Welcome to Modern Fulani ("we," "our," or "us"). We are committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our website modernfulani.shop (the "Site") and when you purchase our products or services.

Please read this Privacy Policy carefully. By accessing or using our Site, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our Site.

We operate as an individual entity, and we take your privacy seriously. This policy is designed to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and the United Kingdom, and the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) for residents of California, USA.

1. Information We Collect

We collect only the personal information that you voluntarily provide to us. We do not use any tracking or analytics tools (such as Google Analytics), we do not display third-party advertisements, and we do not use remarketing services.

2. How We Use Your Information

We use the personal information we collect for the following purposes:

• To process and fulfill your orders – including payment processing, shipping, delivery confirmations, and handling returns or refunds.
• To communicate with you – sending order-related updates, responding to your inquiries, and providing customer support.
• To send marketing and promotional emails – only if you have opted in to receive such communications. You may unsubscribe at any time (see Section 4).
• To comply with legal obligations – such as tax reporting, fraud prevention, and responding to lawful requests from authorities.
• To protect our rights – enforcing our terms of service and preventing misuse of our Site.

We rely on the following legal bases for processing your personal data under GDPR:

• Contractual necessity – to fulfill orders and provide services you have requested.
• Consent – for sending marketing emails (you may withdraw consent at any time).
• Legitimate interests – for improving our customer service and protecting against fraud, provided such interests are not overridden by your rights.
• Legal obligation – to comply with applicable laws and regulations.

3. Payment Processing

Users can pay for our products and services directly through our Site. All payment transactions are processed by trusted third-party payment processors (such as Stripe, PayPal, or similar providers). When you make a purchase, your payment card details and sensitive financial information are transmitted directly to the payment processor via a secure, encrypted connection.

We do not store, retain, or have direct access to your full credit card numbers or payment card details on our own servers. The payment processor may share limited information with us (such as the last four digits of your card and the transaction ID) solely for the purpose of completing your order and managing refunds.

We encourage you to review the privacy policy of the applicable payment processor to understand how they handle your payment data. If you have questions about which processor we use for your transaction, please contact us.

4. Email Communications

We send emails to users for the following reasons:

• Transactional emails – order confirmations, shipping notifications, receipts, and account-related messages. These are necessary for the performance of our contract with you and are not promotional in nature.
• Marketing and promotional emails – newsletters, special offers, product announcements, and similar content. We will only send these if you have explicitly opted in to receive them.

Every marketing email we send includes a clear and easy-to-use "unsubscribe" link at the bottom. You may opt out of marketing emails at any time by clicking that link, or by contacting us directly at the email address provided in Section 13. Unsubscribing from marketing emails will not affect transactional emails related to your orders.

If you are in the EEA or UK, we will only send marketing emails with your prior affirmative consent (opt-in). If you are in the United States, we will honor opt-out requests promptly in accordance with the CAN-SPAM Act.

5. How We Share Your Information

We do not sell, rent, trade, or lease your personal information to third parties. We share your information only in the limited circumstances described below:

• Service providers – We may share information with trusted third-party vendors who assist us in operating our Site and conducting our business, such as payment processors, shipping carriers, and email service providers. These providers are contractually obligated to protect your data and use it only for the specific services they provide to us.
• Legal compliance – We may disclose information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers – In the unlikely event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Site of any such change in ownership.

We do not share personal information for cross-context behavioral advertising (also known as "targeted advertising" under CPRA), nor do we engage in "selling" or "sharing" of personal information as defined under California law. See Section 7 for more details.

6. Your GDPR Rights (EEA & UK Users) GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have certain rights under the General Data Protection Regulation (GDPR) and the UK GDPR, respectively. We are committed to facilitating the exercise of these rights:

• Right of Access – You may request a copy of the personal data we hold about you.
• Right to Rectification – You may request that we correct any inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten") – You may request the deletion of your personal data under certain circumstances.
• Right to Restrict Processing – You may request that we limit the processing of your data in specific situations.
• Right to Data Portability – You may request a copy of your data in a structured, commonly used, machine-readable format and have it transmitted to another controller.
• Right to Object – You may object to processing based on legitimate interests, including objecting to direct marketing at any time.
• Right to Withdraw Consent – Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
• Right to Lodge a Complaint – You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe your data protection rights have been violated.

