Your cart is empty.
Privacy Policy
REGAGRO SHOP
Privacy Policy
shop.regagro.com
Effective Date: 15 May 2026 | Version 1.0
Your privacy is important to us. This Privacy Policy explains how ANTBNR SOFTWARE LTD collects, uses, stores, and protects your personal data when you use shop.regagro.com. It is compliant with the EU General Data Protection Regulation (GDPR) (Regulation 2016/679) and applicable Cypriot data protection law.
By using the Website, you acknowledge that you have read and understood this Privacy Policy.
1. Data Controller
Legal name: ANTBNR SOFTWARE LTD
Registration number: HE 408470
Registered address: Chrysanthou Mylona 1, PANAYIDES BUILDING, 3rd Floor, Flat/Office 1, 3030 Limassol, Republic of Cyprus
Contact for data protection matters: legal@regagro.com
Website: shop.regagro.com
2. Personal Data We Collect
We collect personal data in the following categories:
2.1 Data You Provide Directly
- Identity data: first name, last name
- Contact data: email address, phone number (optional)
- Delivery data: country, postcode/ZIP, province/state, city, street address, apartment/unit (optional)
- Account data: username, password (hashed), purchase history — only if you choose to create an account at checkout
- Communication data: messages you send us via email or contact forms
- Marketing preferences: newsletter consent and opt-in record (if you subscribe)
2.2 Data Collected Automatically
- Technical data: IP address, browser type and version, operating system, device type
- Usage data: pages visited, time spent on pages, referral source, click behaviour
- Cookie data: session cookies, analytics cookies (see Section 7 and Cookie Policy)
2.3 Data Collected via Third-Party Payment Processors
Payment data (card number, expiry, CVC) is entered directly into Stripe’s or PayPal’s secure hosted fields and is never transmitted to or stored on our servers. We receive only a transaction confirmation token and the last four digits of the card for order reference purposes.
3. Legal Basis for Processing (GDPR Article 6)
We process your personal data only where we have a valid legal basis. The table below summarises our processing activities and their legal bases:
| Purpose of Processing | Data Used | Legal Basis | Retention |
| Processing and fulfilling your order | Identity, contact, delivery, transaction data | Contract — Art. 6(1)(b) | 7 years (tax law) |
| Creating and managing your account | Identity, contact, account data | Contract — Art. 6(1)(b) | Until account deletion + 1 year |
| Sending transactional emails (order confirmation, tracking) | Identity, contact, order data | Contract — Art. 6(1)(b) | 7 years |
| Sending marketing emails / newsletter | Email, name, marketing preferences | Consent — Art. 6(1)(a) | Until unsubscribe or consent withdrawal |
| Website analytics (Google Analytics) | Usage data, cookie data, IP (anonymised) | Legitimate interests — Art. 6(1)(f) | 26 months |
| Advertising measurement (Google Ads — planned) | Cookie data, pseudonymous identifiers | Consent — Art. 6(1)(a) | Until consent withdrawal |
| Fraud prevention and security | Technical data, transaction data | Legitimate interests — Art. 6(1)(f) | 2 years |
| Compliance with legal obligations | All relevant data | Legal obligation — Art. 6(1)(c) | As required by law |
4. How We Use Your Personal Data
Order fulfilment. We use your identity, contact, and delivery data to process your order, arrange shipment from REGAGRO TECH CO., LTD (Shanghai, China), send you order confirmations and tracking information, and handle returns or complaints.
Account management. If you create an account, we use your data to maintain your profile, display order history, and allow you to manage your preferences.
Customer support. We use your contact and order data to respond to your enquiries, process disputes, and issue refunds.
Marketing communications. If you have given explicit consent, we may send you newsletters, product updates, and promotional offers. You may withdraw consent at any time by clicking “Unsubscribe” in any email or by contacting us at legal@regagro.com.
Analytics & improvement. We use Google Analytics to understand how visitors interact with our Website. This data is aggregated and used to improve site functionality and user experience. IP addresses are anonymised before processing.
