Privacy Policy
WHAT THIS PRIVACY POLICY COVERS
This privacy policy (“Privacy Policy”) is for xuanminhhoang.com (“we”, “us” or “our”) and describes how and why we might collect, store, use and/or share (“process”) your personal information when you use our services (“Services”), such as when you visit our website (“Site”) or engage with us in other related ways.
Where we’re processing your personal information in relation to our Services, we’re “controller” of your personal information under data protection laws.
Where we refer to “personal information” in this Privacy Policy, we mean information which constitutes “personal data” under the UK’s implementation of the General Data Protection Regulation (the “UK GDPR“). This can be any information that directly identifies you (such as your name or email address), but also information that identifies you indirectly or would identify you when pieced together with other information (such as your age, gender, demographic information, IP address, and cookie identifiers/other unique online identifiers).
- The personal information we collect;
- How and why we collect and use your personal information;
- Why we process your personal information;
- When and why we’ll share your personal information;
- The rights and choices you have when it comes to your personal information;
- Why we use cookies;
- The steps we take to ensure that your information is kept secure and confidential;
- How long we’ll hold your information for; and
- How to contact us.
WHAT PERSONAL INFORMATION WE COLLECT
Information You Disclose To Us
We collect personal information that you voluntarily provide to us when you register on our Site or for our Services, express an interest in obtaining information about us or our Services, when you participate in our Services or otherwise when you contact us.
The personal information we collect depends on the context of your interactions with our Site and the Services, the choices you make and the features you use. It may include some or all of the following:
- Names
- Email addresses
- Usernames for our Site and/or Services
- Passwords for our Site and/or Services
For example, we collect information about you during the checkout process on our store. This may include:
- Products you’ve viewed – we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type – we’ll use this for purposes like estimating taxes and shipping
- Shipping address – we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order.
We’ll also use cookies to keep track of basket contents while you’re browsing our site.
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password.
We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for the required number of years for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We do not collect or process any sensitive personal information.
Information Automatically Collected
We automatically collect certain information that cannot identify you directly when you use our Site and Services. While this information does not reveal specific identity information (such as name or contact information), it may include device and usage information, such as IP address, browser and device characteristics as well as referring URLs, location and information about how and when you use our Site and Services and other such technical information. This information is required for the operation and security of our Site and Services and for internal analytics and reporting purposes.
Like most business, we collect certain information automatically using cookies and similar technologies. Further information regarding use of cookies is below.
HOW WE USE AND PROCESS YOUR PERSONAL INFORMATION
We use and process your personal information:
- To deliver and facilitate the delivery of our Site and Services, including:
- Show you products you’ve recently viewed
- For estimating taxes and shipping costs
- To otherwise facilitate sending you an order
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- To respond to enquiries and offer support in relation to the use of our Site and Services;
- If you subscribe to our mailing list, to send you administrative, marketing and promotional communications, including to:
- Let you know of any news, such as new Site pages or posts
- Keep you informed of other new features we may introduce
- Invite you to take part in polls and other market research activities carried out by us and on our behalf (any feedback you provide will only be used to improve our Site and will not be published)
- Send administrative information to you such as to alert you to changes to our services (for example, changes to our Terms
- To protect our Site, Services and users;
- To identify Site and Service usage trends and the effectiveness of any marketing and promotional campaigns so that we may better understand each, improve our Site, Services, and any marketing and promotional campaigns and to tailor those to you where needed or useful;
- If we adopt Site advertising, to deliver targeted advertising to you, filtered by interests, location and other factors.
WHY WE PROCESS YOUR PERSONAL INFORMATION
We’ll only collect and use your personal information in accordance with data protection laws. Our legal bases for processing your personal information in the ways described in this Privacy Policy are:
- Performance of a contract — We may process your personal information when we believe it’s necessary to fulfil our contractual obligations to you, including providing our Services.
- Consent — We may process your information if you have given us permission to do so.
- Legitimate interests — We may process some of your personal information where we believe that it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. Our legitimate interests for processing your personal information include:
- Sending users information about our Site and Services and to support our marketing activities;
- If we adopt advertising, developing and displaying personalised and relevant advertising;
- Analysing how our Site and Services are used so that we can improve them;
- Diagnosing problems and/or preventing fraudulent activities.
