Thank you for using Webshop’R. We respect yourprivacy and are committed to protecting your personal data. This Privacy Policyexplains what information we collect, how we use and share it,and your rights regarding that information when you use the Webshop’Rplatform (our website and any related services). Webshop’R’s approach is privacy-first:we only collect data that you choose to provide or that we need to operate theService, we give you meaningful control over your data, and we handle it incompliance with applicable privacy laws like the GDPR (EU General DataProtection Regulation) and CCPA (California Consumer Privacy Act).

By accessing or using Webshop’R, you agree to thecollection and use of information in accordance with this Privacy Policy. Ifyou do not agree with our practices, please discontinue use of our Service. Wemay update this Policy from time to time (see Section 11 on Changes), and we willnotify you of significant changes.

Summary of Key Principles:

• Opt-In Data Collection: We will only collect or use your personal     data for personalized features or marketing if you have opted in.     By default, Webshop’R collects minimal data needed to function (e.g. basic     cookies for site functionality). Additional data (like preferences for     better recommendations) is up to you to provide.
• Transparency: We will explain what data we collect and why,     in clear terms. We avoid vague language and “catch-all” purposes. You can     read detailed purposes below, and we follow GDPR guidance to be specific.
• User Control: You have control over your information.     You can access, correct, or delete your data, and you can change your mind     about consents (opt out) at any time. We do not use any deceptive     designs (“dark patterns”) to trick you into sharing more than you intend –     choices about cookies, personalization, or data sharing are presented     clearly and are easy to find.
• No Selling of Personal Data: We do not sell your personal     information to third parties for their own marketing or monetary gain. We     also do not share your personal data with third parties for them to     advertise to you, unless you explicitly instruct us to (for example, if     you opt-in to a program that involves sharing data with a retailer for a     reward – and even then, we will inform you and get your consent).
• Data Security and Ethics: We secure your data using industry-standard     practices and strive to be a good steward of your information. We also     believe in fairness – if we ever derive revenue from aggregated     user data (e.g., insights or trends), we aim to do so in ways that respect     user privacy and potentially share value with users (for instance, by     offering better services or rewards). We do not profile you in any way     that would be discriminatory or invasive; any profiling (like recommending     products) is intended to enhance your experience and you can opt out of     it.

Below, we provide the full details of our privacypractices.

1. Information We Collect

We collect both personal information (datathat can identify you directly or indirectly) and non-personal information(data that does not reveal your identity, especially when aggregated). Thecategories of information we collect depend on how you interact with Webshop’Rand what features you use:

1.1 Information You Provide to Us

You may choose to provide personal information inthe following contexts:

• Account Registration: If you create a Webshop’R account, we ask for     basic registration details such as your name, email address, and a     password. You might also create a user profile where you can (optionally)     add information like a nickname or preferences (e.g., product categories     of interest, preferred language or locale).
• Opt-In Personalization/Data Sharing: Webshop’R may offer features where you can     voluntarily share additional data to get more personalized results or     participate in certain programs. For example, you might opt to input your     shopping preferences, past purchases, or connect accounts from third-party     services (if offered) to improve product recommendations. Providing     this information is entirely optional and requires your consent. If     you choose to connect an external account or share purchase history, we     will collect whatever information you agree to share (such as a list of     products you bought or liked, etc.), and we will explain the scope of data     being imported at the time of consent.
• Communications and Support: If you contact us with a question, feedback,     or request (via email, contact form, or chat), you will provide your     contact information (like email) and the content of your communication. We     will collect and store that correspondence and any attachments or details     you provide to respond to you.
• Newsletter or Marketing Sign-Up: If you subscribe to a Webshop’R newsletter or     ask to receive promotional emails, we will collect your email address and     any preferences (for example, categories of deals you’re interested in).     You can unsubscribe at any time. We will only send you marketing     communications if you have opted in to receive them.
• Surveys, Contests, or Feedback: From time to time, we may offer user surveys,     contests, or ask for product reviews/feedback. Participation is voluntary.     If you take part, you might provide your insights, opinions, or other     information. For contests, we might need your contact info and eligibility     confirmation. We will tell you at the time what information is required     and how it will be used.
• Transactions on External Sites: Note that Webshop’R itself does not handle     any purchase transactions. If you click through to a third-party merchant     and make a purchase, you will be providing your payment and shipping     details directly to that third party, not to Webshop’R. We do not     collect your credit card number, shipping address, or other order details     from third-party sites (though we might receive confirmation of a sale in     aggregate form for commission purposes – see Section 5 on Affiliate     Disclosure).

Sensitive Personal Data: Webshop’R does not intentionally collect anysensitive personal data (such as government ID numbers, financial accountlogins, precise health information, etc.), as our Service is focused on generalshopping content. Please refrain from providing such data on our platform. Ifyou believe we have inadvertently received sensitive data, contact us so we candelete it.

1.2 Information We Collect Automatically

When you use Webshop’R (with or without anaccount), certain information is collected automatically about your visit. Thisdata helps us operate and improve our Service. The information we gatherincludes:

• Device and Technical Information: We collect details about the device and     browser you use to access Webshop’R, such as your IP address, browser type     and version, operating system, device model, and unique device identifiers     (if any). This may also include attributes like screen resolution,     preferred language setting, and region or country (based on IP). We use IP     addresses primarily to derive approximate location at the city or region     level (to, for instance, display local currency or relevant content) and     to safeguard our Service (e.g., preventing fraudulent use).
• Usage Data: We record certain information about your     activity on Webshop’R, including the pages or product listings you view,     the features you use (e.g., search queries, filters applied), the time and     duration of your visits, the page that referred you to our site (referral     URL), and your navigation path through our pages. We may note how you     interact with elements of the site (like clicks on buttons or outbound     links). This usage data is generally collected in log files and through     analytics tools. It helps us understand what parts of our Service are     popular or need improvement.
• Cookies and Similar Technologies: We (or authorized third parties) use cookies,     beacons, and similar tracking technologies to collect data about your     interaction with our Service (see Section 3 for details on cookies). For     example, we may set a cookie to remember your login (for convenience) or     to store your preferences (like language or dark mode). We may also use     cookies for analytics to distinguish repeat visitors and analyze aggregate     trends. We do not use cookies to track you across other sites for     advertising purposes without your consent. If you opt in to certain     cookies (like for personalization or analytics), those will collect data     about your browsing on Webshop’R over time (such as which products you     clicked) to help us tailor content or understand usage patterns. All such     uses are disclosed and controllable via our cookie consent interface.
• Affiliate Link Tracking: If you click an affiliate link on Webshop’R     to visit a retailer’s site, a cookie or tracking mechanism may be placed     by the affiliate program on your browser to track that you came via Webshop’R.     Webshop’R itself may also momentarily route the URL through an affiliate     network domain to register the click. The information collected typically     includes an identifier for our affiliate account and possibly a     transaction ID, but does not include personally identifying information     about you (we do not send your name or email or anything to the     retailer – usually it’s just “user clicked link X at time Y” assigned to     our affiliate ID). This tracking is necessary to record commissions. It     does not reveal your identity to Webshop’R; we later receive notification     from the affiliate network if a purchase occurred, but usually in     aggregate form (e.g., “1 item sold, $value, via affiliate link”).
• Geolocation Data: Webshop’R does not actively track your     precise GPS location. We may infer approximate location (city/region     level) from your IP address for purposes such as localizing content or     complying with region-specific laws (for example, showing GDPR consent     banners in the EU). This is not precise and is not used to track movement.     If in the future we offer location-based features or deals, we will ask     your permission to use more precise location data.

