Privacy Policy

1. Contractual Introduction and Acceptance Protocol
This Privacy Policy ("Policy") establishes a binding contractual agreement between you ("Data Subject," "User," "you," "your") and Qirno Store ("Data Controller," "Company," "we," "us," or "our") concerning the comprehensive management of your personal data in connection with your interaction with our e-commerce platform located at https://qirnoshop.com (the "Site"). This document provides exhaustive details regarding our data collection methodologies, processing activities, security protocols, and your statutory rights. By accessing our Site, creating an account, or executing any transaction, you provide explicit, informed, and unambiguous consent to the data handling practices detailed herein, forming a legally enforceable agreement between you and Qirno Store.

2. Exhaustive Data Inventory and Collection Modalities
Our data collection framework employs multiple vectors to ensure operational excellence, regulatory compliance, and personalized user experience. We systematically gather and process the following data categories:

  • Directly Sourced Identifiable Data:

    • Biographical and Contact Information: Full legal name, primary and secondary email addresses, residential and commercial shipping addresses, billing addresses, and landline/mobile telephone numbers.

    • Commercial Transaction Data: Complete purchase history, returned item records, product preferences, shopping cart contents, and customer service interaction logs.

    • Authentication and Financial Data: Username, encrypted password hash, payment method preferences. We emphasize that all payment processing is delegated to PCI-DSS Level 1 certified third-party processors (e.g., Stripe, PayPal). Sensitive authentication data, including full credit card numbers and bank account credentials, is never stored on our infrastructure.

    • Voluntary Communications Data: Complete archives of customer support tickets, email correspondence, live chat transcripts, product reviews, and survey responses.

  • Automatically Collected Technical and Behavioral Data:

    • Digital Footprint and Device Intelligence: Internet Protocol (IP) address, browser user-agent string, device fingerprint, operating system and version, screen resolution, color depth, installed fonts, and time zone settings.

    • Comprehensive Behavioral Analytics: Complete user journey mapping, including entry/exit pages, clickstream patterns, scroll depth measurements, mouse movement heatmaps, session duration metrics, and interaction with Site features and promotional elements.

    • Advanced Tracking Infrastructure: We deploy session cookies, persistent cookies, flash cookies, web beacons, pixels, and local storage objects to maintain user state, analyze traffic patterns, and deliver personalized content. You may configure browser settings to refuse cookies, though this may result in significant functional impairment of Site capabilities.

3. Legal Bases, Processing Purposes, and Legitimate Interests
We process your personal data under multiple lawful bases for the following explicit and legitimate business purposes:

  • Contractual Necessity: To perform our obligations under the sales contract, including payment authentication, order fulfillment, shipping logistics, delivery confirmation, and providing post-purchase customer support.

  • Legitimate Business Interests: To conduct security vulnerability assessments, fraud detection and prevention, network and system integrity monitoring, direct marketing communications to existing customers (under legitimate interests exception), business intelligence analytics, and continuous service improvement.

  • Legal and Regulatory Compliance: To fulfill tax reporting obligations under Internal Revenue Service regulations, respond to lawful subpoenas and court orders, and maintain business records as mandated by applicable commercial codes.

  • Explicit Consent: For specific processing activities including sending promotional marketing communications to non-customers, deploying non-essential tracking technologies, and processing special categories of personal data. Consent may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4. Strategic Data Sharing and Third-Party Processor Ecosystem
We establish rigorous data processing agreements (DPAs) with carefully vetted third-party service providers to ensure compliance with global data protection standards:

  • Core Operational Processors: Payment processors, shipping and logistics carriers, cloud infrastructure providers, email service providers, and customer relationship management platforms.

  • Analytical and Marketing Partners: Web analytics services (e.g., Google Analytics), advertising networks, social media platforms, and customer data platforms for targeted advertising and performance measurement.

  • Professional Advisory Network: Legal counsel, financial auditors, and insurance providers where necessary for professional service provision.

  • Legal and Regulatory Authorities: Government agencies, law enforcement bodies, and other third parties when compelled by legal process or to protect our legal rights and the safety of our users.

5. International Data Transfer Mechanisms and Safeguards
Your personal data may be transferred to, stored, and processed in jurisdictions outside your country of residence. We ensure all international data transfers are protected by appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, and require all data processors to provide equivalent protection for your personal data as mandated by GDPR, CCPA, and other applicable privacy frameworks.

6. Multi-Layered Data Security Architecture
We implement a comprehensive, defense-in-depth security strategy incorporating:

  • Technical Safeguards: End-to-end encryption (TLS 1.3), secure socket layer (SSL) certificates, intrusion detection and prevention systems, regular vulnerability assessments, and automated security patching protocols.

  • Physical Safeguards: Biometric access controls, 24/7 video surveillance, environmental monitoring, and restricted access to data centers.

  • Administrative Safeguards: Role-based access controls, mandatory security training for employees, strict data handling policies, and regular third-party security audits. While we employ industry-leading security measures, we cannot guarantee absolute protection against all potential security incidents.

7. Systematic Data Retention and Disposition Framework
We retain personal data only for the period necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. Our detailed retention schedule includes:

  • Active Customer Data: Retained for the duration of account activity plus 36 months.

  • Financial Transaction Records: Maintained for 84 months to comply with tax and financial regulations.

  • Marketing Consent Data: Retained until consent is withdrawn or after 24 months of inactivity.

  • Technical Security Logs: Stored for 365 days for security monitoring and forensic analysis.

8. Comprehensive Data Subject Rights Framework
Depending on your jurisdiction, you may exercise the following rights regarding your personal data:

  • Right of Access and Data Portability: Obtain a copy of your personal data in a structured, commonly used, machine-readable format.

  • Right to Rectification: Correct inaccurate or incomplete personal data without undue delay.

  • Right to Erasure (Right to be Forgotten): Request deletion of your personal data under specific circumstances.

  • Right to Restriction of Processing: Limit the processing of your personal data in certain situations.

  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.

  • Right to Withdraw Consent: Revoke previously granted consent at any time without penalty.

To exercise these rights, please contact us at support@qirnoshop.com. We will respond to all verifiable requests within 30 calendar days as required by applicable law.

9. Policy Modification and Update Protocol
We reserve the right to modify this Policy at our discretion to reflect changing legal, technical, or business developments. Material changes will be communicated through prominent notice on our Site for 30 days and, where appropriate, via direct notification. Continued use of the Site after such modifications constitutes acceptance of the revised Policy.

10. Designated Contact Information
For all privacy-related inquiries, data subject requests, or concerns about our data practices, please contact our Data Protection Officer at:
Email: support@qirnoshop.com