KeokPrivacy Policy
Contents
1. Data controller
| Controller | Enrique Martínez Marín |
|---|---|
| National ID | 46606968K |
| Address | Ripollet, 08291 Barcelona (España) |
| tins.keok@gmail.com | |
| Platform | KeokVerse (creacioneskeok.com · tinskeok.com) |
2. Personal data we process
2.1 Registration and account data
When you create a KeokVerse account, we collect:
- Name — to personalise your experience.
- Username (public) — visible on your profile and public collection.
- Email address — for authentication, account verification and communications.
- Password — stored in encrypted format (bcrypt); never stored in plain text.
2.2 Profile data (optional)
You may voluntarily add to your profile:
- Profile photo and personalised banner.
- Motto or personal description.
- Information about your collection and display preferences.
2.3 Collection data
When managing your can collection, we process:
- Photographs of cans you upload to the platform.
- Descriptive data about items: brand, year, type, reference, etc.
- Acquisition information: date, origin, batch.
- Item status: owned, wish list, available for exchange.
2.4 Navigation and access data
For security and service maintenance purposes, we automatically log:
- IP address and approximate geolocation data (country/city).
- Browser type, operating system and device.
- Pages visited, date and time of access, session duration.
- Performance data and technical errors.
2.5 Communication data
If you contact us by email or through the contact form, we retain the content of the communication and your contact details in order to respond.
3. Processing purposes and legal basis
We process your personal data for the following purposes, based on the legal grounds indicated pursuant to Article 6 GDPR:
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Creation and management of the user account | Contract performance (Art. 6.1.b) |
| Management of the personal collection and catalogue | Contract performance (Art. 6.1.b) |
| Sending account verification email | Contract performance (Art. 6.1.b) |
| Management of can exchanges and orders | Contract performance (Art. 6.1.b) |
| Fraud prevention, abuse and security | Legitimate interest (Art. 6.1.f) |
| Technical maintenance and improvement of the service | Legitimate interest (Art. 6.1.f) |
| Sending communications about news and community activity | Consent (Art. 6.1.a) — you may unsubscribe at any time |
| Usage analytics via Google Analytics | Consent (Art. 6.1.a) — managed via the cookie banner |
| Advertising via Google Ads | Consent (Art. 6.1.a) — managed via the cookie banner |
| Compliance with legal obligations | Legal obligation (Art. 6.1.c) |
4. Retention periods
We retain your data only for as long as necessary to fulfil the purposes for which it was collected:
- Account and profile data: while the account is active. After deletion, data is retained in blocked form for 3 years to meet potential legal liabilities, then permanently deleted.
- Can photographs: while the account is active or while the image forms part of the shared catalogue. Deleted when the user removes them or when the account is deleted.
- Access logs: maximum 12 months.
- Email communications: 3 years from the last communication.
- Consent records: 5 years as proof of consent given.
5. Recipients and international transfers
Your personal data is not sold or transferred to third parties for commercial purposes. However, we use the following providers who may access your data as data processors:
| Provider | Service | Country | Safeguards |
|---|---|---|---|
| Contabo GmbH | Server hosting | Germany (EU) | Within the EEA — no additional safeguards required |
| Google LLC | Google Analytics (usage statistics) | USA | EU Standard Contractual Clauses (SCCs) + EU-US Adequacy Decision |
| Google LLC | Google Ads (advertising) | USA | EU Standard Contractual Clauses (SCCs) + EU-US Adequacy Decision |
For more information about how Google processes data, please consult the Google Privacy Policy.
6. Your rights as a data subject
Under the GDPR and LOPDGDD, you have the right to:
How to exercise your rights
You may exercise any of these rights by sending an email to tins.keok@gmail.com with the subject 'Exercise of GDPR rights', attaching a copy of your identity document. We will respond within a maximum of 30 working days of receiving your request.
You also have the right to lodge a complaint with the competent supervisory authority in Spain: the Spanish Data Protection Agency (AEPD), at C/ Jorge Juan, 6, 28001 Madrid, or through its electronic office at www.aepd.es.
7. Security measures
We apply appropriate technical and organisational measures to ensure the security of your personal data and protect it against unauthorised access, accidental loss, destruction or alteration, including:
- Encrypted connection via HTTPS/TLS across the entire website.
- Passwords stored using bcrypt encryption with salt; never in plain text.
- Authentication via JWT tokens with defined expiry.
- Server hosted in the European Union (Contabo, Germany) under GDPR regulations.
- Regular database backups.
- Email verification in the registration process.
In the event of a security breach affecting your rights and freedoms, we will notify you within the timeframes and in the manner established by the GDPR.
8. Minors
KeokVerse is not intended for persons under 14 years of age. If you are under that age, you need parental or legal guardian consent to register. If we become aware that we have collected data from a person under 14 without the appropriate consent, we will delete such data immediately.
Parents or guardians may contact us at tins.keok@gmail.com.
9. Changes to this policy
We may update this Privacy Policy to reflect legislative changes, service improvements or new features. When we make significant changes, we will notify you via a visible notice on the platform or by email with reasonable advance notice.
We recommend that you periodically review this page. The 'Last updated' date at the top indicates when the last revision was made.