Privacy Policy

WHO THIS POLICY APPLIES TO

This Privacy Policy applies to you if you are a Customer or Consumer of ours – this is where you engage with us as a Customer when buying directly from us, signing up to one of our brand-led newsletters, entering a competition or joining a membership or an affiliate scheme.  You may also contact us as a Consumer about our products – whether you bought products from us directly or via a retailer.

We set out below information on the personal data we might collect or hold about you, how and why we use it, who we share it with, how we protect it and keep it secure, and your rights around your personal data.

You must be at least 18 years old or older to use our services and sign up to promotional content unless the local laws where you are based or the terms for a specific service or marketing sign-up state otherwise. Not all the information set out below may apply to you.  We have detailed many possible scenarios how we may interact with each other, but this Policy may apply to scenarios that are not listed, too.

 

WHO IS KAYALI?

“KAYALI”, “us”, “our” or “we” means any company within the KAYALI Group of Companies. A list of the operating companies are below:

COMPANY NAME	COUNTRY OF INCORPORATION
KAYALI DMCC	UNITED ARAB EMIRATES
KAYALI BEAUTY PRODUCTS TRADING DWC FZ LLC	UNITED ARAB EMIRATES
KAYALI BEAUTY SINGLE OWNER LLC	UNITED ARAB EMIRATES
KAYALI HOLDINGS LIMITED	UNITED ARAB EMIRATES
KAYALI DTC TRADING DWC LLC	UNITED ARAB EMIRATES
KAYALI UK TRADING	UNITED KINGDOM
KAYALI AMERICAS TRADING LLC	UNITED STATES OF AMERICA
KAYALI EU TRADING COMPANY	FRANCE

 

All those KAYALI Group of Companies are jointly responsible for the personal data that you share with us as we are the “controller” for the purposes of applicable data protection laws. 

 

WHAT IS NOT COVERED BY THIS POLICY?

This Privacy Policy does not apply to KAYALI employees and shareholders. It does not cover other companies or organizations (which advertise our products and services and use cookies, tags and other tracking technologies) collecting and using your personal data to offer relevant online advertisements to you. You should review their cookie and privacy policies before giving them your personal information.

 

OUR PRIVACY UNDERTAKINGS TO YOU

We want to provide you with certainty that your personal information is being treated with care and safety, and feel comfortable to share information with us.  We therefore promise to:

1. Respect your privacy and your choices.
2. Make sure that privacy and security are embedded in everything we do.
3. Give you full control over receiving communications from us. You can change your mind at any time.
4. Remain committed to keeping your personal data safe and secure. This includes only working with trusted partners. 
5. Be open and transparent about how we use your personal data.
6. Use your personal data only in ways that have a legitimate interest, it is required by law or where we have your consent .
7. Respect your rights and will always try to accommodate your requests as far as is possible, in line with our own legal and operational responsibilities.

 

WHAT IS PERSONAL DATA? 

“Personal data” means any information or pieces of information that could identify you either directly (e.g. your name) or indirectly (e.g. through pseudonymized data, such as a unique ID number). This means that personal data includes things like email/home addresses, usernames, profile pictures, personal preferences and shopping habits, User Generated Content, financial information, and health information. It could also include unique numerical identifiers like your computer’s IP address, as well as cookies. 

WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU AND HOW DO WE USE IT? 

Our aim is to give you a personalized experience as much as possible when you engage with us. This could be while scrolling our website, placing orders, signing up for rewards programmers or even completing surveys or entering competitions.

How do we collect or receive your personal data? 

There are many ways we may collect or receive your personal data, including via our websites, forms, apps, devices, third party sellers or our brand pages on social media. Sometimes you give this to us directly (e.g. when you create an account, when you contact us, when you purchase from our websites or stores or when you enter a competition or promotion), sometimes we collect it (e.g. using cookies to understand how you use our websites and apps) or sometimes we receive your personal data from other third parties including other KAYALI Group entities (e.g. when you mention KAYALI products or services on non-KAYALI pages or social media platforms or smart devices, e.g. voice assistant platform providers).  

The table below sets out which legal basis we rely on when processing your personal data.

