Privacy policy

This Privacy Policy describes how kaitraces.com (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

Collecting Personal Information

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.

Device information

• Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
• Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
• Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
• Disclosure for a business purpose: shared with our processor Shopify and CRM Klaviyo

Order information

• Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number.
• Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
• Source of collection: collected from you.
• Disclosure for a business purpose: shared with our processor Shopify, payment gateway Stripe, Paypal, If then Pay and shipping gateway Shiptimize

Customer support information

• Purpose of collection: to provide customer support.
• Source of collection: collected from you.

 

Processors

As part of the processing of User Data, KAI uses or may have recourse to third parties, subcontracted by it, for, on behalf of KAI, and in accordance with the instructions given by KAI, in accordance with the law and this Privacy Policy.

These Processors may not transmit the User Data to other entities without KAI have given prior written authorization to do so, and are also prevented from contracting other entities without KAI prior authorization.

KAI undertakes to only subcontract to entities that offer the maximum security in the implementation of the appropriate technical and organizational measures, in order to guarantee the defense of the User’s rights. All entities sub-contracted by KAI shall be bound by KAI by the means of a written agreement which covers: the object and duration of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects and the rights and obligations of the parties.

DATA COLLECTION CHANNELS

KAI may collect data directly (i.e., directly from the User) or indirectly (i.e. via partner entities or third parties). Such collection may be done through the following channels:

Direct collection: in person, by telephone, via e-mail and through the site;
Indirect collection: through partners or group companies and official entities.


GENERAL PRINCIPLES RELATING TO PROCESSING OF USER DATA
In terms of the principles relating to processing of personal data, KAI undertakes to ensure that the User Data processed are:

Subject to a lawfully, fairly and in a transparent manner in relation to the User;
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.


Data processing carried out by KAI is lawful only if and to the extent that at least one of following applies:

The User has given consent to the processing of his or her personal data for one or more specific purposes;
The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
The processing is necessary for compliance with a legal obligation to which KAI is subject;
The processing is necessary in order to protect the vital interests of the User or of another natural person;
The processing is necessary for the purposes of the legitimate interests pursued by KAI or by a third party (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data).
KAI undertakes to ensure that User Data is only processed under the conditions cited above and respecting the principles mentioned above.

When processing of the User Data is performed by KAI based on the User’s consent, the User has the right to withdraw his/her consent at any time. Such withdrawal of the consent, does not compromise the lawfulness of processing carried out by KAI, based on the consent previously given by the User.

The period of time, which the data is filed and stored, varies according to the purpose for which the information is being processed.

Effectively, there are legal requirements that require the data to be preserved for a minimum period of time. Thus, and where there is no specific legal obligation, the data will be stored and kept only for the minimum period necessary for the purposes that lead to their collection or subsequent processing, which at the end of the period will be deleted.

USE AND PURPOSES OF USER DATA PROCESSING

In general terms, KAI uses the User Data for the following purposes:

Marketing the products and providing KAI services.
Inform the User of new products and services, through any means of communication, being a legitimate interest of KAI to do so, without prejudice to the right of the data subject to object this processing at any time;
Allow access to restricted areas of the Site, in accordance with previously established terms;
Ensuring that the site meets the User’s needs by developing and publishing content that is best adapted to the requests made and the type of User, improving the search capabilities and functionalities of the site and obtaining associated or statistical information regarding to the user’s profile (analysis of consumption profiles);
Provision of Services, and other services, such as newsletters, opinion surveys, or other information or products requested or consented to by the User;


In addition, KAI may also contact representatives of business customers for the presentation of KAI products and services, and KAI will have a legitimate interest in doing so, without prejudice to the right of the data subject to object to this processing at any time.

The User Data collected by KAI is not shared with third parties without the User’s consent, except in the situations mentioned in the following paragraph. However, in the event of the User contracting services with KAI that are provided by other entities responsible for the processing of personal data, User Data may be consulted or accessed by such entities, to the extent that it is necessary for the provision of such services.

