Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information in compliance with GDPR and other data protection laws.

Last updated: September 26, 2025

GDPR Compliance

Koda Company is fully compliant with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We are committed to protecting your privacy and ensuring transparent data handling practices.

Table of Contents

1. Data Controller Information

Koda Company acts as the data controller for personal information collected through our website and services.

Company Details

Company Name Koda Company
Website https://koda-tech.fr
Email contact@koda-tech.fr
Phone +33 7 53 91 07 67
Address France (EU)
Data Protection Officer: For data protection inquiries, please contact us at contact@koda-tech.fr

2. Information We Collect

Personal Information

We collect the following types of personal information:

Data Type Information Collected Collection Method
Account Information Name, email address, username, password Account registration, OAuth login
Profile Information Phone number, company name, address, bio Voluntary profile completion
Project Information Project details, business requirements, specifications Project creation form
Payment Information Billing address, payment method details Stripe payment processing
Communication Data Messages, support requests, feedback Contact forms, project communication
Technical Information IP address, browser type, device information Automatic collection via website

Automatically Collected Information

  • Log Data: IP address, browser type, pages visited, time stamps
  • Usage Analytics: How you interact with our website and services
  • Device Information: Operating system, screen resolution, device type
  • Performance Data: Page load times, error reports

3. How We Use Your Information

We use your personal information for the following purposes:

Service Provision

  • Creating and managing your account
  • Processing your project orders and payments
  • Delivering web development services
  • Providing customer support
  • Communicating about your projects

Business Operations

  • Improving our services and website functionality
  • Analyzing usage patterns and performance
  • Preventing fraud and ensuring security
  • Complying with legal obligations
  • Maintaining business records

Marketing and Communication

  • Sending service updates and notifications
  • Sharing relevant offers and promotions (with consent)
  • Gathering feedback on our services
  • Newsletter subscriptions (opt-in only)
Marketing Communications: We only send marketing communications to users who have explicitly opted in. You can unsubscribe at any time using the links provided in our emails.

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

Legal Basis Processing Activities Examples
Contract Performance Providing web development services Account creation, project delivery, payment processing
Legitimate Interest Business operations and improvements Analytics, security, fraud prevention, service optimization
Consent Optional features and marketing Newsletter subscriptions, marketing emails, cookies
Legal Obligation Compliance requirements Tax records, data breach notifications, law enforcement requests
Consent Withdrawal: Where we rely on your consent, you have the right to withdraw it at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

5. Information Sharing

Third-Party Service Providers

We share personal information with trusted third-party providers who help us operate our business:

Service Provider Purpose Data Shared Safeguards
Stripe Payment processing Payment and billing information PCI DSS compliant, GDPR compliant
Google/Facebook OAuth authentication Basic profile information OAuth 2.0 security standards
Email Services Transactional emails Email addresses, names Encrypted transmission, data processing agreements
Hosting Providers Website and data hosting All website data EU-based servers, GDPR compliance

Legal Disclosures

We may disclose personal information when required by law or to:

  • Comply with legal processes or government requests
  • Enforce our terms and conditions
  • Protect our rights, property, or safety
  • Investigate fraud or security issues
No Data Sales: We never sell, rent, or trade your personal information to third parties for marketing purposes.

6. Data Retention

We retain personal information only as long as necessary for the purposes outlined in this policy:

Data Type Retention Period Reason
Account Information Active account + 3 years after closure Service provision, legal obligations
Project Data Duration of project + 5 years Contract fulfillment, warranty support
Payment Records 7 years from transaction Tax and legal compliance
Communication Data 3 years from last interaction Customer support, dispute resolution
Marketing Data Until consent withdrawal Marketing communications (consent-based)
Analytics Data 26 months Service improvement, aggregated analysis
Data Deletion: When retention periods expire, we securely delete personal information unless longer retention is required by law. You can request earlier deletion subject to legal and contractual obligations.

7. Your Rights

Under GDPR and other data protection laws, you have the following rights regarding your personal information:

Right to Access

Request a copy of the personal information we hold about you, including details about how it's processed.

Right to Rectification

Request correction of inaccurate or incomplete personal information.

Right to Erasure

Request deletion of your personal information under certain circumstances.

Right to Restrict Processing

Request limitation of how we process your personal information.

Right to Data Portability

Receive your personal information in a structured, machine-readable format.

Right to Object

Object to processing of your personal information for specific purposes.

