Privacy Policy

1. Who we are

Controller for website, sales and account data:

Lev Zimbitskiy, trading as KRYOS
Calle Carmelo Roda, 6, 46025 Valencia, Spain
Tax/VAT ID: ESY5383974X
Email: info@kryostech.com

KRYOS is usually the controller for website, sales, billing, account administration, support and security data. For monitoring records processed on behalf of a business customer, KRYOS may act as processor and the customer may act as controller. In those cases, the customer's agreement with KRYOS, including any data processing agreement, will apply.

2. What this policy covers

This Privacy Policy covers personal data processed when you visit our website, contact us, request a demo, request pricing, request support, create or use a KRYOS account, use the KRYOS platform, receive alerts, reports or exports, buy hardware, subscriptions or services from us, or interact with our emails, booking tools, analytics tools or payment tools.

The KRYOS platform may also process temperature, humidity, sensor, alert, incident, report, exports and audit-log information. Some of that information may not be personal data by itself, but it can become personal data when linked to users, roles, acknowledgements, response notes, customer accounts, locations or identifiers.

3. Personal data we collect

Website, sales and contact data

• name;
• email address, usually a business email address;
• phone number;
• company or organisation name;
• job title or role;
• country or region;
• industry or use case;
• message content;
• demo, pricing, support or contact request details;
• information about the number of sites, fridges, rooms, sensors, routes or monitored assets you tell us about.

Account and platform user data

• name;
• email address;
• organisation;
• user role;
• permissions;
• assigned sites, branches, rooms, devices or monitored assets;
• login and security logs;
• account activity;
• support requests;
• notification preferences;
• acknowledgement and response-note activity.

Monitoring and operational data

The KRYOS platform may process readings, sensor or probe identifiers, device status, battery state, alert status, configured thresholds, high and low excursions, disconnection notifications, incident start and end times, min/max exposure, reports, exports, response notes, user acknowledgements, audit logs, calibration or certificate context, and monitored asset, room, branch, site, route, shipment, zone or storage-point associations where available in the configured service.

Uploaded or entered content

You or your organisation may upload or enter certificates, reports, incident notes, calibration documents, support files, implementation information, and other documents or comments related to your monitoring workflow.

Please do not enter personal data into free-text fields unless it is necessary for your organisation's use of KRYOS.

Special categories of personal data

KRYOS is not intended for processing special categories of personal data, such as health data about identifiable individuals. Customers should not enter such data into notes, asset names, reports, uploaded documents or free-text fields unless they have a lawful basis and appropriate safeguards.

Payment and billing data

If you buy from us online or pay invoices, we may process billing name and address, company details, VAT/tax information, invoice data, payment status and transaction references. Online card payments are processed by Stripe. We do not store full card numbers on our systems.

Technical and usage data

• IP address;
• browser and device information;
• pages visited;
• date and time of access;
• language and location information inferred from your device or browser;
• cookie identifiers;
• analytics events;
• error or diagnostic information where enabled.

4. How we collect personal data

We collect personal data directly from you, from your organisation, from sensors, devices or integrations, from payment, hosting, analytics, CRM, calendar and communication providers where relevant, and from cookies and similar technologies where allowed and, where required, after consent.

5. Why we use personal data

Where we rely on legitimate interests, those interests include responding to business enquiries, securing our services, improving KRYOS, managing customer relationships, supporting customer operations, preventing misuse, maintaining service history, and protecting our legal and commercial position.

To respond to requests

We use contact, demo, pricing and support information to reply to you and provide requested information.

Legal basis: pre-contractual steps, legitimate interests in responding to business enquiries and, where applicable, consent.

To provide the KRYOS platform

We use account, user, sensor, alert, incident, report and exports data to provide monitoring, alerts, dashboards, reports, logs and related services.

Legal basis: contract performance and legitimate interests in providing, securing and supporting the service. Where we act as processor, we process data on the customer's documented instructions.

To manage accounts, subscriptions, hardware and services

We use customer and billing data to manage subscriptions, hardware orders, custom quotes, discounts, onboarding, installation, probe recalibration/replacement and professional services.

Legal basis: contract performance, legal obligations and legitimate interests in managing customer relationships, hardware, subscriptions and services.

To send service notifications

We may send important platform, security, subscription, billing, operational or support messages.

Legal basis: contract performance and legitimate interests in service operation and account administration.

To improve KRYOS

We may analyse usage, support requests, errors, diagnostics and product performance to improve our website, platform, features, documentation and user experience.

Legal basis: legitimate interests and, for non-essential analytics cookies, consent.

To manage security and prevent misuse

We use logs and technical data to protect accounts, prevent abuse, investigate incidents, maintain security and enforce our terms.

Legal basis: legitimate interests in securing our services and preventing misuse, and legal obligations.

