Dear members,

‍

As the founders of KeyBento, we wanted to write to you — in plain language — about what data we collect from you and your home and how we will (and won’t) use it.

privacy@keybento.com

Of course, if you want all the details, our full privacy policy is below.

Here’s what we want you to know:

• We will never sell your data. Ever. ‍We are committed to protecting your personal data and adhere strictly to GDPR and other privacy laws. Our aim is to be transparent about how we use your information to enhance your experience with KeyBento.
• You deserve to have control over your data. You can email us at any time () and ask to see or delete your profile and home data, and our team will help.
• We take data security seriously. We follow best practices for storing your data securely, and only trusted members of our team can access or share it.

‍We’ll collect only the data we need to:‍

• Sign you up for KeyBento: Your name, other travellers, your email address, your home address, your phone number, a short bio and, your travel preferences — just the basics.
• Process your credit card payments: This information (credit card number and address) is collected by our external credit card processor, Stripe. It is never stored on our servers, and we chose Stripe because they have strong privacy policies themselves, which you can view here.‍
• Personalise KeyBento for your trips: We’ll keep track of your travel preferences - and use that to personalise the home swapping suggestions to your interests and needs, give you updates, and make KeyBento experience better for you.

As part of your membership to ensure safety and trust in the community, we will provide some of your personal data (email address, home address, name, phone number) to a third party provider who will carry out screening check. A valid screening check is required before any member engage in a swap.

Finally, we’re an open book. If you have any questions about privacy, or anything else, just ask! You can send an email to privacy@keybento.com.

Thanks for reading,

‍

Hervé Ky and Ilona Melnychuk

KeyBento Founders

‍

KeyBento Privacy Policy

‍

WE CARE ABOUT YOUR PRIVACY

This Privacy Policy details how KeyBento processes and safeguards your personal data when you engage with our Platform or services, in accordance with the General Data Protection Regulation (GDPR) and other relevant laws. We tell you about your privacy rights and how the law protects you.

‍

PURPOSE OF THIS PRIVACY POLICY

This Privacy Policy aims to give you information on how we process and protect your personal data, as a result of your interest in our Platform and/or Services  in order to guarantee transparency for our users. This is so that you are fully aware of how and why we are using your data.

Please read the following carefully to understand our practices regarding your personal information and how we will treat it. If you do not agree with this Privacy Policy, please do not use our site.

It is important that you read this Privacy Policy together with any other privacy notices or other policies we may provide. This Privacy Policy supplements the other notices and is not intended to override them.

‍

WHO WE ARE & CONTACT DETAILS

KeyBento is an online platform facilitating the connection between members to swap their home or host a member in their home while they are away . When we talk about KeyBento “we”, ‘’our’’ or ‘’us’’ in this policy, we are referring to KeyBento Ltd., the company which provides the Platform and/or Services.

For the purposes of the applicable data protection legislation KeyBento Ltd (company number 14594511) is the Data Controller and is responsible for your personal data (our ICO registration number is ZB582553). This means that we determine the purposes and ways of the processing of your personal data.

If you have any general enquiries related to this Privacy Policy please email us here: privacy@keybento.com. This email address is monitored on a regular basis and we aim to respond to your query as soon as possible.

‍

CHANGES TO THIS PRIVACY POLICY

We may modify this Privacy Policy at any time, however, if we make any material changes to it we will revise the date at the top of the policy and may provide you with notice via sending you an email so that you have the opportunity to review the changes before they become effective.

‍

YOUR DUTY TO INFORM US OF CHANGES

If you object to any of the changes, you have the opportunity to delete your account and any associated information. Once deleted your details will be non-recoverable. If you would like help with this, please email privacy@keybento.com.

It is important that the personal data we hold about you is accurate and current. Please keep us informed should your personal data change during your relationship with us. You can do this at any time by logging into your account.

‍

THE DATA WE COLLECT ABOUT YOU

Personal data, or personal information, means any information about you from which you can be identified. It does not include data where the identity has been removed (anonymous data).

Data Collected By Us

We use different methods to collect data from and about you, including through:

• Direct interactions. We collect information from you when you voluntarily submit information directly to us or via our Platform. This refers to personal data you provide when, for example; you create an account, complete a profile/post a listing, or by corresponding with us via post, phone, email or live chat. This will also include Marketing and Communications Data.
• Automated technologies or interactions. As you interact with our Platform, we may automatically collect Technical and Usage Data about your device, browsing actions and patterns. For example, we collect information which may include your IP address, the browser type, your location, language preferences device information and access times. We collect this personal data by using cookies, pixel tags and other similar tracking technologies. The sole purpose of passively collecting your information is to improve your experience when using our Platform and/or Services.
• Cookies. We use cookies and similar tracking technologies to track the activity on our Platform and may also receive Technical Data about you if you visit other websites employing our cookies. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your devices. You can instruct your browser to refuse all cookies. However, if you do not accept cookies, you may not be able to use some of our Service. Please see our cookie policy for further details.
• We may receive personal data about you from third parties and public sources, for example, the provider that conducts background checks. In this instance we will comply with all necessary data protection obligations.

