Privacy Policy

Privacy Policy for Xihrbn

This Privacy Policy explains how Xihrbn ("we", "us", "our") collects, uses, and discloses your personal information when you:

  • Visit or use Xihrbn.shop (the "Site");
  • Make purchases through the Site;
  • Communicate with us about the Site or our services (collectively, the "Services").

"You" refers to any user of the Services, including customers, visitors, or individuals whose information we collect under this Policy. Please read this Policy carefully to understand our practices regarding your personal information.

1. Changes to This Policy

We may update this Privacy Policy periodically to reflect:

  • Changes to our business practices;
  • Operational needs;
  • Legal or regulatory requirements.

When we update the Policy:

  1. We will post the revised version on the Site;
  2. We will update the "Last updated" date at the top of the Policy;
  3. We will take any additional steps required by applicable law (e.g., notifying users directly, if mandated).

We encourage you to review this Policy regularly for updates.

2. Collection & Use of Personal Information

To provide and improve the Services, we collect (and have collected in the past 12 months) your personal information from multiple sources. The types of information we collect and how we use it depend on how you interact with us.

In addition to the specific uses outlined below, we may use your personal information to:

  • Communicate with you (e.g., order updates, customer support);
  • Provide, maintain, or enhance the Services;
  • Comply with legal obligations (e.g., tax requirements, regulatory reporting);
  • Enforce our Terms of Service;
  • Protect the security of the Services, our legal rights, and the rights of other users.

2.1 What Personal Information We Collect

We collect personal information from three primary sources: directly from you, automatically through your use of the Services, and from third parties.

A. Information Directly Provided by You

This includes information you share with us when using the Services (e.g., creating an account, placing an order, contacting support). Examples include:

  • Contact details: Full name, physical address, phone number, email address;
  • Order information: Billing address, shipping address, payment confirmation details, order history;
  • Account information: Username, password (encrypted), security questions/answers;
  • Customer support information: Content of messages, chat logs, or calls with our support team.

Note: Some features of the Services (e.g., placing an order) require this information. Refusing to provide it may limit your ability to use those features.

B. Usage-Related Information (Automatically Collected)

We use cookies, pixels, web beacons, and similar technologies ("Cookies") to automatically collect "Usage Data" about your interaction with the Services. This includes:

  • Device and browser information (e.g., device model, browser type, operating system);
  • Network connection details (e.g., internet service provider);
  • IP address;
  • How you access and use the Site (e.g., pages visited, time spent on pages, links clicked, login frequency).

C. Information from Third Parties

We may obtain personal information from trusted third parties to support our Services. Examples include:

  • Service providers: Platforms like Shopify (our e-commerce partner) that help manage the Site and orders;
  • Payment processors: Third parties that collect and process payment details (e.g., credit card or bank account information) to fulfill your orders;
  • Tracking partners: Third parties that use pixels or web beacons to collect data when you visit the Site, open our emails, or interact with our ads.

Note: Third-party information is handled in accordance with this Policy. For details on third-party websites, see Section 5.

2.2 How We Use Your Personal Information

We use your personal information for specific, legitimate purposes aligned with the Services you use:

Purpose Details Legal Basis (for EEA Residents)
Provide Products & Services Process payments, fulfill orders, send transaction notifications (e.g., order confirmations, shipping updates), manage your account, arrange delivery, and integrate with partners like Shopify to improve your shopping experience. Contract performance (Art. 6(1)(b) GDPR)
Marketing & Advertising Send promotional communications (e.g., email, text, postal mail about new products or discounts) and display targeted ads based on your usage of the Services. Legitimate interest in promoting our products (Art. 6(1)(f) GDPR)
Security & Fraud Prevention Detect, investigate, and prevent fraudulent or illegal activity (e.g., unauthorized account access, payment fraud) to protect the Site and users. Legitimate interest in securing the Services (Art. 6(1)(f) GDPR)
Communication & Service Improvement Respond to customer support requests, analyze user behavior to identify issues with the Site, and update features to better meet user needs. Legitimate interest in providing quality service (Art. 6(1)(f) GDPR)

3. Cookies

Cookies are small text files stored on your device when you visit the Site. We use Cookies to:

  • Remember your preferences (e.g., login status, language settings);
  • Run analytics to understand how users interact with the Site;
  • Optimize the Services (e.g., improving page load times, personalizing content).

Key Details About Cookies:

  • Third-party Cookies: Our vendors and advertising partners may also use Cookies on the Site to provide tailored services (e.g., payment processing) or show targeted ads.
  • Cookie Controls: Most browsers accept Cookies by default. You can adjust your browser settings to block, delete, or disable Cookies—but this may disrupt functionality (e.g., inability to log into your account or track orders).
  • Global Privacy Control (GPC): Our Site recognizes the GPC signal, which lets you opt out of certain data uses (e.g., sharing for advertising). Learn more at globalprivacycontrol.org. We do not recognize other "Do Not Track" signals.
  • Shopify Cookies: For details on Cookies used by our e-commerce partner Shopify, see Shopify’s Cookie Policy.

4. Disclosure of Personal Information

We may share your personal information with third parties only in the following circumstances:

  1. Service Providers: Third parties that perform services on our behalf (e.g., IT management, payment processing, shipping carriers, customer support tools).
  2. Business & Marketing Partners: Partners who help promote our Services (e.g., advertising platforms). These partners use your information in accordance with their own privacy policies.
  3. With Your Consent: For example, sharing your shipping address with a carrier to deliver your order.
  4. Affiliates: Our related companies (e.g., parent or subsidiary entities) for legitimate business purposes (e.g., operational coordination).
  5. Business Transactions: In the event of a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the new owner.
  6. Legal Compliance: To comply with laws, regulations, or legal requests (e.g., subpoenas, court orders) or to enforce our Terms of Service.

