Effective Date: November 22, 2025
Document Version: 1.0
Applies to: MariOn BekOe™ Site and Services operated by Chaisbek Inc. (Ontario, Canada)
1. Overview
Chaisbek Inc. (“we,” “us,” “our”) operates the MariOn BekOe™ brand and Site. We process personal information in accordance with:
• The Personal Information Protection and Electronic Documents Act (PIPEDA)
• Applicable provincial privacy statutes (e.g., Québec Law 25)
• Where applicable, international laws such as the EU GDPR and UK-GDPR.
This Privacy Policy applies to all MariOn BekOe™ Services accessible via marionbekoe.com and any other domains or subdomains owned or controlled by Chaisbek Inc. that link to this Policy.
If any provision conflicts with the Terms of Sale & Website Use Agreement, this Policy governs how personal information is collected, used, and protected.
Where required by law, we may appoint an EU or UK representative for data protection purposes; details will be provided on request or in an updated version of this Policy.
2. Information We Collect
Account & Identity
• Name
• Email address
• Phone number (where provided)
• Country/region
Billing & Shipping
• Billing address
• Shipping address(es)
• Payment confirmations from processors (we do not store full card numbers)
Order & Transaction Data
• Products purchased, sizes, colors, and variants
• Order history and preferences
• Pre-order and fulfillment status
Usage & Device Data
• IP address
• Browser/OS and device identifiers
• Access timestamps and request logs
• Cookies and analytics identifiers (see Cookies & Tracking Policy)
Support & Communications
• Emails, support tickets, or contact form submissions
• Notes related to order issues, delivery questions, and brand interactions
• Consent/unsubscribe logs
Security & Fraud Signals
• Access anomalies and abuse indicators
• Anti-fraud risk flags (e.g., repeated failed payments, mismatched data)
3. Controller Role; Children & Teens
Chaisbek Inc. acts as the data controller for:
• customer account data
• billing and shipping information
• order and transaction history
• communications and support interactions
• security logs and fraud-prevention data
Consumer Accounts Only
MariOn BekOe™ does not support reseller, wholesale, or business accounts. This Policy applies solely to individuals using the Site for personal, consumer purposes.
Children & Teens
We do not knowingly collect personal information from children under the age of 13, and our Site is not directed to children. If we become aware that we have collected personal information from a child under 13, we will delete it in accordance with applicable law.
4. Purposes for Processing
We use personal information to:
• process, fulfill, and deliver orders
• manage customer accounts and authentication
• communicate about orders, pre-orders, shipping, and support
• maintain security, prevent fraud, and detect abuse
• comply with legal, tax, and accounting obligations
• improve our Site, Services, and customer experience
• send marketing communications where permitted
• measure campaign performance and, where permitted, run advertising or retargeting
We do not sell personal information. We send marketing communications only where permitted by law and subject to your choices.
No Sale or Sharing of Personal Information.
We do not sell or share your personal information as those terms are defined under U.S. state privacy laws (including California). If this changes, we will update this Policy and provide legally required rights and opt-outs.
5. Lawful Bases for Processing
Depending on context, we rely on:
• Contract — fulfilling orders
• Legitimate Interests — security, fraud prevention, service improvement
• Consent — marketing, analytics, and non-essential cookies
• Legal Obligation — tax, accounting, and regulatory compliance
Legitimate Interests Assessment. Where we rely on legitimate interests, we have assessed and balanced those interests against your rights and reasonable expectations. More information is available upon request.
Depending on the processing activity, more than one lawful basis may apply. For example, we may rely on both contract and legitimate interests when processing your order information for fraud prevention and service improvement.
6. Sharing & Service Providers
We may share data with:
• payment processors
• logistics and fulfillment partners
• cloud hosting and IT providers
• email and communication platforms
• analytics and (where permitted) advertising partners
• professional advisors
• regulators or law enforcement when legally required
Service providers may only process data under our instructions. We do not permit them to sell your data.
7. International Transfers
We may store or process data in:
• Canada
• United States
• European Union
• United Kingdom
We use Standard Contractual Clauses and other safeguards for international transfers as required by law.
EU/UK Representative (Where Required).
If and when we are required to appoint an EU or UK representative under GDPR or UK-GDPR, we will update this Policy with their contact details. Until such appointment is legally required, inquiries may be directed to [email protected].
8. Retention
We retain personal information only as long as necessary, including:
• account + billing records: ~7 years
• orders + transactions: 3–7 years or as legally required
• security logs: 12–24 months
• marketing consent records: 3–5 years
After retention periods, data is deleted or anonymized unless law requires longer storage.
9. Your Rights
Subject to applicable law, you may have the right to:
• access your personal information
• request corrections or updates
• request deletion or anonymization (where feasible)
• object to or restrict certain processing
• withdraw marketing consent
• request data portability
We may need to verify your identity before responding. We aim to respond within legal timeframes (typically 30 days).
Depending on jurisdiction (e.g., EEA, UK, Québec, California), you may have additional rights. Where this Policy conflicts with non-waivable local rights, the local rights prevail. You may contact [email protected] to exercise these rights.
Do Not Track & GPC
Some browsers send Do Not Track (DNT) or Global Privacy Control (GPC) signals. We honor such signals where required by law; otherwise, our privacy practices follow this Policy and your Site settings.
US State Privacy Laws. If and when US state consumer privacy laws (such as the California Consumer Privacy Act or similar laws in other states) become applicable to us, we will provide any additional disclosures and rights required by those laws through an updated version of this Policy or a supplemental notice.
You also have the right to lodge a complaint with your local data protection authority. Contact details for EU/EEA authorities are available at https://edpb.europa.eu, and UK residents may contact the Information Commissioner’s Office (ICO).
EU/EEA and UK users may exercise their rights by contacting us at [email protected].
10. Automated Systems & Analytics
We use automated systems to:
• analyze traffic and usage
• detect fraud and prevent abuse
• support operations and logistics
• measure advertising effectiveness (where permitted)
We do not:
• use your order data to train external AI models
• make decisions solely via automation that have significant effects without safeguards
Profiling. We may use limited profiling for fraud prevention, security, or service improvement. Such profiling does not produce legal or similarly significant effects without human review.
11. Security
Safeguards include:
• role-based access control
• encryption in transit and at rest
• patching and vulnerability management
• logging and monitoring
No system is perfectly secure, but we continually improve protections.
12. Deletion & Backups
When deletion is requested or required:
• data is removed from active systems
• backups are overwritten automatically during normal cycles
Deleted data is generally not recoverable.
13. Breach Notification
If a breach poses a “real risk of significant harm,” we notify:
• affected individuals (where required)
• applicable regulators
14. Cookies & Tracking
For detailed information on cookies, pixels, analytics, and advertising technologies, see the Cookies & Tracking Policy below.
15. Changes to this Policy
We may update this Policy periodically. Material changes will be communicated via email or on-site notice when required.
16. Contact
Privacy Officer – Chaisbek Inc.
Unit 4800, 1 King Street West
Toronto, Ontario, M5H 1A1, Canada
If unsatisfied, you may contact the Office of the Privacy Commissioner of Canada or your local data protection authority.
