Privacy Policy

Hello! We are the company Khooa S.r.l., but you can simply call us Khooa. On this page, we provide you with the necessary information to understand how we handle your personal data

Khooa's Role in Personal Data Processing

At Khooa, we provide you with personalized image consulting services. In particular, We help you choose the right color palette, clothing and the best combinations between your clothes and makeup using armocromia techniques and other image tests.

These tests are possible through artificial intelligence software that we have developed, with which we process information and images related to you and communicate to you which colors are most suitable for you, classifying them into 4 seasons: spring, summer, autumn, and winter. To automate this service and make it accessible to a wider audience, we have created a platform accessible via a user interface at www.khooa.com and a digital app where services using our artificial intelligence software are delivered.

As you may have understood, in order to do all these things, we need to process your personal data. However, we want to do so in full compliance with your rights and with maximum transparency.

Data Controller

The data controller is the person or legal entity that decides how personal data is processed and for what purposes.

In this case, it's us at Khooa; our company, Khooa S.r.l., is the data controller for the data processing described in this privacy notice.

Here are some detailed information about us:

• Name: Khooa S.r.l.
• Registered Office: Via Fatebenefratelli 19, 20121 Milan (MI) Italy VAT Number: 12044650963

You can contact us using the following email address: [email protected].

Categories of Processing

To help you effectively navigate this document and find what interests you, we have decided to group the information into the following categories of processing:

• Navigation on the khooa.com platform and app
• Armocromia and face shape tests
• Registration on khooa app and onboarding
• Color Analysis Test (Aicromia), Face shape test, Digital Wardrobe and Digital make-up
• Newsletter
• Personalized Advertising
• Payment Processing and Accounting
• Customer Service
• Navigation Data and Use of Khooa App
• Statistics and Market Research
• Data Recipients and Transfers
• Retention Periods and Duration of Processing
• Your Privacy Rights

For each category, we provide you with a brief description of what we do with your data, indicate the types of data processed, the purposes for which we process them, and the legal bases - among those provided for in Art. 6 of the EU Regulation 2016/679 (the famous "GDPR") - that allow us to do so.

After describing the individual categories of processing, we provide you with more general information, and in particular: recipients to whom we disclose your personal data and whether this involves transfers outside the European Economic Area; the duration for which we retain the data; what your rights are and how you can exercise them.

When you browse the khooa.com website, even without taking other actions, we can track your navigation using cookies or similar technologies. Although we are not able to know the identity of the person browsing the site, cookies still allow us to collect some identifying data, such as the IP address of the device you are connecting from, the browser, your device settings, etc. For more information about the cookies used by the website www.khooa.com, we invite you to read our Cookie Policy.

On the khooa.com web platform, without any type of log-in, you can access our free services and the basic armocromia and face shape tests.

The armocromia test is based on multiple-choice questions about your image. The personal data acquired with the answers are processed automatically, and a result is returned that communicates: a reference season among spring, summer, autumn, and winter, and a palette of colors suitable for you. Once the result is obtained, the answers to your questions are not stored.

To use our services based on AI — artificial intelligence systems, you must first register on the Khooa app, providing us with an email address and creating a password, which you must keep confidential. With registration, you enter into a contractual relationship with Khooa and accept our terms and conditions.

At the registration stage, we ask you to communicate the following mandatory personal data:

• name and surname
• email address
• date of birth

We need this data to identify you as a contractual party, communicate with you, and verify that you have reached the minimum age necessary to accept our terms and conditions. The legal basis that allows us to process this data is the need to fulfill a contract of which you are a party.

Therefore, this data is mandatory, and without it, we cannot allow you to register and therefore access our services.

You can use your Google or Apple account to access the Khooa platform. This way, you will not have to remember the username and password for a new account. In this case, we receive from Google or Apple the information necessary for your identification, namely the email address and your UserID. By doing so, you will communicate to Google or Apple (depending on the case) your access to the Khooa platform, and this data will be processed by Google or Apple as data controllers.

For more information on the service offered by Google or Apple, you can view this page: Using your Google Account to access other services or apps. For more information on the service offered by Apple, you can view this other page: What is 'Sign in with Apple'?.

During the registration phase, you will also be asked if you want to subscribe to our Newsletter: you can find all the information on this in the Newsletter section of this policy. Furthermore, we may use the email address you provided during registration to send you commercial communications related to said services for which, in light of your purchase, you have already expressed interest (so-called soft spam).

