Privacy policy

Privacy & Security Policy

Last Updated: 22.AUG 2025

We are committed to protecting your personal data. This policy outlines what we collect, how it's used, and your rights under data protection laws (including GDPR).


1. Data We Collect

We collect the following types of data directly or via third-party tools (e.g. Google Analytics, Facebook, Stripe, PayPal, Shopify):

  • Personal Info: Name, email, phone number, billing/shipping address, username, profile photo

  • Usage Data: IP address, browser type, time spent on pages

  • Location Data: Country, city, province/state

  • Device Data: Unique device identifiers, cookies, ad IDs

  • Order & Payment Data: Credit card, billing info (processed securely by third-party providers)


2. How We Use Your Data

Your data is used to:

  • Process orders and payments

  • Deliver products and services

  • Send order confirmations and service updates

  • Improve website performance and user experience

  • Send promotional updates (if you opt-in)

  • Show relevant ads (e.g. via Google Ads, Facebook)

We never sell your personal data.


3. Cookies & Tracking

We use cookies and similar technologies to:

  • Monitor site traffic (Google Analytics)

  • Serve targeted ads (Facebook, Google Ads)

  • Integrate services (e.g. Instagram, live chat)

You can manage or opt-out of cookies in your browser settings or via our cookie consent banner.


4. Legal Basis for Processing

We process your data based on:

  • Your consent

  • Fulfilling a contract (e.g. product orders)

  • Legal obligations (e.g. tax laws)

  • Legitimate business interests (e.g. fraud prevention, marketing)


5. Data Security

We use secure systems and trusted providers to protect your data against unauthorized access, loss, or misuse.


6. Data Retention

We retain your personal data only as long as necessary for the purposes collected (e.g. order fulfillment, legal compliance). After that, it is securely deleted.


7. International Transfers

Data may be processed in the U.S. or other countries where our service providers (like Stripe, PayPal, Google, Meta) operate. Safeguards are in place to protect your data during cross-border transfers.


8. Your Rights

You have the right to:

  • Access your data

  • Correct inaccurate data

  • Request data deletion

  • Object to certain uses (e.g. direct marketing)

  • Withdraw consent at any time

Contact us to exercise your rights.


9. Third-Party Services

We use third-party platforms for:

  • Payments: Stripe, PayPal, Shopify

  • Analytics: Google Analytics

  • Advertising: Google Ads, Facebook

  • Social Media Widgets: Instagram, Facebook

These services may collect data under their own privacy policies.


10. Contact Us

For questions about your data or this policy, contact us at: info@xmastreeonline.hk

Â