At FoxKey we only process the personal data strictly required to deliver the service. We do not sell data and we do not use tracking cookies. This statement explains what we record, why and for how long.
1. Data controller
The data controller for information collected via this website is:
ARVID.NL
Koningin Maximalaan 44
1787 DA Julianadorp, Nederland
- KVK: 60299703
- BTW: NL853848932B01
- E-mail: info@arvid.nl
- Website: arvid.nl
2. What data do we process?
- Account: name, email address and hashed password.
- Sub-users: name and email address of sub-users you create, plus their permissions, time windows and weekday rules.
- Authentication: session cookies and one-time OTP codes for two-factor sign-in (only the hash is kept).
- NUKI API tokens: stored encrypted, used to communicate with the NUKI Web API on behalf of your account.
- Log files: IP address, user agent, timestamp and actions, for security and diagnostics.
- Lock activity: the actions you perform via this platform through NUKI (lock/unlock, log access).
3. Purposes and legal bases
- Performance of the contract (Art. 6(1)(b) GDPR): creating your account, sub-users and executing lock actions.
- Legitimate interest (Art. 6(1)(f) GDPR): security, abuse prevention, diagnostics and invoicing.
- Legal obligation (Art. 6(1)(c) GDPR): retention of invoices for tax purposes.
4. Cookies
We use two categories of cookies: strictly necessary cookies for your session, CSRF protection and to remember your language choice (these are always placed and are exempt from consent under Article 11.7a of the Dutch Telecommunications Act), and analytics cookies from Google Analytics 4 with IP anonymisation, which we only place after your explicit consent via the cookie banner. No advertising or profiling cookies are placed on this website. You can withdraw or change your consent at any time via the "Cookie preferences" link at the bottom of the page.
5. Retention periods
- Account & sub-users: for as long as your account is active. After cancellation we delete your data within 30 days, unless a legal retention obligation (e.g. tax) requires longer storage.
- OTP codes: hashes are removed as soon as the code has been used or expired.
- Logs: up to 90 days.
- Invoices: 7 years (tax retention obligation).
6. Sub-processors
We only work with sub-processors that comply with the GDPR:
- Nuki Home Solutions GmbH — executing lock actions through the NUKI Web API.
- Hosting within the EU.
- Email — transactional mail (OTP, password reset).
A current data processing agreement is available on request.
7. Security
Passwords are hashed (bcrypt), NUKI API tokens are stored encrypted and all traffic runs over TLS. Access to production systems is restricted and logged.
8. Your rights
You have the right to access, correct, delete, restrict, port and object to processing. Send a request to info@arvid.nl. We respond within 30 days. Not satisfied? You can lodge a complaint with the Dutch Data Protection Authority.
9. Changes
This statement may be updated. We notify logged-in users of material changes by email at least 14 days before they take effect.