Privacy Policy

At Hello Kellyco (collectively, “us,” “we” and “our”), we are committed to protecting the privacy and security of your personal information. By using or accessing any of the Hello Kellyco's Websites (the "Websites") or by using any of Hello Kellyco's materials or services (the “Services”) in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and consent to the fact that we may collect, use, and share your information in any ways outlined in this Policy.

This Privacy Policy describes how we collect, use and disclose your personal information and the types of personal information that we may hold about you. It also explains how we protect your personal information, the choices you have regarding such use and disclosure, and how you can access and correct your personal information.

This Privacy Policy covers our treatment of personally identifiable information (“Personal Data”) that we may gather when you are accessing or using the Websites or the Services, but not the practices of companies we don’t own or control, or people that we don’t manage. For the purposes of this Privacy Policy, Personal Data means any information relating to an identified or identifiable natural person. This includes information such as your name, email address, IP address, and any other data that can be used to directly or indirectly identify you, as defined under Article 4(1) of the General Data Protection Regulation (GDPR). We gather various types of Personal Data from our users and we use this Personal Data internally as explained in more detail below. In certain cases, we may also share some Personal Data with third parties, but only as described below.

You may opt out of any disclosure or use of your Personal Data for purposes for which you originally consented by notifying us by one of the methods at the end of this Privacy Policy. You can unsubscribe from our newsletter by clicking the "Unsubscribe" link in any of our marketing messages.

We will undertake reasonable efforts to notify third parties with whom we have shared your personal information as permitted under this Privacy Policy of your election to opt out. If you do not opt out, we may continue to collect, use, and disclose your personal information as set forth in this Privacy Policy and our Terms of Use. There are some uses from which you cannot opt out, such as to provide Services that you have requested from us.

We reserve the right, at our discretion, to amend this Privacy Policy at any time without prior individual notice. The date on which this Privacy Policy was last amended is shown at the top of this policy. You are responsible for verifying whether any amendments have been made and therefore we ask that you periodically check the date and review this Privacy Policy for the latest information on our privacy practices. If you object to any amendments, please stop using the Websites and Services.

We collect personal information about you when you interact with us. The types of information we may ask for depends on the nature of your interaction with us. This information may include:

• Communication information. We may collect the information you provide us when you communicate with us for support, give us feedback, or otherwise interact with us.
• Device information. We may collect information about your browser and device such as your Internet Protocol (IP) address, browser type, browser version, operating system type, unique device identifier or other diagnostic data and log information.
• Analytics information. We may collect information about your usage of our Websites using tracking snippets (eg. Google Analytics). These tools provide aggregate insights, including information about which pages were viewed, and for how long. These snippets operate using cookies and other locally-stored technologies.
• Preferences information. Using cookies or local storage, we track certain preferences, such as whether or not “Dark mode” is enabled. You can erase this data by clearing site data through your browser developer tools.

For more detailed information on the cookies and technologies we use, please see our Cookie Policy.

Our Websites and Services may contain links to other websites that are not operated by us. If you click on a link to a third-party website or service, such third party may also collect your Personal Data. This Privacy Policy does not cover the use of Personal Data by any third parties and we aren’t responsible for their privacy policies and practices. We strongly advise you to review the Privacy Policy of every website you visit.

We use your personal information for the following purposes:

• To operate, secure, and maintain our Websites. We use server and application logs to ensure the security of our site, prevent fraud, track technical issues, and confirm successful operations. Our legitimate interest in maintaining a secure and functional service is balanced against your rights through appropriate safeguards such as limited retention and access controls. Legal basis: Legitimate interests - Art. 6(1)(f) GDPR.
• To respond to your inquiries. When you contact us via a form or email, we process your contact details and message to respond. This is in our legitimate interest to manage incoming requests and build relationships, and is necessary for us to provide you with the information or assistance you requested. Legal basis: Legitimate interests - Art. 6(1)(f) GDPR.
• To send you our newsletter. If you sign up to our newsletter, we use your email address to send you updates, news, and, where relevant, marketing content - including promotions for our shop hosted on a separate platform. You can withdraw your consent at any time by using the unsubscribe link in any newsletter or by contacting us. We will not send you marketing emails without your prior consent unless permitted under applicable national “soft opt-in” rules. Legal basis: Consent - Art. 6(1)(a) GDPR and ePrivacy Directive Art. 13(1).
• To collect statistics and improve our service. If you consent, we use analytics cookies or similar technologies to understand how visitors use our Websites and to improve content and features. Legal basis: Consent - Art. 6(1)(a) GDPR (unless fully anonymized).
• If our business changes ownership. If we are involved in a sale, merger, or other reorganisation, we may need to share Personal Data with potential or actual buyers and their advisers, limited to what is necessary for the transaction. We will inform affected individuals where legally required and ensure appropriate safeguards are in place. Legal basis: Legitimate interests - Art. 6(1)(f) GDPR

We neither rent nor sell your Personal Data in personally identifiable form to anyone. However, we may share your Personal Data with third parties as described in this section. For the purposes set out in the section above, we may disclose your personal information to:

• Our employees, agents, and subsidiaries.
• Third-party service providers to process or handle personal information on our behalf.
• Government agencies and law enforcement or regulatory authorities when required by law.
• Our insurers and external legal advisors.

