Privacy policy
Privacy Policy
Last updated: 11/01/2025
This Privacy Policy explains how PatriotSupply.shop (“we”, “us”, or “our”) collects, uses, and protects personal information of users (“you”) of our Shopify store and related services. It is designed to comply with the EU General Data Protection Regulation (GDPR) and relevant national laws (including Cyprus’ data protection law), and it also provides information for users in the United States (including California residents under the CCPA).
1. Who We Are (Data Controller)
The data controller for the personal data collected through this website is Shivarev Enterprises Limited, registered at Mykinon 8, 1065 Nicosia, Cyprus. We determine the purposes and means of processing your personal data. If you have questions about this policy or your data, you can contact us by email at support@patriotsupply.shop.
2. Personal Data We Collect
We only collect data necessary to fulfill our business purposes. The types of personal information we may collect include:
Identity Data: Name, surname, title, and login/username (if you create an account).
Contact Data: Email address, telephone number, billing and shipping addresses.
Order Data: Details of products you have ordered, order numbers, and transaction history.
Payment Data: Payment method details (such as card type, last four digits, payment provider ID) – Note: We do not see or store full credit card numbers or PayPal login info; those are processed securely by third-party payment processors (e.g. Shopify Payments, PayPal, Klarna).
Technical Data: IP address, device and browser type, operating system, time zone, and browsing actions on our site (pages viewed, clicks). We obtain some of this data via cookies or similar technologies (see Section 7 below).
Profile Data: If you create an account, we may collect your account credentials and preferences (like wish list, past reviews or feedback you leave, and marketing preferences).
Communication Data: Contents of your communications with us (emails, chat messages, customer service inquiries) and our responses.
Marketing Data: If you subscribe to our newsletter or opt in to receive marketing, we keep your name and email for that purpose. You can opt out any time.
Geolocation Data: General location derived from your IP or shipping address (e.g. country, city) to customize our site (for currency, language, or shipping options).
We do not intentionally collect any special categories of personal data (such as sensitive data about health, race, religion, etc.) or data about children under 16. Our site is not intended for children and we do not knowingly process children’s data.
3. How We Use Your Data (Purposes and Legal Bases)
We process personal data for the following purposes, and always on a lawful basis as required by GDPR:
To Fulfill Orders and Provide Services: We use identity, contact, and order data to process and deliver your orders, to handle returns or refunds, and to provide customer support. Legal basis: Contract performance (Article 6(1)(b) GDPR) – processing is necessary to perform the sales contract you enter with us when you place an order.
Payment Processing: Your payment and contact data are used to collect payment and screen for fraud. Legal basis: Contract performance, and our legitimate interest (Art. 6(1)(f) GDPR) in preventing fraud. (Payment processing is often handled by third-party processors under their terms – see Section 5.)
Communication: We use your contact information to communicate with you about your orders (e.g. order confirmations, shipping notifications) or to respond to inquiries you send us. Legal basis: Contract performance (for service messages) and legitimate interests in providing good customer service.
Marketing (with Consent): If you subscribe to our newsletter or agree to receive promotional emails, we will use your name and email to send you updates, offers, and news about our store. Legal basis: Consent (Art. 6(1)(a) GDPR) – we only send marketing communications if you have opted in. You can withdraw consent at any time by clicking “unsubscribe” in our emails or contacting us. (For existing customers in some cases, we may rely on legitimate interest for similar product offers as allowed by law – but you still have the right to opt out.)
Personalization & Analytics: We may analyze Technical and Profile Data to personalize your experience (such as showing correct currency or recommending products) and to improve our website (analytics on how users navigate our store). Legal basis: Legitimate interests – we have a business interest in understanding usage of our site and improving it, provided such analysis doesn’t override your rights and freedoms. Where required by law (e.g., for certain cookie usage), we will obtain your consent.
Legal Compliance: In certain cases, we need to process data to comply with legal obligations – for example, keeping records for tax/audit purposes, or disclosing information if required by authorities or court order. Legal basis: Legal obligation (Art. 6(1)(c) GDPR).
Fraud Prevention and Security: We may process data to protect our website, customers, and business from fraud, abuse, or security threats. This can include verifying accounts, logging access, and using anti-fraud services. Legal basis: Legitimate interests in maintaining security and preventing fraud.