To explain what a ‘legal basis’ is – under data protection laws, the legal basis for the processing of your personal data can be: 

• Your consent – where we ask for your agreement to use your personal data for a specific purpose. 
• The performance of a contract – where we need to process your personal data to provide you with a service/something under an agreement we have with you or as part of preparing to enter into an agreement with you. An example of this would be the purchase of a product.
• Our legitimate interests – where the use of your personal data is in our legitimate business interests, eg. Tailoring experiences for you based on your shopping preferences, responding to customer service requests**. 
• To comply with a legal obligation – where we need to use your personal data for our own legal and regulatory compliance reasons (eg. to comply with our tax and financial reporting obligations). 

When we collect personal data, we will indicate which types of personal data are mandatory via asterisks (e.g. mandatory information to allow us to create your account or deliver the goods you have purchased on our websites/apps).  If you do not provide the personal data marked with an asterisk, this may affect the goods and services that we can provide. 

 

 

What ways could we collect your personal data?	What data may we hold about you?	How and why we may use it?
Account creation and management   Where we collect your personal data while creating or managing your account on KAYALI websites or  through a social media login or in store.	a.        First name and surname;  b.        Gender; c.        Email address; d.        Address; e.        Phone number; f.          Photo; g.         Birthday or age range; h.        ID/username, and password; i.           Personal description or preferences;  j.           Order and/or appointment details; k.         Social media profile (where you use your social media login or share this personal data with us); l.           Loyalty code; m.      User Generated Content; and/or n.       Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some websites, or by participating in a contest, game, survey etc.).	To: a.              Manage your account, orders and/or appointments; b.              Send you marketing communications  (i) by direct means (email, SMS, postal mail) and (ii) by advertising display when you browse third-party sites; c.              Give you better insights to tailor these communications to your interests which may be tailored to your “profile” (i.e. based on the personal data we know about you and your preferences); d.              Offer and manage a loyalty program; e.              Offer personalised services based on your beauty characteristics; f.                Allow you to manage your preferences; g.               Monitor and improve our websites; h.              Run analytics or collect statistics; i.                 Secure our websites and protect you and us against fraud; j.                 Display ads on KAYALI websites to create a unique experience when you visit our websites; k.               Respond to your questions and otherwise interact with you; and/or l.                Manage any competitions, promotions, surveys or contests you enter.
Newsletter and marketing subscription and Your Profile     Where your personal data is collected when you subscribe to receive our marketing communications and in building Your Profile to personalise our communications to you.	a.        First name and surname;  a.        Email address; b.        Gender; c.        Address; d.        Phone number; e.        Birthday or age range; f.          ID/username, and password; g.         Personal description or preferences;  h.        Order details; i.           Social media profile (where you use your social media login or share this personal data with us); j.           User Generated Content; and/or k.         Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us via the customer service portal or our social media accounts or by participating in a contest, game, survey etc.).	To: a.              Send you marketing communications (where you have asked us to) which may be tailored to Your Profile based on the personal data we know or learn about you and your preferences; b.              Personalise our marketing and advertising campaigns and create a unique experience when visiting our websites or mobile apps and our shops; c.              Show you marketing communications on other websites, including social media platforms. Note that you may also see our ads on other websites, including on social media sites, but these may not be tailored to you; d.              Keep an up-to-date suppression list if you have asked not to be contacted; e.              Run analytics or collect statistics; and/or f.                Send content on your behalf to your friends and/or family.
Purchases and order management   Where your personal data are collected during the purchase process made on KAYALI websites/apps, in store or on voice assistant platforms.	a.        First name and surname;  b.        Email address; c.        Address; d.        Phone number; e.        Personal description or preferences;  f.          Gender; g.         Social media profile (where you use your social media login or share this personal data with us);  h.        Transaction information including purchased products; i.           Payment and information; and/or j.           Purchase history.	a.              To: b.              Contact you to finalise your order where you have saved your shopping cart or placed products in your cart without completing the checkout process. c.              Inform you when a product you wanted to purchase is available. d.              Process your order including delivering the product to the address you indicated. e.              Manage payment. Please note that your payment information (credit card number/PayPal/bank account details) are not collected by us directly, but by securepayment service providers. f.                