At krivoza LLC (https://krivoza.com/), we are committed to protecting your privacy and handling your personal data with transparency and care. While our operations are based in the US and we primarily serve US customers, we understand that visitors from the European Union (EU) may access our website. This statement outlines our commitment to complying with the General Data Protection Regulation (GDPR) regarding the collection, use, and protection of your personal data.

1. Data Controller Details 

krivoza LLC acts as the data controller for the personal data you provide to us or that we collect in connection with your use of our website and services.

2. What Personal Data We Collect 

We may collect and process the following types of personal data when you interact with krivoza LLC:

  • Identity Data: Name, title.
  • Contact Data: Billing address, shipping address, email address, telephone numbers.
  • Financial Data: Payment card details (processed securely by third-party payment processors like PayPal and Stripe; we do not store full card numbers on our servers).
  • Transaction Data: Details about products and services you have purchased from us.
  • Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data: Information about how you use our website, products, and services.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

3. How We Collect Your Data 

We collect data from you in the following ways:

  • Direct Interactions: You may provide us with your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you:
    • Create an account on our website.
    • Place an order for our products.
    • Subscribe to our newsletter (if offered).
    • Request marketing to be sent to you.
    • Enter a competition, promotion, or survey (if offered).
    • Give us feedback or contact customer support.
  • Automated Technologies or Interactions: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies and other similar technologies. Please refer to our Cookie Policy (if applicable, or within our Privacy Policy) for more details.
  • Third Parties: We may receive personal data about you from various third parties, such as analytics providers (e.g., Google Analytics) and payment service providers.

4. Legal Basis for Processing Your Personal Data 

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Performance of a Contract: To fulfill orders you place and provide the services you request (e.g., processing payments, shipping products).
  • Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., improving our website, preventing fraud).
  • Consent: In specific situations, we may ask for your explicit consent to process your data for a particular purpose (e.g., sending marketing emails if not related to a purchase). You have the right to withdraw consent at any time.
  • Legal Obligation: Where we need to comply with a legal or regulatory obligation.

5. How We Use Your Personal Data 

We use your personal data to:

  • Process and deliver your orders.
  • Manage your account and our relationship with you.
  • Improve our website, products, and services.
  • Communicate with you about your orders, inquiries, or provide customer support.
  • Send you marketing communications (where you have consented or where there is a legitimate interest).
  • Detect and prevent fraud.

6. Your Data Protection Rights Under GDPR 

If you are located in the EU, you have the following rights concerning your personal data:

  • The Right to Be Informed: To receive clear, transparent, and easily understandable information about how we use your personal data.
  • The Right of Access: To request a copy of the personal data we hold about you.
  • The Right to Rectification: To request that inaccurate or incomplete personal data about you be corrected.
  • The Right to Erasure ("Right to Be Forgotten"): To request the deletion or removal of your personal data where there is no compelling reason for its continued processing.
  • The Right to Restrict Processing: To request the suspension of the processing of your personal data in certain circumstances (e.g., if you contest its accuracy).
  • The Right to Data Portability: To request your personal data in a structured, commonly used, machine-readable format to transmit to another data controller.
  • The Right to Object: To object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.
  • Rights in Relation to Automated Decision Making and Profiling: To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of these rights, please contact us at support@krivoza.com. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

7. Data Security 

We have implemented appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

8. Data Retention 

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

9. Third-Party Processors 

We share your data with trusted third-party service providers who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. These include:

  • Payment Processors: PayPal, Stripe (for secure transaction processing)
  • Shipping Carriers: (to facilitate product delivery)
  • Analytics Providers: (e.g., Google Analytics, to understand website usage)

We ensure all third-party service providers processing personal data on our behalf are GDPR compliant and have robust data protection measures in place.

10. International Data Transfers 

As krivoza LLC is based in the United States, your personal data will primarily be processed and stored in the US. The US is not recognized as providing an adequate level of protection by the European Commission. However, we ensure that any transfers of personal data from the EU to the US are subject to appropriate safeguards, such as standard contractual clauses approved by the European Commission or other mechanisms required by GDPR, where applicable. We also ensure that our third-party service providers maintain similar safeguards.

11. Supervisory Authority 

If you are an EU resident and have a complaint about our data practices, you have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

12. Changes to This GDPR Compliance Statement 

We may update this statement from time to time. We will post any changes on this page with an updated revision date. We encourage you to review this statement periodically to stay informed about how we are protecting your information.

This GDPR Compliance Statement was last updated on.