Privacy policy

 

Privacy Policy

Last Updated: January 2026

This Privacy Policy describes how IT Power Equipment Inc, doing business as Invatech Italia ("Invatech Italia", "Company", "we", "us", "our"), collects, uses, discloses, processes, and protects your personal information and data when you visit or make a purchase from https://invatechitalia.com (the "Site" or "Store"). This policy also applies to information collected through related platforms and services, including our email marketing activities, advertising campaigns, and customer communications.

1. Business Information and Contact Details

Legal Entity Name: IT Power Equipment Inc.
Trade Name / Brand: Invatech Italia
Primary Website: https://invatechitalia.com
Primary Email Address: info@invatechitalia.com
Telephone Number: +1-800-651-8190
Business Address: 115 First St, Sumas, WA 98295, United States
Jurisdiction: United States (Washington State)

2. Scope and Applicability

This Privacy Policy applies to all personal information and data collected through:

  • Our primary ecommerce website and Shopify-powered online store at invatechitalia.com
  • Our email marketing platform and communications (Klaviyo)
  • Digital advertising campaigns, including Google Ads, Facebook Ads, Instagram Ads, TikTok Ads, Meta Ads, and Bing Ads
  • Customer account creation and profile management
  • Product reviews, customer feedback, and support interactions
  • All related business communications and transactions

If you access our Site or services from the European Union, United Kingdom, Canada, California, or other jurisdictions with specific data protection laws, additional rights and obligations may apply to you (see Section 11: Your Rights and Choices).

3. What Personal Information We Collect

3.1 Information You Provide Directly

We collect personal information that you voluntarily provide to us, including:

  • Account and Registration Data: First and last name, email address, password (if you create an account), phone number, preferred contact method, and account preferences.
  • Billing and Shipping Information: Full billing address, shipping address, apartment/suite number, city, state/province, postal code, and country. We collect this information to process payments and fulfill orders.
  • Payment Information: We collect payment method details necessary to process your transactions. However, we do not directly store or have access to complete credit card numbers, debit card numbers, or sensitive banking information. Payment processing is handled by secure third-party payment processors (such as Shopify Payments) who comply with PCI DSS (Payment Card Industry Data Security Standard) requirements.
  • Order and Purchase History: Items purchased, quantities, prices, order dates, order IDs, delivery dates, return or exchange requests, and purchase frequency. This information helps us manage your orders, process returns, and provide customer service.
  • Customer Communications and Support: Any messages, inquiries, complaints, or support requests you send us via email, contact forms, customer service chat, phone calls, or other channels. We retain these communications to resolve issues and improve our services.
  • Product Reviews and Feedback: Any comments, ratings, reviews, testimonials, or feedback you submit about our products, services, or overall experience. Such reviews may be public-facing on our website unless you request otherwise.
  • Marketing and Preferences: Your preferences regarding marketing communications, consent to receive promotional emails, SMS messages, push notifications, and your opt-in or opt-out status for various marketing channels.

3.2 Information Collected Automatically

When you visit, browse, or interact with our Site, we automatically collect certain information without direct action on your part:

  • Device and Technical Information: Device type (desktop, tablet, mobile), operating system and version, device identifiers, browser type and version, mobile device ID (IDFA for iOS, Google Advertising ID for Android), and unique device fingerprints used for tracking and personalization.
  • Network and Connection Data: IP address, internet service provider (ISP), connection speed, whether the connection is wired or wireless, and geographic location inferred from IP address (at the city or country level).
  • Browsing and Interaction Data: Pages visited, links clicked, products viewed, time spent on each page, scroll depth, search queries entered on our site, shopping cart contents and abandonment, checkout progress, add-to-cart events, and product comparison activity.
  • Referral and Source Information: The website or platform that referred you to our Site (referrer URL), advertising campaigns or keywords that led to your visit, and how you discovered us (organic search, paid ads, social media, email link, etc.).
  • Engagement Metrics: Click-through rates, conversion events, purchase confirmations, page load times, and error messages or technical issues you encounter.
  • Precise Location Data: If you grant permission and we have enabled location services, we may collect precise GPS coordinates or geolocation data from your device. This is used primarily for localized advertising and store location services.