Manage any contact you have with us about your order and/or contact you to request feedback on our products/services. g.               Secure your transactions against fraud. We may use a third-party provider’s solution to detect fraud and make sure that payment is completed. h.              If you place a purchase using a registered account, we will add this transaction to Your Profile so we can understand your interests and preferences and you will see a record of your transactions with us within your account (where applicable). i.                 Manage any dispute relating to a purchase. j.                 Run analytics or collect statistics. k.               To send you commercial communications (i) by direct means (email, SMS, postal mail) and (ii) by advertising display when you browse third-party sites. l.                 To enrich Your Profile to personalise these communications according to your interests. m.            To display ads on KAYALI websites to create a unique experience when you visit our websites. n.              To send you commercial communications (i) by direct means (email, SMS, postal mail) and (ii) by advertising display when you browse third-party sites.
Online browsing   Where your personal data are collected by cookies or similar technologies (“cookies”*) when you browse KAYALI websites/apps or on third-party websites/apps where we have cookies.   *cookies are small text files stored on your device (computer, tablet or mobile) when you are on the Internet, including on KAYALI websites.	a.        Data related to your use of our websites, including:  b.        Where you came from; c.        Login details; d.        Location; e.        Data related to your navigation on our apps/websites, incl. scroll/mouse movement (but in a manner that does not identify you); f.          Videos you watched; g.         Pages/ads/content you looked at, clicked or tapped on; h.        Duration of your visit; and/or  i.           Products you searched for and/or selected to create your basket. j.           Technical information:  k.         Your IP address; l.           Browser information;  m.      Device information; n.        Your unique ID which is given to each visitor, and the expiration date of the ID; and/or; o.        Your visitor ID.	We use cookies, together with other personal data you have already shared with us (such as previous purchases, or whether you’re signed up to our email newsletters)  to deliver targeted advertising, and show you:  o     online advertisements for products which may be of interest to you, based on your previous behaviour; and/or o     ads and content on social media platforms or other websites.   You can opt out of targeted advertising in your browser settings. For opting out of targeted advertising on social media platforms, please visit the relevant social media platform to explore the options they may provide.   a.             To tailor our services for you to:   o     show you recommendations, marketing, or content based on Your Profile and interests; and/or  o     display our websites in a tailored way, for example, show you products we think you might like.    b.             To allow our websites/apps to function properly, that is to: o    ensure the proper display of content; o     create and remember your shopping cart; o     create and remember your account login details;  o     interface personalisation, such as language, or any user-interface customisation (i.e. parameters attached to your device including your screen resolution or font preference), etc.; o     perform troubleshooting and/or o     improve user experience and our websites/apps, for example, by testing new ideas or layouts.  Please note that we only track your navigation on the website/app (e.g. mouse movements) to ensure our websites/apps function properly, for troubleshooting, and to improve user experience, as explained above. We do so in a way that does not identify you and use encryption mechanisms to ensure that the personal data provided on the website/app is always masked and never recorded.   c.             To ensure our websites/apps are secure and safe, and to protect you against fraud or misuse of our websites/apps or services.   d.             To run statistics, that is to: o     avoid visitors being recorded twice;  o     know users’ reactions to our advertising campaigns; o     improve our offers; and/or o     understand how you discovered our websites/apps.   e.             To allow sharing of our content on social media platforms.   To recognize returning users across all touchpoints using fingerprinting device intelligence technology.
Social Media Platforms   Where your personal data are collected from your activity on social media platforms.	We may get information you publicly post on social media platforms (e.g. TikTok) and use it to better understand how consumers view our products/services and interact with us. For example, we may use public posts to identify beauty trends. Where possible, we do this in a way that we are unable to directly identify you.    We may also collect your personal data when you mention us on social media platforms. The personal data we collect may include:  a.             Social media handle; b.             Photo; and/or c.             Any comments mentioned in your post.    If we want to re-use any content you post on social media platforms, we will always ask your permission first.	To: a.              Monitor and improve our websites and apps; and/or b.             Run analytics or collect statistics.