1.3 Information from Third Parties

Currently, Webshop’R does not obtain personal dataabout you from third-party data brokers or social networks. All data we haveabout you typically comes directly from your use of our Service.

However, there are a few scenarios where we mightreceive information from third parties related to you, for example:

• If you choose to log in via a third-party     account (such as “Sign in with Google” or similar, if we implement it), we     would receive basic profile information from that account (like your name     and email) after you authorize it. We will inform you at the time what     data we request and you will have the opportunity to consent.
• If you participate in our affiliate referral     program (if any) or similar, and you are referred by someone, we may get a     code or ID indicating who referred you – but that doesn’t usually include     personal info about you beyond what you provide when signing up.
• If a user or other party contacts us and     mentions you (for example, someone sending a support request that involves     your username or a situation with you), we might retain that information     as part of our logs or records.

If in the future we do gather additional data aboutyou from third parties (such as public sources or marketing partners), we willupdate this Policy accordingly and ensure we have a lawful basis (like yourconsent or a legal requirement) for doing so.

Note: Webshop’Rdoes not engage in any collection of sensitive categories of personal data(e.g., ethnicity, health information, biometric identifiers, etc.) and we donot intentionally collect any information defined as “Special Categories” underGDPR. Please do not provide this type of information on our platform.

2. How WeUse Your Information

We use the collected information for variouspurposes consistent with operating a personalized shopping platform and inaccordance with applicable law. We always strive to use the minimum datanecessary for each purpose and, where required, will ask for your consent.Below are the purposes for which Webshop’R processes personal data,along with an explanation and the legal bases we rely on (under GDPR, wemust have a valid legal reason such as consent, contract necessity, orlegitimate interest for each use):

• To Provide and Maintain the Service: We use data to allow you to effectively use Webshop’R’s     features. For example, if you create an account, we use your login     information to authenticate you and allow access to your profile. If you     save preferences or a wishlist, we store that to show you your saved     items. If you perform searches or browse categories, we process those     inputs to deliver relevant product results. We may also use device and     system data to ensure the Service displays correctly (e.g., responsive     design for mobile) and to troubleshoot technical issues. Legal bases:     performance of a contract (to provide the service you signed up for) and     our legitimate interest in running a functional service.
• Personalized Recommendations and Content: Webshop’R’s AI and algorithms may use the     information you provide and your activity (e.g., past interactions,     preferences you set, items you clicked) to offer personalized product     recommendations, deals, or content that we believe will interest you. For     example, if you frequently browse electronics, we might highlight new     gadgets in your feed. Or, our AI might learn from your liked products to     suggest similar items. This involves a degree of profiling (analyzing     your data to predict interests). However, we only do this if you opt in     or it’s an expected part of using the service. For instance, basic     personalization (like remembering your language or the last category you     visited) is part of our service functionality (legitimate     interest/contractual necessity), but deeper personalization (like product     suggestions based on detailed tracking or third-party data) would be done     with your consent. Legal bases: consent (for marketing or     advanced personalization features) and legitimate interests (for basic     personalization that has minimal privacy impact, such as sorting items in     a way that might be relevant).
• Communicating with You: We use contact information (like your email)     to send service-related communications and respond to you. This includes:
   
  • Administrative messages: We might send confirmations, technical      notices, updates about Terms or Privacy changes, security alerts, or      support responses. For example, if you request a password reset, we email      you a link; or if there’s a privacy update, we might notify you. These are      considered necessary communications.
   
  • Newsletters or Promotional emails: If you have subscribed or opted in,      we will send you newsletters, special offers, product updates, or other      marketing communications. For example, we might email you a weekly      roundup of new deals in categories you like. You can opt out anytime      (each marketing email has an “unsubscribe” link, or you can adjust      settings in your account). We do not spam, and we won’t send marketing      emails if you haven’t subscribed. Legal bases: contractual      necessity for essential service communications; consent for marketing      communications.
 
• Improve and Develop Our Services: We analyze usage data (often in aggregated or     anonymized form) to understand how Webshop’R is used and to make     enhancements. This could include debugging problems, testing out new     features, and optimizing user experience. For example, we might see that     users struggle to find a filter feature, so we improve the interface; or     we review popular search queries to ensure we have relevant content. We     also use analytics (including third-party analytics tools) to measure     performance and user engagement. These analyses help us make informed     decisions about features and content. Wherever possible, we use aggregated     data for this purpose, which does not identify individuals. Legal     basis: legitimate interests in improving our product and business.
• Advertising and Affiliate Revenue Tracking: Webshop’R may display advertisements and uses     affiliate links (as described in the Terms and Section 5 below). We use     data to make sure these functions work correctly – for example, ensuring     an affiliate link is properly attributed so we receive credit. If we show     ads, we might use non-personal context (like the content of a page) to     decide which ad to show (this is contextual advertising and does not use     your personal profile). If we ever consider using personalized advertising     (ads tailored to you based on tracking across sites), we will ask for your     consent explicitly. Currently, any ads served on Webshop’R are either     contextual or generic. We may use basic info like your approximate region     to avoid showing irrelevant ads (e.g., not showing US-specific deals to EU     users, etc.). We also generate reports and logs for affiliate commissions     – e.g., tracking aggregate sales attributed to our links, which helps us     tally revenue. Legal bases: legitimate interests (to earn revenue     and ensure the Service remains free/low-cost by supporting it through     affiliate commissions or ads) and consent (for any advertising cookies or     tracking beyond our site, which we will obtain via the cookie consent banner     as required).
• Security and Fraud Prevention: We process certain data to protect Webshop’R     and our users. This includes using IP addresses, cookies, and other     identifiers to detect and mitigate fraudulent or malicious activity.     For example, if we notice a single IP making hundreds of rapid requests     (possible bot or scraper), we may log that and block it. We also may use     your email or phone (if provided) for verification or multi-factor     authentication to secure your account. Activity logs help us investigate     suspicious behavior or violations of our Terms. We may also anonymize or     obfuscate personal data when analyzing security incidents. Legal basis:     legitimate interests in maintaining security and integrity of our Service,     and legal obligation where applicable (data protection laws require us to     implement security measures).
• Compliance with Legal Obligations: We may use and retain your information as     necessary to comply with laws, regulations, law enforcement requests     (e.g., a court order to preserve data), or other legal processes. For     instance, we might keep records of transactions or communications if required     by financial or consumer protection laws. If we receive a lawful subpoena     or request that requires disclosing data, we will only do so after     verifying its validity and to the extent necessary. We also use data to     enforce our Terms of Use and to protect our rights and the rights of our     users or others – for example, in investigating and addressing legal     claims or disputes. Legal bases: compliance with a legal     obligation, and legitimate interests in protecting legal rights and     preventing misuse of our Service.
• Business Transfers (If Applicable): In the event that Webshop’R (or substantially     all of its assets) is ever contemplated in a merger, acquisition,     financing, restructuring, bankruptcy, or sale of assets, user information     may be among the assets reviewed or transferred. If such a transfer     occurs, the successor entity would likely continue to use your data in     line with this Privacy Policy (or you would be given notice and choice if     the usage would materially change). We would ensure any prospective buyer     or partner is under appropriate confidentiality obligations during     negotiations. Legal basis: legitimate interests in facilitating     business transactions (we will ensure any transfer of personal data in     such cases complies with applicable data protection laws).

