Privacy Notice

This document is about your rights and all you need to know regarding our privacy practices.

This document tells you:

  • Our legal identity and contact information
  • What information we collect about you
  • When we collect those information
  • How we collect those information
  • What we do with the collected information
  • The legality of that processing
  • How long we are keeping what we collected
  • If and when we share what we collected
  • What you can do if you feel we are not handling your data properly

This document is tailored for the EU General Data Protection Regulation (GDPR).

You have rights as an individual. NEVER be afraid to use them, they exist to protect you.

We will tell you which rights you have, but you should always educate yourself and double check what strangers tell you. To find out about your rights under GDPR from an independent source, visit the website of your Data Protection Authority.

To be able to use your rights, you need to have the following information:

Who we are

This is us:

  • Legal name: Kamax
  • Legal for: Société à Responsabilité Limitée (Business organization with limited responsabilities)
  • Also known as: Kamax S.à r.l, Kamax SARL, Kamax.io, kamax-io
  • R.C.S. Number: B198779

Our head office address is:

  • Route d’Arlon, 14
  • 8410 Steinfort
  • Luxembourg

Who is responsible for your data

Kamax is the Data Controller and Processor.

How to contact us

For all your privacy needs, you can use our dedicated Email address: legalmaster@kamax.io.

You have the right to contact us by any means you see fit that we give on this website, regardless of what we prefer you to use. We take every request seriously. You do not have to sound smart when talking to us, we will treat you as the most important person in the room regardless.

Data requests

For any request involving personal data, we must be able to identify you. In your request, please include the Identity/Address/ID/Name that identify you. We will contact you using that Identity, confirm that the request did come from the individual controlling the identifier, and proceed with the request.

We cannot act on those requests if we cannot identify you. We must be sure that you are indeed the individual to which the data belongs to. If you no longer have access to the identifier you want to use, let us know and we will do our best to try to identify you another way, if we can.

About your data

Our mindset

Privacy is a founding value of our organisation, and we want to ensure individuals are safe, protected, and that their rights are respected. Your privacy is our business model.

Laws are different in each country, and you might not be able to use GDPR rights as they do not apply to you, but still want to contact us or use our services. We will explain our mindset and our practices so you can make an informed choice.

Your personal data is YOURS, not ours. We consider that you lend us your data in exchange for a service, not that you hand it over. You have the right to access your data and rights to tell us how to use it, or to delete it. Whatever your request, we will consider it. We are more than happy to follow our obligations towards what we believe should be a fundamental human right. Your Data. Your rules. Always.

Anyone is welcome to send us an information or data request. You do not have to be European for us to care, and we do not need the law to care. Whoever you are, whatever you are, we will handle your request just the same. We are happy to help you be in charge of your data.

Because we are not interested in your personal data, we will only deal with the absolutely minimum that we need. If we no longer need some data, we will delete it. If we can use an alternative that is better suited to protect your privacy, we will do so proactively.

We are also not interested into gathering data about you, directly or indirectly. The less data we have the better. We will not try to get data about you from other systems or services, unless that is how the service works. If we do, we will delete it as soon as we are done using it.

We will only process data we know was gathered in a lawful way. If we ever come across your personal data anywhere and have reason to believe it was obtained unlawfully, we will do all we can to contact you and tell you about it. We will do so even if we do not have a business reason to. We are not bystanders. We actively engage in actions to protect your privacy and ensure your rights are respected.

We never share your personal data unless we are legally forced to. Ever. We never sell your data. Ever. Your personal data is highly valuable. Be sure nobody collects more than they strictly need to do.

In the event that this organisation or any of its assets changes owner(s), we will delete any (potential) personal data we have before doing the ownership transfer. Your data is not our business model.

On any of our websites

We do not collect anything. No tracking cookie, no tracking JavaScript, no contact form, no call to external domains. Nothing.