Promotions   Where your personal data are collected during a competition, prize draw, game, contest, promotional offer, sample request, survey etc.	Depending on the frequency of your interactions with us, this personal data may include: a.              First name and surname; b.              Email address; c.              Phone number; d.              Birthday or age range; e.              Gender; f.                Address; g.               Personal description or preferences;  h.              Social media profile (where you use your social media login or share this personal data with us); and/or i.               User Generated Content; Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, a question via the chat function available on some of our websites, or by participating in a contest, game, survey etc.).	To: a.              Complete tasks that you have asked us to, for example, to manage your participation in the promotion or prize draw, taking into account your feedback and suggestions; b.             Run analytics and statistics; c.             Add your participation to Your Profile so we can understand your interests and preferences; d.             Send you samples.
User Generated Content   Where your personal data are collected when you submit content (for example images or ratings and reviews) on one of our websites (including our Communities)/apps/social media platforms, or accept our re-use of any content you posted on social media platforms.	a.              First name and surname or alias; b.             Email address; c.             Photo; d.             Personal description or preferences;  e.             Social media profile (where you use your social media login or share this personal data with us); and/or Other information you have shared with us about yourself (e.g. via your “My Account” page, by contacting us, or by providing your own content such as photos or reviews, or a question via the chat function available on some websites).	To: a.              Use the content you have created and/or shared in accordance with the specific terms and conditions accepted by you (e.g. to post your review/content and to promote our products); b.             Contact you to request feedback on our products and/or services; c.             Syndicate your ratings and reviews across our brand websites in other countries where we operate; d.             Run analytics and compile statistics; e.             Send you marketing communications, where you have asked us to, (via email, SMS, WhatsApp, social media platforms, etc.) which may be tailored to your “profile” based on the personal data (including your social media ‘handle’) we know or learn about you, and your preferences; f.               Deliver social media targeted advertising, to show you:  online advertisements for products that may be of interest to you, based on your previous behaviour; and/or ads and content on social media platforms such as Google, Meta, Snapchat, Amazon and Pinterest, TikTok or other websites; and/or Add your content to Your Profile so we can understand your interests and preferences.
App & Device Use   Where your personal data are collected in connection with your use of our websites/apps and/or devices (for example when you provide your personal data when completing online forms or trying on our products virtually.	a.        First name and surname; b.        Gender; c.        Email address; d.        Phone number; e.        Photo; f.          Location; g.         Birthday and/or age range; h.        Personal description or preferences, including characteristics such as skin tone, skin/hair type (e.g. your beauty profile); i.           Recordings of online consultations; j.           Application or device usage data; k.         Consultation data (pictures, attributes, scores, survey answers, products recommended); l.           Allergy alert test results; m.      Answers to health and safety- related questions.	To: g.               Provide you with the service(s) you requested (e.g. test our products virtually, enable you to purchase our products, provide you with online consultations to speak with an expert about your skin and receive bespoke skincare recommendations, advice and notifications regarding your sun exposure, skin/hair routine etc.); h.              Analyse your personal characteristics and recommend appropriate products (including bespoke products) and routines; i.                 Conduct research and innovation by scientists within the KAYALI Group; j.                 Monitor and improve our apps and devices;  k.               Run analytics and statistics; l.                 Send you commercial communications (i) directly (by email, SMS, postal mail) and (ii) by advertising display when you browse third-party sites; m.            Enrich Your Profile to tailor these communications to your interests. For more details see the section on “Your Profile” following this table; n.              Display advertisements on KAYALI websites to create a unique experience when you visit our websites.
Enquiries   Where your personal data are collected when you ask questions (via customer service) relating to our brands, our products and their use, or your purchases, account or rights.	a.        First name and surname; b.        Phone number; c.        Email address; d.        Other information you have shared with us about yourself in relation to your enquiry (which may include welfare, health data and call recordings).	To:   a.              Answer and manage your enquiries – connect you with the appropriate service if necessary; b.              Send you satisfaction surveys as a result of interactions with us (e.g. after a purchase or customer service contact); c.              Compile statistics; d.              Add your questions or concerns to Your Profile so we can understand your interests and preferences; e.              Monitor and prevent any adverse reactions related to the use of our products; f.                Carry out studies concerning the safety or use of our products; g.               Carry out and follow up on corrective actions taken, if necessary.
Our Premises   Where your personal data are collected when you visit our premises (e.g. our store(s) or our hairdressing academy).	a.        Photo/Video captured via CCTV; and b.        Attendance/visitor forms (which may include the collection of welfare and health data).	To: a.              Assist in the prevention and detection of crime and manage enquiries; and/or b.              Help ensure the health, safety and security of our employees and visitors; Help ensure the security of information located or stored within our premises or assets.