We want to emphasize that we do not use yourpersonal data for any purpose that is incompatible with the purposes listedabove without asking your permission. We do not engage in automateddecision-making that produces legal or similarly significant effects on youwithout human involvement (for example, there is no algorithmic credit approvalor employment decision happening on Webshop’R – our “decisions” are mainlywhich products to show you, which you can always ignore or override).

If we intend to use your information for a newpurpose not described in this Policy, we will update this Policy and notify you(and obtain consent if required by law).

3. Cookies and Tracking Technologies

What Are Cookies: Cookies are small text files placed on your device that allow us orthird parties to recognize you and make your experience smoother. Webshop’Ruses cookies and similar technologies (such as web beacons, pixels, or localstorage) for a variety of reasons, which we detail below. We divide them intocategories for clarity:

• Necessary Cookies: These are essential for the operation of our     website. For example, they enable page navigation, access to secure areas     (like your account), and remembering cookie consent choices. The Service     cannot function properly without these cookies, so they are always active.
• Preference Cookies: These allow our site to remember choices you     make and provide enhanced, more personal features. For instance, a cookie     may remember your language selection, so you don’t have to reselect it     each visit. It might also store preferences like whether you want to see     adult content or not (if applicable), or your display settings (dark mode,     grid vs. list view, etc.).
• Analytics Cookies: These cookies collect information about how     visitors use Webshop’R (pages visited, time spent, errors encountered,     etc.). We use this information to improve the site’s performance and your     experience. For example, we utilize tools like privacy-friendly analytics     to see aggregate trends (e.g., which product categories are most viewed).     We generally use analytics in an anonymized or aggregated way. We may     employ third-party analytics services (such as an open-source or EU-based     analytics platform) – if so, those providers may set their own cookies to     help us analyze site usage. We do not use Google Analytics or similar services     that transfer personal data without ensuring GDPR compliance; if we ever     do, we will mention it here and ensure appropriate safeguards or consent.
• Advertising and Affiliate Cookies: If we display third-party ads or use     affiliate links, cookies might be used to make them work. For example, an affiliate     cookie is dropped when you click a partner link so that the sale can     be attributed to Webshop’R. Similarly, if we have ad partners showing     banners, they might set cookies to limit repeat ads or measure campaign     effectiveness (e.g., count impressions or clicks). By default, Webshop’R     does not allow third-party ad networks to track you for behavioral     advertising unless you opt in. Any advertising cookies (beyond simple     counting) will be categorized as such and disabled unless you consent via     our cookie banner. We will also honor “Do Not Track” or Global Privacy     Control signals for opting out of any sale/sharing of data for     advertising, in compliance with CCPA/CPRA.

Your Choices for Cookies: When you first visit Webshop’R from an applicableregion (like the EU), you will see a cookie consent banner. You canchoose to accept all cookies, reject non-essentials, or customize yourpreferences. We will not set non-essential cookies (like analytics oradvertising cookies) unless you opt in. You can change your preferences at anytime by accessing the “Cookie Settings” link (usually in the footer or settingsmenu of our site). Additionally, most web browsers let you control cookiesthrough their settings (you can block or delete cookies). Please note that ifyou disable certain cookies, some features of Webshop’R might not functioncorrectly – for example, if you block all cookies including necessary ones, thelogin session might not persist.

Third-Party Tracking: Apart from cookies, we may use local storage orsimilar mechanisms to store data on your device (for example, to cache somecontent for faster loads). Also, certain third-party integrations might usetheir own tracking technologies. For instance, if we embed a YouTube video or asocial media “share” button, those third services may set cookies according totheir own policies (we will endeavor to use privacy-enhanced modes wherepossible, e.g., YouTube’s privacy mode). We do not have direct control over thosecookies. Please review the privacy policies of any third-party services thatyou access through our site (see Section 6).

Do Not Track: “Do Not Track” is a browser setting that allows you to signal websitesthat you do not want to be tracked. The web industry has not yet adopted auniform standard for how to respond to DNT signals. However, Webshop’R takesprivacy seriously and will treat a DNT or Global Privacy Control (GPC)signal as an opt-out of cookies that are not strictly necessary. In practicalterms, if we detect such a signal, we will not set any analytics or advertisingcookies by default for that visitor (as if they declined those cookies). Wealso treat it as a request to opt out of any potential “sale” of data asdefined by CCPA (though as noted, we do not sell personal data anyway). Keep inmind, DNT/GPC signals might not block necessary operational cookies.

For more detailed information on what cookies areset and their duration, you can check our Cookie Policy (if provided) or useyour browser’s developer tools to inspect cookies. If you have any questionsabout our use of cookies or want to withdraw consent, please contact us or usethe provided interfaces.

4. How We Share Your Information

Webshop’R understands that your personalinformation is important, and we are not in the business of selling it.We do not rent or trade your personal data with third-party companiesfor their independent marketing or commercial purposes. However, we do sharesome information with certain types of third parties, under strict conditions,for the reasons explained below:

4.1 Service Providers (Processors)

We employ trusted third-party companies andindividuals to perform functions on our behalf – for example, website hosting,data storage, email delivery, analytics processing, customer support tools, andso on. These third parties act as data processors under GDPR – theyprocess personal data only under our instructions and for the purposes wedictate. Key examples include:

• Hosting and Infrastructure: We might host our servers or database on     reputable cloud providers (e.g., AWS, Google Cloud, Azure, or EU-based     hosts). They store the data that runs our website and thus have access to     personal data by storing it. They are not allowed to access or use your     data for any other purpose.
• Email and Communications: If we send emails (like a newsletter or     support responses), we may use an email service provider to send those     communications. That means your email address and content of the message     may pass through that provider. They are contractually obligated to secure     that data and only use it to send emails on our behalf.
• Analytics Services: As mentioned, we might use third-party     analytics (possibly a privacy-centric tool). If so, that tool will receive     some of your browsing data (e.g., page views, IP anonymized) to provide us     aggregated stats. We ensure any analytics partner either does not receive     personal data or is EU-U.S. Privacy Shield (or equivalent) certified or     bound by EU Standard Contractual Clauses if outside the EU, to comply with     GDPR for international transfer.
• Developers and Contractors: Occasionally, we might engage contractors     (individuals or companies) to help develop or test our platform. In doing     so, they might have limited access to systems that hold personal data.     Such access is granted only as necessary, and those contractors are under     confidentiality and data protection obligations.

Our safeguards: We only share the information necessary for these providers to performtheir services (for example, the email platform gets your email and name forsending, but not your other account data). All our service providers arecarefully vetted for strong security and privacy practices. We have dataprocessing agreements in place as needed, requiring them to protect yourdata to GDPR standards and not use it for any unrelated purposes. If aservice provider is located outside of your country (especially outside the EEAfor EU users), we take steps to ensure lawful transfer (see Section 9 onInternational Transfers).

4.2 Affiliate Programs and Partner Platforms

As part of our business model, Webshop’Rparticipates in affiliate programs with various e-commerce marketplaces andmerchants. When you click an affiliate link and make a purchase, theaffiliate platform or merchant will record that transaction and eventuallyreport it to us for commission purposes. Typically, the information wereceive from affiliate partners does not include your personal details – wemight get a report like “Product X was sold via link Y for $Z on date D”. We donot receive your name, shipping address, or payment info from these affiliatetransactions.

