Privacy Policy

1. Data Controller
Alexandra Pagáčová  
Business address: Bajkalská 45G, 821 05 Bratislava, Slovak Republic  
Business ID (IČO): 57496943
Tax ID (DIČ): 1078403755
Email: hello@kayonara.com  

The Seller acts as the data controller pursuant to Regulation (EU) 2016/679 (GDPR).

2. Source Of Personal Data
Personal data is obtained directly from customers when placing an order, creating an account, subscribing to the newsletter, or contacting us. Technical data may also be collected automatically via cookies and analytics tools.

3. Purposes Of Processing

  • Processing and fulfilling orders
  • Issuing invoices and accounting compliance
  • Delivery of goods
  • Handling complaints and returns
  • Customer communication
  • Fraud prevention and website security
  • Direct marketing to existing customers (legitimate interest)
  • Newsletter marketing (based on consent)
  • Website analytics and service improvement (based on consent where required)

4. Legal Bases For Processing

  • Contract performance (Art. 6(1)(b) GDPR)
  • Legal obligation (Art. 6(1)(c) GDPR)
  • Legitimate interest (Art. 6(1)(f) GDPR) – fraud prevention, IT security, protection of legal claims and limited direct marketing to existing customers. Customers may object to such marketing at any time free of charge. A balancing test has been carried out and our legitimate interest does not override the rights and freedoms of customers.
  • Consent (Art. 6(1)(a) GDPR) – marketing emails and non-essential cookies

5. Categories Of Personal Data

  • Identification data (name, surname)
  • Contact details (email, phone number)
  • Billing and shipping address
  • Order and payment confirmation data
  • Communication records
  • Technical data (IP address, browser, device identifiers)
  • Cookie-related data
    We do not store full payment card details.

6. Mandatory Data
Providing personal data necessary for order processing is a contractual requirement. Failure to provide mandatory data may result in the inability to conclude or perform the contract.

7. Data Retention

  • Accounting and order data: 10 years
  • Complaint records: for the duration of the statutory limitation period (generally 3 years unless required longer)
  • Marketing data: until consent withdrawal
  • Customer account data: until deletion request or 3 years of inactivity

8. Data Sharing

  • Shopify Inc. / Shopify International Ltd. (e-commerce platform provider)
  • Payment service providers (e.g., Mollie Cards, Shopify Payments, Stripe, PayPal)
  • Shipping and logistics providers: DPD and Packeta Group
  • IT, hosting and accounting providers
  • Public authorities where legally required

All processors process personal data solely on our instructions and on the basis of data processing agreements concluded in accordance with Article 28 GDPR. A current list of processors is available upon request.
We do not sell personal data.

9. International Transfers
Personal data may be processed outside the EEA (e.g., via Shopify in Canada or the United States). Transfers are protected by appropriate safeguards such as Standard Contractual Clauses (SCCs). Where applicable, transfers may also rely on adequacy decisions of the European Commission or the EU–US Data Privacy Framework.

10. Automated Decision-Making
We do not carry out automated decision-making or profiling that would produce legal effects concerning you.

11. Data Protection Officer
We are not required to appoint a Data Protection Officer under Article 37 GDPR.

12. Your Rights

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to object
  • Right to data portability
  • Right to withdraw consent at any time
  • If you object to direct marketing, we will stop processing your personal data for that purpose immediately.

You have the right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.

Supervisory authority (Slovakia): Office for Personal Data Protection of the Slovak Republic – www.dataprotection.gov.sk
Requests to exercise your rights may be submitted via email at hello@kayonara.com. We will respond within one month in accordance with GDPR.

13. Cookies
Details about cookies and tracking technologies are provided in our separate Cookie Policy available on our website. Non-essential cookies are used only based on your consent. You may change your cookie preferences at any time via the cookie settings available on our website.

14. Security
We implement appropriate technical and organizational measures to protect personal data.

15. Children
We do not knowingly process personal data of children under the age required by applicable data protection law.

16. Contact
For any data protection inquiries, contact: hello@kayonara.com