Privacy Policy

This Privacy Policy sets out how we collect, store and use information about you when you use or interact with our website, genezzia.com (our website) and where we obtain or otherwise collect information about you. This Privacy Policy is effective as of May 24, 2018.

0. Content

* Summary

* Our contact details

* Information we collect when you visit our website

* Information we collect when you contact us

* The information we collect when you interact with our website

* Information we collect when you place an order on our website

* Our use of automated decision making and profiling

* How we collect or obtain information about you from third parties

* Disclosure and other uses of your information

* How long do we keep your personal information?

* How we secure your information

* Transfers of your information outside the European Economic Area

* Your rights in relation to your information

*Your right to object to the processing of your information for certain purposes

* Sensitive personal information

* Changes to our privacy policy

* Protection of children’s privacy

* California Do not track disclosures

* Copyright, legal notices and logo

Translated with www.DeepL.com/Translator (free version)

1. Summary

This section summarizes how we obtain, store and use information about you. It is intended only to provide a very general overview. It is not complete by itself and should be read in conjunction with all the relevant sections of this Privacy Policy.

Data Controller: GENEZZÍA, LLC

How we collect or obtain information about you :

– When you provide it to us (e.g., by contacting us, placing an order on our website, subscribing to our newsletter, completing a survey or creating an account).

– From your use of our website, by using cookies and similar technologies.

– Occasionally, by third parties.

The information we collect includes: name, contact information, payment information such as credit or debit card details, IP address, information from cookies, information about your computer or device (e.g., type of device and browser), information about how you use our website (e.g., the pages you view, when you view them and what you click on, the geographic location from which you visited our site (based on your IP address), your responses to tests or surveys, and information about your Internet connection.

How we use your information: for administrative and commercial purposes (in particular to contact you and process orders you place on our website), to improve our business and our website, to fulfil our contractual obligations, to advertise our goods and services, to analyse your use of our website and in connection with our legal rights and obligations.

Disclosure of your information to third parties: only to the extent necessary to operate our business, to our service providers and to perform any contract we enter into with you, and when required by law or to enforce our legal rights.

Do we sell your personal information to third parties (other than in connection with a sale or purchase of a business or similar event)? No.

How long we retain your personal information: No longer than necessary, taking into account our legal obligations (e.g., keeping records for tax purposes), any other legal basis we have for using your personal information (e.g., your consent, the performance of a contract with you or our legitimate business interests). For specific retention periods relating to certain information we collect from you, please see the main section below entitled How long we retain your information.

How we secure your information: by using appropriate technical and organizational measures such as storing your information on secure servers, encrypting data transfers to or from our servers using Secure Sockets Layer (SSL) technology, encrypting payments made on or through our website using Secure Sockets Layer (SSL) technology, providing access to your information only when necessary and by reliable persons who have been trained and instructed in the proper handling of personal information.

Use of Cookies and Similar Technologies: We use cookies and similar information-gathering technologies such as web beacons on our website, including essential and functional analytic and advertising cookies.

Transfers of your information outside the European Economic Area: We are a Canadian-based company. In certain circumstances, we may transfer your information outside the European Economic Area, including to the following countries: The United States of America, Ireland, the United Kingdom. In such cases, we will ensure that appropriate safeguards are in place, including that any third parties we use that transfer your information outside the European Economic Area have self-certified as being EU-US privacy compliant.

Use of Automated Decision Making and Profiling: We use automated decision making and/or profiling. We do so for the purpose of :

*protect our company from fraud during the payment process via our partner Signify (privacy policy here: https://www.signifyd.com/privacy/).

*Your rights with respect to your information

*access your information and receive information on its use

* to correct and/or complete your information

*for your information to be deleted

*restricting the use of your personal information

*to receive your information in a portable format

* to oppose the use of your information

* to withdraw your consent to the use of your personal information

* make a complaint to a supervisory authority

Sensitive Personal Information: We do not collect information of a confidential nature about you.

2. Our contact details

You can contact the data controller by sending an email to customerservice@genezzia.com.

If you have any questions about this privacy policy, please contact the data controller.

3. Information We Collect When You Visit Our Website

We collect and use information from website visitors in accordance with this section and the section entitled Disclosure and Other Uses of Your Information.

