隱私政策

Last Updated: Jan 2026

The Lovini Holding Company Limited ("we", "us", "our", "Lovini") owns and operates Lovini in Hong Kong and China. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use our website (powered by Shopify), make a purchase, use our services, apply to join any of our loyalty programmes, or otherwise communicate with us.

We are committed to protecting your personal information in accordance with:

· The Personal Data (Privacy) Ordinance (Cap. 486) ("HK Privacy Ordinance") in Hong Kong.
· The Macau Personal Data Protection Act (Law 8/2005) ("Macau Privacy Act") in Macau.
· Other applicable data protection laws based on your location (e.g., GDPR for EEA/UK, CCPA/CPRA for California).

We will ensure compliance by our staff with the strictest standards of security and confidentiality.

A. COLLECTION OF PERSONAL DATA

A.1 What We Collect
Your privacy is important to us. We only collect information necessary to provide our services and protect your account.

We may collect personal information ("Personal Data") when you:

· Use our website or related services.
· Make a purchase or transaction.
· Apply to join any rewards or loyalty programme(s) ("Programmes") operated by us or our Affiliates (as defined below).
· Communicate with us.

The Personal Data we collect includes, but is not limited to:

· Contact Details: Name, address, billing/shipping address, phone number, email address, title.
· Account Information: Username, password, security questions, preferences, month of birth.
· Financial Information: Payment card details, financial account numbers, transaction history. (Note: We use PCI-DSS compliant payment processors; we do not store full card details on our servers.)
· Transaction Information: Items viewed, in cart, purchased, returned, or exchanged; order history.
· Communications: Content of your messages to customer support.
· Device & Usage Data: IP address, browser/device information, how you interact with our site (collected via cookies and similar technologies).
· Profile Data: Inferences drawn from the above to create a personalised profile.

A.2 Mandatory Information
Providing certain categories of Personal Data (specified at collection) is mandatory. If you do not provide mandatory data, we may not be able to provide our products/services, register you for a Programme, or process your transactions.

A.3 Sources of Information
We collect Personal Data from:

· You directly (when you provide it to us).
· Automatically via cookies and tracking technologies when you use our site.
· Our service providers (including Shopify).
· Our affiliates and partners.

B. USE OF PERSONAL DATA

We use your Personal Data for the following purposes:

· To Provide Services: Process membership applications, manage your account/Programme membership, verify identity, process orders/payments, arrange shipping, handle returns/exchanges, and communicate with you about your account/orders.
· Programme Operations: Administer rewards, points, birthday promotions, vouchers, and maintain your activity record across Programmes and purchases.
· Personalisation: Provide a tailored experience on our website, recommend products, and remember your preferences.
· Marketing & Advertising: With your consent or indication of no objection, we may use your contact details, preferences, and purchase history ("Marketing Data") to send promotional materials about our products, services, and Programme offers. (You have the right to opt-out at any time – see Section G).
· Business Improvement: Perform research, statistical analysis, and data analytics to improve our products, services, and operations.
· Security & Fraud Prevention: To detect and prevent fraudulent or illegal activity, protect public safety, and secure our services.
· Legal Compliance: To comply with legal obligations, respond to lawful requests from authorities, enforce our terms, or defend legal claims.
· Single Customer View: We may merge your Personal Data from different sources (e.g., across our Affiliates) to create a unified customer profile for the purposes above.

C. DISCLOSURE OF PERSONAL DATA

We may disclose your Personal Data to:

· Our Affiliates: For the purposes outlined in this policy. "Affiliates" means any entity controlling, controlled by, or under common control with Lovini Holding Company Limited.
· Service Providers (Third Party Service Providers): Entities that perform services on our behalf under strict confidentiality agreements, such as:
  · Shopify: Our e-commerce platform host. They process your data to power our online store.
  · Payment processors (e.g., Shopify Payments).
  · Fulfillment, shipping, and logistics partners.
  · IT, data analytics, customer support, and marketing service providers.
  · These providers are only permitted to use your data to perform services for us.
· Business & Marketing Partners: To provide services and advertising. For example, Shopify may use data to show you personalised ads from various merchants. You can opt-out of such "sharing" for targeted advertising (see Section G).
· Professional Advisors & Authorities: As required by law, to our legal/financial advisors, law enforcement, or government/regulatory bodies.
· In Business Transactions: In connection with a merger, sale, or transfer of assets.