Data Collected by Third Parties

The Platform may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices. When you leave our website, we encourage you to read the privacy policy of every website you visit.

As part of your membership, we give you the ability to post on your social media account (i.e. Facebook, Instagram) that you are undertaking a particular swap, once you have received your swap confirmation email from us.

As part of your membership, we give you the ability to provide personal data in order to gain external references that can be added to your profile as part of your verification process. This involves you giving us the personal data of these external referees for this purpose. You hereby confirm that you have their consent to do this.

As part of your membership for offering swapping and hosting, we will provide limited personal (email address, home address, phone number, name) data to a third party provider who will carry out screening checks of our members (name verification, mobile verification and/or email verification; and use their database search). The third party will then provide us with that information.

As part of your Membership you can i) leave a review or give feedback on another Member; or ii) you can receive a review or feedback from another Member. This will involve the processing of your personal data. We would encourage you not to include any personal information when writing a review or giving feedback.

We do not actively process any Special Categories of Personal Data about you (this includes for example; details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

‍

WHAT HAPPENS IF YOU DON’T PROVIDE US WITH YOUR PERSONAL DATA

If you fail to provide personal data when required, we may not be able to i) perform the contract we have (or are trying to enter into) with you; and/or ii) otherwise communicate with you; and/or iii) provide you with our Services.

‍

HOW WE PROCESS YOUR PERSONAL DATA

We have set out below, in a table format, a description of all the ways we process your personal data, and the legal bases we rely on to do so. Please email privacy@keybento.com if you need details about the specific legal basis we are relying on to process your personal data.

‍

GDPR and the laws in some other jurisdictions require companies to tell you about the legal bases that they rely on to use or disclose your personal data. To the extent that those laws apply, we rely on the following legal grounds to process your personal data:

• Performance of a contract: In most cases, we collect and use your personal data and other information to meet our obligations under a contract to which you are a party or pursuant to which we are providing services to you or your child. For example, when you apply to become a member and look for a swap or you use the other KeyBento Services, we will use your personal data to respond to your requests and to provide you with these services.
• Legitimate interests: We may use your personal data information for our legitimate interests on the grounds that it furthers our legitimate interests in commercial activities (but only to the extent that such interests are overridden by the interests or fundamental rights and freedoms of the affected individuals) including:
  • To help create and maintain a trusted and safe environment on the Services
  • To assess the suitability of individuals to create an account with us to protect us against illegible accounts joining our platform
  • Providing the services pursuant to our contracts with our customers
  • Marketing
• Legal compliance: We may use and disclose personal data in certain ways to comply with our legal obligations under European or other applicable law.
• Consent: To the extent required by law, and in certain other cases, we handle personal data on the basis of implied or express consent.

‍

WHO WE SHARE YOUR PERSONAL DATA WITH

1. Service providers: we may share your personal information with third party vendors and other service providers that perform services for us or on our behalf, which may include providing mailing, payment processing, member verifications, banking, advertising, fraud prevention, web hosting, payment gateway or analytics services.
2. Other users. Certain information of your personal data may be shared with other users of the Platform as part of the normal operation of the Services (for example your uploaded profile picture, profile/listing will be accessible to all users).
3. Professional advisors: we may share your personal information with our lawyers, accountants, insurers and other professional advisors to the extent we need to (for example, to defend ourselves against legal claims).
4. Business partners: we may share your personal information (such as contact details) with our business partners where this is necessary in the normal course of our business.
5. Purchasers and third parties in connection with a business transaction: your personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing due diligence, change of control or acquisition of all or a portion of our business.
6. Law enforcement, regulators and other parties for legal reasons: we may share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect and investigate illegal activities and breaches of agreements; and/or (iii) exercise or protect the rights, property, or personal safety of KeyBento, its users or others.
7. Other members of the KeyBento group: we may share your personal information with our affiliates (for example, where they provide services on our behalf).

You can request further information by sending an email to privacy@keybento.com. For your information please see the list including but not limited to our third party suppliers that process your personal data.RIGHTS IN RELATION TO YOUR PERSONAL DATAYou have rights under data protection laws in relation to your personal data, in particular under the General Data Protection Regulation (GDPR) you have the following rights:

1. To request access to your personal data (commonly known as a “Subject Access Request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
2. To request confirmation as to whether or not your personal data is being processed.
3. To request the correction of your personal data that you consider to be inaccurate. This enables you to have any incomplete or inaccurate data we hold about you corrected. However, we may need to verify your identity and the accuracy of the new data you provide to us.
   