However, the affiliate network (third party)or the merchant itself will collect your data to process the order (sinceyou’ll be their customer). Your relationship at that point is directly with thethird-party merchant, and their privacy policy applies to data you provide tothem. Webshop’R’s involvement is just as the referrer. We may share with theaffiliate network a unique identifier or sub-ID (tied to say a campaign ortest) when you click, but it’s not personally identifiable to you from ourside. Conversely, the affiliate network may share with us certain performancemetrics or fraud warnings (for example, if an order was canceled or if there issuspected misuse of links).

In some cases, we might partner with brands forspecial promotions or revenue-sharing deals that go beyond standard affiliatelinks. If we ever run a co-branded promotion or allow a partner to offersomething to Webshop’R users, we will make it clear and will not share yourpersonal data with them unless you explicitly participate and provide consent.For example, if “Brand A” sponsors a giveaway for Webshop’R users, we might askif you want to opt in to receive a coupon from Brand A – only if you opt inwould we share your email with them for that limited purpose.

Important: Webshop’Rdoes not disclose your browsing history or personal shopping preferences tomerchants. If our AI suggests you a product on Amazon and you clickthrough, Amazon only knows what you do on Amazon (plus the referrer info), notthe entirety of your Webshop’R activity.

4.3 Advertising Partners

Currently, Webshop’R’s advertising, if any, islimited and we do not run extensive third-party ad targeting. If this changes,we will update this section. Potentially, we might work with ad networks (likeGoogle AdSense or others) to display ads on our site. Those ad networks coulduse cookies and similar tech to serve ads and possibly to personalizeads to you if you consent.

If we serve contextual ads, little to nopersonal data is shared – the ad network might just get the context (e.g.,“user reading about cameras, show a camera ad”). If we ever allow personalizedads, those networks might attempt to use data (like cookies) to show adsbased on your interests across websites. We would only allow this withappropriate consent (as required by GDPR for EU users, and honoring opt-outsfor U.S. users under CCPA).

We will share with ad partners only what isnecessary: typically, that could include device info and an advertisingidentifier (if one exists), and information like your language or generallocation for geotargeting. We do not share directly identifying info(like your name or email) with ad networks without your permission. Ad partnersare themselves responsible for complying with privacy laws; we willcontractually require them to not combine data received from us with theirother data to identify you, unless you have consented via their own mechanisms.

Note: If youclick an advertisement on Webshop’R, you will be taken to the advertiser’ssite. At that point, any data you provide to them or that they collect viacookies is under their control. We recommend reviewing the privacy policy ofany site you visit via ads.

4.4 Legaland Compliance Disclosures

We may disclose information about you if we arerequired to do so by law or legal process, or if we have a good-faith beliefthat such disclosure is reasonably necessary to:

• Comply with applicable laws or respond to     valid legal requests:     This could include court orders, subpoenas, or requests by government or     regulatory authorities within or outside your country. If, for example, a     law enforcement agency lawfully demands user data related to a criminal     investigation, we may be compelled to provide it. We will attempt to     redirect requests to you or provide you notice (if allowed and feasible)     so you can contest them if you wish.
• Enforce our Terms and protect rights: We might disclose data if necessary to     enforce our agreements or policies, to investigate potential violations     (such as misuse of our Service), or to protect the security or integrity     of Webshop’R. For instance, if someone is attempting to hack us, we may     share data with security researchers or other companies to address the     threat.
• Protect safety: Information might be shared to protect the     rights, property, or safety of Webshop’R, our users, or others. For     example, exchanging information with other companies and organizations for     fraud protection or to mitigate cybersecurity risks.
• Handle disputes: If there is a user complaint or dispute (for     example, you claim that another user is infringing your intellectual     property via something on our site), we may need to share relevant     information (perhaps with the involved users or legal counsel) to resolve     the matter.

We will limit such disclosures to what is strictlynecessary. We also ensure that any third party we disclose information to forthese purposes is obligated to handle it lawfully.

4.5 Business Transfers

As mentioned in the usage section, if Webshop’R isinvolved in a significant corporate transaction (merger, acquisition, sale ofassets, or in the unlikely event of bankruptcy or insolvency proceedings), userinformation could be among the assets transferred to or evaluated by a thirdparty. In such cases, we will ensure the third party is bound to respectyour personal data in a manner consistent with this Privacy Policy. Youwill be notified via a prominent notice on our website or by email of anychange in ownership or uses of your personal information, as well as anychoices you may have regarding your personal information as a result of thetransfer.

4.6 Aggregated or De-Identified Data

We may share information that has been aggregated(combined with data of other users) or de-identified (stripped of personalidentifiers) in such a way that it cannot reasonably be used to identify you.This kind of information is not considered personal data. For example, we mightpublish trends or insights like “50% of Webshop’R users are interested ineco-friendly products” or “The most searched category last month wassmartphones.” We may share aggregated statistics with partners, in pressreleases, or with researchers to help them understand consumer trends, but thiswill not include any data that can point back to you as an individual.Aggregated data could also be used for business analytics or strategydevelopment.

No Selling of Personal Data: Once again, to be clear in CCPA terms – Webshop’Rdoes not and will not “sell” your personal information (meaning we do notexchange it for money or other valuable consideration for the other party’sindependent use). In the CCPA context, “sell” can also include sharing data forcross-context behavioral advertising. We do not do that either (we don’t shareyour browsing profile with third-party ad networks to target you on othersites). If this ever changes, we will update this policy and provide aprominent opt-out (“Do Not Sell/Share My Personal Info”) as required. But as ofthe Effective Date, there have been zero sales of personal informationin the preceding 12 months, and we have no plans to do so.

5. Affiliate Disclosure and Third-Party Links

Because Webshop’R’s business model involvesaffiliate marketing, we want to be extra clear about how that works withrespect to your data:

Affiliate Programs: Webshop’R participates in affiliate programs ofvarious third-party marketplaces and retailers. This means when you click oncertain product links on our site, you will be redirected through a special URLthat contains an affiliate identifier unique to Webshop’R. If you go on topurchase something, we may earn a commission from that sale. Importantly, thistracking is primarily done via cookies or tracking links as explained inSection 3 and 4. Webshop’R itself does not hand over your personal info to themerchant – the merchant’s site sees that an anonymous user came from Webshop’R(via an affiliate network) and later reports back a sale.

What Data is Shared in Affiliate Tracking: When you click an affiliate link, the informationthat gets shared can include: an ID for Webshop’R or the affiliate network, atimestamp, and info about the product clicked. If you make a purchase, theaffiliate network/merchant can often link that purchase to the click (via thecookie) and attributes it to us. They then share with us details like: productpurchased, sale amount, and date/time. We do not receive your name, address,or payment details from these transactions. We may get an order number orsome transaction identifier, but nothing that identifies you personally inthose commission reports. The merchant or affiliate network might internallyknow who you are (since you gave them your info for the purchase), but they donot share that with us.

Your Relationship with Third-Party Sites: Any time you leave our site by clicking a link toan external site (whether it’s an affiliate link, an advertisement, or anyother outbound link), this Privacy Policy no longer applies. The data youprovide to that third-party site is governed by that site’s privacy policy. Forinstance, if you click a Webshop’R link to purchase on Amazon (as anexample), once on Amazon, any personal data you provide (Amazon accountinfo, credit card, etc.) is subject to Amazon’s privacy terms, not Webshop’R’s.We strongly encourage you to review the privacy policies and terms of anyexternal websites you visit via links on our Service. Webshop’R has nocontrol over and assumes no responsibility for the content, privacypolicies, or practices of any third-party websites or services.

