Privacy Policy - TARRAN

Release Date: 28. 06. 2024

Effective Date: 28. 06. 2024

Thank you for visiting the TARRAN Official Website. This policy applies to TARRAN INNOVATION LIMITED (hereinafter referred to as "We" or "TARRAN"), which provides TARRAN online store and relevant services. We greatly value the privacy and the security of your personal information. We are committed to strictly adhering to the requirements of the laws and regulations, and we will implement appropriate security measures to protect your personal information and privacy. In light of this, we have established this Privacy Policy and we would like to bring to your attention:

This Privacy Policy describes how we collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from the website or otherwise communicate with us. For purposes of this Privacy Policy, "you" and "“your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.

Please carefully read and fully understand this policy before using the services we provide. Only after confirming full understanding and agreement can you start using it.

You agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use or access any of the Services.

This policy will help you understand the followings:

1.How we collect your personal data

2.How we use your personal data

3.How we share, disclose, and transfer your personal data

4.How we store your personal data

5.How we protect your personal data

6.Your rights

7.How we process the personal data of children

8.How we transfer your personal data globally

9.Third party providers

10.How we use Cookie and similar technologies

11.Updates to this policy

12.How to contact us

1.How We Collect Your Personal Data

The types of personal information we obtain about you depends on how you interact with our website and use our Services. When we use your personal information, we are referring to information that identifies, relates to, describes, or can be associated with you. The following sections describe the categories and specific types of personal information we collect.

Information We Collect Directly from You

Information that you directly submit to us through our Services may include:

  • Basic contact details including your name, address, phone number and email.
  • Order information including your name, billing address, shipping address, payment confirmation, email address, phone number.
  • Account information including your username, password, security questions.
  • Shopping information including the items you view, put in your cart, or add to your Wishlist.
  • Customer support information including the information you choose to include in communications with us, for example, when sending a message through the Services.

Some features of the Services may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features.

Information We Obtain from Third Parties

we may obtain information about you from third parties, including from vendors and service providers who may collect information on our behalf, such as:

  • Companies who support our website and Services, such as Shopify.
  • Our payment processors, who collect payment information(e.g., bank account, credit or debit card information, billing address) to process your payment in order to fulfill your orders and provide you with products or services you have requested, in order to perform our contract with you.
  • When you visit our website, open, or click on emails we send you, or interact with our Services or advertisements, we, or third parties we work with, may automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies.

Any information we obtain from third parties will be treated in accordance with this Privacy Policy. We are not responsible or liable for the accuracy of the information provided to us by third parties and are not responsible for any third parties policies or practices.

Information We Collect through Cookies

We also automatically collect certain information about your interaction with the Services "Usage Data").To do this, we may use cookies, pixels, and similar technologies("Cookies").Usage Data may include information about how you access and use our website and your account, including device information, browser information, information about your network connection, your IP address and other information regarding your interaction with the Services.

Please understand that the services we provide to you are constantly being updated and developed. If a certain function or service is not included in the above description and your information has been collected, we will separately explain the content, scope, and purpose of information collection to you through page prompts, interaction processes, website announcements, and other methods to obtain your consent.

2.How We Use Your Personal Data

The data we collect during the process of providing services to you may be used in the following ways:

  • Providing Products and Services. We use your personal information to provide you with the Services in order to perform our contract with you, including to process your payments, fulfill your orders, to send notifications to you related to your account, purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, facilitate any returns and exchanges and to enable you to post reviews.
  • Marketing and Advertising. We use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you advertisements for products or services. This may include using your personal information to better tailor the Services and advertising on our website and other websites.
  • Communicating with you. We use your personal information to provide you with customer support and improve our Services. This is in our legitimate interests in order to be responsive to you, to provide effective services to you, and to maintain our business relationship with you.
  • Help us design new services and improve our existing services;
  • Assist national judicial, administrative, security and other authorities in conducting investigations, and comply with applicable laws and regulations as well as other obligations promised to the authorities.