D. RELATIONSHIP WITH SHOPIFY – ESSENTIAL TERMS

Our online store is hosted by Shopify Inc. They provide the e-commerce platform that allows us to sell to you.

· Shopify as a Data Processor: For store operations (e.g., processing your order), Shopify acts on our instructions. Your data is stored through Shopify’s secure systems.
· Shopify as a Data Controller: For its own purposes (e.g., platform security, improving Shopify services globally), Shopify acts independently. For these activities, Shopify is responsible for your personal information.
· Your Data & Shopify: Information you submit is transmitted to and processed by Shopify and its sub-processors, which may be located outside your country.
· Shopify's Policies: We recommend you review Shopify's Privacy Policy (https://www.shopify.com/legal/privacy) and Terms of Service (https://www.shopify.com/legal/terms) to understand their practices. For rights related to data processed by Shopify for its own purposes, contact Shopify directly via their Privacy Portal (https://privacy.shopify.com/en).
· Payment Security: We use PCI-DSS compliant payment gateways provided by Shopify and other partners.

E. INTERNATIONAL DATA TRANSFERS

Your Personal Data may be transferred to, stored, and processed in countries other than your own (e.g., Shopify's primary data centers are in the US/Canada). Shopify intends to ensure such transfers comply with applicable laws and use appropriate safeguards (like Standard Contractual Clauses for EEA/UK data).

F. DATA SECURITY & RETENTION

· We take reasonable technical and organisational measures to protect your Personal Data.
· No system is 100% secure. We cannot guarantee absolute security, especially for data in transit over the internet.
· We retain your Personal Data only as long as necessary for the purposes stated, to comply with legal obligations, resolve disputes, and enforce agreements.

G. YOUR RIGHTS & CHOICES (INCLUDING MARKETING OPT-OUT)

Depending on your location, you may have rights including:

· Correction: Request correction of inaccurate data.
· Deletion: Request deletion of your data.
· Portability: Request transfer of your data.
· Opt-Out of Marketing: You have the unconditional right to opt-out of receiving marketing communications at any time by:
  · Sending a written request to our contact address below (no fee charged).
· Opt-Out of Sale/Sharing for Targeted Advertising (where applicable): You may have the right to opt-out of the "sale" or "sharing" of your data for cross-context behavioral advertising. You can exercise this right by enabling the Global Privacy Control (GPC) signal in your browser.
· Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise these rights (except marketing opt-out which is free), please contact us using the details in Section I. We may need to verify your identity and may charge a reasonable fee for data access requests as permitted by the HK Privacy Ordinance.

H. COOKIES & TRACKING

We use cookies to enable security, maintain your browsing session, personalise your experience, and build customer profiles. You can disable cookies in your browser settings, but this may limit website functionality.

I. THIRD-PARTY LINKS & CHILDREN'S DATA

· Our site may link to third-party websites. We are not responsible for their privacy practices.
· Our services are not intended for children. We do not knowingly collect data from individuals under the age of majority in their jurisdiction.

J. CONTACT US & COMPLAINTS

For questions, to exercise your rights, or lodge a complaint:

Lovini Holding Company Limited
Address: Unit 8A , Winsan Tower, 98 Thomson Road, Wanchai, Hong Kong.
Email: info@lovini.com

We are the data controller for your Personal Data. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

K. CHANGES TO THIS POLICY

We may update this policy periodically. The latest version will be posted on our website with an updated "Last Updated" date.

L. GOVERNING LANGUAGE

In case of discrepancy between the English and Chinese versions, the English version shall prevail.