4. To request erasure of your personal data. This enables you to ask us to delete or remove personal data, for example: i) where there is no good reason for us continuing to process it; ii) where you have successfully exercised your right to object to processing (see below); iii) where we may have processed your information unlawfully; iv) where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons. These reasons will be notified to you at the time of your request.
5. To object to processing of your personal data. This enables you to object to the processing of your personal data if you feel it impacts on your fundamental rights and freedoms. For example, this can be where we are processing your personal data for direct marketing purposes. In some cases, we may have compelling legitimate grounds to process your information which can override your right to object.
6. To request restriction of processing your personal data. This gives you the option to ask us to suspend the processing of your personal data in the following scenarios: i) if you want us to establish the data’s accuracy; ii) where our use of the data is unlawful but you do not want us to erase it; iii) where you need us to hold the data, even if we no longer require it e.g. to establish or defend legal claims; or iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate ground to use it.
7. To request transfer of your personal data. If you request us to do so, we will provide to you, or a third party of your choice, your personal data in a commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use, or where we have used the information to perform a contract with you.
8. To withdraw consent to the processing of your data. If you request us to do so, we will no longer process your data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we will not be able to provide the Services for you. Also, we will advise you of this at the time you withdraw your consent.
9. To not have a decision made about you based solely on automated processing.

If you wish to exercise any of the rights set out above, in the first instance, please email us at privacy@keybento.com.

We will respond to you within 30 days of receipt of your request. Occasionally it may take us longer than 30 days if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please email us privacy@keybento.com in the first instance.

‍

MARKETING  BY US

We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if i) you have requested information from us; or ii) if you provided us with your details when you entered a competition; or iii) registered for a promotion; and, in each case, you have not opted out of receiving that marketing.

‍

THIRD PARTY MARKETING

We do not share your personal data with third parties.

‍

UNSUBSCRIBE FROM MARKETING

You can ask us to stop sending you electronic messages (e.g. emails) at any time by (i) clicking the unsubscribe links on any electronic message sent to you or (ii) contact us using the details in the Contact us section of the Website with your request to unsubscribe from our database.

Just to let you know, should you choose to unsubscribe, not only will you no longer receive any marketing emails. You will still receive other communications from us that are essential for us to provide you with our services, for example, password reset emails, emails notifying you of a message from another member, and any emails regarding your account i.e. your auto renewal notifications.

‍

DOES MY DATA GO OUTSIDE OF THE EEA

We will use third party service providers that are based outside the UK and European Economic Area (EEA) and this will involve the transfer of your personal data outside the UK and EEA. For instance, our third party service providers have operations in the US. As a result, the transferred data may not be processed and protected in the same way as set out in this Privacy Policy. You need to be aware that if your information is transferred to a country outside the UK and EEA, that country may not have adequate data protection laws or appropriate safeguards.

Many of our Members are based outside the UK and EEA. This means that if you communicate with another one of our Members, your personal data may be transferred outside the UK and EEA. As a result, the transferred data may not be processed and protected in the same way as set out in this Privacy Policy. You need to be aware that if your information is transferred to a country outside the UK and EEA, that country may not have adequate data protection laws or appropriate safeguards.

However, when we transfer your personal data out of the UK and EEA, we shall ensure that a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

• By transferring personal data to countries that have been deemed to provide an adequate level of protection for personal data by the ICO and European Commission, where appropriate.
• Where we use certain service providers, we may use specific contracts approved by the ICO and European Commission which give personal data the same protection it has in the UK and in Europe.

Please email us at privacy@keybento.com if you want further information on the specific mechanism used by us when transferring your personal data out of the UK and EEA.

‍

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered or disclosed, used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know it. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. However, the transmission of data via the internet is not completely secure and we cannot guarantee that unauthorised parties will not be able to defeat those measures.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

‍

DATA RETENTION

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected, including for the purposes of satisfying any legal, accounting, or internal reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for compliance, governance, legal and/or regulatory purposes in which case we may use this information indefinitely without further notice to you.

‍

SUBJECT ACCESS REQUEST

You will not have to pay a fee to access your personal data (or to exercise Your Legal Rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

‍

WHAT INFORMATION WE MAY NEED FROM YOU

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise Your Legal Rights). This is a security measure to ensure that your personal data is not disclosed to any person who does not have the right to receive it. We may also contact you to ask you for further information, in relation to your request, to speed up our response.

‍

CHILDREN

Our Platform and/or Services are not intended for children under 13. If you learn that a child under the age of 13 or a member under the age of 21 has provided us with personal information without valid consent, please email us privacy@keybento.com.