PRIVACY POLICY

1. Introduction and Scope

This Privacy Policy describes how Jartides (“we,” “us,” or “our”) collects, uses, discloses, retains, and protects personal information. We are a Canadian company and our primary data protection obligations arise under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation, including Quebec's Law 25.

Because we ship products worldwide and serve customers in multiple jurisdictions, this policy also addresses obligations under the European Union General Data Protection Regulation (EU GDPR), the United Kingdom General Data Protection Regulation (UK GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable international data protection laws.

Our products are sold exclusively for legitimate scientific research, laboratory, and educational purposes. They are not intended for human consumption, veterinary use, or any unlawful purpose. By accessing our website or placing an order, you acknowledge that you have read and understood this Privacy Policy.

This policy applies to all personal information collected through our website, email communications, telephone inquiries, and any other interactions with our business, regardless of where you are located.

2. Data Controller and Privacy Officer

For the purposes of GDPR and UK GDPR, the data controller responsible for your personal information is:

In accordance with PIPEDA Principle 1 (Accountability), we have designated a Privacy Officer responsible for our compliance with this policy and all applicable privacy legislation:

Our Privacy Officer is accountable for the personal information under our control and will respond to all inquiries within 30 calendar days of receipt.

If you are located in the EU/EEA and we are required to appoint a representative under Article 27 of the GDPR, details of our EU representative will be made available upon request.

3. Personal Information We Collect

We collect only the personal information necessary for the purposes identified in this policy. The categories of information we collect include:

3.1 Information You Provide Directly

• Full name, email address, telephone number, and shipping/billing address when you create an account or place an order
• Payment information (credit card number, expiry date, security code) processed securely through our third-party payment processor; we do not store full payment card details on our servers
• Business or institutional name and affiliation, where applicable
• Intended research use description, where requested at checkout
• Communications you send to us, including customer support inquiries and feedback
• Government-issued identification, where required for age or eligibility verification in certain jurisdictions

3.2 Information Collected Automatically

• IP address, browser type, operating system, and device identifiers
• Pages visited, time spent on pages, referring URLs, and clickstream data
• Approximate geolocation derived from IP address (country/region level only)
• Cookies and similar tracking technologies (see Section 10)

3.3 Information from Third Parties

• Payment verification and fraud prevention data from our payment processor
• Shipping and delivery status information from our shipping carriers
• Address validation data from postal/address verification services

4. Legal Basis for Processing (GDPR/UK GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data based on the following legal grounds under Article 6(1) of the GDPR:

• Performance of a Contract (Art. 6(1)(b)): Processing necessary to fulfill your order, manage your account, provide customer support, and deliver products you have purchased.
• Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate business interests, including fraud prevention, website security, analytics to improve our services, and enforcement of our terms. We balance these interests against your rights and freedoms. You may object to processing based on legitimate interests at any time.
• Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with applicable laws, regulations, tax obligations, and regulatory requirements, including those governing the sale of research chemicals.
• Consent (Art. 6(1)(a)): Where we rely on your consent (e.g., for non-essential cookies or marketing communications), you may withdraw consent at any time without affecting the lawfulness of processing performed prior to withdrawal.

We do not process special categories of personal data (Article 9) in connection with our services.

5. Purposes for Collecting Personal Information

We collect and use personal information for the following purposes:

• Order Fulfillment: Processing, verifying, shipping, and delivering your orders, including age and eligibility verification and customs documentation for international shipments.
• Account Management: Creating and maintaining your customer account, order history, and preferences.
• Communication: Sending order confirmations, shipping notifications, customs/duty information, and responding to your inquiries.
• Compliance and Safety: Verifying that orders comply with applicable regulations governing research chemicals in both the shipping origin and destination jurisdictions; preventing fraud, unauthorized transactions, and illegal activity; screening orders against restricted party lists where legally required.
• Website Improvement: Analyzing browsing patterns and site usage to improve functionality, performance, and user experience.
• Legal Obligations: Complying with applicable Canadian, international, and destination-country laws, regulations, export controls, and court orders.

We do not use personal information for automated decision-making or profiling that produces legal or similarly significant effects, as defined under Article 22 of the GDPR.

6. Consent (PIPEDA)

For processing governed by Canadian law, we obtain your meaningful consent before or at the time of collecting personal information, as required by PIPEDA Principle 3 (Consent):

• Express consent is obtained for collection of payment information, identity verification documents, and any sensitive personal information.
• Implied consent may be relied upon for non-sensitive information collected during routine commercial transactions (e.g., shipping address for order fulfillment) or website browsing data collected through strictly necessary cookies.

You may withdraw your consent at any time, subject to legal or contractual restrictions, by contacting our Privacy Officer. Withdrawal of consent may affect our ability to provide certain products or services to you.

6.1 Quebec Residents (Law 25)

If you are a resident of Quebec, we obtain your express consent before collecting, using, or disclosing your personal information for purposes beyond what is necessary to fulfill our contractual obligations. You have the right to data portability and to request deactivation of automated decision-making functions. Our cookie consent mechanism provides granular controls as required by Law 25.

