Privacy Policy
This Privacy Policy describes how H&J Co., Limited (恆嘉(香港)有限公司) (“we”, “us”, or “our”) collects, uses, discloses, and protects your Personal Information when you visit our website [insert your website URL] (the “Site”) or make a purchase from us. By accessing or using the Site, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.
1. Collection of Personal Information
We collect Personal Information (information that can uniquely identify an individual) from you in various ways, depending on your interactions with the Site. Below is a detailed breakdown of the information we collect, its purpose, and source:
1.1 Device Information
- Examples of Personal Information collected: Web browser version, IP address, time zone, cookie data, browsing history (e.g., pages viewed, products searched, links clicked), device type, operating system, and how you interact with the Site.
- Purpose of collection: To ensure the Site loads correctly for your device, optimize Site performance, conduct analytics to improve user experience, and detect and prevent fraud.
- Source of collection: Automatically collected when you access the Site through cookies, log files, web beacons, tags, and similar tracking technologies.
- Disclosure for business purposes: Shared with our service providers, including Shopify (our e-commerce platform) and Google Analytics (for analytics).
1.2 Order Information
- Examples of Personal Information collected: Full name, billing address, shipping address, payment details (e.g., credit card numbers, PayPal account information), email address, and phone number.
- Purpose of collection: To fulfill your order (process payment, arrange shipping, deliver products), send order confirmations and invoices, communicate with you about your order, screen for potential fraud or risk, and (with your consent) send marketing communications about our products or services.
- Source of collection: Directly provided by you when placing an order or creating an account on the Site.
- Disclosure for business purposes: Shared with our service providers, including Shopify (for order processing and fulfillment) and payment processors (to handle secure payments).
1.3 Customer Support Information
- Examples of Personal Information collected: Name, order number, contact details, and any information you provide when contacting us for assistance (e.g., details about product issues, refund requests).
- Purpose of collection: To respond to your inquiries, resolve issues, and provide effective customer support.
- Source of collection: Directly provided by you when contacting our customer service team via email, phone, or other communication channels.
- Disclosure for business purposes: Shared with our customer support tools and service providers, including Zendesk and Shopify.
1.4 Marketing Subscription Information
- Examples of Personal Information collected: Phone number (if you subscribe to SMS notifications) and email address (if you subscribe to email newsletters).
- Purpose of collection: To send automated marketing communications (e.g., product updates, exclusive offers, promotional content) about our products and services.
- Source of collection: Directly provided by you when subscribing to marketing communications.
- Opt-out rights: Consent to marketing communications is not a condition of purchase. You can opt out of SMS notifications by replying STOP, END, CANCEL, UNSUBSCRIBE, or QUIT to the text messages. For email newsletters, you can opt out by clicking the “unsubscribe” link in any email. You may receive a confirmation message after opting out.
2. Minors
The Site is not intended for individuals under the age of 16. We do not intentionally collect Personal Information from children under 16. If you are a parent or guardian and believe your child has provided us with Personal Information, please contact us (see “Contact” section below) to request the deletion of such information.
3. Sharing of Personal Information
We only share your Personal Information with third parties for legitimate business purposes, as outlined below:
- Service Providers: We share your information with trusted service providers who assist us in operating the Site, fulfilling orders, and providing services to you. This includes:
- Shopify (e-commerce platform and order management);
- Payment processors (to handle secure payment transactions);
- Zendesk (customer support);
- Google Analytics (analytics and user behavior tracking);
- Klaviyo (email marketing, if applicable).You can review the privacy policies of these service providers for more details on how they handle your information.
- Legal Compliance: We may disclose your Personal Information to comply with applicable laws, regulations, court orders, or lawful requests from government authorities (e.g., subpoenas, search warrants).
- Protection of Rights: We may share your information to protect our legal rights, property, or safety, or the rights, property, or safety of our users or others (e.g., to prevent fraud or address security issues).
4. Behavioral Advertising
We use your Personal Information to deliver targeted advertisements or marketing communications that we believe may be of interest to you. Here’s how this works:
- Analytics: We use Google Analytics to understand how users interact with the Site. You can learn more about Google’s privacy practices here and opt out of Google Analytics here.
- Third-Party Advertising Partners: We share information about your Site usage, purchases, and interactions with our ads with advertising partners. This information may be shared directly or through cookies and similar tracking technologies (subject to your consent, where required by law).
Opt-Out of Targeted Advertising
You can opt out of targeted advertising from major platforms by following these links:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
- Digital Advertising Alliance: Visit the opt-out portal to opt out of multiple advertising networks.
For more information about targeted advertising, visit the Network Advertising Initiative’s (NAI) educational page here.
5. Use of Personal Information
We use your Personal Information for the following legitimate purposes:
- To provide and maintain our services (e.g., process orders, ship products, manage your account);
- To communicate with you (e.g., order updates, customer support, marketing communications with your consent);
- To improve the Site and our products (e.g., through analytics and user feedback);
- To detect, prevent, and address fraud, security issues, or legal liabilities;
- To comply with applicable laws and regulations.
6. Lawful Basis for Processing (GDPR)
If you are a resident of the European Economic Area (EEA), we process your Personal Information based on the following lawful bases under the General Data Protection Regulation (GDPR):
- Consent: For marketing communications (you can withdraw consent at any time).
- Performance of a contract: To fulfill your order and provide services related to your purchase.
- Compliance with legal obligations: To meet legal requirements (e.g., tax, anti-fraud regulations).
- Legitimate interests: To improve the Site, prevent fraud, and deliver relevant advertising (provided our interests do not override your fundamental rights and freedoms).
7. Data Retention
We retain your Personal Information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by law.
- Order Information: Retained for our records to process returns, refunds, or address future inquiries, unless you request its deletion (see “Your Rights” section).
