Privacy policy

1. DEFINITIONS

  • Data Controller / We: Private Entrepreneur Kotliarova Karina Anatoliivna (Tax ID: 3430611468), responsible for processing your personal data.

  • Website / Site: The online store accessible at https://www.kotliarova.com.

  • User / You: Any individual visiting the Website or using its services.

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Processing: Any operation or set of operations performed on personal data.

  • Consent: Freely given, specific, informed, and unambiguous indication of the User's wishes.

2. DATA CONTROLLER AND CONTACT INFORMATION

Data Controller:
Private Entrepreneur Kotliarova Karina Anatoliivna

  • Tax Identification Number (TIN): 3430611468

  • Legal Address: Ukraine, 67641, Odesa region, Troitske village, Dnistrovska Street, 32.

For any inquiries regarding the protection of your personal data, please contact:

  • Unified Contact Email: support@kotliarova.com

  • Contact Phone: +38(097)-472-48-09

We undertake to respond to your inquiry within 30 (thirty) calendar days from the moment of receipt and successful verification of your identity. For California (USA) residents, the response time for CCPA/CPRA requests is 45 (forty-five) days with a possible one-time extension for an additional 45 days upon notification.

3. SCOPE OF APPLICATION AND LEGAL BASIS

This Policy governs data processing when using our Website. We comply with the legislation applicable to your place of residence:

  • GDPR (EU General Data Protection Regulation 2016/679) – for users from the European Union and EEA.

  • UK GDPR and the Data Protection Act 2018 – for users from the United Kingdom.

  • CCPA/CPRA – for consumers from the State of California, USA.

  • PIPEDA – for users from Canada.

  • Law of Ukraine "On Personal Data Protection" – for users from Ukraine.

4. PURPOSES, DATA, AND LEGAL BASES FOR PROCESSING



Purpose of Processing Categories of Processed Data Legal Basis (GDPR)
Conclusion and fulfillment of a sales contract. Order placement, payment, delivery, customer service, returns. Name, surname, email address, phone number, delivery address, full order and transaction history. Art. 6(1)(b) – necessity for the performance of a contract to which you are a party.
Compliance with legal obligations. Tax and accounting records in accordance with Ukrainian law. Data for financial reporting (invoices), payment history. Art. 6(1)(c) – necessity for compliance with a legal obligation to which the Controller is subject.
Legitimate interests of the Controller. Ensuring the Website's cybersecurity, fraud prevention, internal analysis of business processes. IP address, server log data, browsing history, technical cookies. Art. 6(1)(f) – legitimate interests pursued by the Controller. You have the right to object.
Direct marketing to existing customers ("soft opt-in"). Sending commercial offers to customers who have already made purchases. Email address, purchase history. Art. 6(1)(f) – legitimate interests (developing customer relationships). You can opt out at any time.
Your explicit and informed consent. Subscription to newsletters, use of advanced cookies and pixels for analytics and targeted advertising. Email address, data collected via advertising pixels (Meta, TikTok), marketing cookies, interest data. Art. 6(1)(a) – your voluntary consent. You can withdraw it at any time without any consequences.

5. DATA TRANSFERS TO THIRD PARTIES AND PARTNERS

We transfer data only to trusted partners to the minimum extent necessary to achieve the stated purposes.

5.1. E-commerce Platform (Processor)

5.2. Payment Service (Independent Controller)

  • Legal name:  TOV «Hutko».

  • Role: Independent Data Controller for payment information.

  • Important: Your confidential bank card data is entered directly into Hutko's secure payment environment and never reaches our servers.

  • Security Standard: PCI DSS.

  • Legal-Info: https://hutko.org/uk/legal-info

5.3. Marketing, Analytics, and Retargeting
Used only with your explicit consent, given via cookie settings.

  • Meta Platforms, Inc. (Facebook, Instagram)

    • Legal Address (for users outside the US and Canada): Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

    • Tools: Meta Pixel (Facebook/Instagram Pixel), Conversions API.

    • Purposes: Conversion measurement, remarketing, creating lookalike audiences.

    • How to opt out of personalized ads on Meta: https://www.facebook.com/adpreferences

    • Privacy Policy: https://www.facebook.com/privacy/policy/

  • Google LLC

  • TikTok Inc.

    • Legal Address (for users in the EEA, UK, Switzerland): TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

    • Tools: TikTok Pixel, Events API.

    • Purposes: Analyzing actions on the Website, retargeting on the TikTok app.

    • TikTok advertising preference settings: Privacy settings within the TikTok app.

    • Privacy Policy: https://www.tiktok.com/legal/privacy-policy

  • Pinterest, Inc. (Pinterest Ads)

    Microsoft Corporation (Microsoft Advertising)

    • Legal Address (for users in the EU/EEA): Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

    • Legal Address (for other users): Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA.

    • Tools: Microsoft Advertising Universal Event Tracking (UET).

