At Keeping, we find your privacy extremely important. In order to use our website(s) and product(s) properly, personal and business data is collected. We carefully protect this data against misuse, loss, theft and unlawful processing. This privacy and processing statement applies throughout Keeping B.V., so that it is always clear to you how we handle data.
We store all data that you enter via our website(s) and product(s) in a centralized database.
You can choose which personal data is made available to Keeping and are responsible for considering whether the purpose and nature of the data is appropriate for the processing by Keeping.
In addition to data that you enter yourself, we also collect data that arises during the use of our website(s) and product(s).
When using our website(s) and product(s), we use functional cookies. Without these cookies, it is not possible to log in. These include cookies called: keeping_session for authorization and keeping track of personal preferences, xsrf-token for abuse prevention, keeping-lb for server assignment and remember_web to be able to log in again quickly. These cookies are placed immediately without confirmation.
For our website(s), we use Google Analytics and Google Adwords ad attribution and place, after your approval, cookies called: _ga, _gid. The data collected in this way is used for marketing purposes and to improve our website.
We do not track individual users with a User ID and do not collect data for targeting purposes. We only apply Google Adwords advertising attribution when registering a new user.
Google Analytics and Google Adwords are only processed in our website(s) and not in our product(s). During regular use of the Keeping software, no data will be forwarded to Google Analytics or Google Adwords. Within our product(s), we do collect usage data. This is stored in our internal database that is not shared with third parties.
In the context of the GDPR, we have a processing agreement with Google.
If errors or peculiarities occur during the use of our product(s), we record these automatically in some cases. We do this to ensure the quality and security of our product(s). The collection of error reports and log files is anonymized as much as possible.
When using our website(s) and the Keeping web application, pseudonymized error reports are automatically forwarded to Bugsnag or Tideways, tools for monitoring and analyzing error reports. In addition, log files from our website(s) and web application are aggregated and forwarded to a tool from Solarwinds for searching large log files. These log files are retained for a maximum of one year before being deleted.
In order to monitor the performance of our server(s), website(s), and web application, pseudonymized reports of each web transaction are forwarded to Tideways. These reports allow us to detect, analyze, and immediately intervene in real-time performance-impairing issues.
When using our applications for iOS and Android, anonymized error reports are collected and forwarded to Firebase, another tool for monitoring and analyzing error reports.
In the context of the GDPR, we have a processing agreement with Firebase, Bugsnag, and Solarwinds.
To ensure that all emails from our product(s) reach you correctly, we use Postmark, a service for reliably sending emails from an application.
The content of sent messages is known to Postmark and is retained for 45 days after sending. We do not keep track of whether an email message has been opened, nor do we keep track of whether a link in an email has been clicked.
Push messages are sent to, among others, our iOS and Android applications via a service managed by the operating system manufacturer. The content of the push message is only forwarded by the service and not stored.
In the context of the GDPR, we have a processing agreement with Postmark.
At Keeping, we ensure appropriate technical measures and internal policies to ensure that all data we collect is properly secured against misuse, loss, theft or unlawful processing. Keeping guarantees that the persons who have access to data in Keeping under its responsibility have a duty of confidentiality.
All connections with the web application and via the API link are via an encrypted TLS connection.
Keeping uses a cloud provider for hosting and data storage: Digital Ocean. Data is stored encrypted on physical data carriers under the direct management of this cloud provider.
Our infrastructure is monitored by the technicians of Twisted Bytes. They ensure that the servers perform optimally, are properly secured at machine level and immediately investigate if there is a problem.
In the context of the GDPR, we have a processing agreement with Digital Ocean and Twisted Bytes.
When you send emails or other messages to us, we may retain those messages. Emails are processed by HelpScout and G Suite. Sometimes we ask you for personal data that is relevant to the situation in question. This enables us to process your questions and respond to your requests. We will not combine this data with other personal data that we have.
In the context of the GDPR, we have a processing agreement with both HelpScout and Google.
Do you pay for Keeping with a credit card? Then our payment partner Stripe will store this data securely. We ourselves cannot access the credit card data. Do you want to delete your credit card data? Then change your payment method, and the data will be removed from Stripe.
Are you late with your payment? Then we can give you the option to pay manually via an internet page via our secondary payment partner Mollie. Mollie keeps track of transactions for administrative purposes.
It is always possible to delete your user account for our product(s). You can do this by logging in to our website and going to 'My account' via the right menu and then deleting your user account via 'Delete my account'.
Data belonging to an entire organisation, such as time registrations, will be deleted as soon as the organisation is deleted. You can do this by logging in to our website and going to 'Settings' within the organisation via the menu. On the page you can then schedule deletion under 'Delete the organisation'. A period will then start in which you can restore your organisation for 14 days before it is permanently deleted.
After deleting an organisation or a user account, it can take up to two months before this data has also disappeared from our backups.
In the context of the General Data Protection Regulation (GDPR), your organisation is the controller of data entered in Keeping. We are the processor of this data. Your organisation is therefore responsible for the data that team members from your organisation enter in Keeping. Your organisation is represented by the organisation owner designated by you. On request we can send you a signed processor agreement. On our website you can find a list of all our (sub)processors.
In the event of a possible data breach, Keeping will contact the organisation owner by email within 72 hours of discovering the breach. The following information will be shared in any case:
If the purchasing organisation submits a (provisional) notification to the Dutch Data Protection Authority about a data breach at Keeping, without the purchasing organisation having discussed this with Keeping in advance, the purchasing organisation is liable for any damage and costs incurred by Keeping. The purchasing organisation is also obliged to immediately withdraw such a notification.
Keeping will, where possible, cooperate with reasonable requests from users relating to the rights invoked by the user with Keeping. If you have any questions about this privacy and processing statement, you can contact us:
Keeping is entitled to change and/or supplement the content of this privacy and processing statement at any time. If we make changes, we will make this known via our website(s) or via e-mail.