Privacy Policy

At Aquanora, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform (Aquanora.com) and related services. By accessing or using our services, you agree to the terms of this Privacy Policy. If you do not agree, please refrain from using our platform.

1. Information We Collect

1.1 Personal Data

We collect information that identifies or relates to you, including:
  • Identity Data: Name, username, title.
  • Contact Data: Email, phone number, shipping/billing address.
  • Transaction Data: Order history, payment details (processed securely via third-party gateways like Stripe/PayPal).
  • Technical Data: IP address, browser type, device identifiers, cookies (see our Cookie Policy).
  • Usage Data: Pages visited, interactions, preferences.

1.2 How We Collect Data

  • Directly from You: When you register, make a purchase, subscribe to newsletters, or contact customer support.
  • Automatically: Via cookies, analytics tools (e.g., Google Analytics), and server logs.
  • From Third Parties: Payment processors, marketing partners (where permitted by law).

1.3 Non-Personal Data

We anonymize or aggregate data for analytics, improving services, and market research.

2. How We Use Your Data

We process your personal data for specific, lawful purposes, including:
  • Process and fulfill your purchases.
  • Deliver products and manage returns/refunds.
  • Provide customer support and account management.[Legal Basis: Necessary for contract performance (GDPR Article 6(1)(b)).]
  • Customize website content and product recommendations.
  • Improve platform functionality and load times.[Legal Basis: Legitimate interest (GDPR Article 6(1)(f)) or consent (Article 6(1)(a)).]
  • With your consent (where required) Send promotional emails (e.g., discounts, new products).
  • Notify you about cart abandonment or wishlist items.
  • You may unsubscribe anytime via the link in emails or by contacting us.[Legal Basis: Consent (GDPR Article 6(1)(a)) or legitimate interest (soft opt-in for existing customers).]
  • Detect and prevent fraudulent transactions.
  • Investigate unauthorized account access.[Legal Basis: Legal obligation and legitimate interest (GDPR Articles 6(1)(c) and 6(1)(f)).]
  • Tax authorities (e.g., invoice records).
  • Law enforcement (e.g., court orders).[Legal Basis: Legal obligation (GDPR Article 6(1)(c)).]
  • Aggregated Analytics
  • Non-personal, anonymized data is used for Market research and trend analysis.
  • Reporting on website performance.[Legal Basis: Legitimate interest (GDPR Article 6(1)(f)).]

3. Data Sharing & Disclosure

We do not sell your data. Limited sharing occurs with:
  • Service Providers: Payment processors, logistics partners, IT security firms.
  • Legal Authorities: If required by law (e.g., court orders, fraud investigations).
  • Business Transfers: In mergers/acquisitions (with confidentiality safeguards).
  • All third parties must adhere to strict data protection agreements.

4. International Data Transfers

Your data may be processed outside the EU/EEA. We ensure safeguards such as:
  • Standard Contractual Clauses (SCCs)
  • Adequacy Decisions (for approved countries)

5. Your Rights (GDPR & CCPA Compliance)

5.1 EU/UK Users (Under GDPR)

  • Access: Request a copy of your data.
  • Rectification: Correct inaccurate information.
  • Erasure ("Right to Be Forgotten"): Delete your data under certain conditions.
  • Restriction: Limit how we use your data.
  • Portability: Receive your data in a machine-readable format.
  • Objection: Opt out of marketing or automated decision-making.

5.2 California Residents (Under CCPA)

  • Know: Request disclosure of data collected.
  • Delete: Ask for data deletion.
  • Opt-Out: Decline "sale" of personal data (we do not sell data).
  • To exercise rights, email:[email protected] with "Privacy Request" in the subject line. We respond within 30 days and may verify your identity for security.

6. Data Security

We implement:
  • Encryption (SSL/TLS) for data transfers.
  • Regular security audits.
  • Access controls (least-privilege principle).
  • Staff training on data protection.

7. Data Retention

We retain data only as long as necessary:
  • Active accounts: Until deletion request.
  • Transaction records: 7 years (legal/tax requirements).
  • Marketing data: Until consent withdrawal.

8. Children’s Privacy

We do not knowingly collect data from children under 16. Parents/guardians may contact us to remove such data.

9. Policy Updates

We may update this policy periodically. Material changes will be notified via:
  • Email (registered users).
  • Website banners.

10. Contact Us

For privacy-related questions or requests: Email: [email protected]