Privacy Policy

Introduction 

By means of this Privacy Policy notice we inform individuals who are users of KUNGUL app about the processing of their personal data and the rights to which they are entitled under the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and the Albanian Data Protection Legislation. We may amend this notice at any time and post the amended version on our website. 

  1. Who is the Controller of your personal data? 

We, KUNGUL shpk (“KUNGUL”, “we”, “our”, “us”), with registered number M32405046R, and address at Rruga Naim Frashëri, Tirana, Albania, are the controller of your personal data in connection with our business relationship. If you have any questions or wish to exercise your rights (see section 11 below) regarding your personal data, you may contact us by email at contact@kungul.com. 

  1. How do we collect your personal data? 

We collect your personal data directly from you (e.g. register as a customer through our electronic platforms, register to receive our newsletter, participate in our customer surveys). If you do not provide us with your personal information, we will be unable to provide you with the products or services we offer. 

If you are under 18 years of age, please make sure that you get your parent/guardian’s permission before you share your personal data with us. We will not process your personal data without such consent. 

  1. Which categories of personal data does KUNGUL process?

We collect the following categories of personal data such as name, surname, age, parenthood, type of skin, type of hair, location, email, mobile phone.

  1. For which purposes does KUNGUL process your personal data? 

We may process your personal data for any of the following purposes:

a. register you as our customer; 

b.provide you with the most personalized  experience, by suggesting only products which fit your skin & hair type, and which are found locally;

c. provide maintenance services for our services;

d. assess, process or track your use and requests of our services; 

e. carry out your instructions or respond to your queries; 

g. contact or communicate with you in relation to our services; 

h.prevent or investigate any fraud, unlawful activity or omission or misconduct; 

i. facilitate or administer any internal or external audit of our business; 

j. comply with any applicable laws and order of a court or regulatory body, including legal and regulatory disclosure and record-keeping requirements; 

k. conduct research, market surveys, analysis and/or business development activities (including data analytics, surveys and/or profiling) to improve and promote our products and services; 

l. produce statistics and research for internal and statutory reporting; 

m. facilitate a business transaction such merger, sale, acquisition, lease, or purchase;

n. operate, develop, and maintain our IT systems, including storage and processing of personal data in computer databases and servers. If we must process your personal data for any other purpose that is incompatible with the foregoing purposes, we will provide you prior notice.

  1. On which legal bases do we base the processing of your personal data? 

The processing of your personal data must be premised on one of the legal bases provided in the GDPR. We base the processing of your personal data on the following legal bases, as appropriate from time to time: (a) performance of the contract between you and us (e.g., to deliver the services you have purchased from us), (b) compliance with our legal obligations (e.g., conduct sanctions and anti-corruption screening before you become our customer), (c) pursuit of our legitimate interests (e.g., collection of amounts due to us from you). 

  1. Who has access to your personal data? 

Your personal data are accessible to our employees, who need such access to carry out their duties in Albania. Your personal data may also be accessible to the following parties who are : 

a. law enforcement or administrative authorities in order to comply with our legal obligations or a court order; 

b. credit reference agencies and other companies for use in credit decisions, for fraud prevention and to pursue debtors; 

c. service providers for the operation, maintenance and technical support of our electronic systems; 

d. other service providers (e.g., a cloud provider) to process your personal data on our behalf and in accordance with our instructions; 

e. any prospective seller or buyer of any business or assets we might sell or purchase, in which case one such transferred asset will be the personal data held by us about customers. 

  1. Data transfer 

We maintain and process your personal data within Albania and do not transfer such data outside the territory of Albania.  

  1. Protection and security of your personal data 

We implement the appropriate technical and organizational measures to protect your personal data against any loss, misuse, unauthorized access, disclosure, alteration and destruction. Our information systems are protected with strong passwords and security control mechanisms at various levels. Electronic transfer of personal data is done by using encrypted messages and strict criteria for identifying the recipient. We implement procedures to deal with breaches of personal data security. Your personal data are stored in a secure database, located in AWS services, in Frankfurt. 

  1. Retention time of your personal data 

We will retain your personal data in our customer records throughout our business relationship with you. After the end of our business relationship with you we will keep your personal data in our archives for  maximum claims period under Albanian law, to use them, if necessary, solely for the purpose of establishing, exercising or defending any related legal action that may arise. 

  1. Your rights in respect of your personal data 

Depending on the legal basis we rely upon to process your personal data you have the following rights in connection with your personal data (restrictions apply to some of those rights) and you may exercise them by contacting us in any of the ways mentioned in section 2 above:

a. Right of Access: You have the right to request from us a free copy of your personal data we process and information on the processing activities (e.g., which personal data we process, how and for what purpose). 

b. Right to Rectification: You have the right to request from us the rectification, completion or update of your personal data, if they are incorrect, incomplete or have changed. 

c. Right to Erasure: You have the right to request from us to erase your personal data, if among other reasons, the processing is no longer necessary or legitimate or if you have revoked your consent 

Requesting Account Deletion

If you would like to request the deletion of your account and all associated data, please follow these steps:

  1. Submit a Deletion Request:

Send an email to contact@kungul.com with the subject line “Account Deletion Request.”

Include your username, the email address associated with your account, and a brief explanation of your request.

  1. Verification Process:

Our support team will verify your identity to ensure the security of your account. You may be asked to provide additional information for verification purposes.

  1. Deletion Confirmation:

Once verified, we will delete your account and all associated data within 30 days. You will receive a confirmation email once the deletion process is complete.

  1. Data Deletion Policy:

Deleted Data: Your account information, user data, and any content you’ve uploaded will be permanently deleted.

Retained Data: Transactional records and any data required for compliance with legal obligations will be retained for a period of [specify retention period, e.g., “6 months”] before being permanently deleted.

For further assistance, please contact our support team at contact@kungul.com.

  1. Right to Object: If we have processed your personal data for the performance of a task carried out in the public interest or for the pursuit of our legitimate interest, you have the right to object to the processing of your personal data, on grounds relating to your particular situation. If you exercise such right, we will cease processing your personal data, unless we demonstrate compelling legitimate grounds to continue processing your personal data or for the establishment, exercise or defense of legal claims. You may also object if we use your personal data for direct marketing purposes. 
  2. Right to Restriction: You have the right to ask us to restrict the processing of your personal data, if you contest their accuracy, the processing is illegal or no longer necessary or you have objected to the processing. 
  3. Right to Data Portability: You have the right to ask us to provide you with your personal data in a structured, commonly used and machine-readable format to be transferred by you or by us to another controller. 

   4. Right to file a Complaint: If you have any concern or wish to raise a complaint about our handling of your personal data, you may contact us by email at contact@kungul.com. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you have the right to complain with the Albanian Commissioner on Personal Data Protection. If you reside outside Albania, you may file a complaint with the data protection authority in the country of your residence or the data protection authority in the country where the violation of your personal data occurred.