"Enjoy free shipping on orders of $30 or more!"

Where Beauty Meets Fitness

Your cart

Your cart is empty

Continue shopping

Privacy Policy

  • Privacy Policy
    We respect your privacy and are committed to protecting it by adhering to this privacy policy (“Policy”). This Policy describes the types of information we may collect from you or that you may provide (“Personal Information”) on the k-arole.com Website (“Website”), the “k-arole IE” mobile application (“Mobile Application”), and all associated products and services (collectively, the "Services"), as well as our practices of collecting, using, maintaining, protecting, and disclosing this Personal Information. It also outlines the choices available to you regarding our use of your personal information and how you can access and update it.

    This Policy constitutes a legally binding agreement (“Agreement”) between you (“User,” "you," or "your") and "K-AROLE IE," "we," "us," or "our"). If you are entering into this Agreement on behalf of a company or another legal entity, you declare that you have the authority to bind this entity to this Agreement, in which case the terms "User," "you," or "your" refer to this entity. If you do not have such authority or do not agree with the terms of this Agreement, you must not accept this Agreement, and you cannot access or use the Services. By accessing and using the Services, you acknowledge that you have read, understood, and agreed to be bound by the terms of this policy. This policy does not apply to the practices of companies we do not own or control, or to individuals we do not employ or manage.

    Table of Contents
    - Automatic Information Collection
    - Collection of Personal Information
    - Children's Privacy
    - Use and Processing of Collected Information
    - Payment Processing
    - Information Management
    - Information Retention
    - Information Transfer
    - Data Protection Rights under GDPR
    - California Privacy Rights
    - How to Exercise Your Rights
    - Cookies
    - Data Analytics
    - Advertisements
    - Social Media Features
    - Email Marketing
    - Push Notifications
    - Links to Other Resources
    - Information Security
    - Data Breach
    - Modifications and Amendments
    - Acceptance of this Policy
    - Contact Us

    Automatic Information Collection
    When you open the Website or use the mobile application, our servers automatically record information sent by your browser or device. This data may include information such as your IP address and device location, browser and device name and version, operating system type and version, language preferences, the web page you visited before accessing the Services, the pages of the Services you visit, the time spent on these pages, the information you search for on the Services, access times and dates, and other statistics.

    The information collected automatically is used solely to identify potential abuse cases and establish statistical information about the usage and traffic of the Services. These statistical insights are not otherwise aggregated in a way that would identify a specific user of the system.

    Collection of Personal Information
    You can access and use the Services without telling us who you are or revealing any information by which someone could identify you as a specific and identifiable individual. However, if you wish to use certain features offered on the Services, you may be asked to provide certain Personal Information (e.g., your name and email address).

    We receive and store all information you knowingly provide to us when you create an account, make a purchase, or fill out forms on the Services. If necessary, this information may include the following:
    Contact information (such as e-mail address, telephone number, etc.)
    Basic personal information (such as name, country of residence, etc.)
    Payment information (such as credit card details, bank account details, etc.)
    Device geolocation data (such as latitude and longitude)
    Any other material you voluntarily submit to us (such as articles, images, comments, etc.)

You have the option not to provide us with your personal information, but you may not be able to take advantage of certain features of the Services. Users who are unsure about mandatory information are encouraged to contact us.

Children's Privacy
We do not knowingly collect any personal information from children under the age of 18. If you are under 18 years old, please do not submit personal information through the services. If you have reason to believe that a child under the age of 18 has provided us with personal information through the services, please contact us to request the removal of that child's personal information from our services.

We encourage parents and legal guardians to monitor their children's use of the internet and contribute to the enforcement of this policy by instructing their children never to provide personal information through the services without their permission. We also ask all parents and legal guardians who supervise children's activities to take necessary precautions to ensure that their children receive instructions not to disclose personal information when online without their permission.

Use and Processing of Collected Information
We act as both a data controller and a data processor under GDPR terms when processing personal information unless we have entered into a data processing agreement with you, in which case you would be the data controller, and we would be the data processor.

Our role may also differ depending on the specific situation involving personal information. We act as a data controller when we ask you to submit your personal information that is necessary to ensure your access and use of the services. In such cases, we are a data controller as we determine the purposes and means of processing personal information and comply with data controllers' obligations as outlined in the GDPR.

We act as a data processor in situations where you submit personal information through the services. We do not own, control, or make decisions regarding the submitted personal information, and such personal information is processed only in accordance with your instructions. In such cases, the user providing personal information acts as a data controller under the GDPR.

