This document is available in both English and Danish. You can find the Danish version below. The English version is the legally binding version.
Dette dokument er tilgængeligt på både engelsk og dansk, du kan finde den danske version nedenunder. Den engelske version er juridisk bindende.
Privacy Policy
Last updated: 27/10/2025
Applies to: Use of Keypitt™’s digital wardrobe services, the KeyPass profile at keypitt.io, and related websites (incl. www.keypitt.com).
1. Introduction
Keypitt ApS (“Keypitt™”, “we”, “our”, “us”) provides a digital wardrobe system that allows guests to create and use a reusable KeyPass profile across participating venues.
We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our services. It also describes your rights under the EU General Data Protection Regulation (GDPR) and the Danish Databeskyttelsesloven.
By using our service or creating a KeyPass, you consent to the processing of your data as described in this Policy and our Terms & Conditions.
2. Data Controller Information
Keypitt ApS
Borgmestervangen 9, 5.2,
2200 København N, Denmark
CVR: 44170906
Email: hello@keypitt.com
Website: www.keypitt.com
Keypitt™ is the data controller for all personal data collected and processed through our platform.
Venues and event organisers that use Keypitt™ act as authorised users under our control; they do not own or control guest data.
3. Personal Data We Collect
We collect and process the following categories of personal information to operate and improve the Keypitt™ digital wardrobe service.
Below you can find an overview of the types of data we handle, examples of what may be included, and the corresponding purpose and legal basis for processing under the GDPR.
| Type | Examples | Purpose / Basis |
|---|---|---|
| Mandatory identification data | Mobile phone number |
To create and operate your KeyPass (profile, digital tickets). Legal basis: Contractual necessity. |
| Profile data (optional) | Name, email, profile photo, saved payment card, age, gender |
To personalise your experience, enable lost-and-found, and improve service. Basis: Consent / Legitimate interest. |
| Transaction data | Purchase amounts, timestamps, invoice IDs, venue used |
To issue receipts, manage payments, and comply with bookkeeping rules. Basis: Contract / Legal obligation. |
| Saved payment card (optional) | Payment card information via tokenisation, purchase status |
To process payments directly via the KeyPass. Data is stored securely by our Sub-processor AltaPay A/S. Basis: Consent. |
| Usage data | Check-in / check-out events, device type, IP logs for security |
To ensure system security and prevent abuse. Basis: Legitimate interest. |
| Marketing preferences | Opt-in flags for SMS or push notifications |
To manage marketing permissions. Basis: Consent. |
4. Purpose of Data Processing
We process your personal data for the following purposes:
- Provide and manage the digital wardrobe service and KeyPass profile
- Authenticate users and ensure secure hand-in and retrieval of belongings.
- Send service messages (e.g. delivery of KeyPass link, wardrobe closing reminders, lost-and-found communication).
- Process payments and issue receipts.
- Maintain platform security, backups, and performance.
- Conduct anonymised analytics and product development.
- Send marketing messages — only if you have opted in (see section 10).
We never sell or rent personal data.
5. Legal Basis for Processing
We rely on the following lawful bases under GDPR Art. 6:
- Contractual necessity – to deliver the Keypitt™ digital wardrobe service you request.
- Legal obligation – to meet accounting and regulatory duties.
- Legitimate interest – to operate a secure, efficient platform.
- Consent – for optional features such as marketing.
6. Data Retention Policy
The user’s account data is retained for a maximum of three years after your last KeyPass activity. Transaction records may be stored longer if required by accounting or legal obligations; these are then anonymised or pseudonymised. You may request deletion or anonymisation of your profile at any time (see section 11).
7. Data Security
Keypitt™ uses industry-standard security measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. All data is encrypted in transit (TLS) and at rest (AES-256). Access is limited to authorised Keypitt™ personnel and trusted providers who require it to perform their duties and are bound by confidentiality.
8. Sharing and Disclosure of Personal Data
We do not sell, or rent your personal data to third parties. Although your data may be shared with: We may share or transfer personal data to trusted partners, service providers, or future integration partners where this is necessary to provide or improve the Keypitt™ service, to comply with legal obligations, or where you have given consent. If we make material changes to how or with whom we share personal data, we will provide advance notice through this Privacy Policy or directly to affected users. Your personal data may otherwise be shared only as follows:
- Venues and event staff – to facilitate wardrobe operations. If you’ve voluntarily added information, such as e.g. your name and/or photo to your profile, to ensure better guest experience and guaranteed retrieval of belongings. Then employees may be able to access this to ensure they can identify you e.g. upon smartphone loss.
