Privacy Policy – CENE8 DISTRIBUTION INC

Your Privacy Matters – How CENE8 DISTRIBUTION INCC Collects, Uses, and Protects Your Information

At CENE8 DISTRIBUTION INCC (“CENE8”, “we”, “us”, or “our”), we are committed to protecting your privacy and safeguarding your personal information. We know that when you shop online, you trust us with sensitive data such as your name, address, payment details, and more. This Privacy Policy explains what information we collect, why we collect it, how we use it, who we share it with, and what rights you have regarding your data.

This policy applies to all visitors and customers of our website cene8.space (the “Site”), as well as any interactions you have with us via email, phone, or social media. Please read it carefully. By using our Site or purchasing our products (including plastic drop cloths, painter’s tapes, paint brushes, and roller kits), you consent to the practices described herein.

Important: This Privacy Policy is incorporated into our Terms and Conditions and Refund and Return Policy. If you do not agree with this policy, please do not use our Site or provide us with your personal information.

Information We Collect

We collect several types of information from and about users of our Site, including:

A. Personal Information You Provide Directly

When you interact with CENE8, you may choose to give us information that identifies you personally. This includes:

Identity & Contact Data: Your name, email address, shipping address, billing address, phone number, and your company name (if provided).
Order & Payment Data: Details of products you purchase, order numbers, transaction history, and payment information (credit/debit card details, Apple Pay, Google Pay). Please note: We do not store full card numbers. Payment information is collected directly by Stripe and tokenized. We only retain the last four digits, card type, and expiration date for reference.
Account Data: If you create an account on cene8.space, we store your email address, hashed password, saved addresses, and order history.
Communication Data: When you contact us via email (cenedistribution29@gmail.com), phone (+84963271458), live chat, or social media, we keep records of those communications, including your name, contact details, and the content of your message.
Review & Feedback Data: If you leave a product review, rating, or comment on our Site, that information is publicly visible (except for your email address, which remains private). We may also use your feedback anonymously for marketing.
Newsletter & Marketing Data: If you sign up for our email newsletter, we collect your email address and your preferences (e.g., product categories of interest).

B. Automatic Information (Cookies & Tracking)

When you browse our Site, we automatically collect certain technical information about your device and usage patterns. This may include:

Device Data: IP address, browser type and version, operating system, device type (desktop, mobile, tablet), screen resolution, language settings.
Usage Data: Pages you visit, time spent on each page, products you view, search queries, referral source (e.g., Google, social media), clickstream data, and your interaction with forms or buttons.
Location Data: Approximate geographic location derived from your IP address (e.g., country, city, state). We do not collect precise GPS location without your explicit consent.

This information is collected through cookies, web beacons, pixel tags, and similar technologies. For more details, see the Cookies section below.

C. Information from Third Parties

We may receive information about you from other sources, including:

Payment Processors (Stripe): Stripe shares with us a token representing your payment method, the last four digits of your card, the card brand, and whether the payment was authorized. Stripe does not share your full card number with us.
Shipping Carriers (USPS, UPS, FedEx, DHL): Carriers may provide us with delivery status updates and, in some cases, the recipient’s signature confirmation.
Fraud Prevention Services: We use Stripe Radar and other tools that may provide risk scores or flags based on device fingerprinting.
Social Media Platforms (if you log in via social media – not currently enabled): In the future, if we offer social login, we may receive your public profile information.

How We Use Your Information

We use the information we collect for the following purposes:

1. To Process and Fulfill Your Orders

Verify your identity and payment method.
Process payments through Stripe.
Ship your products to the address you provide.
Send order confirmations, shipping updates, and delivery notifications.
Handle returns, exchanges, and refunds.
Communicate with you about your order (e.g., out-of-stock items, delivery delays).

2. To Improve Our Website and Products

Analyze usage trends to optimize page layout, product placement, and checkout flow.
Monitor and resolve technical issues (e.g., broken links, slow loading).
Conduct A/B testing and personalization (e.g., showing you products similar to those you viewed).
Collect feedback through reviews and surveys to improve product quality.

3. To Communicate with You

Respond to your customer service inquiries (emails, phone calls, chat messages).
Send important service messages (e.g., changes to our policies, security alerts).
If you opt in, send promotional emails about new products, sales, and special offers. You can unsubscribe at any time.