    • Purposes: Measurement of advertising effectiveness, retargeting in the Bing search network and on partner sites.

    • How to opt out of personalized ads in Microsoft: Advertising preferences in your Microsoft account: https://account.microsoft.com/privacy/ad-settings/

    • Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement

  • Stape.io (Processor)

    • Partner: UAB "Stape"

    • Legal Address: Švitrigailos g. 11K-19, Vilnius, Lithuania.

    • Role: Data Processor.

    • Tool: Server-Side Tagging Container.

    • Purpose: Secure and confidential server-to-server routing of data to advertising platforms (Meta, TikTok, Google). This increases tracking accuracy and protects data from browser blockers.

    • Privacy Policy: https://stape.io/privacy-policy

5.4. Logistics and Delivery (Data Processors)

To fulfill the contract of sale (delivery of goods), we transfer the necessary personal data of the Buyer (in particular, full name, phone number, delivery address) to the selected delivery services. Each service acts as an independent data processor in accordance with its own privacy policy.

6. INTERNATIONAL DATA TRANSFERS

Due to the global nature of our partners (Shopify, Meta, Google), your data may be transferred to and stored in countries outside your jurisdiction, including the USA. Such transfers are safeguarded by legal mechanisms:

  • From the EEA/Switzerland: Standard Contractual Clauses (SCCs) of the European Commission.

  • From the United Kingdom: International Data Transfer Agreement (IDTA).

  • Other cases: Execution of contracts ensuring a level of protection comparable to applicable legislation.

7. COOKIES AND AUTOMATED DATA COLLECTION

The Website uses cookies. Necessary cookies (for cart functionality, session) are always active. Analytical and marketing cookies (from Meta, Google, etc.) are activated only after your explicit consent, which you give via a pop-up banner on your first visit.

  • Managing Consent: You can change your settings or withdraw consent at any time by clicking on the link "Manage Cookies" or "Privacy Settings" located in the footer of the Website.

8. DATA RETENTION PERIODS

We retain data no longer than is necessary for the purposes of processing:

  • Account and order data: 3 (three) years from the User's last activity.

  • Financial and tax data: 5 (five) years from the date of the transaction (according to Ukrainian law).

  • Data based on consent: Until you withdraw your consent.

  • Data in analytics/marketing systems (Stape.io, server logs): Up to 90 (ninety) days.

  • Data for security purposes: Up to 2 (two) years for analysis and investigation of incidents.

9. YOUR RIGHTS

You have the following rights regarding your data:

  • Right of access and information.

  • Right to rectification.

  • Right to erasure ("right to be forgotten").

  • Right to restriction of processing.

  • Right to object to processing based on legitimate interests (including direct marketing).

  • Right to data portability (for the EU, UK).

  • Right to withdraw consent at any time (for processing on this basis).

  • Right not to be subject to a decision based solely on automated processing.

How to exercise your rights: To exercise any of these rights, please send a request to our unified email: support@kotliarova.com. We will respond within the timeframes established by law.

10. DATA SECURITY

We implement necessary technical and organizational measures to protect data, including encryption (SSL), regular security assessments, restricted data access for staff, and selection of verified partners.

11. CHANGES TO THE POLICY

We reserve the right to update this Policy. The current version will always be available at: https://www.kotliarova.com/policies/privacy-policy. In case of significant changes, we will post a notice on the Website.

APPENDIX A: NOTICE FOR CALIFORNIA RESIDENTS, USA (CCPA/CPRA)

A.1. Collection and Use of Personal Information Over the Past 12 Months



Category Collected? Sold / Shared? Purpose
Identifiers (name, email, IP address) Yes Yes, Shared Targeted advertising and analytics (via Meta, Google, TikTok with your consent).
Commercial Information (purchase history) Yes Yes, Shared Analytics and remarketing (with your consent).
Internet Usage Data Yes Yes, Shared Analytics and ad personalization (with your consent).
Financial Information (card data) No No Processed exclusively by the payment service Hutko.

A.2. Right to Opt-Out of Sale/Sharing of Data
We do not sell your data for money. However, under CCPA/CPRA, "sale" includes sharing data with advertising partners for targeted advertising. You can opt-out of such "sale"/sharing:

  1. By clicking on the button or link "Do Not Sell or Share My Personal Information" located in the footer of our Website.

  2. By sending a request to the email support@kotliarova.com.

A.3. Right to Non-Discrimination
We will not discriminate against you (e.g., deny services, change prices, or quality of service) for exercising your CCPA/CPRA rights.

A.4. Requests from Minors
We knowingly do not sell or share the personal information of consumers we know to be under 16 years of age without affirmative authorization (consent required by law for minors).

A.5. Global Privacy Control (GPC)
We respect and honor the Global Privacy Control (GPC) signal sent by your browser as a request to opt-out of data "sale".