Privacy Policy
1. Scope & Acceptance
This Privacy Policy ("Policy") describes how OmegaGTI ("Company," "we," "us," or "our") collects, uses, discloses, and protects personal information in connection with our website, platform, services, and business operations (collectively, the "Services"). By accessing or using our Services, you acknowledge that you have read and understood this Policy.
2. Information We Collect
2.1 Information You Provide to Us
- Account registration data (name, email, phone, company name, job title, billing address)
- Transaction data (purchase orders, invoices, shipping information, payment details)
- Communications (emails, support tickets, phone recordings where permitted by law)
- User-generated content (reviews, forum posts, uploaded documents)
2.2 Information Collected Automatically
- Device and browser information (IP address, user agent, operating system, browser type)
- Usage data (pages viewed, time spent, links clicked, search queries)
- Cookies and similar tracking technologies (see Section 8)
2.3 Information from Third Parties
- Credit references and trade references
- Publicly available sources (business registries, professional networks)
- Service providers (shipping carriers, payment processors, fraud detection services)
3. How We Use Your Information
We process personal information for the following purposes. We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
| Purpose | Legal Basis (GDPR) |
|---|---|
| To provide and improve our Services | Contract performance (Art. 6(1)(b)) |
| To process orders and payments | Contract performance (Art. 6(1)(b)) |
| To verify identities and prevent fraud | Legitimate interest (Art. 6(1)(f)) |
| To communicate about your account | Contract / Legitimate interest |
| Marketing (where permitted) | Consent (Art. 6(1)(a)) or Legitimate interest |
| To comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
| To enforce agreements | Legitimate interest (Art. 6(1)(f)) |
| Analytics and product development | Legitimate interest (Art. 6(1)(f)) |
4. Legal Bases for Processing (GDPR)
We process personal data under the following legal bases as set forth in Article 6 of the GDPR:
- Consent: Where we rely on your consent, you may withdraw it at any time by contacting privacy@omegagti.com.
- Contractual Necessity: Processing necessary to fulfill a contract with you or to take steps at your request before entering into a contract.
- Legal Obligation: Processing required to comply with applicable laws and regulations.
- Legitimate Interests: Processing based on our legitimate business interests, provided such interests are not overridden by your rights and interests. Our legitimate interests include: maintaining business relationships, ensuring network and information security, preventing fraud, direct marketing, and improving our Services. We conduct balancing assessments to ensure your rights are protected.
5. Information Sharing & Disclosure
We may share your personal information with the following categories of recipients:
- Service Providers: IT hosting, payment processing, shipping/logistics, CRM, analytics, and marketing platforms - bound by contractual data processing agreements.
- Business Partners: Distributors, manufacturers, and supply chain partners, where necessary to fulfill orders or provide services.
- Professional Advisors: Lawyers, auditors, and insurers where necessary for legal compliance or dispute resolution.
- Regulatory & Law Enforcement: Where required by applicable law, court order, or governmental regulation.
- Corporate Transactions: In connection with a merger, acquisition, sale of assets, or financing - with notice to you where practicable.
We do not sell your personal information for monetary consideration. Where applicable under the California Consumer Privacy Act (CCPA), we may be deemed to "share" information for cross-context behavioral advertising; you may opt out as described in Section 10.
We maintain a list of our current sub-processors. You may request a copy by contacting privacy@omegagti.com. We will provide at least 30 days' advance notice before adding or replacing a sub-processor.
6. Cross-Border Data Transfers
Your personal information may be transferred to and processed in jurisdictions outside your home country, including the United States. Where such transfers originate from the European Economic Area (EEA), the United Kingdom, or Switzerland, we implement appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements (DPAs) with our service providers
- Transfer Impact Assessments where required
You may request a copy of the applicable safeguard mechanisms by contacting privacy@omegagti.com.
7. Data Retention
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Our retention criteria include:
- Duration of the business relationship plus applicable statute of limitations
- Legal and regulatory retention requirements (e.g., tax records: 7 years; trade documentation: 10 years)
- Pending or anticipated litigation, audits, or investigations
When personal data is no longer needed, we securely delete or anonymize it.