4. For Legal Compliance and Protection

Detect and prevent fraud, unauthorized transactions, and other illegal activities.
Enforce our Terms and Conditions and other policies.
Comply with applicable laws, regulations, court orders, or lawful requests from government authorities.
Protect the rights, property, or safety of CENE8, our customers, or others.

5. For Marketing (with your consent where required)

Send you personalized offers based on your purchase history or browsing behavior.
Display targeted advertisements on third‑party platforms (e.g., Google, Facebook, Instagram) using retargeting pixels. You can opt out of most targeted ads via your browser settings or the Digital Advertising Alliance.

6. For Internal Analytics and Reporting

Generate aggregate statistics (e.g., “customers who bought this drop cloth also bought that painter’s tape”).
Measure the effectiveness of our marketing campaigns.
Forecast inventory needs.

Legal Basis for Processing (GDPR & Other Laws)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal information based on the following legal grounds under the General Data Protection Regulation (GDPR):

Purpose of Processing	Legal Basis
Processing your orders, payments, and deliveries	Contract performance – necessary to fulfill our contract with you.
Customer service communications	Contract performance or legitimate interests (to resolve issues).
Fraud detection and security	Legitimate interests (to protect our business and customers) and legal obligation (e.g., anti‑fraud laws).
Sending marketing emails (with consent)	Consent – you have the right to withdraw at any time.
Analyzing website usage and improving the Site	Legitimate interests (to improve our services and grow our business).
Complying with legal obligations (tax records, etc.)	Legal obligation – we must retain certain data for tax and accounting purposes.

We rely on legitimate interests only where those interests are not overridden by your data protection rights. You have the right to object to processing based on legitimate interests (see Your Rights section).

How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We only share your data as described below:

A. Service Providers (Processors)

We engage trusted third‑party companies to perform functions on our behalf. These providers have access to your information only as necessary to perform their services and are contractually obligated to protect it.

Category	Providers	Data Shared
Payment processing	Stripe, Inc.	Payment token, last 4 digits of card, billing address, email (for receipts)
Shipping & fulfillment	USPS, UPS, FedEx, DHL	Name, shipping address, phone number (for customs), order value (for insurance)
Email & SMS communications	SendGrid (Twilio)	Email address, name, order history (for transactional emails)
Customer support & live chat	(internal system) – we use email/phone directly	Name, email, order number, conversation log
Website analytics	Google Analytics	IP address (anonymized), device info, page views, referral source
Fraud prevention	Stripe Radar, (internal)	Device fingerprint, IP address, transaction data
Review platform	(internal) – we host reviews on our Site	Name (displayed publicly), review content, rating

B. Legal Compliance and Protection

We may disclose your information if required to do so by law, or if we believe in good faith that such disclosure is necessary to:

Comply with a subpoena, court order, or other legal process.
Protect the rights, property, or safety of CENE8, our customers, or the public.
Investigate and defend against third‑party claims or allegations.
Respond to law enforcement requests (e.g., search warrants).

C. Business Transfers

If CENE8 DISTRIBUTION INCC is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Site before your data becomes subject to a different privacy policy.

D. With Your Consent

We may share your information for any other purpose disclosed to you and with your explicit consent.

Cookies & Similar Technologies

What Are Cookies?

Cookies are small text files placed on your device (computer, smartphone, tablet) when you visit a website. They help the website remember your actions and preferences (such as login, language, font size, and other display preferences) over a period of time.

We also use web beacons (also known as pixel tags or clear GIFs) to understand user behavior, track email open rates, and measure the effectiveness of our marketing.

Types of Cookies We Use

Cookie Category	Purpose	Examples	Duration
Strictly Necessary	Required for the website to function (e.g., cart, checkout, security). You cannot opt out.	`cart_id`, `session_id`, `csrf_token`	Session (deleted when you close browser)
Functional	Remember your preferences (e.g., language, saved cart for logged‑out users).	`user_preferences`, `currency`	Persistent (up to 1 year)
Analytics/Performance	Collect anonymous data about how visitors use our Site (pages visited, time on site, errors). We use Google Analytics.	`_ga`, `_gid`, `_gat`	Persistent (up to 2 years)
Targeting/Advertising	Track your browsing habits to show relevant ads on other websites (retargeting). We may use Google Ads, Facebook Pixel.	`_fbp`, `_gcl_au`	Persistent (up to 90 days)

Managing Cookies

You can control and/or delete cookies as you wish. Most browsers allow you to:

See what cookies are installed and delete them individually.
Block third‑party cookies.
Block all cookies from specific websites.
Block all cookies entirely.

