Privacy Notice

KrystalCode, VAT No. IT04018610792, acts as the data controller for all processing described in this Privacy Notice. You can reach us at [email protected] or via the contact form available on our contact page.

• Contact information such as name, email, company, and project details submitted via forms, Calendly bookings, or direct email.
• Usage data derived from cookies or similar technologies to understand performance and interaction patterns. We do not use tracking for behavioural advertising.
• Operational data shared during project delivery, including documentation and assets required to perform our services.

• Pre-contractual communication to respond to enquiries and scope potential engagements - based on our legitimate interest in operating the business and your request for information.
• Contract performance to deliver services, manage accounts, and provide support under agreements we conclude with you.
• Compliance with legal obligations, such as tax and accounting requirements.
• Security and service optimisation to maintain platform integrity and improve user experience, relying on legitimate interest with minimal impact on your privacy.

We retain personal data only for as long as necessary to fulfil the purposes outlined above. Inquiry records are kept for up to 24 months after last contact. Contractual and financial documentation is retained for the period required by applicable legislation (typically 10 years within the EU). When retention is no longer required, data is securely deleted or anonymised.

We share data with vetted service providers (for example, hosting providers, communication platforms, analytics, and payment processors) strictly on a need-to-know basis under data protection agreements. Where transfers occur outside the European Economic Area, appropriate safeguards such as Standard Contractual Clauses are in place. We never sell personal data.

• Access to the personal data we hold about you.
• Rectification of inaccurate or incomplete data.
• Erasure when processing is no longer necessary or lawful.
• Restriction or objection to processing based on our legitimate interests.
• Portability of data you provided to us in a structured, machine-readable format.
• Withdrawal of consent for optional processing activities, without affecting previous lawful processing.

To exercise any right or raise a concern, contact us at [email protected]. You also have the right to lodge a complaint with your local supervisory authority. For residents in Italy, the competent authority is the Garante per la Protezione dei Dati Personali.

We implement administrative, technical, and organisational safeguards aligned with industry standards. Measures include encrypted transport (TLS), access controls based on roles, regular dependency reviews, and incident response procedures to minimise impact.

We may update this Privacy Notice to reflect legal, technical, or business developments. When changes are material, we will notify you through our website or by direct communication before the update becomes effective.