To exercise any of these rights, please contact us by email (see Section 13). We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

7. Your CCPA/CPRA Rights (California Residents) CCPA+CPRA

If you are a resident of California, USA, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). This section describes those rights and how to exercise them.

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers – such as your name and email address.
• Commercial information – such as records of products or services purchased.
• Financial information – limited to what is necessary to process payments (handled by our payment processor).

We have not sold or shared personal information for cross-context behavioral advertising purposes in the preceding 12 months, and we do not have actual knowledge of selling or sharing personal information of consumers under 16 years of age.

Your Rights Under CCPA/CPRA

• Right to Know – You may request information about the categories and specific pieces of personal information we have collected, the sources, the purposes, and the third parties with whom we share it.
• Right to Delete – You may request deletion of your personal information, subject to certain exceptions (such as completing a transaction or complying with a legal obligation).
• Right to Correct – You may request correction of inaccurate personal information we hold about you.
• Right to Opt-Out – You have the right to opt out of the "sale" or "sharing" of your personal information. We do not sell or share personal information as defined under CPRA, so no opt-out is necessary; however, you may still submit a request if you wish, and we will confirm that no such activity occurs.
• Right to Limit Use of Sensitive Personal Information – We do not collect or use sensitive personal information for purposes that would require a right to limit.
• Right to Non-Discrimination – We will not discriminate against you for exercising any of your CCPA/CPRA rights.

How to Exercise Your CCPA/CPRA Rights

To exercise your rights, please contact us by email (see Section 13). We will acknowledge your request within 10 business days and respond substantively within 45 days (which may be extended by an additional 45 days if reasonably necessary). We will verify your identity before processing your request.

You may also designate an authorized agent to make a request on your behalf. We will require written proof of the agent's authorization and may also verify your identity directly.

8. Children's Privacy (COPPA)

Our Site is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take immediate steps to delete such information from our records. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so that we can take appropriate action.

We comply with the United States Children's Online Privacy Protection Act (COPPA) and all applicable age-related data protection requirements under GDPR and other relevant laws.

9. Data Security

We implement and maintain reasonable administrative, technical, and physical security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using SSL/TLS protocols;
• Secure payment processing through PCI-compliant third-party providers;
• Restricted access to personal data on a need-to-know basis;
• Regular review of our data collection and storage practices.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that affects your personal information, we will notify you and the appropriate authorities as required by applicable law.

10. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Order and transaction records – retained for the period required by tax and accounting regulations (typically up to 7 years, depending on jurisdiction).
• Email subscription data – retained until you unsubscribe or withdraw consent.
• Customer service correspondence – retained for a reasonable period to resolve inquiries and improve our services.

When personal information is no longer needed, we will securely delete or anonymize it in accordance with our data disposal procedures.

11. International Data Transfers

Our Site is operated from Nigeria, and your personal information may be transferred to and processed in servers located in Nigeria or other countries where our service providers operate. If you are accessing our Site from the EEA, the UK, or other regions with laws governing data transfer, please be aware that your information may be transferred to countries that may not have the same level of data protection as your home jurisdiction.

We take appropriate safeguards to ensure that your personal information receives an adequate level of protection when transferred internationally, including using standard contractual clauses approved by relevant authorities, or relying on adequacy decisions where applicable. By using our Site, you consent to such transfers to the extent permitted by applicable law.

12. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make changes, we will update the "Effective Date" at the top of this page and post the revised policy on our Site. If the changes are material, we will provide a more prominent notice (such as an email notification or a banner on the Site) where required by law.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Site after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us by email. We are committed to addressing your inquiries promptly and transparently.

For GDPR-related inquiries, you may also contact the relevant supervisory authority in your EU member state. For CCPA/CPRA inquiries, you may contact the California Attorney General's office or the California Privacy Protection Agency.

We will respond to all legitimate privacy inquiries within the timeframes required by applicable law.