Privacy Policy

Effective Date: November 15, 2025

Data Controller

Keystone Cipher

Kurfürstendamm 195

10707 Berlin, Germany

Phone: +49 30 8472 5193

Our Commitment to Your Privacy

At Keystone Cipher, we understand that trust is foundational to our relationship with clients. This Privacy Policy explains how we collect, use, protect, and manage your personal information in compliance with the European Union's General Data Protection Regulation and applicable German data protection laws.

We are committed to protecting your privacy and ensuring transparent practices regarding your personal data. This policy applies to information collected through our website, email communications, and any services we provide.

Information We Collect

Information You Provide Directly

When you contact us or use our services, you may provide:

Contact Information: Name, email address, phone number, business address
Business Information: Company name, industry, business structure, tax identification numbers
Financial Information: Banking details, transaction records, invoices, expense documentation
Communication Content: Messages sent through contact forms, emails, or during consultations

Information Collected Automatically

When you visit our website, we may automatically collect:

Technical Data: IP address, browser type, operating system, device information
Usage Data: Pages visited, time spent on pages, navigation paths, referring websites
Location Data: General geographic location based on IP address (country and city level)
Cookie Data: Information stored through cookies and similar technologies (see our Cookie Policy)

Information from Third Parties

We may receive information about you from:

Public business registries and databases
Professional references or referrals
Analytics providers and advertising platforms
Financial institutions for payment processing

How We Use Your Information

Service Delivery

Providing accounting, bookkeeping, and financial consulting services
Communicating about your account and our services
Processing transactions and maintaining financial records
Responding to inquiries and providing customer support

Legal Basis: Contract performance and legitimate business interests

Website Improvement and Analytics

Understanding how visitors use our website
Improving website functionality and user experience
Analyzing trends and usage patterns
Testing new features and services

Legal Basis: Legitimate business interests and consent (where required)

Marketing and Communications

Sending newsletters and service updates (with your consent)
Providing information about new services or offerings
Conducting customer satisfaction surveys
Displaying relevant advertisements

Legal Basis: Consent (which you can withdraw at any time)

Legal and Regulatory Compliance

Complying with accounting standards and tax regulations
Meeting legal obligations for record retention
Preventing fraud and ensuring security
Responding to legal requests and protecting our rights

Legal Basis: Legal obligation and legitimate interests

How We Share Your Information

We do not sell your personal information. We may share your data only in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist with website hosting, email delivery, payment processing, analytics, and cloud storage. These providers are contractually obligated to protect your data and use it only for the services they provide to us.

Professional Advisors

We may share information with lawyers, accountants, auditors, or other professional advisors when necessary for legal or business purposes.

Legal Requirements

We may disclose information when required by law, court order, or government regulation, or to protect our rights, property, or safety.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

How We Protect Your Information

We implement comprehensive security measures to protect your personal information:

Technical Safeguards

Encryption of data in transit and at rest
Secure socket layer technology
Regular security audits and updates
Firewall protection and intrusion detection

Administrative Safeguards

Access controls and authentication
Employee training on data protection
Confidentiality agreements with staff
Incident response procedures

Physical Safeguards

Secure office facilities
Controlled access to data storage
Secure document destruction
Backup and disaster recovery systems

Monitoring

Continuous security monitoring
Regular vulnerability assessments
Audit logs and activity tracking
Breach notification procedures

While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security but are committed to protecting your information to the best of our ability.

Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy or as required by law:

Client Records: Retained for the duration of our business relationship plus the statutory retention period required by German tax law (typically ten years)
Financial Documents: Retained according to accounting standards and tax regulations (generally ten years)
Website Analytics: Aggregated data retained indefinitely; individual data retained for 26 months
Marketing Consent: Retained until you withdraw consent or for three years of inactivity
Correspondence: Retained for the duration of our relationship plus three years

After the retention period expires, we securely delete or anonymize your personal information unless we have a legal obligation to retain it longer.

Your Privacy Rights

Under the GDPR and German data protection law, you have the following rights:

Right to Access

You can request a copy of the personal information we hold about you, including details about how we use it.

Right to Rectification

You can ask us to correct inaccurate or incomplete personal information.

Right to Erasure

You can request deletion of your personal information in certain circumstances, subject to legal retention requirements.

Right to Restrict Processing

You can ask us to limit how we use your personal information in specific situations.

Right to Data Portability

You can request a copy of your personal information in a structured, commonly used format for transfer to another service provider.

Right to Object

You can object to processing of your personal information for direct marketing or based on legitimate interests.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time.

Right to Lodge a Complaint

You have the right to file a complaint with the German data protection authority (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit) if you believe we have violated your privacy rights.

To exercise any of these rights, please contact us using the information provided at the top of this page. We will respond to your request within one month.

Your Rights and Opt-Out Instructions

You are not required to provide any personal information when using this website. If you prefer not to share your data, you may:

Avoid filling out contact forms, account registrations, or any data-submitting features
Disable cookies through your browser settings (see our Cookie Policy for more details)
Contact us directly to request the deletion of any previously shared personal data

We respect your privacy choices. If you would like us to delete your data, please reach out to us at the contact details provided on our Contact page. We will process your request promptly in accordance with applicable law.

International Data Transfers

Your personal information is primarily processed and stored within the European Economic Area. If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

Standard contractual clauses approved by the European Commission
Adequacy decisions recognizing equivalent data protection standards
Binding corporate rules for intra-group transfers

Children's Privacy

Our services are directed to businesses and adults. We do not knowingly collect personal information from individuals under 16 years of age. If you believe we have inadvertently collected information from a child, please contact us immediately so we can delete it.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or services. We will notify you of significant changes by:

Updating the effective date at the top of this page
Posting a notice on our website homepage
Sending an email notification to registered users (for material changes)

We encourage you to review this policy periodically to stay informed about how we protect your information.

Questions or Concerns?

If you have questions about this Privacy Policy or how we handle your personal information, please contact us. We're committed to addressing your concerns and ensuring your privacy rights are respected.