Privacy Notice (GDPR)

How we collect, use, and protect your personal data.

This Privacy Notice explains how K2MATCH LIMITED (“K2MATCH”, “we”, “us”) processes personal data when you visit k2match.com, create an account, contact us, subscribe to our newsletter, register interest in events, or use our quizzes (including the Fundraising Readiness Score and the Entrepreneurial Readiness Quiz).

1) Controller and contact

  • Controller: K2MATCH LIMITED
  • Registered address: Konstantinou Paleogou 21, Paphos, 8011 Paphos, Cyprus
  • Privacy contact: [email protected]
  • Data Protection Officer (DPO): Not appointed.

2) Who this notice applies to

This notice applies to business users and visitors of k2match.com, including founders, startup teams, investors, and other professional users. Our services are intended for business adults only.

3) Personal data we collect

A) Data you provide to us

  • Identity and contact data: name, email address
  • Professional data: company, job title, LinkedIn URL
  • Account data: login credentials and account settings
  • Quiz data: answers you submit, calculated results/scores, and related feedback/action prompts
  • Communications: messages you send via contact forms or email, and our replies
  • Event interest data: information you submit to request participation or updates (where applicable)

We do not intentionally collect special category data (e.g., health, political opinions) or official ID documents.

B) Data we collect automatically

  • Usage and device data: pages visited, timestamps, referrer, browser/device details, and similar telemetry
  • Security data: logs needed to maintain website security and prevent abuse

4) Purposes and legal bases (GDPR Art. 6)

A) Website operation, security, and account functionality

Purpose: operate the website, enable login/account features, ensure stability and security, prevent fraud and abuse.

Legal basis: legitimate interests (Art. 6(1)(f)) and, where applicable, performance of a contract (Art. 6(1)(b)).

B) Contact requests and business communications

Purpose: respond to inquiries, provide requested information, manage business communications.

Legal basis: legitimate interests (Art. 6(1)(f)) and/or steps prior to entering a contract (Art. 6(1)(b)).

C) Newsletters and updates

Purpose: send newsletters and marketing communications you subscribed to.

Legal basis: consent (Art. 6(1)(a)). You can withdraw consent at any time (see Section 10).

D) Relationship marketing to applicants and business leads

Purpose: send relevant B2B updates (e.g., platform news, event-related updates, and opportunities aligned to your role as a founder or investor) to users who have engaged with us (e.g., contacted us, created an account, registered interest, or participated in our ecosystem).

Legal basis: legitimate interests (Art. 6(1)(f)).

You can object at any time. We include an easy opt-out in our messages or you can contact [email protected].

E) Quizzes (Fundraising Readiness Score, Entrepreneurial Readiness Quiz)

Purpose: provide quiz functionality, calculate scores, generate informational insights and next-step suggestions, and improve our offerings.

Legal basis: performance of a contract / service you request (Art. 6(1)(b)) and/or legitimate interests (Art. 6(1)(f)).

Important: quiz scoring is purely informational and does not produce legal effects or similarly significant decisions.

F) Event participation requests and logistics

Purpose: manage event interest requests, confirmations, attendee communications, and operational planning.

Legal basis: steps prior to contract / contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)).

Note: ticket sales (if any) may be handled via third-party platforms (see Section 6).

G) Analytics

We currently do not run user-level marketing tracking or remarketing on k2match.com. If we enable privacy-focused analytics in the future, we will update this notice and, where required, provide appropriate choices.

5) Cookies and similar technologies

We use cookies and similar technologies only as needed for core website functionality and security (for example, session cookies to keep you logged in). We do not run remarketing cookies or advertising pixels.

We may publish a dedicated Cookie Policy later if/when additional technologies are introduced.

6) Sharing of personal data (recipients and processors)

We may share personal data with trusted service providers who support our operations. These providers act as processors under our instructions and are bound by data processing agreements where required (GDPR Art. 28). We share only what is necessary for the relevant purpose.

A) Our key service providers

  • Hosting (Germany/EU): Hetzner
  • Security/CDN: Cloudflare
  • Email delivery: Mailgun
  • Scheduling: Calendly
  • CRM: Pipedrive
  • Deal-flow platform: Dealum

Depending on the feature you use, additional providers may apply (e.g., for event registration pages operated by third parties).

B) Third-party platforms (separate controllers)

Where you leave k2match.com and submit information on a third-party platform (for example, Dealum for deal-flow applications or third-party event sales/registration pages), that platform may act as an independent controller for the data you provide there. Their privacy notice applies to that processing.

We may receive limited data back from such platforms (e.g., application status, attendee information) to manage the relationship and the service you requested.

C) Legal disclosures

We may disclose personal data if required by law, or where necessary to protect our rights, users, and systems (legal obligation or legitimate interests).

7) International data transfers

Some providers may process data outside the EEA/UK (for example, in the United States). Where applicable, we rely on the EU–US Data Privacy Framework for participating providers. Where a transfer is not covered by an adequacy mechanism, we use other appropriate safeguards (such as Standard Contractual Clauses) as required.

8) Data retention

We keep personal data only as long as necessary for the purposes described in this notice, and then delete or anonymise it, unless we need to retain certain data longer to comply with legal obligations or to establish, exercise, or defend legal claims.

Typical retention periods (can be adjusted)

  • Contact inquiries: 12 months after last contact
  • Newsletter data: until you unsubscribe, then up to 6 months to maintain a suppression record
  • Account data: for as long as your account remains active; if inactive, delete/anonymise after 24 months of inactivity
  • Investor profiles / onboarding data: 36 months after last meaningful interaction
  • Startup / founder lead data received from applications: 36 months after last meaningful interaction
  • Quiz submissions/results: 24 months (or earlier on deletion request, subject to legal exceptions)
  • Event interest/attendee lists received: 36 months after the event (or earlier where feasible)
  • Security and server logs: typically 30–90 days (longer only if needed to investigate incidents)

9) Automated decision-making and profiling

We do not use automated decision-making that produces legal effects or similarly significant effects (GDPR Art. 22). Our quizzes generate informational scores and guidance only.

10) Your rights (GDPR)

Subject to applicable conditions and exceptions, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase data (“right to be forgotten”)
  • Restrict processing
  • Data portability (where applicable)
  • Object to processing based on legitimate interests (including direct marketing)
  • Withdraw consent at any time (does not affect processing already carried out)

To exercise your rights, contact [email protected].

Right to complain

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA Member State of your habitual residence, place of work, or place of the alleged infringement.

Supervisory authority: https://www.dataprotection.gov.cy/

11) Security

We implement appropriate technical and organisational measures to protect personal data, including access controls and security monitoring. No system is 100% secure, but we work to reduce risk and respond quickly to issues.

12) Changes to this Privacy Notice

We may update this notice to reflect changes in our processing, services, or legal requirements. We will publish the updated version on this page and adjust the “Last updated” date.

13) Contact

Questions, requests, or concerns: [email protected]

Controller: K2MATCH LIMITED, Konstantinou Paleogou 21, Paphos, Paphos 8011, Cyprus

Last updated: 2026-02-21