Web Server Log Information

We use a third party server to host our website called Shopify Inc, whose privacy policy is available here https://www.shopify.com/legal/privacy . Our web server automatically logs the IP address you use to access our website as well as other information about your visit, such as the pages viewed, information requested, the date and time of the request, the source of your access to our website (for example, the website or URL (link) that referred you to our site), the version of your browser and your operating system.

Our website servers are located in the United States of America and Canada and, therefore, your information is transferred outside the European Economic Area (EEA). For more information and details of the safeguards used, please refer to the section of this Privacy Policy entitled Transfers of your information outside the European Economic Area .]

Use of Web Site Server Log Information for Computer Security Purposes

Our third party host collects and stores server logs to ensure network and computer security and to keep the server and website uncompromised. This includes analyzing log files to identify and prevent unauthorized access to our network, distribution of malicious code, denial of service attacks, and other cyber attacks by detecting unusual or suspicious activity.

Unless we are investigating suspicious or potential criminal activity, we make no attempt to identify you from the information collected through server logs, nor do we authorize our hosting provider to do so.

Legal basis of the processing: compliance with a legal obligation to which we are subject (Article 6.1.c of the General Data Protection Regulations).

Legal obligation: we have a legal obligation to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with the processing of personal information. Recording access to our website using server log files is such a measure.

Legal basis of the processing: our legitimate interests and those of a third party (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interests: we and our third party host have a legitimate interest in using your information for the purpose of ensuring network and information security.

Cookies and similar technologies

Cookies are data files that are sent from a website to a browser to record information about users for various purposes.

We use cookies and similar technologies on our website, including key functional, analytical and advertising cookies and web beacons.

You may reject some or all of the cookies we use on or through our website by modifying your browser settings or non-essential cookies using our cookie control tool, but this may affect your ability to use our website or some or all of its features. For more information about cookies, including how to change your browser settings, please visit www.allaboutcookies.org or review our cookie policy.

4. Information we collect when you contact us

We collect and use information from individuals who contact us in accordance with this section and the section entitled Disclosure and Other Uses of Your Information.

Email and contact form

When you send an e-mail to the e-mail address listed on our website, we collect your e-mail address and any other information you provide in that e-mail (such as your name, phone number and information contained in any signature blocks in your e-mail).

Legal basis of the processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest(s): responding to inquiries and messages we receive and keeping a record of correspondence.

Legal basis of the processing: necessary for the performance of a contract or to take steps at your request to conclude a contract (Article 6(1)(b) of the General Data Protection Regulation).

Reason why it is necessary to perform a contract: when your message relates to the provision of goods or services or to taking steps at your request before providing you with our goods and services (for example, by providing you with information about those goods and services), we will process your information in order to do so).

Transfer and storage of your information

We use a third-party customer service/email provider management tool to store the emails and messages you send to us.

The emails you send to us will be stored outside of the European Economic Area on our third party email provider’s servers in the United States and other countries depending on their sub-processors. For more information, please see the section of this Privacy Policy entitled Transfers of Your Information Outside the European Economic Area.

Mail

If you communicate with us by mail, we will collect the information you provide in the postal communications you send to us.

Legal basis of the processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation)

Legitimate interest(s): Responding to inquiries and messages we receive and maintaining a record of correspondence.

Legal basis of the processing: necessary for the performance of a contract or to take steps at your request to conclude a contract (Article 6(1)(b) of the General Data Protection Regulation).

Reason why it is necessary to perform a contract: when your message relates to the provision of goods or services or to taking steps at your request before providing you with our goods and services (for example, by providing you with information about those goods and services), we will process your information in order to do so).

5. Information we collect when you interact with our website

We collect and use information from individuals who interact with particular features of our website in accordance with this section and the section entitled Disclosure and Other Uses of Your Information.

SMS Messaging

When you sign up to receive text messages from us on our website or choose to receive news, offers, and out-of-stock item updates from us by entering your name and phone number and clicking on Sign Up or by checking a box at the checkout indicating that you wish to receive text messages, we collect your phone number, information about your browser and the page you signed up for, information you accessed and any other information you may have given us.

 

Legal basis for processing :

Your consent (Article 6(1)(a) of the General Data Protection Regulation).

Consent :

You consent to us sending you our electronic newsletter by registering to receive it by following the steps described above.

