GDPR Privacy Policy

GDPR Privacy Policy

Last updated: May 2, 2023

This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information when You use the Service, and tells You about Your privacy rights and how the law protects You.

We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

"Account" means a unique account created for You to access our Service or parts of our Service.

"Company" (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to chimidoll.
For the purpose of the GDPR, the Company is the Data Controller.

"Country" refers to Hong Kong.

"Cookies" are small files that are placed on Your computer, mobile device, or any other device by a website, containing details of Your browsing history on that website among its many uses.

"Data Controller", for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.

"Device" means any device that can access the Service such as a computer, a cellphone, or a digital tablet.

"Personal Data" is any information that relates to an identified or identifiable individual.
For the purposes of GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity.

"Service" refers to the Website.

"Service Provider" means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, provide the Service on behalf of the Company, perform services related to the Service, or assist the Company in analyzing how the Service is used.
For the purpose of the GDPR, Service Providers are considered Data Processors.

"Usage Data" refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

"Website" refers to chimidoll, accessible from https://www.chimidoll.com.

"You" means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Under GDPR, You may be referred to as the Data Subject or as the User.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address

  • First name and last name

  • Phone number

  • Address, State/Province, ZIP/Postal code, City

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers, and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used may include beacons, tags, and scripts to collect and track information and to improve and analyze Our Service.

Cookie Consent (EEA/UK)

If You are located in the European Economic Area (EEA) or the United Kingdom, We use non-essential cookies (such as analytics and advertising cookies) only where You have provided your consent through our cookie banner or preference settings. You may withdraw or change your consent at any time by updating your cookie preferences.

Types of Cookies We Use

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.

We use both Session and Persistent Cookies for the purposes set out below:

Necessary / Essential Cookies

  • Type: Session Cookies

  • Administered by: Us

  • Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

Functionality Cookies

  • Type: Persistent Cookies

  • Administered by: Us

  • Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

Tracking and Performance Cookies

  • Type: Persistent Cookies

  • Administered by: Third Parties

  • Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website. The information gathered via these Cookies may directly or indirectly identify You as an individual visitor, as it may be linked to a pseudonymous identifier associated with the Device You use to access the Website. We may also use these Cookies to test new pages, features, or new functionality of the Website to see how our users react to them.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including to monitor usage

  • To manage Your Account and provide access to features

  • For the performance of a contract, including fulfilling orders, processing payments, delivery, and customer service

  • To contact You, such as order updates, service messages, and security notifications

  • To provide marketing communications (where permitted by law), such as special offers and product updates, unless You have opted out

  • To manage Your requests and support inquiries

  • For business transfers, such as a merger, sale of assets, or acquisition

  • For other purposes, such as analytics, improving our Service, evaluating campaigns, and enhancing user experience

Sharing Your Personal Data

We may share Your Personal Data in the following situations:

  • With Service Providers: to support website operations, analytics, payment processing, fulfillment, and marketing tools

  • For business transfers: in connection with a merger, acquisition, or sale

  • With affiliates: requiring them to honor this Privacy Policy

  • With business partners: to offer certain products, services, or promotions

  • With Your consent: for any other purpose with Your consent

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, including to comply with legal obligations, resolve disputes, and enforce agreements.

Usage Data is generally retained for a shorter period, except when used to strengthen security, improve functionality, or when legally required to be retained longer.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in processing are located. This means Your information may be transferred to—and maintained on—computers located outside of Your state, province, country, or other governmental jurisdiction where data protection laws may differ.

International Transfers (EEA)

If You are located in the European Economic Area (EEA), Your Personal Data may be transferred to and processed in countries outside the EEA, including Hong Kong. Where we transfer Personal Data outside the EEA, we will ensure that appropriate safeguards are in place in accordance with the GDPR, such as the European Commission’s Standard Contractual Clauses (SCCs), or other lawful transfer mechanisms.

The Company will take all steps reasonably necessary to ensure Your data is treated securely and in accordance with this Privacy Policy, and no transfer will take place unless adequate controls are in place.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities.

Other Legal Requirements

The Company may disclose Your Personal Data in good faith where necessary to:

  • Comply with a legal obligation

  • Protect and defend the rights or property of the Company

  • Prevent or investigate possible wrongdoing

  • Protect the personal safety of Users or the public

  • Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us, but no method of transmission over the Internet or electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee absolute security.

Detailed Information on the Processing of Your Personal Data

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service.

Email Marketing

We may use Your Personal Data to contact You with newsletters, marketing, or promotional materials and other information that may be of interest to You, where permitted by law. You may opt out at any time by following the unsubscribe link in our emails or by contacting Us.

GDPR Privacy

Legal Basis for Processing Personal Data under GDPR

We may process Personal Data under the following conditions:

  • Consent: You have given Your consent for one or more specific purposes

  • Performance of a contract: necessary to fulfill an agreement with You

  • Legal obligations: necessary for compliance with legal requirements

  • Vital interests: necessary to protect vital interests

  • Public interests: necessary for a task carried out in the public interest or official authority

  • Legitimate interests: necessary for our legitimate interests, provided Your rights do not override those interests

Your Rights under the GDPR

If You are within the EU/EEA, You have the right to:

  • Request access to Your Personal Data

  • Request correction of Your Personal Data

  • Object to processing of Your Personal Data

  • Request erasure of Your Personal Data

  • Request the transfer of Your Personal Data

  • Withdraw Your consent at any time

Exercising Your GDPR Data Protection Rights

You may exercise your rights by contacting Us. We may ask You to verify Your identity before responding. We will respond as soon as reasonably possible.

You also have the right to complain to a Data Protection Authority. If You are in the EEA, you may contact your local data protection authority.

EU Representative

If You are located in the European Economic Area (EEA) and have questions about this Privacy Policy or wish to exercise your GDPR rights, you may contact us at kaijensen@chimidoll.com.
Where required by Article 27 of the GDPR, we will appoint an EU representative and provide their contact details upon request.

Children’s Privacy

Our Service is not directed to children. We do not knowingly collect personally identifiable information from children. If You are a parent or guardian and You believe Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data without appropriate consent, We will take steps to remove that information.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click a third-party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of third-party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy, You can contact us: