Privacy Policy
Last updated: March 2026
1. Introduction
KeeperGo ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, share, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Dutch Implementation Act (Uitvoeringswet AVG).
2. Data Controller
The data controller for your personal data is:
KeeperGo
The Netherlands
Email: [email protected]
Website: https://keepergo.nl
3. Personal Data We Collect
We collect and process the following categories of personal data:
- Identity data: Full name, email address, account credentials
- Profile data: Profile photo, city/location, playing experience, availability (for goalkeepers)
- Financial data: Payment information processed securely through Stripe; Stripe Connect account details for goalkeepers
- Transaction data: Booking history, payment amounts, invoices, platform fees
- Rating data: Reviews, ratings, and feedback from match participants
- Technical data: IP address, browser type and version, device information, operating system
- Usage data: Pages visited, features used, timestamps, referral sources
- Communication data: Notifications sent and received, support correspondence
4. Purposes and Legal Basis for Processing
| Purpose | Legal Basis (Art. 6 GDPR) |
|---|---|
| Provide platform services (matching, booking) | Performance of contract |
| Process payments and transfers | Performance of contract |
| Send booking notifications and reminders | Performance of contract |
| Analytics and service improvement | Legitimate interest |
| Fraud prevention and platform security | Legitimate interest |
| Marketing communications | Consent |
| Tax reporting (DAC7 obligations) | Legal obligation |
| Respond to legal requests | Legal obligation |
5. DAC7 Tax Reporting
Under EU Directive 2021/514 (DAC7), KeeperGo is obligated to collect and report certain information about goalkeepers (sellers) who earn income through the platform to the Dutch Tax Authority (Belastingdienst). This includes your name, address, tax identification number (BSN), date of birth, bank account details, and total income earned via the platform. This reporting is mandatory and cannot be opted out of. The data is shared exclusively with the Belastingdienst in accordance with Dutch tax law.
6. Data Sharing
We share your personal data with the following categories of recipients:
- Other platform users: Your name and ratings are visible to other users for booking purposes
- Stripe (Payment Processor): Payment data is processed by Stripe Payments Europe, Ltd., which is PCI DSS Level 1 certified
- Hosting providers: Cloud infrastructure for platform operation
- Analytics providers: Google Analytics (with IP anonymisation enabled) for service improvement
- Tax authorities: The Dutch Belastingdienst under DAC7 obligations
- Law enforcement: When required by Dutch or EU law, court order, or regulatory request
We have entered into Data Processing Agreements (Verwerkersovereenkomsten) with all processors in accordance with Article 28 GDPR.
7. International Data Transfers
Some of our service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure adequate safeguards are in place, including EU Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on an adequacy decision. Stripe processes payment data under the EU-US Data Privacy Framework.
8. Data Retention
- Account data: Retained for the duration of your active account, plus 30 days after deletion request
- Transaction and payment data: Retained for 7 years after the transaction, as required by Dutch tax law (Algemene wet inzake rijksbelastingen)
- DAC7 reporting data: Retained for 5 years after reporting
- Analytics data: Aggregated and anonymised after 26 months
- Communication records: Retained for 2 years after the last interaction
9. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): Obtain confirmation of whether we process your data and request a copy
- Right to rectification (Art. 16): Correct inaccurate or incomplete personal data
- Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten"), subject to legal retention obligations
- Right to restriction (Art. 18): Restrict the processing of your data in certain circumstances
- Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format
- Right to object (Art. 21): Object to processing based on legitimate interest, including profiling
- Right to withdraw consent (Art. 7): Withdraw consent at any time, without affecting the lawfulness of prior processing
- Right not to be subject to automated decision-making (Art. 22): We do not make solely automated decisions with legal effects
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (one calendar month) as required by the GDPR.
10. Cookies and Tracking
We use cookies and similar technologies on our platform. For full details, see our Cookie Policy.
You can manage your cookie preferences at any time through the cookie settings on our platform or through your browser settings.
11. Security Measures
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS/SSL) and at rest
- Secure password hashing (bcrypt)
- Role-based access controls
- Regular security reviews
- PCI DSS compliant payment processing via Stripe
12. Children's Privacy
KeeperGo is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or through a notice on the platform. The "Last updated" date at the top indicates when the policy was last revised.
14. Contact and Complaints
For questions about this Privacy Policy, to exercise your data rights, or for any privacy-related concerns, contact us at:
Email: [email protected]
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens (AP)
Bezuidenhoutseweg 30, 2594 AV Den Haag
Website: autoriteitpersoonsgegevens.nl
Phone: +31 (0)70 888 8500