Effective Date: July 26, 2025

This Privacy Policy explains how ASPRI Creative Acoustics Inc. (“ASPRI”, “we”, “us”, “our”) collects, uses, discloses, and protects personal information when you visit our websites, place an order, contact us, or otherwise interact with us. We are based in Montreal, Quebec, Canada and sell worldwide.

This Policy is designed to comply with PIPEDA (Canada), the Quebec Act respecting the protection of personal information in the private sector (as amended by Law 25), the GDPR (EU/EEA/UK), and the CCPA/CPRA (California). Where these laws grant you non‑waivable rights, this Policy honors them.

1. Who We Are & How to Contact Us

Controller: ASPRI Creative Acoustics Inc., 2620A Rue de Salaberry, Montreal, Quebec, H3M 1L3, Canada.

Privacy Officer / Data Protection Contact: info@aspri.com · +1 (514) 333‑0310 ext. 224.

2. Information We Collect

• Identity & Contact — name, shipping/billing address, email, phone.
• Order & Support — items purchased, order numbers, delivery details, RMA/returns, warranty claims, correspondence and call/email/chat records.
• Payment — we use PayPal to process payments. We receive only limited transaction metadata (e.g., status, last 4 digits, timestamps) and do not store full card numbers or CVV. See also “Payments” below.
• Website & Device — IP address, browser type, device identifiers, pages viewed, referring/exit pages, time stamps, and similar diagnostics gathered through cookies or pixels (see our Cookie Policy).
• Analytics — we use Google Analytics to measure site usage and improve performance. Data may include approximate location, pages visited, session duration, and events. We configure retention and IP handling as described in the Cookie Policy.
• User Content — reviews, photos, videos, testimonials, or messages you submit. Where media depicts artists, we either have their permission or use assets under a Creative Commons or comparable license with attribution when required.

3. Why We Use Your Information

• Provide products and services — process and fulfill orders, deliver, track, and handle returns and warranty claims.
• Customer support — respond to questions, verify identity, and resolve issues.
• Improvement & analytics — operate, secure, and enhance our Website and user experience.
• Marketing — with consent where required, send product news, offers, or surveys; you may opt out at any time.
• Legal & compliance — detect and prevent fraud, enforce our terms, meet tax, accounting, and regulatory obligations.

4. Legal Bases (GDPR/UK GDPR)

• Contract — to process, ship, and service your order.
• Legitimate interests — to secure our Website, prevent fraud, understand usage, and improve products.
• Consent — for non‑essential cookies/analytics and direct marketing. You can withdraw consent at any time.
• Legal obligation — to satisfy accounting, tax, consumer, and privacy‑law requirements.

5. Cookies & Analytics

We use essential cookies for core functionality and consent‑based cookies for analytics (Google Analytics). EU/EEA/UK visitors are shown a consent banner and non‑essential cookies are set only after consent. You can change preferences at any time and can use browser tools to block cookies. For details, see our Cookie Policy.

6. Payments

Payments are handled by PayPal. PayPal acts as an independent controller for transaction data and processes your information under its own terms and privacy policy. We do not store full card numbers or CVV data and maintain SSL/TLS across our Website. If you have questions regarding a PayPal transaction, you may contact PayPal directly in addition to contacting us.

7. Shipping & Logistics

To deliver your order we share necessary information with carriers such as Chit Chats and/or NetParcel and their downstream partners (e.g., postal authorities and customs). Shared data typically includes name, addresses, phone/email for notifications, parcel contents/values for customs, and tracking numbers.

8. How We Share Information

• Service providers — payment processors, shipping/logistics, IT hosting, email service providers, analytics, and customer‑support tools. They may access information only to perform services for us and must protect it.
• Legal & safety — to comply with law, enforce our terms, protect our rights or those of users, or respond to lawful requests by public authorities.
• Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.

We do not sell personal information and we do not “share” it for cross‑context behavioral advertising as defined by the CPRA. If this changes, we will update this Policy and provide required opt‑out mechanisms.

9. International Transfers

Your information may be processed in countries other than your own (including Canada and the United States). When we transfer personal data from the EU/EEA/UK, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and UK Addendum where applicable) and implement supplementary measures where required.

10. Retention

• Orders, invoices, warranty/return records — retained for the period required by tax, accounting, warranty, and consumer‑law obligations (generally 7 years from the end of the fiscal year in which the record was created, unless a longer period is required to resolve disputes).
• Account data — while the account is active and for up to 2 years after last activity, unless deletion is requested sooner.
• Support correspondence — typically 2 years after resolution.
• Google Analytics — data retention configured to a maximum of 14 months (or a shorter period if required). Aggregated statistics may be stored longer without identifying you.

11. Security

We employ administrative, technical, and physical safeguards appropriate to the sensitivity of the data, including encrypted transport (TLS), access controls, least‑privilege practices, and provider due‑diligence. No system can be 100% secure. If we discover a breach that poses a real risk of significant harm, we will notify affected individuals and regulators as required (e.g., GDPR within 72 hours where applicable).

12. Your Rights

Canada / Quebec (Law 25). You may request access to and correction of your personal information and, in certain cases, de‑indexing. You may withdraw consent where processing is based on consent. You may also request information about our use of automated decision systems (we do not use automated decisions that produce legal or similarly significant effects).

EU/EEA/UK (GDPR). You have the right to access, rectification, erasure, restriction, portability, and objection, and the right to withdraw consent at any time. You also have the right to lodge a complaint with your supervisory authority.

California (CCPA/CPRA). You have the right to know the categories and specific pieces of personal information we collect, the sources, purposes, and categories of recipients; to request deletion or correction; to limit use of sensitive personal information (we do not collect sensitive personal information as defined by CPRA in a way that requires a “Limit Use” link); and to not be discriminated against for exercising your rights. We do not sell or share personal information as defined by CPRA.

Exercising your rights. Email info@aspri.com. We will verify your identity (for example, by confirming order details or contacting you at the email/phone already on file). We generally respond within 30 days (PIPEDA/GDPR), extendable where permitted, or within 45 days for CCPA/CPRA (extendable by another 45 days when reasonably necessary). Authorized agents may submit requests with valid authorization and identity verification.

13. Children

Our Website is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child under 13 provided personal information, contact us and we will delete it. In the EU, we obtain parental consent where required for users under the applicable age of digital consent.

14. Marketing Choices

You can opt out of marketing emails at any time by using the unsubscribe link in our emails or by contacting us. Even if you opt out of marketing, we may still send transactional messages about your orders, warranty, or service communications.

15. Do Not Track

Some browsers send “Do Not Track” signals. Because there is no common industry standard, our Website does not currently respond to such signals. You can control cookies and analytics through our consent tools and your browser settings as described in the Cookie Policy.

16. Changes to This Policy

We may update this Policy from time to time. Material changes will be posted on this page with a new “Effective Date,” and, where legally required, we will provide additional notice or obtain consent.

17. Language

We provide this Policy in English, French, and Spanish. Each version is intended to be equivalent. Where required by law, the version in the consumer’s language prevails. For Quebec consumers, the French version prevails where mandated.

18. Contact

ASPRI Creative Acoustics Inc. · 2620A Rue de Salaberry, Montreal, Quebec, H3M 1L3, Canada · Phone: +1 (514) 333‑0310 ext. 224 · Email: info@aspri.com

Last Updated: July 26, 2025