The legal basis that allows us to carry out this processing is legitimate interest.

If you do not want your email address and/or your residential or domicile address to be processed for these purposes, you can exercise the right to object by writing to [email protected], without having to provide any explanation.

Subsequently, during the onboarding phase on the Khooa App, you will also be asked to communicate, but you may choose not to respond, the following data:

• your color season (if you already know it);
• the underseason you belong to;
• your fashion preferences; and
• the face shape (choosing from the face shape options present on the App).

Once logged in on the Khooa app, you can purchase and use our paid services and access the armocromia and face shape (faceshape) tests carried out through our AI software — artificial intelligence, digital wardrobe, and digital beauty case. Unlike the tests that can be carried out on the khooa.com web platform, the aicromia and faceshape tests and the tests for creating your digital wardrobe and your digital beauty case can only be performed on the app and are based on the use of artificial intelligence software. For the first type of test (aicromia), after paying the corresponding fee — as it is a paid service — and accepting our terms and conditions, you are asked to upload three photographs of yourself and your image from a frontal perspective. The images are processed by our artificial intelligence software and provide as results: a reference season among spring, summer, autumn, and winter, and a palette of colors suitable for you.

For the second type of test (faceshape) via AI, you are asked to upload two photos of your face, one frontal and one profile. The images are processed by artificial intelligence software developed by us and provide as results: a reference season and a palette of colors suitable for you; the indication of the shape of your face among the eight possible faceshapes (oval, square, diamond, etc.) and the indication of the category of your profile (sweet, moderately structured or structured).

The third type of test (digital wardrobe) allows you, after paying the corresponding fee — as it is a paid service — and accepting our terms and conditions, to upload a photograph of a garment, to know its chromatic season and to generate, through the appropriate functionality, personalized outfits tailored to your characteristics, your stylistic preferences, and your chromatic season and the palettes of colors most suitable for you. You can also store the images of the clothes uploaded and the result of the tests on your personal account, so as to have your own personal digital wardrobe at your disposal.

The fourth type of test (digital make-up), finally, allows you to enter the characteristics of your makeup and other makeup elements (the brand/make name, category, and color), to know the corresponding season and the makeup most suitable for you. Or you can directly ask us for advice and it will be the artificial intelligence software developed by us to generate a makeup and/or makeup suitable for your season. You can also store the result of the tests on your personal account, so as to have your own personal digital beauty case at your disposal.

The processing of images and other personal data in your responses is necessary to provide you with the test results. Without these data, we are unable to do so. Therefore, the legal basis allowing us to process this information is its necessity in order to provide a service you have requested. The same applies to the storage of your photographs and the images of the clothing within your digital wardrobe.

The images of your face and the clothes you have uploaded are also stored in our database and periodically used to "train" our artificial intelligence software. This further processing of your personal data is based on our legitimate interest in improving our artificial intelligence software and, consequently, our services; such interest is not detrimental to your rights and freedoms as the data subject of the processing because it is reasonable to assume that you too wish for our digital services to constantly improve, thus making them increasingly effective for your use. In any case, to ensure the highest possible protection of your personal data, the images of the clothes are permanently and irreversibly dissociated from the person who uploaded them, thus making them anonymous data. On the other hand, images of the face are pseudonymized and associated with a reference code rather than directly with your name and surname. This allows us to trace them in case you wish to exercise your privacy rights. Specifically, we remind you that you can object to this processing by writing to us at [email protected] and communicating your reasons.

Khooa manages a newsletter service, through which it periodically sends emails to all subscribers containing news, updates, and information related to image consulting and color analysis, as well as promotions and commercial offers from either Khooa or third parties in this sector. If you request to subscribe to the newsletter to stay informed about image consulting and color analysis topics, we will add your email address to a mailing list so that you can receive our periodic communications. The legal basis for processing this data is its necessity to provide you with the newsletter service you have requested. To stop this processing, you can unsubscribe from the newsletter at any time by following the instructions provided at the bottom of each email.

The data collected about you during registration and onboarding (e.g., name, surname, email, reference season, fashion preferences, etc.) and the results of the tests, both those carried out for free on the khooa.com web platform and those available for a fee on the Khooa app, can be used by Khooa to create a profile of you. Your profile, in association with contact data, can be communicated to third parties, who in turn can use it to send you personalized advertising based on your interests. For instance, to suggest the purchase of clothing items or accessories in colors compatible with the results of your color analysis tests.