- Legal obligations — We may be required to process your personal information to comply with a legal obligation on us; for example, an obligation to disclose the information to a court or regulator, governmental, compliance or law enforcement agency, or in connection with legal proceedings; or to prevent fraud and money laundering, which might involve disclosure to a fraud prevention agency. We may also be required to process certain personal information about you to respond to (and verify we are able to respond to) a data subject rights request that you have submitted.
- Vital interests — We may process your information where we believe that it is necessary to protect your or a third party’s vital interests.
USE OF CHILDREN’S PERSONAL INFORMATION
We do not knowingly collect or store any personal information of persons under the age of 18.
SHARING PERSONAL INFORMATION WITH OTHERS
We may share your personal information with:
- Certain vendors, consultants or other third-party service providers — We may share your information with certain third-party vendors, service providers, contractors or agents (“Third Party Service Providers”) who perform certain services for us or on our behalf and require access to such information to do so. We will ordinarily have contracts in place with such Third Party Service Providers to safeguard personal information and restrict use of that information by such Third Party Service Providers as well as to regulate its use in accordance with the terms of any agreement we have with them. The categories of such Third Party Service Providers may include:
- Performance monitoring tools
- Website hosting service providers
- Data storage service providers
- Data analytics service providers
- We use Google Analytics — we may share your information with Google Analytics to track and analyse the use of our Site and Services. The Google Analytics features that we use may include: Google Analytics Demographics and Interests Reporting, Google Display Network Impressions Reporting and Remarketing with Google Analytics. To opt out of being tracked by Google Analytics across the Site and Services, visit https://tools.google.com/dipage/gaoptout. You can opt out of Google Analytics Advertising Features through https://adsettings.google.com. Other opt out means include http://optout.networkadvertising.org and http://www.networkadvertising.org/mobile-choice. For more information on the privacy practices of Google, visit https://policies.google.com/privacy.
- User account registration and authentication services
- Payment processors
- Order fulfilment service providers
- Sales and marketing tools
- Communication tools
- Finance and accounting tools
- Legal related reasons —
- If required or permitted to do so by law;
- If required to do so by any court, governmental authority or law enforcement agency;
- If necessary in connection with legal proceedings or potential legal proceedings;
- We may share or transfer personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company; and · In line with our own Terms.
THIRD PARTY WEBSITES
Our Site contains external links to other websites that are not subject to this Privacy Policy. The inclusion of a link towards a third party website, service or application does not necessarily imply an endorsement from us. Please read our Terms for further information on external links, as well as the terms and conditions and privacy policy of any website you give your personal information to, as you’ll be bound by them. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services or applications that may be linked to or from our Site or Services and we are therefore not liable for anything that happens if you use those.
COOKIES
We use cookies, web beacons, pixel tags and tracking technology to help improve the functionality and performance of our Site and help us deliver our Services.
The information coming from our use of cookies will be aggregated to provide statistical information about usage. We do not use any information derived from cookies, nor any IP addresses we collect, to identify any individual user of our Site or Services.
Some third-party technology we use (such as embedded videos, social sharing) also drop cookies to improve your experience on their sites.
For details on what cookies we use, information on how to stop them being stored or how to delete ones already stored, read our Cookies Policy.
WHERE WE STORE YOUR PERSONAL INFORMATION
Keeping information about you secure is very important to us so we store and process your personal information in accordance with the high standards required under data protection laws. Our website administrators have access to the information you provide us, including:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and shipping information.
We have access to this information to help fulfill orders, process refunds and support you.
It might sometimes be necessary for us or our suppliers to transfer your personal information outside of the UK either within the European Economic Area (EEA) or outside of the EEA. For example, while our Site hosting provider uses servers located in the UK, they also have servers located in other countries which may be used from time to time for the hosting of our Site. We use a mailing list subscription service that is based in the U.S.A. and hosts its data on servers there.
