Privacy notice

Encardio-Rite Electronics Pvt. Ltd., with its registered office at A-7, Industrial Estate, Talkatora Road, Lucknow, Uttar Pradesh, India, or any of its branches, affiliates, subsidiaries, or authorized partners rendering services or supplying equipment (the “Company”) respects the privacy of our users (the “User”). This Privacy Policy explains how Encardio-Rite collects, uses, discloses, stores and secures personal information about customers, website users and other individuals who interact with our services. It describes the categories of personal information we collect, and the purposes for which we use it for lawful bases for processing. This Policy applies to personal information collected when you: (a) visit or use our website; (b) create an account or place an order on our website; (c) contact customer service; or (d) otherwise interact with us as a consumer, prospective purchaser, supplier or representative using any other media form, media channel, mobile website, or mobile application related or connected thereto (collectively referred toa s “Website”). If you have any additional questions or require more information about our Privacy practices, do not hesitate to contact us at privacy@encardio.com.

1) Consent

a) By accessing or using the Website, creating an account, or placing an order, you acknowledge that you have read, understood and agree to be bound by Encardio-Rite’s Privacy Policy, Cookie Policy, Terms of Sale/Service, Shipping Policy, Refund & Returns Policy, Copyright Policy and any other policies, notices or terms that govern use of the website or your purchase (collectively, the “Site Policies”). You expressly consent to Encardio-Rite’s collection, use, disclosure and retention of your personal information and other data as described in those Site Policies and to any processing that is necessary to provide, administer and fulfil our services and to comply with legal obligations.
b) Where applicable law requires a separate or explicit consent (for example, for marketing communications, certain profiling, or the processing of sensitive personal information), we will obtain your specific opt-in consent before carrying out that processing. If you do not agree with our Site Policies or do not wish to provide the consents described herein, please do not use our website or provide personal information to us.
c) You may withdraw any consent you have given (where withdrawal is permitted by law) by following the instructions in this Policy or by contacting privacy@encardio.com. Withdrawal will not affect the lawfulness of processing carried out before withdrawal.

2) Types of personal information we collect

We collect the following categories of personal information necessary to provide our services and operate our business:
a) Identifiers and contact data: name, email address, telephone number, billing and shipping address, user name, account identifiers.
b) Transactional & order data: order details, transaction date, product name, product description and image, quantity, price, currency, tax, discounts, payment and authorization status, refund information, order history.
c) Shipping & logistics data: shipping carrier, tracking number, shipping costs, delivery status and order tracking notifications.
d) Payment information: payment card or other payment instrument identifiers, payment confirmation and status (note: actual payment card data is processed by our payment processors and may not be stored by Encardio-Rite; see “Third-party processors” below).
e) Technical & usage data: IP address, device and browser information, operating system, cookies and similar tracking technologies, pages viewed, referral URLs, log information and other analytics data.
f) Communications & support data: records of communications with customer service, chat transcripts, support tickets, records of returns and refunds, complaints.
g) Marketing & preference data: marketing preferences, opt-in/opt-out status, purchase preferences, and other similar data used to send you offers or personalize content (only with consent where required).
h) Other information that you provide to us directly (for example when you complete account registration, contact us, or submit a form).
i) Sensitive personal information: We do not intentionally collect sensitive personal information as defined under CPRA (for example social security numbers, racial or ethnic origin, health data, precise geolocation, biometric data, or religious beliefs) except where required to fulfil your order and where legally necessary (e.g., limited government identifiers needed for export/import compliance). If we need to process any such information, we will notify you separately and provide the required notices and opt-outs.

3) How we collect personal information 

We obtain personal information from multiple sources:
a) Directly from you when you place an order, register an account, fill in forms, communicate with us, or subscribe to marketing.
b) Automatically when you use our website (via cookies, web beacons, server logs and analytics).
c) From third parties and service providers such as Shop Pay/Shopify, payment processors, shipping carriers, analytics providers, email/SMS providers, fraud detection services and other vendors that enable our services.
d) From publicly available sources or other third-party data providers when necessary.

4) Purposes of processing and lawful bases

We process personal data for the purposes described below:
a) To provide, process and fulfil orders — process purchases, take payment, arrange and track delivery,
provide receipts and fulfilment assistance. (Lawful basis: performance of a contract.)
b) To manage accounts and provide customer service — registration, authentication, account administration, returns and refunds, responding to enquiries. (Lawful basis: performance of a contract/ legitimate interests).
c) To process payments and manage refunds — via third-party payment processors. (Lawful basis: performance of a contract.)
d) To detect and prevent fraud, security incidents and abuse — risk analysis, transaction monitoring, identity verification. (Lawful basis: legitimate interests to protect users and our business)
e) To comply with legal, regulatory, tax and accounting obligations — recordkeeping, tax reporting and lawful requests from public authorities. (Lawful basis: legal obligation.)
f) To send transactional communications — order confirmations, shipping notifications, service messages. (Lawful basis: performance of a contract / legitimate interests.)
g) To send marketing communications and personalised offers — where you have given consent, or where allowed by law and you have not objected. (Lawful basis: consent (for email, SMS and push where required) / legitimate interests for non-targeted communications subject to applicable law and your rights.)
h) To improve our website and services — analytics, testing, product development and customer feedback. (Lawful basis: legitimate interests.)
i) For recordkeeping, dispute resolution and legal claims — to establish, exercise or defend legal rights. (Lawful basis: legal obligation / legitimate interests.)
j) If you do not provide the personal information required to fulfil an order, we will not be able to complete the transaction.

