Privacy Policy

1. Personal Information We Collect

1.1 Information Collected Proactively

– Order Transaction Data: Full name, delivery address, contact number, email, payment proof, order records, invoice information
– Account Registration Data: Username, login password, email, delivery address, membership information
– Customer Service Data: Consultation records, feedback content, after-sales requests, contact details

1.2 Information Collected Automatically

– Device Data: IP address, browser type, device model, operating system, access time
– Behavioral Data: Page browsing records, stay duration, click path, Cookie/tracking identifiers
– Transaction Behavior: Product browsing, cart adding, payment, after-sales full-process data

1.3 Non-Personal Information

Anonymous data that cannot identify specific users (e.g., total website visits, product click popularity) for operational analysis.

2. Purposes of Information Use

1. Fulfill order performance: Process payment, logistics delivery, after-sales return/exchange, invoice issuance
2. Provide user services: Account management, customer service response, after-sales follow-up, order notification
3. Optimize website operation: Analyze user behavior, optimize product display, improve website loading speed
4. Compliance and risk control: Prevent fraudulent transactions, identify abnormal logins, ensure fund and data security
5. Marketing push (subject to user explicit consent): New product notifications, promotional activities, exclusive membership benefits; users can unsubscribe at any time
6. Legal compliance requirements: Meet tax declaration, regulatory verification, judicial assistance and other statutory obligations

3. Information Sharing & Cross-Border Transmission

3.1 Sharing Only Under The Following Scenarios, Never Sell User Information

– Necessary performance cooperation: Payment service providers, logistics service providers, customs declaration institutions; only share information necessary for order performance
– Technical service cooperation: Website hosting, data analysis, security protection service providers; sign data confidentiality agreements to limit the scope of data use
– Statutory compliance scenarios: Provide user information in accordance with the requirements of judicial organs and regulatory authorities

3.2 Compliance Statement for Cross-Border Data Transmission

We are a Hong Kong registered enterprise. User data is mainly stored in compliant servers in Hong Kong. Data transmission to domestic/foreign compliant institutions is only carried out with user consent or statutory requirements. The whole process complies with PDPO and GDPR cross-border data transmission rules, with security measures such as encrypted transmission and access permission control adopted.

4. Cookies & Tracking Technologies

This website uses Cookies, pixel tags and other technologies to:

– Save user preferences (currency switching, language settings) and maintain login status
– Count website traffic and optimize user experience
Users can turn off Cookies through browser settings; turning off Cookies may affect the use of some website functions.

5. Data Storage & Security Protection

5.1 Storage Period

– Transaction data: Retained for 7 years in accordance with tax regulations, automatically encrypted and archived before deletion upon expiration
– Marketing data: Stop use immediately after user unsubscription, delete within 15 days
– Account data: Permanently delete within 30 days after user account cancellation

5.2 Security Protection Measures

Adopt bank-level encryption technology (SSL/TLS), firewall protection, data desensitization processing, hierarchical access permission control, and conduct regular security audits and vulnerability detection to prevent risks of data leakage, tampering and loss.

6. User Data Rights (Applicable Globally)

Users may apply to exercise the following rights at any time via [Customer Service Email], and we will respond within 15 working days:

1. Right to know: Query the details of personal information stored by us
2. Right to rectification: Modify incorrect and outdated personal information
3. Right to erasure: Apply for account cancellation and personal data deletion
4. Right to withdraw consent: Cancel marketing push and turn off Cookie tracking
5. Right to data portability: Obtain a copy of personal data for compliant migration
6. Right to object: Object to unnecessary data processing activities

7. Minor Protection

This website targets adult users over 18 years old and does not actively collect information from minors. If we find that a minor has submitted personal information, we will delete it immediately and contact the guardian for handling.

8. Policy Update & Notification

We reserve the right to revise this policy according to regulatory updates and business adjustments. The revised policy will be prominently displayed on the homepage of the website. Continued use of this website shall be deemed as acceptance of the updated policy. Major changes will be actively notified to users via email.