At OVABLE, we are committed to protecting your privacy and personal data. While our primary operations are based in Canada and we do not ship internationally, we understand that visitors from around the world, including those in the European Union (EU), European Economic Area (EEA), and the United Kingdom (UK), may access our website at https://ovable.shop/. This GDPR Compliance Statement outlines our commitment to upholding the principles of the General Data Protection Regulation (GDPR) for any personal data we may collect from individuals protected by it.

What is GDPR? 

The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the EU and EEA, and similar regulations apply in the UK. It grants individuals greater control over their personal data and requires organizations to be transparent about how they collect, process, and store this data.

Our Commitment to Data Protection 

OVABLE acts as the data controller for the personal data you provide to us through our website. We are dedicated to ensuring that any personal data we process is handled lawfully, fairly, and transparently, adhering to the core principles of GDPR.

Types of Personal Data We Collect 

When you visit our website, browse our products, or interact with us, we may collect the following types of personal data:

  • Identity Data: Your first name, last name.
  • Contact Data: Billing address, shipping address if applicable for Canada domestic orders, email address, telephone number.
  • Transaction Data: Details about payments to and from you, and other details of products you have purchased from us.
  • Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data: Information about how you use our website, products, and services.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

How and Why We Use Your Data 

We collect and process your personal data for various purposes, relying on specific legal bases as required by GDPR:

  1. To Process and Fulfill Your Orders:
    • Purpose: To manage your purchases, process payments, and deliver products to you (within Canada).
    • Legal Basis: Performance of a contract with you.
  2. To Manage Our Relationship With You:
    • Purpose: To provide customer support, respond to your inquiries, notify you about changes to our terms or privacy policy, and ask you to leave a review.
    • Legal Basis: Performance of a contract with you, compliance with a legal obligation, and legitimate interests (to keep our records updated and to study how customers use our products/services).
  3. To Improve Our Website and Services:
    • Purpose: To administer and protect our business and this website including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data, and to understand how our visitors use our site.
    • Legal Basis: Legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud, and in the context of a business reorganization or group restructuring.
  4. For Marketing Purposes:
    • Purpose: To send you promotional communications about OVABLE products or offers that may be of interest to you.
    • Legal Basis: Your explicit consent where required, or legitimate interests to develop our products/services and grow our business. You have the right to withdraw consent at any time.

Data Security 

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

Our e-commerce platform, WooCommerce, also adheres to robust security standards to protect your information.

Data Retention 

We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your GDPR Data Protection Rights 

Under GDPR, individuals in the EU, EEA, and UK have specific rights regarding their personal data. If you are a resident of these regions and we process your data, you have the right to:

  1. Request access to your personal data commonly known as a data subject access request. This enables you to receive a copy of the personal data we hold about you.
  2. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
  3. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it.
  4. Object to processing of your personal data where we are relying on a legitimate interest or those of a third party and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
  5. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in certain scenarios.
  6. Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
  7. Withdraw consent at any time where we are relying on consent to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

If you wish to exercise any of these rights, please contact us using the details below. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Third-Party Disclosure 

We do not sell, trade, or otherwise transfer your personal data to outside parties unless we provide you with advance notice. This does not include trusted third parties who assist us in operating our website, conducting our business, or serving you, so long as those parties agree to keep this information confidential and comply with data protection standards. Examples include payment processors and shipping service providers for Canadian orders. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.

International Data Transfers 

As OVABLE is based in Canada, any personal data collected from individuals, including those in the EU/EEA/UK, will be transferred to and processed in Canada. Canada has been recognized by the European Commission as providing an adequate level of data protection under certain circumstances, particularly for commercial organizations subject to the Personal Information Protection and Electronic Documents Act (PIPEDA). We ensure that your data is treated securely and in accordance with this GDPR Compliance Statement.

Contact Us 

If you have any questions about this GDPR Compliance Statement, our privacy practices, or if you wish to exercise your rights, please contact us:

We are committed to resolving any privacy concerns you may have. You also have the right to lodge a complaint with a supervisory authority if you believe your rights under GDPR have been infringed.