GDPR & Data Protection

Last updated: June 2025

Keryx takes data protection seriously. This page explains how we comply with the General Data Protection Regulation (GDPR) and equivalent data protection laws, and how you can exercise your rights.

Data Controller

Keryx acts as the Data Controller for the personal data you provide when using our platform. Contact our data team at noreply@keryxonline.com.

Legal Bases for Processing

We process your personal data on the following legal grounds:

Contract performance: Processing necessary to provide you with the Keryx service (e.g., your account, reading history)
Legitimate interests: Platform security, fraud prevention, improving our service
Consent: Push notifications, optional personalisation features — you can withdraw consent at any time
Legal obligation: Complying with applicable laws and lawful requests from authorities

Your GDPR Rights

Under GDPR, you have the following rights:

Right of AccessRequest a copy of the personal data we hold about you.

Right to RectificationAsk us to correct inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten")Request deletion of your personal data where there is no compelling reason for its continued processing.

Right to Restrict ProcessingAsk us to pause processing of your data in certain circumstances.

Right to Data PortabilityReceive your data in a structured, commonly used, machine-readable format.

Right to ObjectObject to processing based on legitimate interests or for direct marketing purposes.

How to Exercise Your Rights

Submit your request to noreply@keryxonline.com with the subject line "Data Request". We will respond within 30 days. We may need to verify your identity before processing the request.

Data Transfers

Keryx is operated from Ghana. If your data is transferred outside your jurisdiction, we ensure adequate safeguards are in place consistent with applicable law.

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by law.

Complaints

If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the relevant data protection authority in your country.