Advertising (planned). We intend to use Google Ads conversion tracking in the future. This will use cookies and require separate consent via our cookie consent banner. This Privacy Policy will be updated accordingly before this feature is activated.
5. Data Sharing & Third-Party Processors
We do not sell, rent, or trade your personal data. We share data only with the following categories of recipients, strictly as necessary:
5.1 Payment Processors
Stripe, Inc. (USA) — processes card payments. Data transferred under Standard Contractual Clauses (SCCs). Privacy policy: stripe.com/privacy
PayPal Holdings, Inc. (USA) — processes PayPal payments. Data transferred under SCCs. Privacy policy: paypal.com/privacy
5.2 Logistics & Fulfilment
REGAGRO TECH CO., LTD (Shanghai, China, USCC: 91310118MA1JLHF610) — our affiliated fulfilment entity. Receives your delivery name and address solely for the purpose of shipping your order. Transfer to China is based on necessity for contract performance (GDPR Art. 49(1)(b)) and is covered by appropriate safeguards.
Third-party carriers (e.g., DHL, SF Express, local postal services) — receive your name and delivery address as necessary to deliver your order.
5.3 Analytics
Google Analytics (Google LLC, USA) — receives anonymised usage data via cookies. Data transferred under SCCs. We have enabled IP anonymisation. You can opt out via Google’s opt-out browser add-on (tools.google.com/dlpage/gaoptout). Privacy policy: policies.google.com/privacy
5.4 Platform Infrastructure
WordPress / WooCommerce / Dokan — our e-commerce platform is hosted on servers located in the People’s Republic of China (Alibaba Cloud). This means that data entered on the Website — including your name, email, delivery address, and order information — is stored on servers in China. China is not covered by an EU adequacy decision. This transfer is based on necessity for the performance of your contract (GDPR Art. 49(1)(b)) and is limited to data strictly necessary for order processing. By placing an order, you acknowledge this transfer. We apply technical and organisational measures to protect your data on these servers, including access controls and encryption in transit.
5.5 Legal & Regulatory
We may disclose your data to law enforcement, regulatory authorities, or legal advisors where required by applicable law, court order, or to protect our legal rights.
5.6 Authorised Vendor Distributors
Where your order is fulfilled by an authorised Vendor distributor operating a country-specific storefront, we share your delivery name, address, and order details with that Vendor solely for fulfilment purposes. Vendors are contractually bound to process your data only for this purpose and in accordance with applicable data protection law.
6. International Data Transfers
As a global platform with fulfilment from China and payment processing in the USA, some of your personal data will be transferred outside the European Economic Area (EEA). We ensure that such transfers are protected by appropriate safeguards:
- Transfers to Stripe and PayPal (USA): covered by Standard Contractual Clauses (SCCs) approved by the European Commission.
- Transfers to Google LLC (USA): covered by SCCs and Google’s EU data processing terms.
- Transfers to REGAGRO TECH CO., LTD (China) for fulfilment: based on necessity for contract performance (GDPR Art. 49(1)(b)); limited strictly to your delivery name and address.
- Transfers to hosting infrastructure (Alibaba Cloud, China): based on necessity for contract performance (GDPR Art. 49(1)(b)). China does not have an EU adequacy decision. Data stored includes order and account data necessary to operate the Platform. We apply appropriate technical safeguards including encryption in transit and access controls.
- Transfers to third-party carriers: necessary for contract performance; limited to delivery name and address only.
7. Cookies & Tracking Technologies
Our Website uses cookies — small text files stored on your device — to make the Website function correctly and to analyse usage. We use the following categories of cookies:
Essential Cookies
Required for the Website to function. These cannot be disabled. They include session cookies for your shopping cart, login state, and security tokens. No consent required.
Analytics Cookies
Google Analytics cookies (_ga, _gid, _gat) collect anonymised data about how visitors use the Website. These are set only after you consent via our cookie banner. You may withdraw consent at any time via the cookie settings link in the Website footer.