Embedded Third-Party Content: Sometimes we may integrate content from thirdparties in our platform for a better user experience (for example, embedding aYouTube video for a product review, or showing a map for a store location). Insuch cases, those third-party content providers may collect data about yourbrowser or interactions, just as if you visited their site/app directly. We tryto use privacy-enhanced options (like YouTube’s nocookie domain) whenavailable. Nonetheless, be aware those third parties may have their own tracking(e.g., YouTube might record video plays to your Google account history ifyou’re logged in). We will disclose in context when third-party content ispresent so you know to check their policies.

Social Media and Sharing: If Webshop’R offers social media sharing buttonsor login options (like “Share on Facebook” or “Sign in with Google”),interacting with those features may allow the third-party social network tocollect information such as your IP address and which page you’re visiting onour site, and to set a cookie to enable the feature. These social networks’involvement is governed by their own privacy policies. We only provide theintegration for your convenience.

In summary, when you interact with third-partysites or content through Webshop’R, any personal data you provide to thosethird parties is beyond our control. We recommend you exercise caution andread the privacy notices of those third parties. If you discover anythird-party content on Webshop’R that you believe is problematic or notadequately disclosed, please notify us so we can investigate or remove it.

6. Your Rights and Choices

You have a number of rights regarding your personaldata, and we want to empower you to exercise them. These rights vary dependingon your jurisdiction (e.g., GDPR grants specific rights to EU individuals, CCPAgrants rights to California residents), but Webshop’R’s policy is to extend keyprivacy rights to all users where reasonably possible. Below, we outline therights you have and how to use them:

6.1 Rights Under the GDPR (for users in the European Economic Area, UK, and similarjurisdictions)

If you are located in the EEA, UK, or anotherjurisdiction with similar data protection laws, you have the following rightsregarding your personal data that we hold, as provided by Article 15-21 of theGDPR:gdpr.eu.

• Right to Access: You have the right to request confirmation of     whether we are processing personal data about you, and if so, to ask for a     copy of the data we hold on you. We will provide you with a copy of the     personal data in a commonly used electronic format, typically within one     month of your request. This is often referred to as a “Data Subject Access     Request.”
• Right to Rectification: If any of your personal information is     inaccurate or incomplete, you have the right to request that we correct or     update it. For example, if you change email addresses or notice we have a     misspelled name, you can ask us to fix it. Many corrections you can do     yourself in your account settings if you have an account.
• Right to Erasure: You have the right to request deletion of     your personal data (“right to be forgotten”) under certain circumstances.     These include when the data is no longer necessary for the purposes it was     collected, if you withdraw consent and there’s no other legal ground for     processing, or if you object to processing and we have no overriding     legitimate grounds, or if we processed your data unlawfully. Please note     this right is not absolute – sometimes we may need to retain certain     information for legal obligations (e.g., transaction records for tax) or     legitimate interests (security, fraud prevention) as allowed by law. If     those exceptions apply, we will inform you.
• Right to Restrict Processing: You can ask us to limit the processing of     your data in certain scenarios, for instance, while a complaint about data     accuracy or an objection is being evaluated. When processing is     restricted, we will still store your data but not use it except for limited     purposes (like with your consent or for legal claims).
• Right to Data Portability: To the extent required by law, you have the     right to receive the personal data you provided to us in a structured,     commonly used, and machine-readable format, and to request that we     transmit it to another controller where technically feasible. This     typically applies to data processed by automated means and based on your     consent or a contract (for example, if you provided a set of preferences     or a profile info, you could ask us to export that).
• Right to Object: You have the right to object to certain     processing activities. You can object at any time to the processing of     your personal data which is based on our legitimate interests     (including profiling), if you believe your rights and freedoms outweigh     our interests. If you make such an objection, we will evaluate your     request and will no longer process the data unless we demonstrate     compelling legitimate grounds to continue (or if needed for legal claims).     Importantly, you have an unconditional right to object to your personal     data being used for direct marketing purposes. If you opt-out or     object to marketing, we will cease use of your data for that purpose     immediately.
• Right to Withdraw Consent: Where we rely on your consent to     process personal data (for example, for sending marketing emails or for     enabling certain cookies), you have the right to withdraw that consent     at any time. Withdrawal of consent will not affect the lawfulness of     processing based on consent before its withdrawal. If you withdraw     consent, we will stop the related processing. For example, you can     unsubscribe from a newsletter (withdrawing consent for marketing emails)     and we will stop sending them. Withdrawing consent for cookies can be done     via the cookie settings on our site.
• Right not to be subject to Automated     Decision-Making: Webshop’R     does not make any legal or similarly significant decisions about you     solely by automated means (without human involvement). In the event we     ever implement automated decisions (e.g., algorithmic approvals with     significant effect), you would have the right to request human     intervention or to contest the decision. As of now, this is not applicable     since our personalization does not have legal or serious effects on     individuals’ rights.

To exercise any of these rights, please contact usat our email address provided in the Contact section (Section 11). For certainrequests (especially access, deletion, etc.), we may need to verify youridentity to ensure we don’t disclose or delete data to the wrong person. Wewill respond to your request within one month of receipt (or notify you if weneed more time, which can be up to an additional two months for complexrequests). Generally, we will not charge a fee for fulfilling these rights, butif a request is manifestly unfounded or excessive (e.g., repetitive) we maycharge a reasonable fee or refuse to act on it (we would explain why in suchcase).

Additionally, you have the right to lodge acomplaint with a Data Protection Supervisory Authority, in particular inthe EU country where you reside, work, or where the alleged infringementoccurred. For example, if you are in France, you can contact the CNIL (France’sdata protection authority); in Germany, one of the state DPAs; in the UK, theICO; etc. We would appreciate if you try to address any concerns with us first,but you always have the right to contact the authorities directly.

6.2 Rights Under the CCPA/CPRA (for California Residents)

If you are a resident of California, USA, you havespecific privacy rights under the California Consumer Privacy Act (CCPA), asamended by the California Privacy Rights Act (CPRA). In line with those laws,and in addition to the rights above (many overlap), you have the followingrights regarding your personal information (as defined by the CCPA):

