Cookies & Privacy Policy

Cookies Policy

Welcome to Kaicao! In this Cookie Policy we explain what cookies are, why we use them and how you can manage cookies that are placed on your device.

Please read this Policy in conjunction with our Privacy Policy which provides additional details about how we use personal data and your various rights. This Policy sits in line with the Spanish Data Protection and Digital Rights Act 3/2018 (“DPA”) and the Spanish Law 34/2002 on Information Society Services and Electronic Commerce (“ECA”). As well as the EU`s Privacy and Electronic Communications Directive (“PECD”) and the General Data Protection Act (“GDPR”).

What are cookies?

Cookies are small files that are stored by most Internet browsers to obtain information about visitors so that we can make the web experience more appealing to you. During your visit to our website, we use four types of cookies.

How do we use them?

We use cookies to:

obtain information about your browser settings, domain name, Internet service provider, operating system, date and time of access, location and type of device you use to access our website and to perform system administration.
obtain information about other websites you have visited or the types of searches you have performed in order to improve your experience.
prevent fraudulent activity and improve security.
identify and analyze your browsing preferences and the products you are interested in.
associate your past website behavior after you have registered with your information on our website for business and technical purposes.

Some of the cookies used on our websites are set by us, others are set by third parties on our behalf. The use of third-party cookies enables tailored advertising, meaning you may see ads for Kaicao on other websites you visit.

What types of cookies do we use?

Essential cookies: these cookies are necessary for us to provide you with the basic functionality of our website and cannot be turned off in our systems.
Performance and analytics cookies: these cookies allow us to track visits and traffic sources to measure and improve the performance of our website.
Functional cookies: these cookies are used to provide enhanced functionality and personalization during your visit.
Targeting or advertising cookies: these cookies may be set through our website by our advertising partners to profile your interests and suggest relevant advertising to you.

What cookies do we use?

According to the DPA, ECA and PECD, GDPR, the use of functional, analysis and performance or advertising cookies require your consent and thus the legal basis for the use of personal data in relation to cookies, the use of cookies would then be your consent as well as our legitimate interest.

Below you can find the cookies we use listed in accordance with their Name, Description, Lifespan, and Type. Please keep in mind that this list may be updated from time to time.

secure_customer_sig

Shopify sets this cookie to be used in connection with customer login.
1 year
Necessary

localization

Flickr sets this cookie to to track usage of photo galleries embedded from Flickr.
1 year
Functional

cart_currency

Shopify sets this cookie to remember the user’s country of origin and populate the correct transaction currency.
14 days
Necessary

_orig_referrer

Shopify sets this cookie to be used in connection with shopping cart.
14 days
Necessary

_landing_page

Shopify installs this cookie to track landing pages.
14 days
Analytics

This cookie is associated with Shopify's analytics suite.
1 year
Analytics

This cookie is associated with Shopify's analytics suite.
30 minutes
Analytics

_shopify_y

This cookie is associated with Shopify's analytics suite.
1 year
Analytics

_shopify_s

This cookie is associated with Shopify's analytics suite.
30 minutes
Analytics

__cf_bm

This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
30 minutes
Functional

_shopify_sa_t

This is a Shopify analytics cookie relating to marketing and referrals.
30 minutes
Analytics

_shopify_sa_p

This is a Shopify analytics cookie relating to marketing and referrals.
30 minutes
Analytics

The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
2 years
Analytics

_gid

Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
1 day
Analytics

_gat

This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
1 minute
Performance

__kla_id

Cookie set to track when someone clicks through a Klaviyo email to a website.
2 years
Performance

_fbp

This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
3 months
Advertisement

JSESSIONID

The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
session
Necessary

shopify_pay_redirect

Shopify sets this cookie to enable secure online payment and checkout.
1 hour
Necessary

_pay_session

Shopify sets this cookie to enable secure checkout and payment function on the website.
session
Necessary

Google Analytics

We also sometimes use Google Analytics, a web analytics service provided by Google LLC, on our website. Google Analytics also uses cookies to enable our website to analyze how users use our website across multiple devices. The information generated by the cookies about your use of our website is transmitted to and stored by Google, including transmission to the United States. The following data is processed through the use of Google Analytics:

3 bytes of the IP address of the called system of the website visitor (anonymized IP address),
the website called up,
the website from which the user reached the accessed page of my website (referrer),
the subpages accessed from the website,
the time spent on the website
the frequency with which the website is accessed.