 

How long is your personal data kept?

 

·        Your personal data will be kept as long as you use your online account or purchase products or services from Kayali through it.  Your account will be deleted if you have not made any purchase on the Website for five consecutive years; and, during the fifth year, you have ceased interacting with Kayali;

·        For any personal data collected for the performance of a contract or consent (except for marketing purposes): your data will be retained for five years after the end of the commercial relationship, except (for consent), if you withdraw your consent;

·        For marketing purposes: your data will be retained for the duration of your consent and maximum 3 years from the date of your last contact.

 

A note on sensitive personal data

We only process special categories of data (e.g. health/biometric) with your explicit consent or when allocated by law and only for the stated purpose.

  For example, we may need to understand your health, including dietary, requirements when preparing access and catering for an event you are attending, or when handling a query or complaint made by you.  We will always check such requirements with you and you only need provide the information you are comfortable with us using.

Automated Decision Making

Automated decision making means the ability to make decisions using technology, without human involvement. 

We may use automated decision-making techniques for the purposes of securing transactions placed through our websites/apps and/or devices against fraud.  In addition, we may use a third-party provider’s solution to protect our systems, assets etc. against fraud.  

The method of fraud detection is based on several different data prediction and data intelligence techniques that may change over time, to keep up with technological advancements.  These may include, for example, simple comparisons, or association, clustering, prediction and outlier detections using intelligent agents, data fusion and data mining techniques.  This fraud detection process may be completely automated or may involve some human intervention where the final decision is taken by a person.  In all cases, we take all reasonable precautions and safeguards to limit access to your data.  Shopify is also used for the purpose of such Automated Decision Making (see Shopify Privacy Policy here).

Tailoring interests to you (profiling)

To be able to send or display personalised communications or content, we may use a technique known as insights.  This means we use automated processing of personal data to evaluate certain personal aspects about an individual, such as to analyse or predict aspects concerning personal preferences, interests, economic situation, reliability, behaviour, location or movements. 

We do this to build an Insights about you (‘Your Insights’).  Your Insights includes things such as: what you like, dislike, are passionate about and interested in, in addition to the information we know about you through your relationship with us, for example, products you have bought from us or been interested in, events and competitions you have attended or entered, and campaigns you have been interested in.  We may collect personal data about you in the different scenarios mentioned in the table above and use this data to send or display communications and/or content specifically tailored to your interests and/or needs – both directly to you or through our use of social media platforms such as Facebook, Instagram and TikTok. 

We ensure that we have an appropriate legal basis to process your personal data when conducting profiling activities. You may have the right to object at any time to the use of your personal data for insights purposes.

Joint Controllers

We are always responsible for personal data that we collect about you. In some cases, for example, when we collaborate with our trusted partners, we may be jointly responsible with those partners for protecting your personal data. 

Our data protection commitments as joint controllers are as follows:

• We will agree the respective roles and responsibilities of each party involved;
• We will make sure that both parties are transparent about the joint purposes for processing your personal data, and explain how your personal data is used for these purposes; and
• We will make sure that you are always able to exercise your legal rights. 

Where we work jointly with another party, we will inform you about your rights and other important information at the point we ask for your personal data. 