- Service providers (“Sub-processors”) – who host, transmit, or process data on behalf of Keypitt™ under data-processing agreements.
- Legal or regulatory requests – where required by law, court order, or authority.
Sub-processors
| Name | Location | Description of Processing |
|---|---|---|
| Supabase Inc | Frankfurt, Germany | Cloud database and hosting services for user data (storage, management, and backups). |
| First Marine Insurance | Copenhagen, Denmark | Processes limited guest data in case of a claim for lost or damaged items that insurance was purchased for. |
| AltaPay A/S | Copenhagen, Denmark | Payment gateway for card transactions and tokenisation (no full card details visible to Keypitt™). |
| ComplyPay (ZTLment ApS) | Copenhagen, Denmark | Settlement and merchant-of-record services for Keypitt™ payments. |
| GatewayAPI ApS | Aalborg, Denmark | SMS delivery of KeyPass links, check-in codes, and reminders. |
| Vercel Inc | Frankfurt, Germany | Hosting of frontend and backend applications (anonymised request metadata only). |
| Apple Inc | California, USA | Distribution of mobile KeyPass via Apple Wallet on iPhones. Transfers based on EU Standard Contractual Clauses (SCCs). |
| Google LLC | California, USA | Distribution of mobile KeyPass via Google Wallet on Android devices. Transfers based on EU Standard Contractual Clauses (SCCs). |
All transfers outside the EEA use adequate safeguards such as the European Commission’s Standard Contractual Clauses.
9. Payments
When you make a payment through Keypitt™, your payment information is processed securely and in compliance with applicable data protection and payment security standards.
Keypitt™ only receives the information necessary to confirm and record your transaction. For details on how payments are handled, please refer to our Terms & Conditions.
10. Communication & Marketing
Service Messages: We send necessary service messages (e.g. ticket delivery, lost-item assistance, or operational updates) as part of the contractual service. These do not require consent.
Marketing Messages: We send marketing communications (SMS or push notifications) only if you have explicitly opted in via your KeyPass profile.
Messages are sent through Keypitt™’s system and may display either Keypitt™ or the venue as sender. Regardless of the sender shown, Keypitt™ remains responsible for managing consent and unsubscribe requests.
You can withdraw your consent at any time through your KeyPass profile or by following the unsubscribe link in any marketing message.
11. Your Rights Under GDPR
Under GDPR, you have the right to:
- Access a copy of your personal data.
- Correct inaccurate or incomplete information.
- Request deletion (“right to be forgotten”).
- Restrict or object to processing.
- Receive data in a portable format.
- Withdraw consent at any time without affecting prior lawful processing.
Requests can be made via hello@keypitt.com. Keypitt™ may retain limited transaction records as required by accounting and regulatory obligations.
12. Data Transfers
Personal data that we collect from you may be stored, processed, and transferred between any of the countries in which we operate to enable us to use the information in accordance with this policy. If data is transferred outside the EEA, such transfer will rely on the European Commission’s Standard Contractual Clauses (SCCs) or other approved safeguards ensuring equivalent protection.
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices or legal requirements. The latest version will always be available at keypitt.com, and the date of the most recent update will appear at the top of the page.
Continued use of the service after any update constitutes acceptance of the revised Policy.
14. Contact and Complaints
If you have questions or comments about this policy or our data practices, or if you need to access or correct your information, please contact us.
Email: hello@keypitt.com
You have the right to lodge a complaint with the Danish Data Protection Agency if you believe that your data has been handled incorrectly. Keypitt™ respects your privacy and is committed to protecting your personal data.
15. Language Version
This Policy is available in English and Danish. In the event of discrepancy, the English version shall prevail as the Danish version is only a translation that is offered to ease transparency.
Privatlivspolitik
Gælder for: brugen af Keypitt™’s digitale garderobetjenester, KeyPass-profilen på keypitt.io samt tilknyttede hjemmesider (inkl. www.keypitt.com).
1. Introduktion
Keypitt ApS (“Keypitt™”, “vi”, “os”, “vores”) leverer et digitalt garderobesystem, som gør det muligt for gæster at oprette og bruge en genanvendelig KeyPass-profil på tværs af samarbejdende venues.
Vi tager beskyttelsen af dine personoplysninger alvorligt.
Denne privatlivspolitik beskriver, hvordan vi indsamler, bruger, deler og beskytter dine oplysninger, når du anvender vores tjenester. Den forklarer også dine rettigheder efter EU’s databeskyttelsesforordning (GDPR) og den danske databeskyttelseslov.
