Privacy policy

This policy applies for the processing data on https://kbloom.webflow.io/


Introduction 

Bloom K Wave is committed to protecting your personal data and respecting your wishes and we want you to be confident that we are. 


We aim to be clear about when we collect your information and not do anything you would not reasonably expect us to do with your personal data. 

This policy aims to help you understand what personal data we collect, how we use it and how we store it and how this applies to our websites, products and services (collectively “Services”).  


BY ACCESSING AND READING THIS PRIVACY POLICY YOU ACCEPT THAT YOU HAVE BEEN INFORMED REGARDING YOUR PERSONAL DATA PROCESSING BY US, AS DESCRIBED HEREIN.  


When we act as data controller, deciding on the purposes and means of the processing of personal data, we have the responsibility to fulfil with all legal requirements regarding the processing of your personal data.

This Privacy Policy describes our privacy practices and policies relating to our Services. Bloom K Wave operates in various jurisdictions, including outside the UK , EU and  EEA. 

As a general rule, the data we collect about you is processed within the territory of Romania, but also within the European Union, where the same data protection laws apply. Your data may also be transferred to countries that ensure an adequate level of protection (e.g. United Kingdom of Great Britain and Northern Ireland).

We may also transfer your personal data to third countries such as the United States of America or other international organizations that do not provide an adequate level of protection in accordance with the requirements of the European Commission. In this situation, we will take all appropriate safeguards to protect your data and to ensure that you have effective remedies to exercise your rights.

Any personal data collected will be used and held in accordance with both domestic and EU data protection requirements as dictated by applicable privacy legislation. Some of our affiliated Companies may provide you with their own privacy policies and notices relating to their specific role in the organisation, that will complement this policy,  when you access their services.

Our websites and apps are not intended for children below the legal age for providing consent. The age limit varies by jurisdiction. For example, in the UK, US, and Canada, the age is 13, while in other EU countries, such as Romania or Germany, the age is 16, or even 14, in Austria. 

If you are under, do not use or provide any information on our websites and apps, through any of its features.

We do not knowingly collect personal information from children under the legal age.

If we learn we have collected or received personal information from a child under the legal age without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under the legal age, please contact us.


SOME OF OUR AFFILIATED COMPANIES MAY PROVIDE YOU WITH THEIR OWN PRIVACY POLICIES AND NOTICES RELATING TO THEIR SPECIFIC ROLE IN THE ORGANISATION, THAT WILL COMPLEMENT THIS POLICY, WHEN YOU ACCESS THEIR SERVICES.


If you would like to know more about how we collect and use your personal data, please click on the headings below for further information. If you have any further questions, please contact us using the details in the Contact us section below


Who is Bloom K Wave? 

When we refer to Bloom K Wave, we are referring to Bloom K Wave, a public limited company, headquartered in Sibiu, Victor Hugo street, no. 2, floor 1, Romania. 


Where does Bloom K Wave collect your information from? 

  • When you provide your personal data directly to us;
  • By using the contact form on our website;
  • When you purchase our services/products;
  • When you access our websites;
  • So that we can provide you with the best possible experience when you visit our website, we collect cookies when you use our website. 

This can include the pages you visit and areas that are of most interest. Cookies can also be used to make using the website faster, such as by automatically filling in your name and address. Further information about cookies is set out below. 

In addition, the type of device you’re using to access our website or app and the settings on that device may provide us with information about your device, including the type of device it is, what specific device you have, what operating system you’re using, or why a ‘crash’ has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us. 


What type of information do we collect? 

The type of information (including personal data) that we collect and use and what we do with it will depend upon your relationship with us. 


When you contact us

  • name
  • email address and phone number
  • any personal data your message  may contain
  • any data contains by cookies


Information you provide to us when you purchase our Products and Services may include:

  • Contact details, including name, address, telephone number and e-mail;
  • Order information, including your name, billing address, shipping address, payment confirmation, e-mail address and phone number;
  • Account information, including username, password and other information used for account security purposes;
  • Customer support information, including information that you choose to include in communications with us, for example, when you send a message through the mechanisms provided.


Do we collect sensitive personal data?

