Address
Room 509, 5/F, The Vertex, 111 Tongzhou Street, Tai Kok Tsui, Hong Kong
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
Introduction and Scope of Application
This Privacy Policy applies to your visit and use of our website (your website domain), as well as your purchase of crystal bracelets and related products or services through this website. We are committed to protecting your personal information and strictly complying with data protection laws and regulations in major global markets, such as the EU General Data Protection Regulation (GDPR), the US California Consumer Privacy Act (CCPA), and China’s Personal Information Protection Law.
Types of Information Collected
Clearly list the data categories collected, distinguishing between “required information” and “optional information” to avoid excessive collection.
Registration and Account Information:
Name, email address, phone number, username and password (for account management, order tracking, and customer service).
Transaction and Payment Information:
Shipping address, payment method (credit/debit card information is encrypted by a third-party payment gateway; we do not directly store full card numbers), order details (product selection, purchase history).
Interaction and Marketing Information: Preferences you voluntarily provide (such as crystal type and style preference) for personalized recommendations and promotional notifications.
Information collected through email subscriptions, surveys, or customer feedback.
Automatically Collected Technical Information: Cookies and Similar Technologies: Record your browsing behavior (such as pages visited, duration of stay), shopping cart contents, to optimize user experience and advertising effectiveness.
Device and Network Information: IP address (for fraud prevention and geolocation), browser type, operating system version.
Other Legally Public or Authorized Information: Information you share when interacting with us on social media or public platforms (with your authorization). Anonymized or aggregated data obtained from partners or data analysis agencies (for market analysis).
Purpose of Information Use
Clearly explain data usage, ensuring compliance with the principles of “lawful, justifiable, and necessary” and consistent with user expectations.
Order Fulfillment and Service:
Processing purchase requests, arranging shipments, and providing after-sales support (e.g., returns, exchanges, and maintenance recommendations).
Account and Security Management:
Verifying identity, preventing fraudulent transactions, and protecting account security (e.g., two-factor authentication).
Personalized Experience:
Recommending crystal products (e.g., energy crystals, Feng Shui bracelets) based on your browsing history and preferences, and sending customized marketing emails (with the option to unsubscribe at any time).
Analysis and Optimization:
Using data analysis to improve website functionality, product design (e.g., user feedback on specific crystal types), and marketing strategies.
Legal and Compliance Obligations:
Complying with tax, customs, and anti-money laundering regulations, and responding to lawful requests from government agencies or courts.
Cookies
Provide a detailed explanation of cookie types, purposes, and user options, complying with GDPR’s “explicit consent” requirement.
Necessary cookies: Used to enable basic website functionality (such as shopping cart storage and payment processing) and are enabled without separate consent.
Functional cookies: Remember your language preferences, regional settings, or browsing habits to enhance user experience.
Analytical cookies: Used to measure traffic and behavioral patterns using tools like Google Analytics to help optimize the website.
Advertising and marketing cookies: Display relevant ads through third-party platforms (such as Facebook and Google Ads) and require your active consent.
Suggested actions:
Display a pop-up cookie notification on the user’s first visit, explaining the cookie type and providing an option to “Accept” or “Manage Preferences.”
Allow users to adjust their cookie preferences at any time through their browser settings or the website’s privacy control panel.
Information Sharing and Third-Party Processing
Clearly disclose the recipients and purposes of data sharing to ensure third-party compliance (e.g., by signing a data processing agreement).
Sharing with Affiliates:
Limited to affiliates or branches necessary to provide services to you (e.g., overseas warehousing and logistics partners).
Sharing with Service Providers: Payment processors (e.g., Stripe, PayPal): Used to complete transactions and ensure payment security.
Logistics and delivery companies: Used for order fulfillment and tracking.
Marketing and analytics providers (e.g., Mailchimp, Google): Used to send marketing emails and optimize advertising, but your personal information will not be used for third-party marketing.
Legal Requirements or Protection of Rights:
Sharing information as required by laws, regulations, legal proceedings, or to protect your/our legitimate interests (e.g., fraud prevention, intellectual property protection).
Cross-border Transfer Notice:
If data is transferred outside the EU/EEA, ensure that the recipient has met the GDPR adequacy criteria (e.g., Switzerland, Canada, PIPEDA region), or use Standard Contractual Clauses (SCCs) for security.
User rights
Emphasize customer control over personal data, in line with the rights granted by regulations such as GDPR and CCPA.
Example clauses:
Right of Access:
Request to review or download a copy of your personal information (e.g., order history, account profile) at any time.
Right to Correction:
Update inaccurate information (e.g., change shipping address) or make changes through self-service account settings.
Right to Erasure (Right to Be Forgotten):
Request the deletion of your personal data to the extent permitted by law (e.g., if an order has been completed and there are no outstanding obligations).
Right to Restrict Processing:
Object to the use of your data for automated decision-making (e.g., price discrimination) or marketing purposes. You can exercise this right by contacting Customer Service.
Right to Data Portability:
Access your personal data in a structured, commonly used format (e.g., CSV order history) and transmit it to another service provider.
Right to Withdraw Consent:
For information collected based on consent (e.g., marketing cookies, personalized recommendations), you can withdraw your consent at any time (this does not affect the legitimacy of the data before withdrawal). Right to Opt-Out (for users protected by the CCPA):
Submit a “Do Not Sell My Personal Information” request through our Privacy Policy page or by contacting us. We will not sell your personal information to third parties.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
