Privacy Policy

Last Updated: 20 December 2025
Effective Date: 20 December 2025

---

1. Introduction

Welcome to Gionetto. We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website, make a purchase, or interact with our services.

Who We Are:

Company Name: FOCUS DIGITAL LLC
Trading As: Gionetto
Business Address: 1209 Mountain Road Pl NE, Suite R, Albuquerque, NM 87110, United States
Website: https://gionetto.com
Email: support@gionetto.com
Data Protection Contact: privacy@gionetto.com

Our Commitment:

We respect your privacy and are committed to protecting your personal data. This Privacy Policy complies with:

• ✅ UK GDPR (General Data Protection Regulation as retained in UK law)
• ✅ Data Protection Act 2018 (UK)
• ✅ Privacy and Electronic Communications Regulations 2003 (PECR)
• ✅ California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• ✅ Children's Online Privacy Protection Act (COPPA)
• ✅ Other applicable data protection laws

---

2. Information We Collect

We collect different types of information to provide and improve our services to you.

2.1 Information You Provide to Us

Account Information:

• Name (first and last name)
• Email address
• Password (encrypted)
• Phone number (optional)
• Date of birth (if provided)

Order & Delivery Information:

• Billing address (street address, city, county, postcode, country)
• Shipping address (street address, city, county, postcode, country)
• Contact phone number
• Delivery instructions

Payment Information:

• Payment card details (processed securely by our payment processor)
• Billing address
• Transaction history

Note: We do not store your full payment card details. Payment information is processed and stored securely by our PCI-DSS compliant payment processors (Shopify Payments, PayPal, Stripe, etc.).

Communication Information:

• Email correspondence
• Customer service inquiries
• Product reviews and ratings
• Survey responses
• Marketing preferences

2.2 Information We Collect Automatically

Device & Browser Information:

• IP address
• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• Screen resolution
• Language preferences

Usage Information:

• Pages visited on our website
• Products viewed
• Time spent on pages
• Click patterns and navigation paths
• Referring website (how you arrived at our site)
• Date and time of visits
• Search queries on our website

Cookies & Tracking Technologies:

• Session cookies (temporary)
• Persistent cookies (stored on your device)
• Analytics cookies (Google Analytics, etc.)
• Marketing cookies (Facebook Pixel, Google Ads, etc.)
• Web beacons and pixels

For more information about cookies, see Section 8 below.

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Payment processors: Transaction verification and fraud prevention data
• Shipping carriers: Delivery status and tracking information
• Social media platforms: If you interact with us on social media or use social login
• Marketing partners: Advertising performance and attribution data
• Data enrichment services: To improve our understanding of customer preferences
• Fraud prevention services: To protect against fraudulent transactions

2.4 Information We Do Not Collect

We do not knowingly collect:

• ❌ Personal data from children under 13 years of age (COPPA compliance)
• ❌ Sensitive personal data (racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, etc.) unless explicitly provided by you and necessary for our services

---

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 To Provide Our Services

• ✅ Process and fulfill your orders
• ✅ Arrange shipping and delivery
• ✅ Process payments and refunds
• ✅ Manage your account
• ✅ Provide customer support
• ✅ Send order confirmations and shipping notifications
• ✅ Handle returns and exchanges

Legal Basis (UK GDPR): Performance of a contract (Article 6(1)(b))

3.2 To Communicate with You

• ✅ Respond to your inquiries and requests
• ✅ Send transactional emails (order confirmations, shipping updates, etc.)
• ✅ Send service announcements and updates
• ✅ Request product reviews and feedback
• ✅ Notify you of changes to our policies or services

Legal Basis (UK GDPR): Performance of a contract (Article 6(1)(b)) and Legitimate interests (Article 6(1)(f))

3.3 For Marketing & Promotional Purposes

• ✅ Send promotional emails and newsletters (with your consent)
• ✅ Display personalized advertisements
• ✅ Offer special promotions and discounts
• ✅ Recommend products based on your interests
• ✅ Conduct marketing campaigns

Legal Basis (UK GDPR): Consent (Article 6(1)(a)) and Legitimate interests (Article 6(1)(f))

Your Rights: You can opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or contacting us at support@gionetto.com.

