GDPR Compliance Statement

Effective Date: May 02, 2026

At Key2M.com, operated by 4 Twice Trades Limited, we are fully committed to safeguarding your privacy and ensuring that your personal data is processed transparently, securely, and in accordance with the General Data Protection Regulation (GDPR), the UK GDPR, and other relevant data protection laws.

1. What is the GDPR and Who Does It Apply To?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to all organizations processing personal data of individuals located in the European Union (EU) and European Economic Area (EEA) countries. The GDPR also applies extraterritorially to organizations outside the EU/EEA if they offer goods or services to, or monitor the behavior of, individuals in these regions256.

EU/EEA GDPR Countries:
Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden2.

UK GDPR:
Following Brexit, the United Kingdom has its own version of the GDPR, known as the UK GDPR, enforced by the Information Commissioner’s Office (ICO). The UK GDPR closely mirrors the EU GDPR and applies to organizations processing personal data of UK residents, regardless of where the organization is located35.

Other Countries:
Several other countries have adopted GDPR-like data privacy laws, including Brazil (LGPD), South Africa (POPIA), New Zealand, Israel, Japan, and more. If you access Key2M.com from these regions, we strive to uphold the highest standards of data protection24.

2. Our Commitment to Data Protection

Key2M.com is dedicated to the following GDPR principles16:

• Lawfulness, Fairness, and Transparency: We process your data legally and transparently, and we clearly inform you about how your data is used.
• Purpose Limitation: We only use your data for specific, legitimate purposes.
• Data Minimization: We collect only the data necessary for those purposes.
• Accuracy: We keep your data accurate and up to date.
• Storage Limitation: We do not retain your data longer than necessary.
• Integrity and Confidentiality: We implement strong security measures to prevent unauthorized access, loss, or breaches.
• Accountability: We can demonstrate our compliance with GDPR and maintain records of our data processing activities.

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

• Identity Data: Name, email address, postal address, phone number
• Account Data: Username, password, account preferences
• Transaction Data: Order history, payment information (processed securely by third-party providers; we do not store full card details)
• Communication Data: Customer support interactions, reviews, and survey responses
• Technical Data: IP address, browser type, device information, operating system, usage data, cookies

We only collect data necessary for order fulfillment, customer support, legal compliance, and service improvement.

4. Lawful Bases for Processing

We process your personal data under the following lawful bases (as required by GDPR)16:

• Consent: When you give us explicit permission (e.g., for marketing communications).
• Contractual Necessity: To fulfill our contract with you (e.g., processing and delivering your orders).
• Legal Obligation: To comply with laws and regulations (e.g., tax, anti-fraud).
• Legitimate Interests: For purposes such as improving our services, fraud prevention, and website security, provided these do not override your rights.

5. How We Use Your Data

Your personal data is used to:

• Process and fulfill your orders for digital and physical products
• Provide customer support and respond to inquiries
• Improve our website, products, and services
• Comply with legal obligations and prevent fraud
• Communicate with you regarding your orders, account, or, with your consent, for marketing

We do not sell or rent your data to third parties.

6. Data Sharing and International Transfers

We may share your data with:

• Payment processors, shipping/logistics partners, and service providers, solely for order fulfillment and business operations
• Legal authorities, if required by law or to protect our rights

If your data is transferred outside the EU/EEA or UK, we ensure appropriate safeguards (such as Standard Contractual Clauses) are in place to protect your data as required by GDPR23.

7. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy and to comply with legal obligations. When your data is no longer needed, it will be securely deleted or anonymized1.

8. Your Rights Under GDPR and UK GDPR

Depending on your location, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your data (“right to be forgotten”) in certain circumstances
• Restriction: Request restriction of processing in certain cases
• Objection: Object to processing based on legitimate interests or direct marketing
• Portability: Request transfer of your data to another provider
• Withdraw Consent: Withdraw your consent for marketing communications at any time

To exercise these rights, please contact us at contact@key2m.com.

9. Data Security

We use strong technical and organizational measures to protect your data, including:

• SSL encryption for all data transmitted online
• Secure server infrastructure and firewalls
• Access controls and staff training
• Regular security audits and reviews

10. Cookies and Tracking

We use cookies and similar technologies to enhance your experience and analyze website usage. You can manage your cookie preferences via your browser settings. For more information, see our Cookie Policy.

11. Supervisory Authorities

• EU/EEA Residents: You have the right to lodge a complaint with your national data protection authority.
• UK Residents: You may contact the Information Commissioner’s Office (ICO) at www.ico.org.uk.

12. Updates to This Statement

We may update this GDPR Statement periodically. Changes will be posted on this page with an updated effective date. Please review this statement regularly.