Privacy Policy

Comprehensive Privacy Policy

Last Updated: October 10, 2025

This Privacy Policy describes the policies of CREL, LLC ("we," "us," or "our") regarding the collection, use, and disclosure of your personal data when you use the website www.crelsport.com and/or www.crel-llc.com (the "Site"). We are committed to protecting your privacy and complying with U.S. and international privacy laws, including the Children's Online Privacy Protection Act (COPPA) and the General Data Protection Regulation (GDPR).

1. Our Role and Contact Information (GDPR Requirement)

For the purposes of the GDPR, we are the Data Controllerof your Personal Data.

Detail Information

Legal Name

CREL, LLC

Physical Address

5295 Wedgewood Dr, Olive Branch, MS 38654

Email for Privacy Inquiries

contact@crel-llc.com

Phone Number

(901) 625-1896

Data Protection Officer (DPO) / GDPR Representative

"Not Applicable as we do not meet the criteria for a   DPO"

Export to Sheets

2. Data We Collect

Category of Personal Data

Examples of Data Collected

Purpose and GDPR Lawful Basis

Identity & Contact Data

Name, email address, mailing address, phone number.

Fulfilling your order or request. Lawful Basis: Performance   of a Contract or Consent.

Financial/Transaction Data

Payment information (handled by third-party processor),   purchase history.

Processing payments and managing transactions. Lawful   Basis: Performance of a Contract and Legal Obligation (for   tax/accounting).

Technical & Usage Data

IP address, browser type, operating system, pages viewed,   time spent on site, unique device identifiers, device information.

Analyzing website performance, security, and integrity. Lawful   Basis: Legitimate Interest (for security and site improvement).

Marketing & Communications Data

Your preferences for receiving marketing from us.

Sending newsletters and promotional materials (only with   your consent). Lawful Basis: Consent.

Export to Sheets

3. Legal Basis for Processing (GDPR Requirement)

We process your Personal Data only when we have a valid legal basis, including:

• Performance      of a Contract: When processing is necessary to fulfill a contract you      have with us (e.g., to process your purchase).
• Consent:     Where you have given clear, affirmative consent for us to process your      Personal Data for a specific purpose (e.g., subscribing to a marketing      newsletter). You may withdraw this consent at any time.
• Legitimate      Interest: Where processing is necessary for our legitimate interests      (or those of a third party) and your fundamental rights do not override      those interests (e.g., internal administrative purposes, security, product      improvement).
• Legal      Obligation: Where processing is necessary to comply with a legal or      regulatory obligation (e.g., tax law, court order).

4. Children's Privacy (COPPA & GDPR)

A. Policy for General Audience Sites (Standard/Recommended Approach)

Our Site is a general audience site and is NOT directed to children under the age of 13.

• We do      not knowingly solicit or collect personally identifiable information from      children under the age of 13.
• If we      have actual knowledge that we have collected Personal Information      from a child under 13 without verifiable parental consent, we will take      reasonable measures to delete that information from our servers.
• We      encourage parents to monitor their children’s Internet usage and to help      enforce this Policy by instructing their children never to provide      Personal Information through the Site.
• For      users in the EU/EEA, the age of consent is generally 16, though member      states may set it lower (down to 13). We do not knowingly process data of      users under 16 without explicit parental consent.

B. Policy for Child-Directed Sites (If applicable, insert this section)

[DO NOT INCLUDE THIS SECTION unless your website is directedat children under 13 OR you have actual knowledge of collecting their data.]

• We      operate www.crelsport.com which is a general sporting goods and activities      website.
• We      comply with the Federal Trade Commission's COPPA Rule.
• Collection      of Personal Information: We only collect persistent identifiers (like      IP address and cookies) for the internal operations of the Site      (e.g., to maintain security or customize content), and we will not use      them to contact a specific child.
• Parental      Consent: Before collecting any other personal information (like      name, email, photo) from a child under 13, we will first provide direct      notice to the parent and obtain verifiable parental consent     (VPC) as required by COPPA. Our methods for VPC include email plus      additional confirmation, driver’s license and credit card verification,      etc.
• Parental      Rights (COPPA): Parents can:
  • Review       the personal information collected from their child.
  • Refuse       to permit further use or future collection of their child’s personal       information.
  • Have       their child's information deleted from our records.
  • To       exercise these rights, please contact us at contact@crel-llc.com.

5. Disclosing Your Information (GDPR Requirement)

We may share your Personal Data with the following categories of recipients:

• Processors:     Third-party service providers who process data on our behalf, such as payment      processors (e.g., Stripe, PayPal), hosting providers (e.g.,      AWS, Shopify), delivery services, and analytics providers     (e.g., Google Analytics). We have contractual agreements in place with      these parties to ensure your data is protected.
• Legal      & Regulatory Authorities: When required by law or to protect our      rights (see Section 8).

6. International Transfers (GDPR Requirement)

Your Personal Data may be transferred to, stored, and processed in countries outside of the European Economic Area (EEA), including the United States, where our company is primarily located in Mississippi.

When transferring your data outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We      will only transfer your Personal Data to countries that have been deemed      to provide an adequate level of protection for Personal Data by the      European Commission.
• Where      we use certain service providers, we may use specific contracts approved      by the European Commission which give Personal Data the same protection it      has in Europe (Standard Contractual Clauses).

7. Your Data Protection Rights (GDPR & General Rights)

If you are a resident of the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights regarding your Personal Data:

1. Right      to be Informed: The right to be provided with clear, transparent, and      easily understandable information about how we use your data (which this      Policy does).
2. Right      of Access: The right to obtain confirmation that we are processing      your data and to access that data.
3. Right      to Rectification: The right to have your data corrected if it is      inaccurate or incomplete.
4. Right      to Erasure ('Right to be Forgotten'): The right to request the      deletion of your Personal Data in certain circumstances.
5. Right      to Restrict Processing: The right to 'block' or suppress further use      of your data.
6. Right      to Data Portability: The right to obtain your personal data in a      structured, commonly used, and machine-readable format.
7. Right      to Object: The right to object to certain types of processing      (including processing for direct marketing).
8. Rights      in Relation to Automated Decision Making and Profiling: The right to      object to being subject to a decision based solely on automated      processing.

To exercise any of these rights, please contact us using the information in Section 1.

8. Mississippi State Law Considerations

As of the date of this policy, Mississippi does nothave a comprehensive state-level consumer data privacy act similar to California's CCPA or the GDPR. However, we are aware of and adhere to the following principles:

• Commitment      to Security: We maintain reasonable security procedures to guard      against unauthorized access to data, as is common practice and recommended      by state law principles.
• Sector-Specific      Laws: We comply with all other applicable Mississippi laws, such as      those related to financial institutions or data breach notification      requirements.
• No      Sale of Data: We confirm we do not sell your personally      identifiable information to third parties for commercial gain.

9. Security and Data Retention (GDPR & COPPA Requirement)

• Security:     We have implemented appropriate security measures, including technical and      organizational measures (e.g., SSL encryption, restricted access, internal      privacy training), designed to prevent your Personal Data from being      accidentally lost, used, or accessed in an unauthorized way.
• Data      Retention: We will only retain your Personal Data for as long as      necessary to fulfill the purposes we collected it for, including for      satisfying any legal, accounting, or reporting requirements (a requirement      under both GDPR and COPPA).

10. Right to Lodge a Complaint (GDPR Requirement)

If you have a complaint about how we are processing your Personal Data, you have the right to lodge a complaint with the Supervisory Authority in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.

11. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We will notify EU/EEA users of material changes, where required by law.

Regards,

Chris Murabito

President and CEO of CREL, LLC