This processing can be beneficial for both us and you, as it allows you to receive commercial offers based on your interests and aligned with the color analysis test results you've undertaken. However, if not understood or desired, it might lead to a perceived violation of your privacy. For this reason, we are committed to carrying out this data processing in a fully transparent manner and only after obtaining your consent. You can revoke consent at any time, and in such cases, we will work to communicate this revocation to all third parties to whom we have shared your data.

To manage payments, Khooa employs third-party intermediaries like Google Pay and Apple Pay. Please note that these entities process your data not on our instruction, but as independent data controllers. Therefore, you should refer to their privacy policies to understand how they process your personal data. When you use these services, we at Khooa receive data related to the payment made and some partial data related to the chosen payment method. We only use this data to receive payments and manage any refund requests. Our legal basis for processing this data is its necessity to fulfill a contract of which you are a part.

Payment-related data is recorded in our accounting system and used for issuing invoices and tax receipts. The legal basis allowing us to process this data is the need to fulfill legal obligations in tax and accounting matters.

If you have purchased and benefited from one of our test services (color analysis, face shape), we may use some of the personal data you provided during registration to provide you with customer service.

In such cases, you will be asked to send one or more photos of your face, reporting the problem encountered in processing and using the tests. The images and photos sent will be analyzed by Khooa's dedicated team to identify the issue and perform alternative image consulting. The result of this evaluation, and thus the resolution of the problem, will be communicated to you via the app and to the email address provided at the time of registration.

The legal basis allowing us to process this information is the necessity to provide you with the customer service you have requested, related to the correct and full use of the test services available on the app.

When you log in to the Khooa app, in addition to identifying data such as the IP address of the device you are connecting from, your browser, and your device settings, we are able to record, through the use of cookies, the actions you perform (log-in and log-out, purchases, taking tests, etc.) and attribute them to your account. We process this data based on our legitimate interest in monitoring the activities carried out by users on the website, to improve services, ensure platform security, counteract fraud, and check if an account has been inactive for a long time and proceed with its deletion. Again, this is an interest compatible with yours as it allows for the improvement of the web service you access; however, you can always object to this processing by writing to us at [email protected] and explaining your reasons. For more information about the cookies used by the site www.khooa.com, we invite you to read our Cookie Policy.

We process data related to our users, including age, fashion preferences, test results, etc., for statistical purposes and market research. Once collected from your personal profile, data continues to be processed for this purpose in an aggregated form without the possibility of linking them back to you. The processing is based on our legitimate interest in conducting anonymous statistics and market research, including for sale to third parties. This is an interest not incompatible with yours and does not harm your rights and freedoms as the data subject, as the data is processed and provided anonymously and third parties receiving it cannot trace it back to you. On the other hand, they can improve their services thanks to this data. In any case, if you don't want your data to be used for this purpose, you can object to the processing by writing to us at [email protected] and explaining your reasons. Once the data is completely anonymized, you will no longer be able to exercise privacy rights, as they are no longer subject to personal data protection regulations.

Khooa uses the following service providers for services that involve personal data processing:

• Amazon Web Services (AWS) for hosting images used to power the artificial intelligence software.
• MongoDB as the Database for saved data on the www.khooa.com web platform (e.g., user accounts and profiles, sales, color analysis test results, etc.); hosting is provided by Vercel.
• Heroku as the data transfer management platform.
• Klaviyo for newsletter management.
• Huggingface, for the provision and management of the hosting service for artificial intelligence algorithms.

To ensure these entities protect your personal data and do not use it for purposes other than those indicated in this policy, we have appointed them as data processors and have entered into Data Processing Agreements with them.

For data retention by AWS, Heroku, and MongoDB, we have chosen data centers located within the European Economic Area or in countries that have received an adequacy decision from the European Commission. However, since these providers are based in the United States or are part of international corporate groups based in the United States, they might be subject to requests for the disclosure of personal data hosted in their data centers by U.S. public authorities. Therefore, the use of providers like AWS, MongoDB, Heroku (and Klaviyo) may involve the transfer of your personal data to the United States. To ensure this transfer respects your rights, we have ensured that the contracts signed with these entities include the Standard Contractual Clauses approved by the European Commission in decision 2021/914 to allow cross-border transfers of data between a data controller and a data processor. For more information or to request a copy of the SCCs used, you can write to us at [email protected].

Data obtained from color analysis test results, your fashion preferences, and your contact information (name, surname, and email address) may be shared by Khooa with third-party companies to enable the sending of personalized advertising based on test results. This transfer only occurs if you have provided consent.