 

Transfer and storage of your information

We use a third party service to send our text messages and administer our phone list, Chatkit. Their privacy policy is available here: https://www.chatkit.com/privacy-policy.

The information you submit to subscribe to our text messages will be stored outside of the European Economic Area on the servers of our third party text messaging provider in Canada. For more information on the safeguards used when your information is transferred outside of the European Economic Area, see the section of this Privacy Policy entitled Transfers of your information outside of the European Economic Area below.

 

Use of Web Beacons and Similar Technologies in Emails].

We use technologies such as web beacons (small graphic files) in the texts we send to enable us to assess the level of engagement our texts receive by measuring information such as delivery rates, open rates, and click rates that our texts achieve. We will only use web beacons in our texts if you have given us permission to do so. Read more about how we use web beacons in our texts.

Electronic newsletter

When you sign up for our e-newsletter on our website or choose to receive news, offers, and out-of-stock item updates from us by entering your name and e-mail address and clicking on Sign Up or by checking a box at the checkout indicating that they wish to receive your e-newsletter, we collect your e-mail address, browser information, information about the page you are subscribed to, and any additional information you may provide us.

Legal basis of the processing: your consent (Article 6(1)(a) of the General Data Protection Regulation).

Consent: you consent to us sending you our electronic newsletter by registering to receive it by following the steps described above.

Transfer and storage of your information

The information you submit to subscribe to our e-newsletter will be stored outside the European Economic Area on the servers of our third party mailing list provider in the United States. For more information on the safeguards used when your information is transferred outside of the European Economic Area, see the section of this Privacy Policy entitled “Transfers of your information outside of the European Economic Area” below.

Use of Web Beacons and Similar Technologies in Emails].

We use technologies such as web beacons (small graphic files) in the emails we send to enable us to assess the level of engagement our emails receive by measuring information such as delivery rates, open rates, and click rates that our messages achieve. We will only use web beacons in our emails if you have authorized us to do so.

Register on our website

When you register and create an account on our website, we collect the following information: Email address, IP address and any other information you provide when you complete the registration form.

If you do not provide the mandatory information required by the registration form, you will not be able to register or create an account on our website.

Legal basis of the processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest: the registration and administration of accounts on our website.

Transfer and storage of your information

The information you submit via the registration form on our website will be stored outside the European Economic Area on our third party hosting servers in the United States and Canada. Our third party hosting provider is Shopify with servers located throughout North America where its sub-processors may be located. Their privacy policy is available here: https://www.shopify.com/legal/privacy

For more information on the safeguards used when your information is transferred outside of the European Economic Area, see the section of this Privacy Policy entitled Transfers of your information outside of the European Economic Area below.

6. Information we collect when you place an order on our website

We collect and use information from individuals who place an order on our website in accordance with this section and the section entitled Disclosure and Other Uses of Your Information.

Information Collected at the Time of Your Order

Required information

When you place an order for goods or services on our website, we collect your name, email address, billing address, shipping address, company name (if applicable), billing name and browser information.

If you do not provide this information, you will not be able to purchase goods or services on our website or enter into a contract with us.

Legal basis of the processing: necessary for the performance of a contract (Article 6(1)(b) of the General Data Protection Regulation).

Reason why it is necessary to perform a contract: we need the mandatory information collected through our order form to establish with whom the contract is concluded and to contact you in order to fulfil our contractual obligations, including sending you receipts and order confirmations.

Legal basis for processing: compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation).

Legal obligation: we are legally obliged to issue you with an invoice for the goods and services you purchase from us and we require the mandatory information collected through our order form for this purpose. We also have a legal obligation to maintain accounting records, including records of transactions.

7. Optional information

We also collect optional information from you, such as your telephone number or information about your experience in the form of a survey. We also ask you if you would like to receive marketing communications from us. For more information, see the “Marketing Communications” section of this section below.

If you do not provide the optional information requested at checkout, such as telephone number, we will not be able to contact you by phone or SMS.

Legal basis of the processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interests: to find out how a customer’s experience has been to improve your company’s website or to be able to contact the customer by phone where (if necessary) in relation to his order [2].

AND

Legal basis of the processing: your consent (Article 6(1)(a) of the General Data Protection Regulation).

Legitimate interests: you consent to us processing any optional information you provide by submitting it to us.