3.4 To Improve Our Services

• ✅ Analyze website usage and customer behavior
• ✅ Improve website functionality and user experience
• ✅ Develop new products and features
• ✅ Conduct research and analytics
• ✅ Test and optimize our services

Legal Basis (UK GDPR): Legitimate interests (Article 6(1)(f))

3.5 For Security & Fraud Prevention

• ✅ Detect and prevent fraud, abuse, and illegal activity
• ✅ Protect our website and systems from security threats
• ✅ Verify identity and prevent unauthorized access
• ✅ Investigate and resolve disputes
• ✅ Enforce our Terms of Service and policies

Legal Basis (UK GDPR): Legitimate interests (Article 6(1)(f)) and Legal obligation (Article 6(1)(c))

3.6 For Legal Compliance

• ✅ Comply with legal obligations and regulations
• ✅ Respond to legal requests and court orders
• ✅ Maintain records for tax and accounting purposes
• ✅ Protect our legal rights and interests
• ✅ Comply with customs and import/export regulations

Legal Basis (UK GDPR): Legal obligation (Article 6(1)(c)) and Legitimate interests (Article 6(1)(f))

---

4. How We Share Your Information

We do not sell your personal information to third parties. However, we may share your information with trusted partners and service providers as described below.

4.1 Service Providers

We share your information with third-party service providers who help us operate our business, including:

E-commerce Platform:

• Shopify Inc. - Our e-commerce platform provider (hosting, payment processing, order management)
• Privacy Policy: https://www.shopify.com/legal/privacy

Payment Processors:

• Shopify Payments, PayPal, Stripe - Secure payment processing
• These providers are PCI-DSS compliant and do not share your payment details with us

Shipping Carriers:

• DHL, Royal Mail, Parcelforce, FedEx, UPS - Delivery and logistics
• We share your name, address, phone number, and order details for delivery purposes

Email Service Providers:

• Klaviyo, Mailchimp, SendGrid (or similar) - Email marketing and transactional emails
• We share your email address and order information to send you emails

Analytics Providers:

• Google Analytics - Website analytics and performance tracking
• Privacy Policy: https://policies.google.com/privacy

Advertising Partners:

• Google Ads, Facebook/Meta Ads, TikTok Ads - Advertising and retargeting
• We share limited information (email, device ID, browsing behavior) for targeted advertising

Customer Support Tools:

• Zendesk, Gorgias, Tidio (or similar) - Customer service and support
• We share your contact information and order history to provide support

Fraud Prevention Services:

• Shopify Fraud Analysis, Signifyd, Riskified (or similar) - Fraud detection and prevention
• We share transaction data to protect against fraudulent orders

4.2 Business Transfers

If Gionetto is involved in a merger, acquisition, sale of assets, bankruptcy, or other business transaction, your personal information may be transferred to the new owner as part of that transaction. We will notify you via email and/or a prominent notice on our website before your information is transferred.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Court orders, subpoenas, or legal processes
• Requests from law enforcement or government authorities
• Legal claims or disputes
• Protection of our rights, property, or safety
• Protection of the rights, property, or safety of others

4.4 With Your Consent

We may share your information with other third parties if you give us your explicit consent to do so.

4.5 Aggregated & Anonymized Data

We may share aggregated or anonymized data that does not identify you personally with third parties for research, marketing, analytics, or other purposes.

