Privacy Policy

Privacy Notice

Effective Date: [03-05-2022]

Overview

This notice explains how we collect, use, and protect personal information from visitors and customers of our international online store. It covers information collected during transactions, account registration, and website use, and describes the safeguards for sensitive information such as credit card data and contact details.

Information We Collect

  • Personal identifiers: Name, billing and shipping addresses, email address, phone number.
  • Account credentials: Username, password (securely hashed), preferences.
  • Payment information: Credit/debit card details, tokenized payment IDs, billing information, transaction history.
  • Order and transaction data: Products purchased, order history, returns, and refunds.
  • Device and usage information: IP address, browser type, device details, pages visited, cookies, and analytics data.
  • Customer support interactions: Support tickets, chat transcripts, and any uploaded attachments.
  • Optional information: Reviews, survey responses, and voluntarily provided demographic or preference data.

How We Use Personal Information

  • Process orders, handle returns, and manage shipping.
  • Authorize and process payments while preventing fraud.
  • Maintain and manage user accounts.
  • Provide customer support and resolve issues.
  • Offer personalized recommendations and marketing communications, where permitted.
  • Analyze website usage, improve services, and measure performance.
  • Comply with legal obligations and enforce policies.

Payment Data Protection

  • All transactions are processed via PCI-DSS compliant third-party payment processors, ensuring secure handling of credit card data.
  • Card numbers are tokenized so full card details are not stored on our systems.
  • Sensitive payment information is encrypted in transit (TLS) and at rest using industry-standard algorithms.
  • Access to payment data is limited to authorized personnel with multi-factor authentication and role-based permissions.
  • Regular security assessments, penetration testing, and monitoring of systems protect against unauthorized access.

Technical & Organizational Measures

  • Secure HTTPS connections across the site.
  • Encryption of sensitive data stored in databases.
  • Role-based access controls with least-privilege enforcement.
  • Multi-factor authentication for administrative access.
  • Monitoring and logging for suspicious activity.
  • Vetting of third-party service providers to ensure security and confidentiality compliance.
  • Staff training and incident response planning.

Cookies & Tracking

Cookies and similar technologies are used for website functionality, analytics, and personalization. Users can manage cookie preferences via browser settings, though disabling some cookies may affect site performance and checkout experience.

Sharing & Disclosure

We may share personal information with:

  • Service providers for payment processing, order fulfillment, customer support, analytics, and hosting.
  • Professional advisors for auditing, legal, or accounting purposes.
  • Authorities if legally required or to protect rights, safety, and property.
  • Business transfers such as mergers or acquisitions, with contractual safeguards for data protection.

International Transfers

Personal data may be processed in countries outside your residence. Appropriate safeguards, such as standard contractual clauses or adequacy measures, ensure a suitable level of protection.

Data Retention

We retain personal information only as long as necessary to fulfill the purposes described, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and jurisdiction.

Your Rights & Choices

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal information. You may withdraw consent for optional processing, including marketing communications, without affecting prior processing. Requests can be submitted through account tools, with identity verification as needed.

Children

The site is not directed to children under 16 (or higher local age). We do not knowingly collect information from children below this age and will delete such data if discovered.

Security Incidents

We maintain an incident response program and, if a breach presents material risk, affected individuals and regulators will be notified in accordance with applicable laws.

Changes to This Notice

Updates may be made to reflect changes in practices or legal requirements. Material changes will be indicated by a revised effective date and, where required, a prominent notice on the site.