This Privacy Policy explains how Firemane Group, including Firemane US Inc. and its affiliates (collectively, "Firemane," "we," "us," or "our"), collects, uses, and discloses personal information when you visit our website at firemane.com, use our Shopify store at shop.firemane.com (collectively the "Sites"), or otherwise interact with us. This Privacy Policy applies to all personal information collected through our Sites and related services (collectively, the "Services").

When we use the term ‘personal information’, we are referring to information that identifies, relates to, describes or can be associated with you.

Please read this Privacy Policy carefully. By using the Services, you agree to the collection, use, and disclosure of your personal information as described herein. If you do not agree, please do not use the Services.

1.         How We Collect and Use Your Personal Information

We collect personal information when you provide it to us (e.g., through contact forms, orders, or account registration), automatically via cookies and tracking technologies, or from third parties like Shopify. This information helps us deliver our Services, improve user experience, and comply with legal obligations.

We collect:

·      Contact Information: Name, email address, phone number.

·      Order Information: Billing and shipping addresses, payment confirmation.

·      Account Information: Username, password, security questions.

·      Customer Support Information: Details from your communications with us.

·      Usage Data: Device type, browser, IP address, pages visited, and interaction metrics.

·      Third-Party Data: Information from service providers (e.g., Shopify’s payment processing).

We use your personal information to:

·      Process and fulfill orders, manage accounts, and provide customer support (contractual necessity).

·      Send marketing communications, with your consent where required (consent or legitimate interests).

·      Enhance our Sites and Services through analytics (legitimate interests).

·      Prevent fraud and ensure security (legitimate interests).

·      Comply with legal obligations, such as tax or regulatory requirements.

Under GDPR, our lawful bases for processing include:

·      Performance of a Contract: For order fulfillment and service delivery.

·      Legitimate Interests: For marketing, security, and service improvement (where consent isn’t required).

·      Consent: For specific activities like marketing emails, which you can withdraw at any time.

Note that some features of the Sites and Services may require you to directly provide us with certain personal information. You may elect not to provide such information, but doing so may prevent you from using or accessing these features.

We do not use or disclose sensitive personal information without your consent or for the purposes of inferring characteristics about you.

2.         What Personal Information We Collect

For reference, we set out below the types of personal information that we may collect when you access our Sites or use our Services as well as how they are collected.

Ø Information You Provide Directly

You may provide:

·     Contact Details: Name, address, phone number, email.

·     Order Information: Billing/shipping addresses, payment confirmation.

·     Account Information: Username, password, security questions.

·     Support Information: Details shared when contacting us.

Ø  Information Collected Automatically

We automatically collect:

·     Device Information: Device type, operating system, browser.

·     Usage Data: Pages visited, time on site, clicks.

·     IP Address and Location Data: To understand general user locations.

·     Cookies and Tracking Technologies: To personalize and analyze usage (see "Cookies" below).

3.         Information from Third Parties

In addition to the personal information collected from you or by automatic means when you access our Sites our use our Services, we may also receive additional data about you from third party sources.

As an example, we may receive data from:

·      Shopify: Payment and order details for the Shopify store.

·      Service Providers: For payment processing, shipping, and analytics.

·      Analytics Providers: To understand Site usage patterns.

Third-party data is handled per this Privacy Policy and their respective policies (e.g., Shopify Privacy Policy).

4.         Cookies

As we use cookies and similar technologies to enhance your experience, store preferences, and analyze Sites usage, we may also automatically collect certain information about your interaction with the Sites and/or Services ("Usage Data"). Usage Data may include information about how you access and use our Site and your account, including device information, browser information, information about your network connection, your IP address and other information regarding your interaction with us via the Sites and/or Services.

 You can manage cookies via browser settings, though disabling them may affect Sites functionality. Where available, we will honor the Global Privacy Control (GPC) signal for opting out of certain data practices. Learn more at Global Privacy Control. For Shopify-specific cookies, see Shopify’s Cookie Policy.

5.         How We Disclose Personal Information

In the course of using our Sites or the Services, we may be required to share your personal information with other third parties. Examples of such third parties and the reason for which your personal information is shared are given below.

·      Service Providers: For payment processing, shipping, and support (e.g., Shopify, logistics firms).

·      Business Partners: For marketing, with your consent where required.

·      Affiliates: Within Firemane Group for operational purposes.

·      Legal Authorities: To comply with laws or protect our rights.

·      Business Transactions: In mergers or acquisitions.

From time to time, we may also share certain types of personal information for the purposes of advertisement and marketing activities where permitted by law. The types of information shared for such purposes are limited to:

·      Identifiers such as name, e-mail address and phone number

·      Commercial information such as records of products or services purchased

·      Usage Data

Under CCPA, certain sharing may be considered “sales” or “sharing”; we provide opt-out options where applicable (see "Your Rights").

6.         Third-Party Websites and Links

Our Sites may contain links to third-party websites and you access such websites at your own risk. We are not responsible for their privacy practices or content. Review their policies before sharing information. Links do not imply endorsement.

In certain cases, information which you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Sites and/or Services, or by other users of those third-party platforms without limitation as to its use by us or by a third party.

7.         Children’s Data

Our Sites and Services are not for children under 13 (or 16 in some jurisdictions). We do not knowingly collect children’s data. If you believe we have such data, contact us to request deletion.

8.         Security and Retention of Your Information

We use encryption, access controls, and regular security assessments to protect your data. However, no online system is 100% secure. In case of a breach, we will notify affected individuals and authorities as required (e.g., GDPR’s 72-hour rule).

We retain data only as long as needed for the purposes outlined here (e.g., order fulfillment, legal compliance) or as required by law. For example, order data may be kept for tax purposes but anonymized when no longer needed.

9.         Your Rights

The protection and rights you have may differ depending on the laws applicable to you, your domicile or the location in which you reside. We illustrate below certain rights you may have under different applicable regulations.

Ø GDPR Rights (EEA Residents)

If you are an EEA Resident, you may have the right under the GDPR to:

·     Access your personal information.

·     Correct inaccuracies.

·     Erase your data (right to be forgotten).

·     Restrict processing.

·     Request data portability.

·     Object to processing (e.g., marketing).

·     Avoid automated decision-making/profiling.

Ø CCPA Rights (California Residents)

If you are an resident of the state of California, you may have the right under the CCPA to:

·     Know what personal information we collect, use, or disclose.

·     Delete your personal information.

·     Opt-out of sales (we do not currently sell data).

·     Non-discrimination for exercising these rights.

To exercise these rights, contact us below. We may verify your identity before responding. Where available, you can also use the Global Privacy Control (GPC) signal to opt-out of certain practices.

10.     Complaints

If you have concerns about our data practices, contact us first. If unresolved, you may complain to your local data protection authority.

Note that we may need to collect information from you to verify your identity, such as your email address or account information, before providing a substantive response to the request. In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request in a timely manner as required under applicable law.

11.     International Users

We may transfer your data to the US or other jurisdictions where we or our service providers operate. For EEA data transfers to non-adequate countries, we use Standard Contractual Clauses to ensure protection. By using our Services, you consent to such transfers.

12.     Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or for legal, operational, or regulatory reasons. Updates will be posted on the Sites with a revised "Last updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.