Privacy statement

This privacy statement explains what personal data Kard collects when you use the service at kard.be, why we collect it, and the rights you have. Kard is operated by the company identified at the foot of this page, which acts as the controller of your personal data.

Who we are

Kard is a digital business card service: every user has a public profile that shows their photo, contact details and links. The service is operated by the company named below, which is responsible for how your personal data is handled and is your point of contact for any privacy question.

What we collect

We keep the data needed to run your account and your card, and nothing we do not need:

• Account data from Microsoft sign-in — your name, email address and the identifiers Microsoft returns. Kard signs you in only through Microsoft 365; we never see or store a password.
• Card content you enter — job title, company, phone numbers, address, website and social links, biography and any photo or logo you upload. This information is published on your public card by design.
• Usage and analytics data — aggregate counts of how often your card is viewed and which links are tapped, so you and your team can see how the card performs.
• Technical data — your IP address and basic request information, used to keep sessions working, remember your language and protect the service against abuse.

How we use your data

We use your data to provide and operate the service:

• to create and render your public card, vCard download and wallet passes;
• to authenticate you through Microsoft and keep you signed in;
• to show you and your team administrators card insights;
• to manage trials, subscriptions and, where applicable, billing;
• to keep the service secure, prevent abuse and meet our legal obligations.

Legal bases

We rely on the performance of our contract with you to run your account and card, on our legitimate interest in keeping the service secure and improving it, on your consent where you choose to publish optional information, and on legal obligations where the law requires us to keep certain records.

Your card is public

A Kard profile is public by design. Anything you add to your card can be seen by anyone who has the link, can be indexed by search engines and may be saved by people who view it. Only publish details you are comfortable sharing publicly.

Sharing and processors

We do not sell your personal data. We share it only with the providers needed to run Kard, and only to the extent necessary:

• Microsoft, for single sign-on authentication;
• our hosting and infrastructure providers, who store the data on our behalf within the European Union;
• Apple and Google, when you choose to add your card to a wallet, to issue the wallet pass;
• our payment provider, when you take out a paid subscription, to process the payment.

These providers act as our processors under written agreements, or as independent controllers for the part of the service they provide.

Where your data is stored

Kard is built and hosted in the European Union. Where a provider processes data outside the EU, we rely on appropriate safeguards such as the European Commission’s standard contractual clauses.

How long we keep it

We keep your account and card data for as long as your account exists. When you delete your account, your public card and the personal data associated with it are removed, except where we must retain limited records to meet a legal obligation.

Your rights

Under the GDPR you have the right to access your data, to have it corrected or erased, to restrict or object to its processing, and to receive it in a portable format. You can export or delete your data yourself at any time from your account page; for anything else, contact us using the details below.

Complaints

If you believe we have not handled your data properly, you may lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données, www.dataprotectionauthority.be) or with the supervisory authority in your country.

Cookies

Kard uses only the cookies it needs to function: a session cookie to keep you signed in and a cookie that remembers your language choice. We do not use advertising or third-party tracking cookies, and our card analytics are first-party and aggregate.

Changes to this statement

We may update this statement as the service evolves. When we make a material change we will update the date shown above, and significant changes will be communicated through the service.

Contact

For any question about this statement or your personal data, contact the company identified below.