To comply with legal obligations

We may process data for tax, accounting, invoicing, legal claims, compliance, law enforcement requests and regulatory obligations.

Legal basis: legal obligations and legitimate interests in protecting legal rights and resolving disputes.

To send marketing communications

Where permitted, we may send product updates, educational content or commercial communications. You can opt out of marketing emails at any time.

Legal basis: consent or legitimate interests in sending relevant B2B communications, depending on the context and applicable law.

6. Cookies and analytics

We use cookies and similar technologies as described in our Cookie Policy.

We do not use non-essential cookies, such as analytics or marketing cookies, unless you have given consent where consent is required. You can change your cookie preferences through the cookie banner or Cookie settings link on the website.

7. Third-party service providers

We use service providers to operate KRYOS. These may include hosting and domain providers, including Arsys; payment providers, including Stripe; analytics and tag-management providers, such as Google services where enabled; CRM providers, such as Zoho where enabled; booking tools, such as Calendly where enabled; communication tools, such as WhatsApp or email systems where enabled; and support, diagnostics, monitoring or error-tracking providers where enabled and relevant.

We require service providers to process data only for authorised purposes and to apply appropriate security measures. If we enable additional providers, we will update this policy where required.

8. International transfers

Some providers may process data outside the European Economic Area, including in countries that may not provide the same level of data protection as the EU.

Where required, we rely on appropriate safeguards such as European Commission adequacy decisions, Standard Contractual Clauses, additional contractual, organisational or technical safeguards, and other lawful transfer mechanisms under GDPR.

9. How long we keep personal data

We keep personal data only for as long as necessary for the purposes described in this policy, including legal, accounting, contractual, support, security and dispute-resolution needs.

• Contact, demo and pricing requests: up to 3 years after the last interaction, unless a customer relationship starts or you ask us to delete the data earlier.
• Marketing data: until you unsubscribe, withdraw consent, object to marketing, or until we delete the contact because it is no longer relevant to our business relationship, generally no later than 5 years after the last meaningful interaction.
• Customer account and contract data: during the customer relationship and afterwards as needed for legal, accounting, warranty, dispute and legitimate business purposes.
• Invoices and accounting records: generally for at least 4 years for Spanish tax purposes and up to 6 years or longer where commercial, accounting, legal or dispute obligations require it.
• Monitoring records, alerts, reports and audit logs: according to the customer's subscription, configuration, contract and operational needs.
• Support records: for as long as needed to provide support, maintain service history and resolve disputes.
• Security and technical logs: for a reasonable period needed for security, troubleshooting and service integrity.

We may retain anonymised or aggregated data that no longer identifies individuals.

10. Security

We use technical and organisational measures designed to protect personal data, including access controls, role-based permissions where available, secure hosting, account controls, and operational security procedures.

No system is perfectly secure. Customers are responsible for maintaining secure account access, managing user permissions, keeping credentials confidential and ensuring their own internal processes are appropriate.

11. No automated decision-making

KRYOS does not use personal data to make automated decisions that produce legal or similarly significant effects.

Temperature alerts, reports and monitoring records support customer review workflows, but final operational, quality, stock, clinical, food safety, laboratory, GDP or compliance decisions remain with the customer.

12. Your rights

Subject to applicable law, you may have the right to access your personal data, request correction, request deletion, request restriction of processing, object to processing, request portability, withdraw consent where processing is based on consent, and complain to a supervisory authority.

To exercise your rights, contact us at info@kryostech.com. We may need to verify your identity before responding to a rights request.

Some requests may be limited where data must be retained for legal, security, contractual or legitimate business reasons. If your data is processed by KRYOS on behalf of your organisation, we may need to refer your request to that organisation as controller.

You may also contact the Spanish Data Protection Agency (Agencia Espanola de Protección de Datos, AEPD): https://www.aepd.es/.

13. Customer responsibilities

Customers using KRYOS are responsible for deciding what personal data is entered into the platform, assigning user roles and permissions appropriately, defining retention needs for their monitoring records, ensuring their own privacy notices, SOPs and internal policies are appropriate, using KRYOS under the applicable agreement and Terms and Conditions, and making product, stock, clinical, food safety, laboratory, GDP, pharmacy, compliance or operational decisions.

KRYOS provides environmental monitoring and evidence tools. It does not make final quality, product, clinical, food safety, laboratory, vaccine, stock or compliance decisions.

14. Children

KRYOS is intended for business and operational use. It is not directed to children.

15. Changes to this policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new "Last updated" date.

16. Contact

For privacy questions, contact:
KRYOS
Lev Zimbitskiy, trading as KRYOS
Calle Carmelo Roda, 6, 46025 Valencia, Spain
Email: info@kryostech.com

You can also review our Cookie Policy and Terms and Conditions.