Processing your payment

After placing an order on our website, you will be required to make payment for the products or services you have ordered. In order to process your payment, we use a third party payment processor (Shopify Payments) and a fraud gateway to ensure that your order is not fraudulent (Signify inc. Your payment will be processed by Shopify Payments.

Shopify Payments collects, uses and processes your information, including payment information, in accordance with its Privacy Policy. You can access their privacy policy via the following link(s): Shopify Payments: https://pay.shopify.com/tos-privacy-policy.

Signify: https://www.signifyd.com/privacy/

Transfer and storage of your information

Shopify Payments is located in Canada. Your payment processing information is stored outside the European Economic Area on our servers [Third Party Payment Processor in Canada and the United States].

For more information about the safeguards used when your information is transferred outside of the European Economic Area, see the section of this Privacy Policy entitled Transfers of your information outside of the European Economic Area below.

Legal basis of the processing: necessary for the performance of a contract (Article 6(1)(b) of the General Data Protection Regulation).

Reason why it is necessary to perform a contract: to fulfil your contractual obligation to pay for the goods or services you have ordered from us.

Marketing communication

At checkout and when you arrive at the site, you will have the opportunity to receive marketing communications from us.

Our products and similar services

You may opt-out of receiving marketing communications related to our products that are similar to the products you purchase from us by checking a box to unsubscribe or by clicking ‘unsubscribe’ in an e-mail from us.

We will send you marketing communications relating to similar goods and services if you do not opt-out of receiving them.

Legal basis of the processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interests: direct marketing and advertising of our products and services.

Transfer and storage of your information

We use a third party service to administer our mailing list, Klaviyo, Inc. The information you submit to subscribe to our e-newsletter will be stored outside of the European Economic Area on the servers of our third party mailing list provider in the United States. For more information on the safeguards used when your information is transferred outside of the European Economic Area, see the section of this Privacy Policy entitled “Transfers of your information outside of the European Economic Area” below.

Use of Web beacons [and similar technologies] in emails

We use technologies such as web beacons (small graphic files in the emails we send to enable us to assess the level of engagement our emails receive by measuring information such as delivery rates, open rates, and click rates that our messages achieve. We will only use web beacons in our emails if you have authorized us to do so.

Our Products and Services

Our products and services

You may choose to receive marketing communications from us regarding our products and services by checking a box indicating that you wish to receive such communications when you place your order or at any time while you are browsing the site by entering your e-mail address in our newsletter registration form.

We will send you marketing communications about our products and services only if you choose to receive them.

Legal basis of the processing: consent (Article 6(1)(a) of the General Data Protection Regulation).

Consent: you consent to us sending you information about our products and services by registering to receive such information in accordance with the steps described above.

Information collected or obtained from third parties

This section explains how we obtain or collect information about you from third parties.

Information received from third parties

As a general rule, we do not receive information about you from third parties. The third parties that do provide us with information about you are generally partner companies with whom we do joint promotion.

It is also possible that third parties with whom we have had no prior contact may provide us with information about you.

The information we obtain from third parties will generally be your name and contact information, but will include any additional information about you that they provide to us.

Legal basis of the processing: necessary for the performance of a contract or to take steps at your request to conclude a contract (Article 6(1)(b) of the General Data Protection Regulation).

Reason for needing to perform a contract: where a third party has provided us with information about you (such as your name and email address) so that we can provide services to you, we will process your information in order to take steps at your request to enter into and perform a contract with you (if applicable).

Legal basis of the processing: consent (Article 6(1)(a) of the General Data Protection Regulation).

Consent: Where you have asked a third party to share information about you with us and the purpose of sharing that information is not related to the performance of a contract or the provision of services by us, we will process your information in accordance with your consent, which you give to us by requesting the third party in question to provide us with your information.

Legal basis of the processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate Interests: Where a third party has shared information about you with us and you have not consented to the sharing of that information, we will have a legitimate interest in processing that information in certain circumstances.

For example, we would have a legitimate interest in processing your information in order to fulfill our obligations under a subcontract with the third party, where the third party has the primary contract with you. Our legitimate interest is in performing our obligations under our subcontracting agreement.

Similarly, third parties may provide us with information about you if you have violated or potentially violated any of our legal rights. In such cases, we will have a legitimate interest in processing such information to investigate and prosecute any potential violations.