We will rarely collect information classified as sensitive data, such as information about your race, religious beliefs, political opinions and personal health data. We will only do so if there is a clear reason for doing so, such as to enable you to participate in an event, or if we need your personal health data to ensure your safety at an event.

If you provide us with your bank or credit card details to process a payment over the telephone, we will always ensure that your information is handled securely. We do not store your credit or debit card details at all following the completion of your transaction. All card details are securely destroyed once the payment has been processed. Only staff authorised and trained to process payments will be able to see your card details.

If you make a payment through our website, the payment may be processed through a secure third-party and we will not have access to any of your card details. Your card will be processed in accordance with the policies of the processor providing that service that you will be notified of at the time of making payment and we would refer you to their terms and conditions for further information.


How do we use the personal data we collect? 

Bloom K Wave uses your personal data in different ways, depending on the nature of our relationship with you, as follows:

  • to provide you with our services;
  • to manage you requests;
  • to understand who is accessing our services, publications, events or information; 
  • to keep a record of your relationship with us; 
  • to understand how we can improve our services, products or information. 


Information collected by third parties, where necessary.

Information about you may be collected by third parties, including vendors and service providers who may collect information on our behalf, such as:

  • Companies that support our Site and Services.
  • Our payment processors, who collect payment information (e.g., bank account information, credit or debit card information, billing address) to process your payment to honor your orders and to provide you with the products or services you have requested in order to perform our contract with you.
  • When you visit our Site, open or click on emails we send to you, or interact with our services or advertisements, we or third parties we work with may automatically collect certain information using online tracking technologies such as pixels, web beacons, software development kits, third-party libraries and cookies.

Any information we obtain from third parties will be treated in accordance with this Privacy Policy.


What are the legal basis for processing personal data?

We usually process your personal data only if at least one of the following legal grounds apply:

  • You have given your consent for the processing;
  • Processing is necessary for the performance or entering into a contract to which you are a party;
  • Processing is necessary for compliance with a legal obligation applicable to us;
  • Processing is necessary for the purposes of our legitimate interests.

Our legitimate interest reasons include (but not limited to):

  • Preventing risk and fraud;
  • Prevention of financial losses;
  • Recovery of damages;
  • Defence of our rights in court;
  • Ensuring people’s health and safety;
  • Ensuring security of Bloom K Wave’s sites and premises.
  • Ensuring cybersecurity etc.;
  • Taking the steps necessary to identify you, when necessary;
  • Answering questions or providing any support; 
  • Helping customers find and use relevant products or services through our store; 
  • Providing and improving our products and services; 
  • Reporting and analytics; 
  • Testing out features or additional services; 
  • Assisting with marketing, advertising, or other communications;
  • Protecting Bloom K Wave’s image and reputation.

We only process personal data for these “legitimate interests” after considering the potential risks to your privacy. This may include providing transparency into our privacy practices, offering you control over your personal data where appropriate, limiting the data we keep, limiting what we do with your data, who we send your data to, how long we keep your data, or the technical measures we use to protect your data.


When might we give your personal data to another party? 

We will never share your information with a third party who intends to use it for their own marketing purposes and there are very limited instances where we will share your personal data with a third party. 


This could include: 

  • if a third party provides a service to us, such as running an event on our behalf, providing an element of a contract for us, such as email distribution, fulfilling an order, providing IT, marketing, content services, etc. This would include our trusted partners, entities that sell our products or services or provide our information and marketing for us; 
  • for the administration of events. For example, an event venue may require the provision of the names and dietary requirements of attendees in advance, for security and health purposes; 
  • where there is a legal or regulatory requirement to disclose your personal data such as from government authorities or the courts, we have a genuine and real concern regarding a person’s well-being, or where disclosure is necessary for taxation and criminal investigation purposes;
  • where we have your written consent. 

We may be involved in the sale, transfer or reorganisation of some or all of its business at some time in the future. As part of that sale, transfer or reorganisation, we may disclose your personal data to the acquiring organisation, however, we will require the acquiring organisation to agree to protect the privacy of your personal data in a manner that is consistent with this Privacy Policy. 


How do we keep personal data about you safe? 

