Privacy policy

Effective Date: January 12, 2025

This Privacy Policy (“Policy”) explains how Timeless Aura Group, MB (“Timeless Aura”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal information when you visit or make a purchase on www.kulmari.com (the “Website”). By using the Website, you agree to this Policy.

Questions? Email info@kulmari.com.

Quick navigation: DefinitionsCompany InfoData We CollectHow We CollectHow We UseLawful BasisSharingCookies & AdsInternational TransfersRetentionSecurityYour RightsCalifornia RightsChangesContactComplaints

Definitions

  • Website: The online platform at kulmari.com enabling browsing and purchase of goods (“Goods”).
  • Goods: Products and services offered via the Website.
  • Order: A transaction initiated by a Buyer to purchase Goods.
  • Delivery: Shipment of Goods from the Seller to the Buyer or designated Recipient.
  • Buyer: An individual (18+) or legal entity placing an Order.
  • Recipient: The person/entity designated to receive the Goods.
  • Seller / Data Controller: Timeless Aura Group, MB.
  • Personal Information: Any data relating to an identified or identifiable person.

Company Information

  • Company Name: Timeless Aura Group, MB
  • Registration Code: 307171804
  • Registered Address: Girulių g. 5, LT-12124 Vilnius, Lithuania
  • Email: info@kulmari.com
  • Phone/WhatsApp: +37060348677
  • Privacy Contact: Emma — info@kulmari.com

Information We Collect

  1. Contact & Order Details: Name, email, phone, billing and delivery addresses.
  2. Device & Technical Data: IP address, device identifiers, browser, OS, pages viewed, referral URLs.
  3. Payment Info: Billing details and transaction metadata processed by secure payment providers (we do not store full card numbers).
  4. Support Records: Emails, forms, chat transcripts, call notes.
  5. Purchase & Browsing History: Products viewed, carts, wishlist, order history.
  6. User Content: Reviews, Q&A, uploaded images/content.
  7. Cookies & Similar Tech: Session IDs, analytics, preferences, advertising identifiers (see Cookies).
  8. Social/Marketing Sources: Interaction with our ads or pages on platforms that may share limited data with us per your settings.

How We Collect Information

  • Directly from you (checkout, forms, support).
  • Automatically (cookies, pixels, SDKs, logs).
  • From service providers (payments, shipping, analytics, marketing, anti-fraud).
  • From social media/ads when you interact with our content or consent to sharing.

How We Use Your Information

  • Process, fulfill, and deliver Orders; provide invoices and updates.
  • Provide customer care and respond to requests.
  • Personalize your experience and product recommendations.
  • Run analytics, improve Website performance and security.
  • Send marketing only where permitted/consented; you can opt out anytime.
  • Detect, prevent, and investigate fraud or abuse.
  • Comply with legal, tax, and regulatory obligations.

Our Lawful Bases (GDPR)

  • Contract: To process your Order and provide Services.
  • Legitimate Interests: Site security, analytics, preventing fraud, improving Services, direct marketing (where allowed).
  • Consent: Non-essential cookies/ads, email/SMS marketing (where required), user-generated content featuring you.
  • Legal Obligation: Tax/accounting, regulatory disclosures.

Sharing Your Information

  • Payment Processors for secure transactions.
  • Logistics & Shipping Partners for delivery, returns.
  • IT/Hosting & Security to operate and protect the Website.
  • Analytics & Marketing Tools (only as permitted/consented).
  • Professional Advisors (legal, tax, accounting).
  • Authorities when required by law or to protect rights.

We do not sell your personal data. Some advertising tools may constitute “sharing” under certain laws (see California Rights).

Cookies, Analytics & Advertising

  • Strictly Necessary: Core site functionality (cannot be disabled).
  • Performance/Analytics: Understand usage to improve the Website.
  • Functional: Remember preferences (language, currency, login).
  • Advertising: Measure and deliver relevant ads.

Manage cookies in your browser settings and (if enabled) in our on-site cookie banner. You can opt out of marketing emails via the “unsubscribe” link. If your browser sends a Global Privacy Control (GPC) signal, we will treat it as an opt-out where legally required.

For details, see our Cookie Policy.

International Data Transfers

We are based in Lithuania and may transfer data to providers in other countries. Where required, we use appropriate safeguards such as the EU Standard Contractual Clauses (and UK addendum where applicable) and take steps to ensure an adequate level of protection.

Data Retention

  • Orders & invoices: typically 7 years (tax/accounting).
  • Support records: up to 24 months after last interaction.
  • Marketing data: until you unsubscribe or after 24 months of inactivity.
  • Security/fraud logs: for as long as necessary to investigate/prevent abuse.

We may retain data longer if required by law or to establish/defend legal claims.

Security Measures

We use administrative, technical, and physical safeguards (e.g., TLS encryption in transit, access controls, least-privilege, monitoring). No method of transmission or storage is 100% secure; we regularly review and improve our controls.

Your Privacy Choices & Rights (EEA/UK)

  • Access, correct, or delete your Personal Information.
  • Restrict or object to certain processing (including direct marketing).
  • Data portability (receive a copy in a commonly used format).
  • Withdraw consent at any time where processing is based on consent.

To exercise your rights, email info@kulmari.com. We may request verification information.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know/access the categories and specific pieces of Personal Information we collected about you.
  • Request correction or deletion (subject to lawful exceptions).
  • Opt out of “sale” or “sharing” of Personal Information for cross-context behavioral advertising.
  • Limit the use/disclosure of “sensitive” Personal Information (if applicable).
  • Non-discrimination for exercising your rights.

Use our cookie banner, browser GPC signal, or email info@kulmari.com to submit a request. If available, you may also use a “Do Not Sell or Share My Personal Information” link in our footer.

Children’s Privacy

The Website is intended for users aged 18+. If you believe a minor provided data, contact us and we will delete it.

Changes to This Policy

We may update this Policy from time to time. Material changes will be posted here with a new effective date. Please review periodically.

Contact Us

  • Data Controller: Timeless Aura Group, MB
  • Privacy Contact: Emma, info@kulmari.com

    • Complaints

    If you are unhappy with how we handle your data, please contact us first. You also have the right to lodge a complaint with your local supervisory authority. In Lithuania: the State Data Protection Inspectorate.

    This Policy is provided for informational purposes only and does not constitute legal advice.