Ved at bruge vores tjenester eller oprette en KeyPass accepterer du den behandling af personoplysninger, der er beskrevet her og i vores handelsbetingelser.
2. Dataansvarlig
Keypitt ApS
Borgmestervangen 9, 5.2,
2200 København N, Denmark
CVR: 44170906
Email: hello@keypitt.com
Website: www.keypitt.com
Keypitt™ er dataansvarlig for alle personoplysninger, som indsamles og behandles via vores platform.
Venues og arrangører, der bruger Keypitt™, fungerer som autoriserede brugere under vores kontrol – de ejer eller styrer ikke gæsternes data.
3. Hvilke personoplysninger vi indsamler
We collect and process the following categories of personal information to operate and improve the Keypitt™ digital wardrobe service.
Below you can find an overview of the types of data we handle, examples of what may be included, and the corresponding purpose and legal basis for processing under the GDPR.
| Type | Eksempler | Formål / Retsgrundlag |
|---|---|---|
| Obligatoriske identifikationsdata | Mobilnummer |
For at oprette og drive din KeyPass (profil, digitale billetter). Retsgrundlag: Kontrakt. |
| Profildata (valgfrit) | Navn, e-mail, profilbillede, gemt betalingskort, alder, køn |
For at tilpasse oplevelsen, aktivere mistet-og-fundet-funktionen og forbedre servicen. Retsgrundlag: Samtykke / Legitim interesse. |
| Transaktionsdata | Købsbeløb, tidsstempler, faktura-ID, venue |
For at udstede kvitteringer, håndtere betalinger og overholde bogføringsregler. Retsgrundlag: Kontrakt / Retlig forpligtelse. |
| Gemt betalingskort (valgfrit) | Tokeniserede kortoplysninger, købsstatus |
For at gennemføre betalinger direkte via KeyPass. Data lagres sikkert hos vores underdatabehandler AltaPay A/S. Retsgrundlag: Samtykke. |
| Brugsdata | Check-in/out-hændelser, enhedstype, IP-logs |
For at sikre systemets sikkerhed og forhindre misbrug. Retsgrundlag: Legitim interesse. |
| Markedsføringspræferencer | Tilmeldingsvalg til SMS eller push-beskeder |
For at administrere markedsføringssamtykker. Retsgrundlag: Samtykke. |
4. Formål med behandlingen
Vi behandler dine personoplysninger for at kunne:
- levere og administrere den digitale garderobetjeneste og din KeyPass-profil
- bekræfte brugere og sikre korrekt håndtering af ejendele
- sende servicemeddelelser (fx KeyPass-link, påmindelser eller beskeder om mistet og fundet)
- gennemføre betalinger og udstede kvitteringer
- sikre drift, sikkerhed, backup og ydeevne
- udføre anonymiseret statistik og produktforbedring
- sende markedsføringsbeskeder – kun hvis du aktivt har givet samtykke (se afsnit 10)
Vi hverken sælger eller udlejer nogensinde personoplysninger.
5. Retsgrundlag
Behandlingen sker på følgende grundlag i henhold til GDPR artikel 6:
- Kontraktopfyldelse – for at levere den tjeneste, du har anmodet om.
- Retlig forpligtelse – for at opfylde bogførings- og lovkrav.
- Legitim interesse – for at drive en sikker, effektiv platform.
- Samtykke – for valgfrie funktioner som markedsføring eller gemt betalingskort.
6. Opbevaringsperiode
Vi opbevarer din konto og profiloplysninger i op til tre år efter din seneste aktivitet.
Transaktionsdata kan gemmes længere, hvis det kræves af lovgivningen, hvorefter de anonymiseres eller pseudonymiseres.
Du kan til enhver tid bede os slette eller anonymisere din profil (se afsnit 11).
7. Datasikkerhed
Vi beskytter dine data med anerkendte sikkerhedsstandarder.
Al data krypteres under overførsel (TLS) og ved lagring (AES-256).
Kun autoriserede medarbejdere og betroede leverandører har adgang, og alle er underlagt fortrolighed.
8. Videregivelse af oplysninger
Vi sælger ikke dine oplysninger. Vi deler kun personoplysninger med betroede partnere, når det er nødvendigt for at levere eller forbedre tjenesten, overholde lovgivning eller hvor du har givet samtykke. Hvis vi ændrer måden, vi deler data på, informerer vi dig her i politikken eller direkte.
Oplysninger kan deles med:
- Venues og personale – for at gennemføre garderobeprocessen. Hvis du fx har tilføjet navn eller foto, kan personalet bruge det til at bekræfte din identitet ved udlevering.