5) Third-party processors and sharing

We share personal information with trusted third parties and service providers who perform services on our behalf, including (but not limited to):
a) E-commerce platform & payment services: Shopify / Shop Pay (Shopify’s Privacy Policy applies to Saved Information you permit to be stored by Shop Pay); payment processors such as Stripe, PayPal etc.
b) Shipping & logistics providers: carriers used to ship orders to you.
c) Analytics and performance providers: Google Analytics and similar services.
d) Marketing and communications providers: email and SMS delivery services, CRM platforms.
e) Fraud detection and security providers.
f) Cloud hosting, IT and infrastructure providers.
g) We require our processors to maintain appropriate security, confidentiality and data-processing obligations by contract. We will not authorize processors to use personal information for their own purposes unless they have informed you and obtained your consent where required by law.
h) Third-party privacy practices and breaches: You should review third-party privacy policies (for example Shopify, Shop Pay, the payment processors you use) to understand how they process, secure and retain personal data. While Encardio-Rite requires contractual and technical safeguards with processors, we cannot guarantee the security practices of third parties and are not responsible for their independent acts or omissions. Nonetheless, we undertake reasonable due diligence and contractual measures to minimize risks and, where applicable, will notify affected individuals and authorities when required by law in the unlikely event of a breach caused by a third party acting on our behalf.

6) International transfers

We do not transfer personal information to countries outside the country in which it was collected without appropriate safeguards. Where such transfers are necessary, we will notify you and implement legally required safeguards

7) Retention periods

We retain personal information only as long as necessary for the purposes set out in this Policy and as required by law:
a) Order & transactional records (including invoices and receipts): retained for 7 years (or statutory period required in the relevant jurisdiction).
b) Customer account information: retained while the account is active and for 3 years after account closure unless a longer retention period is required by law.
c) Marketing data: retained until you withdraw consent or for 3 years after last meaningful engagement.
d) Support and correspondence records: retained as necessary for customer service, dispute resolution and for a period consistent with regulatory obligations.
e) Backups and logs: retained as necessary for system integrity and security subject to appropriate deletion and archival policies.
f) Where the law prescribes a different retention period, we will comply with the statutory requirement.

8) Cookies and similar technologies

We and our service providers use cookies, web beacons and similar technologies for functionality, analytics and advertising. Please see our separate Cookie Policy for full details, including the cookies we use, purposes, and how to manage cookie preferences.

9) Children’s privacy

a) Our services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected a child’s personal information without parental consent, we will take steps to delete such information.
b) If you believe we may have collected information from a child under 13, please contact
privacy@encardio-rite.com 

10) Rights of Users

a) If you are located in the EU/EEA, you have the following rights with respect to personal information we process about you (subject to legal limits and verification):

i) Right of access — request a copy of personal data we hold about you.
ii) Right to rectification — request correction of inaccurate or incomplete data.
iii) Right to erasure (“right to be forgotten”) — request deletion where lawful.
iv) Right to restriction of processing — request limitation on processing in certain circumstances.
v) Right to object — object to processing based on legitimate interests or direct marketing.
vi) Right to portability — obtain a machine-readable copy of personal data you provided to us.
vii) Right to withdraw consent — where processing is based on consent, you may withdraw consent at any time.
viii) Right to lodge a complaint with a supervisory authority.
ix) To exercise these rights, contact privacy@encardio.com. We will verify your identity and respond within one month. If your request is complex we may extend by up to two further months, but we will inform you within the initial one-month period and explain the reason for the extension.

b) If you are a California resident, the CCPA/CPRA provides additional rights including:

i) Right to Know / Access — the categories and specific pieces of personal information we have collected about you, sources, purposes, categories of recipients, and retention periods.
ii) Right to Delete — request deletion of personal information, subject to exceptions.
iii) Right to Correct (CPRA) — request correction of inaccurate personal information.
iv) Right to Opt-Out of Sale or Sharing — Encardio-Rite does not sell personal information for money. We do not share personal information for cross-context behavioral advertising without your consent. If our practices change, we will provide a clear “Do Not Sell or Share My Personal Information” link.
v) Right to Limit Use of Sensitive Personal Information (CPRA) — where we process sensitive personal information, you may request limits on its use.
vi) Right to Non-Discrimination — you have the right not to be discriminated against for exercising your privacy rights.
vii) To submit a verifiable request (California): use our email privacy@encardio.com
viii) We will verify your identity and respond within 45 calendar days of receipt of a verifiable request.
We may extend by an additional 45 calendar days if reasonably necessary (we will notify you of the extension and reason within the initial 45-day period).
ix) Authorized agents: if you use an authorized agent to submit a request on your behalf, we will require written authorization from you and verification of both your identity and the agent’s identity.