When we receive information about you in error

If we receive information about you from a third party in error and/or if we do not have a legal basis to process this information, we will delete your information.

8. Our Use of Automated Decision Making and Profiling

We use automated decision making and profiling on our website. We do not consider that this has any legal effect on you or that it affects you in a similarly significant way.

You have the right to object to the use of automated decision making and profiling described in this section. You may do so by opting out of cookies and similar technologies in accordance with the method described in the corresponding section below. If you do not want us to process your real IP address (usually the IP address assigned to you by your Internet service provider) when you visit our website, you may use a virtual private network (VPN) or a free service such as Tor.

Automated decision making

Automated decision making is the making of decisions by technological means (i.e. by a machine) without human intervention.

Use of Automated Decision Making for Advertising Display].

We automate the display of advertisements containing our products and services on other websites you visit, based on the fact that you visited our website using cookies.

Logic involved: Automatically displaying ads to people who have visited our website allows us to increase our efficiency and save money compared to manually displaying ads or displaying ads by different means.

Significance and intended consequences: Cookies will be used to recognize the fact that you have visited our website in order to display advertisements to you (unless you have blocked such cookies) and to collect information about your online behavior.

Profiling

Profiling is any form of automated processing of your information to evaluate personal aspects concerning you, in particular to analyze or predict your work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

Using Profiling for Web Analytics

Our web analytics services, Google Analytics and Qubit, Inc. collect information such as your location (based on your IP address), your behavior (based on cookies) when you access our website (such as which pages you visit and what you click on) and the amount of your spending on our website. We will only process cookie information if you have authorised us to install cookies on your computer in accordance with our cookie policy. The information we collect about you, once collected, is anonymized and stored on an aggregated basis. IP addresses are anonymized at the point of collection on our site.

Logic: By automatically analyzing and categorizing information such as the location (based on IP address) and the behavior and devices of visitors to our website (using cookies), we are able to better understand what visitors to our website want (in terms of the content of our site and our products), how to improve our site, and how to advertise and market our services to them.

Significance and intended consequences: Cookies will be used to track and store information about your behavior and device on our website (unless you have opted out of receiving such cookies by using our cookie control tool and your location will be analyzed based on your IP address. We may target advertisements or content on our site based on the level of interest we receive from certain visitors and their behavior on our website.

Legal basis of the processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation) and the basis on which you give us your consent to use it by choosing to participate in cookie tracking.

Legitimate interest :: to improve our website for the users of our website and to know their preferences so that our website can better respond to their needs and desires. Also to serve you the advertisements that you feel are most relevant to the visitor.

Use of profiling in marketing emails

We use web beacons in our marketing emails to analyze who opens our emails and what actions they take (for example, what they click on).

Logic involved: By analyzing how our recipients respond to our emails, we are able to improve the content and effectiveness of our emails and assess who is most interested.

Importance and consequences considered: your behavior when you open our emails will be tracked using small gif files (web beacons), including opening rates, click rates and what you clicked on in an email.

Legal basis of the processing: legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest: analyzing the level of commitment and effectiveness of our emails and marketing content

9. How we collect or obtain information about you from third parties

This section describes the circumstances under which your information will be disclosed to third parties and any other purposes for which we use your information.

10. Disclosure and other uses of your information

This section describes the circumstances under which your information will be disclosed to third parties and any other purposes for which we use your information.

Disclosure of Your Information to Service Providers

We use a number of third parties to provide us with the services necessary to operate our business or to help us operate our business and who process your information for us on our behalf. These include, but are not limited to, the following:

* Customer Service System Provider: Zendesk Inc. Their privacy policy is available here :

* Computer service provider(s), including Shipping Easy and Microsoft Azure. Their privacy policies are available here: https://support.shippingeasy.com/hc/en-us/articles/115003637406-Privacy-Policy https://privacy.microsoft.com/en-us/privacystatement

* Hosting provider(s), including Shopify Inc. Their privacy policy is available here: shopify.com/privacy

Our third party service providers are located in the United States and Canada.

Your information will be shared with these service providers as necessary to provide you with the service you have requested, whether to access our website or to order goods and services from us.

For security and competitive reasons, we do not publicly display all of our service providers’ identities by name. If you would like more information about the identity of our service providers, however, please contact us directly via our contact form and we will provide you with this information when you have a legitimate reason to request it (for example, when we have shared your information with these service providers).