- Underdatabehandlere – der hoster eller behandler data på vores vegne i henhold til databehandleraftaler.
- Myndigheder – hvis det kræves ved lov eller retskendelse.
Sub-processors
| Navn | Lokation | Beskrivelse af behandling |
|---|---|---|
| Supabase Inc | Frankfurt, Tyskland | Cloud-database og hostingtjenester til brugerdata (lagring, styring og backup). |
| First Marine Insurance | København, Danmark | Behandler begrænsede oplysninger i forbindelse med forsikringskrav ved mistede eller beskadigede ejendele, hvor forsikring er tilkøbt. |
| AltaPay A/S | København, Danmark | Betalingsgateway til korttransaktioner og tokenisering (ingen fulde kortoplysninger synlige for Keypitt™). |
| ComplyPay (ZTLment ApS) | København, Danmark | Afregnings- og merchant-of-record-tjenester til Keypitt™-betalinger. |
| GatewayAPI ApS | Aalborg, Danmark | Udsender SMS’er med KeyPass-links, check-in-koder og påmindelser. |
| Vercel Inc | Frankfurt, Tyskland | Hosting af frontend- og backendapplikationer (kun anonymiserede metadata behandles). |
| Apple Inc | Californien, USA | Distribution af mobile KeyPass via Apple Wallet på iPhones. Overførsler baseres på EU’s standardkontraktbestemmelser (SCC’er). |
| Google LLC | Californien, USA | Distribution af mobile KeyPass via Google Wallet på Android-enheder. Overførsler baseres på EU’s standardkontraktbestemmelser (SCC’er). |
Alle overførsler uden for EØS sker med gyldige garantier som EU’s standardkontraktbestemmelser.
9. Betalinger
Når du foretager betaling gennem Keypitt™, behandles dine betalingsoplysninger sikkert og i overensstemmelse med gældende databeskyttelses- og betalingsregler. Keypitt™ modtager kun de oplysninger, der er nødvendige for at bekræfte og registrere din betaling.
Du kan læse mere i vores handelsbetingelser.
10. Kommunikation og markedsføring
Servicemeddelelser: Vi sender nødvendige beskeder som en del af tjenesten (fx KeyPass-link eller påmindelser). Disse kræver ikke samtykke.
Markedsføring: Vi sender kun markedsføringsbeskeder (SMS eller push) hvis du aktivt har givet samtykke via din KeyPass-profil.
Beskeder sendes via Keypitt™’s system og kan vise enten Keypitt™ eller det pågældende venue som afsender. Keypitt™ er altid ansvarlig for håndtering af samtykker og afmeldinger.
Du kan til enhver tid trække dit samtykke tilbage via din profil eller via afmeldingslinket i beskeden.
11. Dine rettigheder
Ifølge GDPR har du ret til at:
- få indsigt i de oplysninger, vi behandler om dig
- få rettet urigtige eller ufuldstændige oplysninger
- få slettet dine data (“retten til at blive glemt”)
- gøre indsigelse mod eller begrænse behandling
- modtage dine data i et overførbart format
- trække samtykke tilbage uden at det påvirker tidligere lovlig behandling
Henvendelser kan sendes til hello@keypitt.com. Vi kan dog være forpligtet til at opbevare visse transaktionsdata af hensyn til lovgivningen.
12. Overførsel af data
Personoplysninger kan opbevares og behandles i de lande, hvor vi eller vores leverandører opererer.
Ved overførsel uden for EØS sikrer vi beskyttelse gennem EU’s standardkontraktbestemmelser (SCC) eller tilsvarende godkendte garantier.
13. Ændringer i privatlivspolitikken
Vi kan opdatere denne politik fra tid til anden for at afspejle ændringer i praksis eller lovgivning.
Den nyeste version vil altid være tilgængelig på keypitt.com, og datoen for seneste opdatering fremgår øverst.
Ved fortsat brug af tjenesten efter en opdatering accepterer du den reviderede version.
14. Kontakt og klager
Hvis du har spørgsmål til denne politik eller ønsker at udøve dine rettigheder, kan du kontakte os:
E-mail: hello@keypitt.com
Du har også ret til at indgive klage til Datatilsynet, hvis du mener, dine oplysninger behandles i strid med reglerne.
Keypitt™ respekterer dit privatliv og beskytter dine personoplysninger.
15. Sprogversion
Denne politik findes på dansk og engelsk.
Ved uoverensstemmelser er den engelske version gældende, da den danske kun udgør en oversættelse for at øge gennemsigtigheden.
