Privacy Policy

Introduction

By means of this Privacy Policy notice, we inform individuals who are users of the KUNGUL app about the processing of their personal data and the rights to which they are entitled under the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and the Albanian Data Protection Legislation. We may amend this notice at any time and post the amended version on our website.

Who is the Controller of Your Personal Data?

We, KUNGUL shpk (“KUNGUL,” “we,” “our,” “us”), with registered number M32405046R, and address at VLLAZEN HUTA, ND 39, H 1, AP 7, NJESIA ADMINISTRATIVE NR 2 TIRANE, are the controller of your personal data in connection with our business relationship. If you have any questions or wish to exercise your rights (see section 11 below) regarding your personal data, you may contact us by email at contact@kungul.com.

How Do We Collect Your Personal Data?

We collect your personal data directly from you (e.g., when you register as a customer through our electronic platforms, subscribe to receive our newsletter, or participate in our customer surveys). If you do not provide us with your personal data, we will be unable to provide you with the products or services we offer.

If you are under 18 years of age, please make sure that you get your parent/guardian’s permission before you share your personal data with us. We will not process your personal data without such consent.

Which Categories of Personal Data Does KUNGUL Process?

We collect the following categories of personal data:

• Identification data: name, surname, age, and email address.

• Location data: IP address, device location (if permitted).

• Usage data: app usage statistics, preferences, and interactions.

For Which Purposes Does KUNGUL Process Your Personal Data?

We may process your personal data for any of the following purposes:

1. Register you as our customer.

2. Provide you with a personalized experience by suggesting products that fit your skin and hair type and are locally available.

3. Provide maintenance services for our app and services.

4. Assess, process, or track your use of and requests for our services.

5. Respond to your queries or carry out your instructions.

6. Contact or communicate with you in relation to our services.

7. Prevent or investigate fraud, unlawful activity, or misconduct.

8. Facilitate or administer internal or external audits of our business.

9. Comply with applicable laws and regulatory requirements, including legal disclosures.

10. Conduct research, market surveys, and analysis to improve and promote our products and services.

11. Produce statistics and research for internal and statutory reporting.

12. Facilitate business transactions, such as mergers, sales, acquisitions, or leases.

13. Operate, develop, and maintain our IT systems, including data storage and processing.

If we must process your personal data for any other purpose that is incompatible with the foregoing purposes, we will provide you with prior notice.

On Which Legal Bases Do We Base the Processing of Your Personal Data?

The processing of your personal data is based on the following legal bases, as appropriate:

• Consent: For newsletters, marketing communications, and personalized profiling.

• Contractual necessity: To provide the services you request.

• Legal obligation: To comply with legal and regulatory requirements.

• Legitimate interest: To improve our services, conduct internal analytics, and prevent fraud.

Who Has Access to Your Personal Data?

Your personal data is accessible to our employees and third-party service providers who need such access to carry out their duties in Albania. Additionally, your personal data may be shared with:

• Law enforcement or administrative authorities to comply with legal obligations.

• Service providers (e.g., cloud providers, such as AWS) who process your data on our behalf under strict contractual agreements.

• Newsletter platforms (e.g., Mailchimp, Sendfox) for email marketing.

• Analytics providers (e.g., Google) for improving app performance.

• Prospective buyers or sellers of any business or assets in case of a business transaction.

Data Transfer

Your personal data may be transferred and stored on servers outside Albania, including AWS servers, which are located worldwide. While we cannot guarantee the exact storage location, we ensure compliance with GDPR through safeguards such as Standard Contractual Clauses (SCCs) or other appropriate mechanisms.

Protection and Security of Your Personal Data

We implement technical and organizational measures to protect your personal data against loss, misuse, unauthorized access, disclosure, alteration, or destruction. Our systems use encryption, strong passwords, and multi-level security controls. Personal data is stored in secure databases hosted by AWS and other trusted providers.

Retention of Your Personal Data

We retain your personal data as follows:

• Account data: As long as your account is active and up to 3 years after termination.

• Marketing data: Until you withdraw your consent or request deletion.

• Transactional records: For up to 7 years to comply with legal obligations.

After the retention period, data is securely deleted.

Your Rights Regarding Personal Data

Under GDPR, you have the following rights:

• Right of Access: Request a free copy of your personal data and processing details.

• Right to Rectification: Request corrections or updates to your personal data.

• Right to Erasure: Request deletion of your personal data if processing is no longer necessary or legitimate.

• Right to Object: Object to processing for legitimate interests or direct marketing.

• Right to Restriction: Request restriction of processing under certain conditions.

• Right to Data Portability: Request your personal data in a structured, machine-readable format for transfer to another controller.

To exercise your rights, contact us at contact@kungul.com.

Requesting Account Deletion

To delete your account and associated data, send an email to contact@kungul.com with the subject line “Account Deletion Request.” Include your username and the email address associated with your account. Once verified, we will delete your data within 30 days, retaining only transactional data for legal purposes.

Right to File a Complaint

If you have concerns about our handling of your personal data, you may contact us at contact@kungul.com. Alternatively, you can file a complaint with the Albanian Commissioner for Personal Data Protection:

• Address: Rruga Abdi Toptani, Nr.4, Tiranë, Albania

• Email: info@dataprotection.al

• Website: www.dataprotection.al

Updates to This Privacy Policy

We may update this Privacy Policy periodically. Significant changes will be communicated through email or app notifications. The updated version will always be available on our website.