Legal basis of the processing: legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest claimed: Where we share your information with these third parties in a context other than that necessary to perform a contract (or take action at your request), we will share your information with these third parties to enable us to operate and manage our business effectively.

Legal basis of the processing: necessary for the performance of a contract and/or to take action at your request prior to the conclusion of a contract (Article 6(1)(b) of the General Data Protection Regulation).

Reason for needing to perform a contract: we may need to share information with our service providers to enable us to perform our obligations under the contract or to take action at your request before we enter into a contract with you.

Disclosure of Your Information to Other Third Parties

We disclose your personal information to other third parties in special circumstances as set out below.

Providing information to third parties such as Google Inc. Google collects information through our use of Google Analytics on our website. Google uses this information, including IP addresses and cookie information, for various purposes, such as improving its Google Analytics service. The information is shared with Google on an aggregated and anonymous basis. To learn more about the information collected by Google, how Google uses it and how to control the information sent to Google, please visit the following page: https://www.google.com/policies/privacy/partners/ .]

Legal basis of the processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest(s): Compliance with our contractual obligations to Google under our Google Analytics Terms of Service (https://www.google.com/analytics/terms/us.html).

You can unsubscribe from Google Analytics by installing the browser plugin here: https://tools.google.com/dlpage/gaoptout.

Transfer and storage of your information

The information collected by Google Analytics is stored outside the European Economic Area on Google servers in the United States of America.

For more information about the safeguards used when your information is transferred outside of the European Economic Area, see the section of this Privacy Policy entitled Transfers of your information outside of the European Economic Area below.

Sharing your information within our group of companies, including Seed Beauty for internal administrative purposes, including customer, client and employee information.

Legal basis of the processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest: to run and manage our business effectively.

AND

Legal basis of the processing: necessary for the performance of a contract [or to take steps at your request prior to the conclusion of a contract] (Article 6(1)(b) of the General Data Protection Regulation).

Reason why it is necessary to perform a contract: we need to share your information with other companies in order to be able to fulfil our contractual obligations to you or to take action at your request before entering into a contract, for example because of the services or information you have requested.

Share your information with a potential or actual buyer or seller in the context of an actual or potential sale or acquisition of a business or asset by us, or in connection with an actual or potential merger or similar business combination.

Legal basis for processing: legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest(s): sharing your information with a buyer, seller or similar person in order to enable such a transaction to take place.

Disclosure and use of your information for legal purposes

Report possible criminal acts or threats to public safety to a competent authority

If we suspect that a criminal act or potential criminal act has been committed, we will, under certain circumstances, have to contact a competent authority, such as the police. This may be the case, for example, if we suspect that fraud or cybercrime has been committed or if we receive threats or malicious communications against us or third parties.

We will generally only need to process your information for this purpose if you have been involved or affected in some way by such an incident.

Legal basis of the processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interests: prevention of crime or suspected criminal activities (such as fraud).

In connection with the application or potential application of the law, our legal rights

We will use your personal information in connection with the enforcement or potential enforcement of our legal rights, including, for example, sharing information with collection agencies if you fail to pay amounts owed to us when required to do so by contract. Our legal rights may be contractual (where we have entered into a contract with you) or non-contractual (such as the legal rights we have under copyright or tort law).

Legal basis of the processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest: to enforce our legal rights and to take action to enforce our legal rights.

11. In the context of potential or pending litigation or legal proceedings

We may use your information if we are involved in a dispute with you or a third party, for example, either to resolve the dispute or as part of a mediation, arbitration, court settlement or similar process.

Legal basis of the processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest(s): settlement of disputes and potential disputes.

To ensure continued compliance with laws, regulations and other legal requirements

We will use and process your information in order to comply with the legal obligations to which we are subject. For example, we may need to disclose your information pursuant to a court order or subpoena if we receive one.

Legal basis for processing: Compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation).

Legal obligation(s): legal obligation(s) to disclose information that are part of the laws of the United States of America[4].

Legal basis of the processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest: where legal obligations are part of the laws of another country and have not been incorporated into the legal framework of the United States, we have a legitimate interest in complying with those obligations.