11) How we verify requests

a) To protect your privacy and security, we will verify the identity of anyone who makes a request to access, correct, delete, or object to processing of personal information. Verification may require:

i) Matching information in the request to the data we hold (for example name, email, order number, shipping address, phone number).
ii) Copy of government-issued photo ID and/or secondary proof of address for sensitive requests or where required by law.
iii) Additional information if necessary to confirm identity.

b) We will only use the information provided for verification purposes and delete verification documents in accordance with our retention policy after the request is completed, unless otherwise required by law.

12) Data security

a) We implement reasonable administrative, technical and physical safeguards to protect personal information against unauthorized access, disclosure, alteration or destruction.
b) No security system is impenetrable. If we become aware of a security breach affecting your personal information, we will investigate and take remedial action and notify affected individuals and regulators as required by law.

13) Data breach notification

Where required by applicable law (including GDPR and California law), we will notify affected individuals and relevant supervisory authorities of a data breach without undue delay and where feasible within the timeframes required by law

14) Automated decision-making and profiling

We do not carry out automated decision-making that produces legal effects or similarly significant effects about you. We may use automated tools to generate product recommendations and personalize content; you have the right to object to profiling for direct marketing purposes.

15) Non-discrimination

We will not deny goods or services, charge a different price, or provide a different level of service because you exercise your privacy rights, except as permitted by law.

16) Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, legal requirements, or services. Our privacy policy is crafted in compliance with applicable data protection laws, and any modifications will be communicated to users. By using our services, users acknowledge and accept these terms, fostering a transparent and accountable user-company relationship

17) Links to other websites

Our website may contain links to third-party websites. This Policy does not apply to those third parties.
We encourage you to review the privacy notices of any third parties you interact with. We disclaim responsibility for the privacy practices and data security of any third party not operating on our behalf.

18) Supervisory authority and enforcement

a) EU/EEA residents: You also have the right to lodge a complaint with the data protection supervisory authority in your country or the country where you reside.
b) California residents: If you have concerns about our CCPA/CPRA compliance you may contact the California Privacy Protection Agency or the Office of the California Attorney General.

19) Other Considerations

a) The User guarantees the veracity of the personal data provided and undertakes to inform Encardio-Rite of any changes thereto.
b) The User shall be responsible, in any case, for the veracity of the data provided, and Encardio-Rite reserves the right to exclude from the services any User who has provided false data, without prejudice to any other actions that may be applicable by law.
c) It is recommended that Users protect their data with the utmost diligence by:

i) Keeping your computer equipped with properly updated antivirus software against malicious software and spyware applications that may compromise your Internet browsing and the information stored on your computer.
ii) Please read and review this Privacy Notice and all legal texts made available on the Website.
iii) The Website is not directed to children below the age of 13, nor do we knowingly collect any personal information from children under the age of thirteen without verifiable parental consent. If you believe that a child has provided personal information to us, please contact us promptly as described below, and we will endeavor to investigate and delete such information from our systems.
iv) Encardio-Rite shall not be liable for any theft, illegal modification, or loss of data. Any modification or update of the data must be communicated to Encardio-Rite.
v) Intellectual Property Rights: Respecting intellectual property is fundamental to our ethos. Our governance policies ensure that the use of content complies with legal and ethical standards. We promote a culture that prioritizes the preservation of IPR, encouraging originality, proper attribution, and adherence to intellectual property laws.
vi) Plagiarism Prevention: We strictly prohibit plagiarism. Our policy emphasizes the importance of citing sources, using quotation marks for direct quotes, and paraphrasing with proper attribution to upholding academic and professional integrity.
vii) Content Licensing and Attribution: At Encardio-Rite, we believe in fostering a culture of respect for intellectual property and promoting the responsible use of content. Our content licensing and attribution guidelines are designed to ensure transparency, proper attribution, and adherence to legal and ethical standards.
viii) Anti-Spam Compliance: At Encardio-Rite, we prioritize privacy and adhere to stringent anti-spam compliance measures in our privacy policy. We obtain explicit consent before sending commercial electronic messages and provide a clear unsubscribe mechanism in every communication.
We are committed to regular consent reviews, record-keeping, and compliance with applicable anti-spam laws.
ix) Country-Specific Considerations: We comply with local data protection laws, respecting regional differences in data handling practices.
x) Third-party processors: Encardio-Rite engages reputable third-party processors (Shopify/ShopPay, payment processors, shipping carriers, analytics providers, email/SMS providers, and others). We require contractual safeguards and technical measures to protect data. Nevertheless, third parties operate independently and we cannot guarantee their security practices. We therefore advise you to review the privacy policies of third parties that you interact with. While we disclaim responsibility for independent unlawful acts of third parties beyond our control, we do not seek to evade legal responsibility for our own failures to use reasonable care in selecting and overseeing processors. We will comply with our legal obligations to provide notification and remediation where required by law.

20) Contact Us

If you have questions, complaints or comments about this Privacy Notice or any action is required in relation to your personal information including withdrawal of consent, review or deletion, please reach out to us at privacy@encardio.com.