Privacy Policy and Terms & Conditions

Privacy Policy

At OutKept (referred to as “OutKept”, “we”, “us”, “our”), we understand better than anyone that your privacy is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone that visits our website/platform, and only collect and use information in ways that are useful to you and in a manner consistent with your rights and our obligations under the law, including the General Data Protection Regulation (GDPR).

This privacy and cookie policy will help you understand how we process any and all data collected by us in relation to your use of our website, and what choices you have. 

About us

Our website, is owned and operated by:

OutKept BV, registered in Belgium under nr: BE0769443788. Our registered address is: 28 Boekendries, 9660 Brakel, Belgium

Our data protection officer can be contacted at

What information do we collect?

We collect information about you when you register with us or complete a form on our website. We collect the information you provide in the forms on our platform. We collect information from files you upload, including e.g. scans of national identity card, passport, driver’s license or other commonly accepted documents as proof of identification. We also collect information when you voluntarily provide feedback, participate in competitions and when you email us or contact us by telephone. Website usage information is collected using cookies.

How will we use the information about you?

We will use this information to provide you with the products or services requested, manage your account, respond to communications from you and, if you agree, to email you about other products and services that we think may be of interest to you.

We use your information collected from our website to personalise your repeat visits to our website. 

We will not share your information with companies outside of our organisation, with the notable exception of PSP Stripe. OutKept works with Stripe as a provider for incoming and outgoing payment services. In order to make these payment services possible, OutKept is required to collect and share certain information with Stripe, I.A. for the verification of payment beneficiaries e.g. ethical phishers on the OutKept Platform, in the context of legal obligations related to KYC (know your customer). We include the following information excerpt from Stripe as clarification: 


“Know Your Customer” (KYC) obligations for payments require Stripe to collect and maintain information on all Stripe account holders. These requirements come from our regulators and are intended to prevent abuse of the financial system.

The information Stripe is required to collect differs from country to country, and typically includes (but is not limited to):

  • The individual creating the Stripe account
  • The business associated with the Stripe account
  • Any individuals who ultimately own or control that business (includes Custom Connect accounts)

OutKept will only share with Stripe the strict minimum of your information required to make normal use of the payment services it offers possible.


With your permission we would like to send you information about our products and services, together with details of news and promotions that we think will be of interest to you. We may use your data to contact you by email, telephone, text message and by direct mail. You may opt out at any time.

If you no longer wish to be contacted for marketing purposes, please email You can opt out of our email communications by clicking the unsubscribe link at the footer of any email you receive from us.

How and where do we store your data?

We only keep your data if we have a valid legal reason to do so and will only keep it for as long as we need to in order to fulfil our contractual or legal obligations or for as long as we have your permission to keep it. 

In the context of a phishing simulation campaign, if you were targeted by one of our phishing simulation mails, the proprietary information provided by you through our platform will only be stored for a minimum of time, to allow us to register the fact that information was shared with us. We do not store information you uploaded for the purpose of keeping it. The purpose of our platform is solely to register whether you have clicked on a link and/or shared data on a phishing simulation page on our platform, in order to generate a report on the vulnerability to phishing of your organisation and to allocate an appropriate reward (bounty) to the ethical social engineer who sent out the phishing simulation mail. Ethical social engineers will under no circumstance have access to the information provided by you through one of our web forms.

We will conduct an annual review to determine if we need to keep your data. Your data will be deleted if we no longer need it to maintain our obligations or if you have requested that we delete it.

Some or all of your data may be stored or transferred outside of the European Economic Area (“the EEA”). If we do store or transfer data outside of the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would within the EEA and under the GDPR.

Data security is of great importance to us. We take steps to protect your data by using data encryption on our websites and applications. Our websites are hosted in Belgium and the Netherlands and are monitored 24/7/365. The servers where they are stored include firewall protection and secure monitoring software which generates alerts in the event of a hack attempt or the detection of malware.

Access to your information and correction

You have the right to request a copy of the information that we hold about you. If you would like a copy of some, or all of your personal information, please email us at We may charge a small fee for this service.

We want to ensure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.


Cookies are text files placed on your computer to collect standard internet information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. It may also be used for the purpose of running re-marketing adverts to you about our products and services.

You can set your browser not to accept cookies and can also remove cookies from your browser. However, if you do, some features on our website may not function as a result.

You can find out more information about cookies and how to remove cookies by visiting or

Other websites

Our website contains links to other websites. This privacy policy and terms and conditions only apply to this website and platform. So, if you follow a link to other websites you should read their privacy policy.

Terms and Conditions

The concise terms and conditions below refer primarily to proper use of the platform. For our General Terms and Conditions (Algemene Voorwaarden), applicable a.o. to our contracts, agreements, offers etc. please refer to Algemene Voorwaarden.


The following definitions are used throughout this document:

  • Platform:
  • The website:
  • Phishing simulation campaigns: On the OutKept platform, this refers to the practice of sending out mails resembling real phishing mails to Outkept’s target clients with the sole intention of helping those clients to increase awareness around the threat of (actual) phishing.
  • Ethical phishing, ethical social engineering: participating in phishing simulation campaigns, with the intent of helping OutKept’s clients to protect themselves better against real, malicious, phishing mails. An ethical phisher or ethical social engineer will never abuse the information obtained through a phishing (simulation) campaign to cause harm in any form, financial, legal, nor reputational, to OutKept or its clients.

Correct use of the platform (

As a visitor to our web platform, we require you to respect the following guidelines:

You use the platform only for what it is intended: 

  • Informing yourself on our products, services or topics of interest shared on our website
  • Participating in, or conducting, phishing simulation campaigns, upon request of OutKept and its clients only
  • As a user, you refrain from sharing any information on the platform outside of the platform context, unless permitted by OutKept. This includes but is not limited to information on the platform’s technical details, the user experience, design, content, information on the phishing campaign targets, and reward system.
  • You respect other users of the platform and refrain from using abusive language in any form of communication.
  • You and you alone make use of the account created by you; your account is strictly personal.All responsibility regarding fiscal obligations related to compensation you may earn on the platform, in any form (incl. goods, benefits, monetary compensation) lies with you. If any taxes are to be paid on such compensation, it is your duty to adhere to your local tax laws and regulations.

Changes to our privacy policy and terms and conditions

We will keep our privacy policy and terms and conditions under regular review and will place any updates on this web page. The Privacy Policy and Terms and Conditions were last updated on the 21 June 2021.

Contact Us

If you have any queries concerning this Privacy Policy, our Terms and Conditions, your personal information or any questions on our use of the information, please email us at or write to us: OutKept – 28 Boekendries, 9660 Brakel, Belgium