12. How long do we keep your information?

This section specifies how long your personal information will be kept. Where possible, we have set specific retention periods. Where this has not been possible, we have established the criteria we use to determine the retention period.

Retention Periods

Order Information: When you place an order for goods and services, we retain this information indefinitely or until you ask us to delete it, unless it is contrary to our legal responsibility.

Correspondence and Inquiries: when you make an inquiry or correspond with us for any reason, whether by email or through our contact form, we will retain your personal information for as long as necessary to respond and resolve your inquiry and indefinitely thereafter, unless you request its deletion AND it does not interfere with our compliance with the law and our legitimate business interest.

E-Newsletter: We retain the information you used to subscribe to our e-Newsletter for as long as you remain a subscriber (i.e., you do not unsubscribe) or if we decide to cancel our e-Newsletter service, whichever comes first.

13. Criteria for determining retention periods

In all other cases, we will not keep your information longer than necessary, keeping in mind the following:

* the purpose(s) and use of your personal information now and in the future (for example, whether it is necessary to continue to store this information in order to continue to fulfill our obligations under a contract with you or to contact you in the future) ;

* if we have a legal obligation to continue to process your information (such as any record-keeping obligations imposed by a relevant law or regulation) ;

* if we have a legal basis for continuing to process your information (such as your consent);

* the value of your information (now and in the future);

* any relevant industry-agreed practices regarding how long we retain information;

* the levels of risk, cost and liability associated with our continuing to hold the information;

* the degree of difficulty in ensuring that the information can be kept current and accurate; and

* any relevant circumstances (such as the nature and state of our relationship with you).

14. How we secure your information

How we secure your information

We take appropriate technical and organizational measures to secure and protect your information from unauthorized or illegal use and accidental loss or destruction, including :

* Sharing and providing access to your information only to the minimum extent necessary, subject to confidentiality restrictions where appropriate and, to the extent possible, on an anonymous basis ;

* using secure servers to store your information;

verifying the identity of any person requesting access to information before granting access to the information ;

* using Secure Sockets Layer (SSL) software to encrypt any information you submit to us through any form on our website and any payment transaction you make on or through our website;

* transferring your information only through a closed system or encrypted data transfers; and

Transmission of information by email

The transmission of information over the Internet is not completely secure and if you submit information to us over the Internet (whether by e-mail, via our website or otherwise), you do so at your own risk.

We will not be liable for any costs, expenses, lost profits, damage to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.

15. Transfers of your information outside the European Economic Area

We process data inside and outside the United States and rely on legal mechanisms to legally transfer data across borders. The countries in which we and our contractors process data may have different, and potentially less protective, laws than the laws of your own country.

Your information will be transferred and stored outside the European Economic Area (EEA) in the circumstances described below. We will also transfer your information outside the EEA or to an international organisation in order to comply with legal obligations to which we are subject (for example, to comply with a court order). Where we are required to do so, we will ensure that appropriate safeguards are in place.

Server log information

The information collected when you visit our website is transferred outside the EEA and stored on the servers of our third party hosting provider, Shopify. You can access their privacy policy here: www.shopify.com/privacy.

Country of storage: Canada and the United States

Warranty(s) Used: Our third party hosting provider has self-certified its compliance with the EU-US Privacy Shield.

 

 

 

 

Contact form and Email

The information you submit to us via our contact form is transferred outside the EEA and stored on our third party messaging and customer service systems. Our email provider is Klaviyo Inc. You can access their privacy policy here: www.klaviyo.com/privacy. Our customer service system provider is Zendesk. You can access their privacy policy here: https://www.zendesk.com/company/customers-partners/eu-data-protection/.

Country of storage: United States. This country is not subject to an adequacy decision by the European Commission.

Warranty(s) Used: Our third party email provider has self-certified its compliance with the EU-US privacy shield.

Electronic Newsletter

The information you submit to us when you subscribe to our e-newsletter is transferred outside the EEA and stored on the servers of our third party mailing list provider. Our third party mailing list provider is: Klaviyo. You can access their privacy policy here: www.klaviyo.com/privacy.

Country of storage: The United States. This country is not subject to an adequacy decision by the European Commission.

Backup(s) used: Our [third-party mailing list provider] has self-certified its compliance with the EU-US privacy shield.

