Menu
Your Cart

Privacy Policy

This Privacy Policy is developed in accordance with the EU General Data Protection Regulation (GDPR). It aims to provide you (hereinafter referred to as "User" or "you") with a clear explanation of how we collect, use, store, transfer, and protect your personal data in the course of conducting business in the EU (including the sale of outdoor waist packs, backpacks, and other products through our official website, novaengroup.com). It also clarifies your legal data rights and how to exercise them. Please carefully read and fully understand this Policy before visiting our website, purchasing products, or using our services. If you disagree with any of the terms in this Policy, please do not use our website or services.

1. Scope of Application
This Privacy Policy applies to personal data collected by us within the EU through the following methods:
Information you provide when you visit, browse, register, or use our official website (novaengroup.com);
Information you submit when purchasing outdoor waist packs, backpacks, or other products through the website, or requesting after-sales service or inquiring about product information;
Information you provide when participating in marketing events we hold in the EU (such as product promotions, surveys, and user feedback);
Information generated when you communicate with us through channels such as email (including but not limited to [email protected]), online customer service, and social media accounts;
Other legitimate data collection scenarios that comply with GDPR and are relevant to our business.
This Policy does not apply to personal data collected by third-party platforms (such as payment processors, logistics providers, and social media platforms). Such data collection will be subject to the privacy policies of the third-party platforms, and we are not responsible for their privacy practices.

2. Types of Personal Data We Collect
We only collect necessary personal data for legitimate business purposes. The specific types of personal data are as follows:
(I) Personal Data You Provide
Identification Data: including but not limited to your name, gender, date of birth, nationality, etc., primarily used to complete product order confirmation, user account registration, and identity verification;
Contact Data: including but not limited to your email address (e.g., the email address you use for communication, or correspondence with our official email address: [email protected]) Email address), mobile phone number, landline number, mailing address (including delivery address and billing address), etc., for sending you order notifications, product information, after-sales service feedback, and logistics delivery.
Transaction-related data: including but not limited to your order number, product type (e.g., outdoor waist pack model, outdoor backpack specifications), purchase quantity, payment amount, payment method, bank card number (only collected and encrypted by a compliant payment institution when you pay directly through the website; we do not store full bank card information), invoice information, etc., for transaction settlement, order processing, invoice issuance, and after-sales protection.
Feedback and communication data: including but not limited to your opinions, suggestions, complaints, and related communication records provided through customer service inquiries, email feedback, questionnaires, etc., for improving product quality, optimizing the service experience, and resolving your issues.
(II) Personal Data We Collect Automatically
When you visit our website, we may automatically collect the following data through technologies such as cookies, web beacons, and server logs (this data collection will comply with GDPR's "cookie consent" requirements; you can manage cookie permissions through the website settings):
Device and access data: This includes, but is not limited to, your device model, operating system version, browser type, device unique identifier (such as IMEI, MAC address), IP address, access time, duration of access, web content viewed, links clicked, page load speed, etc. This is used to analyze website traffic, optimize website performance, ensure website security, and provide personalized product recommendations.
Location data: If you allow the website to access your device's location, we may collect your approximate geographic location (such as city level). This will only be used to recommend nearby offline partner stores (such as outdoor product experience stores) or to tailor regional logistics services. Your precise geographic location will not be collected.

3. Purpose of Personal Data Collection and Use
We collect personal data for the following purposes, strictly adhering to the principles of "lawfulness, legitimacy, and necessity." The specific purposes are as follows, and all uses do not exceed the scope of your authorization:
Completing product transactions and providing services: Processing your orders (including order confirmation, inventory allocation, and logistics arrangements), delivering products, issuing invoices, and providing after-sales support (such as returns, exchanges, and repair inquiries);
Optimizing user experience and improving products: By analyzing your browsing history, purchasing preferences, and feedback, we understand user needs and improve the design (such as materials and carrying systems), functionality, and performance of outdoor waist packs and backpacks, as well as the website interface, navigation logic, and service processes;
Ensuring business security and compliance: Identifying and preventing security risks such as fraudulent transactions, account theft, and cyberattacks, ensuring the stable operation of the website and transaction system, and meeting the requirements of the EU and relevant countries/regions. Local laws and regulations (such as tax reporting and transaction record retention);
Sending marketing and promotional information: With your explicit consent, we may send you information about our new products (such as new outdoor backpacks), promotions (such as discounts and purchase discounts), industry news (such as outdoor travel safety tips), and other marketing content. You may opt out of receiving these communications at any time by clicking the "Unsubscribe" link at the bottom of the email or contacting [email protected];
Fulfilling legal obligations and resolving disputes: In the event of legal proceedings, regulatory investigations, or disputes between users, we may provide evidence, cooperate with investigations, or resolve disputes to protect your and our legal rights.

