Privacy Policy

Last updated: 10 November 2025

Applies to: coposurface.com and related services operated by Copo Surface.

Quick Summary

  • We collect data you submit (forms/orders/support), usage data (cookies, analytics), and limited third-party data (ad platforms, payment/shipping providers).
  • We use it to run the Site, process orders & inquiries, prevent fraud, and market responsibly.
  • You control your data: access, correct, delete, opt-out of marketing and targeted ads.
  • We do not sell personal data; we may share with service providers under contracts.
  • Contact us via phone, WhatsApp, or info@coposurface.com.

1) Who we are

This Policy covers Copo Surface, operating coposurface.com and related channels (email, WhatsApp, social pages). If you have questions, contact us via the details above.

2) What data we collect

2.1 Data you provide

  • Account / Order / Quote details: name, company, email, phone/WhatsApp, billing/shipping address, tax IDs, order contents, notes.
  • Forms & CRM: submissions via Avada/Fluent Forms (e.g., Request a Quote, Contact Us, Become a Distributor), attachments, preferences; stored in FluentCRM for follow-up where permitted.
  • Communications: emails, WhatsApp/phone messages, meeting notes, support tickets.
  • Marketing preferences & consents: newsletter/WhatsApp/SMS opt-ins, cookie choices.

2.2 Data collected automatically

  • Usage & device data: IP, approximate location, browser, device, pages viewed, events (scrolls/clicks), session time, referral/UTM parameters.
  • Cookies & similar tech: first-party cookies (session/cart/preferences) and third-party cookies/pixels (e.g., GA4, Google Ads, Meta Pixel). See Cookies.

2.3 Data from third parties

  • Payment providers: Stripe/PayPal/Bank Transfer share limited info to confirm payments and prevent fraud.
  • Logistics providers: couriers/freight forwarders may share tracking updates and delivery confirmations.
  • Ad/lead platforms: Google, Meta (Facebook/Instagram), LinkedIn may report campaign attribution and audience insights in aggregate.
  • Security/CDN/hosting: Cloudflare (DDoS/CDN) and Hostinger (hosting) process IPs and request logs to secure and serve the Site.

3) Why we use your data (purposes & legal bases)

Purpose Examples Legal basis
Provide the Site & services Load pages, save preferences, maintain uptime Legitimate interests; contract
Process inquiries & quotes Reply to forms, build proposals Legitimate interests; pre-contract steps
Fulfil orders Invoicing, payments, shipping Contract; legal obligations (tax)
Customer support Email/WhatsApp, warranty & returns Contract; legitimate interests
Security & fraud prevention Rate limiting, anomaly detection Legitimate interests; legal obligations
Analytics & improvement GA4 events, A/B tests Consent (where required); legitimate interests
Marketing & retargeting Newsletters, WhatsApp/SMS (opt-in), ads Consent (where required); legitimate interests
Compliance Tax/audit, requests from authorities Legal obligations

If local law requires consent (e.g., EU/UK for non-essential cookies or direct marketing), we’ll request it and honor your choices.

4) Do we share personal data?

We do not sell personal data. We share limited data with service providers (Hostinger, Cloudflare, WordPress/Avada plugins incl. Fluent Forms/FluentCRM, LiteSpeed Cache), email service (e.g., Google Workspace), analytics (Google), advertising (Google/Meta/LinkedIn), payment processors (Stripe/PayPal/Bank), and logistics partners (your couriers). Vendors are bound by contracts and data protection terms.

5) International transfers

Where data is transferred across borders (e.g., to the EU/US/Singapore/Hong Kong), we use appropriate safeguards such as Standard Contractual Clauses (SCCs), vendor certifications, or rely on adequacy decisions where available.

6) Data retention

  • Accounts/orders/tax records: generally 6–10 years (subject to local law).
  • Form/lead data (B2B): retained while relevant to ongoing business, then minimized or deleted.
  • Marketing lists: until you unsubscribe or withdraw consent.
  • Analytics/cookies: per cookie/vendor TTLs (see Cookies).

7) Your rights

Depending on your location (e.g., GDPR/UK GDPR, CCPA/CPRA, Singapore PDPA, Hong Kong PDPO), you may have rights to access, correct, delete, restrict/object, data portability, withdraw consent, and opt-out of marketing or targeted advertising. To exercise rights, email info@coposurface.com with subject “Privacy Request” and specify your request and the email/phone used. We may ask for verification. You can also unsubscribe in emails, reply STOP to SMS/WhatsApp, or change cookie settings via our banner.

8) Children’s privacy

Our Site and products are not directed to children. We do not knowingly collect personal data from children under the minimum age required by local law. If you believe a child has provided data, contact us for deletion.

9) Cookies & tracking

9.1 Types we use

  • Strictly necessary: session, cart, checkout, security.
  • Performance/analytics: GA4 event cookies.
  • Advertising/retargeting: Meta Pixel, Google Ads, LinkedIn Insight Tag.
  • Preference: language, cookie consent choices.

9.2 Your choices

  • Use our Cookie Banner to accept/decline non-essential cookies.
  • Change your browser settings or use opt-out tools (Google Ads Settings, GA opt-out add-on, Meta Ad Preferences, NAI/DAA choice tools where available).
Optional: Cookie List (sample)
  • Strictly necessary: wordpress_logged_in_*, woocommerce_cart_hash, woocommerce_items_in_cart, wp_woocommerce_session_*, __cf_bm
  • Analytics: _ga, _ga_*, _gid
  • Advertising: _fbp, _gcl_au, li_fat_id
  • Preferences: cookieyes-consent / complianz_*

10) Email, WhatsApp & SMS marketing

We send marketing only with your consent or where permitted for B2B legitimate interests. You can unsubscribe anytime via email footer, reply STOP on SMS/WhatsApp, or contact us at info@coposurface.com. We log consent and opt-out events in our CRM.

11) WooCommerce, payments & logistics

  • Orders: We process personal and order data in WooCommerce to invoice, fulfill, and support.
  • Payments: Processed by Stripe/PayPal/Bank—card data handled by the provider; we receive confirmations and limited details.
  • Shipping: We share destination info with couriers/freight partners to deliver and provide tracking.

12) Security

We use technical and organizational measures including HTTPS/TLS, Cloudflare DDoS protection, Hostinger infrastructure security, role-based access, backups, and plugin updates. No method is 100% secure; we monitor and improve continuously.

13) Social media, pixels & third-party links

Our Site may include third-party pixels (Meta, Google, LinkedIn) and links to external sites. Their privacy practices apply to their services. Review their policies before interacting.

14) Do Not Track & Global Privacy Control

Some browsers send DNT/GPC signals. Where legally required and technically feasible, we honor recognized signals for opt-out of targeted advertising or sale/sharing.

15) California & certain US state disclosures

We do not “sell” personal information for money. We may “share” identifiers and internet activity with ad partners for cross-context behavioral advertising. Opt-out via our cookie banner or by emailing info@coposurface.com with subject “US Opt-Out”. We do not knowingly process sensitive personal information for inferring characteristics.

16) International/EU contact

If required, we may appoint an EU/UK representative. Until then, contact info@coposurface.com. You can lodge complaints with your local authority (e.g., EDPB supervisory authority in the EU, ICO in the UK), but please contact us first so we can help.

17) Changes to this Policy

We may update this Policy from time to time. The “Last updated” date reflects the latest version. Material changes will be notified on this page and/or via email where appropriate.