivery and marketing emails (offers, promotions)
Mobile phone number	Client identification – invoices – contracts – contact during service
Postal address	Client identification – invoices – contracts
Bank details	Invoice payment

Collection of Data via the Waitlist Registration Form

The personal data you provide through this form (first name, last name, and email address) is collected by Amandine Michee for the purpose of sending you updates, information about our offers, and announcements regarding the opening and closing of registrations.

Your data will be retained for a maximum of 3 years and will not be shared with third parties. You may withdraw your consent or exercise your rights of access, rectification, or deletion at any time by contacting support@keywhake.com

Article 4. Consent to the Collection of Personal Data

Users must provide consent to the collection of personal data in order to benefit from the services provided.

Consent may be withdrawn at any time by written contact with the service provider. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

In accordance with Article 9 of the French Civil Code, all clients have the right to the protection of their image, voice, and private life. The use of photographs, audio, or video involving clients requires written consent through acceptance of this legal document.

The granted image rights are valid for five (5) years from written authorization and include the collection of personal data during collective events (masterclasses, workshops, trainings). These rights apply to all written, audio, and video materials used to promote services or create marketing or promotional content, within the European Union.

Article 5. Data Recipients

The recipient of personal data is the company acting as the data controller for this website. No personal data is transferred, sold, or rented to third parties. No personal data processing is outsourced.

Article 6. Record of Processing Activities

Each data controller must maintain a record of processing activities including:

Name and contact details of the data controller
Processing purposes
Categories of data subjects and personal data
Categories of recipients or data transfers outside the EU
Data retention periods
General description of technical and organizational security measures

This record may be electronic or paper-based and must be made available to the CNIL upon request, particularly when the company has more than 250 employees or when processing presents recurring risks to individuals’ rights and freedoms.

Article 7. Right of Access

Any person concerned has the right to obtain confirmation from the data controller regarding:

Processing purposes
Categories of personal data
Recipients of the data
Retention period
Rights to rectification, erasure, restriction, or objection
Right to lodge a complaint with a supervisory authority
Source of the data (if not collected directly)
Existence of automated decision-making or profiling

A copy of the data must be provided upon written request.

Article 8. Right to Rectification

Individuals may request correction of inaccurate personal data or completion of incomplete data by written request.

Article 9. Right to Erasure

Any user or client has the right to be forgotten. Personal data may be erased when:

The data is no longer necessary
Consent is withdrawn
The individual objects to processing
The processing is unlawful
Erasure is required by law
The data was collected in relation to online services

Personal data is automatically deleted after three (3) years from collection.

Article 10. Right to Object and Restrict Processing

Individuals may object to or restrict processing when:

Data accuracy is contested
Processing is unlawful but erasure is opposed
Data is no longer needed but required for legal claims
An objection is pending verification

Article 11. Right to Data Portability

Individuals may request transfer of their data to another data controller when technically possible and without infringing third-party rights.

Article 12. Data Security

To minimize risks, the company may implement security measures such as pseudonymization, encryption, crisis protocols, and regular evaluations.

In the event of a data breach, affected individuals will be informed clearly and promptly.

Article 13. Data Controller

The data controller is: Amandine Michee, reachable at support@keywhake.com. The data controller commits to cooperating fully with the supervisory authority upon request.

Article 14. Comment Moderation

All comments and reviews may be moderated. Abusive content will be removed in accordance with Law No. 2004-575 of June 21, 2004.

Article 15. Cookies

By browsing this website, users accept the installation of cookies to access services.

Users may refuse cookies through browser settings, but certain services (contact forms, newsletters) may become unavailable.

Collected information (IP address, browser type, access times) is used exclusively for internal statistical purposes.

Cookies are used to:

Provide an optimal user experience
Identify registered users
Monitor performance and effectiveness
Ensure platform security

Article 16. Complaints – CNIL

In accordance with Article 55 of the GDPR, users may lodge a complaint with the CNIL if they believe their rights have been violated.

Last updated: December 18th, 2025