Information Disclosed in the Past 12 Months

In line with Sections 2.1 and 4, we have disclosed the following categories of personal information to the listed recipients:

Category of Personal Information Categories of Recipients
Identifiers (e.g., contact details, order/account info) Service providers, business/marketing partners, affiliates
California Customer Records (e.g., contact/order/account info) Service providers, business/marketing partners, affiliates
Commercial Information (e.g., order history, support communications) Service providers, business/marketing partners, affiliates
Internet/Network Activity (e.g., Usage Data) Service providers, business/marketing partners, affiliates
Geolocation Data (from IP addresses or technical tools) Service providers, business/marketing partners, affiliates

Note: We do not use or disclose sensitive personal information (e.g., health data, racial/ethnic information) without explicit consent, nor do we use it to infer personal characteristics. In the past 12 months, we have "sold" or "shared" (as defined by applicable law) identifiers, commercial information, and Usage Data to business/marketing partners for advertising purposes.

5. Third-Party Websites & Links

The Site may contain links to third-party websites or platforms (e.g., social media, payment gateways). We are not responsible for the privacy practices, security, or content of these third parties.

  • Before using a third-party website, review its privacy policy to understand how your information will be collected and used.
  • Information you share on third-party social platforms (e.g., commenting on a post linked from our Site) may be visible to the public or other users of that platform.
  • Including a link to a third party does not imply our endorsement of their content or operators (unless explicitly stated).

6. Children's Data

The Services are not intended for children under the age of 13 (or the minimum age required by applicable law). We do not knowingly collect, use, or disclose personal information from children.

If you are a parent or guardian and believe we have collected information from your child, please contact us (see Section 11) to request its deletion. As of the effective date of this Policy, we have no knowledge of "selling" or "sharing" information of individuals under 16.

7. Security & Retention

Security

We implement reasonable technical and organizational measures to protect your personal information from unauthorized access, use, or disclosure (e.g., encrypted payment processing, secure server storage). However, no security measures are perfect—we cannot guarantee "absolute security." Please avoid sharing sensitive information (e.g., passwords) through insecure channels (e.g., unencrypted email).

Retention

We retain your personal information only for as long as necessary to:

  • Fulfill the purpose for which it was collected (e.g., maintaining your account, processing returns);
  • Comply with legal obligations (e.g., tax record retention requirements);
  • Resolve disputes or enforce our contracts/policies.

Once your information is no longer needed, we will delete or anonymize it in accordance with applicable law.

8. Your Rights

Depending on your location (e.g., EEA, California), you may have certain rights regarding your personal information. These rights are not absolute—we may decline requests if permitted by law (e.g., to comply with a legal obligation).

Your rights may include:

Right Details
Access/Know Request access to the personal information we hold about you, plus details on how we use, share, or store it.
Delete Request deletion of your personal information (also called the "right to be forgotten"), where permitted by law.
Correct Request correction of inaccurate or incomplete personal information we hold.
Portability Request a copy of your personal information in a structured, machine-readable format, or ask us to transfer it to another data controller (in certain cases).
Opt-Out Opt out of the "sale" or "sharing" of your information (as defined by law) or targeted advertising. Using the GPC signal (Section 3) is one way to exercise this right.
Restrict Processing Request that we stop or restrict processing your personal information (e.g., if you dispute its accuracy).
Withdraw Consent If we rely on your consent to process your information (e.g., for marketing), you may withdraw consent at any time.
Appeal Appeal our decision to deny a request you submitted (reply to our denial email or contact us directly).
Manage Communications Opt out of promotional emails using the "Unsubscribe" link at the bottom of each email. Note: We may still send non-promotional emails (e.g., order updates, account notifications).

How to Exercise Your Rights

To exercise any of these rights:

  1. Use prompts available on the Site (if applicable); or
  2. Contact us directly (see Section 11).

We will not discriminate against you for exercising your privacy rights (e.g., charging higher fees, reducing service quality). Before responding to your request, we may verify your identity (e.g., by asking for your email address or account details) to protect your information.

Authorized agents may act on your behalf, but they must provide proof of your written authorization.

9. Complaints

If you have a complaint about how we process your personal information:

  1. First, contact us (see Section 11)—we will investigate and respond to your concerns promptly.
  2. If you are unsatisfied with our response, you may:
    • Submit an appeal (contact us for details); or
    • Lodge a complaint with your local data protection authority (e.g., for EEA residents, your country’s data protection agency—lists are available online).

10. International Users

Your personal information may be transferred, stored, or processed outside your country (e.g., by our staff or third-party service providers located abroad).

  • For transfers of personal information out of the European Economic Area (EEA), we use recognized legal mechanisms to ensure adequate protection, such as:
    • EU Standard Contractual Clauses (SCCs); or
    • Transferring to countries deemed "adequate" by the European Commission.

11. Contact Us

For questions about this Privacy Policy, to exercise your rights, or to submit a complaint, please contact us:

  • Email: buxfkxuj6578@outlook.com
  • Mailing Address: 228 Rue St Jean Baptiste, Baie-Saint-Paul Quebec G3Z 1N4, Canada

We are the data controller of your personal information, as defined by applicable data protection laws (e.g., GDPR, CCPA).