Kartatek
Legal

Privacy Policy

Your privacy matters — here is exactly how we handle your data.

Kartatek

Privacy Policy

Your privacy matters — here is exactly how we handle your data

Effective Date: 1 January 2024

Kartatek Solutions Ltd | VAT: 60021843M | Reg: HE408385

www.kartatek.com | my.kartatek.com

1. Introduction

Kartatek Solutions Ltd ("Kartatek", "we", "us", "our"), registered in the Republic of Cyprus (Registration No: HE408385, VAT: 60021843M), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use the Kartatek digital business card platform at www.kartatek.com and my.kartatek.com.

This Policy is compliant with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Cyprus data protection law. By using the Platform, you acknowledge you have read this Policy.

2. Data Controller

The data controller responsible for your personal data is:

  • Company: Kartatek Solutions Ltd

  • Registration Number: HE408385

  • VAT Number: 60021843M

  • Country: Republic of Cyprus

  • Email: kartatek.sales@gmail.com

  • Website: www.kartatek.com

3. Data We Collect

3.1 Account & Registration Data

When you create an account, we collect:

  • Full name

  • Email address

  • Password (stored in hashed/encrypted form — we never store plain-text passwords)

  • If using third-party login (Google, LinkedIn): name, email, and profile picture from that provider

3.2 Profile & Digital Card Data

Information you choose to include in your Digital Card, which may include:

  • Job title, company name, department

  • Phone number(s), address, website URL

  • Profile photo or other media

  • Social media handles or links

This information is provided voluntarily. You control exactly what appears on your card.

3.3 Payment Data

For Paid Plans, payment is processed by Stripe. We receive only:

  • Payment confirmation status

  • Last 4 digits of the card and card brand (for display purposes)

  • Billing name and billing address

Full card numbers are never transmitted to or stored by us. Stripe's privacy policy applies to their processing.

3.4 Usage & Analytics Data

We automatically collect:

  • IP address and approximate geolocation

  • Browser type and version, operating system, device type

  • Pages visited, time spent, features used, click behaviour

  • Referral source / UTM parameters

This is collected via cookies and similar technologies — see Section 8 (Cookies).

3.5 Communications Data

If you contact us by email or through the Platform, we retain records of that communication.

4. Lawful Bases for Processing (GDPR Article 6)

We process your personal data on the following lawful bases:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide the Platform services you have signed up for, including account creation, card management, and payment processing.

  • Legitimate interests (Art. 6(1)(f)): Analytics, security monitoring, fraud prevention, and service improvement, where our interests are balanced against your rights.

  • Legal obligation (Art. 6(1)(c)): Where processing is required by law, such as tax and financial record-keeping.

  • Consent (Art. 6(1)(a)): For marketing emails, Meta Pixel, and non-essential analytics cookies, where we ask for your consent and you may withdraw it at any time.

5. How We Use Your Data

We use your personal data to:

  • Create and manage your account and Digital Cards

  • Process payments and manage subscriptions

  • Provide, maintain, secure, and improve the Platform

  • Respond to your support requests and communications

  • Send transactional emails (account confirmation, password reset, billing receipts)

  • Send marketing or product emails (with your consent — you may unsubscribe at any time)

  • Analyse usage to understand how the Platform is used and how to improve it

  • Detect, investigate, and prevent fraud, security incidents, and abuse

  • Comply with legal obligations and enforce our Terms

6. Data Sharing & Third-Party Processors

We do not sell your personal data. We share it only in the following circumstances:

6.1 Service Providers (Data Processors)

We engage the following third-party processors who act strictly on our instructions:

  • Stripe, Inc. — payment processing (USA, EU-US Data Privacy Framework)

  • Google LLC — authentication (Google Login) and analytics (Google Analytics) (USA, EU-US DPF)

  • Meta Platforms, Inc. — advertising analytics via Meta Pixel (USA, EU-US DPF)

  • Brevo (Sendinblue SA) — email marketing and transactional email (EU, France)

  • LinkedIn Corporation — authentication via LinkedIn Login (USA, EU-US DPF)

  • Hosting and infrastructure providers with servers located within the EU

6.2 Legal Requirements

We may disclose your data if required by law, court order, or regulatory authority, or if necessary to protect the rights, property, or safety of Kartatek, our users, or others.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to equivalent privacy protections. We will notify you in advance.

