Privacy Policy

Last Updated: [INSERT DATE]

At Kampori, we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you visit our website or purchase our products.

---

Who We Are

Kampori is a UK-based company specializing in genuine Kampot pepper from Cambodia. Our products are shipped directly from Cambodia to customers worldwide.

Company Details:
• Name: [YOUR COMPANY NAME]
• Registered Address: [YOUR UK ADDRESS]
• Company Number: [YOUR UK COMPANY NUMBER]
• Contact Email: [YOUR EMAIL ADDRESS]

---

What Information We Collect

We collect information to process your orders, improve our service, and communicate with you.

Personal Information:
• Name and contact details (email, phone number)
• Billing and delivery addresses
• Order history and preferences
• Payment information (processed securely through Shopify)

Automatically Collected Information:
• IP address and browser type
• Pages you visit on our website
• Time and date of your visit
• Referring website
• Device information

---

How We Use Your Information

We use your information to:

• Process and fulfill your orders
• Send order confirmations and shipping updates
• Handle returns, refunds, and customer service inquiries
• Improve our website and products
• Send you marketing emails (only with your consent - you can unsubscribe anytime)
• Comply with legal obligations (such as tax and accounting requirements)
• Prevent fraud and ensure website security

Legal Basis for Processing (GDPR):
• Contract: Processing necessary to fulfill your order
• Consent: Marketing emails (you can withdraw consent anytime)
• Legitimate Interest: Improving our service, fraud prevention
• Legal Obligation: Tax and accounting records

---

Cookies Policy

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide you with a better experience.

Cookies We Use:

Necessary Cookies (Always Active):
These cookies are essential for the website to function properly.
• Shopping cart functionality
• Secure checkout process
• Session management

We do not need your consent for these cookies as they are strictly necessary.

Analytics Cookies:
These help us understand how visitors use our website.
• [ANALYTICS TOOL - e.g., Google Analytics]
• Used to track page views, visitor behavior, and site performance
• Data is anonymized where possible

Marketing Cookies:
These cookies track your browsing to show you relevant advertisements.
• [MARKETING TOOLS - e.g., Facebook Pixel, Google Ads]
• Help us measure the effectiveness of our marketing campaigns

You can control analytics and marketing cookies through our cookie consent banner or your browser settings.

Managing Cookies:

You can control cookies through your browser settings:
• Chrome: Settings > Privacy and Security > Cookies
• Firefox: Settings > Privacy & Security > Cookies
• Safari: Preferences > Privacy > Cookies
• Edge: Settings > Cookies and Site Permissions

Note: Disabling necessary cookies may prevent you from using certain website features, such as adding items to your cart or checking out.

To opt out of Google Analytics: https://tools.google.com/dlpage/gaoptout

---

How We Share Your Information

We do not sell your personal information to third parties.

We share your information only with trusted service providers who help us operate our business:

Payment Processing:
• Shopify Payments / Stripe / PayPal (as applicable)
• Your payment information is processed securely and we do not store full card details

Order Processing and Fulfillment (Cambodia):
• Our fulfillment partners in Cambodia
• Shipping coordination and inventory management
• We share order details (name, address, products ordered) necessary for fulfillment
• These partners are contractually obligated to protect your data

Shipping Partners:
• International couriers (DHL, FedEx, or similar)
• We share delivery address and contact information to fulfill your order
• Customs authorities may access shipping information as required by law

Email Communications:
• Shopify Email
• We use this to send order confirmations and marketing emails (with your consent)

Analytics:
• [ANALYTICS PROVIDERS - e.g., Google Analytics]
• Helps us understand website usage

All service providers are required to protect your data and use it only for the purposes we specify.

---

International Data Transfers

Our business operates internationally, which means your data may be transferred to and processed in different countries.

Where Your Data May Be Transferred:

Shopify (Canada/USA):
• Our website is hosted by Shopify
• Shopify stores data on servers primarily in Canada and the United States
• Protected by Standard Contractual Clauses (SCCs) approved by the EU Commission

Cambodia:
• Order information is shared with our fulfillment partners in Cambodia
• This is necessary to process and ship your order
• We ensure appropriate safeguards are in place through contractual agreements

Other Service Providers:
• Payment processors, analytics providers, and email services may process data in various countries
• All transfers comply with UK and EU data protection requirements

For more information about Shopify's data practices: https://www.shopify.com/legal/privacy

We ensure that wherever your data is processed, it receives an adequate level of protection through:
• Standard Contractual Clauses (SCCs)
• Adequacy decisions where applicable
• Binding corporate rules
• Contractual obligations requiring data protection

---

How Long We Keep Your Information

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:

• Order Information: 7 years (required by UK tax law)
• Marketing Information: Until you unsubscribe or request deletion
• Website Analytics: [13-26] months
• Abandoned Cart Data: 30 days
• Shipping Records (Cambodia): Retained in accordance with local requirements

After these periods, we will securely delete or anonymize your information unless we are legally required to keep it longer.

---

Your Rights

UK and EU Data Protection Rights:

You have the following rights regarding your personal information:

For All Customers:
• Right to Access: Request a copy of the personal data we hold about you
• Right to Correction: Ask us to correct inaccurate or incomplete information
• Right to Deletion: Request deletion of your data (subject to legal obligations)
• Right to Object: Object to marketing communications or certain data processing
• Right to Withdraw Consent: Unsubscribe from marketing emails at any time

Additional Rights for EU Customers (GDPR):
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Restriction: Request we limit how we use your data
• Right to Object to Automated Decision-Making: We do not use automated decision-making or profiling
• Right to Lodge a Complaint: Contact your national data protection authority

How to Exercise Your Rights:

Email us at: [YOUR EMAIL ADDRESS]

Subject line: "Data Rights Request"

Please include:
• Your full name
• Email address used for orders
• Specific right you wish to exercise
• Order number (if applicable)

We will respond to your request within 30 days.

To unsubscribe from marketing emails, click the "Unsubscribe" link at the bottom of any marketing email, or email us directly.

Note: Some data may be retained in our Cambodia operations for fulfillment purposes. We will coordinate with our partners to ensure your rights are honored across all processing locations.

---

Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures:

• SSL/TLS encryption for data transmission
• Secure payment processing through PCI-DSS compliant providers
• Regular security updates and monitoring
• Limited access to personal data (only authorized personnel)
• Secure data storage and backup systems
• Contractual data protection requirements for all processors (including Cambodia partners)

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

---

Children's Privacy

Our website and products are not intended for children under the age of 16 (EU) or 13 (UK).

We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will delete it.

---

Third-Party Websites

Our website may contain links to third-party websites (such as social media platforms or payment providers).

We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies before providing any personal information.

---

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

When we make significant changes, we will:
• Update the "Last Updated" date at the top of this page
• Notify you by email (for material changes)
• Post a notice on our website

We encourage you to review this policy periodically.

---

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Email: [YOUR EMAIL ADDRESS]
Postal Address: [YOUR UK ADDRESS]

For data protection inquiries, please use the subject line: "Privacy Inquiry"

UK Supervisory Authority:
If you are in the UK and have concerns about how we handle your data, you can contact the Information Commissioner's Office (ICO):
Website: https://ico.org.uk
Phone: 0303 123 1113

EU Supervisory Authority:
If you are in the EU, you can contact your national data protection authority. Find yours here: https://edpb.europa.eu/about-edpb/board/members_en

---

This Privacy Policy was last updated on [INSERT DATE].