Privacy Policy
1. Data Collection Transparency
We maintain an unwavering and steadfast commitment to minimal, purpose – driven data collection. Our approach is centered around acquiring only the information that is absolutely essential to deliver a seamless and personalized shopping experience, ensuring that your privacy is respected at every step.
Transaction Essentials: We collect your name, contact details, and shipping information with a singular focus on fulfilling orders, processing payments, and providing comprehensive post – purchase support. This data is the cornerstone of ensuring that your purchases reach you safely and that any issues you may encounter after the sale are promptly addressed.
Technical Insights: By anonymously gathering device IP addresses, browser types, and navigation patterns, we gain valuable insights that help us optimize site performance. This enables us to refine user interfaces for a more intuitive experience and tailor content recommendations to match your interests, making your shopping journey more enjoyable and efficient.
Optional Engagement: Marketing communications, such as newsletters and promotional offers, are sent only with your explicit affirmative consent. We obtain this through a rigorous double – opt – in process, which requires confirmation via email or SMS. This ensures that you only receive communications that you have actively agreed to receive, giving you full control over your inbox.
2. Consent Framework
Your data rights are at the heart of our operations, and we have established a structured, transparent consent system to safeguard them.
Implicit Consent: Automatically applied for essential transactional purposes, including payment processing, order tracking, and fraud prevention. This type of consent is necessary to ensure the smooth operation of our services and to protect both you and our business from potential risks.
Explicit Consent: Required for all secondary uses, such as personalized ads, trend analytics, and customer research. We believe in obtaining your clear and informed consent before using your data for any non – essential purposes, giving you the power to decide how your information is utilized.
Granular Control: You have the flexibility to adjust your preferences anytime via your account dashboard or by emailing us. You can opt out of specific data uses without losing access to our core services, allowing you to customize your data – sharing experience according to your comfort level.
3. Limited Disclosure Protocol
We share information only under strict, lawful conditions to ensure the security and privacy of your data.
Legal Compliance: In response to valid court orders, subpoenas, or regulatory investigations, such as those from tax authorities or law enforcement agencies, we may be required to disclose certain information. However, we always ensure that such disclosures are in accordance with the law and that your privacy is protected to the greatest extent possible.
Business Protection: To detect and prevent fraud, unauthorized access, or violations of our Terms of Service, we may share information with relevant parties. This is crucial for maintaining the integrity of our platform and ensuring a safe shopping environment for all our customers.
Service Providers: Partners like cloud hosts or analytics tools receive de – identified data and are contractually bound to GDPR/CCPA standards. This ensures that your data is handled responsibly and in compliance with strict privacy regulations, even when it is shared with third – party service providers.
4. Third – Party Ecosystem Management
Our trusted partners adhere to rigorous data governance standards to safeguard your information.
Payment Processors: Stripe and PayPal, our payment processing partners, maintain PCI – DSS Level 1 certification. This ensures that all transactions are encrypted and that card numbers are tokenized for storage, making it extremely difficult for hackers to access your sensitive payment information.
Logistics Providers: These partners receive only delivery – required details, such as your address and contact number, and are strictly prohibited from retaining data post – fulfillment. This minimizes the risk of your personal information being misused or exposed after your order has been delivered.
International Transfers: When transferring data across borders, we utilize EU Standard Contractual Clauses (SCCs) or Privacy Shield frameworks. These mechanisms provide additional layers of protection for your data, ensuring that it is handled in a consistent and secure manner, regardless of its destination.
5. Military – Grade Data Protection
We deploy a multi – layered security architecture to safeguard your information from any potential threats.
256 – bit SSL/TLS Encryption: This advanced encryption technology secures all data in transit, including login credentials and payment details. It creates a secure tunnel between your device and our servers, preventing unauthorized access to your sensitive information.
Tokenization: After a transaction, raw card numbers are replaced with unique tokens. This means that even if a hacker were to gain access to our systems, the stolen data would be useless, as the tokens cannot be used to make unauthorized purchases.
SOC 2 Type II Compliance: Our cloud infrastructure undergoes annual audits for security, availability, and confidentiality. This certification demonstrates our commitment to maintaining the highest standards of data security and ensures that our systems are regularly evaluated and improved.
Continuous Monitoring: We employ real – time threat detection, quarterly vulnerability scans, and biannual penetration testing by certified ethical hackers. This proactive approach allows us to identify and address potential security issues before they can be exploited, providing you with a safe and secure shopping environment.
6. Age Verification Standards
All accounts must comply with jurisdiction – specific age requirements to ensure that our services are used by appropriate individuals.
Active Confirmation: Users must verify that they are 18+ (or older in stricter regions) via government ID upload or credit card validation. This helps us prevent underage users from accessing our platform and ensures that our services are used in accordance with legal requirements.
Parental Consent: For users aged 13–17, guardians must approve account creation and manage privacy settings via a dedicated parental portal. This gives parents control over their children’s online activities and ensures that their privacy is protected.
7. Evolving Privacy Standards
Our policy is a living document that is constantly updated to reflect global regulatory shifts and industry best practices.
Quarterly Reviews: We align our policy with GDPR, CCPA, PIPEDA, and other frameworks to ensure ongoing compliance. This ensures that we are always up – to – date with the latest privacy regulations and that your data is protected in accordance with the highest standards.
Version – Controlled Change Logs: Accessible in our Help Center, these logs detail modifications with effective dates. This provides transparency and allows you to track any changes to our privacy policy over time.
Advance Notice: Users receive 30 days’ warning via email for material changes affecting data rights, such as new retention periods. This gives you sufficient time to review the changes and decide whether you wish to continue using our services under the new terms.
Your Data Sovereignty Rights
Exercise full control over your information through our Privacy Portal:
✓ Real – Time Data Access Reports: Download a complete log of collected data, including sources and purposes. This gives you a clear understanding of what information we have about you and how it is being used.
✓ One – Click Consent Revocation: Instantly withdraw permission for marketing or analytics uses. This allows you to quickly and easily stop receiving unwanted communications or prevent your data from being used for non – essential purposes.
✓ Automated Deletion Requests: Erase your account and all associated data with a single confirmation. This gives you the ultimate control over your data, allowing you to remove it from our systems whenever you choose.
✓ Portable Data Packages: Export your profile, order history, and preferences in JSON/CSV formats for easy migration. This makes it convenient for you to transfer your data to other platforms if you wish to do so.
✓ Opt out of the sale or sharing of your data (under CCPA/CPRA).
To exercise these rights, please contact us at [email protected]. We will respond within 30 days as required by law.
For urgent concerns, our Data Protection Officer (DPO) responds within 24 business hours. All requests include free identity verification via biometric checks or secure document upload to prevent unauthorized access. Your data security and privacy are not just priorities—they’re our non – negotiable foundation.
🔒 “Trust through transparency, security through innovation.”
Company Name: PAIFENG CENTURY BRAND MANAGEMENT CO., LIMITED
Address: UNIT I, 3/F, GOOD HARVEST CENTRE, 33 ON CHUEN STREET, FANLING HONG KONG
Phone: +852 21962692
Email: [email protected]