Effective Date: 1st January 2024
Introduction
Welcome to Bliss Boutique (www.theblissboutique.com). We are committed to protecting the privacy and security of our customers and site visitors. This Privacy Policy outlines how your personal data will be collected, used, and protected in compliance with Hong Kong’s Personal Data (Privacy) Ordinance (PDPO), the European Union's General Data Protection Regulation (GDPR), and relevant U.S. privacy laws. By using our website and services, you agree to the collection and use of information in accordance with this policy.
Scope and Application
This Privacy Policy applies to all visitors, users, and others who access or use our Service. It covers the collection and processing of personal data through our website and any related services, sales, marketing, or events.
Definitions
"Personal Data": Any information relating to an identified or identifiable natural person.
"Processing": Any operation or set of operations performed on Personal Data.
"Data Subject": An identifiable natural person whose Personal Data is processed.
"Consent": Data Subject's permission for the processing of their Personal Data.
Data Collection and Types of Data Collected
We collect various types of Personal Data to provide and improve our Service to you. This may include, but is not limited to:
Identity Data: Such as your first name, last name, username or similar identifier.
Contact Data: Such as billing address, delivery address, email address, and telephone numbers.
Financial Data: Such as payment card details.
Transaction Data: Including details about payments to and from you and other details of products you have purchased from us.
Technical Data: Including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, and platform.
Profile Data: Your purchases or orders made by you, your interests, preferences, feedback, and survey responses.
Purpose and Basis of Processing Personal Data
Your data is processed for various purposes, including:
Service Delivery: To manage payments, fees, charges, and to collect and recover money owed to us.
Customer Support: To provide customer support, manage our relationship with you, notify you about changes to our terms or privacy policy.
Marketing: To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. The legal basis for processing your Personal Data includes consent (where you have given consent), contract
(where processing is necessary for the performance of a contract with you), and for our legitimate interests (where processing is necessary for the purposes of the legitimate interests pursued by us).
User Consent
Obtaining Consent: Consent to process your Personal Data is obtained explicitly through an opt-in mechanism on our website or when you otherwise provide us with such information.
Withdrawal of Consent: You have the right to withdraw your consent at any time. This can be done by contacting us using the details provided in the Contact Information section of this policy. Please note that withdrawal of consent may affect our ability to provide certain services to you.
Data Retention and Protection
Retention Period: We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
Data Security: The security of your data is important to us. We implement appropriate technical and organizational measures to protect your Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee its absolute security.
Data Subject Rights
You have certain rights concerning your Personal Data under applicable privacy laws:
Right to Access: You can request access to your personal data.
Right to Rectification: You have the right to have incorrect or incomplete data corrected.
Right to Erasure: Under certain conditions, you can request the deletion of your data.
Right to Object: You may object to the processing of your personal data in certain circumstances.
Right to Restrict Processing: You can request a restriction on the processing of your personal data.
Right to Data Portability: Where applicable, you have the right to receive your personal data in a structured, commonly used, and machine-readable format.
To exercise these rights, please contact us using the details provided in the Contact Information section.
Data Sharing and Disclosure
We may share your Personal Data with trusted third parties such as business partners and service providers to facilitate our services.
Your Personal Data may be disclosed to third parties if required for business transfers or to comply with legal obligations.
Any sharing or disclosure of your Personal Data will be in compliance with applicable privacy laws and with appropriate safeguards in place.
International Data Transfer
Your Personal Data may be transferred to locations outside of your home country, where data protection laws may differ.
We ensure that any international transfer of Personal Data is carried out in compliance with applicable privacy laws and with appropriate safeguards.
Cookies and Tracking Technologies
Our Website uses cookies and similar technologies for various purposes, such as enhancing your experience and analyzing website traffic.
You have the choice to accept or decline cookies, but please note that declining cookies may impact your user experience on our Website.
Children’s Privacy
Our Website is not intended for children under the age of 18.
We do not knowingly collect Personal Data from children under 18. If you believe we might have information from or about a child under 18, please contact us.
Data Breach Notification
In the event of a data breach, we will take immediate steps to mitigate any potential harm and will notify affected individuals and relevant authorities in accordance with legal requirements.
Our data breach notification procedures are compliant with Hong Kong’s PDPO, GDPR, and other applicable data protection laws.
Compliance with Hong Kong's PDPO
We are committed to complying with the PDPO, including adhering to mandatory data breach notification requirements and ensuring appropriate data security measures are in place.
Compliance with GDPR
As part of our commitment to global data protection, we adhere to the General Data Protection Regulation (GDPR) for our users in the European Union. This includes implementing necessary measures like data protection impact assessments and appointing a Data Protection Officer where required.
We ensure that data processing activities involving EU residents’ personal data are conducted in compliance with the GDPR.
Compliance with U.S. Privacy Laws
We recognize and adhere to various U.S. state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA). We ensure that our data handling practices respect the rights provided to residents of the United States under these laws.
This includes honoring requests for information access, deletion, and opt-out of sale of personal information, as stipulated by applicable laws.
Third-Party Websites and Services
Our Website may contain links to external third-party websites and services. Please be aware that we are not responsible for the content or privacy practices of these external sites.
We encourage you to review the privacy policies of any third-party sites or services before providing any personal data.
Updates to Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. When we make changes, we will update the “Effective Date” at the top of this policy.
We encourage you to periodically review this Privacy Policy for the latest information on our privacy practices.
Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of Hong Kong, without regard to its conflict of law principles.
Any disputes arising under or in connection with this Privacy Policy shall be subject to the jurisdiction of the courts of Hong Kong.
Contact Information
If you have any questions or concerns about this Privacy Policy or our data handling practices, please contact us at:
Email: support@theblissboutique.com
Address: 2301 BAYFIELD BUILDING 99, HENNESSY ROAD WANCHAI, HONG KONG
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy.
Effective Date
This Privacy Policy is effective as of 1st January 2024 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.