We may anonymize your Personal Data so that you are not individually identifiable and provide that information to our partners to understand how often and in what ways people use our Websites and our Services.

We employ reasonable technical, administrative, and physical safeguards and security measures to protect your Personal Data from unauthorized access, use, disclosure, copying, loss, misuse, alteration, modification or destruction.

Although we endeavor to protect the privacy of your Personal Data we hold in our records, unfortunately we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time. In particular, you acknowledge that Hello Kellyco is not responsible for any loss of any information which you receive for access to our Services which results from your failure to keep that information secure.

We may transfer personal information that we collect about you outside of the European Union and European Economic Area (EEA), including the United States, for the purposes set out above and in the Privacy Policy, including for processing by our third-party service providers in connection with those purposes. When we transfer your data outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or adequacy decisions where applicable. Our third-party service providers may perform processing activities outside of these areas as well. We use external hosting providers (e.g. Cloudflare) to securely host and deliver our Websites. This is done to fulfill our contractual obligations (Art. 6(1)(b) GDPR) and based on our legitimate interest in offering a reliable, secure, and efficient service (Art. 6(1)(f) GDPR).

We and our third-party service providers may be required to disclose your Personal Data to the courts, government authorities, law enforcement or regulatory authorities of the country where Personal Data is being stored in response to a valid demand or request in accordance with applicable laws.

We require all our third-party service providers to implement and maintain technical and organizational measures to protect your Personal Data.

We will retain your Personal Data only for as long as necessary to accomplish the identified purpose for which it was collected, or as required by law to resolve disputes and enforce our legal agreements and policies. When your Personal Data is no longer needed, or once we are no longer required to retain it, we will erase it.

You can always opt not to disclose information to us, but keep in mind some information may be needed to take advantage of certain features. Under the GDPR, you have the following rights regarding your personal data:

• Right of access. You can request confirmation of whether we process your Personal Data and obtain a copy of that data. To process your request, we may ask you to provide us with information to verify your identity and confirm the scope of your request. Subject to legal restrictions or specific rights of refusal, we will inform you of the existence, use and disclosure of Personal Data relating to you and give you access to that information.
• Right to rectification. If you identify any personal information that is out-of-date, incorrect or incomplete, let us know. If we agree, we will make the corrections and make reasonable efforts to communicate these changes to third parties with whom we shared the information.
• Right to erasure. You may request that we delete your Personal Data, subject to certain legal exceptions.
• Right to restrict processing. You may ask us to limit or stop processing your Personal Data in certain circumstances.
• Right to data portability. Where applicable, you may request a copy of your data in a structured, commonly used, and machine-readable format, and you may have the right to transmit that data to another controller.
• Right to object. You may object to our processing of your data when such processing is based on our legitimate interests or involves direct marketing.
• Right to withdraw consent. Where you have provided consent to processing, you may withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

You can exercise these rights by contacting us using the methods listed at the bottom of this document.

There may be limits on your right to access your information, for example, if the information is subject to legal privilege, contains confidential commercial information, relates to an investigation of a breach of an agreement or law, or contains information of other individuals that cannot be separated.

If you provide us with an email address, you expressly consent to receive marketing communications from Hello Kellyco about your use of the Websites and our Services. At any time, you can opt-out from marketing communications by using the opt-out link featured at the bottom of all of our marketing communications and following the unsubscribe instructions.

We do not knowingly collect or solicit Personal Data from anyone under the age of thirteen (13) years old. If you are under thirteen, please do not attempt to send any Personal Data to us.

If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected personal information from children, we will take reasonable steps to locate and remove that information from our servers and records.

We’re constantly trying to improve our Websites and Services, so we may need to change this Privacy Policy from time to time. We ask that you periodically check the date and review this Privacy Policy for the latest information on our privacy practices. If we update our Policy, we will post the most recent version on our Websites.

If you have any questions, concerns, or requests regarding our handling of your personal data, please contact:

• Website operated by: Raquel Ferreira, Hello Kellyco
• Location: Coimbra, Portugal
• Email: legal@hellokellyco.com

If you make a request to exercise your rights under the GDPR, we may need to ask for additional personal data to verify your identity. We will only request the minimum information necessary for this purpose.

If you are based in Portugal, you have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD) at www.cnpd.pt. If you are located in another EU/EEA country, you can also lodge a complaint with your local supervisory authority.