7. Disclosure and Sharing of Personal Information

We do not sell, rent, lease, or trade your personal information to any third party. For the purposes of the CCPA/CPRA, we do not “sell” or “share” (as those terms are defined under California law) your personal information.

We may disclose your personal information only in the following limited circumstances:

• Payment Processors: Your payment information is transmitted directly to our PCI DSS-compliant payment processor for transaction processing. We do not store full credit card numbers on our servers.
• Shipping and Logistics Carriers: Your name, shipping address, telephone number, and email (for delivery notifications) are shared with carriers (e.g., Canada Post, FedEx, UPS, DHL, local postal services) solely to deliver your order. For international shipments, customs declaration information (order contents, declared value) is provided as required by law.
• Customs and Regulatory Authorities: For international orders, we may be required to provide order details and limited customer information to customs authorities in the origin and/or destination country as part of export/import compliance.
• Legal Requirements: We may disclose personal information if required by law, regulation, court order, or governmental authority in any jurisdiction, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Fraud Prevention: We may share limited information with fraud prevention and identity verification services to protect against unauthorized or fraudulent transactions.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, personal information may be transferred as part of the transaction. We will notify you before your information becomes subject to a different privacy policy.

All third-party service providers are contractually required to protect personal information to standards consistent with this policy and applicable law. They are permitted to use your information only for the specific services they provide to us.

8. International Data Transfers

We are based in Canada and our primary data storage is in Canada. However, because we serve customers worldwide and use service providers in multiple countries, your personal information may be transferred to and processed in countries other than your own, including Canada, the United States, and other jurisdictions.

8.1 Transfers from the EEA, UK, and Switzerland

Canada has been granted an adequacy decision by the European Commission, meaning transfers of personal data from the EEA to Canadian organizations subject to PIPEDA are generally permitted without additional safeguards. For any sub-processors located in jurisdictions without an adequacy decision, we implement appropriate transfer mechanisms, including Standard Contractual Clauses (SCCs) approved by the European Commission or the UK International Data Transfer Agreement/Addendum, as applicable.

8.2 General International Transfers

When personal information is transferred to a foreign jurisdiction, it becomes subject to the laws of that jurisdiction and may be accessible to law enforcement and government authorities under those laws. We take reasonable steps to ensure that any personal information transferred internationally is protected by contractual or other means consistent with applicable data protection requirements.

9. Data Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law:

• Order and transaction records: 7 years from the date of transaction, as required by the Canada Revenue Agency for tax record-keeping, and to comply with applicable statute of limitations periods.
• Customer account information: Retained for the duration of your active account, plus 2 years following account closure or last activity, unless a longer period is required by law.
• Customer support communications: 3 years from the date of resolution.
• Customs and export compliance records: Retained for the period required by applicable export control and customs regulations (typically 5 to 7 years).
• Website analytics data: Aggregated and anonymized data may be retained indefinitely. Identifiable browsing data is retained for no more than 26 months.
• Consent records: Retained for 5 years from the date consent was given or withdrawn, to demonstrate compliance.

When personal information is no longer required, it is securely destroyed, erased, or anonymized using methods appropriate to the sensitivity of the information.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to operate our website. The types of cookies we use include:

• Strictly Necessary Cookies: Required for core website functionality, including shopping cart, session authentication, and security features. These are deployed without consent as they are essential for the service you have requested.
• Performance/Analytics Cookies: Help us understand how visitors interact with our website by collecting usage data. For EEA/UK visitors, these are only placed after you provide consent through our cookie banner.
• Functional Cookies: Remember your preferences and settings (language, currency, region) to provide an enhanced experience.

We do not use advertising, retargeting, or cross-site tracking cookies.

You can manage cookie preferences through our consent banner (displayed to all visitors), or by adjusting your browser settings. EEA and UK visitors will see a GDPR-compliant consent mechanism that requires affirmative opt-in for non-essential cookies. Disabling certain cookies may affect website functionality.

10.1 Do Not Track / Global Privacy Control

We honor the Global Privacy Control (GPC) signal as a valid opt-out request under the CCPA/CPRA for California residents. Our website does not otherwise respond to Do Not Track (DNT) browser signals, as there is no universal standard for this feature.

11. Data Security Safeguards

We protect personal information with security safeguards appropriate to the sensitivity of the information:

• Technical Safeguards: TLS/SSL encryption for all data in transit; encrypted storage of sensitive data at rest; regular security patching, vulnerability scanning, and penetration testing; multi-factor authentication for administrative access.
• Administrative Safeguards: Access to personal information restricted to authorized personnel on a need-to-know basis; confidentiality obligations for all personnel; regular privacy and security training; incident response procedures.
• Physical Safeguards: Where applicable, physical access controls protect systems and media containing personal information.

