Privacy policy

This Policy explains how we collect, use, share and protect personal data of visitors and customers of KlouzeStorewhen you access the Site, create an account, make a purchase, ask for support or interact with our communications. This Policy is drafted for compliance with the EU General Data Protection Regulation (GDPR) and, where relevant, the UK GDPR.

1. Who we are and scope

We are the controller of the data processed through the Site. We operate the store on the Shopify platform and process payments through Stripe. This Policy applies to all pages under klouze.store and to the official support channels listed here.

2. What data we collect

We collect only the data necessary to provide our services. Categories include:

  • Account & identification: name, email, password (hashed), language/country.

  • Order & delivery: full shipping address, country, contact details, order information, tax ID where applicable (VAT/NIF), delivery preferences.

  • Payment data: processed by Stripe. We do not store full card numbers; we receive only payment tokens and status metadata.

  • Support data: content you send via contact form, email or chat (including attachments if any).

  • Technical & usage data: IP address, cookie identifiers, device/browser type, pages viewed, session duration, traffic source, cart/checkout interactions.

  • Marketing & preference data: cookie consent choices, newsletter preferences, campaign/utm data (where consent or legitimate interest applies).

3. Purposes and legal bases (Art. 6 GDPR)

We process personal data for:

  • Contract performance: create/manage your account; process orders; deliver products; customer support; billing and invoicing (Art. 6(1)(b)).

  • Legal obligations: tax/accounting (including VAT), AML/KYC where applicable, and record keeping (Art. 6(1)(c)).

  • Legitimate interests: site and checkout security; fraud prevention; improving products and user experience; aggregated analytics (Art. 6(1)(f)).

  • Consent: marketing communications; analytics and advertising cookies; audience creation and remarketing where required (Art. 6(1)(a)). You may withdraw consent at any time without affecting prior processing.

4. Cookies & similar tech

We use cookies and similar technologies to operate the Site and measure performance. On first visit we display a consent banner where you can accept/decline non‑essential categories.

  • Strictly necessary: store functionality, session, cart, checkout, security. (Legal basis: legitimate interest/contract.)

  • Analytics (e.g., GA4): traffic and usage measurement. Enabled only with consent.

  • Marketing/ads (e.g., Google/Meta): ad personalisation and remarketing. Enabled only with consent.

You can manage cookies via the banner and browser settings. Blocking essential cookies may break Site functionality.

5. Sharing & recipients

We share personal data only with processors/service providers under appropriate data protection agreements:

  • Shopify (e‑commerce/hosting, anti‑fraud, checkout).

  • Stripe (payment processing).

  • Logistics & carriers (shipping and tracking).

  • Email/transactional & support (order communications and support).

  • Analytics & advertising (consent‑based only, for metrics and campaigns).

  • Public authorities when required by law.

We do not sell personal data.

6. International transfers

Some recipients may be located outside the EEA/UK (e.g., Canada and United States). Where this occurs, we rely on safeguards such as the EU Standard Contractual Clauses (SCCs) and/or adequacy decisions. Copies of relevant safeguards are available upon request via the email above.

7. Data retention

We retain personal data only for as long as necessary for the purposes described or as required by law:

  • Tax/accounting records: up to 10 years (or as required by local law).

  • Account & order history: while the account remains active and for the period necessary to legal obligations/warranty.

  • Cookies/analytics: as per each cookie’s lifespan (or until consent is withdrawn).

  • Support tickets: up to 24 months after closure unless legal retention applies.

After retention, data is securely deleted or anonymised.

8. Your rights (EEA/UK)

You have the following rights under the GDPR:

  • Access to your personal data and information about processing;

  • Rectification of inaccurate or incomplete data;

  • Erasure (right to be forgotten) where applicable;

  • Restriction of processing;

  • Portability of data;

  • Object to processing based on legitimate interests (including direct marketing);

  • Withdraw consent at any time when processing is based on consent;

  • Lodge a complaint with your local Supervisory Authority.

To exercise rights, contact contact.klouze@gmail.com. We may request additional information to verify your identity.

9. Automated decisions & profiling

We do not make decisions solely based on automated processing that produce legal or similarly significant effects. Fraud detection systems (e.g., Shopify/Stripe) may conduct automatic risk analysis; you may request human review via the contact above.

10. Security

We implement appropriate technical and organisational measures (TLS encryption, access control, audit logs, environment segregation) to protect personal data. No system is 100% secure; in case of a relevant incident we will follow applicable notification procedures.

11. Children

The Site is not intended for individuals under 16 (or the minimum age in your country). We do not knowingly collect data from children. If you believe a child has provided data to us, contact us to remove it.

12. Changes to this Policy

We may update this Policy from time to time to reflect legal, technical or operational changes. The current version will always be available on the Site and show the last updated date. For material changes, we may request new consent or provide prominent notice.

Additional information

  • **Prices & taxes:** displayed prices **do not include VAT or import duties**. For EU/UK deliveries shipped from outside your customs area, **VAT and/or duties may be collected by the carrier upon delivery (DAP)**. We currently **do not charge or remit VAT at checkout** (no OSS/IOSS registration). The final amount payable to local authorities is determined by your country of import.

  • Records & audit: we maintain internal logs of relevant access/changes for security and compliance purposes.

How to contact us: questions about this Policy, data subject requests or security issues can be sent to contact.klouze@gmail.com