3.3 Cookies, Pixels, Web Beacons, and Tracking Technologies

We use various tracking technologies to operate our Site, maintain user preferences, analyze performance, support advertising, and enable retargeting:

  • Cookies: Small text files stored on your device that persist across sessions and contain identifiers, preferences, login tokens, and session data. We use both session cookies (cleared when you close your browser) and persistent cookies (stored long-term).
  • Pixels and Web Beacons: Transparent 1x1 pixel images embedded in web pages and emails that track when pages are viewed, emails are opened, and links are clicked. These are often invisible to users.
  • JavaScript Tracking: Scripts that run in your browser to collect interaction data, form submissions, and engagement metrics without requiring cookies.
  • Local Storage and Session Storage: Browser storage mechanisms that work similarly to cookies and store data locally on your device.
  • Advertising and Conversion Pixels: Third-party pixels from Google (Google Analytics, Google Ads conversion tracking), Facebook/Meta (Facebook Pixel), TikTok (TikTok Pixel), Bing (Universal Event Tracking), and Instagram for measuring ad performance, tracking conversions, and enabling audience segmentation.
  • Mobile App Tracking: If you use our mobile site or any associated mobile applications, we may use software development kits (SDKs) to track app usage, crashes, and performance.

Cookie Management: Most web browsers allow you to control, disable, or delete cookies through settings or preferences. However, disabling cookies may limit certain Site features and functionalities, such as remembering your shopping cart or login status. You may also use browser extensions and opt-out tools (such as the Global Privacy Control) to limit tracking, though not all tracking can be fully disabled.

3.4 Information from Third Parties

We may receive personal information about you from third-party sources, including:

  • Advertising Platforms: Facebook, Instagram, Google, TikTok, and Bing may provide us with audience data, lookalike audience information, and conversion data when we run advertising campaigns.
  • Email Marketing Service Providers: Klaviyo may provide analytics, engagement metrics, and list segmentation data derived from your interactions with our email campaigns.
  • Analytics Providers: Google Analytics, Shopify analytics, and similar services provide aggregated and individual-level data about Site usage.
  • Shipping and Logistics Partners: Delivery tracking services may provide delivery status updates, proof of delivery, and customer signature confirmation.
  • Payment Processors: Information about failed transactions, payment disputes, chargebacks, and fraud indicators.
  • Reviews and Testimonials Platforms: Third-party review sites may share customer ratings and reviews that mention your order or experience.
  • Publicly Available Information: Information from public databases, social media profiles you make visible, business directories, or other publicly accessible sources where your name, contact information, or other identifiers appear.
  • Business Partners: Joint marketing partners or affiliate programs may share information about individuals interested in our products.

4. How We Use Your Personal Information

4.1 Primary Business Operations

We use personal information to operate our ecommerce business and fulfill our obligations to you:

  • Order Processing and Fulfillment: Creating and processing your orders, confirming order details, managing payment collection, calculating taxes and shipping fees, and coordinating with our fulfillment center.
  • Shipping and Delivery: Providing tracking information, updating delivery status, coordinating with shipping carriers, managing returns and exchanges, and confirming delivery.
  • Payment Processing: Verifying payment methods, processing charges, handling refunds or credits, detecting fraudulent transactions, and managing payment disputes.
  • Customer Service and Support: Responding to inquiries and complaints, troubleshooting technical issues, providing product support, processing warranty claims, and resolving disputes.

4.2 Marketing and Communications

We use personal information to market our products and maintain ongoing communication:

  • Transactional Emails: Sending order confirmations, shipment notifications, delivery updates, receipt confirmation, password reset links, account changes, and other essential transaction-related communications.
  • Marketing Emails via Klaviyo: Sending promotional offers, product recommendations, sales announcements, new product launches, seasonal promotions, and newsletters. These are sent only to individuals who have provided consent or opted in through our subscription lists.
  • SMS Marketing (if enabled): Sending short message service (SMS) text messages for promotional offers, order updates, and time-sensitive deals to users who have explicitly opted in.
  • Push Notifications (if applicable): Sending push notifications to mobile devices for personalized offers, cart reminders, and promotional content.
  • Personalized Recommendations: Using your purchase and browsing history to recommend products you may be interested in, both on our Site and through email and advertising channels.
  • Retargeting Advertising: Serving personalized display advertisements to you on other websites and social media platforms based on your previous interactions with our Site and products.

