Privacy policy

This Privacy Policy describes how permatan.co (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

Collecting Personal Information

When you visit the site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.

Device information

  • Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
  • Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
  • Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
  • Disclosure for a business purpose: shared with our processor Shopify 
  • Order information
  • Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers, email address, and phone number.
  • Purpose of collection: to provide products or services to you to fulfil our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
  • Source of collection: collected from you.
  • Disclosure for a business purpose: shared with our processor 

Customer Support Information

  • Examples of Personal Information collected: Phone number, email address, shipping address
  • Purpose of collection: to provide customer support.
  • Source of collection: collected from you.

Minors

The Site is not intended for individuals under the age of 18. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address below to request deletion.

Maintaining the Security of Cardholder Account Data

We implement a strong data security foundation to protect customer payment data and protect against data breaches. A strong data security foundation starts with people, processes, and technology. Learn more about the PCI resources and tools that we use to secure payment data below:

People

We hire only qualified and trusted partners, and train staff to understand payment data security essentials as per the guidelines set out by the PCI Security Standards Council.

Processes

We put the right policies and practices in place to make payment security a priority every day.

The PCI Data Security Standards help us protect the safety of that data. They set the operational and technical requirements for organizations accepting or processing payment transactions and for software developers and manufacturers of applications and devices used in those transactions.

These processes are strictly implemented by our company and our trusted payment providers/banking partners.

Such policies include:

  • Building and Maintaining a Secure Network and Systems by installing and maintaining network security controls and applying secure configurations to all system components
  • Protecting account data with strong cryptography during transmission over open and public networks, and protecting stored account data as per PCI recommendations.
  • Maintaining a vulnerability management program by protecting all systems and networks from malicious software and developing ad maintaining secure systems and software.
  • Implementing Strong Access Control Measures by restricting access to system components and cardholder data by staff or other businesses on a need-to-know basis. This also includes identifying users and authenticating access to system components and restricting physical access to cardholder data.
  • Regularly monitoring and testing all networks including system components and cardholder data
  • Using validated payment software and point-to-point encryption solutions to ensure the security of all cardholder data
  • Maintaining an information security policy

 

Sharing Personal Information

We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:

  • We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
  • We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.


Using Personal Information

We use your personal information to provide our services to you, which include: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.

Lawful basis

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

  • Your consent;
  • The performance of the contract between you and the Site;
  • Compliance with our legal obligations;
  • To protect your vital interests;
  • To perform a task carried out in the public interest;
  • For our legitimate interests, which do not override your fundamental rights and freedoms.

Retention

When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.

Automatic decision-making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

Services that include elements of automated decision-making include:

  • Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
  • Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.

By using our website, you (the visitor) agree to allow third parties to process your IP address, in order to determine your location for the purpose of currency conversion. You also agree to have that currency stored in a session cookie in your browser (a temporary cookie which gets automatically removed when you close your browser). We do this in order for the selected currency to remain selected and consistent when browsing our website so that the prices can convert to your (the visitor) local currency.

 

Merchant Record Name: SUPGRL Group Limited