Privacy Policy

Antallia Enterprises Inc., dba Genova Industrial Products
Effective Date: May 28, 2025

Antallia Enterprises Inc., doing business as Genova Industrial Products (“we,” “us,” “our,” or the “Controller”), a corporation incorporated under the laws of the State of California, United States, operates the website www.genovaindustrial.com (the “Site”) via the Shopify platform. This Privacy Policy (the “Policy”) governs the collection, use, disclosure, and protection of personal information and personal data (collectively, “Personal Data”) when you, the data subject, interact with our Site or services. By accessing or using the Site, you consent to the practices described herein, in accordance with the California Consumer Privacy Act of 2018 (CCPA, Cal. Civ. Code § 1798.100 et seq.), the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679, where applicable), Google Merchant Center policies, and Shopify’s data processing standards.

Article 1: Modifications to this Policy

1.1 Policy Updates
We reserve the right to amend this Policy periodically to reflect changes in our data processing practices, operational requirements, or applicable legal obligations. Amendments will be published on the Site with an updated effective date. For material changes, we may provide notice via email or a conspicuous banner on the Site. Continued use of the Site following such amendments constitutes your acceptance of the revised Policy.

Article 2: Categories of Personal Data Collected

We collect Personal Data to facilitate the provision of services, enhance user experience, and comply with legal obligations. The categories of Personal Data collected are as follows:

2.1 Personal Identifiers

  • Description: Data that identifies or relates to an individual, including, but not limited to, name, email address, telephone number, billing address, shipping address, payment information (e.g., credit card details), username, password, and account preferences.
  • Collection Method: Voluntarily provided by you during account creation, order placement, or customer support interactions.
  • Purpose: To fulfill contractual obligations, manage accounts, process transactions, and provide personalized services.

2.2 Device and Technical Information

  • Description: Data concerning your device or browsing activity, including IP address, browser type, operating system, device identifiers, time zone, and Site interactions (e.g., pages viewed, search queries).
  • Collection Method: Automatically collected through cookies, web beacons, log files, and similar technologies.
  • Purpose: To optimize Site functionality, conduct analytics, and enhance security measures.

2.3 Transactional Data

  • Description: Information related to purchases, including name, billing and shipping addresses, payment details, email address, and telephone number.
  • Collection Method: Collected during the checkout process or order placement.
  • Purpose: To process payments, arrange shipping, confirm orders, and mitigate fraudulent activities.

2.4 Customer Support Data

  • Description: Information provided during support interactions, such as name, email address, telephone number, IP location, and details of inquiries or issues.
  • Collection Method: Submitted by you via email, phone, or support forms.
  • Purpose: To address inquiries, process returns, and resolve disputes.

2.5 Third-Party Data

  • Description: Data received from third-party service providers, including Shopify (e.g., order analytics), payment processors (e.g., Stripe, PayPal), and advertising networks (e.g., Google Analytics).
  • Collection Method: Provided by third parties acting as processors or sub-processors.
  • Purpose: To support Site operations, process transactions, and deliver targeted advertising.

Article 3: Purposes and Legal Bases for Processing

3.1 Purposes of Processing
We process Personal Data for the following purposes:

  • Service Delivery: To fulfill orders, process payments, manage accounts, and provide customer support.
  • Communication: To send transactional notifications (e.g., order confirmations) and, with your consent, promotional communications.
  • Security and Fraud Prevention: To detect, prevent, and investigate unauthorized or fraudulent activities.
  • Analytics and Improvement: To analyze Site usage, optimize functionality, and enhance user experience.
  • Advertising: To deliver personalized advertisements through third-party partners, subject to your consent or opt-out rights.

3.2 Legal Bases for Processing
Processing is conducted pursuant to the following legal bases:

  • Contractual Necessity: To perform obligations under contracts, such as order fulfillment (GDPR Art. 6(1)(b)).
  • Consent: For non-essential cookies, marketing communications, or targeted advertising (GDPR Art. 6(1)(a)).
  • Legitimate Interests: For analytics, fraud prevention, and Site optimization, where such interests are not overridden by your rights (GDPR Art. 6(1)(f)).
  • Legal Obligation: To comply with applicable laws, such as tax or consumer protection regulations (GDPR Art. 6(1)(c)).

Article 4: Cookies and Tracking Technologies

4.1 Use of Cookies
We utilize cookies, web beacons, and similar technologies to enhance Site functionality and collect analytics. Cookies are small data files stored on your device to remember preferences and track interactions.

4.2 Categories of Cookies

  • Strictly Necessary Cookies: Essential for Site operations, such as maintaining cart contents or login sessions.
  • Performance Cookies: Collect data on Site usage to improve performance and user experience.
  • Advertising Cookies: Enable personalized advertisements through third-party partners.

4.3 Cookie Management
You may manage cookies via your browser settings or our cookie consent tool. Disabling cookies may impair Site functionality. For additional details, refer to our Cookie Policy at [insert link, if applicable].

Article 5: Disclosure of Personal Data

5.1 Categories of Recipients
We disclose Personal Data only as necessary:

  • Service Providers: To processors such as Shopify (hosting, analytics), payment processors (e.g., Stripe, PayPal), and logistics providers for order fulfillment.
  • Legal Authorities: To comply with legal obligations, such as responding to subpoenas, court orders, or regulatory requirements, or to protect our legal rights, safety, or property.
  • Business Transfers: In connection with a merger, acquisition, or asset sale, Personal Data may be transferred to a third party, subject to equivalent protections.
  • Advertising Partners: To third parties like Google for behavioral advertising, subject to your opt-out rights (see https://tools.google.com/dlpage/gaoptout or https://optout.networkadvertising.org).