• Right to Know: You can request that we disclose to you the     specific pieces and categories of personal information we have collected     about you in the last 12 months, the categories of sources from which that     information was collected, the business or commercial purpose for     collecting (or sharing, if applicable) the information, and the categories     of third parties with whom we shared the personal information.     Essentially, you can ask, “What do you know about me and how have you     handled it?” We have provided much of this information in this Privacy     Policy. Upon verification of your request, we will provide either the     information or a report covering the above. Please note you have the right     to request this information twice in a 12-month period, free of charge.
• Right to Delete: You have the right to request that we delete     any personal information we collected from you and retained, subject to     certain exceptions. Upon receiving and verifying a valid deletion request,     we will delete (and direct our service providers to delete) your personal     information from our records, unless an exception applies. CCPA deletion     exceptions include if the information is necessary for us or our service     provider to: complete a transaction or provide a good/service you     requested; detect security incidents; comply with legal obligations; or     otherwise use the information internally in a lawful manner compatible     with the context you provided it (for example, maintaining records of your     communications if needed to demonstrate compliance). We will inform you if     any such exception applies to your request.
• Right to Correct: Under the CPRA (effective 2023), California     residents have the right to request correction of inaccurate personal     information maintained about them. If you believe we hold incorrect     information about you, you can request we correct it. After verifying your     identity and validating the correction request, we will make the     correction as directed, or if appropriate, we may delete the contested     information.
• Right to Opt-Out of “Sale” or “Sharing”: California law gives you the right to opt out     of the sale of personal information, and the right to opt out of the     sharing of personal information for cross-context behavioral advertising.     As noted, Webshop’R does not sell personal information. We also do     not share personal information for cross-site targeted advertising.     Therefore, there is no need for you to submit a do-not-sell request, and     by policy we treat all California user data as if “Do Not Sell” is in     effect. If we ever start any practice that falls under “sale” or “sharing”     as defined by CCPA, we will provide a clear “Do Not Sell or Share My     Personal Information” link on our website and update this Policy     accordingly.
• Right to Limit Use of Sensitive Personal     Information: The     CPRA introduces a right for Californians to limit the use and disclosure     of “Sensitive Personal Information” (SPI) if a business uses SPI for     purposes beyond those permitted. We do not collect or use sensitive     personal information in a way that triggers this right – for instance,     we’re not using precise geolocation, social security numbers, financial     account passwords, or the like in our operations. Any limited sensitive     data (like perhaps a cookie ID or account password) is only used for the     service requested. If in future we engage in broader use of SPI, we will     implement a “Limit Use of My Sensitive Personal Information” option as     required.
• Right of No Retaliation (Non-Discrimination): We will not discriminate against you for     exercising any of your CCPA rights. This means we will not deny you our     services, charge you different prices, or provide a different level of     quality because you exercised your rights. For example, if you request     deletion of your data, we will not suddenly downgrade your service or provide     worse recommendations (aside from the natural consequence that with less     data, personalization might be limited, but we won’t actively punish you     for opting out). We also won’t refuse to serve you or suggest you’ll     receive different treatment due to a privacy request. If we offer any     financial incentives that involve your personal data (like a loyalty     program or discounts in exchange for data use), we will present the terms     of such programs and you can choose to opt in or out. (As of now, we do     not have such programs.)

Submitting CCPA Requests: If you are a California resident and would like toexercise your Right to Know, Delete, or Correct, you (or your authorized agent)may submit a request to us by emailing our contact (see Section 11). Pleaseinclude “California Privacy Rights Request” in the subject line and let us knowwhich right you are exercising. We will need to verify your identity to processthese requests – this may involve confirming information we already have onfile (e.g., verifying your email by a return confirmation or asking for detailsof your last interaction with us). If you use an authorized agent (someoneacting on your behalf), we may require written proof of their authority to actfor you and verification of your identity directly, unless the agent has apower of attorney.

We aim to respond to verifiable consumer requestswithin 45 days of receipt, as required by CCPA. If we need more time (upto an additional 45 days, for a total of 90 days), we will inform you of thereason and extension in writing. Any disclosures we provide will cover the12-month period preceding the receipt of your request, or explain if we arelimited to a shorter period for any reason. For data portability requests, wewill select a format that is readily usable and should allow you to transmitthe info to another entity.

Categories of Personal Information Collected andDisclosed (CPRA Notice): The lawrequires us to list the categories of personal info we collect and whether wedisclose them for a “business purpose.” In the past 12 months, Webshop’R hascollected the following categories (as defined by CCPA):

• Identifiers: e.g., real name (if provided), email address,     account username, IP address, cookie ID.
• Customer Records Information: e.g., contact information (like name, email)     that you may have provided. We do not collect Social Security, driver’s     license, or financial info.
• Internet or Other Electronic Network Activity: e.g., browsing history on our site, search     history on Webshop’R, and interactions with our website or ads.
• Geolocation Data: general location derived from IP (city or     region level). We do not collect precise GPS coordinates.
• Commercial Information: If you clicked affiliate links and made     purchases, we may infer or know transaction details such as product     purchased and value (though not directly tied to your identity on our     end). We don’t collect your purchase histories ourselves beyond that     inference.
• Inference Data: we might draw inferences from your usage to     create a profile of product preferences or interests (e.g., inferring you     like tech gadgets because you browse them often).

We collect these categories from the sources andfor the purposes described in Sections 1 and 2 of this Policy (for example,directly from you, or automatically from your device interactions). In the past12 months, we have not sold any personal information and have not sharedpersonal info for cross-context behavioral advertising. We have “disclosed”some personal info to service providers for business purposes (e.g., your emailto our email-sending provider, or IP to our hosting provider). The categoriesof PI disclosed for business purposes include: Identifiers, Internet Activity,Geolocation, and limited Contact Information – each only to the serviceproviders or partners as needed (see Section 4). We do not disclose sensitiveinfo other than possibly account login credentials with our secure authprovider (which is a service provider).

If you have further questions about how we handleCalifornia privacy rights, you can reach out to us.

6.3 Other Region Specific Rights

We strive to respect privacy rights globally. Ifyou are in a jurisdiction not explicitly covered above but which grants yousimilar rights (for instance, Canada, Australia, Brazil’s LGPD, etc.), you maycontact us to exercise those rights as well. For example:

• Residents of certain U.S. states (like     Virginia, Colorado, Connecticut, Utah in 2023) have new privacy laws     affording rights to access, correct, delete, etc. Webshop’R will honor     valid requests from those states similarly to CCPA/GDPR as described     above.
• Under Canada’s PIPEDA, you have rights to     access and correction; we provide those as well.
• Under Australia’s Privacy Act, you have rights     to access and correction; again, provided via contacting us.
• Under Brazil’s LGPD, rights to confirm     existence of processing, access, correction,     anonymization/blocking/elimination of unnecessary data, portability,     deletion, info about sharing, revocation of consent, etc. These align with     what we’ve outlined, and you may exercise them through our contact     methods.

No matter where you are, we want you to havecontrol over your information. We will do our best to accommodate requests inaccordance with applicable law and with principles of fairness andtransparency.

6.4 Managing Your Preferences

In addition to formal rights requests, you havemany straightforward ways to manage your information on Webshop’R:

• Account Settings: If you have an account, you can log in and     use the settings or profile section to update certain personal details     (like your name, email, password) and preferences (like opting in/out of     newsletters or personalized recommendations). We encourage you to keep     your information up-to-date.
• Email Unsubscription: For marketing emails, you can always click     the “unsubscribe” link included at the bottom of any promotional email we     send. That will stop further marketing emails from us (aside from     essential service notifications). You can also manage email preferences in     your account settings if logged in, or by contacting support.
• Cookie Controls: Use our site’s cookie consent banner or     settings to accept or reject various categories of cookies. If you want to     revoke consent for analytics or advertising cookies, you can do so at any     time by adjusting those toggles. Additionally, as mentioned, browser     settings allow you to clear or block cookies. Each browser (Chrome,     Firefox, Safari, Edge, etc.) has slightly different methods – usually     under Privacy or Security settings – where you can clear browsing data     (including cookies) or set rules to block cookies from certain sites.
• Opt-Out of Analytics: If we use Google Analytics or similar     (currently we either don’t or use a privacy-centric alternative), note     that Google offers a Browser Add-on to opt out of Google Analytics     tracking. Again, we aim to not rely on invasive analytics, but we mention     this as a general option.
• Opt-Out of Personalized Ads: Although we don’t serve personalized     third-party ads as of now, if that changes and you have opted in but later     want to opt out, you can update your cookie settings on our site or use     industry opt-outs like the DAA’s WebChoices or AppChoices tools for mobile,     or the NAI’s opt-out page. Also, enabling a Global Privacy Control signal     will be honored for opting out of selling/sharing as described.