4. Personal Data Processing and Storage Period
(I) Data Processing
We will use GDPR-compliant technologies and management measures to process personal data, including but not limited to:
Data Encryption: Your sensitive personal data (such as contact information and transaction records) will be encrypted using encryption technologies (such as SSL/TLS encrypted transmission and AES-256 encrypted storage) to prevent unauthorized access or tampering.
Access Control: We will establish a strict employee data access permission system, authorizing only employees with business needs (such as customer service, order processing, and technical maintenance) to access relevant data. All access will be recorded and audited.
Third-Party Partnership Management: If we entrust a third party to process personal data for business needs (such as logistics and delivery, payment processing, and data analysis), we will enter into a strict Data Processing Agreement (DPA) with the third party to clearly define the third party's responsibilities and obligations and require them to comply with GDPR. We comply with relevant laws and regulations, and we oversee third-party data processing to ensure data security.
Data Desensitization and Anonymization: When used in non-identifying scenarios such as data analysis and market research, we desensitize or anonymize personal data so that it cannot be associated with a specific individual. Such processed data is no longer considered personal data and is not subject to this policy.
(II) Data Storage Period
We store your personal data only for as long as necessary to fulfill the purposes outlined in this Policy. The specific storage period is determined according to the following principles:
Transaction-related data: We will retain your data for at least five years from the date of order completion to comply with EU tax and business record-keeping requirements.
User account data: If you register for a website account, we will continue to store your account data for as long as your account is active. If you cancel your account, we will delete or anonymize the relevant data within 30 days of cancellation (unless required by law or regulation).
Marketing and communication data: We will store your data for as long as you consent to receive marketing communications. If you unsubscribe or request deletion, we will immediately cease use and delete the relevant data within 15 days.
Legal dispute-related data: In the case of unresolved disputes, litigation, or regulatory investigations, the data storage period will be extended to one year after the dispute is resolved or the investigation is concluded.
After the expiration of the data storage period, we will destroy your personal data through secure means (such as permanent deletion or shredding of storage media) to ensure that the data cannot be recovered.

5. Sharing and Transfer of Personal Data
(I) Data Sharing
We will not sell, rent, or transfer your personal data to any unrelated third parties. We will only share your personal data with third parties in the following lawful circumstances:
Service Partners: This includes logistics service providers (such as DHL and FedEx, for product delivery), payment processors (such as PayPal and Stripe, for payment processing), customer service outsourcing providers (for 24/7 consulting services), and data analysis agencies (for website and product optimization). Such sharing is solely for the purposes described in this Policy, and we will bind third parties through Data Protection Agreements (DPAs).
Legal Compliance Requirements: Upon receipt of lawful instructions or subpoenas from EU or member state regulators (such as data protection authorities (DPAs), or to fulfill legal obligations such as anti-fraud and anti-money laundering, we will share necessary personal data with relevant authorities in accordance with the law.
Business Mergers or Reorganizations: If we undergo a business change such as a merger, spin-off, acquisition, or asset transfer, your personal data may be transferred to the new entity as part of the business assets. The new entity will continue to protect your data in accordance with this Privacy Policy and the GDPR, and will notify you prior to any such change through a website announcement or email.
(II) Cross-border Data Transfer
Because our business may involve partners outside the EU (such as production bases and global logistics centers in China), we may transfer your personal data to countries or regions outside the EU/EEA, subject to compliance with GDPR cross-border data transfer regulations. To ensure data security, we will implement the following compliance measures:
Transfers to "Adequacy-Deemed" Countries/Regions: If the data recipient is located in a country/region designated as having adequate data protection (such as Iceland, Liechtenstein, Norway, Switzerland, etc.) by the European Commission, we may transfer the data directly.
Use of Standard Contractual Clauses (SCCs): If the data recipient is located in a country/region not designated as having adequate data protection, we will enter into EU-Commission-approved standard contractual clauses with the recipient to clarify the data protection responsibilities of both parties and ensure that the data transfer complies with GDPR requirements.
Other Compliance Methods: If the recipient is a US company that has participated in the EU-U.S. Data Privacy Framework, we will transfer the data in accordance with that framework to protect data rights. You can obtain a copy of the SCCs we have signed with third parties or details on cross-border data transfers by contacting [email protected].