4.3 Analytics, Research, and Improvement

We use personal information to understand how customers interact with our business and improve our offerings:

  • Website Analytics: Analyzing user behavior, traffic patterns, conversion funnels, bounce rates, and user journeys to optimize Site performance and user experience.
  • A/B Testing and Optimization: Testing different versions of web pages, marketing messages, product layouts, and checkout flows to determine which perform best.
  • Product Performance Analysis: Analyzing which products are most popular, seasonal trends, product-specific feedback, and customer preferences.
  • Customer Segmentation: Grouping customers by behavior, demographics, purchase history, or engagement level to tailor marketing and product offerings.
  • Aggregate and Statistical Analysis: Creating aggregated, anonymized reports and statistics that do not identify you personally, used for business planning and strategy.
  • Customer Feedback and Surveys: Conducting surveys, collecting reviews, and gathering feedback to improve products, services, and customer experience.

4.4 Security, Compliance, and Fraud Prevention

We use personal information to protect our business and comply with legal requirements:

  • Fraud Detection and Prevention: Analyzing transaction patterns, detecting suspicious activity, identifying fraudulent orders, and preventing payment disputes.
  • Data Security: Implementing security measures, monitoring for unauthorized access, detecting breaches, and responding to security incidents.
  • Legal Compliance: Complying with tax laws, sales tax obligations, international trade regulations, and other applicable legal requirements.
  • Dispute Resolution: Investigating customer disputes, chargebacks, and complaints, and maintaining records for legal proceedings if necessary.
  • System Administration: Maintaining server logs, access logs, and audit trails for system administration and security monitoring purposes.

4.5 Legitimate Business Interests

We may process personal information based on our legitimate business interests, including:

  • Growing our customer base and improving market presence
  • Developing new products and features
  • Optimizing our marketing and advertising effectiveness
  • Maintaining and improving our Site and systems
  • Protecting against liability and fraud
  • Managing vendor and partner relationships

5. Email Marketing via Klaviyo

5.1 Email List Management and Consent

We use Klaviyo as our email service provider to manage email marketing campaigns, newsletters, and promotional communications. When you subscribe to our email list or provide your email address during checkout, your information is stored in Klaviyo's systems and processed according to this Privacy Policy.

For US-based customers: We may add your email address to our marketing list if you opt in through web forms, subscribe to our newsletter, or accept marketing communications during checkout (soft opt-in). You maintain the right to unsubscribe at any time.

For EU/UK customers: Email marketing is subject to the ePrivacy Directive and GDPR requirements, which mandate explicit opt-in consent before we send promotional communications. We collect clear consent through checkbox forms, confirming you wish to receive marketing emails. Your consent is documented and date-stamped in Klaviyo for compliance verification.

5.2 Email Data Collection and Processing

Klaviyo collects and processes the following information related to your email interactions:

  • Engagement Metrics: Whether you opened email messages (determined by email open pixels), which links you clicked, purchase activity following email receipt, and email delivery status (delivered, bounced, or marked as spam).
  • Consent Status and History: Your consent status for email marketing, the date and method you provided consent (form ID, version, timestamp), consent withdrawal dates, and any changes to your preferences.
  • List Management Data: List membership, segmentation assignments, suppression status, and bounce/complaint information.
  • Behavioral Data: Purchase history, product views, cart abandonment events, and other behavioral triggers used for email automation and personalization.

5.3 Email Segmentation and Automation

We use Klaviyo to segment email subscribers based on:

  • Consent status and marketing preference
  • Purchase history and product category preferences
  • Engagement level with previous emails
  • Customer lifecycle stage (new customer, repeat buyer, VIP)
  • Geographic location or shipping address
  • Cart abandonment behavior

We may also use Klaviyo's automation workflows to send triggered emails based on your actions, such as:

  • Welcome series for new subscribers
  • Abandoned cart recovery emails
  • Post-purchase order confirmation and shipping updates
  • Personalized product recommendations based on browsing history
  • Re-engagement campaigns for inactive subscribers
  • Win-back campaigns for lapsed customers

5.4 Unsubscribe and Email Preference Management

Every marketing email we send via Klaviyo includes a functional unsubscribe link in the email footer. Clicking this link will immediately remove you from our marketing email list. You may also manage email preferences by:

  • Using the preference center link in our email footer
  • Contacting us directly at info@invatechitalia.com
  • Requesting to opt out through your account settings (if you have a registered account)

Important: Opting out of marketing emails does not prevent transactional emails (order confirmations, shipping updates, account notifications) which are essential to your account and orders.

6. Digital Advertising and Retargeting Campaigns

6.1 Google Ads and Google Analytics

We use Google Ads to display targeted advertisements to potential and existing customers across the Google Display Network, YouTube, Gmail, and Google search results. We also use Google Analytics to track website traffic and user behavior.