We will not make you go through hoops to exerciseyour rights. Simply reach out and we will guide you through any identityverification needed and then process your request. Our goal is to betransparent and helpful, not adversarial, in addressing your privacy needs.

7. Data Retention

We retain your personal information only for aslong as necessary to fulfill the purposes we collected it for, including forthe purposes of satisfying any legal, accounting, or reporting requirements.The length of retention may vary depending on the type of data and the contextin which it was collected:

• Account Information: If you create a Webshop’R account, we will     keep your account data as long as your account is active. If you choose to     delete your account or if it’s inactive for an extended period, we will     initiate deletion of the personal data associated with your account.     Inactive accounts may be purged after a certain number of months or years     of inactivity (we will provide notice via email before doing so, if     applicable). However, some minimal information may be kept even after     account deletion to fulfill legal obligations or protect our interests     (see exceptions below).
• Usage Data: We generally keep log files and analytics     data for a shorter period, often 12-24 months, unless we need them for     security analysis or legal obligations. Aggregated data that no longer     identifies a user may be retained longer for historical analysis.
• Communications: If you contact support or correspond with us,     we may retain those communications for as long as necessary to assist you,     and for our records. Typically, support emails may be kept for a couple of     years in case you reach out again or to improve our services by learning     from past issues.
• Marketing Data: If you have opted into marketing     communications, we retain your contact information for that purpose until     you opt out or the info is no longer accurate. If you unsubscribe, we will     remove you from the mailing list promptly, but may keep a record of your     request to ensure we honor it going forward.
• Cookies: Cookies have varying lifespans. Some cookies     (session cookies) are erased when you close your browser. Others     (persistent cookies) remain on your device until they expire or you delete     them. We set cookies to expire within a reasonable time – for example,     affiliate tracking cookies often expire in a matter of days to weeks     (depending on affiliate program rules, often 1-7 days), analytics cookies     might last 6-12 months unless cleared. You can manually clear them at any     time (see Section 3 for cookie management).
• Legal Retention Requirements: Certain data we have to keep because the law     requires it. For instance, records of transactions or payments (if any     occurred) might be kept for X years for tax or auditing purposes. If a     user made a request under privacy laws, we might keep documentation of     that request and our response for a set period to demonstrate compliance.     If the data is needed for litigation or potential legal claims, we may     keep relevant information until the statute of limitations expires or the     issue is resolved.

When we no longer have a legitimate need to retainyour personal information, we will either delete it, anonymize it, or, ifdeletion/anonymization is not feasible (for example, because the data is storedin secure backups), then we will securely store the data and isolate it fromfurther use until deletion is possible.

Backup and Archival: Webshop’R performs routine backups of its systemsfor integrity and disaster recovery. These backups might contain your personaldata even after it’s been deleted from the live system. We protect backups withstrong security and only retain them for a limited time according to our backupretention policy. After that, they are overwritten or deleted. If we restoredata from a backup due to a system issue, we attempt to ensure that anypreviously deleted data is not unintentionally recovered, or if it is, we will re-deleteit.

Anonymized Data: In some cases, rather than outright deletion, we may choose toanonymize your personal data (so it can no longer be associated with you) forstatistical purposes. For example, we might convert a dataset into aggregateform. We reserve the right to retain anonymized data for analysis, research,and business improvements indefinitely, as it no longer constitutes personalinformation.

If you have specific questions about our retentionpractices for a certain type of data, feel free to contact us. We can providemore detail or rationale for retention as it pertains to you.

8. Data Security

Webshop’R takes appropriate security measures toprotect your personal information from unauthorized access, alteration,disclosure, or destruction. We have implemented technical and organizationalmeasures that align with industry best practices to safeguard data. Theseinclude:

• Encryption: All communications between your browser and     our website are secured via HTTPS/TLS encryption. This means data     transmitted to us (like when you enter information on the site) is     encrypted in transit. We also encrypt sensitive data at rest where     applicable. For example, passwords are stored using salted one-way hashes     (so even we cannot see your actual password). Any payment or financial     information (though we typically don’t collect this) would be handled via     PCI-compliant third-party processors and not stored on our servers.
• Access Controls: We limit access to personal information     strictly to employees, contractors, and service providers who need to     know that information in order to process it on our behalf. They are     subject to strict confidentiality obligations and may be disciplined or     terminated if they fail to meet these obligations. Our databases and     systems require authentication (keys, passwords) for access, and we employ     measures like two-factor authentication for administrative access.
• Network and System Security: We protect our servers and network with     firewalls and monitoring systems to guard against external attacks.     Regular security patches and updates are applied to our software and     infrastructure to address vulnerabilities. We also use security software     to detect malware or intrusions. If we use third-party cloud services, we     rely on their robust physical and environmental security, and we configure     our instances securely (e.g., using encryption, secure credentials, etc.).
• Testing and Auditing: We periodically review our security measures     and may conduct vulnerability assessments or penetration testing     (sometimes via third-party security experts) to find and fix potential     weaknesses. Audit logs are maintained to track access and changes to critical     systems containing personal data.
• Data Minimization: Beyond pure security, one of the best     protections is minimizing the data we collect and retain. As discussed, we     try not to collect unnecessary personal info, and we anonymize or delete     data when it’s no longer needed. Less data means less risk.
• Incident Response: We have a data breach response plan in place.     In the unlikely event of a security breach that leads to personal data     being compromised, we will promptly notify affected users and any required     authorities as required by law. We will also take steps to mitigate the     breach and prevent future occurrences.

Despite our efforts, please note that no methodof transmission over the internet or method of electronic storage is 100%secure. We cannot guarantee absolute security of your data. Cyber threatsevolve rapidly, and while we work hard to protect your information, there isalways a residual risk of unforeseen events. You also play a role in security: protectyour account credentials. Use a strong, unique password for Webshop’R, donot share it, and change it periodically. If you suspect any unauthorizedaccess to your account or any security vulnerabilities, please contact usimmediately.

When using our Service, be cautious about whatinformation you choose to share, especially in any public or community features(if applicable). For example, if Webshop’R allows product reviews or comments,any information you post there could be visible to others. We are notresponsible for circumvention of privacy settings or security measurescontained on the site by other users (e.g., someone taking a screenshot of contentyou intended to be private).

By using Webshop’R, you acknowledge that youunderstand and agree to assume these security risks.

9. International Data Transfers

Webshop’R is a globally accessible service. Whileour primary market and operations are based in France (and we endeavor to storedata in the European Union when feasible), the personal data we collect may be transferredto, and stored and processed in, countries other than your own. Thesecountries may have data protection laws that are different from the laws ofyour country, and in some cases may not be as protective.

European Users: If you are located in the EEA, UK, or Switzerland, we comply with theGDPR’s requirements regarding international data transfers. When we transferpersonal data out of the EEA/UK (for example, to our service providers in theUnited States or other countries), we ensure at least one of the followingsafeguards is in place:

• Adequacy Decision: We may transfer data to countries that the     European Commission (or UK government, as applicable) has deemed to have     an adequate level of data protection. (For example, at the time of     writing, the EU has recognized the UK, Switzerland, and a few others as     adequate. The US is not broadly adequate except for the new EU-US Data     Privacy Framework for certified companies, which we might leverage if     applicable.)
• Standard Contractual Clauses (SCCs): In the absence of an adequacy decision, we     use the European Commission’s approved Standard Contractual Clauses (and     UK International Data Transfer Addendum, as needed) as a legal mechanism     for transfers. These are contractual commitments between companies     transferring personal data, binding them to protect the data according to     EU privacy standards. For instance, our cloud hosting or email provider     might be in the US, so we sign SCCs with them to ensure your data enjoys     GDPR-level protection even there.
• Supplementary Measures: We also assess on a case-by-case basis if     additional technical or organizational measures are needed to protect data     in transfer. For example, we may implement end-to-end encryption for     certain data so that even if it passes through servers abroad, it remains     encrypted.
• Explicit Consent in rare cases: If none of the above is available, we may     seek your explicit consent for a particular transfer, but generally we     rely on structural safeguards rather than asking you to waive rights.