5.2 No Sale of Personal Data
We do not sell Personal Data as defined by the CCPA. However, Shopify’s data-sharing practices with third parties may constitute a “sale” under CCPA. You may opt out of such sharing by contacting us or Shopify directly.

Article 6: Data Subject Rights

6.1 California Residents (CCPA, Cal. Civ. Code § 1798.100 et seq.)
California residents have the following rights:

  • Right to Know: Request disclosure of Personal Data collected, used, or disclosed, including categories, sources, and purposes.
  • Right to Delete: Request deletion of Personal Data, subject to exceptions (e.g., legal retention requirements).
  • Right to Opt-Out: Opt out of the sale or sharing of Personal Data for advertising purposes.
  • Right to Correct: Request correction of inaccurate Personal Data.
  • Right to Data Portability: Receive Personal Data in a structured, commonly used format.
  • Right to Non-Discrimination: We will not discriminate against you (e.g., by denying services or increasing prices) for exercising CCPA rights.

To exercise these rights, submit a verifiable request to policies@genovaindustrial.com. We will verify your identity using information provided (e.g., email, order details) and respond within 45 days, extendable by an additional 45 days if necessary.

6.2 EEA/UK Residents (GDPR, Regulation (EU) 2016/679)
If you reside in the European Economic Area or the United Kingdom, you have the following rights:

  • Right to Access: Obtain confirmation of processing and access to your Personal Data (GDPR Art. 15).
  • Right to Rectification: Correct inaccurate or incomplete Personal Data (GDPR Art. 16).
  • Right to Erasure: Request deletion of Personal Data under certain conditions (GDPR Art. 17).
  • Right to Restrict Processing: Limit processing in specific circumstances (GDPR Art. 18).
  • Right to Data Portability: Receive Personal Data in a structured, machine-readable format (GDPR Art. 20).
  • Right to Object: Object to processing based on legitimate interests or for direct marketing (GDPR Art. 21).
  • Right to Withdraw Consent: Withdraw consent at any time, without affecting prior processing (GDPR Art. 7).

Submit requests to policies@genovaindustrial.com. We will respond within one month, extendable by two months for complex requests. You may also lodge a complaint with a supervisory authority, such as Ireland’s Data Protection Commission (https://www.dataprotection.ie) for Shopify-related processing.

6.3 Other Jurisdictions
Residents of other regions (e.g., Canada under PIPEDA) may have analogous rights. Contact us at policies@genovaindustrial.com to exercise these rights.

Article 7: International Data Transfers

7.1 Data Processing Locations
As a Shopify-based business, Personal Data is initially processed in Ireland and may be transferred to the United States, Canada, or other jurisdictions for storage or processing. We implement safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure adequate protection for cross-border transfers in compliance with GDPR Art. 46 and other applicable laws. For Shopify’s data processing details, refer to Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

Article 8: Data Security and Retention

8.1 Security Measures
We employ reasonable technical and organizational measures, including encryption, access controls, and regular security assessments, to protect Personal Data from unauthorized access, loss, or disclosure. However, no system is infallible, and we cannot guarantee absolute security.

8.2 Retention Periods
Personal Data is retained only as long as necessary for the purposes outlined herein or to comply with legal obligations:

  • Transactional Data: Retained for seven (7) years to comply with tax and accounting regulations.
  • Account Data: Retained until you request deletion or your account remains inactive for two (2) years.
  • Support Data: Retained for one (1) year following resolution of the inquiry.
    Data no longer required is securely deleted or anonymized.

Article 9: Children’s Privacy

9.1 Age Restriction
Our Site and services are not directed to individuals under the age of 18. If we become aware that Personal Data of a minor has been collected without verifiable parental consent, we will promptly delete such data. Parents or guardians may contact us at policies@genovaindustrial.com to request deletion.

Article 10: Automated Decision-Making

10.1 No Significant Automated Decisions
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects without human oversight. EEA/UK residents may object to any automated processing by contacting us, pursuant to GDPR Art. 22.

Article 11: Google Merchant Center Compliance

11.1 Policy Alignment
To comply with Google Merchant Center requirements, we ensure:

  • Transparent disclosure of data collection, use, and disclosure practices.
  • Secure processing of payment and Personal Data, in accordance with PCI DSS standards.
  • Clear mechanisms for opting out of advertising and data sharing.
  • Adherence to applicable laws, including CCPA and, where relevant, GDPR.

Article 12: Contact Information

12.1 Inquiries and Complaints
For questions, concerns, or to exercise your data subject rights, contact our Data Protection Officer at:
Email: policies@genovaindustrial.com
Mail: Antallia Enterprises Inc., 5055 Canyon Crest Dr, Ste 123, Riverside, CA 92507, United States

If dissatisfied with our response, you may escalate complaints to the relevant data protection authority, such as the California Privacy Protection Agency (for CCPA) or Ireland’s Data Protection Commission (for GDPR-related issues involving Shopify).

Article 13: Governing Law and Dispute Resolution

13.1 Applicable Law
This Policy is governed by and construed in accordance with the laws of the State of California, United States, without regard to its conflict of law principles.

13.2 Dispute Resolution
Any disputes arising out of or relating to this Policy shall be resolved through good-faith negotiation. If unresolved, disputes shall be subject to the exclusive jurisdiction of the state or federal courts located in Riverside County, California, unless otherwise required by mandatory consumer protection laws in your jurisdiction.