Data Shared with Google: We may share conversion data (purchases, sign-ups, form submissions) with Google Ads to measure campaign performance and optimize ad spending. Google may combine this data with information from your Google account to create audience segments and lookalike audiences for targeting.

Cookies and Tracking: Google places cookies (such as the DoubleClick cookie for Display & Video 360) on your device to track your interactions across websites and serve retargeting ads.

Google Analytics 4 and Data Collection: We use GA4 to collect detailed analytics about your website usage, including age, gender, interests, purchasing behavior, and device information. This data is processed to understand user journeys and optimize marketing.

Opt-Out: You can opt out of Google Ads personalization through your Google Account settings, Google's Ads Settings page, or using the Google Analytics opt-out browser extension.

6.2 Facebook/Meta Ads and Facebook Pixel

We advertise on Facebook and Instagram (both owned by Meta Platforms, Inc.) and use the Facebook Pixel—a tracking code that monitors your interactions with our site and ads.

Data Shared with Meta: We share conversion events (purchases, add-to-carts, page views, sign-ups) with Meta's pixel tracking system. Meta uses this data to measure ad performance, create custom audiences from our customers, and build lookalike audiences to reach similar users.

Cross-Site Tracking: The Facebook Pixel tracks you across websites you visit, not just ours. This enables Meta to serve you ads on Facebook and Instagram based on your browsing behavior on our Site.

Opt-Out: You can opt out of Facebook/Meta personalized advertising through your Facebook Account Settings > Ads > Ad Preferences, or use the Digital Advertising Alliance's opt-out tool.

6.3 TikTok Ads and TikTok Pixel

We may run advertising campaigns on TikTok and use the TikTok Pixel to track user interactions and conversions.

Data Shared with TikTok: We share conversion events and audience data with TikTok to measure ad performance and build custom audiences from our customers.

Opt-Out: You can manage ad personalization in your TikTok Account Settings > Privacy Controls > Personalized Ads.

6.4 Instagram Ads

Instagram advertising is managed through Meta's advertising platform. Refer to Section 6.2 for details on how we advertise on Instagram and manage data.

6.5 Bing Ads and Universal Event Tracking (UET)

We advertise on Bing and use Universal Event Tracking (UET) to monitor conversions and user behavior.

Data Shared with Bing: We share conversion data and audience information with Bing's advertising platform for campaign optimization and targeting.

Opt-Out: You can manage Bing ad preferences through Microsoft's privacy dashboard.

6.6 Retargeting and Audience Building

Retargeting (also called "remarketing") allows us to show you ads for our products on other websites and social media platforms based on your previous visits to our Site. We use the following retargeting strategies:

  • Pixel-Based Retargeting: Tracking cookies placed on your device by advertising platforms identify you and serve ads as you browse other sites.
  • List-Based Retargeting: Using customer email lists, we create custom audiences in advertising platforms (Google, Facebook, etc.) and serve ads to those specific individuals across their networks.
  • Lookalike Audiences: Advertising platforms analyze characteristics of our current customers and find similar users to target with ads for our products.
  • Dynamic Retargeting: Showing you ads for the specific products you viewed on our Site, based on behavioral tracking and product data.

7. Legal Bases for Processing (GDPR and Similar Frameworks)

7.1 Lawful Basis Under GDPR (EU/EEA Customers)

If you are located in the European Union or European Economic Area, we process personal information under the following lawful bases:

  • Contract Performance (Article 6(1)(b)): Processing necessary to execute our contract with you, including order fulfillment, payment processing, and customer service.
  • Legitimate Interests (Article 6(1)(f)): Processing for legitimate business interests that don't override your rights, including:
    • Fraud detection and prevention
    • System security and maintenance
    • Business analytics and product improvement
    • Marketing and customer engagement (where not involving direct marketing)
  • Explicit Consent (Article 6(1)(a)): Processing based on your explicit opt-in consent, including:
    • Marketing email campaigns
    • Non-essential cookies and tracking technologies
    • SMS marketing and push notifications
  • Legal Obligation (Article 6(1)(c)): Processing required to comply with legal obligations, such as tax compliance, legal discovery, or law enforcement requests.