 

SHARING YOUR PERSONAL DATA

Selling personal data

Sharing personal data within the KAYALI Group of Companies

Where appropriate, we may share your personal data between our Group of Companies (as outlined at the beginning of this Privacy Policy) to build a central record, keep the information we hold about you up to date (for example, you may be a Customer of more than one of our brands), tailor our communications with you and to run analytics and perform statistics.  This includes sharing your profile. 

Access within the KAYALI Group will always be controlled on a need-to-know basis to fulfil our contractual obligation with you (such as to refund you), or to allow us to perform any necessary or legitimate functions.  This may include sending you marketing communications about other brands but only where we have a marketing permission to do so. 

We may also share your personal data in a pseudonymized way (which de-identifies all personal information about you so it is undetectable)  within the KAYALI Group of Companies to develop new products, marketing campaigns, including those located outside of your country, for research and innovation purposes.  

 

Sharing personal data with other Product Manufacturers

Where we sell products manufactured by other companies on our website and you have made a purchase of those products, we may share your personal information with the Supplier of those products, to allow them to provide you with an enhanced customer experience.

 

 Sharing personal data with our third party service providers

We only provide them with the information they need to perform the service they are providing. We require them to keep it secure and tell them not to use it for any other purpose. For example, we may trust third parties to deliver services that require the processing of your personal data as follows: 

• To provide digital and e-commerce services;
• To review social media and public profiles as well as ratings and reviews;
• To provide CRM, identity management, web analytics and search engine tools;
• To provide community platform management and User Generated Content curation tools; 
• As required to deliver a product to you, for example, postal/delivery services;
• Payment service providers and credit reference agencies to assess your credit score and verify your details where this is a condition of entering into a contract with you;
• Advertising, marketing, digital and social media agencies to help us deliver advertising, marketing, and campaigns, to analyze their effectiveness, and to manage your contact details, questions, and our relationship;
• Third parties that assist us with customer care, product queries and complaints; 
• To provide us with IT services such as website hosting and platform management services; and/or
• To help us provide training, seminars, and events, such as training providers, travel agencies, and event management companies. 

 

We may also disclose your personal data to third parties beyond those that provide services to us, such as:

• If we sell any or part of our business or assets, we may disclose your personal data to the prospective buyer of such business or assets.  Your personal data will usually be processed by the buyer acting as the new controller and its privacy policy will govern the processing of your personal data; 
• If we are under a duty to disclose or share your personal data to comply with a legal obligation, or in order to enforce or apply our terms of use/sales or other terms and conditions you have agreed to, or to protect the rights, property, or safety of KAYALI, our customers, or others; and/or 
• In other circumstances if we have your consent or we are permitted to do so by law. 

 

Sharing personal data with our own trusted partners

Furthermore, Partner Sites collect users’ personal data share such data for the purposes of automated processing, studies and surveys, and commercial prospecting (advertising activities by third-party companies). Here is the list of third-party companies with whom we do advertising and marketing campaigns: Google, Meta, TikTok, Pinterest, Snapchat, Shopify, Klaviyo, SoPost. The collection of personal data is based on your consent. Your information may be shared with our trusted parties if they are co-creating content with us for an event. We will each use your personal data for our own purposes and as such your personal data will be used by the partner acting also as a controller, and its privacy policy shall govern the use of your personal data for its purposes.  

We may share your User Generated Content such as ratings and reviews with our partners so it may be displayed on their websites. 

We may publish content created by third parties. Where we do this, the third party may place a cookie on your device if you read this content. Please consult the third party’s cookie policy or cookie consent management platform for details on what information they may gather from the cookie, and how it is used. 

We may also share personal data to display KAYALI content (for example recommended products/services) on our partners’ sites where you have agreed to receive advertising that is tailored to you (either by accepting our or our partners’ cookies, or by agreeing to receive our marketing).  Where you accept our cookies from our partners, they may store a cookie on your device so you should read their privacy and cookies policy or consult their cookie consent management platform. In the other cases, we only share data that does not directly identify you with our partners. Our partners will then determine which of our products/services to display to visitors of their websites.  

When we use advertising services from Google on our websites, apps and/or devices. Google will access and use your personal data when we utilize their services. If you would like to learn more about how Google uses your personal data in this context, please review their Google Privacy & Terms available here] .