Bloom K Wave has a number of steps in place to keep your personal data as safe as possible. 

Reasonable measures (such as systems access security controls, safeguards to detect and prevent security system failures, and restricted access) have been implemented to help protect personal data from loss, misuse, unauthorized access or disclosure. 

We train our staff in data protection and data security to increase awareness of its importance.

 We keep our data protection and data security policies and practices under constant review and review the personal data that we hold, where we hold it and what we do with it. 


Bloom K Wave requires the third parties it works with to comply with data protection laws and puts controls in place to ensure that your information is handled safely and appropriately. 


Where we send your data 

We work with and process data about individuals across the world. To operate our business, we may send your personal data outside of your state, province, country or residence within the European Union (EU) and European Economic Area (EEA) or other regions of the world such as the UK, Canada or the United Stated of America.

If you are in the EEA, you must know that under the GDPR, data transfer between member states is considered safe.

Additionally, other countries have been recognised by the European Commission as offering adequate level of data protection. The full list can be consulted here. In other words, transfers to the country in question will be afforded the same treatment as if transferred between EEA member states. For example, when we send your personal data to Canada  it is protected under Canadian law, which the European Commission has determined that will adequately protect your data.

Your data may also be sent to other Bloom K Wave locations and to service providers who may be located in other regions. This data may be subject to the laws of the countries where we send it.  

We may transfer your personal data to third countries or international organisations that don’t provide adequate level of data protection according to the European Commission or, if you are in the UK, the ICO requirements. In this situation, we shall take appropriate safeguards to protect your data, and make available to you effective legal remedies for protecting and exercising your rights.

In such context, we will ensure that you data will be protected by contractual commitments at least equivalent to the Standard Contractual Clauses approved by the European Commission (SCCs), or if you are in the UK, by international data transfer agreement (IDTA) or relevant IDTA addendum to the SCCs, as the case may be.

Where we cannot find other appropriate safeguards, we will transfer data to these destinations only under the following conditions:

  • We ask for your prior consent, after informing you of possible risks;
  • We transfer the data only at your request for the performance of a contract or the application of necessary pre-contractual measures in relation to us;
  • The transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person;
  • The transfer is necessary for important reasons of public interest;
  • The transfer is necessary for the establishment, exercise or defence of a right in court;
  • The transfer is necessary to protect your vital interests or those of others when you are not in a physical or legal capacity to express your consent; and 
  • Other situations stipulated by law.


How long do we hold your data?

We shall keep your personal data as long as necessary for the purposes for which they were collected. The retention period may vary depending on the purposes and sometimes it may be influenced by the legal provisions. 

When we rely on your consent (e.g., newsletter subscription), your personal data is kept for as long as you continue to consent. 

The erasure of data shall only take place to the extend that such personal data are no longer necessary for other purposes. We periodically evaluate storage periods to ensure that we retain your data only for as long as necessary in relation to the purposes pursued.

What about if you use other websites linked from Bloom K Wave websites? 

Bloom K Wave does not have any control over how any third-party websites handle and use your information. Therefore, if you follow any links to any third-party sites from  Bloom K Wave websites, you must check the privacy policy for such a third-party organisation in order to understand how your information could be used. This policy does not cover third-party websites. 


What are Cookies? 

Cookies are small text files which are used by websites to learn about your visit to the site and in some cases to tailor your experience on the website. We use cookies to improve your experience of using the Bloom K Wave websites, to provide functionality, improve performance, and help with behavioural advertising and embedded content. 

Further information about how we use cookies and how you may turn these off is available in our Cookie Policy. 


Contact with Corporate Subscribers  

“Corporate Subscribers” are organisations who Bloom K Wave might contact in a professional context, using generic work contact details, including phone, email and post. These contact details may be obtained from public domain sources (company websites etc.), from our own business records or from other companies and business contacts. 

We may contact corporate su scribers by email or telephone provided that the subscriber has not previously opted out. 

We may contact subscribers by mail if they have not previously opted out of receiving such communications. 

You have a right to object to the processing of your information for direct marketing. We will provide opt-out notices on our communications to you, or you can advise our team using the contact details in the Contact us section below. 