3.How We Share, Disclose Your Personal Data

We will not sell, rent, trade, or otherwise disclose your personal information to anyone under any circumstances, except in the following special circumstances:

  • With vendors or other third parties who perform services on our behalf(e.g., IT management, payment processing, data analytics, customer support, cloud storage, fulfillment, and shipping).
  • With business and marketing partners, including Shopify, to provide services and advertise to you.
  • When you direct, request us, or otherwise consent to our disclosure of certain information to third parties, such as to ship your products or through your use of social media widgets or login integrations, with your consent.
  • With our affiliates or otherwise within our corporate group, in our legitimate interests to run a successful business.
  • In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

4.How We Store Your Personal Data

Your personal information will be transmitted and stored in Europe. Unless the law requires or permits a longer retention period, we will retain the information collected from you or about you for the shortest possible time necessary to achieve the purposes described in this Privacy Policy. When the information is no longer needed for these purposes, we will delete it or store it in a form that does not identify you. In determining this retention period, we will consider various criteria, including the type of service you have requested or provided, the nature of our relationship with you, the impact on the services we provide to you if we delete some of your information, and the retention period required by law. Upon approval of the application, we will completely delete your personal data. If we cease to operate the product or service, we will notify you in the form of individual delivery or announcement and delete your personal data after ceasing to operate the product and service.

For our third-party Shopify, your personal information may store out of Europe. Shopify will rely on recognized transfer mechanisms like the European Commission's Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

How long Shopify will retain your personal information depends on different factors, such as whether Shopify need the information to maintain your account, to provide the Services, comply with legal obligations, resolve disputes, or enforce other applicable contracts and policies.

For more insight, you may also read Privacy Statement here.

5.How We Protect Your Personal Data

We have taken security measures by industry standards to protect the personal data you provide against unauthorized access, public disclosure, use, modification, damage, or loss of data. We will take all reasonably practicable measures to protect your personal data below:

  • We use encryption technology to ensure the confidentiality of data;
  • We use trusted protection mechanisms to prevent malicious attacks on data;
  • We deploy access control mechanisms to ensure that only authorized personnel have access to personal data, and we conduct security and privacy training courses to enhance employee awareness of the importance of protecting personal data;
  • We will use secure encryption technology to protect your personal data during transmission. Take all appropriate organizational, management, and technical measures to protect the security of the personal data you provide in our internal organization.

If our physical, technical, or administrative safeguards are breached, resulting in unauthorized access, public disclosure, alteration, or destruction of data, thereby compromising your legitimate rights, we will assume responsibility. In the unfortunate event of a personal data security incident, we will promptly inform you within 48 hours as required by laws and regulations. We will provide information about the basic situation and potential impact of the security event, the measures we have taken or will take to address it, as well as suggestions on how you can independently prevent and mitigate risks, and the remedies we offer. We will inform you of the situation related to the incident through email, letter, phone, push notification, or other means.

While our operations are designed to protect your personal information, please understand that currently, there is no 100% security guarantee anywhere, whether online or offline. Your Website account requires a username and password to log in. Please protect your username and password and never disclose them to third parties.

6.Your Rights

According to GDPR and relevant laws, regulations, and standards in your local area, as well as common practices in other countries and regions, we guarantee that you exercise the following rights over your personal data. You have rights to:

  1. Access your personal information

According to Art. 7 para. 3 GDPR, you have the right to access your personal information, except in exceptional circumstances stipulated by laws and regulations. If you want to exercise data access rights, you can access them yourself through the following methods:

You can  request a copy of your personal information from us by sending an email listed in Chapter 12 of this Privacy Policy. We will respond and process your request within in 30 days.

  1. Correct your personal information

According to Art. 16 GDPR, when you discover errors in the personal information we process about you, you have the right to request us to make corrections. You can submit a correction request through the methods listed in "1. Accessing your personal information".

If you are unable to correct this personal information through the above way, you may contact us using the contact information listed in Chapter 12 of this Privacy Policy. We will respond to your correction request within in 30 days.

  1. Delete your personal information

In the following situations, you can request us to delete personal information by sending an email according to Art. 17 GDPR:

  • If our handling of personal information violates laws and regulations;
  • If we collect and use your personal information without your consent;
  • If our handling of personal information violates our agreement with you;
  • If you no longer use our products or services, or if you cancel your account;
  • If we no longer provide you with products or services.

If we decide to respond to your deletion request, we will also notify the entities that have obtained your personal information from us and require them to delete it in a timely manner, unless otherwise provided by laws and regulations or with your independent authorization.

  1. Obtain a copy of your personal information

According to Art. 20 GDPR, You have the right to obtain a copy of your personal information. If you need to obtain a copy of your personal information collected by us, you can contact us according to the contact information listed in Chapter 12 of this privacy policy. We will reply and take relevant actions within in 30 days after verifying your identity. We will submit a copy of our personal information to you via email. Subject to compliance with relevant laws and regulations and technical feasibility, we will provide you with a copy of your personal information upon your request.