7.2 Legal Basis Under CCPA/CPRA (California Residents)

If you are a California resident, we collect and use personal information under the following legal bases permitted by the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Business Operations: Information collection and use for conducting business operations, including order fulfillment, customer service, security, and fraud prevention.
  • Consent: Where required, we obtain your consent for non-essential data collection, marketing, and advertising activities.
  • Legitimate Business Purposes: Processing for legitimate purposes including analytics, marketing effectiveness, product development, and security.

8. How We Share Your Personal Information

8.1 Service Providers and Data Processors

We share personal information with third-party service providers who process data on our behalf and are contractually bound to protect your information:

  • Shopify (E-commerce Platform): Shopify hosts and operates our online store, processes payment information, manages customer accounts, and stores order data. Shopify is a data processor on our behalf and is contractually obligated to protect your data in compliance with applicable privacy laws.
  • Klaviyo (Email Service Provider): Stores email addresses, manages email lists, tracks email engagement, executes automated workflows, and provides marketing analytics. Klaviyo maintains Data Processing Agreements for GDPR and CCPA compliance.
  • Payment Processors and Payment Gateway: Third parties such as Stripe, PayPal, Square, or other payment processors securely process credit card and payment information. We do not directly access or store full payment card numbers.
  • Shipping and Logistics Partners: Carriers such as USPS, UPS, FedEx, DHL, or regional carriers access order and shipping address information to deliver your purchases.
  • Fulfillment and Warehouse Services: Third-party fulfillment centers may access order details, shipping addresses, and product information to pick, pack, and ship orders on our behalf.
  • Customer Support and Help Desk Software: Support platforms such as Zendesk, Intercom, or similar tools process customer communications and support tickets.
  • Analytics Providers: Google Analytics, Shopify analytics, and similar analytics platforms collect and process data about Site usage and user behavior.
  • Cloud Infrastructure and Hosting: Amazon Web Services (AWS), Google Cloud, Microsoft Azure, or similar cloud providers host our systems and may store data backups.
  • IT Support and Security Services: IT support providers, security auditors, and cybersecurity firms may access system information for technical support and security monitoring.

8.2 Advertising and Marketing Partners

We share data with advertising and marketing platforms for campaign measurement and audience targeting:

  • Google (Google Ads, Google Analytics): We share conversion data, audience lists, and website behavior information with Google for advertising and analytics purposes. Google may combine this with your Google Account information.
  • Meta/Facebook (Facebook Ads, Instagram Ads): We share conversion events and customer lists to measure ad performance and build custom audiences. Facebook Pixel collects behavior data for retargeting.
  • TikTok: We share conversion data and audience information for advertising campaign optimization and custom audience creation.
  • Bing/Microsoft Advertising: We share conversion data with Bing's advertising platform for campaign measurement and audience targeting.

8.3 Legal Requirements and Authorized Disclosures

We may disclose personal information when required by law, court order, or government authority:

  • Responding to subpoenas, search warrants, or court orders
  • Complying with tax and legal obligations
  • Protecting against fraud, crime, or security threats
  • Enforcing our terms of service and other agreements
  • Protecting the rights, property, and safety of Invatech Italia, our customers, or the public

8.4 Business Transfers and Acquisitions

If Invatech Italia or IT Power Equipment Inc is involved in a merger, acquisition, bankruptcy, asset sale, or other business reorganization, your personal information may be transferred as part of that transaction. We will provide notice of any such change and any choices you may have regarding your personal information.

8.5 Important: We Do Not Sell Your Personal Information

This is a core commitment of Invatech Italia: We do not sell your personal information to third parties for monetary compensation or other valuable consideration. Under the California Consumer Privacy Act (CCPA) and similar laws, "selling" data refers to disclosing personal information in exchange for monetary or other valuable benefit. We do not engage in this practice.

While we share personal information with service providers and advertising partners as described above, these are not "sales" but rather necessary business operations for:

  • Processing and fulfilling your orders
  • Operating our marketing and advertising programs to benefit your shopping experience
  • Providing analytics and Site optimization
  • Protecting our business and customers

Any data shared with third parties is done under Data Processing Agreements that restrict their use to the specific purposes we've authorized and prohibit them from using your data for their own commercial purposes.

9. International Data Transfers

9.1 Data Storage and Processing Locations

Invatech Italia is based in the United States, and our primary systems and data storage are located in the US. However, our service providers, including Shopify, Klaviyo, Google, and others, may process your data in multiple countries, including the European Union, Canada, and other jurisdictions.