---

5. International Data Transfers

5.1 Where We Store Your Data

Gionetto is operated by FOCUS DIGITAL LLC, a company based in the United States. Your personal information may be transferred to, stored, and processed in:

• 🇺🇸 United States (our primary operations)
• 🇨🇦 Canada (Shopify servers)
• 🇪🇺 European Union (some service providers)
• 🌍 Other countries where our service providers operate

5.2 UK to US Data Transfers

When we transfer your personal data from the United Kingdom to the United States or other countries, we ensure appropriate safeguards are in place, including:

• ✅ Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO)
• ✅ Adequacy decisions where applicable
• ✅ Binding Corporate Rules of our service providers
• ✅ Data Processing Agreements with all third-party processors

5.3 Your Rights Regarding International Transfers

You have the right to:

• Request information about the safeguards we use for international transfers
• Object to the transfer of your data to certain countries
• Request a copy of the Standard Contractual Clauses we use

Contact us at privacy@gionetto.com for more information.

---

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

6.1 Retention Periods

Data Type	Retention Period	Reason
Account Information	Until you request deletion or close your account	To provide ongoing services
Order & Transaction Data	7 years from date of transaction	Legal and tax obligations (UK law)
Payment Information	Not stored (processed by payment providers)	PCI-DSS compliance
Marketing Data	Until you unsubscribe or request deletion	Marketing purposes
Website Analytics	26 months (Google Analytics default)	Analytics and improvement
Customer Support Records	3 years from last interaction	Customer service and dispute resolution
Cookies	Varies (see Cookie Policy)	Functionality and analytics

6.2 Deletion of Data

After the retention period expires, we will securely delete or anonymize your personal information. You can request deletion of your data at any time by contacting us at privacy@gionetto.com (subject to legal obligations).

---

7. Your Rights & Choices

You have important rights regarding your personal information. These rights vary depending on your location.

7.1 Rights Under UK GDPR (UK Customers)

If you are located in the United Kingdom, you have the following rights:

1. Right to Access (Article 15)

You have the right to request a copy of the personal information we hold about you.

2. Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal information.

3. Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal information in certain circumstances.

4. Right to Restriction of Processing (Article 18)

You have the right to request that we limit how we use your personal information.

5. Right to Data Portability (Article 20)

You have the right to receive your personal information in a structured, commonly used, and machine-readable format.

6. Right to Object (Article 21)

You have the right to object to processing of your personal information for direct marketing or based on legitimate interests.

7. Right to Withdraw Consent (Article 7)

Where we rely on consent, you have the right to withdraw it at any time.

8. Right to Lodge a Complaint

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

• Website: https://ico.org.uk
• Phone: 0303 123 1113
• Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

7.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

1. Right to Know

You have the right to request information about the personal information we collect, use, disclose, and sell (if applicable).

2. Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

3. Right to Opt-Out of Sale

We do not sell your personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link on our website.

4. Right to Non-Discrimination

You have the right not to receive discriminatory treatment for exercising your CCPA rights.

5. Right to Correct

You have the right to request correction of inaccurate personal information.

6. Right to Limit Use of Sensitive Personal Information

You have the right to limit our use of sensitive personal information (if applicable).

7.3 How to Exercise Your Rights

To exercise any of your rights, please contact us:

• Email: privacy@gionetto.com or support@gionetto.com
• Subject Line: "Data Rights Request"
• Include: Your full name, email address, order number (if applicable), and specific request

Verification: We may need to verify your identity before processing your request. We will respond to your request within 30 days (UK GDPR) or 45 days (CCPA).

7.4 Marketing Opt-Out

You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Logging into your account and updating your email preferences
• Contacting us at support@gionetto.com

Note: Even if you opt out of marketing emails, we will still send you transactional emails (order confirmations, shipping updates, etc.).

---

8. Cookies & Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and understand how you use our website.

8.2 Types of Cookies We Use

Essential Cookies (Strictly Necessary)

These cookies are necessary for the website to function and cannot be disabled.

• Session management
• Shopping cart functionality
• Security and authentication
• Load balancing

Functional Cookies

These cookies enable enhanced functionality and personalization.