In order to provide the Services to you or to comply with legal obligations, we may collect and use certain Personal Information. If you do not provide the requested information, we may not be able to provide the requested products or services. All information collected from you can be used for the following purposes:

- Creating and managing user accounts
- Executing and managing orders
- Providing products or services
- Improving products and services
- Sending marketing and promotional communications
- Sending updates on products and services
- Responding to inquiries and providing assistance
- Requesting user feedback
- Improving the user experience
- Publishing customer testimonials
- Targeted advertising
- Managing contests and competitions
- Operating and managing the Services

The processing of your personal information depends on how you interact with the Services, your location in the world, and whether any of the following conditions apply: (i) you have given consent for one or more specific purposes, however, this does not apply whenever the processing of personal information is subject to the California Consumer Privacy Act or European data protection law; (ii) the provision of information is necessary for the performance of a contract with you and/or for any pre-contractual obligations thereof; (iii) processing is necessary to fulfill a legal obligation to which you are subject; (iv) processing is related to a task carried out in the public interest or in the exercise of official authority vested in us; (v) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. We may also combine or aggregate certain of your personal information in order to better serve you and to improve and update our services.We rely on the user's consent and compliance with the law and legal obligations as legal bases, as defined in the GDPR, upon which we collect and process your personal information.

Please note that under certain legislations, we may be allowed to process information until you object by unsubscribing, without relying on consent or any other legal basis mentioned above. In all cases, we are happy to clarify the specific legal basis that applies to the processing, especially if the provision of personal information is a legal or contractual requirement, or a requirement necessary to enter into a contract.

Payment Processing

In the case of services requiring payment, you may need to provide credit card details or other payment account information, which will be used solely for payment processing. We utilize third-party payment processors ("payment processors") to securely process your payment information.

The payment processors adhere to the latest security standards managed by the PCI Security Standards Council, which is a joint effort of brands such as Visa, MasterCard, American Express, and Discover. The exchange of sensitive and private data is carried out through a secure SSL communication channel, encrypted and protected by digital signatures. The Services also comply with strict vulnerability standards to create the most secure environment possible for Users. We will only share payment data with payment processors to the extent necessary for payment processing, refunding these payments, and addressing complaints and queries related to these payments and refunds.

Please note that payment processors may collect certain personal information from you, allowing them to process your payments (such as your email address, address, credit card details, and bank account number) and manage all stages of the payment process through their systems, including data collection and processing. When necessary for future or recurring payment processing and subject to your prior consent, your financial information will be stored in encrypted form on secure servers of our payment processors. The use of your personal information by payment processors is governed by their respective privacy policies, which may or may not contain privacy protections as robust as this policy. We suggest reviewing their respective privacy policies.

Information Management

You have the option to delete certain personal information we hold about you. The personal information you can delete may change as the services change. However, when you delete personal information, we may retain a copy of the unrevised personal information in our records for the duration necessary to comply with our obligations to our affiliated companies and partners, and for the purposes described below. If you wish to delete your Personal Information or permanently delete your account, you can do so on the account settings page on the Services or by simply contacting us.

Disclosure of Information

Depending on the requested services or if necessary to perform any transaction or provide any service you have requested, we may share your information with our affiliated companies, contracted companies, and service providers (collectively, the "service providers") on which we rely to help operate the Services made available to you and whose privacy policies align with ours or who agree to abide by our policies regarding personal information. We will not share any personally identifiable information with third parties and will not share information with unaffiliated third parties.

Service providers are not authorized to use or disclose your information except as necessary to perform services on our behalf or to comply with legal requirements. Service providers receive only the information they need to perform the functions assigned to them, and we do not allow them to use or disclose the provided information for their own marketing or other purposes.

Retention of Information

Data Protection Rights under GDPR

If you reside in the European Economic Area ("EEA"), you have certain data protection rights, and we strive to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal information. If you wish to be informed about the personal information we hold about you and if you want them to be removed from our systems, please contact us. In certain circumstances, you have the following data protection rights:

(i) You have the right to withdraw your consent if you have previously given consent for the processing of your personal information. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the legality of the processing before withdrawal.

(ii) You have the right to know if we are processing your personal information, to obtain information about certain aspects of the processing, and to obtain a copy of your personal information being processed.

(iii) You have the right to verify the accuracy of your information and to request that it be updated or corrected. You also have the right to ask us to complete the personal information you believe is incomplete.

(iv) You have the right to object to the processing of your information if the processing is carried out on a legal basis other than consent. When Personal Information is processed in the public interest, in the exercise of public authority vested in us, or for the purposes of legitimate interests pursued by us, you may object to this processing by providing a reason related to your particular situation to justify the objection. You should be aware, however, that if your personal information is processed for direct marketing purposes, you can object to this processing at any time without providing justification. To find out if we process personal information for direct marketing purposes, you can refer to the relevant sections of this policy.