All Meta features and services available on our websites, apps and/or devices are governed by Meta’s privacy and security information (available here). Pease visit Meta’s Privacy Center here if  you would like more information on your privacy rights and settings options.

• When using any of our websites/apps and/or devices, you may be able to: 
• sign-in with your Facebook login. If you do so, you consent to share some of your public profile information with us;
• use the Meta social plug-ins (Instagram, Messenger, etc.), such as “like” or “share” to share our content, or your User Generated Content on the Meta platform;
• accept cookies from our websites/apps (also known as “Meta Pixels”). These types of cookies help us understand your activity including for example, information about your device, how you use our services, any purchases you make and the ads you see, whether or not you have a Facebook account or are logged into Facebook. 
•  When you use any Meta features, we collect your data to help us to: 
• show you ads you might be interested in on Meta or any of its other services (Instagram, Messenger etc.); and 
• measure and analyse the effectiveness of our websites, apps and/or devices. 
• We may also use any personal data you provide us with on our websites, apps and/or devices (e.g. your name, email address, gender and phone number), to identify you on Facebook or any of Meta’s other services (Instagram, Messenger etc.), in order to show you ads that are more relevant for you. While doing this, Meta will not share your personal data and will delete the information promptly after the matching process is complete.

 

Where we store your personal data

The personal data that we collect from you may be transferred to, accessed in, and stored at, a destination outside your home country. It may also be processed by staff operating outside your home country who work for us or for one of our service providers.  

Where KAYALI transfers personal data outside of your home country, this will be done in a secure and lawful way. As some countries may not have laws governing the use and transfer of personal data, we will take steps to ensure that third parties adhere to the commitments set out in this Privacy Policy (e.g. reviewing their privacy and security standards and subjecting them to appropriate contractual obligations). 

When we transfer your personal data outside of your home country, we:

• review and/or enter into appropriate contracts (including adding the European Commission’s standard contractual clauses (available here) which may include the UK’s Addendum to the standard contractual clauses (available here); or
• rely on the applicable European Commission adequacy decision which finds the third country to which we may transfer your personal data offers an adequate level of data protection (copies of adequacy decisions available here).  

For further information, please contact us as per the “Contact us” section below. 

 

How long do we keep your personal data and how do we keep it secure?

We will keep your personal data for as long as we need it subject to the different use cases described above.  For example, we retain certain personal data for the following periods:

• For the duration of our contractual relationship and for a reasonable period after it ends in case of a query or claim;
• Where you create an account, we keep your personal data until you request we delete it or after a period of inactivity (i.e. where you have not interacted with us for a period of time). This period is defined in accordance with local regulations and our internal operating procedures;
• We keep User Generated Content for a reasonable period necessary to achieve the purpose we collected it for (e.g. for the duration of a campaign) and otherwise for a period defined in accordance with local regulations and guidance; and 
• Where cookies are placed on your browser, they are stored for as long as necessary to achieve their purposes (e.g. statistics on your social media post) and otherwise for a period defined in accordance with local regulations and guidance.  

We are committed to keeping your personal data secure and taking all reasonable steps to do so.  We contractually require that trusted third parties who handle your personal data for us do the same.  However, as no sharing of information via the Internet is completely secure, we cannot guarantee the security of your personal data transmitted to our site.  Any sharing is therefore at your own risk. If a breach creates a high risk for you, we will notify you and the regulators when required by law. (Here is the list of social platforms and third party sites that may be used for login purposes: Meta, Google, TikTok, Snapchat, Pinterest.)

Our websites/apps may, from time to time, contain links to the websites of our partner networks, advertisers and/or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you share any personal data with these websites. 

We may also offer you the opportunity to use your social media login when interacting with our websites/apps. If you do so, please be aware that you will be sharing the social profile information with us.  The personal data that is shared will depend on your social media platform settings. Please visit the relevant social media platform and review its privacy policy to understand how your personal data is shared and used in this context.

