Privacy Policy
How we collect, use, protect, and share your personal information at ApexMega Store
Introduction
Apex Business Group Worldwide ("Apex," "we," "us," or "our") operates ApexMega Store (www.apexmegastore.com) and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with our platform.
By accessing or using ApexMega Store, you agree to the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.
Our Commitment
We are committed to protecting your privacy and ensuring your personal data is handled responsibly. We comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.
Data Controller
For the purposes of applicable data protection laws, the data controller is:
Apex Business Group Worldwide S.L.
Registered in Spain
Contact: privacy@apexmegastore.com
Data We Collect
We collect information that you provide directly to us, information collected automatically when you use our services, and information from third-party sources.
Information You Provide
| Data Type | Examples | Purpose |
|---|---|---|
| Account Information | Name, email, password, phone number | Account creation and management |
| Profile Information | Profile photo, preferences, interests | Personalization and recommendations |
| Payment Information | Credit card details, billing address | Transaction processing |
| Shipping Information | Delivery address, contact details | Order fulfillment and delivery |
| Communication Data | Support tickets, reviews, messages | Customer service and feedback |
| Verification Data | ID documents, business registration | Seller/partner verification (KYC) |
Information Collected Automatically
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Data: Pages visited, products viewed, search queries, click patterns
- Location Data: General location based on IP address (not precise GPS)
- Transaction Data: Purchase history, order details, payment records
- Log Data: Access times, referring URLs, error logs
Information from Third Parties
- Social media platforms (if you connect your account)
- Payment processors and financial institutions
- Identity verification services
- Marketing and advertising partners
- Public databases and registries
How We Use Your Data
We use the information we collect for various purposes, all based on legitimate legal grounds:
Service Delivery
- Process and fulfill your orders and transactions
- Create and manage your account
- Provide customer support and respond to inquiries
- Send order confirmations, shipping updates, and receipts
- Facilitate communication between buyers and sellers
Platform Improvement
- Analyze usage patterns to improve our services
- Develop new features and functionality
- Personalize your experience and recommendations
- Conduct research and analytics
Security and Compliance
- Detect and prevent fraud, abuse, and security incidents
- Verify identity and prevent unauthorized access
- Comply with legal obligations and regulatory requirements
- Enforce our Terms of Service and policies
Legal Basis for Processing (GDPR)
We process your data based on: (a) your consent, (b) performance of a contract, (c) compliance with legal obligations, and (d) our legitimate business interests, balanced against your rights and freedoms.
Data Sharing
We do not sell your personal data to third parties. We may share your information in the following circumstances:
Service Providers
We share data with trusted third-party service providers who assist us in operating our platform:
- Payment Processors: Stripe, PayPal, Klarna for transaction processing
- Shipping Partners: DHL, FedEx, UPS for order delivery
- Cloud Services: AWS, Google Cloud for hosting and storage
- Analytics: Google Analytics for usage analysis
- Customer Support: Zendesk for ticket management
Sellers and Partners
When you make a purchase, we share necessary information with sellers to fulfill your order, including:
- Your name and shipping address
- Order details and special instructions
- Contact information for delivery coordination
Legal Requirements
We may disclose your information if required by law or in response to:
- Valid legal processes (subpoenas, court orders)
- Government or regulatory requests
- Protection of our rights, property, or safety
- Emergency situations involving potential harm
Cookies & Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver personalized content.
Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Required for site functionality (login, cart, security) | Session |
| Functional | Remember preferences and settings | 1 year |
| Analytics | Understand how visitors use our site | 2 years |
| Marketing | Deliver relevant ads and measure effectiveness | 90 days |
Managing Cookies
You can control cookies through:
- Our cookie consent banner when you first visit
- Cookie preferences in your account settings
- Your browser settings (may affect functionality)
- Opt-out tools for advertising networks
Do Not Track
We honor Do Not Track (DNT) signals from your browser. When DNT is enabled, we limit tracking to essential functions only.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.
Retention Periods
- Account Data: Until you delete your account + 30 days
- Transaction Records: 7 years (legal/tax requirements)
- Communication Logs: 3 years for support records
- Marketing Preferences: Until you unsubscribe
- Analytics Data: 26 months (anonymized thereafter)
- Security Logs: 12 months
When data is no longer needed, we securely delete or anonymize it according to our data destruction policies.
Your Rights
Depending on your location, you have various rights regarding your personal data:
Right to Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your data ("right to be forgotten").
Right to Restriction
Request limited processing of your data.
Right to Portability
Receive your data in a machine-readable format.
Right to Object
Object to processing based on legitimate interests.
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent.
Rights Related to Automated Decisions
Not be subject to decisions based solely on automated processing.
Exercising Your Rights
To exercise any of these rights, please contact us at privacy@apexmegastore.com or use the privacy settings in your account. We will respond within 30 days (or as required by applicable law).
California Residents (CCPA)
California residents have additional rights including: the right to know what personal information is collected, the right to delete, the right to opt-out of sale (we do not sell data), and the right to non-discrimination. Contact us for a detailed CCPA disclosure.
Security Measures
We implement robust technical and organizational measures to protect your personal data:
Technical Safeguards
- Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
- Access Controls: Role-based access, multi-factor authentication
- Network Security: Firewalls, intrusion detection, DDoS protection
- Vulnerability Management: Regular security testing and patching
- Secure Development: Code reviews, penetration testing
Organizational Safeguards
- Employee security training and awareness programs
- Data protection policies and procedures
- Incident response and breach notification plans
- Vendor security assessments
- Regular security audits and certifications
Reporting Security Issues
If you discover a security vulnerability, please report it responsibly to security@apexmegastore.com. We appreciate your help in keeping our platform safe.
International Data Transfers
As a global platform, we may transfer your data to countries outside your residence. We ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework: For transfers to US service providers
- Standard Contractual Clauses (SCCs): EU-approved contract terms
- Adequacy Decisions: Transfers to countries with adequate protection levels
- Binding Corporate Rules: For intra-group transfers
Our primary data centers are located in the European Union (Germany) and the United States, with additional presence in Singapore for Asia-Pacific operations.
Children's Privacy
ApexMega Store is not intended for children under 16 years of age (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@apexmegastore.com. We will take steps to delete such information promptly.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify you via email (for significant changes)
- Display a prominent notice on our website
- Request new consent if required by law
We encourage you to review this policy periodically to stay informed about how we protect your data.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Privacy Team
Data Protection Officer
Spain, European Union
Supervisory Authority
If you are in the European Union and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority. In Spain, this is the Agencia Espanola de Proteccion de Datos (AEPD).
Response Time
We aim to respond to all privacy-related inquiries within 5 business days. For formal data subject requests, we will respond within 30 days as required by GDPR.