Google states that it will not associate your IP address with any other data held by Google.

You can disable tracking by Google Analytics with future effect by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser following this link http://tools.google.com/dlpage/gaoptout?hl=en. The legal bases are our legitimate interest and your consent.

Facebook Remarketing

On the same legal basis as Google Analytics, we use so-called "Facebook pixels" of the social network Facebook, which is operated by Meta Platforms Inc. With the help of the Facebook pixels (_fbp and fr), it is possible for Facebook to determine the visitors of our website as a target group for the display of advertisements, so-called "Facebook ads".

You can object to the collection by the Facebook pixels and use of your data for the display of Facebook ads. To do so, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads or declare the objection via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/

How can I manage cookies?

Each type of cookie serves a specific purpose; when you first visit our website you will be asked about the use of cookies, and you can easily agree or decline. Accepting all cookies allows you to fully personalize your web experience. You can choose which types of cookies to accept or block, but this may affect your experience with our website and the services we offer. Nevertheless, you will be able to use the Service even if you refuse to consent to some cookies, except for those that are strictly necessary.

If you are not interested in the benefits that our cookies offer, you can find instructions on how to refuse cookies and delete existing cookies through the "Help" function of your browser. Google Chrome, Mozilla Firefox, Flash cookies, Microsoft Internet Explorer/ Edge, Opera, Safari. You will also learn how to block all new cookies in your browser and what configuration steps are required to receive notification of new cookies.

Very helpful information about cookies in general can be found on these websites: www.allaboutcookies.org or www.cookiepedia.co.uk.

Contact

If you have any questions, comments or concerns about this Policy or about exercising your privacy rights with respect to personal information as permitted by applicable law, please contact us.

Privacy policy

At Kaicao (“we”, “us”, “our”) we want you to feel comfortable in our online shop and not have to worry about the security of your data. That is why data protection is an important part of our philosophy.

In this Privacy Policy you will find all the information about which personal data we collect and process and for what purpose. You will also find out what rights you have and how you can assert them.

The Data Controller

Responsible for the collection and processing of your personal data is

Kaicao Fabrica de Chocolate, Sociedad Limitada (“Kaicao”)

Plaza Castilla, 3 - ESC DR 6 C 1,

Madrid, 28046, Spain

Web: www.kaicaochocolate.com

E-Mail: contact@kaicaochocolate.com

The Supervisory Authority

The competent data protection authority in Spain is:

The Spanish Agency for Data Protection (AEPD)

C/ Jorge Juan, 6.

Madrid, 28001, Spain

Web: www.aepd.es

What is personal data?

According to the Spanish Data Protection and Digital Rights Act 3/2018 (“DPA”) and the EU`s General Data Protection Regulation (GDPR), personal data are "any information relating to an identified or identifiable natural person. This is, for example, name or address data, telephone number, mobile number, bank details or insurance number. However, personal data also includes online identifiers such as your device identifier and IP address.

General information on data processing

All personal data that we obtain from you via the website will be processed for the purposes described in more detail below. This is done within the framework of the DPA and GDPR or with your consent. And of course, only when data processing is permitted and if:

you have given your consent,
the data is necessary for the fulfilment of a contract / pre-contractual measures,
the data is necessary for the fulfilment of a legal obligation or
the data is necessary to protect the legitimate interests of our company, provided that your interests are not overridden.

We process and store your personal data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period (in particular commercial and tax law) exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.

What data does Kaicao process?

