Thys
Start your order
Legal

Privacy Statement

Last updated: 4 July 2026

1. Who is responsible

This privacy statement explains how personal data is handled on kraas.io and on the brand ordering portals powered by KRaaS. The controller is:

Slotenonline
Nijverheidspark 5/1
3580 Beringen, Belgium
VAT BE 0830.757.488
hello@kraas.io

For any question or request about your data, mail hello@kraas.io.

2. What data we process

  • Order and contact details: your name, email address, delivery address, phone number and language preference.
  • Key data: the key or security-card number of your product and, where you upload one, a photo or scan of your security card.
  • Payment data: payments are handled by our payment provider Mollie. We receive the payment status and a payment reference, never your full card or bank details.
  • Business contact details, such as name, company and email address, when you contact us about a partnership or demo.
  • Technical data such as IP address and browser type in server logs, kept for security and troubleshooting.

3. Why we process it

  • To produce and ship your order, send the order confirmation and tracking updates, and provide support: performance of the contract.
  • To keep invoices and order records: our legal tax and accounting obligations.
  • To prevent fraud and misuse and keep the platform secure: our legitimate interest.

We do not use your data for marketing without your consent, and we make no automated decisions with legal effect.

4. Who receives your data

  • Mollie, our payment provider, to process your payment.
  • Shipping carriers, who receive your name and delivery address.
  • The brand whose product your key belongs to, which may receive order data (never your payment details) as part of the service run under its name.
  • Our hosting and email providers, which store data within the European Union.

All providers act under agreements that meet GDPR requirements. We never sell personal data. If data is ever processed outside the European Economic Area, we rely on appropriate safeguards such as the EU standard contractual clauses.

5. How we protect key data

A key number is sensitive information: combined with access to the matching lock it could be misused. We therefore store key and card data in a restricted environment, uploaded card images are private and only reachable through short-lived signed links, and access is limited to staff who need it for production and support.

6. How long we keep it

We keep order and invoice data as long as tax and accounting law requires. Uploaded card images are kept no longer than needed for production and after-sales support. Server logs are kept for a short period only.

7. Your rights

You can ask for access to, correction, deletion or restriction of your personal data, object to processing, and request data portability. Mail hello@kraas.io and we will respond within the legal deadline. You can also lodge a complaint with the Belgian Data Protection Authority (gegevensbeschermingsautoriteit.be) or with the supervisory authority of your own country.

8. Cookies

This website uses only functional cookies: your language preference, your login session and a security token for forms. These are strictly necessary and require no consent banner. We use no tracking, analytics or advertising cookies.

9. Changes to this statement

We may update this privacy statement, for example when the service changes. The date at the top shows when it was last revised.