Effective Date: December 6, 2025
IMPORTANT PRIVACY NOTICE: This Privacy Policy ("Policy", "Privacy Policy") describes how karamela's world ("Company", "we", "us", or "our") collects, uses, discloses, and protects your personal information when you access or use our website located at [website URL] (the "Service"). This Policy is designed to help you understand our practices regarding your personal data and to inform you about your privacy rights and how the law protects you. By using the Service, you consent to the data practices described in this Policy. If you do not agree with the data practices described in this Policy, you should not use the Service.
1.1 This Privacy Policy applies to all information collected through the Service, including information collected online, through mobile applications, and through any other means. This Policy does not apply to information collected offline or through any other means, including on any other website operated by us or any third party.
1.2 This Policy is designed to comply with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) (EU) 2016/679, the California Consumer Privacy Act (CCPA), and other applicable privacy laws. We are committed to protecting your privacy and handling your personal information in accordance with these laws.
2.1 Personal Information You Provide: We may collect personal information that you voluntarily provide to us when you: (a) register for an account or use our Service; (b) subscribe to our newsletter or marketing communications; (c) contact us through contact forms, email, or other communication channels; (d) participate in surveys, contests, or promotions; (e) make a purchase or transaction through the Service. This information may include: name, email address, postal address, phone number, payment information, and any other information you choose to provide.
2.2 Automatically Collected Information: When you access or use the Service, we may automatically collect certain information about your device and usage patterns, including: (a) device information (device type, operating system, browser type and version, device identifiers); (b) log information (IP address, access times, pages viewed, links clicked, referring website addresses); (c) location information (general geographic location based on IP address); (d) usage data (time spent on pages, clickstream data, navigation patterns); (e) technical information (screen resolution, language preferences, time zone).
2.3 Cookies and Similar Technologies: We use cookies, web beacons, pixel tags, and similar tracking technologies to collect and store information about your preferences and usage patterns. Cookies are small text files placed on your device that allow us to recognize your device and remember information about your visit. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until deleted or expired).
If you are located in the European Economic Area (EEA), we process your personal information based on the following legal bases: (a) Consent: You have given clear consent for us to process your personal data for specific purposes; (b) Contract Performance: Processing is necessary for the performance of a contract to which you are a party; (c) Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject; (d) Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided that such interests are not overridden by your fundamental rights and freedoms.
You have the right to withdraw your consent at any time where we rely on consent as the legal basis for processing. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
We use the information we collect for the following purposes: (a) Service Provision: To provide, operate, maintain, and improve the Service; (b) Communication: To respond to your inquiries, comments, questions, and requests, and to provide customer service and support; (c) Personalization: To personalize your experience and deliver content and product offerings relevant to your interests; (d) Analytics: To analyze usage patterns, trends, and user behavior to improve our Service and develop new features; (e) Marketing: To send you promotional communications, newsletters, and marketing materials (only with your consent, where required by law); (f) Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests; (g) Security: To detect, prevent, and address technical issues, fraud, security threats, or other harmful activities; (h) Business Operations: To manage our business operations, including accounting, auditing, and other internal functions.
We will not use your personal information for purposes other than those described in this Policy without notifying you and, where required by law, obtaining your consent.
5.1 We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:
5.2 We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
6.1 We implement appropriate technical and organizational security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include: (a) encryption of data in transit using Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols; (b) encryption of data at rest where appropriate; (c) secure server infrastructure with regular security updates and patches; (d) access controls and authentication procedures to limit access to personal information to authorized personnel only; (e) regular security audits, vulnerability assessments, and penetration testing; (f) employee training on data protection and security best practices.
6.2 Despite our efforts to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Service.
7.1 We will retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the information, and whether we can achieve those purposes through other means.
7.2 When we no longer need your personal information, we will securely delete or anonymize it in accordance with our data retention policies and applicable law. In some circumstances, we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Depending on your location, you may have the following rights regarding your personal information:
To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within the timeframes required by applicable law (typically 30 days, or 45 days for complex requests under CCPA).
9.1 The Service is not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect, use, or disclose personal information from children under 18 without verifiable parental consent in accordance with the Children's Online Privacy Protection Act (COPPA) and other applicable laws.
9.2 If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately. If we become aware that we have collected personal information from a child under 18 without verifiable parental consent, we will take steps to delete such information from our servers as quickly as possible.
10.1 Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your information to these countries.
10.2 If you are located in the EEA, we will ensure that any such transfers are made in accordance with applicable data protection laws, including by implementing appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or relying on adequacy decisions.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA): (a) Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell; (b) Right to Delete: You have the right to request deletion of your personal information; (c) Right to Opt-Out: You have the right to opt-out of the sale of your personal information (if applicable); (d) Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise your CCPA rights, please contact us using the information provided in the "Contact Us" section. We will verify your identity before processing your request and will respond within 45 days (or as otherwise required by law).
12.1 We use the following types of cookies: (a) Essential Cookies: Required for the Service to function properly and cannot be switched off; (b) Analytics Cookies: Help us understand how visitors interact with the Service; (c) Functional Cookies: Remember your preferences and settings; (d) Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness.
12.2 You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of the Service. You can also manage your cookie preferences through our cookie consent banner. For more information about cookies and how to manage them, visit www.allaboutcookies.org.
Some browsers incorporate a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want to have your online activity tracked. Currently, there is no industry standard for recognizing or responding to DNT signals. As such, we do not respond to DNT browser signals or mechanisms. However, you can opt out of certain tracking activities by adjusting your browser settings or using our cookie consent tools.
14.1 We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by: (a) posting the updated Privacy Policy on this page with a new "Effective Date"; (b) sending you an email notification (if we have your email address); (c) displaying a prominent notice on the Service.
14.2 Material changes will become effective 30 days after the updated Policy is posted, unless a different effective date is specified. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Policy. If you do not agree to the updated Policy, you must stop using the Service.
15.1 If you have any questions, concerns, or complaints about our data practices or this Privacy Policy, please contact us using the information provided in the "Contact Us" section below.
15.2 If you are located in the EEA and believe that we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority. A list of data protection authorities in the EEA can be found at: https://edpb.europa.eu/about-edpb/board/members_en.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, or if you wish to exercise your privacy rights, please contact us at:
We will respond to your inquiry as soon as possible and within the timeframes required by applicable data protection laws (typically 30 days, or 45 days for complex requests).