How to manage cookies in popular browsers:

Please note: If you disable all cookies (including strictly necessary), our Site may not function correctly. Your cart may be lost, and you may not be able to complete checkout.

Google Analytics Opt‑out: You can install the Google Analytics Opt‑out Browser Add‑on to prevent your data from being used by Google Analytics across all websites.

Do Not Track (DNT): Our Site currently does not respond to browser DNT signals because there is no universally accepted standard. See the DNT section below.

Data Retention

We keep your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (e.g., tax, accounting, or legal obligations).

Data Type	Retention Period
Order records (name, address, product purchased, price, payment token)	7 years (to comply with IRS tax reporting requirements)
Customer account information (email, hashed password, saved addresses)	Until you delete your account, plus 30 days (grace period)
Email newsletter consent logs	Until you unsubscribe (then immediately removed from marketing lists, but we retain opt‑out record indefinitely to honor your request)
Customer support emails and chat logs	2 years from last interaction, then anonymized or deleted
Website analytics data (Google Analytics)	26 months (Google’s default retention) – aggregated after 14 months
Credit card token (via Stripe)	Stripe retains token as long as you have an active account or until you request deletion. We do not store the token ourselves beyond the transaction reference for refund purposes (stored by Stripe).

After the retention period expires, we will securely delete or anonymize your data so that it can no longer be linked to you.

Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. We honor all rights granted under applicable law.

For U.S. Residents (CCPA, CalOPPA)

If you are a resident of California (or other states with similar laws), you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the categories of third parties with whom we share it.
Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions (e.g., we may need to retain data to complete a transaction, detect fraud, or comply with legal obligations).
Right to Opt‑Out of Sale/Sharing: We do not sell your personal information. However, we do share data with advertising partners (e.g., Google, Facebook) for targeted advertising, which may be considered “sharing” under CCPA. You can opt out of such sharing by emailing us (see Contact section) or by using the “Do Not Sell or Share My Personal Information” link on our website footer.
Right to Non‑Discrimination: We will not discriminate against you for exercising any of your CCPA rights (e.g., charging different prices or denying service).
Right to Correct: You can request correction of inaccurate personal information.
Right to Limit Use of Sensitive Information: We do not collect sensitive personal information (e.g., Social Security number, precise geolocation).

California’s “Shine the Light” Law (Cal. Civ. Code § 1798.83): California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. As stated, we do not share for such purposes. To make a request, email us.

For European Residents (GDPR)

If you are in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the GDPR:

Right to Access: Obtain confirmation of whether we process your data, and if so, access to that data and related information.
Right to Rectification: Correct inaccurate or incomplete data.
Right to Erasure (“Right to be Forgotten”): Request deletion of your data where there is no compelling reason for continued processing.
Right to Restriction of Processing: Limit how we use your data while we verify its accuracy or the lawfulness of processing.
Right to Data Portability: Receive a copy of your data in a structured, commonly used, machine‑readable format (e.g., CSV) and have the right to transmit it to another controller.
Right to Object: Object to processing based on legitimate interests (including profiling). We will stop processing unless we have compelling legitimate grounds.
Right to Withdraw Consent: If you provided consent (e.g., for marketing emails), you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
Right to Lodge a Complaint: You have the right to complain to your local data protection authority (e.g., the ICO in the UK, the CNIL in France) if you believe we have violated your rights.

For Other Jurisdictions

Residents of Canada, Australia, and other privacy‑protected countries have similar rights (access, correction, deletion). Please contact us, and we will address your request in accordance with local law.

How to Exercise Your Rights

To exercise any of the above rights, please contact us using the information in the Contact Information section below. You may also use our website’s privacy request form (available at cene8.space/privacy-request – coming soon).