We share information with third parties who help us provide our orders and store services to you. For example, we do not directly process payment processing information. We accept payments through Stripe. When processing payments, some of your data will be passed to Stripe, including information required to process or support the payment, such as the purchase total and billing information. Please see the Stripe Privacy Policy for more details.
If you are a resident of the UK, the EEA or Switzerland, you should be aware that other countries may not necessarily have data protection or similar laws as comprehensive as those in your country. However, we take all necessary measures to protect your personal information in accordance with this privacy notice and applicable law. Those include using the European Commissions’ Standard Contractual Clauses for transfers of personal information between us and third party service providers. These clauses require all recipients to protect all personal information that they process which originates from the UK or EEA in accordance with European data protection laws and regulations.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION
We’ll only hold your personal information on our systems for the period necessary to fulfil the purposes outlined in this Privacy Policy and/or in cases in which you’ve provided your consent (which you may withdraw at any time), or until you request it is deleted (unless a longer retention period is required or permitted by law).
Even if you delete, or ask us to delete your personal information it may persist on back-up or archival media for legal, tax or regulatory purposes.
YOUR RIGHTS AND RESPONSIBILITIES
We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we collect and process. However, despite such safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure so we cannot promise or guarantee that hackers, cybercriminals or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal or modify your information. Although we will do our best to protect your personal information, transmission of such information to and from our Site and Services is at your own risk. You should therefore only access the Site and Services within a secure environment.
In some regions like the EEA, UK or Switzerland, you have certain rights under applicable data protection laws. These include:
- Right to access — The right to a copy of the personal information we hold about you. We’ll ask you to describe the information you require, as well as letting us know about any other email addresses you’ve used on our Site to enable us to trace your personal information. Depending on the nature of your request, we may also ask you for your full name, your date of birth and your full address and documents to allow us to verify your identity. Requests for copies of your personal information will be dealt with within one month, unless your request is complicated or if you’ve made a large number of requests. In these circumstances it may take us longer to deal with your request, in which case we’ll let you know;
- Right to correct — The right to have your personal information rectified if it is inaccurate or incomplete. Requests for us to correct your personal information will be dealt with within one month, unless your request is complicated or if you’ve made a large number of requests. In these circumstances it may take us longer to deal with your request, in which case we’ll let you know. If we believe that your personal information is accurate, we’ll let you know that we will not amend your personal information and why;
- Right to erasure — The right to request that we delete or remove your personal information from our systems. Data protection laws give exceptions to this right which, if applicable, we’ll explain in our response to you;
- Right to restrict use — In some circumstances you can ‘block’ us from using your personal information or limit the way in which we can use it;
- Right to data portability — The right to request that we move, copy or transfer your personal information; and
- Right to object — The right to object to our use of your personal information including where we use it for our legitimate interests, or where we use your personal information to carry out profiling to inform our market research and user demographics. If you raise an objection we’ll stop processing your personal information unless an exemption under UK data protection law applies, in which case we’ll let you know why we’re continuing to process your personal information.
- Withdrawing consent — If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can unsubscribe from our mailing list communications at any time using the unsubscribe link in the emails that we send or by contacting us. You will then be removed from marketing lists. We may still however communicate with you where necessary in relation to service-related messages concerning administration and use of your personal data, our Site and/or Services, to respond to requests and for other such non-marketing purposes. Please note that this will not affect the lawfulness of any processing before its withdrawal nor will it affect the processing of information done in reliance on lawful processing grounds other than consent.
To make enquiries, exercise any of your rights set out in this Privacy Policy and/or make a complaint please contact us via our contact page. We will consider and act upon any request in accordance with applicable data protection laws.
If you’re not satisfied with the way any complaint you make in relation to your personal information is handled by us then you may be able to refer your complaint to the relevant data protection regulator. In the UK, this is the Information Commissioner’s Office.
CHANGES
We reserve the right to amend or modify this Privacy Policy at any time and any changes will be published on the Site. The date of the most recent revision will appear on this page. If we make significant changes to this policy, we may also notify you by other means such as sending you an email. If you do not agree with any changes please do not continue to use the Site or Services.
HOW TO CONTACT US
Please contact us via our contact page.