Effective Date: 10/7/2025
Mr. Balaclava ensures the security of your personal information. This particular security policy explains how we will protect your information from unauthorized access and provide you with a safe and secure environment when shopping online on our website.
1. Information Security
The personal information which you provide us with is critical, which is why we opt for policies that protect users from our strict protective measures. This policy outlines the measures and processes that we have put in place in order to protect your data.
1.1 Data Encryption
We deploy the Secure Socket Layer (SSL) technology on the sensitive personal information (like payment data) on a transmission. With the use of gateway servers, the payment SSL technology encrypts the data which is transferred from the terminal and browser to the server.
1.2 Payment Protection
Any time a customer is making a payment on our website, we have a policy of working with third-party payment processors (like PayPal or Stripe) certified to the Payment Card Industry Data Security Standard (PCI DSS) and its associated frameworks. Your credit card or payment information is not kept in our database. Payment information is taken care of by the payment gateway directly during the transaction, ensuring safe handling of sensitive information.
1.3 Accounts Protection
When an account is created on our website, certain measures are taken to safeguard the user’s personal information. The account information is encrypted, and access is allowed only to authorized personnel. We suggest using a strong unique password and not sharing login information. It is the user’s obligation to access the account in the case of suspicion of account misuse and inform us.
2. Network and Infrastructure Security
2.1 Firewall Protection
The firewalls protecting our website safeguard internet visitors as well as business and private data. They serve as a protection barrier against unauthorized access and provide basic protection against other threats. They isolate our server infrastructure and make sure only certified traffic gets through.
2.2 Intrusion Detection Systems (IDS)
We deploy complex IDS (Intrusion Detection Systems) technologies as a standard practice to inspect peripheral boundaries of our network for unauthorized access and abnormal activities. The remotely hosted IDS notify us of suspicious abnormal activities and take required preventive measures so that our in-house office readiness-action systems do not have to suffer a breach.
2.3 Regular Security Audits
We actively practice security audits and other vulnerability attempts that penetrate defined weaknesses on an architecture to proactively balance systems. Such attempts are exposed to 3rd party systems to ensure infrastructure business value-in-resistance to not value emerging threats.
3. Data Protection and Privacy.
3.1 Data Storage Security
All your personal data that we possibly collect is stored on centralized servers which are well protected by firewalls and data encryption. Specified measures of access control is used to limit who can view and modify your data and your personal information.
3.2 Data Retention
Your personal data is retained only for the amount of time for which it has been collected for or as required by the law. When the data is no longer needed, it is either deleted or anonymized so no data’s unauthorized access is possible.
3.3 Access Control
Data is protected with stringent access which has been proven to work. Data can only be accessed by the authorized people with a valid reason for needing the data. Security policies must be followed and security awareness programs must be attended at intervals by all employees and contractors.
4. User Responsibilities
4.1. Secure Your Devices
While measures are put in place to secure the company’s website and its supporting infrastructure, responsibility for their own security is something users are expected to shoulder. We strongly advise users to:
- Ensure that adequate and current anti-virus and firewall protection is installed on their devices.
- Refrain from connecting to and/or using personal accounts over public Wi-Fi for purchasing transactions.
- Ensure they log out of sessions, especially on public and shared computers. Activating accounts on public domains outside the workplace is strongly discouraged.
4.2 Strong Passwords
Mr. Balaclava accounts require strong and unique passwords. It is necessary to strong passwords that contain lower and uppercase letters, numbers, and special signs. It is also suggested to avoid easy to guess passwords like ones that include your name or birth date.
5. Incident Response and Breach Notification
5.1 Breach Detection and Response
For every case of personal data being breached or accessed without permission, there is an Incident Response Plan. As soon as a breach happens, we systematically analyze the breach and act swiftly to save whatever data we can.
5.2 Notification of Breach
If there is a breach of data, we will notify of it to you as per the necessary time period before the data is lost. We comply with law such as GDPR and will inform you in case there is a breach with your personal data. We do our best to notify you informing what data is involved in the breach and how we plan to resolve the breach.
6. Third-Party Security
6.1 Third-Party Service Providers
Payment processing, shipping, and email marketing are just a few of the functions provided by our third-party service providers. We engage these third parties to retain necessary compliance with our privacy and security regulations.
6.2 Data Presence along with Other Entities
We may provide your personal information to selected service providers to perform certain functions on our behalf (for example, processing payments or offering customer service support). We do not sell, rent, or trade your personal information to any third party for marketing purposes.
We also require any third party service providers with whom we work to employ appropriate safeguards to protect your information. We do not grant third parties any rights to use your personal information for any other purpose except for these purposes as stated in the agreements we have.
7. Legal Compliance in Data Security
7.1 GDPR Adherence
To demonstrate our commitment to privacy and security, we also guarantee that we observe the General Data Protection Regulation (GDPR) for our customers that are located within the European Union (EU) and European Economic Area (EEA). This regulation obligates us to provide secure and rights-compliant processing of personal data.
7.2 Other Relevant Legislation
Aside from GDPR, we observe other data protection and privacy laws that are relevant to our scope of work, these include the California Consumer Privacy Act (CCPA) and Payment Card Industry Data Security Standard (PCI DSS).
8. Changes to This Security Policy
For practice, for new technologies, or for legal purposes, we may amend our policies: or update new parts of our practice policies or policies on how we Maintain Security. Any new policies will be reflected on this site, and also on new security implementations. The new policies will be effective on the date posted. To understand how the policies you need to check this page regularly.
9. Contact Information
If you have questions regarding this Security Policy and personal data security, you may contact us:
Email contact@mrbalaclava.com
Phone +923016889858
Mailing Address Ajmal Gardan Phase 2, 51310 Sialkot, Punjab, Pakistan
List Of all Polices