9.2 Transfers from EU to US (GDPR Compliance)

If you are located in the European Union or United Kingdom, your personal information is transferred to and processed in the United States, which the European Commission has not deemed to have an adequate level of data protection. However, we implement appropriate safeguards to protect your data:

  • Standard Contractual Clauses (SCCs): Our service providers (Shopify, Klaviyo, Google, etc.) use Standard Contractual Clauses approved by the European Commission to lawfully transfer personal data from the EU to the US.
  • Data Processing Agreements: We maintain Data Processing Agreements (DPAs) with our service providers that include GDPR-mandated safeguards and compliance commitments.
  • Supplementary Measures: We implement technical and organizational safeguards including encryption, access controls, and contractual commitments to ensure data protection equivalent to GDPR standards.

By providing your personal information to us, EU/UK residents acknowledge that their data will be transferred to and processed in the United States.

10. Data Retention and Deletion

10.1 Retention Periods

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Customer Account Data: Retained for the duration of your customer relationship and as long as your account is active. If your account is inactive for an extended period, we may retain data for an additional 5 years to support customer service requests and historical inquiries.
  • Order and Transaction Data: Retained for a minimum of 7 years to comply with tax law requirements (Internal Revenue Code), accounting standards, and to support potential warranty claims, disputes, or returns.
  • Payment Information: Payment card information is not stored by us but by third-party processors (Shopify Payments, etc.) and is retained in accordance with PCI DSS standards, typically 1-3 years.
  • Email Marketing Lists: We retain email addresses for customers who have subscribed to our mailing list indefinitely unless you unsubscribe. Unsubscribed emails are retained in our suppression list for 2 years to prevent re-subscription.
  • Website Analytics Data: Analytics data (from Google Analytics, Shopify analytics) is typically retained by third parties for 14-26 months according to platform policies.
  • Customer Support Communications: Support emails, chat transcripts, and phone call notes are retained for 3 years to support customer service and dispute resolution.
  • Cookies and Tracking Data: Cookies typically expire after 1-2 years; browser-based tracking data is retained for 30 days to 2 years depending on the platform.
  • Advertising and Retargeting Audiences: We maintain customer lists in advertising platforms (Google, Facebook, etc.) as long as your account is active or you have made a purchase within the previous 2 years.

10.2 Legal Holds and Exceptions

Even if a retention period has expired, we may retain personal information if:

  • Required to comply with legal obligations or court orders
  • Necessary to enforce our terms of service or other agreements
  • Needed for fraud detection, security, or dispute resolution
  • Required for tax, accounting, or audit purposes
  • Needed to respond to government requests or legal proceedings

10.3 Data Deletion and Account Closure

If you request deletion of your personal information or account closure, we will:

  • Remove your personal information from active systems and marketing lists
  • Delete your customer account if it has no outstanding orders or obligations
  • Remove your email from our mailing list and suppression lists after 2 years

However, we may retain certain information for the legal reasons outlined above, and we may be unable to delete all information if retention is required by law or necessary for business operations.

11. Your Rights and Choices

11.1 Rights for All Customers

All customers have the right to:

  • Access Your Information: Request a copy of the personal information we hold about you.
  • Correct or Update Information: Request correction of inaccurate or incomplete information, such as your contact address or phone number.
  • Opt-Out of Marketing: Unsubscribe from marketing emails, SMS messages, or push notifications at any time.
  • Manage Cookies and Tracking: Control cookies through your browser settings and disable tracking through available opt-out mechanisms.

11.2 GDPR Rights (EU/EEA Customers)

If you are located in the European Union or European Economic Area, GDPR grants you the following rights:

  • Right to Access (Article 15): You have the right to obtain a copy of all personal information we hold about you in a structured, commonly used, and machine-readable format.
  • Right to Rectification (Article 16): You have the right to have inaccurate or incomplete information corrected or completed.
  • Right to Erasure ("Right to be Forgotten") (Article 17): You have the right to request deletion of your personal information, subject to legal and contractual exceptions (such as tax obligations or fraud prevention).
  • Right to Restrict Processing (Article 18): You have the right to restrict how we process your data in certain circumstances, such as if you dispute its accuracy or if processing is unlawful.
  • Right to Data Portability (Article 20): You have the right to receive your personal information in a structured, commonly used format and to transmit it to another controller.
  • Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
  • Rights Related to Automated Decision-Making (Article 22): You have the right not to be subject to a decision based solely on automated processing (such as profiling) that produces legal or similarly significant effects, with limited exceptions.
  • Right to Withdraw Consent (Article 7): If we process your data based on consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing before withdrawal.