KAI, in the applicable legal terms, may transmit or communicate the User Data to other entities in the event of such transmission or communication are necessary for the implementation of the contract established between the User and KAI or in order to take steps to entering into a contract procedures at the request of the User, if necessary for the fulfilment of a legal obligation to which KAI is subject or, if it is necessary, to obtain them in the legitimate interests of KAI or of a third party.


TECHNICAL, ORGANIZATIONAL AND SECURITY MEASURES IMPLEMENTED

In order to guarantee the security of the User Data and the maximum confidentiality, KAI processes the information provided in an absolutely confidential manner, in accordance with our internal security and confidentiality policies and procedures, which are updated periodically as required, as well as the terms and conditions legally set out.

Bases in the nature, scope, context and purpose of data processing, as well as the risks arising from the processing of the rights and freedoms of the User, KAI undertakes to apply, when defining the method and timing of handling the data, the appropriate technical and organizational measures necessary for the protection of User Data and compliance with legal requirements.

It also undertakes to ensure that, by default, only data that are necessary for each specific purpose are processed and that such data are not made available without human intervention to an indeterminate number of people.

KAI adopts the following general security measures:

Regular audits to identify the effectiveness of the technical and organizational measures implemented;
Awareness and training of personnel involved in data processing operations;
The pseudonymisation and encryption of personal data;
Mechanisms capable of ensuring the to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
Mechanisms capable to ensure the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.



TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES (OUTSIDE THE EUROPEAN UNION)

Personal data collected and used by KAI are not made available to third parties established outside the European Union. If, in the future, such a transfer takes place for the reasons mentioned above, KAI undertakes to ensure that the transfer complies with the applicable legal provisions, regarding the country’s adequacy decision with respect to data protection and the requirements applicable to such transfers

Your rights

GDPR

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.

Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

Cookies

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

We use the following cookies to optimize your experience on our Site and to provide our services.

Cookies Necessary for the Functioning of the Store

Name	Function
_ab	Used in connection with access to admin.
_secure_session_id	Used in connection with navigation through a storefront.
cart	Used in connection with shopping cart.
cart_sig	Used in connection with checkout.
cart_ts	Used in connection with checkout.
checkout_token	Used in connection with checkout.
secret	Used in connection with checkout.
secure_customer_sig	Used in connection with customer login.
storefront_digest	Used in connection with customer login.
_shopify_u	Used to facilitate updating customer account information.

Reporting and Analytics

Name	Function
_tracking_consent	Tracking preferences.
_landing_page	Track landing pages
_orig_referrer	Track landing pages
_s	Shopify analytics.
_shopify_s	Shopify analytics.
_shopify_sa_p	Shopify analytics relating to marketing & referrals.
_shopify_sa_t	Shopify analytics relating to marketing & referrals.
_shopify_y	Shopify analytics.
_y	Shopify analytics.

[INSERT OTHER COOKIES OR TRACKING TECHNOLOGIES THAT YOU USE]

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.

Do Not Track

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

 

Final Part

D.1. CHANGES TO PRIVACY POLICY

KAI reserves the right to make changes to this Privacy Policy at any time. In the case of adjustment to the Privacy Policy, the date of the most recent change will be available at the top of this page. If the change is substantial, a notice will be placed on the website.

 

D.2. APPLICABLE LAW AND LEGAL JURISDICTION

The Privacy Policy, as well as the collection, processing or transmission of User Data are all governed by the provisions of EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, and by the laws and regulations applicable in Portugal.

Any litigation arising from the validity, interpretation or implementation of the Privacy Policy, or related to the collection, processing or transmission of User Data, must be submitted exclusively to the jurisdiction of the courts of Oporto, without prejudice to mandatory legal rules.

Contact

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at kai@kaitraces.com or by mail using the details provided below:

1. Padarias 83, Alcabideche, 2755-062 Lisboa, Portugal