7. International Data Transfers

Some of our third-party processors are based outside the European Economic Area (EEA), including in the United States. Whenever we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:

  • EU-US Data Privacy Framework (for US processors enrolled in the Framework)

  • Standard Contractual Clauses (SCCs) approved by the European Commission

You may request details of these safeguards by contacting us at kartatek.sales@gmail.com.

8. Cookies & Tracking Technologies

8.1 What We Use

We use the following types of cookies and tracking technologies:

  • Strictly necessary cookies: Required for the Platform to function (session management, authentication). No consent required.

  • Analytics cookies (Google Analytics): Help us understand how users interact with the Platform. Require your consent.

  • Marketing pixels (Meta Pixel): Track conversions and enable remarketing. Require your consent.

  • Email tracking (Brevo): Open and click tracking in marketing emails. Require your consent.

8.2 Your Choices

When you first visit the Platform, you will be presented with a cookie consent banner. You may accept, reject, or customise your preferences. You may change your preferences at any time via the cookie settings link in the footer.

You may also manage cookies through your browser settings. Note that disabling strictly necessary cookies will affect Platform functionality.

9. Data Retention

We retain your personal data for as long as:

  • Your account is active;

  • Required to provide the Services you have purchased;

  • Needed to comply with legal obligations (e.g. financial records: 7 years under Cyprus law);

  • Necessary to resolve disputes or enforce our agreements.

Upon account deletion, we will delete or anonymise your personal data within 30 days, except where retention is required by law. Publicly shared Digital Card data (via public links) is removed when you revoke those links.

10. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.

  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.

  • Right to erasure (Art. 17): Request deletion of your data ('right to be forgotten'), subject to legal exceptions.

  • Right to restriction (Art. 18): Request that we limit the processing of your data.

  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.

  • Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing.

  • Right to withdraw consent (Art. 7(3)): Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

  • Right not to be subject to automated decision-making (Art. 22): We do not use automated decision-making that produces legal or significant effects on you.

To exercise any right, contact us at kartatek.sales@gmail.com. We will respond within 30 days. Your request will be fulfilled free of charge; if requests are manifestly unfounded or excessive, we may charge a reasonable fee.

You also have the right to lodge a complaint with your supervisory authority. In Cyprus, this is the Office of the Commissioner for Personal Data Protection (www.dataprotection.gov.cy).

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse, including:

  • HTTPS / TLS encryption for all data in transit

  • Encryption of sensitive data at rest (passwords hashed with bcrypt or equivalent)

  • Access controls limiting employee access to personal data on a need-to-know basis

  • Regular security reviews and updates

No transmission over the internet is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. In the event of a personal data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority as required by GDPR.

12. Children's Privacy

The Platform is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us at kartatek.sales@gmail.com and we will promptly delete it.

13. Public Digital Cards

If you share your Digital Card via a public link, the information on that card becomes accessible to anyone with the link. We have no control over what recipients do with publicly accessible information. We encourage you to:

  • Include only information you are comfortable sharing publicly;

  • Revoke public links if you no longer wish the card to be accessible;

  • Review your card content regularly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Platform at least 14 days before they take effect. The 'Effective Date' at the top of this Policy reflects the date of the latest revision.

15. Contact & Complaints

For privacy-related questions, requests, or concerns:

  • Company: Kartatek Solutions Ltd

  • Registration Number: HE408385

  • VAT Number: 60021843M

  • Email: kartatek.sales@gmail.com

  • Website: www.kartatek.com

If you are not satisfied with our response, you have the right to lodge a complaint with:

  • Office of the Commissioner for Personal Data Protection (Cyprus): www.dataprotection.gov.cy

  • Your local EU data protection authority if you reside in another EU/EEA member state

Ready to get your card?

Build your digital business card in under 60 seconds.