Data about children

The Services are not intended for use by persons under the age of 16 and we do not knowingly collect personal information about them. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact information below to request deletion.


Disclaimer to security 

By accepting the terms of this Privacy Policy, you acknowledge and agree that no data transmission over the Internet is completely secure. We cannot guarantee or warrant the security of any information you provide to us and you transmit such information to us at your own risk. 


Retaining and disposing of information 

Your personal data is maintained on our networks or on the networks of our service providers. Your information may also be stored in a secure off-site storage facility. We retain personal data only as long as it is needed to fulfil the identified purposes or as may be required to comply with applicable laws. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. To satisfy regulatory requirements, certain personal data may be retained for at least seven years (unless there are legal requirements that require its further retention) after which all documentation will be destroyed in a manner commensurate with its sensitivity. 


What are your rights? 

Under the conditions set out in the data protection laws, as a data subject, you have the following rights:

  • Right to be informed, right to receive details of the processing of your personal data, as described in the Privacy Policy;
  • Right of access, the right to obtain confirmation from us regarding the processing of personal data, as well as details of the processing activities;
  • Right to rectification, the right to obtain the correction of inaccurate/unjustified personal data, as well as the completion of incomplete data;
  • Right to erasure without undue delay, („right to be forgotten”), under the conditions provided by the data protection laws;
  • Right to restriction of processing, to the extent that you contest the accuracy of the data, the processing is unlawful and you oppose to the erasure, requesting instead the restriction of its use, or when we no longer have any purpose to process your data, but you request it for the establishment, exercise or defence of a right in court or when you object to the processing of data for a period enabling us to confirm our legitimate interests;
  • Right to data portability to another controller, under the conditions stipulated by law;
  • Right to object to the processing of personal data, at any time, free of charge and without any justification, when the data is processed for direct marketing purposes or when the processing is based on one of our legitimate interests invoked, unless we can demonstrate that there are legitimate reasons justifying that processing;
  • Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or similarly affects you to a significant extent, with the exceptions set out in data protection laws;
  • Right to withdraw your consent, at any time;
  • Right to lodge a complaint with a supervisory authority, if you consider that the processing of your personal data infriges data protection laws.


Responding to inquiries and complaints 

If you have questions or complaints with respect to our privacy policies and practices or if you wish to request access to, or correction of, your personal data under our care and control, please contact us using the contact details in the Contact us section below. 

Inquiries or complaints will be dealt with promptly. We will acknowledge your query, investigate and provide you with a response within thirty (30) days. 

Considering the complexity and number of pending requests you may have had; we may extend this period by two (2) further months. We will always inform you about any delay in advance, together with the reason for it. 

Please note that if you send us a request to your personal data, we have to make sure that it is before we can respond. 

In order to do so, we may use a third-party to collect and verify identification documents. 

If we are unable to identify you, we may refuse to provide you with the information requested that might not belong to you.

If you are not happy with our response to a request, you can contact us to resolve the issue.


Right to file a complaint 

If you believe the privacy laws relating to the protection of your personal data or our Policy have not been respected, you may file a complaint with us at the address listed below. We will investigate all complaints. If, after an investigation, your complaint is deemed justified, we will take appropriate steps to correct the situation, including, if necessary, amending our policies and practices. If you are not satisfied with the results of the investigation or the corrective measures taken by us, you may exercise the remedies available under law by contacting your local Data Protection Supervisory or any other competent supervisory. 


Will this policy change? 

To make sure that this policy and our practices stay legally compliant and up-to-date, we may make changes from time to time. If we make any substantial changes, we will make this clear on our website, or by contacting you directly, if appropriate. 

To be sure that you don’t miss anything, please check back to this page from time to time. 


Contact us 

If you didn’t find what you have been looking for in this Policy, or you would like to speak to someone at  Bloom K Wave about how we collect, use and store your personal data, if you have any questions, comments, requests or suggestions or if you would like to change your contact preferences, please contact us:

  • by email at:

 data.protection@thermegroup.com

  • by post office at: Sibiu, Victor Hugo street, no. 2, floor 1, Romania.
    •


    Last update: June 2025