When you make a request, we will:

Acknowledge receipt within 10 business days (for CCPA) or 1 month (for GDPR).
Verify your identity by asking for information that matches our records (e.g., order number, email address, or government ID in certain cases).
Respond to your request within 30 days (extendable by another 60 days for complex requests).
Not charge a fee for reasonable requests, but may charge a small fee for excessive or repetitive requests.

Authorized Agents (CCPA): You may designate an authorized agent to make a request on your behalf. The agent must provide written permission signed by you, and we may require you to verify your identity directly with us.

Children’s Privacy

Our website and products are intended for adults aged 18 and older. We do not knowingly collect personal information from children under 13 (or under 16 in certain jurisdictions). If you believe a child has provided us with personal information, please contact us immediately, and we will delete it.

Note on painting supplies: While children may use our products under adult supervision for school projects, we do not market to children, and we do not knowingly collect their data.

Security of Your Information

We take the security of your personal information seriously. We implement industry‑standard administrative, technical, and physical safeguards to protect against unauthorized access, alteration, disclosure, or destruction.

Our Security Measures Include:

Encryption: All data transmitted between your browser and our Site is encrypted using TLS 1.3 (Transport Layer Security). You can verify this by looking for the padlock icon in your browser’s address bar.
Tokenization: Credit card numbers are never stored on our servers; they are tokenized by Stripe.
Access Controls: Only authorized employees who need access to your data to perform their jobs (e.g., customer support, order fulfillment) can view it. All employees are trained on data protection.
Regular Security Audits: We perform vulnerability scans and penetration tests (using third‑party services) at least annually.
Secure Data Centers: Our hosting provider (DigitalOcean) and Stripe’s infrastructure are SOC 2 Type II certified.

Despite Our Efforts

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security. In the unlikely event of a data breach, we will notify affected users and regulatory authorities as required by law (typically within 72 hours for GDPR breaches).

International Data Transfers

CENE8 DISTRIBUTION INCC is based in the United States (Anchorage, Alaska). If you are accessing our Site from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the U.S., where data protection laws may differ from those in your country.

For EEA/UK residents: When we transfer your data to the U.S., we rely on the Standard Contractual Clauses (SCCs) approved by the European Commission, as well as the UK International Data Transfer Agreement (IDTA). Stripe, our payment processor, also participates in the EU‑U.S. Data Privacy Framework (if certified). You can request a copy of our SCCs by contacting us.

For Canadian residents: The U.S. is considered to have adequate privacy protections by the Government of Canada for commercial organizations under PIPEDA.

By using our Site and providing your information, you consent to the transfer of your data to the United States.

Third‑Party Links

Our Site may contain links to third‑party websites (e.g., social media platforms, payment processor Stripe’s own pages, product reviews on external sites). This Privacy Policy does not apply to those third‑party sites. We are not responsible for their privacy practices. We encourage you to read the privacy policies of any website you visit.

Do Not Track Signals

Some browsers have a “Do Not Track” (DNT) feature that signals to websites that you do not want to be tracked. Currently, there is no universally accepted standard for how to respond to DNT signals. Therefore, our Site does not change its behavior in response to DNT requests. However, you can control cookies and opt out of targeted advertising as described above.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the features we offer. The revised version will be posted on this page with an updated “Last Updated” date. If we make material changes (e.g., new data sharing practices), we will notify you more prominently – for example, via email (to the address associated with your account) or a banner on our website.

Your continued use of our Site after the effective date of any changes constitutes your acceptance of the new Privacy Policy. If you do not agree, please stop using the Site and contact us to delete your data.

Contact Information & Data Controller

For purposes of data protection laws, the Data Controller is:

CENE8 DISTRIBUTION INCC
821 N St, Ste 102
Anchorage, AK 99501
United States

Email: cenedistribution29@gmail.com
Phone/Text: +84963271458

Data Protection Officer (DPO): We have not appointed a formal DPO because we are not required to under GDPR (our core activities do not involve large‑scale processing of sensitive data). However, any privacy inquiries can be directed to our owner at the email above.

For EU/UK representatives: We do not have a physical representative in the EU/UK at this time. Please direct all inquiries to our main email.

California Privacy Rights (CCPA) Supplement

This section applies only to California residents.