Kaicao offers you a wide range of products and services and in the process, various data are always collected. Most of the data we process is provided by you when you use our services or contact us. As soon as you register, you provide us with your name and e-mail address or your postal address.

Further, we also automatically collect technical device and access data that occur during your interaction with our website. And we collect further data through website analyses in order, for example, to optimize our offers for you personally (e.g., to optimize our offers for you).

a) Log files, Cookies and Analytical data

Even if you do not log in or register on our website, but simply browse our website, data is collected and stored and processed by us. Specifically, this requires the IP address of your computer, Date and time of access, Name and URL of the accessed file, Browser used, Number of bytes transferred, Status of the page retrieval, Session ID, Referrer URL.

In addition, we use cookies and analysis services when you visit Kaicao. You can find more information in our Cookie Policy. The legal bases for processing are contract and our legitimate interest. The collection and processing of this data is necessary from a technical point of view so that you can use our website.

b) Contacting us

You can easily contact us via our contact form, e-mail, or social media. In this case, we store and process the following data from you: Name, e-mail address, telephone number as well as other personal data that you provide when contacting us.

This data is collected and processed exclusively for the purpose of contacting you and processing your request and then deleted, provided there is no legal obligation to retain it. The legal bases for processing are contract and our legitimate interest.

c) User account

To use our services, you can register and log in to Kaicao. Here, too, we store data in order to create a User account for you: Name, E-mail address, chosen password.

We store this data as long as you are registered with us. If you delete your account, we will delete your data unless there is a legal retention period on our part. In this case, we must store your data for longer.

The data that you provide to us via your account will be stored until you delete the data from your account. In addition, we process data that is required for the services we offer or your membership. The legal bases for processing are contract and our legitimate interest.

d) Use of the online shop

You can order our offers via the online shop. In doing so, we process your personal data that is required for processing your order and for customer care, as well as the data that you also provide to us voluntarily. When you order via the online shop, for example, we have to ask for your name, e-mail address and shipping address. We will process this data for order processing: Name, Address(es), E-mail address, Order data, Payment data, Telephone number, IP address

The processing of this personal data is necessary for the ordering process. We process this data insofar as this is necessary for the processing of the contract, and for the assertion of possible claims on our part. The legal bases for processing are contract and our legitimate interest.

The provision of bank details is subject to our payment processors Shopify and PayPal. We do not collect or store payment information or bank details ourselves but receive payment confirmation statements. For further information, please refer to Shopify`s or PayPal`s Privacy Policy by clicking on the above links. The legal basis for the data processing is the fulfilment of our contractual obligations and the fulfilment of our legal obligations.

To ensure that you receive your ordered products, we pass on the necessary data to the selected service provider for order and order processing. In this case, we transmit your e-mail address and in some cases also your telephone number to the logistics service provider. In this way, they can inform you that your parcel is being sent. With the parcel notification, you can influence the parcel delivery if necessary and change the delivery day or delivery location.

e) Shopify

We use the store system Shopify of the service provider Shopify International Limited, for the purpose of hosting and displaying the shop on the basis of processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of Shopify's services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on our behalf. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed. Further processing on servers other than the aforementioned of Shopify will only take place within the framework communicated below. The legal basis for the data processing is our legitimate interest in providing an appealing website and shop.

Integration of third-party services and content

We use content or service offers of third-party providers on the basis of our legitimate interests in order to integrate their content and services (hereinafter uniformly referred to as "content").

This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content.

Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of our website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our website, as well as being linked to such information from other sources.

The following provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and so-called opt-out measures, if any:

Analytics and Tracking: Google Analytics by Google LLC

eCommerce and Content Management System: Shopify

Newsletter, E-Mail Marketing and Analytics: Klaviyo, Inc

Remarketing and Advertising: Facebook Pixel by Meta Platforms Ireland Ltd.

Spam protection: reCAPTCHA by Google LLC

The legal basis for the data processing is your consent and our legitimate interest.

