Privacy Policy

Effective Date: 26/08/2025

Kinfolk (“Kinfolk,” “we,” “our,” or “us”), registered in Denmark, is the data controller responsible for your personal data when you visit www.kinfolk.com (the “Website”), purchase our products, subscribe to our newsletter, or otherwise interact with us.

We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data in compliance with the EU General Data Protection Regulation (GDPR).

1. Data We Collect

We may collect the following categories of personal data:

Information you provide directly

● Name, email address, shipping/billing address, and payment details when making a purchase.

● Email address and preferences when subscribing to newsletters.

● Information submitted through customer service inquiries.

Information collected automatically

● Cookies and similar technologies (browser type, IP address, device identifiers, pages visited, time spent).

● Analytics data (e.g., Google Analytics, Google Tag Manager, YouTube, Vimeo).

Information from third parties

● Payment providers, shipping carriers, and marketing/email service providers may share relevant information to fulfil transactions or provide services.

2. Legal Bases for Processing

We process your personal data on the following grounds:

● Consent – for marketing emails, newsletters, and non-essential cookies.

● Contract – to process and deliver orders you purchase.

● Legitimate Interests – to improve our Website, personalise your experience, prevent fraud, and secure our systems.

● Legal Obligations – to comply with tax, accounting, and other legal requirements.

3. How We Use Your Data

We use your personal data to:

● Fulfil and deliver your orders.

● Communicate with you about orders, customer service inquiries, and updates.

● Provide newsletters and marketing communications (if you have consented).

● Improve our Website functionality, performance, and security.

● Comply with legal and regulatory requirements.

4. Data Retention

We retain personal data only for as long as necessary for the purposes described:

● Order data: up to 7 years (for tax and accounting compliance).

● Newsletter/marketing data: until you unsubscribe or remain inactive for 3 years.

● Customer service communications: up to 3 years.

● Cookie/analytics data: per cookie expiration (see our Cookie Policy).

● In all cases, data is retained only as long as necessary to fulfil the purposes for which it was collected and to comply with applicable legal obligations.

5. Cookies and Tracking

We use cookies and similar technologies for the following purposes:

● Strictly Necessary Cookies – required for Website operation (e.g., checkout).

● Functional Cookies – to remember preferences and improve usability.

● Performance/Analytics Cookies – to measure Website use (e.g., Google Analytics, Vimeo).

● Marketing Cookies – to deliver relevant advertising (currently, none are used).

Non-essential cookies are only placed with your consent, which you can manage via our cookie banner at any time. See our full Cookie Policy for details.

6. Data Sharing

We may share your data with trusted third parties, including:

● Payment providers (PayPal, Stripe) – to process transactions.

● E-commerce platform providers (WooCommerce, CookieYes) – to operate the Website.

● Shipping carriers – to deliver products.

● Analytics and performance providers (Google Analytics, Google Tag Manager, Vimeo, YouTube).

● Marketing/email service providers (e.g., Mailchimp, Klaviyo, if used).

● IT and cloud service providers – to securely host and store data.

We require all third parties to process your personal data in accordance with GDPR and only for specified purposes.

7. Data Transfers Outside the EEA

Some of our service providers (e.g., Google, Stripe, PayPal, Vimeo, YouTube, Calendly) are based outside the European Economic Area, including in the United States.

When such transfers occur, we ensure adequate safeguards through:

● Standard Contractual Clauses (SCCs) approved by the European Commission, or

● Other legally approved mechanisms that ensure your data is protected.

8. Your Rights

Under the GDPR, you have the right to:

● Access your personal data.
● Request correction of inaccurate data.
● Request deletion of your data (subject to legal obligations).
● Restrict or object to processing.
● Request data portability in a structured, commonly used format.
● Withdraw consent at any time (without affecting the lawfulness of prior processing).

To exercise your rights, contact us at [email protected]. We will respond within 30 days.

9. Right to Complain

You also have the right to lodge a complaint with your local supervisory authority. In Denmark, this is:
Datatilsynet – The Danish Data Protection Agency
Carl Jacobsens Vej 35, 2500 Valby, Denmark
Website: https://www.datatilsynet.dk

10. Automated Decision-Making

We do not use your personal data for automated decision-making, including profiling, that produces legal or similarly significant effects on you.

11. Children’s Data

Our Website is not directed to children under the age of 16, and we do not knowingly collect personal data from them. If we learn that we have inadvertently collected such data, we will delete it promptly.

12. Data Security

We implement appropriate technical and organizational measures (such as encryption, access controls, and secure hosting) to protect your personal data against unauthorized access, loss, alteration, or disclosure.

13. Contact Information

For questions or privacy requests, please contact us:

● Email: [email protected]
● Mailing Address: Amagertorv 14B, Copenhagen 2 1160, Denmark

14. Updates to This Policy

We may update this Privacy Policy from time to time. The revised version will be posted on this page with the updated effective date.