Privacy Policy

This Privacy Policy explains how Atlantic Access Ltd collects, uses, and protects your personal data when you visit or purchase from our website. Atlantic Access Ltd operates this website on behalf of GENKI (Human Things Limited), the website owner.

Atlantic Access Ltd is the data controller in respect of your personal data collected through this website. This policy covers customers in the United Kingdom and the European Union. Where your rights differ depending on your location, this is clearly indicated.

This Privacy Policy affects your legal rights and obligations so please read it carefully. If you have any questions, contact us at help@genkitthings.eu.

We may update this Privacy Policy from time to time. If we make changes that materially affect your rights, we will notify you by email if we hold your address. Otherwise, please check this page periodically. The current version is always available on our website.

1. Who we are

Atlantic Access Ltd is the data controller responsible for your personal data collected through this website.

Company number: 09873297

Registered address: 32 Hill Top, London, NW11 6EE, UK

ICO Registration Number: ZA870332 (registered with the UK Information Commissioner's Office)

Contact email: help@genkitthings.eu

 

This website is owned by GENKI (Human Things Limited), a company incorporated in Hong Kong with company number 2673653, whose registered office is at Flat Rm 811, Wealth Commercial Centre, 48 Kwong Wa Street, Mong Kok, Kowloon, Hong Kong. Atlantic Access Ltd operates the website and manages all sales, fulfilment, and customer service on behalf of GENKI.

 

2. What personal data we collect

We collect and process the following categories of personal data:

•       Identity Data: your first name, last name, and title

•       Contact Data: your email address, delivery address, and telephone number

•       Transaction Data: details of products you have purchased from us, including order number, price paid, and payment method used

•       Financial Data: payment card details processed securely by our payment providers (Shopify Payments and PayPal). We do not store your full card details on our systems

•       Technical and Usage Data: your IP address, browser type and version, device type, pages visited, time spent on the website, and referring URLs

•       Marketing and Communications Data: your preferences for receiving marketing communications from us and your communication preferences

•       Account Data: if you create an account, your username, password (stored in encrypted form), and order history

 

We collect this data in the following ways:

•       Directly from you when you place an order, create an account, contact us, or subscribe to marketing communications

•       Automatically when you visit our website, through cookies and similar technologies (see our Cookie Policy)

•       From third parties, including our payment providers and fraud prevention services

3. How and why we use your personal data

We will only use your personal data where we have a lawful basis to do so. The table below sets out the lawful bases we rely on:

 

UK customers (UK GDPR)

•       Contract: where processing is necessary to fulfil your order or manage your account

•       Legal obligation: where we are required to process your data to comply with a legal requirement

•       Legitimate interests: where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights

•       Consent: where you have given us clear consent, for example to send you marketing emails

 

EU customers (EU GDPR, Regulation 2016/679)

•       Article 6(1)(b) - Contract: where processing is necessary to fulfil your order or manage your account

•       Article 6(1)(c) - Legal obligation: where we are required to process your data to comply with a legal requirement

•       Article 6(1)(f) - Legitimate interests: where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms

•       Article 6(1)(a) - Consent: where you have given us clear, freely given, specific, informed and unambiguous consent

 

Specifically, we use your personal data for the following purposes:

•       To process and fulfil your orders, including arranging delivery through our third-party logistics provider (lawful basis: contract)

•       To process payments securely through Shopify Payments and PayPal (lawful basis: contract)

•       To send you order confirmations, dispatch notifications, and related transactional communications (lawful basis: contract)

•       To manage returns, refunds, and customer service queries (lawful basis: contract)

•       To comply with our legal obligations, including tax, accounting, and fraud prevention requirements (lawful basis: legal obligation)

•       To improve our website and services through analytics (lawful basis: legitimate interests)

•       To send you marketing communications about our products and offers, where you have consented or where we have a legitimate interest in doing so as an existing customer (lawful basis: consent or legitimate interests)

•       To detect and prevent fraud and abuse of our website (lawful basis: legitimate interests and legal obligation)

4. Marketing communications

We will only send you marketing emails if you have opted in to receive them, or if you are an existing customer and we are marketing similar products to those you have already purchased, and you have not opted out.

EU customers: we rely on your consent as the lawful basis for email marketing to new subscribers. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

We use Klaviyo to manage our email marketing. Your email address and marketing preferences will be shared with Klaviyo Inc., which processes data on our behalf as a data processor. Klaviyo is based in the United States. Transfers of your data to Klaviyo are made under Standard Contractual Clauses.

You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in any email we send, or by contacting us at help@genkitthings.eu. Please allow a few days for your preferences to be updated across our systems.