Analytics and Advertising

We would like to show you interesting advertising outside of our website and use various third-party tools and cookies for this purpose. These collect and process information about your activities on our website - for example, which products you are interested in or which Kaicao pages you visit. By knowing what you are looking for and how you use our website, we can adapt our advertising to your needs. And thus increase the likelihood that you will also be shown suitable and interesting advertising outside our website.

We also analyze this data to evaluate the relevance of the advertisements and to optimize the advertisements for you. Through the tools, your browser regularly establishes a connection to the server of the tool provider when you visit our website. For some tools, we have no direct influence on what data is processed by the providers. The following personal data may be processed by third-party providers:

HTTP header information (e.g., IP address, web browser, website URL, date and time).
measuring pixel-specific data (e.g., pixel ID and cookie ID)
additional information about visits to our website (e.g., orders placed, products clicked on).

The legal bases for processing are our legitimate interest and your consent in case of cookies. For further information on Analytics and Cookies please refer to our Cookie Policy.

Authorities and other third parties

In the event of certain legal incidents, we are obliged to pass on our customers' data to law enforcement authorities or other third parties. This may be the case, for example, for official and court decisions or for legal and criminal prosecution.

How is my data protected?

We want you to feel and be safe on our website. Therefore, we take various measures to meet both the legal requirements and our own very high standards of data protection and data security.

Kaicao takes the protection of your personal data seriously. All data is handled and processed in accordance with the DPA and GDPR, which ensures the highest standards of data protection.

Our data processing is subject to the principle that we only process the personal data that is necessary for the sensible and economic use of our offer. In doing so, we take great care to ensure that your privacy and the confidentiality of all personal data are always guaranteed.

All transmitted data is protected by TLS encryption. Transport Layer Security (TLS) is a protocol used to ensure secure data transmission on the Internet. The public-private key procedure is used here. This means that data encrypted with a publicly accessible key can only be decrypted again with a separate private key.

We stand for high security when shopping online. Kaicao uses technical and organizational security measures (TOMs) throughout the company to protect the data we manage from you against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. For example, we regularly train all employees on current IT security topics.

Duration of data storage

We store personal data on our secure server and only for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 6 years, irrespective of the processing purposes.

Marketing

Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.

You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.

Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out.

Your data subject rights

These rights are standardized in the DPA and GDPR. These include:

the right to information,
the right to rectification,
the right to erasure,
the right to restriction of data processing,
the right to data portability,
the right to object to data processing,
the right to revoke any consent you have given, and
the right to lodge a complaint with the competent supervisory authority.

Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.

We encourage you to contact us if you have any information requests, requests for information or objections about data processing or concerns. However, you also have the right to file a complaint with your local supervisory authority. However, we would appreciate it if you would contact us with your concern before turning to a supervisory authority.

Online presence in social media

Based on our legitimate interests, we maintain online presences within social networks and platforms in order to communicate with the active, interested parties and users there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write posts on our online presences or send us messages.

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.

Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of Personal Data, notably where such requests would not allow us to provide our service to you anymore.

Withdraw your consent

You may withdraw your consent and request us to stop using and/or disclosing your Personal Data for any or all of the Purposes by submitting your request to us. Should you withdraw your consent to the collection, use or disclosure of your Personal Data, it may impact our ability to proceed with your transactions, agreements, or interactions with us. Prior to you exercising your choice to withdraw your consent, we will inform you of the consequences of the withdrawal of your consent. Please note that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies) or undertaking any steps as we may be entitled to at law.

Personal Data and children

Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose Personal Data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.

Changes to this Privacy Policy

We are constantly developing and improving our website - and as a result, some of the information in this Privacy Policy is likely to change. We therefore recommend that you read this Privacy Policy again from time to time so that you are informed about the current status. This Privacy Policy was last updated on Sunday, 04 December 2022.

Do you have any questions?

Please contact us if you have any comments or questions about this policy and/or our use of your Personal Data.