Klarna Payments: If you choose Klarna as a payment method, we will share some data with Klarna and they will process it to decide on your payment approval. Legal basis: Contract performance (providing the payment option you selected) and legitimate interest in offering convenient payment methods. Klarna is an independent controller for their credit decision process.
We will not use your personal data for new purposes incompatible with the above without updating you and obtaining any necessary consent.
4. Cookies and Similar Technologies
Our website uses cookies and similar tracking technologies (like pixels) to provide and improve our services, for analytics, and for advertising. Cookies are small text files placed on your device. We use the following categories of cookies:
Essential Cookies: These are necessary for the website to function (e.g. maintaining your shopping cart, logging in, security). They are always active because the site cannot run properly without them.
Analytics Cookies: These cookies collect aggregated information on how visitors use our site (pages visited, time spent, any errors). We use this data to improve user experience. For example, we use Google Analytics which sets cookies to help us analyze site traffic. (Google Analytics IP anonymization is enabled to not store full IP addresses.)
Preference Cookies: To remember your choices (like language or region) so we can show you the right content (e.g., correct currency or localized product availability).
Advertising Cookies: We may partner with advertising networks (like Facebook Pixel or Google Ads) to set cookies that record your visit so we can show you relevant ads on other sites. These cookies collect data about your browsing habits on our site and may combine with data from other sites.
Cookie Consent: On your first visit, we present a cookie banner explaining our use of non-essential cookies, and we obtain your consent where required. You can manage your cookie preferences at any time by adjusting your browser settings to refuse cookies (though blocking all cookies may impact site functionality).
5. How We Share Your Data (Third-Party Disclosure)
We treat your personal data with care and confidentiality. We do not sell your personal information to third parties. However, we do share data with certain trusted third parties to run our business, under strict conditions:
Service Providers: We use vendors to help operate our store and fulfill orders. This includes:
Shopify: Our store is built on Shopify. Shopify acts as our data processor, providing the e-commerce platform. They host our website and may store data (including personal data) on their servers. Shopify is a Canadian company and is GDPR-compliant (covered by adequacy decisions under EU law as Canada’s PIPEDA and by Standard Contractual Clauses for data transfers). See Shopify’s privacy policy for more.
Payment Processors: For example, Stripe/Shopify Payments, PayPal, Klarna. When you make a payment, your data is transmitted to the payment processor to complete the transaction. They process your payment data securely and inform us when payment is complete. Each payment provider is responsible for the data you give them (e.g., PayPal or Klarna will have their own privacy notices). We share only necessary information with them.
Shipping Partners: We share your name, address, and contact phone/email with shipping companies DHL, UPSP etc. to deliver your orders and send tracking updates.
Email/CRM Services: We may use an email service provider (like Mailchimp, Klaviyo, or Shopify Email) to send order confirmations, shipping notifications, or newsletters. They process your email address and name on our behalf for sending communications.
Analytics/Marketing Partners: As noted, we use tools like Google Analytics, Facebook (Meta) Pixel, etc., which may process Technical and usage data on our behalf to help us analyze website traffic or run advertising campaigns. These tools typically use cookies/IDs rather than directly identifying information.
Customer Support Tools: If we use any live chat or support ticket system, that provider will process any data you provide via support inquiries.
We ensure that all service providers are bound by contracts that require them to only use your data per our instructions and to protect it (these are GDPR-compliant Data Processing Agreements where applicable).
Business Transfers: In the event of a merger, acquisition, or sale of business assets, customer data may be transferred to the new owner as part of that deal. We would ensure the new owner is bound to respect the personal data as per this policy.
Legal Disclosures: We may disclose personal information if required to do so by law or in response to valid requests by public authorities (e.g., to comply with a subpoena, tax reporting obligations, or to meet national security or law enforcement requirements). We may also disclose data to enforce our terms or protect our rights or the rights and safety of our customers or others (for example, to detect and prevent fraud or security issues).
With Your Consent: We will share your personal data with other third parties only if you have given consent. For instance, if you opt-in to a co-branded marketing campaign or giveaway that involves a partner company, we would inform you and ask for permission to share your contact info with them.
International Transfers: Whenever we transfer your personal data outside of the European Economic Area (EEA), we ensure it is protected by appropriate safeguards. Many of our service providers (Shopify, Google, etc.) are based outside the EU (e.g., in the USA or Canada). In such cases, we rely on legal mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs), adequacy decisions (e.g., Canada is considered to have adequate protection for commercial organizations under PIPEDA), or the service provider’s certification under frameworks like the EU-U.S. Data Privacy Framework (if applicable). You can contact us for more information about the specific safeguards in place for transfers related to your data.
6. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or to satisfy legal, accounting, or reporting requirements. Here are some general retention periods:
Order and Transaction Data: We keep records of your purchases and related personal data for 7 years to comply with tax and accounting laws. This also helps us handle any warranty or return issues.
Account Data: If you have an account with us, we retain your profile information until you deactivate your account or after a period of inactivity. If you request account deletion, we will delete or anonymize your personal data associated with the account (except for data we must keep for legal reasons).
Marketing Data: If you have consented to receive marketing emails, we will retain your contact info until you unsubscribe or withdraw consent. After you opt-out, we may keep your email on a suppression list to ensure we honor your opt-out.
Customer Service Communications: We may keep communications (emails, chat logs) for a period of 1 year to train our staff and ensure quality service, or to refer to previous communications in ongoing support matters.
Analytics Data: This is typically collected via cookies. Analytics cookies may retain data for as long as you allow them (depending on your browser settings). We typically see aggregated Google Analytics data for up to 26 months. You can delete cookies any time to reset the data collected on you.
Legal Requirements: If a law or regulation requires a certain retention period (e.g., for transactional records or in case of disputes), we follow those rules. For example, if we suspect fraud, we might retain relevant data as evidence for authorities.
After the applicable retention period, we will either delete your personal data or anonymize it (so it can no longer be associated with you) for statistical purposes. When anonymized, data is no longer personal data.
7. Your Rights under GDPR
If you are in the EU/EEA or otherwise fall under GDPR, you have a number of rights regarding your personal data :
Right to Information & Access: You can ask us to confirm if we are processing your personal data and request a copy of the data we hold about you (commonly known as a “data subject access request”).
Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to request correction or completion. You can also update some information by logging into your account (if you have one).
Right to Erasure (Right to be Forgotten): You may request that we delete your personal data if it is no longer necessary for the purposes collected, or if you have withdrawn consent or object to processing and we have no overriding legitimate grounds to continue, or if the processing was unlawful, etc. We will honor such requests to the extent required by law. Note that certain data we may need to retain for legal obligations (e.g., purchase history for tax) cannot be erased immediately.
Right to Restrict Processing: You can ask us to restrict (pause) processing of your data under certain circumstances – for example, if you contest the accuracy of the data or the lawfulness of processing, or if you just need us to hold data while you pursue a legal claim. If processing is restricted, we will still store your data but not use it until the issue is resolved.
Right to Data Portability: For data you provided to us and which we process by automated means on the basis of consent or contract, you have the right to request a copy in a structured, commonly used, machine-readable format (e.g., CSV file) and/or to have that data transmitted to another controller where technically feasible. This typically applies to account and transaction data you gave us.
Right to Object: You have the right to object to certain processing activities. Specifically, you can object to processing based on our legitimate interests (for reasons relating to your particular situation). We will then stop processing unless we have compelling legitimate grounds that override your interests, rights, and freedoms or if processing is needed for legal claims. You also have an absolute right to object at any time to processing of your data for direct marketing purposes – if you object, we will stop using your data for marketing immediately.
Right not to be subject to Automated Decision-Making: We generally do not make decisions producing legal or similarly significant effects solely by automated means. If we ever do (e.g., an automated fraud block that significantly affects you), you have the right to request human intervention and to express your point of view.
How to Exercise These Rights: You can contact us at support@patriotsupply.shop with your request. Please include your name and email (or other identifier) and specify which right you wish to exercise. We may need to verify your identity before fulfilling the request (to ensure we don’t modify or disclose data to the wrong person). We will respond within one month of receiving a valid request, or inform you if we need more time (up to 2 months for complex cases). Exercising your rights is free of charge, except if requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.
Your Right to Complain: If you believe our processing of your personal data violates the law, you have the right to lodge a complaint with a supervisory data protection authority. Our lead authority is the Office of the Commissioner for Personal Data Protection (Cyprus). You can find their contact details on their official website. If you reside in another EU member state, you may contact your local authority as well.
8. California Privacy Rights (CCPA)
This section applies solely to residents of California, in accordance with the California Consumer Privacy Act (CCPA) as amended by the CPRA. If you are a California resident, you have specific rights regarding your personal information:
Right to Know: You can request that we disclose what personal information we have collected about you in the past 12 months, including the categories of personal info, the categories of sources, the business or commercial purpose for collecting it, the categories of third parties with whom we share it, and specific pieces of information we hold.
Right to Delete: You can request that we delete personal information we have collected from you (subject to certain exceptions – e.g., we may retain data needed to complete a transaction, for security, to comply with legal obligations, etc.).
Right to Opt-Out of Sale/Sharing: We do not sell your personal information for money. The CCPA’s definition of “sale” also includes certain sharing of data for advertising. We do not share personal data for cross-context behavioral advertising without consent. If in the future we consider doing so, we will provide a “Do Not Sell or Share My Personal Information” link.
Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
Right to Limit Use of Sensitive Info: We do not use or disclose sensitive personal information (as defined by CCPA, e.g., precise geolocation, social security number, etc.) for any purpose other than what is necessary to provide the goods/services. Therefore this right is not applicable in any material way for our business.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means we won’t deny you goods or services, charge different prices, or provide a different level of service just because you exercised your privacy rights under CCPA. (However, CCPA does allow businesses to offer financial incentives, such as discounts or loyalty programs, in return for personal data – we will only do this if it complies with CCPA and you will be given details and the choice to opt-in.)
How to Exercise CCPA Rights: California residents can make requests by emailing support@patriotsupply.shop with “CCPA Request” in the subject line, or via mailing us at Mykinon 8, 1065 Nicosia, Cyprus attn: Privacy. Please state your request clearly (e.g., “I am requesting disclosure of my personal info” or “delete my data”) and provide sufficient information for us to verify you (we may ask for additional info that only you would know, to match against our records). We will confirm receipt within 10 days and respond substantively within 45 days (or 90 days if we notify you of an extension). If needed, you may designate an authorized agent to make a request on your behalf; we will require proof of the agent’s authority and verification of your identity.
California Shine the Light: Separate from CCPA, California’s “Shine the Light” law allows residents to ask once a year for a notice describing what categories of personal info we share with third parties for their direct marketing purposes. However, we do not disclose personal info to third parties for their own direct marketing without consent.
For more details about our data practices, please refer to other sections of this Privacy Policy. This CCPA section is intended to provide the disclosures and rights required by California law.
9. Security Measures
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, theft, and loss. This includes:
Encryption: Our website uses HTTPS (SSL/TLS) to encrypt data in transit. Sensitive fields like payment information are securely transmitted to our payment processors.
Access Controls: Personal data is accessible only to staff who need it to perform their duties (principle of least privilege). Our team is trained on data protection and committed to confidentiality.
Secure Storage: We (or our hosting providers like Shopify) store data on secure servers with firewalls and monitoring. Backup procedures are in place to prevent data loss.
Payment Security: All payment transactions are processed by PCI-DSS compliant services (e.g., Stripe, PayPal), ensuring industry-standard security for financial data. We never store your full card details on our systems.
Account Security: If you register an account, you are responsible for keeping your login credentials confidential. Please choose a strong password and do not share it. If you suspect unauthorized access to your account, contact us immediately.
Vulnerability Management: We keep our software and platform up-to-date to patch security vulnerabilities. We may also employ security services to regularly scan for malware or vulnerabilities.
Incident Response: In the event of a data breach that is likely to result in a high risk to your rights (for example, a leak of personal data), we will inform affected individuals and relevant authorities as required by law.
No system can be 100% secure, so while we strive to protect your data, we cannot guarantee absolute security. You can help by exercising caution online – log out after using shared devices and avoid sending sensitive information via email.
10. Links to Other Sites
Our website may contain links to third-party websites or integrations (for example, links to our social media pages, or embedded content from YouTube, etc.). If you click those links, you will be directed to sites we do not operate. This Privacy Policy does not apply to those third-party sites. We recommend you review the privacy policies of any external sites you visit. We are not responsible for the content or privacy practices of third parties.
11. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for any other reason. When we make changes, we will post the new policy on this page and update the “Last updated” date. If changes are significant, we may also notify you by email or with a notice on our homepage. Please review this Policy periodically to stay informed about how we protect your information. Your continued use of our services after any changes to this Policy constitutes acceptance of the updated terms.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Shivarev Enterprises Limited
Mykinon 8, 1065 Nicosia, Cyprus
Email: support@patriotsupply.shop
Tel: +1 645-240-7565
We will be happy to assist you and will do our best to resolve any issue to your satisfaction.