GDPR information

Last updated: March 28, 2026

This page summarises how Keystone Themes approaches data protection rules that apply in the European Economic Area (EEA), the United Kingdom, and Switzerland—including the General Data Protection Regulation (GDPR) and the UK GDPR. It supplements our Privacy Policy.

Controller

For personal data we determine the purposes and means of processing on this website, the controller is Keystone Themes. Marketplace purchases are typically processed by Envato / ThemeForest as a separate controller; see their privacy notices for checkout and account data.

Lawful bases

We rely on one or more of the following, depending on the activity:

  • Contract — where processing is necessary to provide a feature you asked for;
  • Legitimate interests — for example security, fraud prevention, and improving the site, balanced against your rights;
  • Legal obligation — where the law requires us to process data;
  • Consent — where we ask for it (for example optional marketing or non-essential cookies), which you can withdraw at any time.

Your rights

Subject to applicable law, you may have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate data;
  • Erase data in certain circumstances (“right to be forgotten”);
  • Restrict processing in certain circumstances;
  • Data portability for data you provided, where processing is automated and based on consent or contract;
  • Object to processing based on legitimate interests or for direct marketing;
  • Withdraw consent where processing is consent-based;
  • Lodge a complaint with a supervisory authority in your country.

To make a request, use our Contact page. We may need to verify your identity before responding. We aim to reply within one month, or inform you if we need more time.

Data Protection Representative

If we are required to appoint an EU or UK representative under applicable law, their contact details will be published here or provided on request.

Transfers outside the EEA/UK

Where personal data is transferred to countries not recognised as providing adequate protection, we use appropriate safeguards such as the EU Commission’s standard contractual clauses (SCCs) or the UK International Data Transfer Addendum, as relevant.

Automated decision-making

We do not use solely automated decision-making, including profiling, that produces legal or similarly significant effects on you.

Contact

For GDPR-related questions or requests: Contact · hikeystonethemes@gmail.com.

See also: Privacy Policy · Terms & Conditions