5. Who we share your data with

We share your personal data with the following categories of third parties, who act as data processors on our behalf unless otherwise stated:

•       Shopify Inc. (United States): our ecommerce platform provider, which hosts our website and processes transaction data. Transfers made under Standard Contractual Clauses. See shopify.com/legal/privacy

•       Shopify Payments / Stripe: payment processing. Your card data is processed securely and we do not have access to your full card details

•       PayPal (Europe) S.a.r.l. (Luxembourg): payment processing for customers who pay via PayPal. PayPal acts as an independent controller for its own processing. See paypal.com/uk/webapps/mpp/ua/privacy-full

•       Our third-party logistics (3PL) provider: your name, delivery address, and order details are shared with our warehousing and fulfilment partner to enable delivery of your order

•       Klaviyo Inc. (United States): email marketing platform. See Section 4 above

•       Google LLC (United States): analytics and advertising services (Google Analytics, Google Ads). Transfers under Standard Contractual Clauses. See policies.google.com/privacy

•       Meta Platforms Inc. (United States): advertising services (Meta Pixel). Transfers under Standard Contractual Clauses. See facebook.com/privacy/policy

•       GENKI (Human Things Limited): as the website owner, GENKI may receive aggregated sales and performance data. They do not receive individual customer personal data except where necessary for product warranty or compliance purposes

•       Our professional advisers including accountants, auditors, and legal advisers, where necessary

 

We do not sell your personal data to any third party.

We may also disclose your personal data to law enforcement or regulatory authorities where required to do so by law.

6. International transfers of personal data

Some of our third-party service providers are based outside the UK and the EEA, including in the United States. Where we transfer your personal data internationally, we ensure appropriate safeguards are in place:

 

UK customers:

•       Transfers to countries with UK adequacy status are permitted without additional safeguards

•       All other transfers use UK International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses approved for UK transfers

 

EU customers:

•       Transfers to the United Kingdom are covered by the European Commission's UK adequacy decision under Article 45 EU GDPR. Please note this decision is subject to review and may be withdrawn; we will update this policy if the position changes

•       Transfers to the United States and other third countries are made under Standard Contractual Clauses adopted by the European Commission under Article 46(2)(c) EU GDPR

 

If you would like more information about the specific safeguards we use for any particular transfer, please contact us at help@genkitthings.eu.

7. How long we keep your personal data

We retain your personal data only for as long as necessary for the purposes for which it was collected, and in accordance with applicable legal requirements:

•       Order and transaction data: 6 years from the date of the transaction, to comply with tax and accounting requirements

•       Customer account data: for the duration your account is active, plus 2 years following your last purchase or account activity

•       Marketing data: until you unsubscribe or withdraw consent, or 2 years from your last interaction with our marketing, whichever is earlier

•       Technical and usage data: up to 26 months (in line with Google Analytics default retention)

 

Where we have no lawful basis for continuing to hold your personal data, we will securely delete or anonymise it.

8. Your rights

You have the following rights in relation to your personal data. EU customers have these rights under EU GDPR (Regulation 2016/679); UK customers have equivalent rights under UK GDPR. The rights are substantively the same:

•       Right of access: to request a copy of the personal data we hold about you

•       Right to rectification: to ask us to correct inaccurate or incomplete personal data

•       Right to erasure: to ask us to delete your personal data in certain circumstances

•       Right to restrict processing: to ask us to limit how we use your personal data in certain circumstances

•       Right to data portability: to receive a copy of your personal data in a structured, machine-readable format and to request that we transfer it to another organisation

•       Right to object: to object to our processing where we rely on legitimate interests. You have an absolute right to object to processing for direct marketing purposes, and we will stop immediately on receipt of such a request

•       Rights in relation to automated decision-making: we do not currently make any solely automated decisions that have a legal or similarly significant effect on you

•       Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing

 

To exercise any of these rights, please contact us at help@genkitthings.eu. We will respond within one month. We may need to verify your identity before processing your request. EU customers: there is no fee for exercising your rights unless your request is manifestly unfounded or excessive.

 

 

9. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. All data you provide to us is stored on secure servers. Our payment processing is handled by Shopify Payments and PayPal, which are PCI DSS compliant.

No method of transmission over the internet is completely secure. While we take all reasonable steps to protect your data, we cannot guarantee its absolute security. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals, in accordance with our obligations under applicable law.

10. Cookies

We use cookies and similar tracking technologies on our website. For full details of the cookies we use, the purposes for which we use them, and how to manage your cookie preferences, please see our Cookie Policy, which is available on our website.

11. Third-party links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to read their privacy policies before providing any personal data to them.

12. Governing law

This Privacy Policy is governed by and construed in accordance with the law of England and Wales. UK customers may bring proceedings in their local courts. EU customers retain the right to bring proceedings before their local courts and to exercise their rights under EU GDPR before their national supervisory authority, regardless of this governing law clause.