Privacy Policy

1. Overview

K2KEY DIGITAL LTD ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our B2B digital goods marketplace platform (the "Platform").

We are registered in England and Wales under company number 15643526, with our registered office at 71-75 Shelton Street, London, WC2H 9JQ. We are the data controller responsible for your personal data.

By using our Platform, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not access or use our services.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide to us when you:

• Register for a supplier account (name, email, phone, company details)
• Complete KYC/AML verification (passport, address proof, business registration)
• Complete transactions (bank details, payment information)
• Contact our support team
• Subscribe to our communications

2.2 Business Information

For supplier accounts, we collect:

• Company name, registration number, and tax ID
• Business address and contact details
• Director/owner identification documents
• Proof of authorization to sell digital goods
• Transaction history and sales data

2.3 Automatically Collected Information

When you access our Platform, we automatically collect:

• IP address and device information
• Browser type and version
• Operating system
• Access times and dates
• Pages viewed and features used
• Referral source

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our Platform
• Process transactions and facilitate payments (T+7 to T+14 settlement)
• Verify supplier identity and comply with KYC/AML regulations
• Communicate with you about your account and transactions
• Send administrative information and updates
• Monitor and analyze usage trends
• Detect, prevent, and address fraud and security incidents
• Comply with legal obligations
• Enforce our terms and policies

4. Legal Basis for Processing (GDPR)

Under the UK GDPR and Data Protection Act 2018, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing necessary to perform our contract with you (providing the Platform services)
• Legal Obligation: Compliance with tax, anti-money laundering (AML), and financial regulations
• Legitimate Interests: Fraud prevention, platform security, and service improvement
• Consent: Marketing communications and non-essential cookies

5. Data Sharing and Third Parties

We may share your information with:

• Payment Processors: To process withdrawals (Bank transfers, PayPal, Crypto processors)
• Identity Verification Services: For KYC/AML compliance
• Cloud Service Providers: Hosting and data storage (UK-based servers)
• Legal Authorities: When required by law or to protect our rights
• Professional Advisors: Accountants, lawyers, and auditors

We do not sell your personal data to third parties for marketing purposes.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Platform and store certain information.

6.1 Types of Cookies We Use

• Essential Cookies: Necessary for the Platform to function (session management, security)
• Analytical/Performance Cookies: Help us understand how visitors interact with our Platform (Google Analytics)
• Marketing Cookies: Used to deliver relevant advertisements and track campaign performance

6.2 Cookie Consent

Upon your first visit, you will be asked to consent to non-essential cookies. You can manage your preferences at any time through your browser settings or our cookie banner.

7. Your Data Protection Rights

Under UK and EU data protection laws, you have the following rights:

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data (subject to legal obligations)
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us at [email protected].

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Information: Retained for the duration of your account plus 6 years (legal requirement)
• Transaction Records: Retained for 7 years (tax and financial regulations)
• KYC Documents: Retained for 5 years after account closure (AML requirements)
• Marketing Data: Retained until you unsubscribe or delete your account

After these periods, data is securely deleted or anonymized.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Regular security audits and penetration testing
• Access controls and role-based permissions
• Employee training on data protection
• Incident response procedures

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).