Google Analytics

The information collected by Google Analytics (your IP address and the measures you take in connection with our website) is transferred outside the EEA and stored on Google’s servers. You can access the Google Privacy Policy here: https://www.google.com/policies/privacy/.

Country of storage: United States of America. This country is not subject to an adequacy decision by the European Commission.

Warranty(s) used: Google has self-certified its EU-US privacy compliance, which is available at https://www.privacyshield.gov/welcome. The EU-US Privacy Shield is an approved certification mechanism under Article 42 of the General Data Protection Regulation, which is authorized under Article 46(2)(f) of the General Data Protection Regulation. The European Commission’s decision on the adequacy of the EU-US privacy shield can be found at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm.

Payment processor

The information you submit to us through our third party payment processor, Shopify Payments, is transferred outside the EEA and stored on their servers. You can access their privacy policy here: https://pay.shopify.com/tos-privacy-policy.

Country of storage: The United States and Canada. These countries are not subject to an adequacy decision by the European Commission.

Warranty(s) Used: Our payment processor has self-certified its EU-US privacy compliance.

16. Your right to object to the processing of your information for certain purposes

You have the following rights concerning your information, which you can exercise in the same way as you can exercise by sending an email to : customerservice@genezzia.com to object to us using or processing your information where we use or process it to perform a task in the public interest or for our legitimate interests, including “profiling” (i.e. analysing or predicting your behaviour based on your information) for any of these purposes; and to object to us using or processing your information for direct marketing purposes (including any profiling that we perform that is related to such direct marketing).

You may also exercise your right to object to us using or processing your information for direct marketing purposes:

by clicking on the unsubscribe link contained at the bottom of any marketing email we send you and following the instructions that appear in your browser after you click on that link ;

17. Personal information of a confidential nature

Confidential information” is information about an individual that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic information, biometric information that uniquely identifies an individual, health information, or information about an individual’s sex life or sexual orientation.

We do not knowingly or intentionally collect sensitive personal information from individuals, and you should not submit sensitive personal information to us.

However, if you inadvertently or intentionally submit sensitive personal information to us, you will be deemed to have explicitly consented to our processing of such sensitive personal information in accordance with Article 9(2)(a) of the General Data Protection Regulation. We will use and process your sensitive personal information for the purpose of deleting it.

18. Changes to our Privacy Policy

We update and modify our privacy policy from time to time.

Minor changes to our privacy policy

In the event that we make minor changes to our Privacy Policy, we will update our Privacy Policy with a new effective date indicated at the beginning of the Privacy Policy. The treatment of your personal information will be governed by the practices set forth in this new version of the Privacy Policy as of its effective date.

Major changes to our Privacy Policy or the purposes for which we process your personal information

In the event that we make major changes to our privacy policy or if we intend to use your personal information for a new or different purpose than the one for which we originally collected it, we will notify you by email (where possible) or by posting a notice on our website.

We will provide you with information about the change and the purpose and any other relevant information before using your information for that new purpose.

Where appropriate, we will obtain your prior consent before using your personal information for purposes different from those for which we originally collected it.

 

Children’s Privacy Protection

Because we care about the safety and privacy of children online, we comply with the Children’s Online Privacy Protection Act of 1998 (COPPA). COPPA and its accompanying regulations protect the privacy of children using the Internet. We do not knowingly communicate with or collect information from anyone under the age of 18. The website is not intended to solicit information of any kind from persons under the age of 18.

It is possible that we may receive information about persons under the age of 18 through fraud or deception from a third party. If we are notified, as soon as we verify the information, we will, where required by law, obtain appropriate parental consent to use such information or, if we are unable to obtain such parental consent, we will delete such information from our servers. If you wish to notify us of receipt of information from persons under the age of 18, please do so by sending an email from our contact page.

19. Copyright, legal notice and logo

This Privacy Policy is based on a template that complies with the General Data Protection Regulation (EU Regulation (EU) 2016/769) (GDPR) provided by GDPR Privacy Policy. For more information, please visit https://gdprprivacypolicy.org.

Copyright in this Privacy Policy is owned or licensed to us and is protected by copyright laws around the world and by copyright protection software. All intellectual property rights in this document are reserved.

When we display the GDPR Privacy Policy logo on our website, it indicates that we have adopted a privacy policy template provided by the GDPR Privacy Policy as the basis for this Privacy Policy.