Advertising Cookies (Planned)
We plan to implement Google Ads conversion tracking in the future. When activated, this will require separate consent and will be disclosed in an updated version of this Privacy Policy and our Cookie Policy. No advertising cookies are currently active.
For a full list of cookies used, their duration, and how to manage them, please see our Cookie Policy at shop.regagro.com/cookie-policy.
8. Data Retention
We retain your personal data only for as long as necessary for the purposes for which it was collected, and in accordance with our legal obligations:
- Order and transaction data: 7 years from the date of transaction (required under Cypriot and EU tax and accounting law).
- Account data: retained for the duration of your account plus 1 year following account deletion.
- Marketing consent records and email data: retained until you unsubscribe or withdraw consent, plus 1 year for proof of consent.
- Analytics data: 26 months (Google Analytics default retention period).
- Fraud prevention and security logs: 2 years.
- Legal dispute data: retained for the duration of any dispute plus applicable statutory limitation periods.
After the applicable retention period, data is securely deleted or anonymised.
9. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights. To exercise any of these rights, contact us at legal@regagro.com. We will respond within 30 days (extendable to 60 days for complex requests).
Right of access (Art. 15). You have the right to request a copy of the personal data we hold about you and information about how we process it.
Right to rectification (Art. 16). You have the right to request correction of inaccurate or incomplete personal data.
Right to erasure / “right to be forgotten” (Art. 17). You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, subject to our legal retention obligations.
Right to restriction of processing (Art. 18). You may request that we limit the processing of your data in certain circumstances (e.g., while the accuracy of data is contested).
Right to data portability (Art. 20). Where processing is based on consent or contract, you may request a copy of your data in a structured, commonly used, machine-readable format.
Right to object (Art. 21). You may object to processing based on legitimate interests (e.g., analytics). We will cease processing unless we can demonstrate compelling legitimate grounds.
Right to withdraw consent (Art. 7(3)). Where processing is based on consent (e.g., marketing emails, analytics cookies), you may withdraw consent at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint. You have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection of Cyprus (www.dataprotection.gov.cy) or with the supervisory authority in your country of residence.
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:
- TLS/SSL encryption for all data transmitted between your browser and our Website
- Hashed and salted storage of passwords; we never store plaintext passwords
- Payment data handled exclusively by PCI-DSS compliant processors (Stripe, PayPal); we do not store card details
- Restricted access to personal data on a need-to-know basis
- Regular security updates and vulnerability patching of our WordPress/WooCommerce installation
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, notify you without undue delay.
11. Children’s Privacy
Our Website is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child, please contact us at legal@regagro.com and we will delete the data promptly.
12. Marketing Communications & Newsletter
We send marketing emails only to users who have given explicit, informed consent by ticking the newsletter opt-in checkbox during registration or checkout. Each marketing email includes a clear and functional “Unsubscribe” link. Consent is recorded with a timestamp and may be audited.
You may withdraw consent at any time by: (a) clicking the “Unsubscribe” link in any marketing email; (b) logging into your account and updating communication preferences; or (c) contacting us at legal@regagro.com.
Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal, and does not affect the delivery of transactional emails related to your orders.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will update the “Effective Date” at the top of this document and notify registered users by email at least 14 days before the changes take effect. The current version is always available at shop.regagro.com/privacy-policy.
14. Contact & Data Protection Enquiries
For any questions, requests, or complaints regarding this Privacy Policy or our data processing practices, please contact:
ANTBNR SOFTWARE LTD — Data Controller
Address: Chrysanthou Mylona 1, PANAYIDES BUILDING, 3rd Floor, Flat/Office 1, 3030 Limassol, Cyprus
Email: legal@regagro.com
Website: shop.regagro.com/privacy-policy
You also have the right to contact the Cyprus supervisory authority directly:
Office of the Commissioner for Personal Data Protection
Website: www.dataprotection.gov.cy
Address: 1 Iasonos Street, 1082 Nicosia, Cyprus
This Privacy Policy was last reviewed and approved on 15 May 2026. ANTBNR SOFTWARE LTD — HE 408470 — Limassol, Cyprus.