Safe Harbor / Cross‑Border Data Transfer Policy

1. Scope & What We Transfer

Through our website forms we collect only name and email address. If we need additional details (e.g., shipping address or order specifics), we collect them later via direct email to fulfill your request. When you interact with us from outside the U.S., this information may be transferred to and processed on systems located in the United States.

2. Lawful Basis for Processing

For individuals in jurisdictions requiring a legal basis (e.g., EEA/UK/Switzerland), we process your personal data based on one or more of the following: (i) your consent; (ii) our legitimate interests in responding to inquiries and operating our business (balanced against your rights and freedoms); and (iii) performance of a contract or steps prior to entering into a contract at your request.

3. Transfer Mechanisms We Use

We use appropriate safeguards to ensure that cross‑border transfers comply with applicable data‑protection laws and that your rights travel with your data. Depending on the originating jurisdiction, safeguards may include:

• Standard Contractual Clauses (SCCs): EU/UK/Swiss‑approved model clauses with recipients in the U.S.
• Contractual & Organizational Measures: confidentiality, access controls, data minimization, and vendor due diligence.
• DPF Participation (if applicable): If Katamal self‑certifies to the EU‑U.S./UK‑U.S./Swiss‑U.S. Data Privacy Framework (DPF), we commit to the DPF Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity & Purpose Limitation, Access, and Recourse/Enforcement/Liability. (If not self‑certified, this sentence does not apply.)

4. Notice

We provide clear notice of the categories of personal information we collect (name and email), the purposes of processing (responding to your requests, completing orders), and the types of third parties with whom we may share data (e.g., email and hosting providers). Additional information (such as address) is requested by email only when necessary to fulfill your request.

5. Choice

You may opt out of non‑essential communications at any time by using the unsubscribe link (if available) or contacting us at info@katamallc.com. If you are in a jurisdiction that requires express consent for certain processing or transfers, we will obtain it before proceeding, and you may withdraw consent at any time.

6. Onward Transfer

When we share personal information with service providers (e.g., email delivery, hosting, security), we do so under contracts that limit processing to specified purposes and require appropriate protection of your data. We remain responsible for our service providers’ handling of personal information consistent with this Policy and applicable law.

7. Security

We maintain reasonable and appropriate administrative, technical, and organizational measures designed to protect personal information from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. No method of transmission or storage is completely secure.

8. Data Integrity & Purpose Limitation

We collect and process only the personal information that is relevant to the purposes described in this Policy. We take reasonable steps to ensure that the data is reliable for its intended use, accurate, complete, and up to date, and retain it only as long as necessary for those purposes or as required by law.

9. Access

You may request access to your personal information, or ask that it be corrected or deleted, by contacting us at info@katamallc.com. We will respond in accordance with applicable law.

10. Recourse, Enforcement & Liability

If you have an unresolved privacy or data‑use concern, please contact us first at info@katamallc.com and we will work to resolve it. Depending on your jurisdiction, you may also have the right to lodge a complaint with your local data‑protection authority.

DPF participants only: If Katamal is self‑certified to the Data Privacy Framework, we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission, will provide free independent dispute resolution via an approved provider, and, under certain conditions, individuals may invoke binding arbitration. (If we are not self‑certified, this paragraph does not apply.)

11. Changes to This Policy

We may update this Policy periodically. The “Effective Date” above reflects the latest revision. We encourage you to review this page for updates.

12. Contact Us