Privacy Policy - KI Xocolatl

1. Introduction

At Ki-Xocolatl, we are committed to respecting and safeguarding the privacy and personal data of our users. This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you visit or interact with our website (ki-xocolatl.com). We are dedicated to maintaining the highest standards of data protection in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and applicable international privacy laws. Your trust is important to us, and we strive to process your data transparently and responsibly.

2. Scope of Policy and Data Controller Role

This Policy applies to all users of ki-xocolatl.com and encompasses all data collected through our website, services, or direct communication. Ki-Xocolatl acts as the Data Controller in relation to the personal data processed and is responsible for determining the purposes and means of processing your data.

If you have questions regarding this Policy or our practices, you may contact us at [email protected].

3. Categories of Data Processed

We may collect and process the following categories of personal data:

a. Usage Data
Information about your interactions with our website, such as IP address, browser type, operating system, referring URLs, pages visited, session duration, and unique device identifiers.

b. Account Data
Information provided during account creation or registration, including name, billing/shipping addresses, email address, and phone number.

c. Profile Data
Information inferred or collected about your preferences, purchase history, product interactions, and browsing behavior.

d. Communication Data
Information you provide when you contact our support team or engage with us via email, chat, or web forms, including contents of communication and response records.

e. Technical Data
Device information such as hardware model, operating system version, browser plug-ins, screen resolution, unique device identifiers, language settings, and system configurations.

f. Transaction Data
Details of orders and payments, including billing address, transaction identifiers, payment method, shipping information, and fulfillment data.

g. Preference Data
Consents, preferences, and interests that you share related to receiving marketing communications, product preferences, and notification settings.

4. Legal Bases for Processing

We process your personal data based on the following lawful bases:

– Consent: Where you have explicitly provided consent for specific processing purposes (e.g., marketing communications).
– Contractual Necessity: Where processing is required to perform a contract with you, such as order fulfillment.
– Legitimate Interests: Where necessary to pursue our legitimate business interests, provided those interests are not overridden by your rights and freedoms.
– Legal Obligation: Where processing is necessary to meet regulatory or statutory compliance obligations.

5. Your Rights

Under applicable data protection laws, you have the following rights with respect to your personal data:

– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: You have the right to request that we rectify inaccurate or incomplete data.
– Right to Erasure: You may request the deletion of your personal data, subject to certain legal restrictions.
– Right to Restriction: You may request limitations on how we process your personal data in specific circumstances.
– Right to Data Portability: You may request a copy of your data in a structured, machine-readable format to transfer to another controller.

To exercise any of the above rights, please contact us at [email protected]. We will honor your request in accordance with applicable legal obligations and regulations.

6. Security Measures

We implement a range of appropriate technical and organizational measures to protect your personal data against unauthorized access, unlawful processing, loss, or destruction. These measures include:

– Data encryption at rest and in transit via secure protocols
– Restricted access to personal data based on role and necessity
– Periodic security audits and system monitoring
– Secure payment processing technologies and tokenization
– Regular staff training in information security and privacy practices
– Routine data backups and business continuity protocols

7. International Transfers

Your personal data may be transferred, stored, and processed outside your jurisdiction, including to countries not deemed to have equivalent data protection laws, such as the United States. In such cases, we implement Standard Contractual Clauses and other appropriate safeguards to ensure your data continues to receive a level of protection consistent with GDPR and other data transfer regulations.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including the following general timeframes:

– Account and Profile Data: Retained while your account remains active and for up to 3 years thereafter.
– Transaction Data: Retained for up to 7 years to comply with accounting and taxation requirements.
– Communication Data: Retained for 2 years to support customer service history.
– Technical and Usage Data: Retained for 12–18 months for analytics and performance optimization.
– Preference Data: Retained until you update your settings or withdraw consent.

Once data is no longer required, it is securely deleted or anonymized.

9. Cookie Policy

Our website uses cookies to enhance your experience, analyze traffic, and serve relevant content. We use the following categories:

– Essential Cookies: Required for basic functionality and secure website access.
– Functional Cookies: Enable enhanced features such as remembering your preferences and log-in status.
– Performance Cookies: Collect anonymized data on website usage and performance metrics.
– Analytics Cookies: Help us understand how users interact with the website and improve usability.

Third parties such as Google Analytics may also place cookies on your device for statistical and marketing purposes.

10. Cookie Management and Compliance

You have full control over your cookie preferences. Upon your first visit to ki-xocolatl.com, you will be prompted with a cookie consent banner. You may accept all cookies, reject non-essential cookies, or customize your settings.

To manage cookies at any time, you can adjust your browser settings or revisit our cookie banner preferences. We ensure our cookie management solutions are aligned with GDPR and CCPA standards and honor Do Not Track (DNT) signals where supported.

11. Special Protections for Children

Our website is not intended for or directed toward individuals under the age of 13. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected] so we can take appropriate action.

12. Policy Updates and User Notifications

We reserve the right to amend this Privacy Policy at any time in response to evolving legal, regulatory, or operational requirements. Changes will be posted on this page, and, where appropriate, notified via email or website banners.

We encourage users to periodically review this page to stay informed of how we protect your privacy.

13. Contact Information

If you have questions, concerns, or would like to exercise your privacy rights, please contact us at:

Email: [email protected]
Website: https://ki-xocolatl.com

We are committed to ensuring full compliance with applicable privacy obligations and safeguarding your personal information. Your privacy matters to Ki-Xocolatl.