Collection, Use, and Disclosure of Personal Information

In the last 12 months, we have collected the following categories of personal information from California residents:

Category	Examples	Collected?
Identifiers	Name, email address, shipping address, IP address, phone number	Yes
Commercial information	Products purchased, order history, payment information (last 4 digits)	Yes
Internet/network activity	Browsing history, search history, interactions with our Site	Yes
Geolocation data	Approximate location derived from IP address (city/state)	Yes
Inferences	Preferences, purchase propensity, behavioral predictions	Yes (for marketing)
Sensitive personal information	SSN, driver’s license, precise geolocation, racial/ethnic origin, health data	No

Sources of Information

We collect this information directly from you (when you order or create an account), automatically via cookies, and from third parties (Stripe, carriers, analytics providers).

Business Purposes for Collection

As described in the “How We Use Your Information” section – primarily to fulfill orders, improve our services, prevent fraud, and market to you.

Sharing for “Cross‑Context Behavioral Advertising”

We share hashed email addresses and browsing behavior with Google and Facebook to show you targeted ads. This may be considered “sharing” under CCPA. You can opt out of this sharing by:

Emailing us at cenedistribution29@gmail.com with “CCPA OPT‑OUT” in the subject line.
Or clicking the “Do Not Sell or Share My Personal Information” link in our website footer.

Your CCPA Rights (Summary)

Right to Know: Request details about data we’ve collected, used, and shared in the past 12 months.
Right to Delete: Request deletion (subject to exceptions).
Right to Opt‑Out: Opt out of “sharing” as described above.
Right to Non‑Discrimination: No retaliation for exercising rights.

Submitting a CCPA Request

You can call us at +84963271458 or email cenedistribution29@gmail.com with “CCPA REQUEST” in the subject line. For verification, we will ask for your order number, email address, and possibly a copy of a government ID (which we will delete after verification).

We will respond within 45 days (extendable by another 45 days).

GDPR Supplement for EEA/UK Residents

This section applies if you are in the European Economic Area (EEA), United Kingdom, or Switzerland.

Your GDPR Rights (Summary)

You have the right to:

Access your data.
Rectify inaccurate data.
Erasure (right to be forgotten).
Restrict processing.
Data portability (receive a copy in machine‑readable format).
Object to processing based on legitimate interests.
Withdraw consent at any time (without affecting pre‑withdrawal processing).
Lodge a complaint with your local supervisory authority.

How to Exercise GDPR Rights

Email cenedistribution29@gmail.com with “GDPR REQUEST” and specify which right(s) you wish to exercise. We will respond within one month.

Data Protection Authority (DPA)

If you are not satisfied with our response, you have the right to complain to your local DPA. Contact details for EU DPAs can be found here. For the UK: Information Commissioner’s Office (ICO).

Marketing Opt‑Out (GDPR)

If you have consented to receive our marketing emails, you can withdraw that consent at any time by clicking the “unsubscribe” link at the bottom of any marketing email, or by emailing us with “UNSUBSCRIBE” in the subject line. We will process your request within 3 business days.

No Automated Decision‑Making (Profiling)

We do not use automated decision‑making or profiling that produces legal effects or similarly significantly affects you. The only automated processing we use is fraud detection (Stripe Radar), which may decline a transaction but does not create a legal profile about you beyond that specific transaction.

Privacy Policy Updates – Notification

We will notify you of material changes to this Privacy Policy by:

Sending an email to the address associated with your account (if you have one).
Displaying a prominent notice on our website for at least 30 days before the changes take effect.

Minor changes (e.g., typographical corrections, updating service provider names) may be made without notice, but we will update the “Last Updated” date.

Final Words – Your Trust Is Our Greatest Asset

At CENE8 DISTRIBUTION INCC, we do not view privacy as a legal checklist. We view it as a fundamental respect for the people who support our business. You share your personal information with us so that we can deliver painting supplies that protect your floors and furniture. We take that responsibility seriously.

We will never sell your data. We will never use it in ways you would not expect. And we will always give you control over how your information is used.

If you have any questions, concerns, or requests regarding this Privacy Policy, please reach out. We are here to help.

Email: cenedistribution29@gmail.com
Phone/Text: +84963271458
Mail: CENE8 DISTRIBUTION INCC, 821 N St, Ste 102, Anchorage, AK 99501, USA

Thank you for trusting CENE8. Now, go paint with confidence – your privacy is protected.