Privacy Policy

Introductory Considerations

On 25 May 2018, the new General Data Protection Regulation (GDPR – General Data Protection Regulation) came into force. The objective of the European Union is to provide further protection to personal data, defined as “any information concerning an identified or identifiable natural person (so-called Data Subject)”. This Privacy Policy provides users of this site with clear and detailed information on the processing of their data according to the General Data Protection Regulation and the Personal Data Protection Code. In particular, by consulting this document, the reader will have the possibility to confer the set of data collected, the methods of their use, and the rights at his disposal regarding the protection of sensitive data.

Data Controller

According to EU regulation 2016/679, aka General Data Protection Regulation, for the KURUMBALE site available at the URL https://kurumbale.com, Carles Mara Martínez is the Data Controller for the processing of personal data collected on users of the site itself. For any information or notification regarding privacy, please refer to the company email kteam@kurumbale.com.

Data Collected through the Website

The Personal Data object of KURUMBALE’s activity is related to the following categories: personal data of the user, contact details such as telephone, email or mobile address, billing and shipping data such as physical address or post office box, and financial profiles to support online payments and credit card information. These data are collected directly at the time of account registration (email), purchase (personal data, shipping and billing address, telephone optionally, and content generated directly by the user as optional reviews) on https://kurumbale.com. In addition, this site features third-party plugins and software that may collect metric user data as stated below. Kurumbale collects also the user’s cookie preferences.

Data Collected by Third Parties

The Site uses the following third-party components that independently collect data about users:

Cloudways: Cloudways Ltd is our website hosting service. The servers, provided by Vultr (The Constant Company LLC), contain also the data that the site acquires. The data center is physically located in Paris (FR). 2 backups types of the entire site (code and DB) are made and stored in the same data center: the first one, in the Web server with 1-day data retention and, the second one, in an off-site resilient and secure storage solution with 7-day data retention. Privacy Policy.
Google Analytics: we use this plugin to acquire metric data on the use of our site by the user only if he accepts the necessary cookies. Privacy Policy.
Facebook Pixels: to understand and analyze our marketing campaigns and their effectiveness. Privacy Policy.
Security Components: we use iThemes Security owned by Liquid Web LLC to avoid malicious actions on our website.
Payments: we use Stripe, PayPal, Apple Pay e Google Pay to manage and process website’s payments.
Data provided directly to third parties: we provide details about the purchased product to our partner Shirtee once the acquisition of a specific good from our website is confirmed, in order to organize the production and shipping (with DHL). Finally, we use Hostinger for our email servers and Amazon Simple Email Service for the newsletter email sending management.

Purposes and Methods of Processing

Kurumbale will process the Personal Data for the exclusive purpose of carrying out the typical business operations. They include improving/providing the services, covering the tax purposes provided for by the law where the company is based, and for marketing/contact purposes. Kurumbale will operate according to this agreement, within limits and according to the procedures set out in the Privacy Law.

It, therefore, undertakes to:

Treat Personal Data lawfully, adopting all organizational measures proper to minimize the processing of only those Personal Data strictly necessary to execute Contracts or legal obligations correctly;
Process Personal Data following the information on the methods of processing Personal Data provided to Data Subjects through the information on the processing of Personal Data;
Verify that the Personal Data are accurate, relevant, complete and not exceeding the purposes for which they were processed. It includes the reporting in writing to third parties any needs to modify, update, correct or delete Personal Data and undertake to update them, modify, correct or delete them at their request.
The treatment will be carried out using IT and telematic tools. Such data will not be communicated or accessible to third parties except in the cases provided for by law.

Transfer of Personal Information

Regarding the transfer of data to third parties, Kurumbale undertakes to follow and correctly apply the instructions dictated by the legislation, refraining from defining any methods or purposes of processing other than those imposed by the agreements with its customers. In other words, in complete agreement with the current legislation on data protection (EU 2016/679, art.13/14), any potential transfer to third parties will be requested from time to time by the user concerned, who may object and deny your consent except in the following cases:

Transfer upon request for legal proceedings, legal acts, judicial and/or police investigations.
Transfer for documents and information required by the police.
Transfer to our partner for the correct provision of the service offered.

Data Retention

Kurumbale collects customer data to provide its services and retains this information for the duration of the contracts or at the latest until the end of the year of operations to fulfill tax purposes. Furthermore, Kurumbale retains the data for a period after the termination of contracts only and only in relation to regulatory, tax, insurance and other requirements in the places it operates. Once this information is no longer necessary for the provision of services, we take measures to prevent access or use of this information for purposes other than security, fraud prevention and detection. In any case, we do not take legal responsibility for any unwanted access or any hacking activity by third parties.

The data is stored exclusively in electronic and non-paper formats.

User Rights In Accordance with the GDPR

The end-user has the right, following current legislation, to exercise one or more options from those described below:

Right of withdrawal: the end-user has the full right to request the complete termination of the consent of the data collected by us at any time and without giving a reason.
Right to be forgotten: the end-user has the full right to request the complete cancellation, from any media, of their data collected by us, without providing any express reason. By exercising this action, he understands that the provision of our services may be subject to limitations or may be completely denied.
Right of rectification and access to data: the end-user has the full right to check at any time, the set of data that the company has collected on it. Additionally, he can request the rectification and modification of the data collected (for example, following a change of domain or method of telephone/e-mail contact).
Right to request support from the Irish Privacy Guarantor: the end-user has the right to request permission and additional information from the Privacy Guarantor, available at https://www.privacyshield.gov/welcome.

How to Exercise Your Rights

When declaring the Data Controller, the user can exercise their rights set out above directly by contacting us using the e-mail address indicated in this document.

Cookie	Duration	Description
cookielawinfo-checkbox-analytical	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytical".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
enforce_policy	1 year	PayPal sets this cookie for secure transactions.
l7_az	30 minutes	This cookie is necessary for the PayPal login-function on the website.
LANG	9 hours	PayPal sets this cookie during payments.
nsid	session	This cookie is set by the provider PayPal to enable the PayPal payment service in the website.
ts	3 years	PayPal sets this cookie to enable secure transactions through PayPal.
ts_c	3 years	PayPal sets this cookie to make safe payments through PayPal.
tsrce	3 days	PayPal sets this cookie to enable the PayPal payment service in the website.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wp-wpml_current_language	session	Designates the country code that is calculated based on the user's IP address. Used to determine what language should be used for the visitor.
x-pp-s	session	PayPal sets this cookie to process payments on the site.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_G8JXTXDTRG	2 years	This cookie is installed by Google Analytics.