Privacy policy

PRIVACY AND DATA PROTECTION POLICY

Last updated: January 30, 2026

KallieBaby Kft. ("KallieBaby", "we", "us", "our") operates this website and webshop, including all related information, content, features, tools, products and services (collectively, the "Services"), in order to provide customers with a curated shopping experience. The webshop is powered by Shopify.

This Privacy and Data Protection Policy ("Policy") describes how we collect, use, store, disclose and otherwise process personal data when you visit, use, or make a purchase through our Services, or otherwise communicate with us. This Policy is intended to fully comply with Regulation (EU) 2016/679 of the European Parliament and of the Council ("GDPR"), as well as applicable Hungarian and EU data protection laws.

If there is any conflict between our Terms of Service and this Policy, this Policy shall prevail with respect to the collection, processing and disclosure of personal data.

By accessing or using the Services, you acknowledge that you have read and understood this Policy.

1. Data Controller

Company name: KallieBaby Kft.
Registered office: Szilléri sugárút 13–15, 6723 Szeged, Hungary
Company registration number: 06-09-030819
Email: hello@kalliebaby.com
Legal representative: Ágnes Majoros-Benák, Managing Director

KallieBaby Kft. acts as the data controller with respect to the personal data processed under this Policy.

2. Data Processors and Access to Data

Personal data may be accessed by employees and authorised persons of the Data Controller strictly to the extent necessary for the performance of their duties.

For the operation of the webshop and the provision of the Services, the Data Controller uses the following primary data processor:

Shopify International Ltd.
Victoria Buildings, 2nd Floor, 1–2 Haddington Road
Dublin 4, D04 XN32, Ireland

Shopify provides the technical infrastructure of the webshop, including hosting, order processing, payment handling and related services.

In addition, we use trusted third-party service providers for specific functions, including:

  • payment service providers (e.g. Shopify Payments, Stripe, PayPal)
  • shipping and logistics partners
  • accounting and invoicing providers
  • IT and hosting service providers
  • analytics and marketing tools (e.g. Google Analytics)

These providers process personal data only on our behalf and in accordance with applicable data protection laws.

Personal data is not sold and is not disclosed to third parties except as described in this Policy or as required by law.

3. Scope and Categories of Personal Data Processed

3.1 General

Data processing applies to natural persons and representatives of legal entities. The content of the website is accessible without registration.

The website stores customer data exclusively for the purposes described in this Policy, in particular for processing and fulfilling orders and providing the Services.

3.2 Categories of Personal Data

Depending on how you interact with the Services, we may collect or process the following categories of personal data:

  • Contact details: name, billing address, shipping address, phone number, email address.

  • Financial information: payment card information, financial account information, transaction details, form of payment and payment confirmations. (Payment data is processed securely by our payment service providers.)

  • Account information: username, password, preferences and settings.

  • Transaction information: products viewed, added to cart or wishlist, purchased, returned, exchanged or cancelled, and past transactions.

  • Communications: information provided when contacting customer support or otherwise communicating with us.

  • Device and technical information: IP address, browser type, operating system, device identifiers.

  • Usage information: interaction with and navigation on the Services.

Personal data does not include information that has been anonymised or de-identified so that it cannot reasonably be linked to an individual.

3.3 Cookies

The website uses cookies and similar technologies to ensure proper functionality and to improve user experience.

Cookies are small data files stored on the user’s device.

We use the following types of cookies:

  • Strictly necessary cookies, which are essential for the operation of the website
  • Statistical cookies, used to analyse website traffic and performance
  • Marketing cookies, used to personalise advertising and measure effectiveness

Statistical and marketing cookies are used only with your prior, explicit consent, which can be given through the cookie consent banner.

You may withdraw or modify your consent at any time via the cookie settings on the website.

For more detailed information, please refer to our separate Cookie Policy.

4. Legal Basis, Purpose and Method of Data Processing

4.1 Legal Basis

We process personal data on the following legal bases:

  • your consent (Article 6(1)(a) GDPR)
  • performance of a contract (Article 6(1)(b) GDPR)
  • compliance with a legal obligation (Article 6(1)(c) GDPR)
  • our legitimate interests (Article 6(1)(f) GDPR)

Where processing is based on legitimate interests, we carefully assess and balance our interests against your fundamental rights and freedoms.