6. Your Data Subject Rights (Under GDPR)
Under GDPR, you, as a data subject, have the following rights, and we will provide necessary assistance to help you exercise them:
Right to Access: You have the right to request confirmation of whether we are processing your personal data and to obtain information about the processing (including the type of data, purpose of processing, objects of sharing, storage period, etc.). You can request this information by emailing [email protected]. We will respond within one month (up to two months for complex cases, but we will notify you in advance).
Right to Rectification: If you discover an error in your stored personal data (such as a misspelling of your name or a change of address), you have the right to request that we promptly correct it. You can modify it yourself through the "Personal Center" section of your website account or contact customer service for assistance.
Right to Erasure (also known as "Right to be forgotten": You have the right to request that we delete your personal data in the following circumstances:
(1) the purpose of data processing has been achieved;
(2) you withdraw your consent to data processing;
(3) you object to data processing and there are no overriding legitimate grounds;
(4) data processing violates GDPR or other regulations;
(5) deletion is required by law.
We will complete deletion within 1 month after receiving the request (which may be extended in complex cases) and inform you of the deletion results; Right to Restriction of Processing: You have the right to request that we restrict data processing (only storage without use) in the following circumstances:
(1) you object to the accuracy of the data and need to verify the data period;
(2) the data processing is illegal but you object to deletion and request to restrict its use;
(3) we no longer need the data but you need it for legal disputes;
(4) you have withdrawn your consent but need to evaluate the validity of the consent. During the restricted processing period, we will not perform any other operations on the data other than storage.
Right to Data Portability: You have the right to request that we provide your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON), and to transfer this data to another data controller (for example, if you change your shopping platform). We will provide the data file within one month of receiving your request.
Right to Object: If we process your personal data based on legitimate interests or public interest, you have the right to object at any time. We will promptly evaluate your objection upon receipt. If we find no compelling reasons to continue processing, we will cease processing and notify you. If you object to processing for marketing purposes, we will immediately cease such processing.
Right to Withdraw Consent: If you have previously consented to our processing of your personal data (such as receiving marketing communications or using cookies), you have the right to withdraw your consent at any time. Withdrawing consent does not affect any lawful processing based on consent prior to withdrawal. If you encounter difficulties in exercising the above rights, or are dissatisfied with our response, you have the right to lodge a complaint with the Data Protection Authority (DPA) of your EU member state (the contact information for each member state's DPA can be found on the European Commission's website).

7. Data Security Measures
We prioritize the security of your personal data and implement multi-layered technical and management measures to prevent data leakage, loss, misuse, unauthorized access, alteration, or destruction:
Technical Security Measures: We utilize firewalls, intrusion detection systems (IDS), data encryption (transmission and storage), vulnerability scanning, and access log auditing to ensure the security of our website servers and data systems. We regularly perform security updates and maintenance on our systems to address potential security vulnerabilities.
Administrative Security Measures: We establish a data security management system that clearly defines the responsibilities of each data processing step. We provide employee training on GDPR and data security to ensure they understand data protection requirements. We restrict data access rights and implement the principle of least privilege. We regularly conduct data security risk assessments to promptly respond to security threats.
Emergency Response Mechanism: We have a data breach contingency plan. In the event of a personal data breach, we will immediately initiate emergency measures, assess the impact of the breach, and notify the relevant data subjects and the DPA of their member state (if the breach may pose a high risk) within the 72 hours required by the GDPR. We will also inform you of the breach's content, impact, and remedial measures we have taken. While we have implemented adequate security measures, the internet environment is inherently uncertain, and we cannot guarantee absolute data security. In the event of a data security incident caused by force majeure, third-party attacks, or your own operational errors (such as account and password leaks), we will do our best to mitigate any losses, but we assume no liability.

8. Protection of Children's Personal Data
Our products (outdoor waist packs and backpacks) and services are primarily intended for adults. We do not specifically collect personal data from children under the age of 16 (if the laws of your member state define the age of children as younger than 16, local laws will prevail). If a child provides us with personal data without the consent of their parent/legal guardian, their parent/legal guardian may request that we delete the data by contacting [email protected]. We will delete and confirm the deletion within 5 business days of receiving the request.

9. Updates to this Privacy Policy
We may revise this Privacy Policy as our business develops or as EU laws and regulations change. After each update, we will post the updated version prominently on our official website (novaengroup.com) (e.g., the "Privacy Policy" link at the bottom of the homepage) and update the "Effective Date." If the update affects core terms such as the purpose of data processing, data types, and user rights, we will provide additional notifications via website pop-ups or emails (if you have provided an email address) to ensure you are aware of the policy changes.
Continued use of our website and services constitutes your acceptance of the updated Privacy Policy. If you disagree with the update, please immediately cease using the relevant services and contact us regarding the processing of your stored personal data.

10. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or file a complaint regarding data processing, please contact us through the following methods:
Company Name: NOVA ENTERPRISE LTD
Official Website: novaengroup.com

We will respond to and address your request or inquiry within the timeframe specified by GDPR, strive to resolve your concerns, and protect your personal data rights.