Privacy Policy

Privacy Notice

Effective date: [Effective Date]

Overview

This Privacy Notice explains what personal information we collect from customers and visitors to our international e-commerce site, how we use and protect that information, and the choices and rights available to individuals. It applies to information collected online and through related services necessary to sell, deliver, and support our products.

Information We Collect

We collect personal information needed to complete transactions, provide customer service, comply with legal obligations, and improve our services. Categories include:

  • Contact details: name, billing and shipping addresses, email address, phone number.
  • Account credentials: username, password (securely hashed), account preferences.
  • Payment data: payment card details, tokenized payment identifiers, billing information, transaction records. See the Security section for details on how payment data is protected.
  • Transaction & order information: products ordered, order history, returns, and refunds.
  • Device & usage data: IP address, browser and device type, pages visited, cookies and similar technologies, referral source, and analytics data.
  • Customer support records: support tickets, chat transcripts, and any attachments you provide.
  • Optional data: product reviews, survey responses, demographic information, or photos you volunteer.

How We Use Personal Information

Personal information is used for the following purposes:

  • Order fulfillment: to process, ship, and deliver orders, handle returns, and provide receipts.
  • Payment processing: to authorize and complete payments, process refunds, and prevent fraud.
  • Account management: to maintain user accounts, enable authentication, and show order history.
  • Customer support: to respond to inquiries, resolve issues, and manage warranty or replacement requests.
  • Personalization & marketing: to provide personalized product recommendations and, where permitted, send promotional communications. You may opt out of marketing where required by law.
  • Security & fraud prevention: to detect and prevent unauthorized activity and protect the safety of our customers and systems.
  • Analytics & improvement: to analyze trends, improve products and services, and measure site performance.
  • Legal & regulatory compliance: to comply with laws, respond to lawful requests, and enforce our terms.

Legal Bases for Processing

Where applicable, we process personal information on one or more of the following legal bases: performance of a contract, compliance with legal obligations, legitimate interests (such as fraud prevention and service improvement), and consent (for optional marketing or analytics where required by law).

Payment Card Data & Protection

We apply strict safeguards to protect payment card information:

  • Third-party payment processors: Card transactions are processed via certified, PCI-DSS compliant payment providers. Where used, these providers tokenize card numbers so we never retain full card numbers on our systems.
  • Tokenization: When supported by the payment provider, card data is exchanged for a secure token that can be used for refunds and recurring transactions without storing the original card number.
  • Encryption: All payment data in transit is encrypted using strong TLS. Any limited storage of sensitive payment fields (only where strictly necessary and permitted) is encrypted at rest using industry-standard algorithms.
  • Access controls: Access to payment and sensitive personal data is limited to authorized personnel and systems on a need-to-know basis. Administrative access requires multi-factor authentication and role-based permissions.
  • Monitoring & testing: Systems and integrations undergo regular security assessments, vulnerability scanning, and penetration testing. We require our payment providers and relevant vendors to maintain robust security practices.
  • Safe communications: Do not send full card numbers, PINs, or authentication credentials in email or unencrypted messages. If card details are needed for a legitimate purpose, we will request them through a secure, one-time channel managed by an approved processor.

Technical & Organizational Security Measures

We maintain a range of organizational, technical, and physical controls to safeguard personal information:

  • Secure transmission: TLS/HTTPS is enforced across the site.
  • Encryption at rest: Sensitive data stored in databases is encrypted where required by law or business need.
  • Least-privilege access: Role-based access controls and unique credentials limit internal access to data.
  • Multi-factor authentication: Required for privileged accounts and administrative access.
  • Logging & monitoring: System logs are maintained and monitored for suspicious activity and anomalies.
  • Vendor oversight: Third-party providers are assessed and contracted to meet security and confidentiality requirements.
  • Employee practices: Security training, background checks for staff with access to sensitive systems, and incident response preparedness.

Cookies & Tracking Technologies

We and our partners use cookies, web beacons, local storage, and similar technologies to enable site functionality, analyze usage, and personalize content. Cookie management is available through the cookie banner and your browser settings; disabling certain cookies may affect site behavior and checkout experience.

Sharing & Disclosure

We may share personal information with:

  • Service providers: payment processors, order fulfillment and logistics partners, customer service platforms, analytics and marketing services, and hosting providers.
  • Professional advisors: auditors, legal counsel, and accountants when necessary for compliance or investigation.
  • Legal requests: authorities and courts when required by law, or to protect rights, safety, and property.
  • Business transfers: in connection with mergers, acquisitions, or asset sales, subject to contractual protections.

We require third parties to protect personal data consistent with this Notice and applicable law.

International Transfers

Personal data may be processed or stored in countries other than where you reside. When transfers occur, we use appropriate safeguards such as standard contractual clauses, adequacy decisions, or other lawful mechanisms to ensure an adequate level of protection.

Data Retention

We retain personal information only as long as necessary to fulfill the purposes described in this Notice, to comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and jurisdiction and are periodically reviewed to minimize unnecessary storage.

Your Rights & Choices

Depending on your jurisdiction, you may have rights such as access, correction, deletion, portability, restriction of processing, and objection to certain uses of your personal data. Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing. Requests to exercise rights may be submitted through your account tools where available; identity verification may be required to protect your information.

Children

This site is not intended for children below the age of 16 (or a higher age where required by local law). We do not knowingly collect personal information from children below the applicable age threshold. If we become aware we have collected such data, we will take steps to delete it in accordance with applicable law.

Security Incidents & Notification

We maintain an incident response program to investigate and respond to security events. If a breach affecting personal information presents a material risk to individuals’ rights and freedoms, we will notify affected individuals and regulators in accordance with applicable legal requirements.

Changes to This Notice

We may update this Privacy Notice to reflect changes in our practices or legal requirements. Material changes will be indicated by an updated effective date and a prominent notice on the site where required by law.