 

Social Media and User Generated Content 

Some of our websites and apps allow users to submit their own content. Please remember that any content submitted to our social media platforms can be viewed by the public, and you should be cautious about providing certain personal data (e.g. financial information or address details). We are not responsible for any actions taken by other individuals if you post personal data on a social media platforms or one of our websites (e.g. via a Community) and we recommend that you do not share such information.  

 

YOUR RIGHTS AND CHOICES

KAYALI respects your right to privacy: it is important that you are able to control your personal data. You may have certain rights and choices over the personal data we collect from you. These rights may be limited depending on our rights as a business and/or the legal basis on which we use the data, but we will always explain where this is the case. We will take reasonable steps to verify your identity before granting access or making corrections to the information we hold about you, and we will respond to such requests within one month, unless the matter is complex. You may exercise these rights by contacting us using the details provided below. 

Email opt-out

You can opt-out from our email marketing at any time by contacting us (see the ‘Contact Us’ section below). We will act on your request as quickly as we can, but it can take about 30 days to take effect due to system updates. We will add your email address to our opt-out list to make sure we continue to exclude you from future marketing communications. 

Withdrawing your consent

You may also withdraw any consent you previously provided to us at any time by contacting us using the details provided below. This will not affect the lawfulness of our use of your personal data based on your consent before its withdrawal. 

Reviewing, correcting, updating, restricting, objecting to our use of or deleting your personal data

You have the right to request access to and correction or erasure of the personal data we hold about you, or to request our use of this information is restricted, as appropriate. You also have the right to object at any time to the use of your personal data for direct marketing purposes, including the profiling we do related to direct marketing and generating and maintaining Your Profile.  Please note, if we cannot hold sufficient information in Your Profile or your account, we may have to reconsider how we engage with you, but we will always explain why.  

These rights may be limited depending on our rights as a business and/or the legal basis on which we use the data, but we will always explain where this is the case.  

Other Rights

Data portability: You have the right to receive, in a structured, commonly used and machine-readable format, the personal data that you have provided to us about you, with your consent or based on your contract with us. You also have the right to have this information transferred to another data controller, where it is technically feasible. You may exercise this right by contacting us using the details provided below.

Lodge a complaint: You may also lodge a complaint with a data protection authority (in France: https://www.cnil.fr/fr / in the UK: https://ico.org.uk/)  about our use of your personal data, but we do ask that you contact us first and try to resolve any issues or causes for concern you may have. 

Directives in the event of death: You have the right to give instructions regarding the fate of your personal data in the event of death.

How to turn on/off cookies 

The settings from the Internet browsers are usually programmed by default to accept cookies, but you can easily adjust them by changing the settings of your browser or, where available, by using the tools on our websites. 

Many cookies are used to enhance the usability or functionality of a website; therefore disabling some types of cookies may prevent you from using certain parts of our websites. 

You can at any time change or withdraw your consent using our cookie management module that appears at the beginning of your visit, or configuring your browser. If you need assistance, don't hesitate to contact us or refer to the Help function within your browser to learn how to manage your settings within your browser. You can also read here the privacy policy of our cookies management partner OneTrust.

 

CONTACT US FOR FURTHER PRIVACY RELATED INFORMATION

If you have any questions or concerns about how we treat and use your personal data, or would like to exercise any of your rights as outlined above,  you can contact our Data Protection Officer at privacy@kayali.com or at one of our postal addresses:

-            in the EU: KAYALIEU TRADING SAS 195 AVENUE CHARLES DE GAULLE, 92200 NEUILLY SUR SEINE

-            in the UK: KAYALI UK TRADING LIMITED, INTERNATIONAL HOUSE, 6 SOUTH MOLTON ST, LONDON, W1K 5QF, UNITED KINGDOM.

 

CHANGES TO THIS PRIVACY POLICY 

We may make changes to this Privacy Policy from time to time. Changes may be due to, for example, amendments to applicable laws, regulations, and industry practices, or due to changes we make to our services. We encourage you to review our Privacy Policy to stay informed. 

If we make material changes that may affect your rights, we may provide additional notice, such as via email or via a notice on our website. If you continue to use our services after we publish or send a notice about any changes to our Privacy Policy, it will mean that you have read and understood the updated Privacy Policy.