8. Cookies & Similar Technologies
8.1 What Are Cookies
Cookies are small text files placed on your device when you visit a website. We use cookies and similar technologies (pixels, tags, web beacons, local storage) to enhance your experience, analyze usage, and deliver relevant content.
8.2 Categories of Cookies We Use
| Category | Purpose | Examples |
|---|---|---|
| Strictly Necessary | Required for basic functionality and security | Session cookies, auth, load balancing |
| Functional | Remember preferences and enhance usability | Language, saved login, region preferences |
| Analytics / Performance | Understand how visitors interact with our site | Google Analytics, page views, traffic sources |
| Advertising / Targeting | Deliver relevant ads and measure campaigns | Retargeting pixels (LinkedIn, Google Ads) |
| Social Media | Enable sharing and content interaction | LinkedIn share buttons, YouTube embeds |
8.3 Cookie Duration
- Session cookies: Deleted when you close your browser
- Persistent cookies: Remain on your device for a set period (up to 2 years) or until manually deleted
8.4 Your Cookie Choices
When you first visit our site, you will be presented with a cookie consent banner allowing you to: Accept All, Reject All, or Customize. We also honor legally recognized browser-based opt-out preference signals, such as the Global Privacy Control (GPC). Note that blocking certain cookies may impact site functionality.
8.5 Third-Party Cookies
Some cookies are set by third-party services. These providers have their own privacy policies governing data use.
9. Data Security
We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction, including:
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- Access controls based on least-privilege principle
- Regular vulnerability assessments and penetration testing
- Employee training on data protection and confidentiality
- Incident response and breach notification procedures
While we strive to protect your information, no method of transmission or storage is 100% secure. In the event of a data breach, we will notify affected individuals and relevant authorities as required by applicable law, and without undue delay and within 72 hours where feasible under GDPR Article 33.
10. Your Rights
10.1 EEA / UK / Swiss Residents (GDPR)
You have the right to: Access, Rectification, Erasure (Right to be Forgotten), Restriction of Processing, Portability, Object to Processing, and Withdraw Consent. To exercise these rights, email privacy@omegagti.com. We will respond within one month (extendable by two months for complex requests).
If you believe your rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority.
10.2 California Residents (CCPA/CPRA)
If you are a California resident, you have the right to: Know (categories and specific pieces of personal information collected), Delete, Correct, Opt Out of Sale/Sharing, Limit Use of Sensitive PI, and Non-Discrimination. To exercise your California rights, or if you are using a Global Privacy Control (GPC) signal, please email privacy@omegagti.com. We will acknowledge receipt within 10 business days and respond substantively within 45 days (extendable by 45 days with notice).
10.3 Other Jurisdictions
Residents of other jurisdictions with applicable privacy laws may have additional rights. Please contact us for more information.
11. Confidential Information & Business Data
In connection with our business relationships, OmegaGTI may receive confidential information from customers and suppliers, including specifications, designs, pricing, business operations, and customer lists. We protect such confidential information in accordance with our contractual obligations and this Policy. Confidential information is:
- Used solely for the purpose of providing our Services or fulfilling the business relationship
- Disclosed only to employees and contractors with a need-to-know, bound by confidentiality obligations
- Not disclosed to third parties without authorization, except as required by law or in connection with corporate transactions
Business-to-business (B2B) contact information is processed for legitimate business purposes related to our commercial relationships and is not subject to the same rights of objection as consumer data in certain jurisdictions. We will, however, honor all valid data subject requests regardless of the nature of the relationship.
12. Children's Privacy
Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected such information, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@omegagti.com.
13. Third-Party Links
Our Services may contain links to third-party websites, platforms, or services. We are not responsible for the privacy practices of such third parties. We encourage you to review their privacy policies before providing any personal information.
14. Changes to This Policy
We may update this Policy from time to time. Material changes will be posted on our website with a revised "Effective Date" and, where appropriate, notified to you by email or prominent notice on our Services.
15. Contact Information
Data Protection Officer
OmegaGTI
Attn: Privacy / Legal Department
19 Great Oaks Blvd
San Jose, CA 95119
Email: privacy@omegagti.com
Phone: (408) 225-8318
For complaints, you also have the right to lodge a complaint with your local data protection supervisory authority.
© 2026 Omega GTI. All rights reserved.