(v) You have the right, in certain circumstances, to restrict the processing of your personal information. These circumstances include: the accuracy of your personal information is contested by you and we need to verify their accuracy; the processing is unlawful, but you object to the erasure of your personal information and instead request the restriction of their use; we no longer need your personal information for processing purposes, but you need them to establish, exercise, or defend your legal rights; you have objected to the processing while waiting for verification of whether our legitimate grounds override your legitimate grounds. When processing is restricted, such personal information will be marked accordingly and, except for storage, will only be processed with your consent or for the establishment,

(vi) You have the right, in certain circumstances, to obtain the erasure of your personal information from us. These circumstances include: personal information is no longer necessary for the purposes for which it was collected or otherwise processed; you withdraw your consent for processing based on consent; you object to processing under certain rules of applicable data protection law; processing is for direct marketing purposes; and personal data has been processed unlawfully. However, there are exclusions from the right to erasure, such as when processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise, or defense of legal claims.

(vii) You have the right to receive the personal information you have provided to us in a structured, commonly used, and machine-readable format and, if technically feasible, to transmit it to another controller without any hindrance from us, provided that such transmission does not adversely affect the rights and freedoms of others.

(ix) You have the right to lodge a complaint with a data protection authority regarding our collection and use of your personal information. If you are not satisfied with the outcome of your complaint directly with us, you have the right to file a complaint with your local data protection authority. For more information, please contact your local data protection authority in the EEA. This provision is applicable provided that your personal information is processed by automated means and the processing is based on your consent, on a contract you are part of, or on pre-contractual obligations thereof.

California Privacy Rights

Residents of California have certain additional rights regarding their personal information under the California Consumer Privacy Act ("CCPA"). If you are a California resident, this section applies to you.

As described in this policy in the Information Collection section above, we have collected the categories of personal information listed below during the past twelve (12) months:

Personal identifiers (such as email address, phone number, etc.)
Geolocation data
In addition to the rights explained in this policy, California residents who provide personal information as defined by the law for personal, family, or household purposes have the right to request and obtain from us, once per calendar year, information about the categories and specific pieces of personal information we have collected and disclosed.

Furthermore, California residents have the right to request the deletion of their personal information or to opt-out of the sale of their personal information, which may include the sale, disclosure, or transfer of personal information to another company or third party for monetary or other valuable consideration. To exercise this, you can simply contact us. We will not discriminate against you if you exercise your rights under the CCPA.

How to Exercise Your Rights

Any request to exercise your rights can be directed to us using the contact details provided in this document. Please note that we may ask you to verify your identity before responding to such requests. Your request must provide sufficient information that allows us to verify that you are the person you claim to be or that you are the authorized representative of such person. If we receive your request from an authorized representative, we may ask for proof that you provided a power of attorney to that authorized representative or that the authorized representative otherwise has valid written authorization to submit requests on your behalf.

You must include enough details to allow us to properly understand and respond to the request. We cannot respond to your request or provide you with personal information unless we first verify your identity or authority to make such a request and confirm that the personal information relates to you.

Cookies

Our Services use "cookies" to help personalize your online experience. A cookie is a text file that is placed on your hard disk by a web server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.

We may use cookies to collect, store, and track information for security and personalization purposes, as well as for statistical purposes. For more information about the cookies we collect and their purpose, please refer to our Cookie Policy. Please note that you have the option to accept or decline cookies. Most web browsers automatically accept cookies by default, but you can modify your browser settings to decline cookies if you prefer.

Data Analytics

Our Services may use third-party analytics tools that utilize cookies, web beacons, or other similar information-gathering technologies to collect standard information about internet activity and usage. The information collected is used to compile statistical reports on user activity, such as how often users visit our services, which pages they visit and for how long, etc. We use the information obtained from these analytics tools to monitor performance and improve our services. We do not use third-party analytics tools to track or collect personally identifiable information about our users, and we will not associate any information collected from the statistical reports with an individual user.

Do Not Track Signals

Some browsers include a "Do Not Track" feature that signals websites you visit that you do not want your online activity to be tracked. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to the collection of personally identifiable information from consumers who use or visit a website or online service as they move across different websites over time. The way browsers communicate the Do Not Track signal is not yet uniform. Therefore, the Services are not currently configured to interpret or respond to Do Not Track signals communicated by your browser. Nevertheless, as described more fully throughout this policy, we limit our use and collection of your personal information.

