1. Purpose of this Policy
This Privacy & Cookie Policy explains how Kaya Ceramics AB (“Kaya Ceramics”, “we”, “our”, “us”) collects, uses, stores and protects your personal data when you visit our website, make a purchase, or otherwise interact with us.
We respect your privacy and handle all personal data in accordance with the General Data Protection Regulation (EU 2016/679) (“GDPR”) and applicable Swedish data-protection laws.
2. Who We Are (Data Controller)
Kaya Ceramics AB is the data controller responsible for processing your personal data.
If you have any questions, contact our privacy representative at:
📧 contact@kayaceramics.com
📬 Kaya Ceramics AB, Sparbanksvägen 4, 129 32 Hägersten
3. What Data We Collect
We collect the following categories of data depending on your interactions:
a) Data you provide directly
- Contact details: name, address, phone number, email
- Order details: purchased items, delivery address, payment information (last 4 digits of card only), billing details
- Account data: username, password, preferences
- Messages: emails or messages sent via contact forms or customer support
- Reviews or testimonials you submit voluntarily
b) Data collected automatically
- Device and browser data: IP address, operating system, browser type, time zone
- Usage data: pages visited, duration, clicks, referring URLs
- Cookies & similar technologies: see Section 10
c) Data from third parties
- Payment processors (e.g., Stripe, PayPal, Klarna) may share confirmation of payment status
- Analytics and advertising partners (e.g., Google, Meta, Pinterest) provide aggregated usage and campaign insights
- Delivery partners provide tracking and delivery updates
4. Purposes & Legal Bases for Processing
We process your data only when we have a lawful basis under GDPR.
| Purpose | Examples of Use | Legal Basis |
|---|---|---|
| Order fulfilment & customer support | Process and deliver orders, send confirmations, handle returns | Performance of contract (Art. 6(1)(b)) |
| Customer account management | Manage login, saved addresses, order history | Performance of contract |
| Payments & fraud prevention | Verify transactions, detect misuse | Legal obligation & legitimate interest |
| Marketing & newsletters | Send product updates, offers (only with consent) | Consent (Art. 6(1)(a)) |
| Analytics & website optimisation | Analyse behaviour, improve navigation, detect bugs | Legitimate interest (Art. 6(1)(f)) |
| Legal & accounting obligations | Tax records, bookkeeping | Legal obligation (Art. 6(1)(c)) |
| Social media & advertising | Display relevant ads on Facebook, Instagram, etc. | Consent (cookies/marketing) |
5. How Long We Keep Your Data
We keep personal data only as long as necessary for the purpose it was collected, or as required by law:
- Order & invoicing data: 7 years (for accounting purposes under Swedish law)
- Customer accounts: until deletion or 24 months after inactivity
- Newsletter data: until you unsubscribe
- Cookies: see retention in Section 10
- Support messages: up to 24 months after resolution
After these periods, data is securely deleted or anonymised.
6. Sharing Your Data
We share data only with trusted third parties necessary to provide our services. These include:
- Payment processors: Stripe, Klarna, PayPal (to process payments securely)
- Shipping partners: e.g., PostNord, DHL, Bring (for delivery fulfilment)
- IT and hosting providers: e.g., WordPress/WooCommerce, SiteGround, or equivalent
- Email and marketing services: e.g., Mailchimp, Meta, Google Ads
- Analytics providers: Google Analytics, Meta Pixel
Each third party processes data only on our instructions and under a written Data Processing Agreement (DPA) in compliance with GDPR.
We never sell your personal data.
7. International Transfers
Some partners (e.g., Google, Meta) may process data outside the EU/EEA.
When this happens, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission or transfer to countries deemed to provide an adequate level of protection.
8. Your Rights (GDPR Articles 12–23)
You have the following rights regarding your personal data:
- Right of access – to request a copy of your data
- Right to rectification – to correct inaccurate or incomplete data
- Right to erasure (“right to be forgotten”) – to delete your data in certain cases
- Right to restriction of processing – to limit how we use your data
- Right to data portability – to receive your data in a structured format
- Right to object – to processing based on legitimate interests or for marketing
- Right to withdraw consent – at any time, if processing is based on consent
- Right to lodge a complaint – with a supervisory authority
For Sweden, you can contact:
Integritetsskyddsmyndigheten (IMY)
Box 8114, 104 20 Stockholm
www.imy.se
To exercise any right, email us at support@kayaceramics.com.
9. Data Security
We implement technical and organisational measures to protect your data against loss, misuse, unauthorised access or disclosure, including:
- Encrypted HTTPS connections (SSL/TLS)
- Restricted internal access and password controls
- Secure, GDPR-compliant hosting
- Regular updates and vulnerability monitoring
However, no system is completely secure; you share data at your own risk where required by law.
10. Cookies & Similar Technologies
a) What are cookies?
Cookies are small text files stored on your device when you visit our website. They help us make the site work properly, remember preferences, analyse usage, and show relevant ads.
b) Types of cookies we use
| Category | Purpose | Examples | Retention |
|---|---|---|---|
| Essential | Required for core functionality (cart, checkout, login). | WooCommerce session cookies | Session only |
| Performance / Analytics | Understand site usage and improve user experience. | Google Analytics, Meta Pixel | 1–24 months |
| Marketing / Advertising | Personalise ads and measure campaign performance. | Meta, Google Ads, Pinterest Tag | Up to 12 months |
| Functional | Remember choices like language or region. | User preferences | 6–12 months |
c) Managing cookies
When you visit our website, a cookie banner allows you to accept or reject optional cookies.
You can also adjust your preferences anytime via the banner or browser settings.
- Rejecting cookies may limit website functionality.
- For more info, see YourOnlineChoices.eu (EU opt-out options).
d) Third-party cookies
Third-party cookies (e.g., Google, Meta) are used for analytics and advertising. These providers act as joint controllers in certain cases under GDPR Article 26. You can review their own privacy policies for more information.
11. Email Marketing & Newsletters
We send newsletters and marketing emails only if you explicitly consent or if you are an existing customer under soft opt-in rules.
You can unsubscribe anytime via the link in the footer of each email or by contacting us.
12. Social Media
We maintain pages on social platforms (e.g., Instagram, Facebook, Pinterest).
When you interact with those pages, both Kaya Ceramics and the platform may be joint controllers for processing personal data. The platform’s own privacy policy applies in addition to ours.
13. Children’s Privacy
Our website and products are intended for adults. We do not knowingly collect data from children under 16. If you believe a child has provided us data, please contact us for deletion.
14. Legal Obligations & Enforcement
We may process or disclose data where required to comply with applicable laws, governmental requests, or enforce our Terms & Conditions, or protect our rights, safety, and property.
15. Updates to This Policy
We may update this Policy from time to time to reflect changes in law, technology, or our operations.
The latest version will always be available on our website and marked with a revised “Last updated” date.
Significant changes will be communicated by email or a site notice.
16. Contact Us
If you have any questions or wish to exercise your rights, contact:
Kaya Ceramics AB
📬 Sparbanksvägen 4, 129 32 Hägersten
📧 contact@kayaceramics.com
🌐 https://kayaceramics.com