Personal data contained in our accounting records may be shared with external professionals and consultants, such as accountants, as well as the Tax Authority.

You can request the removal of your account at any time by writing to [email protected], or accessing to the Profile section on the Khooa App and clicking on “delete my account” button in the “settings” section.

The data collected during registration or subsequently, which are necessary for the execution of the contract (name, surname, email address, date of birth, purchased services, payments, etc.), are retained for as long as you keep your account active and for the following 10 years.

On the other hand, optional data contained in your account (fashion preferences, color analysis results, images in your digital wardrobe, etc.) and your residence or domicile address will be deleted upon account removal. You can request the removal of your account at any time by writing to [email protected]. If you have provided consent to process this data for marketing purposes and to share it with third-party companies, the deletion of the account does not automatically lead to the erasure of this data, which may continue to be processed for its respective duration or until the consent is revoked.

If your account remains inactive for 24 months (no login activity), we will send you an email asking you to confirm your interest in maintaining your account, giving you a reasonable time to respond. In the event of no response, we will proceed with account deletion.

Data processing for marketing purposes based on our legitimate interest (soft spam) lasts as long as your account remains active. With the deletion of your account (voluntary or due to inactivity), it is assumed that you are no longer interested in receiving our communications.

Data processing for marketing purposes for which you have given consent has a duration of 24 months from the consent collection. However, you can revoke consent at any time to stop this processing earlier. Third-party companies that have received data from us are obligated to inform you of how long they will retain the data in their respective policies.

Processing related to sending newsletters continues until you unsubscribe from the newsletter. Facial images used to train our artificial intelligence software are retained for 5 years from collection. However, images of clothing are anonymized and subsequently stored indefinitely. Personal data contained in accounting records (e.g., provided services and related payments) are retained for 10 years from their registration.

The GDPR (Articles 15-22) recognizes important rights concerning the protection of personal data, which you can exercise by contacting the data controller.

Right of Access

You have the right to know whether personal data concerning you are being processed and to know: the origin of the data; the categories of data processed; the recipients; the purposes of processing; the existence of automated decision-making, including profiling; the storage period of the data.

Right to Rectification

If your data is incorrect, outdated, or incomplete, you have the right to request correction and/or supplementation, and you can demand that the data controller communicate this to recipients to whom the data has been transferred, unless it is impossible or requires disproportionate effort.

Right of Cancellation

You have the right to have your data erased in cases provided by Art. 17 of the GDPR and in any case when: they are no longer necessary for the purpose for which they were collected; you have revoked your consent to processing, and there is no other valid legal basis; you object to processing, and there is no overriding legitimate grounds for processing; the data has been processed unlawfully; erasure is necessary to fulfill a legal obligation. You have the right to have the data controller communicate this to potential recipients of the data, unless it is impossible or requires disproportionate effort.

You can request the removal of your account at any time by writing to [email protected], or accessing to the Profile section on the Khooa App and clicking on “delete my account” button in the “settings” section.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your data when: you contest their accuracy, for the period necessary for verification; if processing is unlawful but you do not want the data to be deleted; when the controller no longer needs it but you want to retain it for exercising a legal claim; when you have objected to processing, pending verification of the controller's legitimate grounds. You have the right to have the data controller communicate this to potential recipients of the data, unless it is impossible or requires disproportionate effort.

Right to Data Portability

When data processing is based on your consent or necessary for the performance of a contract and is carried out by automated means, you have the right to receive your data in a commonly used structured format or request that it be transmitted to another controller, if technically feasible.

Right to Object

You can object to the processing of your personal data based on the data controller's legitimate interest or public interest for reasons related to your specific situation. You can object to the processing of your personal data for marketing purposes without the need to justify the objection.

Right to Withdraw Consent

You can withdraw your consent for data processing at any time.

Right to Lodge a Complaint

If you believe your rights have been violated, you can file a complaint with the Data Protection Authority.

Exercising Your Rights

You can exercise your rights by submitting a request to exercise your rights in writing to [email protected]. We are required to respond within 1 month to your request or to communicate and justify any delay in response, which, however, cannot exceed 2 months.

If the response is not received within the indicated timeframe or you find it unsatisfactory, you can contact the Data Protection Authority through a complaint in accordance with Article 77 of the Regulation or the judicial authority.

To exercise your rights, you can use the template provided on the website of the Data Protection Authority www.garanteprivacy.it.