Privacy Policy
Privacy Policy
This Privacy Policy governs the collection, use, storage and disclosure of your personal data by HAIYING TECHNOLOGY LIMITED ("we", "us" or "our") and is fully compliant with the Personal Data (Privacy) Ordinance (Chapter 486) of Hong Kong ("PDPO").
By accessing our website or purchasing products from us, you consent to the collection and use of your personal data in accordance with this Privacy Policy.
1. What Personal Data We Collect
We collect personal data that is necessary for us to provide our services to you, including:
- Transaction data: Your name, shipping address, billing address, email address, phone number and payment information
- Technical data: Your computer's Internet Protocol (IP) address, browser type, operating system and website usage information
- Marketing data: Your preferences for receiving marketing communications from us
We do not collect any personal data that is not necessary for the purposes stated in this policy.
2. How We Use Your Personal Data
We use your personal data only for the purposes for which it was collected or for purposes directly related thereto, in compliance with DPP3 of the PDPO:
- To process and fulfill your orders
- To arrange for delivery of your purchases
- To process returns and refunds
- To communicate with you about your orders
- To provide customer support
- To improve our website and services
- To send you marketing communications only with your explicit consent
3. Consent
When you provide personal data to us to complete a transaction, verify your payment method, place an order, arrange for delivery or process a return, you consent to our collection and use of that data solely for that specific purpose.
For marketing purposes (including emails about new products, promotions and updates), we will only send you such communications if you have explicitly opted in. You may withdraw your consent at any time by clicking the "unsubscribe" link in any marketing email or by contacting us directly.
4. Your Rights Under the PDPO
Under the PDPO, you have the following rights regarding your personal data:
- Right of access: You may request a copy of all personal data we hold about you
- Right of correction: You may request us to correct any inaccurate or incomplete personal data
- Right to withdraw consent: You may withdraw any consent you have previously given for us to use your personal data
- Right to erasure: You may request us to delete your personal data when it is no longer necessary for the purposes for which it was collected
To exercise any of these rights, please contact us at service@haiyingshop.com. We will respond to your request within 40 calendar days as required by the PDPO. A reasonable fee may be charged for processing data access requests.
5. Data Retention
We will only retain your personal data for as long as is necessary to fulfill the purposes for which it was collected, in compliance with DPP2 of the PDPO:
- Transaction and order data: Retained for 7 years from the date of your last order to comply with Hong Kong tax and accounting requirements
- Customer account data: Retained until you request us to delete your account
- Marketing data: Retained until you withdraw your consent to receive marketing communications
- Technical and log data: Retained for 30 days for security and website maintenance purposes
Once the retention period expires, we will securely delete or anonymize your personal data.
6. Data Security
We take all practicable steps to protect your personal data from unauthorized access, use, disclosure, alteration or destruction, in compliance with DPP4 of the PDPO:
- All online transactions are processed through an SSL-secured connection
- Credit card information is encrypted using AES-256 encryption during transmission
- We do not store any full credit card information on our servers
- All payment processing is handled by PCI-DSS compliant third-party payment gateways
- We implement strict access controls to ensure only authorized personnel can access your personal data
While no method of transmission over the Internet or electronic storage is 100% secure, we follow all industry best practices and PDPO requirements to protect your personal data.
7. Third-Party Service Providers
We may share your personal data with third-party service providers who assist us in operating our business and providing services to you, including:
- Payment processors (PayPal, credit card companies)
- Shipping and logistics providers
- Website hosting and maintenance providers
- Customer support tools
- Analytics providers (Google Analytics)
All third-party service providers are contractually required to:
- Only use your personal data for the purposes specified by us
- Comply with the PDPO and all applicable data protection laws
- Implement appropriate security measures to protect your personal data
- Not disclose your personal data to any other third parties without our prior written consent
8. Cross-Border Transfer of Personal Data
Your personal data may be transferred to and stored in jurisdictions outside of Hong Kong (including China) for the purposes stated in this policy.
When transferring personal data outside of Hong Kong, we will ensure that:
- The transfer is necessary for the performance of a contract between you and us
- We have entered into a written agreement with the recipient that requires them to protect your personal data to a standard equivalent to that required by the PDPO
- We comply with all applicable requirements of the PDPO regarding cross-border data transfers
9. Google Analytics
Our website uses Google Analytics to help us understand how visitors use our website. Google Analytics collects information about your website usage using cookies.
The information collected by Google Analytics is anonymized and does not identify you personally. You may opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, available at: https://tools.google.com/dlpage/gaoptout
10. Information Disclosure
We will only disclose your personal data in the following circumstances:
- When required by law, court order or government regulation
- To protect our legal rights, property or safety, or the rights, property or safety of others
- To third-party service providers as described in Section 7 above
- In connection with a merger, acquisition or sale of all or part of our business
We will never sell, rent or lease your personal data to any third parties for marketing purposes without your explicit consent.
11. Age of Consent
By using this website, you represent that you are at least 16 years of age (the legal age of majority for data protection purposes in Hong Kong). We do not knowingly collect personal data from children under the age of 16. If you are under 16, you may only use this website with the consent and supervision of a parent or guardian.
12. Links to Third-Party Websites
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these websites. We encourage you to read the privacy policy of any third-party website you visit.
13. Changes to This Privacy Policy
We reserve the right to modify this Privacy Policy at any time. Any changes will be posted on this page and will take effect immediately upon posting.
If we make any material changes to this policy that affect how we collect, use or disclose your personal data, we will notify you by email or by posting a prominent notice on our website at least 30 days before the changes take effect.
14. Complaints
If you have any questions or concerns about this Privacy Policy or our handling of your personal data, please contact our Data Protection Officer at:
- Email: service@haiyingshop.com
- Address: Room CO5, Flat A, 2/F, Tontex Industrial Building, 2-4 Sheung Hei Street, San Po Kong, Kowloon, Hong Kong