- Marketing Information: Retained until you opt out of marketing communications.
- Device and Analytics Data: Retained for a limited period (typically 12–24 months) to optimize the Site and user experience.
Once your Personal Information is no longer needed, we will securely delete or anonymize it.
8. Automatic Decision-Making (GDPR)
If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (including profiling) that has a legal or significant effect on you.
Our service provider Shopify uses limited automated decision-making to prevent fraud, which does not have a legal or significant impact on you. This includes:
- Temporary denylisting of IP addresses associated with repeated failed transactions (persists for a few hours).
- Temporary denylisting of credit cards linked to denylisted IP addresses (persists for a few days).
9. Sale of Personal Information (CCPA)
Pursuant to the California Consumer Privacy Act (CCPA), we do not sell your Personal Information to third parties for monetary consideration. We may share your information with service providers (as outlined in Section 3) for business purposes, which does not constitute a “sale” under the CCPA.
10. Your Rights
10.1 Rights Under GDPR (EEA Residents)
If you are a resident of the EEA, you have the following rights regarding your Personal Information:
- Right to access: Request a copy of the Personal Information we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete Personal Information.
- Right to erasure: Request deletion of your Personal Information (also known as the “right to be forgotten”), where applicable.
- Right to data portability: Request transfer of your Personal Information to another service provider in a structured, machine-readable format.
- Right to object: Object to processing of your Personal Information for marketing or legitimate interests.
- Right to withdraw consent: Withdraw consent for marketing communications at any time.
Your Personal Information may be processed in Ireland (by Shopify) and transferred outside the EEA (e.g., to Canada or the United States) for storage and further processing. These transfers comply with GDPR requirements; for more details, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.
10.2 Rights Under CCPA (California Residents)
If you are a resident of California, you have the following rights under the CCPA:
- Right to Know: Request disclosure of the Personal Information we collect, use, or disclose about you.
- Right to Delete: Request deletion of your Personal Information, subject to certain exceptions.
- Right to Correction: Request correction of inaccurate Personal Information.
- Right to Data Portability: Request transfer of your Personal Information to another service provider.
- Right to Opt-Out of Sales: As noted in Section 9, we do not sell your Personal Information, so this right does not apply.
You may designate an authorized agent to submit requests on your behalf. To do so, please contact us with proof of your authorization.
How to Exercise Your Rights
To exercise any of the above rights, please contact our customer service team using the contact details in Section 16 below. We will respond to your request within 30 days (or as required by applicable law).
11. Cookies
Cookies are small text files downloaded to your device when you visit the Site. They help improve your browsing experience by remembering your preferences and tracking Site usage. We use the following types of cookies:
11.1 Necessary Cookies (Required for Site Functionality)
| Name | Function |
|---|---|
| _ab | Used for admin access verification |
| _secure_session_id | Facilitates navigation through the Site |
| cart | Manages your shopping cart |
| cart_sig | Supports checkout process |
| cart_ts | Tracks checkout timing |
| checkout_token | Secures the checkout process |
| secret | Enhances checkout security |
| secure_customer_sig | Assists with customer login authentication |
| storefront_digest | Supports customer login verification |
| _shopify_u | Facilitates updates to customer account information |
11.2 Reporting and Analytics Cookies
| Name | Function |
|---|---|
| _tracking_consent | Stores your tracking preferences |
| _landing_page | Tracks the landing page you accessed |
| _orig_referrer | Records the source of your visit to the Site |
| _s | Shopify analytics tracking |
| _shopify_fs | Shopify analytics for user behavior |
| _shopify_s | Shopify core analytics |
| _shopify_sa_p | Shopify analytics for marketing and referrals |
| _shopify_sa_t | Shopify analytics for marketing performance |
| _shopify_y | Long-term Shopify analytics |
| _y | Supplementary Shopify analytics |
11.3 Cookie Duration
- Session cookies: Expire when you close your browser.
- Persistent cookies: Remain on your device for 30 minutes to 2 years (depending on the cookie type) unless deleted.
11.4 Managing Cookies
You can control cookies through your browser settings (typically found in “Tools” or “Preferences”). You can accept, block, or delete cookies, but note that blocking necessary cookies may limit your ability to use certain features of the Site (e.g., checkout, shopping cart). For more information, visit www.allaboutcookies.org or your browser’s help section.
Blocking cookies does not prevent us from sharing information with advertising partners. To opt out of such sharing, follow the instructions in Section 4.
12. Do Not Track
There is no universal standard for responding to “Do Not Track” (DNT) signals from browsers. We do not alter our data collection or usage practices in response to DNT signals.
13. Data Security
We implement reasonable technical and organizational measures to protect your Personal Information from unauthorized access, disclosure, alteration, or destruction. These measures include:
- Secure socket layer (SSL) encryption for data transmitted through the Site;
- Restricted access to Personal Information (limited to authorized staff and service providers);
- Regular security audits and updates to our systems.
While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we will take all reasonable steps to mitigate risks.
14. Third-Party Links
The Site may contain links to third-party websites (e.g., social media platforms, payment processors). This Privacy Policy does not apply to third-party sites. We are not responsible for the privacy practices or content of these sites. We encourage you to review the privacy policies of any third-party sites you visit.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we update the policy, we will revise the “Last Updated” date at the bottom of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the Site after the updated policy is posted constitutes your acceptance of the changes.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
- Email: [insert your customer service email]
- Mailing Address: [insert your company’s physical address]
- Phone: [insert your customer service phone number]
If you are not satisfied with our response to your inquiry or complaint, you have the right to lodge a complaint with the relevant data protection authority (e.g., for EEA residents, your local data protection authority; for California residents, the California Attorney General’s Office).
Last Updated: 2025-12-11