We do not need to know anything about you to show you our website. Who you are is irrelevant for this content. Equally, we do not need to know who you are to deliver it. We deliver the same service to everyone, in an equal manner.

If a part of our website has a configurable feature that is to be saved across requests, we will save it to the local storage of your browser. Those settings never contain more data than that setting name and the value you chose. We do not process that setting on our servers: it is never given to us.

If parts of our websites have different needs, they will have their own privacy notice. We will make it visually and technically clear that you are in another part of the website: a different layout, or different sub-domain, another colour theme, or anything else which is relevant. We may also combine any number of those.

In case hosting with another entity is needed for a specific kind of resource, per example for downloadable files, we will not use the same base domain as the content you are viewing at that time. We will give an explicit indication that it is the case in the wording surrounding the link, per example “You can find this file on Gitlab”. We want to clearly indicate that the request will be made on another server, which could be invisible to you.

We want to always give you explicit signs and messages of what is happening, and that your personal data may be used. We do not assume we know what you want, or know what you expect.

On any server of those websites

For each request made, we keep a record of the following information:

The IP address is about your internet connection, and the HTTP header is about your browser. While they do not directly identify you, they can be put together with other data to that end. Be aware that some organisations use them to track you or identify you.

As per Article 11(2), we inform you that this data is not personal data to us: we cannot identify individuals with it, and we do not collect any other non-personal data that could allow us to identify individuals if used together.

Even if it is not personal data, we want to be transparent and inform you how we use this data.
We collect it for two purposes:

  • To keep ourselves and our users safe: we need to be able to detect patterns of malicious activity, and block the source of it. We generate statistics, trends and visualisation of that traffic to that end. For this, we use the IP address and HTTP Header.
  • To keep ourselves reachable and visible: we need to know which browsers are used to visit our website and check that it is displayed properly in them. For this, we use the HTTP Header.

Via our contact services

We provide contact services, like Email, that you can use to interact with us. These services are only accessible by using another service provider, or by connecting directly to them yourself. These services accept any kind of data, which you made the explicit choice to send for whatever intent you had.

The lawful basis for that processing is: Legitimate Interest.
You made the explicit choice:

  • To send us the data.
  • Of the format you sent it in.
  • To have it processed, being the purpose for sending it.

We do not have fixed retention periods for those services: we do not know in advance what will be sent to us and for how long we would need to keep it. In regards of your rights, you should consider we never delete this data.

If you include personal data of other individuals (us included) in your communication, this privacy notice will equally apply towards them, as they have the same rights as you do. It is very likely that you will not be able to use some of your rights then: it could prevent those other individuals to use their own rights to access and control that personal data.

If you request access to your data, we will simply give back to you what you sent, in the format you chose to send it in which you deemed appropriate at the time. We will also provide any metadata associated with it in a common, machine-readable format, usually CSV or JSON.

Any other service

Our servers provide other kind of services which are not publicly listed, and are not for public use.

Only authenticated and authorised individuals can use them, and have received a separate privacy notice for those.

How to voice your concerns

If you are not happy with something we have done regarding your personal data, please tell us.

Do not be afraid to voice your concerns, and feel free to use your day-to-day way of speaking. Regardless of how we feel about it, we must treat you with fairness and transparency. This is fundamental to the law and our obligations towards you.

If you feel we have not done right by you, even after telling us, you have the right to contact your Data Protection Authority based on your place of residence or work. You can find yours using the official list found on the European Commission website.

You can also contact our Data Protection Authority directly. You will find their contact information on their website: Commission nationale pour la protection des données (CNPD).

Use our privacy notice as a template

If you like how we have worded this document and would like to re-use it for your own services / websites, you can find the Markdown source of it in our Gitlab repository.

The source file is licensed under Creative Commons CC0 1.0 Universal, equivalent to the public domain: you can do whatever you want with it, you never have to ask us and you can re-share it however way you want.

Spread the notice! Make sure individuals know their rights!