Filing GDPR Requests: To exercise GDPR rights, contact us at info@invatechitalia.com or write to our address at 115 First St, Sumas, WA 98295. We will respond to your request within 30 days (or up to 90 days for complex requests).

Supervisory Authority: If you are not satisfied with our response or believe we have violated GDPR, you have the right to lodge a complaint with your local data protection authority (DPA). The European Data Protection Board maintains a list of DPA contact information at https://edpb.ec.europa.eu/.

11.3 CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you the following rights:

  • Right to Know: You have the right to request what personal information we collect, the purposes for collection, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (such as information needed to complete a transaction or comply with legal obligations).
  • Right to Opt-Out: Under CCPA, you have the right to opt out of the "sale" of personal information and under CPRA, the right to opt out of "sharing" for cross-context behavioral advertising.
  • Right to Correct: Under CPRA (effective January 2023), you have the right to request correction of inaccurate personal information.
  • Right to Limit Use and Disclosure: Under CPRA, you have the right to limit how we use and disclose your sensitive personal information (including social security numbers, financial information, precise location, and health data).
  • Right to Opt-Out of Automated Decision-Making: You have the right to opt out of profiling and automated decision-making that produces legal or similarly significant effects.
  • Right to Non-Discrimination: We cannot discriminate against you for exercising your CCPA/CPRA rights, such as denying goods or services, charging different prices, or providing different quality of service.

Filing CCPA/CPRA Requests: To exercise your CCPA rights, you may:

  • Submit a request through our website (if a webform is available)
  • Contact us via email at info@invatechitalia.com
  • Call us at +1-800-651-8190
  • Write to us at 115 First St, Sumas, WA 98295

We will respond to your request within 45 days (or up to 90 days if complex). We may request additional information to verify your identity before responding. We will not charge a fee for reasonable requests, but we may charge a reasonable fee if your request is manifestly unfounded or excessive.

Appeals: If we deny your request, you may appeal our decision to the California Privacy Protection Agency (CalPrivacy), which can investigate and enforce your rights.

11.4 Email Marketing Preferences

You can manage your email marketing preferences at any time by:

  • Clicking the "Unsubscribe" link in the footer of any marketing email
  • Visiting our email preference center (if available)
  • Contacting us at info@invatechitalia.com

Opting out of marketing emails will not affect transactional emails or account notifications.

11.5 Advertising and Tracking Opt-Outs

You can opt out of personalized advertising and tracking through:

  • Browser Settings: Most browsers allow you to reject or delete cookies through privacy settings.
  • Browser Extensions: Tools like uBlock Origin, Privacy Badger, and DuckDuckGo privacy extensions can block tracking.
  • Global Privacy Control: Using a browser with Global Privacy Control (GPC) enabled may signal your opt-out preference to websites.
  • Google Ads Settings: https://adssettings.google.com/
  • Facebook/Meta Ad Preferences: https://www.facebook.com/ads/preferences
  • TikTok Privacy Controls: Settings > Privacy Controls > Personalized Ads
  • Bing Ad Preferences: Microsoft privacy dashboard
  • Digital Advertising Alliance (DAA) Opt-Out: https://optout.aboutads.info/
  • Network Advertising Initiative (NAI): https://optout.networkadvertising.org/

12. Data Security and Protection Measures

12.1 Security Infrastructure

We implement comprehensive security measures to protect your personal information against unauthorized access, disclosure, alteration, and destruction:

  • Encryption: We use SSL/TLS encryption for data in transit (when transmitted over the internet) and AES encryption for sensitive data at rest (when stored on servers).
  • Access Control: We restrict access to personal information to authorized employees and contractors who need it to perform their job functions. Access is controlled through user authentication (usernames, passwords) and role-based access control.
  • Firewalls and Intrusion Detection: We use firewalls and intrusion detection systems to monitor and prevent unauthorized network access.
  • Regular Security Audits: We conduct regular security assessments, vulnerability scans, and penetration testing to identify and address potential vulnerabilities.
  • Secure Coding and Development Practices: Our development team follows secure coding standards and conducts code reviews to prevent security vulnerabilities.
  • Multi-Factor Authentication: We use multi-factor authentication (MFA) for employee access to systems containing sensitive customer data.

12.2 PCI DSS Compliance

While we accept payment through our Site, we do not store complete payment card information. Payment processing is handled by PCI DSS-compliant third-party processors (such as Shopify Payments) that maintain strict security standards for credit card and payment data.

