Politique de confidentialité

Your privacy matters to us. This Privacy Policy explains what personal data Arbasa collects from you when you visit arbasa.com, why we collect it, how we use and share it, how long we keep it, and what rights you have over it. We are committed to full compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), applicable US state privacy laws, and all other relevant data protection legislation.

Please read this policy carefully. By using our website and placing orders, you acknowledge you have read and understood this policy.

1. Who We Are (Data Controller)

Legal name: Bekby LLC

Trading as (DBA): Arbasa

Website: https://arbasa.com

Registered address: 816 Strassle Way, South Plainfield, NJ 07080, USA

Email: info@arbasa.com

Bekby LLC, doing business as Arbasa, is the data controller for personal data collected through this website. We are not registered as a Data Controller with the UK ICO or EU supervisory authority; however, we comply with GDPR principles for all customers in the EU, EEA, and UK.

2. What Personal Data We Collect

2.1 Information you provide directly

  • Account & contact information: name, email address, phone number, billing address, shipping address
  • Order information: items purchased, order value, payment method (we do not store full card numbers)
  • Communications: messages, enquiries, returns requests, and any other information you send us
  • Account credentials: if you create an account: username and hashed password

2.2 Information collected automatically

  • Device & browser data: IP address, browser type and version, operating system, device type
  • Usage data: pages visited, time on site, clickstream data, referring URL
  • Cookies and tracking technologies: see Section 6 for full details

2.3 Information from third parties

  • Payment processors: Shopify Payments / Stripe — transaction confirmation, fraud signals
  • Shipping carriers: UPS, FedEx, USPS, DHL — delivery status and confirmation
  • Advertising platforms: Meta, Google, TikTok — aggregated ad performance data (subject to your consent)

3. Why We Collect Your Data (Legal Bases)

We rely on the following legal bases for processing your personal data: performance of contract (order fulfillment), legal obligation (tax compliance, GDPR, CCPA), consent (marketing, cookies), and legitimate interests (security, analytics, customer service).

4. How We Use Your Personal Data

  • Order fulfillment: process payments, arrange shipping, send order confirmations and tracking updates
  • Customer service: respond to enquiries, handle returns, resolve disputes
  • Account management: create and maintain your customer account
  • Marketing (with consent): send promotional emails, SMS, personalised ads via Meta, Google, and TikTok
  • Analytics: understand how customers use our store to improve products and experience
  • Fraud prevention & security: detect and prevent fraudulent orders, protect our systems
  • Legal compliance: comply with applicable laws, regulations, and court orders

5. How We Share Your Data

We do not sell your personal information for monetary compensation. We may share your data in the following circumstances:

5.1 Service providers (data processors)

  • Shopify Inc. — e-commerce platform and hosting provider (servers in the US, Canada, and EU)
  • Stripe / Shopify Payments — payment processing (PCI-DSS Level 1 certified)
  • Shipping carriers: UPS, FedEx, USPS, DHL — your name, address, and order details for delivery
  • Google Analytics / Google Ads — usage analytics and advertising (subject to your consent)
  • Meta Platforms — Facebook Pixel / CAPI for advertising and retargeting (subject to your consent)
  • TikTok Ads — advertising (subject to your consent)
  • Klaviyo / Mailchimp — email marketing platform (if you opted in)
  • Gorgias / Zendesk — customer support software

5.2 Other disclosures

  • Legal requirements: when required by law, court order, or regulatory authority
  • Business transfers: in connection with a merger, acquisition, or sale of assets — you will be notified in advance
  • Fraud protection: to fraud prevention services or payment networks where necessary

All third-party service providers are bound by data processing agreements and are not permitted to use your data for their own purposes.

6. Cookies & Tracking Technologies

6.1 Types of cookies we use

  • Strictly necessary cookies: required for the website to function (cart, checkout, session). No consent required.
  • Functional cookies: remember your preferences (language, currency). Used only with your consent.
  • Analytics cookies: Google Analytics, Hotjar — track usage patterns to improve the site. Used only with your consent.
  • Advertising/targeting cookies: Meta Pixel, Google Ads, TikTok Pixel — enable retargeting. Used only with your consent.

6.2 Managing cookies

When you first visit our site, a cookie consent banner will appear. You may accept all cookies, choose specific categories, or reject non-essential cookies. You can change your preferences at any time via the 'Cookie Settings' link in the footer.

You may also disable cookies in your browser settings; however, this may affect your ability to use certain features of our website.

California residents: We treat sharing data via advertising pixels as a 'sale or share' of personal information under CCPA/CPRA. You may opt out using the 'Do Not Sell or Share My Personal Information' link in our website footer, or by enabling the Global Privacy Control (GPC) signal in your browser.

7. Data Retention

  • Order & transaction records: 7 years (required for tax and accounting compliance)
  • Customer account data: until you delete your account, plus 1 year thereafter
  • Marketing data: until you unsubscribe, plus 30 days for suppression processing
  • Cookie / analytics data: session cookies expire when you close your browser; persistent cookies expire as indicated in our cookie consent tool (typically 1–2 years)
  • Support communications: 3 years from the date of last interaction
  • Fraud prevention records: up to 7 years where a fraud risk was identified

8. International Data Transfers

Bekby LLC d/b/a Arbasa is based in the United States. When we collect personal data from customers in the EU, EEA, or UK, we transfer that data to the US. We ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses (SCCs) with our EU-facing service providers
  • UK International Data Transfer Agreements (IDTAs) for UK transfers
  • Reliance on providers who are certified under applicable adequacy frameworks (e.g., Shopify, Stripe)

By using our website, you acknowledge that your data may be transferred to and processed in the United States.

9. Your Privacy Rights

9.1 Rights for all customers

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure ('right to be forgotten'): request deletion of your data (subject to legal retention obligations)
  • Right to restrict processing: ask us to pause processing while a dispute is resolved
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: withdraw consent at any time for marketing or non-essential cookies

9.2 Additional rights for California residents (CCPA/CPRA)

  • Right to know what personal information is collected, used, disclosed, or sold
  • Right to delete personal information (with limited exceptions)
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information — use the 'Do Not Sell or Share My Personal Information' link in our footer
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising privacy rights

9.3 How to submit a request

To exercise any of your rights, please contact us at info@arbasa.com with the subject line "Privacy Request – [Your Right]". We will respond within 30 days (GDPR) or 45 days (CCPA/CPRA). We may ask you to verify your identity before processing your request.

If you are an EU/EEA resident and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.

10. Children's Privacy

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will delete it promptly. If you believe we have collected data from a child, please contact us at info@arbasa.com.

11. Security

We implement commercially reasonable technical and organisational security measures to protect your personal data, including SSL/TLS encryption for all data in transit, access controls, and regular security assessments. Payment data is handled exclusively by PCI-DSS certified processors — we never store raw card numbers.

Despite our best efforts, no transmission over the internet is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify you and relevant authorities as required by law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the 'Effective date' at the top of this page and, where appropriate, notify you by email. Your continued use of our website after the effective date constitutes acceptance of the updated policy.

13. Contact Us

Email: info@arbasa.com

Post: Arbasa, 816 Strassle Way, South Plainfield, NJ 07080, USA

Response time: within 2 business days for enquiries; within 30 days for formal rights requests

This policy was last updated on April 9, 2026. © 2026 Arbasa. All rights reserved.

Questions about our privacy policy? Contact us