You can request a copy of the relevant SCCs orother transfer safeguards by contacting us (some parts may be redacted forconfidentiality).

Users from Other Countries: By using our service or providing us yourinformation, you understand that your data may be transferred to France andother countries where we or our service providers operate. If you are in acountry like Canada, Australia, India, etc., and you submit data to us, thatdata will likely be processed in France and/or the United States. We willhandle it with care and under the terms of this Privacy Policy regardless oflocation.

If we need to transfer personal data from, say,Brazil (under LGPD) or other jurisdictions, we will likewise ensure compliancewith those local transfer requirements.

Privacy Shield and other frameworks: Note that Webshop’R is not a self-certified entityunder the defunct EU-U.S. Privacy Shield framework (which was invalidated) orthe newer Data Privacy Framework. However, some of our U.S.-based serviceproviders might be certified under the new EU-U.S. Data Privacy Framework(DPF). Where applicable, we take that into account as part of our adequacymeasures, but primarily we rely on SCCs for EU-US transfers.

In summary, no matter where your information isprocessed, we apply the same level of privacy protection described in thisPolicy. We have taken steps so that your privacy rights continue to beprotected, even when your personal information is transferred to anotherjurisdiction. If you have questions about international data transfer orrequire more specifics, please contact us.

10. Children’s Privacy

Webshop’R is not intended for children oranyone under the age of 16. We do not knowingly collect or solicit personalinformation from children under 16 years of age. If you are under 16, please donot attempt to register on Webshop’R or send any personal data about yourselfto us. If we learn that we have inadvertently collected personal informationfrom a child under 16, we will take steps to delete that information promptly.

For jurisdictions with different age thresholds: Weaim to comply with applicable laws regarding minors’ data. For example, in theUnited States, the Children’s Online Privacy Protection Act (COPPA) sets 13 asthe age below which parental consent is required. We similarly do not knowinglycollect information from children under 13 either. In the EU (GDPR), thedefault age is 16 for needing parental consent (with some countries havinglowered it to 13-15); since we set our usage at 16+, we should be in compliancewith all. As a result, Webshop’R’s services and content are directed at ageneral audience and not aimed at children.

If you are a parent or guardian and discover thatyour child under 16 (or under the applicable age in your country) has createdan account or otherwise provided personal data to Webshop’R without yourconsent, please contact us immediately. We will then work with you to removethat information and terminate any account if needed. We may ask for proof ofguardianship to ensure we are communicating with a legitimate parent/guardian.

It is also our policy not to display any contentthat is inappropriate for a general audience. While product listings areobviously wide-ranging, we do not specifically target adult-only content tominors, and our AI recommendations will not knowingly direct mature orage-restricted products to users identified as minors (not that we have minorusers by policy). If the platform ever includes community features orinteractions, we will moderate to prevent underage use and to keep theenvironment safe.

Teenagers 16-17: Webshop’R may be used by individuals aged 16 or older. However, if youare under 18, you should review these terms and our Privacy Policy with aparent or guardian to make sure you understand them. We encourage families todiscuss online privacy and be cautious with sharing personal info.

We do not sell the personal information of minorsunder 16, and in fact, as stated, we do not knowingly collect it at all. If aminor in California (under 18) uses any feature where content can be posted(e.g., reviews), they have the right to request removal of their posted contentunder California’s “Online Eraser” law. However, since we disallow sub-16 usersand in general do not have forums yet, this likely does not apply. We willstill honor such requests if applicable.

11. Changes to this Privacy Policy

We may update or revise this Privacy Policy fromtime to time to reflect changes in our practices, technologies, legalrequirements, or for other operational reasons. When we make changes, we willpost the updated policy on this page and update the “Effective Date” at thetop. If the changes are significant, we will provide a more prominent notice(such as a banner on our website or an email notification) to inform you of theupdate, prior to the change becoming effective whenever possible.

Examples of significant changes might include:changing the types of personal data we collect, altering how or why we usedata, selling data (which we currently do not do), or changes in users’ rights.Minor changes (like clarification of language, or adjustments that do notmaterially reduce your privacy rights) may be simply updated on the sitewithout an individual notice, but you can always see the last updated date.

We encourage you to review this Privacy Policyperiodically to stay informed about how we are protecting your information.Your continued use of Webshop’R after any changes to this Privacy Policy willsignify your acceptance of the updated terms, as long as we have notified youappropriately. Of course, if you do not agree with any changes, you should stopusing the Service and can request us to delete your data if you wish.

For historical reference or your records, we canprovide prior versions of this Policy upon request. Major changes will also bedocumented in an archive or changelog format if needed.

If we ever were to merge or be acquired (thussubjecting the data to potentially a new privacy policy under a new entity), wewould notify you and you may have choices regarding your data at that time(e.g., to delete it if you don’t want to be subject to the new policy).

In summary, we won’t surprise you. We value thetrust you place in us and will not deviate from our core privacy principleswithout good reason and without letting you know.

12. Contact Us

If you have any questions, concerns, or requestsregarding this Privacy Policy or how Webshop’R handles your personal data,please do not hesitate to contact us. We are here to help and address anyissues you may have.

You can reach our privacy team via:

• Email: privacy@webshopr.com (or alternatively hello@webshopr.com)     – This is the preferred and quickest method. Please include a clear     subject line (e.g., “Privacy Inquiry” or “Data Deletion Request”) and     detail your question or request.
• Mailing Address: Webshop’R Privacy Team, [Address], [City],     [Postal Code], [Country]. (Note: As Webshop’R is not yet incorporated,     a formal mailing address is not provided here. Please email us to obtain a     mailing address if needed.)
• Website Contact Form: If our website features a contact form or     support chat, you may submit inquiries there. Please mention it’s     regarding privacy so it can be routed appropriately.

Data Controller: For purposes of GDPR and similar laws, the “data controller” (theentity responsible for your personal data) is currently the operator of the Webshop’Rplatform. As of now, Webshop’R is not a registered corporation; it is operatedby the Webshop’R project team based in France. Should Webshop’R incorporate inthe future, we will update the controller name and address here.

We will respond to your inquiries as soon asreasonably possible, generally within a few business days. If you arecontacting us to exercise a specific data subject right, please see Section 6for information on what to include and verification steps.

If you feel that we have not addressed your concernsatisfactorily, you also have the right to contact your local data protectionauthority (as noted in Section 6). However, we sincerely hope to resolve anyissue directly and amicably.

Thank you for taking the time to read Webshop’R’sTerms of Use and Privacy Policy. We believe in being transparent and respectfulof your rights. By using Webshop’R, you’re trusting us with your shoppingjourney and some of your information – we take that responsibility seriouslyand are committed to providing a safe, useful, and privacy-respecting service.

If you have any further questions or suggestionsabout our policies, we welcome your feedback at any time. Enjoy using Webshop’R!

‍