12.3 Limitations of Security

While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your information, and any transmission is at your own risk. We encourage you to use strong passwords, enable multi-factor authentication on your account (if available), and report any suspected security incidents to us immediately.

12.4 Data Breach Notification

If a security breach occurs that compromises personal information, we will:

  • For US Customers: Notify you without unreasonable delay, and no later than 60 days after discovery of the breach, in accordance with applicable state laws.
  • For EU Customers: Notify you and the relevant data protection authority without unreasonable delay, and no later than 72 hours after becoming aware of the breach, as required by GDPR Article 33.
  • Provide details about the breach, including what information was compromised, what we're doing to respond, and what steps you can take to protect yourself.

13. Children's Privacy

13.1 Age Restrictions

Our Site and products are not intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13 without parental consent, we will take immediate steps to delete that information.

13.2 Parental Consent

If you are a parent or guardian and believe your child has provided personal information to us without your consent, please contact us immediately at info@invatechitalia.com.

13.3 COPPA Compliance (US Customers)

Our Site complies with the Children's Online Privacy Protection Act (COPPA). We do not collect personal information from children under 13 without verifiable parental consent.

14. Third-Party Websites and Links

14.1 External Links

Our Site may contain links to third-party websites, social media platforms, and other external services that are not operated or controlled by Invatech Italia. This Privacy Policy does not apply to third-party websites or services, and we are not responsible for their privacy practices.

14.2 No Liability

We encourage you to review the privacy policies of any third-party websites before providing personal information. Your use of third-party websites is subject to their terms and conditions and privacy policies, and we are not liable for any information you provide to third parties.

14.3 Social Media Integration

If you connect your social media accounts (Facebook, Instagram, TikTok, etc.) to your Invatech Italia account, personal information from your social media profile may be collected and linked to your account. Please review the privacy settings and policies of your social media platform for more information about how they handle your data.

15. Changes to This Privacy Policy

15.1 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you of material changes through email (to the email address associated with your account) or a prominent notice on our Site
  • For material changes that negatively affect your privacy rights, we will obtain your explicit consent before implementing the changes

15.2 Continued Use as Acceptance

Your continued use of our Site and services after any changes to this Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact Us

16.1 Privacy Questions and Requests

If you have any questions, concerns, or requests regarding this Privacy Policy, our privacy practices, or your personal information, please contact us:

Mailing Address:
IT Power Equipment Inc / Invatech Italia
115 First St
Sumas, WA 98295
United States

Email: info@invatechitalia.com
Phone: +1-800-651-8190

16.2 Response Timeline

We aim to respond to all inquiries and requests within 5-10 business days. For privacy rights requests under GDPR or CCPA, we will respond within the timelines specified in those regulations.

16.3 Escalation and Dispute Resolution

If you are not satisfied with our response, you may escalate your complaint to:

17. Additional Information and Related Policies

This Privacy Policy should be read in conjunction with our Terms & Conditions, which govern the use of our Site and purchase of products. Our Terms & Conditions contain important legal information about warranties, liability limitations, dispute resolution, and other terms affecting your relationship with Invatech Italia.

For additional information about returns, shipping, product specifications, and customer service, please visit our Help & Support page or contact us directly.

Summary

Invatech Italia is committed to protecting your privacy and maintaining transparent, compliant data practices. We operate as an ecommerce business selling backpack mosquito foggers through our Shopify store. We collect personal information necessary to operate our business, fulfill orders, provide customer service, and conduct ethical marketing. We use your information to:

  • Process and fulfill your orders
  • Send transactional and (with consent) marketing communications via Klaviyo
  • Display targeted advertising on Google, Facebook, Instagram, TikTok, and Bing
  • Analyze Site performance and improve customer experience
  • Prevent fraud and maintain security
  • Comply with legal and tax obligations

Critically important: We do not sell your personal information to third parties. We share information only with service providers necessary to operate our business, and these partners are contractually bound to protect your data. We comply with GDPR, CCPA/CPRA, and applicable privacy laws. You maintain full rights over your personal information, including the right to access, correct, delete, and port your data.

If you have any questions or concerns about our privacy practices, please contact us at info@invatechitalia.com or +1-800-651-8190.

References to Related Pages

Please also review our Terms & Conditions which cover the legal terms governing your use of our Site and purchase of products.

Last Updated: January 29, 2026