Respecting and protecting our customers’ privacy and personal data is important to Luxarity Limited and its related companies (including all holding, subsidiary and affiliate companies) (collectively, we or us). This policy will help you understand how we collect, use and safeguard your personal data in our interactions with you.
It also describes your data protection rights, including a right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the section What rights do I have?.
What information do we collect?
We collect and process personal data about you when you:
Visit and/or contact us on any websites owned and operated by us (including luxarity.com, Luxarity Facebook Page and Instagram Page) (collectively, our Site);
Place an order with us at our pop-up or physical stores; and
Subscribe to our newsletters.
How do we use this information, and what is the legal basis for this use?
We process personal data for the following purposes:
to conduct our business and pursue legitimate interests, in particular:
To provide our services to you, including: responding to any questions you may have, providing you with recommendations on products in our stores or on our Site; assessing your applications with us for any of our services; fulfilling any orders you may make with us (including verification and security checks of your details, processing of your payments, and shipping products that you have ordered to you); and
We monitor use of our Site and online services, and use your information to help us monitor, improve and protect our products, content, services and websites, both online and offline;
when you give us consent (if required):
To provide you with direct marketing communications in relation to our relevant products and services, or other products and services provided by us, our related companies and brand partners:
We may market to you our goods and services, and the goods and services of: (a) our related companies (including our affiliate and subsidiary companies), (b) business partners, and (c) other third party providers. Such marketing communications may be in various forms, including advertisements, special events notifications or newsletters, and delivered via various methods in accordance with the personal data that you provide to us, such as by email, SMS, WeChat messages, smartphone app push notifications, notifications on your social media pages, in –app messaging or postal mail.
Such marketing communications may market or offer products or services (including special events and promotions) in the following categories: Dining, food and beverages, sports, music, film, television and other entertainment, clothing and accessories, jewellery, luggage and bags, cosmetics, personal health and hygiene, electronics, home furnishings, and housewares, automobiles, transport and travel, hotels, financial services, loyalty and reward programs, media services, entertainment services, social networking services, payment services, on-line advertising services, other e-commerce, information and communications and services, concierge services, and other products and services that we think may be relevant to you based on information you provide to us (for instance, via your participation in our surveys).
To allow you to register for and participate in our events and promotions, including verifying your identity at those events and promotions; and
To analyse trends, usage and browsing and shopping behaviour with us (whether on an individualized or aggregated basis), which helps us better understand how you and our collective customer base access and use our Site and services, for the purposes of improving our services and to respond to customer desires and preferences. For these purposes, we will use personal data about your gender, age, interests, geographical location, Site usage (including browsing behaviour / activities), shopping behaviour and other personal data.
for purposes which are required by law in response to requests by government or law enforcement authorities conducting an investigation.
Relying on our legitimate interests
We have carried out balancing tests for all the data processing we carry out on the basis of our business and legitimate interests, which we have described above. You can obtain information on any of our balancing tests by contacting us using the details set out later in this policy.
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. Specifically, in the case of customers from the European Economic Area (EEA), we are able to send you direct marketing without your consent, where we rely on our business or legitimate interests. Irrespective of the legal basis on which we rely to send you direct marketing, you have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by: (a) contacting our Privacy Officer at email@example.com or mailing to; Privacy Officer, Luxarity, 30/F, One Island South, 2 Heung Yip Road Wong Chuk Hang, Hong Kong, or (b) in the case of emails, by clicking the unsubscribe link at the bottom of such emails.
Who will we share this data with, where and when?
We will share your personal data with the related companies of Luxarity Limited.
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
Personal data will also be shared with third party service providers, namely:
Shopify, a payment service provider, who will process your name, email, shipping and billing address, payment details, company name, phone number, IP address, information about your order, information about us, and information about the device and browser that you use, on our behalf for the purposes of:
Providing our services to you as described in Clause 1.1 to you,
Storing and using this information to pre-fill your checkout information (for Shopify Pay), and
(If we have obtained your consent) helping to customize and improve your experience when you visit our store by presenting to you goods and service that are more likely to be of interest to you.
Some of your information may be used to conduct some level of automated decision-making – for example, using your IP addresses or payment information to automatically block certain potentially fraudulent transactions for a short period of time.
Shopify may further transfer your personal data to third parties for the purposes of:
Prevention and investigation of or action against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of the Shopify Terms of Service or any other agreement related to Shopify’s services, or as otherwise required by law or
Conforming to legal requirements, or responding to lawful court orders, subpoenas, warrants, or other requests by public authorities (including to meet national security or law enforcement requirements).
Google and Facebook, for matching of your personal data with their database in order to send you our direct marketing materials through your Google and/or Facebook account(s).
In the event that our business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
If you are from the EEA, where information is transferred outside the EEA, and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, data will be adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor’s Processor Binding Corporate Rules. A copy of the relevant mechanism can be provided for your review on request to the contact mentioned in the section “How do I get in touch with you” below. Your personal data may be transferred to Hong Kong Special Administrative Region, United States of America and Canada.
What rights do I have?
Where permitted by law, you have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us in a structured, machine readable format, and to ask us to share (port) this data to another controller.
In addition, if you are from EEA you can object to the processing of your personal data in some circumstances (in particular, where we do not have to process the data for business or other legitimate interests, purposes for which consent has been given (including direct marketing) or other legal requirements).
Theserights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are available under applicable laws. We will inform you of relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us – or our privacy officer – using the details set out below. (Applicable only if you are from the EEA: If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.)
How do I get in touch with you?
We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, or would like to opt out of direct marketing, you can get in touch at firstname.lastname@example.org or by writing to Privacy Officer, Luxarity, 30/F, One Island South, 2 Heung Yip Road, Wong Chuk Hang, Hong Kong.
Who is the data controller?
The data controllers are Luxarity Limited, and its related companies; contact details can be found in the section How do I get in touch with you above.
How long will my data be kept?
Where we process your data for fulfilling your order, we do this for as long as it is necessary to fulfil your order, and it is required for business and legitimate interests or legal requirement [(applicable if you are from the EEA only for 7 years after any business and legitimate interests or legal requirements no longer exist)].
Where we process personal data for marketing purposes (including for your participation in our events and promotion activities) or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.
(Applicable if you are from the EEA only) Where we process personal data for site security purposes, we retain it for 7 years after any business and legitimate interests no longer exists, and where we process personal data in connection with performing a contract or for a competition, we keep the data for 7 years from your last interaction with us.