Privacy Policy

1. Information we collect

We collect information in a few different ways to provide and improve our services:

• Information you provide to us, such as your name, work email address, company details, role, and any information you share when you book a call, complete a form, or contact us directly.
• Account and usage information, such as how you interact with our website or services, the pages you view, the features you use, your settings, and the time and duration of your sessions.
• Device and technical information, such as IP address, browser type, operating system, and approximate location (based on IP). We typically receive this data through analytics and logging tools.
• Cookies and similar technologies, which help us remember your preferences, understand how our site is used, and improve performance. You can control cookies through your browser settings and, where required, through consent tools.
• Payment and billing information, if you become a paying customer. We use third-party payment processors to handle card details and related information. We do not store full payment card numbers on our own systems.
• Communications, such as emails, messages, and feedback you send us. We may use these to respond, improve our offerings, and maintain records.

2. How we use your information

We use the information we collect for the following purposes:

• To operate, maintain, and improve our website and services.
• To understand how visitors and customers use our offerings so we can make them more useful and reliable.
• To communicate with you, including responding to inquiries, sending service-related messages, and sharing relevant updates or content.
• To personalize your experience where appropriate, such as tailoring content or recommendations to your interests.
• To prevent abuse, detect security incidents, and protect the integrity of our systems.
• To comply with legal obligations and enforce our agreements.

3. Legal bases for processing (GDPR)

Where the EU General Data Protection Regulation ("GDPR") applies, we process your personal data under one or more of the following legal bases:

• Performance of a contract, for example when we provide our services to you or your organization under an agreement.
• Legitimate interests, such as understanding service usage, improving our offerings, marketing to business contacts, and maintaining the security of our systems—where these interests are not overridden by your rights and interests.
• Consent, for certain activities such as using non-essential cookies or sending specific types of marketing communications, where required. You can withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
• Compliance with legal obligations, for example when we maintain records for tax or regulatory purposes or respond to lawful requests from public authorities.

4. How we share information

We do not sell your personal data. We may share information in the following situations:

• With trusted service providers and partners who help us operate our business, such as hosting providers, analytics tools, customer support platforms, email service providers, and payment processors. These parties are authorized to process your data only as necessary to provide services to us, under appropriate contractual safeguards.
• Within our corporate group (if applicable), to support internal operations and service provision.
• For legal, safety, and security reasons, such as when we reasonably believe disclosure is necessary to comply with a law, regulation, or legal request; to protect the rights, property, or safety of Camoatim UG (haftungsbeschränkt), our users, or others; or to detect, prevent, or address security or fraud issues.
• In connection with a business transaction, such as a merger, acquisition, financing, or sale of assets, where your information may be transferred as part of the transaction, subject to appropriate confidentiality protections.

5. International data transfers

We may process and store information on servers located in different countries, including locations outside of your home jurisdiction. Where we transfer personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that do not have an adequacy decision, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms, where applicable.

6. Data retention

We retain personal data for as long as reasonably necessary to fulfil the purposes described in this Policy, including providing our services, meeting legal, accounting, or reporting requirements, and resolving disputes. The specific retention periods can vary depending on the type of data and context of processing (for example, account data may be kept for the life of the customer relationship plus a limited period, while certain technical logs may be kept for shorter periods).

7. Your rights (including GDPR rights)

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal data:

• Access and portability: the right to request a copy of the personal data we hold about you, including in a structured, commonly used, and machine-readable format where technically feasible.
• Rectification: the right to ask us to correct inaccurate or incomplete personal data.
• Erasure ("right to be forgotten"): the right to request deletion of your personal data, subject to certain legal exceptions.
• Restriction of processing: the right to ask us to restrict how we process your data in certain circumstances.
• Objection to processing: the right to object to certain types of processing, including direct marketing and processing based on legitimate interests, where applicable.
• Withdraw consent: where we rely on consent, you can withdraw it at any time.

To exercise your rights, please contact us at [email protected]. We may need to verify your identity before responding to your request. If you are in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your local data protection authority.

8. Security

We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration. No system is perfectly secure, and we cannot guarantee absolute security, but we work to continuously improve our security posture in line with industry practices.

9. Children's privacy

Our services are designed for business and professional users and are not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe that a child has provided us with personal data, please contact us and we will take appropriate steps to delete the information.

10. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and may provide additional notice as appropriate.

11. How to contact us

If you have questions about this Privacy Policy, our data practices, or would like to exercise your rights, you can reach us at:

• Email: [email protected]
• Website: https://klymbai.com

Please update the contact details above if your official privacy or legal contact information changes.