Right to Withdraw Consent

Withdraw consent for processing activities that rely on your consent.

Right to Lodge Complaint

File a complaint with your local data protection authority if you're unsatisfied with our response.

How to Exercise Your Rights

To exercise any of these rights, please:

  1. Contact us using the information provided at the end of this policy
  2. Clearly state which right(s) you wish to exercise
  3. Provide sufficient information to verify your identity
  4. Specify the information or processing activities concerned
Response Time: We will respond to your requests within 30 days (1 month) as required by GDPR. In complex cases, we may extend this by an additional 60 days with explanation.

8. Cookies and Tracking

What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and analyze website performance.

Types of Cookies We Use

Cookie Type Purpose Duration Consent Required
Essential Cookies Website functionality, security, authentication Session/1 year No (legitimate interest)
Performance Cookies Analytics, usage statistics, error tracking 26 months Yes
Functional Cookies User preferences, language settings 1 year Yes
Marketing Cookies Advertising, remarketing, social media Various Yes

Managing Cookies

You can control cookies through:

  • Browser Settings: Most browsers allow you to block or delete cookies
  • Cookie Consent Banner: Manage preferences when you first visit our site
  • Account Settings: Adjust tracking preferences in your user dashboard
Essential Cookies: Blocking essential cookies may affect website functionality and your ability to use our services.

9. Data Security

We implement comprehensive security measures to protect your personal information:

Technical Safeguards

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest
  • Access Controls: Role-based access with multi-factor authentication
  • Secure Hosting: EU-based servers with SOC 2 compliance
  • Regular Updates: Security patches and software updates
  • Monitoring: 24/7 security monitoring and intrusion detection

Organizational Measures

  • Privacy by Design: Data protection built into all systems
  • Staff Training: Regular privacy and security awareness training
  • Data Processing Agreements: Contracts with all third-party processors
  • Incident Response: Defined procedures for data breach response
  • Regular Audits: Periodic security and compliance assessments

Your Security Responsibilities

  • Use strong, unique passwords for your account
  • Keep your login credentials confidential
  • Log out of shared or public computers
  • Report any suspected security issues immediately
Data Breach Notification: In the unlikely event of a personal data breach, we will notify affected users within 72 hours and provide guidance on protective measures.

10. International Data Transfers

Your personal information may be transferred to and processed in countries outside the European Economic Area (EEA):

Transfer Safeguards

  • Adequacy Decisions: Transfers only to countries with adequate protection levels
  • Standard Contractual Clauses: EU-approved contracts with third-party processors
  • Certification Schemes: Providers with recognized privacy certifications
  • Due Diligence: Ongoing monitoring of third-party security practices

Current International Partners

Service Location Safeguard Data Transferred
Stripe USA Standard Contractual Clauses Payment information
Google Services USA Standard Contractual Clauses OAuth authentication data
Facebook USA Standard Contractual Clauses OAuth authentication data
Your Rights: You have the right to object to international transfers and request that your data be processed only within the EU, subject to service limitations.

11. Children's Privacy

Our services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children under 16.

Age Verification

  • Account registration requires confirmation of age 16 or older
  • We may request additional verification if we suspect underage use
  • Business services require users to be at least 18 years old

Parental Rights

If you believe we have collected information from a child under 16:

  • Contact us immediately using the information below
  • We will investigate and delete any inappropriate data
  • We will implement additional safeguards to prevent future occurrences
Educational Use: Schools or educational institutions may create accounts for students aged 13-16 with proper consent and supervision arrangements.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

Notification of Changes

  • Material Changes: 30 days advance notice via email and website banner
  • Minor Updates: Updated policy posted with new "Last Updated" date
  • Legal Changes: Immediate updates with notification as soon as practicable

Your Options

When we make material changes:

  • You can review the updated policy before it takes effect
  • You may object to changes or withdraw consent
  • You can delete your account if you disagree with updates
  • Continued use constitutes acceptance of changes
Version History: Previous versions of this policy are available upon request for your reference and comparison.

13. Contact Information

If you have questions about this Privacy Policy, want to exercise your rights, or need to report a privacy concern, please contact us:

Privacy Contact Information

We're committed to addressing your privacy concerns promptly and thoroughly.

contact@koda-tech.fr +33 7 53 91 07 67

Response Time: We aim to respond to all privacy inquiries within 48 hours and complete data requests within 30 days.

Data Protection Authority

If you're not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority or the French data protection authority (CNIL):