While we implement reasonable safeguards, no method of transmission or storage is completely secure. In the event of a personal data breach:

• We will notify the Office of the Privacy Commissioner of Canada and affected individuals as required by PIPEDA's breach notification provisions.
• For breaches affecting EU/EEA residents, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, as required by Articles 33 and 34 of the GDPR.
• For breaches affecting UK residents, we will notify the Information Commissioner's Office (ICO) within 72 hours where applicable.
• We will notify the Commission d'accès à l'information du Québec where applicable under Law 25.
• For California residents, we will provide notice as required by the California data breach notification statute (Cal. Civ. Code § 1798.82).

12. Age Restrictions

Our products are intended for qualified researchers and professionals. You must be at least 18 years of age (or the age of majority in your jurisdiction of residence, whichever is greater) to use our website, create an account, or place an order.

We do not knowingly collect personal information from individuals under 18. If we become aware that we have inadvertently collected information from a minor, we will promptly delete it and terminate the associated account. If you believe a minor has provided us with personal information, please contact our Privacy Officer immediately.

We do not knowingly collect personal information from individuals under 16 in the EEA, or under 13 in the United States.

13. Your Rights

Your rights vary depending on your jurisdiction. Below is a summary of rights by region:

13.1 All Customers (PIPEDA)

• Access: Request access to the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Withdraw Consent: Withdraw your consent to the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions.
• Complain: File a complaint with our Privacy Officer or the Office of the Privacy Commissioner of Canada.

13.2 Quebec Residents (Law 25)

All rights listed in Section 13.1, plus:

• Data Portability: Request your personal information in a structured, commonly used technological format.
• Deactivation of Automated Processing: Request that automated decision-making functions be deactivated.
• Right to be Forgotten: Request de-indexing of your personal information from search results linked to your name.

13.3 European Economic Area, UK, and Swiss Residents (GDPR / UK GDPR)

• Access (Art. 15): Obtain confirmation of whether we process your personal data and request a copy.
• Rectification (Art. 16): Request correction of inaccurate personal data.
• Erasure (Art. 17): Request deletion of your personal data where there is no compelling reason for continued processing.
• Restriction (Art. 18): Request restriction of processing in certain circumstances.
• Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw Consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent.
• Lodge a Complaint: File a complaint with your local data protection supervisory authority.

We do not engage in automated individual decision-making, including profiling, as described in Article 22 of the GDPR.

13.4 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your information.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information as defined by the CCPA/CPRA. No opt-out is necessary.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
• Right to Limit Use of Sensitive Personal Information: We use sensitive personal information (such as payment data) only for the purposes of providing the services you have requested.

To exercise your CCPA/CPRA rights, you (or your authorized agent) may submit a verifiable consumer request by contacting us at jartidesofficial@gmail.com. We will verify your identity before processing your request and respond within 45 calendar days, with the possibility of a 45-day extension if reasonably necessary.

13.5 Other Jurisdictions

If you are located in a jurisdiction with data protection laws not specifically addressed above (including but not limited to Australia, Brazil, Japan, South Korea, and other countries with privacy legislation), we will honor applicable rights under your local law to the extent they apply to our processing of your personal information. Contact our Privacy Officer for details.

13.6 How to Exercise Your Rights

To exercise any of the rights described above, submit a written request to our Privacy Officer at jartidesofficial@gmail.com or by mail to the address listed in Section 2. We will verify your identity before processing your request. Response times are as follows:

• Canada (PIPEDA): 30 calendar days
• EU/UK (GDPR): 1 month, extendable by 2 additional months for complex requests
• California (CCPA/CPRA): 45 calendar days, extendable by an additional 45 days
• Quebec (Law 25): 30 calendar days

14. Third-Party Links

Our website may contain links to third-party websites or services not operated by us. We are not responsible for the privacy practices of external sites and encourage you to review their privacy policies before providing any personal information.

15. Product Use Disclaimer and Export Compliance

All products sold through our website are intended strictly for in-vitro research, laboratory experimentation, and educational purposes. They are not intended for human or animal consumption, therapeutic use, or any application in food, drug, cosmetic, or agricultural products.

Purchasers are solely responsible for ensuring compliance with all applicable laws and regulations in their jurisdiction, including but not limited to import restrictions, controlled substance regulations, and end-use requirements.

We reserve the right to refuse or cancel any order where we reasonably believe products may be used for purposes other than legitimate research, or where fulfillment would violate applicable export controls, sanctions, or trade regulations.

International orders may be subject to customs duties, import taxes, and additional fees imposed by the destination country. These charges are the sole responsibility of the purchaser.

16. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or business operations. When we make material changes:

• We will post the updated policy on this page with a revised effective date.
• We will notify registered account holders by email at least 30 days before material changes take effect.
• Where required by GDPR, UK GDPR, CCPA/CPRA, or other applicable law, we will obtain fresh consent for any new use of previously collected personal information.

We encourage you to review this policy periodically. Your continued use of our website after the effective date of changes constitutes your acknowledgment of the updated policy.

17. Contact Us and Supervisory Authorities

If you have questions, concerns, or complaints about this Privacy Policy or our handling of your personal information:

If you are not satisfied with our response, you may file a complaint with the relevant authority: