Privacy Policy — EBI Nutrition

Effective date: 2025-12-24

Introduction

Welcome to Ebi Nutrition ("we", "us", "our"). We respect your privacy and are committed to protecting personal information collected through our website ebinutrition.com and related services ("Site"). This Privacy Policy explains what information we collect, why we collect it, how we use it, how we protect it, and the rights you have regarding your information under applicable Canadian laws.

1. Scope

This Privacy Policy applies to personal information collected by us through the Site, mobile apps, customer service channels, and offline interactions related to our products and services. "Personal information" means information about an identifiable individual.

2. Privacy officer / contact

If you have questions or requests about this Privacy Policy or our personal information practices, contact our Privacy Officer:

• Name: Werner Laurent
• Email: info@ebinutrition.com 
• Reference: Please mention "Privacy Policy" in your subject line.

3. What we collect

We collect personal information necessary for the purposes described below. Examples include:

• Identity and contact information: name, billing/shipping address, email, phone number.
• Transaction information: order details, payment method, transaction history.
• Account data: username, encrypted password, profile information.
• Technical information: IP address, device information, browser type, operating system.
• Usage and analytics: pages visited, referring website, time spent on pages, clickstream data.
• Marketing preferences and consent records.
• Customer service communications: support requests, messages, and call recordings (if any).

We do not collect sensitive personal information (e.g., financial account numbers outside of payment processing, government ID numbers) except as necessary to fulfill an order or as required by law.

4. How we collect information

We collect information directly from you (when you create an account, place an order, subscribe to marketing, contact us), automatically through cookies and analytics tools, and from third parties (payment processors, shipping providers, social login providers, public sources). We may also receive information from Shopify and other service providers.

5. Purposes for collection, use and disclosure

We collect and use personal information for purposes including:

• to process and fulfill orders, payments, returns and exchanges;
• to communicate about orders, shipments, support requests and account matters;
• to provide customer service and respond to inquiries;
• to send marketing communications (only with your consent where required by law) and to manage subscription preferences;
• to prevent fraud, investigate and respond to security incidents, and comply with legal obligations;
• to administer and improve our Site, products and services, including analytics and A/B testing;
• to comply with contractual and legal obligations.

We only use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances and consistent with the purposes identified at or before the time of collection (unless we obtain consent to use it for a new purpose).

6. Legal basis and consent (Canada)

By using our Site and providing personal information, you consent to the collection, use and disclosure described in this policy, as appropriate. For certain activities (e.g., some marketing communications), we will obtain express consent as required by law. You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawing consent may affect our ability to provide products or services to you.

7. Cookies and tracking technologies

We use cookies, web beacons, local storage and similar technologies to operate the Site, remember your preferences and gather analytics data. Third-party services (e.g., Google Analytics, Facebook Pixel) may also place cookies.

You can manage cookie preferences through your browser settings and by any opt-out mechanisms we provide on the Site. Disabling cookies may impact the functionality of the Site.

8. Marketing and CASL compliance

For commercial electronic messages (emails, SMS) we comply with Canada’s Anti-Spam Legislation (CASL). We will obtain your consent where required and include an easy, functional unsubscribe mechanism in every marketing message. When you opt out of marketing, we will stop sending commercial messages within a reasonable time as required by law.

9. Disclosure to third parties and international transfers

We may share personal information with third parties only as needed to provide our services, including:

• Payment processors (e.g., Shopify Payments, Stripe, PayPal);
• Fulfillment and shipping providers;
• Customer service and marketing platforms;
• Analytics and advertising partners;
• Legal and security service providers when required.

Some service providers may be located or store data outside Canada. Where personal information is transferred across borders, we take commercially reasonable steps to ensure adequate safeguards (contractual clauses, data processing agreements) and to comply with applicable law.

10. Use of Shopify and third-party platforms

Our Site is hosted on Shopify Inc. Shopify provides the online e-commerce platform that allows us to sell products and process payments. Your data may be stored through Shopify’s data storage, databases and the general Shopify application. See Shopify’s privacy policy for details: https://www.shopify.com/legal/privacy

You should also review the privacy statements of third-party apps or services you interact with (e.g., payment gateways, analytics providers). We enter into data processing agreements with providers as needed.

11. Safeguards and security

We implement reasonable technical, organizational and administrative measures designed to protect personal information against unauthorized access, disclosure, loss or destruction. Measures include access controls, encryption for payment processing, secure socket layer (SSL) for data in transit, and internal policies restricting access to personal information.

No method of transmission or electronic storage is 100% secure. If you have concerns about transmitting information to us, contact our Privacy Officer.

12. Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, to meet legal, tax or accounting obligations, to resolve disputes, and to enforce our agreements. Retention periods vary by category of information and purpose; contact our Privacy Officer for details.

13. Access, correction and deletion

You have the right to request access to the personal information we hold about you and to request correction of inaccurate information. Depending on applicable law, you may also have the right to request deletion or restriction of processing. We will respond to verified requests in accordance with legal requirements. To make a request, contact our Privacy Officer and provide sufficient information to verify your identity.

14. Data breach notification

We maintain procedures to detect, contain and respond to security incidents. If a breach of security safeguards creates a real risk of significant harm to an individual, we will notify affected individuals and the applicable privacy regulator as required by law, and take reasonable steps to mitigate harm.

15. Children’s privacy

We do not knowingly collect personal information from children under [13]. If you believe we have collected personal information from a child under [13], contact our Privacy Officer and we will delete the information as required by law.

16. Automated decision-making and profiling

We may use automated tools (analytics, personalization) to improve our Site and offers. We will not make legally significant decisions solely by automated means without providing appropriate notice and human review where required by law.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy on the Site with a new effective date. Where required by law, we will notify you of material changes and obtain consent if necessary.

18. How to file a complaint

If you are concerned about our handling of your personal information, please contact our Privacy Officer first so we may try to resolve your concern. You also have the right to contact the relevant privacy regulator:

• Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca
• Québec: Commission d’accès à l’information (CAI) — https://www.cai.gouv.qc.ca (if applicable)
• British Columbia: Office of the Information & Privacy Commissioner for BC — https://www.oipc.bc.ca (if applicable)
• Alberta: Office of the Information & Privacy Commissioner of Alberta — https://oipc.ab.ca (if applicable)

If you are unsure which regulator applies, contact the OPC.

 19. Consent

By using our Site and providing personal information, you consent to the terms of this Privacy Policy. If you require this policy in French (or another official language) for Quebec or other audiences, please request a translated version.