4.2 Purposes of Processing

Personal data is processed for the following purposes:

  • providing, operating and improving the Services,

  • processing payments and fulfilling orders,

  • arranging shipping, returns and exchanges,

  • managing customer accounts and preferences,

  • communicating with customers and providing customer support,

  • fulfilling accounting, tax and other legal obligations,

  • security, fraud prevention and protection of the Services,

  • marketing and promotional communications, where permitted by law and consent.

Phone numbers provided by users are used exclusively for order-related or service-related communication.

4.3 Automatically Collected Data

Automatically collected technical data (such as IP address, browser type, operating system and website activity) is processed for statistical, analytical and security purposes and does not directly identify users.

4.4 Google Analytics

The website uses Google Analytics only with the user’s prior consent. Google Analytics uses cookies and similar technologies to analyse website usage.

Google’s data protection practices are described in Google’s official privacy documentation.

4.5 Data Accuracy

The Data Controller does not verify the accuracy of personal data provided. Responsibility for the accuracy of the data lies with the data subject.

Personal data is not used for purposes other than those specified in this Policy.

5. Marketing and Advertising

Where permitted by applicable law, we may use personal data for marketing and promotional purposes, including sending email communications and displaying advertisements.

We will only send marketing communications where we have a valid legal basis to do so, including your prior consent where required.

You may opt out of marketing communications at any time by clicking the unsubscribe link in our emails or by contacting us directly.

Please note that even if you opt out of marketing communications, we may still send you non-promotional messages related to your orders or account.

6. Disclosure of Personal Data

In certain circumstances, we may disclose personal data to third parties, including:

  • Shopify and other service providers acting on our behalf,

  • payment processors, logistics and fulfillment partners,

  • marketing and advertising partners, where consent has been given,

  • affiliates within our corporate group,

  • authorities or third parties where required by law, legal process or to protect our rights.

Third parties process personal data in accordance with their own privacy policies and applicable laws.

7. International Data Transfers

In connection with the use of certain service providers (such as Shopify, Google and payment processors), personal data may be transferred outside the European Union or the European Economic Area, including to countries such as the United States.

Such transfers are carried out in accordance with applicable data protection laws and appropriate safeguards, including:

  • Standard Contractual Clauses approved by the European Commission
  • the EU-U.S. Data Privacy Framework, where applicable
  • other legally recognised transfer mechanisms

We take reasonable steps to ensure that your personal data remains protected during international transfers.

8. Data Retention

Personal data is processed for the duration of the contractual relationship and thereafter for the period required to comply with applicable legal obligations, resolve disputes or enforce our agreements.

9. Rights of Data Subjects

Depending on your place of residence, you may have the following rights:

  • right of access to your personal data,

  • right to rectification of inaccurate data,

  • right to erasure ("right to be forgotten"),

  • right to restriction of processing,

  • right to data portability,

  • right to object to processing,

  • right to withdraw consent at any time,

  • right to lodge a complaint with a supervisory authority.

Supervisory authority in Hungary:
National Authority for Data Protection and Freedom of Information (NAIH)
1055 Budapest, Falk Miksa utca 9–11., Hungary

10. Children’s Data

The Services are not intended for children under the age of 16.

We do not knowingly collect or process personal data relating to children under the age of 16.

If we become aware that personal data of a child has been collected without appropriate consent, we will take steps to delete such data without undue delay.

If you believe that a child has provided us with personal data, please contact us so that we can take appropriate action.

11. Security Measures

The Data Controller implements appropriate technical and organisational measures to protect personal data. However, no system is completely secure, and we cannot guarantee absolute security of data transmitted over the internet.

12. Third-Party Websites

The Services may contain links to third-party websites or platforms. We are not responsible for the privacy practices or content of such third parties. We encourage users to review the privacy policies of those websites.

13. Changes to This Policy

The Data Controller reserves the right to amend this Policy at any time. Any amendments shall become effective upon publication on the website. The "Last updated" date will be revised accordingly.

14. Contact

If you have any questions about this Policy or wish to exercise your rights, please contact us:

Email: hello@kalliebaby.com
Address: Szilléri sugárút 13–15, 6723 Szeged, Hungary

DATA CONTROLLER’S DECLARATION

The Data Controller declares that it considers this Policy binding upon itself and undertakes to process personal data in accordance with its provisions.

Szeged, 2025
KallieBaby Kft.
Data Controller