Advertisements

We may display online advertisements and may share aggregated and non-identifying information about customers that we or our advertisers collect through your use of the Services. We do not share personally identifiable information about individual customers with advertisers. In some cases, we may use this aggregated and non-identifying information to deliver targeted advertising to the intended audience.

We may also allow certain third-party companies to assist us in customizing advertising that we believe may be of interest to Users and to collect and use other data about Users' activities on the Services. These companies may deliver ads that are likely to place cookies and otherwise track User behavior.

Social Media Features

Our Services may include social media features, such as Facebook and Twitter buttons, Share buttons, etc. (collectively, "Social Media Features"). These social media features may collect your IP address, the page you are visiting on our services, and may set a cookie to enable the social media features to function properly. Social Media Features are either hosted by their respective providers or directly on our services. Your interactions with these social media features are governed by the privacy policy of their respective providers.

Email Marketing

We offer electronic newsletters that you can voluntarily subscribe to at any time. We are committed to keeping your email address confidential and not disclosing your email address to third parties, except as permitted in the section on information use and processing or for the purpose of using a third-party provider to send such emails. We will retain email information in accordance with applicable laws and regulations.

In accordance with the CAN-SPAM Act, all emails we send will clearly indicate who the email is from and will provide clear information on how to contact the sender. You can choose to unsubscribe from our newsletter or marketing emails by following the unsubscribe instructions included in these emails or by contacting us. However, you will continue to receive essential transactional emails.

Push Notifications

We offer push notifications that you can also voluntarily subscribe to at any time. To ensure push notifications reach the right devices, we use a third-party push notification provider that relies on a unique device token on your device issued by your device's operating system. While it is possible to access a list of device tokens, they will not reveal your identity, unique device ID, or your contact details to us or our third-party push notification provider. We will retain email information in accordance with applicable laws and regulations. If at any time you no longer wish to receive push notifications, simply adjust your device settings accordingly.

Links to Other Resources

The Services contain links to other resources that are neither owned nor controlled by us. Please be aware that we are not responsible for the privacy practices of these other resources or third parties. We encourage you to be cautious when you leave the Services and to read the privacy statements of each resource that may collect personal information.

Information Security

We secure the information you provide on computer servers in a controlled and secure environment, protected against unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards to protect against unauthorized access, use, modification, and disclosure of personal information under our control and custody. However, no data transmission over the Internet or wireless network can be guaranteed.

Therefore, while we strive to protect your personal information, you acknowledge that (i) there are security and privacy limitations on the Internet that are beyond our control; (ii) the security, integrity, and confidentiality of all information and data exchanged between you and the Services cannot be guaranteed; and (iii) this information and data may be accessed or altered in transit by a third party, despite our best efforts.

Because the security of personal information partly depends on the security of the device you use to communicate with us and the security measures you use to protect your identification information, please take appropriate measures to safeguard this information.

Data Breach

In the event that the security of the Services is compromised or Users' personal information is disclosed to unrelated third parties due to external activity, including but not limited to security attacks or fraud, we reserve the right to take reasonably appropriate measures, including but not limited to investigations and reporting, as well as notification and cooperation with law enforcement authorities. In case of a data breach, we will make reasonable efforts to inform affected individuals if we believe there is a reasonable risk of harm to the user as a result of the breach or if notification is otherwise required by law. When we do so, we will send you an email.

Changes and Amendments

We reserve the right to modify this policy or its terms relating to the Services at any time, at our discretion. When we do so, we will revise the "last updated" date at the bottom of this page. We may also inform you in other ways, at our discretion, for example, through the contact information you have provided.

An updated version of this policy will be effective immediately upon the publication of the revised policy, unless otherwise specified. Your continued use of the Services after the effective date of the revised Policy (or any other act specified at that time) will constitute your consent to these changes. However, we will not, without your consent, use your personal information in a manner substantially different from what was stated at the time your personal information was collected.

Acceptance of this Policy

You acknowledge that you have read this policy and agree to all its terms and conditions. By accessing and using the Services and submitting your information, you agree to be bound by this Policy. If you do not agree to comply with the terms of this Policy, you are not authorized to access or use the Services.

Contact Us

If you have questions about the information we may hold about you or if you wish to exercise your rights, you can use the following Data Subject Request Form to submit your request:

Submit a Data Access Request

If you have other questions, concerns, or complaints regarding this Policy, we encourage you to contact us using the contact details provided below:

https://k-arole.com/en/pages/contact

EU Representative: k-arole IE
contact@k-arole.fr

We will strive to address complaints and disputes and make all reasonable efforts to honor your wish to exercise your rights as quickly as possible and, in any case, within the timeframes required by applicable data protection laws.

This document was last updated on July 27, 2023.