  1. Respond to your above request

We will respond to the above requests within in 30 days. Please refer to Chapter 12 of this Privacy Policy for contact information.

We will not be able to respond to your request in the following situations:

  • Requests related to the fulfillment of legal and regulatory obligations by personal information controllers;
  • Requests directly related to national security and national defense security;
  • Requests directly related to public safety, public health, and major public interests;
  • Requests directly related to criminal investigation, prosecution, trial, and enforcement of judgments;
  • The personal information controller has sufficient evidence to indicate that the personal information subject has subjective malicious intent or requests for abuse of rights;
  • Requests made to protect the significant legitimate rights and interests of personal information subjects or other individuals, such as life and property, but it is difficult to obtain my consent;
  • Responding to a request from a personal information subject will result in serious harm to the legitimate rights and interests of the personal information subject or other individuals or organizations;
  • Requests involving trade secrets.

7.How We Process Personal Data of Children

 

  1. We expect parents or guardians to guide minors in using our services

If you are a minor under the age of 14, you should read and agree to this policy under the supervision and guidance of your parents or other guardians before using our products.

  1. We attach great importance to protecting the personal information of minors

We protect the personal information of minors in accordance with relevant laws and regulations. In the case of collecting personal information of minors with the consent of parents, we will only use, share, or publicly disclose this information when permitted by law, with the explicit consent of parents or guardians, or necessary to protect minors.

  1. Self-inspection and receiving feedback

If we find ourselves collecting personal information of minors without obtaining verifiable parental consent in advance, we will try to delete the relevant data as soon as possible. At the same time, we have established strict rules for the collection and use of information on minors to protect the personal information security of children and adolescents. If you are the guardian of a minor, if you have any questions about the personal information of the minor you are monitoring, please contact us through the contact information disclosed in this policy.

8.How We Transfer Your Personal Data Globally

We promise to adhere to the highest privacy protection standards for the processing and transfer of personal information on a global scale. When you use our services, your personal information may be transferred to Amazon Cloud located in Frankfurt, Germany. This type of international transfer will comply with strict data protection and privacy security measures, ensuring the same level of privacy protection as we provide locally in your area.

We will transfer personal information of EU users in accordance with the requirements of the EU General Data Protection Regulation (GDPR). This means that when personal information leaves the EU and economic regions, we will transfer it by adopting standard contract terms recognized by the European Commission or when there is sufficient data protection level in the receiving country. We promise to regularly evaluate the data protection level of the receiving country and ensure the effective implementation of protection measures.

For our third-party Shopify, your personal information may transfer, store, and process out of Europe. Shopify will rely on recognized transfer mechanisms like the European Commission's Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

If you have any questions or need assistance with cross-border transfer of your personal information, please contact us.

9.Third party providers

 

Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.

Your personal information is stored through Shopify’s data storage, databases, and the general Shopify application. They store your data on a secure server behind a firewall.

If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also read Shopify Privacy Statement here.

We also utilize the services of third-party providers to enhance the functionality and user experience of our website. Specifically, our website is developed and maintained by Pingworth Technology Limited. This third-party service provider assists us in ensuring the operation, security, and continuous improvement of our online platform. These providers are granted access to personal information only as necessary to perform their functions and are contractually obligated to maintain the confidentiality and security of such information.

10. How we use Cookie and similar technologies

Like many websites, we use Cookies on our website. For specific information about the Cookies that we use related to powering our store with Shopify, see https://www.shopify.com/legal/cookies. We use Cookies to power and improve our Site and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimize the Services). We may also permit third parties and services providers to use Cookies on our Site to better tailor the services, products and advertising on our Site and other websites.

Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls. Please keep in mind that removing or blocking Cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available. Additionally, blocking Cookies may not completely prevent how we share information with third parties such as our advertising partners.

11.Updates to This Policy

To ensure that you are always aware of how we collect, use, and disclose your information, we will post any changes or updates to this privacy policy on this website and encourage you to review this privacy policy from time to time. If we change this privacy policy, we will notify you by modifying the date at the top of this privacy policy.

12.How to Contact Us 

If you have complaints about how we process your personal information, please contact us at any time using the contact details provided below.

Contactor (Data Protection Officer “DPO”):

Address: FLAT 1512, 15/F LUCKY CTR, NO.165-171 WAN CHAI RD, WAN CHAI, HONG KONG

Email: policy@tarranbikes.com