• Language preferences
• Currency selection
• User preferences

Analytics Cookies

These cookies help us understand how visitors use our website.

• Google Analytics (page views, bounce rate, time on site)
• Shopify Analytics (conversion tracking, sales data)
• Hotjar or similar (heatmaps, session recordings)

Marketing/Advertising Cookies

These cookies are used to deliver relevant advertisements and track campaign performance.

• Google Ads (conversion tracking, remarketing)
• Facebook Pixel (ad targeting, custom audiences)
• TikTok Pixel (ad performance)
• Other advertising platforms

8.3 Third-Party Cookies

Some cookies are placed by third-party services that appear on our pages. We do not control these cookies. Please review the privacy policies of these third parties:

• Google: https://policies.google.com/privacy
• Facebook/Meta: https://www.facebook.com/privacy/explanation
• Shopify: https://www.shopify.com/legal/privacy

8.4 Managing Cookies

You can control and manage cookies in several ways:

Browser Settings:

Most browsers allow you to block or delete cookies through your browser settings. However, blocking essential cookies may affect website functionality.

• Chrome: Settings > Privacy and Security > Cookies
• Firefox: Settings > Privacy & Security > Cookies
• Safari: Preferences > Privacy > Cookies
• Edge: Settings > Privacy > Cookies

Opt-Out Tools:

• Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout
• Network Advertising Initiative: https://optout.networkadvertising.org
• Digital Advertising Alliance: https://optout.aboutads.info

Do Not Track:

Some browsers have a "Do Not Track" feature. We do not currently respond to Do Not Track signals, but we respect your cookie preferences set through your browser.

8.5 Cookie Consent

When you first visit our website, we will ask for your consent to use non-essential cookies (analytics and marketing cookies). You can change your cookie preferences at any time.

---

9. Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it.

9.1 Security Measures

We use industry-standard security measures, including:

• 🔒 SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using HTTPS
• 🔒 Secure Payment Processing: Payment information is processed by PCI-DSS compliant payment processors
• 🔒 Password Protection: Passwords are encrypted using strong hashing algorithms
• 🔒 Access Controls: Limited access to personal data on a need-to-know basis
• 🔒 Regular Security Audits: We regularly review and update our security practices
• 🔒 Firewall Protection: Our servers are protected by firewalls and intrusion detection systems
• 🔒 Data Backup: Regular backups to prevent data loss

9.2 Your Responsibility

You are responsible for:

• Keeping your account password secure and confidential
• Not sharing your account with others
• Logging out of your account after use on shared devices
• Notifying us immediately if you suspect unauthorized access to your account

9.3 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify you within 72 hours of becoming aware of the breach (UK GDPR requirement)
• Notify relevant authorities (ICO, etc.) as required by law
• Provide information about the breach and steps you can take to protect yourself
• Take immediate action to contain and remediate the breach

9.4 Limitations

While we implement strong security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your personal information.

---

10. Children's Privacy

10.1 COPPA Compliance

Our website and services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13.

If you are under 13 years of age, please do not:

• Use our website or services
• Create an account
• Make a purchase
• Provide any personal information to us

10.2 Parental Consent

If you are between 13 and 18 years of age, you must have permission from a parent or legal guardian before:

• Creating an account
• Making a purchase
• Providing personal information

10.3 If We Learn We Have Collected Children's Data

If we become aware that we have collected personal information from a child under 13 without parental consent, we will:

• Delete the information as soon as possible
• Not use the information for any purpose
• Not disclose the information to third parties

If you believe we have collected information from a child under 13, please contact us immediately at privacy@gionetto.com.

---

11. Third-Party Links

Our website may contain links to third-party websites, services, or applications that are not operated by us.

11.1 No Responsibility for Third-Party Sites

We are not responsible for the privacy practices or content of third-party websites. When you click on a third-party link, you are leaving our website and are subject to the privacy policy of that third party.