Privacy Policy

Last updated: April 2025

1. Data Controller

The website kotlyspa.eu is owned and operated by CauldronSPA. For all matters related to personal data processing, you can contact us at:

Email: kontakt@kotlyspa.eu
Phone: +48 509 330 088

2. What Personal Data We Collect

When you interact with our website or contact us, we collect:

Contact information: Full name, email address, phone number
Business information: Company name, industry, delivery location
Enquiry details: Product interest, message content, timing
Technical data: IP address, browser type, pages visited, referrer (via cookies and analytics)

3. Why We Collect This Data

Legal basis (GDPR):

Art. 6(1)(b) GDPR: Responding to your enquiries and fulfilling service contracts
Art. 6(1)(f) GDPR: Legitimate business interests — improving our products and services
Your consent: You explicitly agreed to data processing when submitting the contact form

4. Cookies & Tracking

We use cookies for:

Essential cookies: Cookie consent preferences (stored in localStorage)
Analytics: Anonymous visitor statistics and page performance (Google Analytics)
Preferences: Language selection, navigation state

You can decline non-essential cookies. We will not track you without consent.

5. Data Retention

We retain your personal data for:

Contact enquiries: Up to 3 years from the last communication (to maintain business relationships)
Order/delivery data: For the duration of the customer relationship + 5 years (legal/tax requirements)
Analytics: Anonymous aggregated data only (no personal identifiers)

6. Your Rights (GDPR)

You have the right to:

Access (Art. 15): Request a copy of your personal data
Rectification (Art. 16): Correct inaccurate or incomplete data
Erasure (Art. 17): Request deletion of your data ("right to be forgotten") — with limitations
Restriction (Art. 18): Request that we limit processing temporarily
Portability (Art. 20): Receive your data in a portable format
Object (Art. 21): Opt-out of marketing communication
Lodge a complaint: Contact your local data protection authority (supervisory authority)

To exercise these rights, contact kontakt@kotlyspa.eu.

7. Data Sharing & Transfers

We do not sell your data to third parties. We only share data with:

Service providers: Delivery logistics partners, payment processors (only what's necessary)
Legal obligations: Law enforcement if required by law

International transfers: EU/EEA data stays within the EEA. Non-EEA transfers (if any) comply with GDPR Chapter V (adequacy or standard contractual clauses).

8. Security

We use industry-standard security measures including:

SSL/TLS encryption for data in transit
Secure password protection and access controls
Regular security audits and updates

No system is 100% secure. We take reasonable precautions, but we cannot guarantee absolute security.

9. Third-Party Services

Our website uses:

Google Analytics: For anonymous traffic analysis (IP anonymization enabled)
Google Fonts: For typography (font loading tracked by Google)

These services have their own privacy policies. We recommend reviewing them.

10. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect data from children. If we become aware of such collection, we will take immediate steps to delete the data.

11. Changes to This Policy

We may update this Privacy Policy. We'll notify you of material changes via:

Email notification (if you've provided contact details)
Posted notice on this page with updated date

Need help?

For questions about this Privacy Policy or your data rights, contact us at kontakt@kotlyspa.eu or call +48 509 330 088.