Privacy Policy

Welcome to REIKARA’s Independent E-commerce Site (hereinafter “this Website”). We recognize the paramount importance of your privacy. This Privacy Policy clearly outlines how we collect, use, store, and protect your personal information, as well as your rights regarding such processing. This policy complies with applicable privacy laws including but not limited to:

  • United States: California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Children’s Online Privacy Protection Act (COPPA)
  • European Union: General Data Protection Regulation (GDPR)
  • Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)

By continuing to access this Website, you consent to our processing of your personal information as described herein.

 

Scope of Information Collection

(A) Personal Identification Information

To deliver services, we may collect voluntarily provided information including:

  • Account Registration: Name, email address, account password
  • Transaction Details: Delivery address, contact phone number, payment card information (card number, cardholder name, expiration date)
  • User Engagement: Opinions, feedback, or other content shared via surveys, reviews, messages, or customer support

(B) Automatically Collected Information

Via cookies, pixel tags, and log files:

  • Device Information: Hardware model, OS/version, device identifiers (IMEI, MAC address), browser type/version
  • Browsing Behavior: Visit timestamps, pages viewed, session duration, clicked links, search queries, referral sources
  • Network Data: IP address, internet service provider details

(C) Third-Party Sources

Obtained where legally permitted:

  • Payment processors (for transaction verification)
  • Logistics providers (for delivery tracking)
  • Authorized third-party platforms (e.g., social media linkage information – collected only with your consent)

 

Purposes of Information Use

(A) General Purposes

  • Process orders, arrange deliveries, and provide after-sales support
  • Manage accounts (registration, authentication, password recovery, updates)
  • Send order confirmations, shipping notices, and service alerts
  • Analyze usage patterns to optimize Website functionality and user experience
  • Maintain Website/transaction security and prevent fraud
  • Fulfill legal obligations

(B) Marketing-Related Activities (Requiring Explicit Consent)

Conduct market research and targeted marketing (opt-out available at any time).

  • EEA Residents: Marketing requires explicit consent under GDPR
  • Canadian Residents: Requires informed consent under PIPEDA; consent may be withdrawn anytime

(C) GDPR Legal Basis (EEA/UK Residents)

Processing is based on:

  • Contract Performance: Order fulfilment and service provision (e.g., order processing, delivery)
  • Consent: For marketing and cookie tracking (withdrawable anytime)
  • Legitimate Interests: Website optimization and fraud prevention (without overriding your rights)
  • Legal Obligations: Compliance with applicable laws (e.g., tax, anti-fraud requirements)

 

Information Sharing Mechanisms

(A) General Sharing Scenarios

  • Order Fulfillment: Share name, delivery address, and contact number with logistics partners
  • Payment Processing: Share payment details with processors per their privacy policies
  • Legal Compliance: Disclose to authorities when legally required or to protect rights/public interests
  • Business Transfers: Data transfer during mergers/acquisitions (with prior notice and policy continuity)
  • Explicit Consent: Sharing based on your authorization

(B) Third-Party Processor Compliance (EEA Residents)

Third-party data sharing (e.g., payment institutions) is governed by GDPR-compliant contracts. Request processor list/contract summaries via Section XI.

(C) Canadian Third-Party Requirements

Cross-border data sharing requires PIPEDA-equivalent protection levels or your explicit consent (where applicable).

 

User Rights

(A) Global Rights

  • Access: Obtain personal information and processing details
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion when legally justified (e.g., data no longer necessary)
  • Restriction: Restrict processing in specific situations
  • Portability: Receive data in machine-readable format
  • Opt-Out: Refuse marketing via email replies, unsubscribe links, or customer support

(B) Supplementary GDPR Rights (EEA Residents)

  • Objection: Object to processing based on legitimate interests (e.g., marketing); we cease unless compelling reasons override
  • Withdrawal: Withdraw consent (e.g., marketing, cookies) without affecting pre-withdrawal legality
  • Automated Decision-Making: Right to human intervention and explanation for automated decisions (e.g., credit assessments)

(C) Supplementary PIPEDA Rights (Canadian Residents)

  • Consent Withdrawal: Withdraw consent for collection/use/sharing (with prior notice; pre-withdrawal processing remains valid)
  • Complaint: Lodge complaints with Office of the Privacy Commissioner of Canada (OPC) for PIPEDA violations

(D) Exercising Rights

Submit requests via Section XI, specifying your residence:

  • EEA Requests: Responded to within 1 month (extendable to 3 months for complexity)
  • Canadian Requests: Responded to within 30 days (extendable by 30 days with justification)
  • Identity verification may be required for security.
 

Data Security & Breach Notification

(A) Security Measures

  • Encrypt sensitive data (e.g., payment information)
  • Implement role-based access controls
  • Conduct regular employee privacy training
  • Perform systematic security audits and vulnerability remediation

(B) Breach Notification

  • EEA Residents: Notify you and supervisory authorities within 72 hours of high-risk breaches
  • Canadian Residents: Notify you and OPC “as soon as feasible” for breaches creating real risk of significant harm
  • Global: Immediate remedial actions taken regardless of region
 

Cookies & Tracking Technologies

Cookies enable device recognition and preference memory. Disabling cookies may impair functionality (see Cookie Policy).

(A) EEA Compliance: Obtain cookie consent upon first visit; adjust preferences anytime (except essential cookies).

(B) Canadian Requirements: Disclose cookie purposes clearly; withdraw consent via browser settings or preference center.

 

Children’s Privacy

(A) General Provisions

  • US: Not directed at children under 13 (COPPA-compliant)
  • EEA: Not directed at children under 16; parental consent required for processing (GDPR-compliant)
  • Canada: Parental consent required for under-13s (PIPEDA/provincial compliance)

(B) Minor Data Handling

Inadvertently collected minor data will be deleted immediately. Parents/guardians may request deletion via Section XI.

 

Cross-Border Data Transfers

(A) EEA Resident Transfers

Data may transfer outside EEA (e.g., US/Canada) via:

  • EU “adequacy decisions” (e.g., Canada)
  • Standard Contractual Clauses (SCCs) for processors

(Request transfer mechanisms via Section XI)

(B) Canadian Resident Transfers

Cross-border transfers require:

  • PIPEDA-equivalent protection in recipient jurisdiction, or
  • Your explicit consent with disclosure of purpose/recipient details
 

Data Retention

Information retained only as necessary:

  • Order Data: Until contractual/legal obligations expire (typically 7 years post-transaction for EU/CA tax compliance)
  • Marketing Data: Until opt-out or deletion request
  • Device/Browsing Data: Up to 2 years for service optimization
 

Policy Updates

Revisions will be communicated via Website announcements or email. Material changes (e.g., rights modifications) will be notified 7 days in advance, with specific legal basis highlighted for EEA/Canadian residents. Regular review recommended.

 

Contact Us

For inquiries, rights requests, or complaints:

Email: privacy@reikara.com

 

We will process requests within statutory timeframes. Thank you for supporting REIKARA’s privacy protection efforts.