thesoong
(0)

Privacy Policy

Last updated: 2026-05-22

This Privacy Policy describes how thesoong, operated by [LEGAL_ENTITY] (registered in [REGISTERED_COUNTRY], registered address [REGISTERED_ADDRESS]; "we", "our", "us") collects, uses, and shares personal data. By using thesoong.com or thesoong.cn ("the site"), you agree to the practices described here.

DATA WE COLLECT

When you place an order: name, shipping and billing address, email, phone, payment method details (handled by our payment processors, never stored on our servers in full), order history.

When you create an account: email, hashed password, your saved addresses, wishlist, language preference.

Automatically when you browse: IP address, browser fingerprint, pages viewed, items added to cart, source of traffic, device type. We use cookies and similar technologies for this — see our cookie disclosures shown on first visit.

WHY WE PROCESS YOUR DATA

— To fulfil orders, process payments, and arrange shipping (contractual basis) — To send order confirmations, shipping updates, and customer service replies (contractual basis) — To send marketing emails about new collections and offers (only with your explicit consent; unsubscribe link in every email) — To improve the store, analyse traffic, and prevent fraud (legitimate interest) — To comply with legal obligations (tax records, sanctions screening, fraud reporting)

WHO WE SHARE WITH

Payment processors (Stripe, PayPal) to charge your card and detect fraud. Shipping carriers to deliver your order. Email service providers to send transactional and marketing email. Analytics providers (anonymised). Cloud hosting in Hong Kong and Cloudflare (worldwide). Tax authorities and law enforcement where legally required.

We do not sell your personal data to third parties.

WHERE YOUR DATA IS STORED

Primary servers are in Hong Kong. Image storage is on Cloudflare's global network. Backups are encrypted at rest. We use TLS 1.2+ for all transmissions.

YOUR RIGHTS (GDPR, CCPA, AND OTHER JURISDICTIONS)

You have the right to: access your data, correct inaccurate data, delete your data ("right to be forgotten"), restrict or object to processing, receive your data in a portable format, withdraw consent at any time, and complain to your local data protection authority.

To exercise any of these, email [DPO_EMAIL]. We respond within 30 days.

California residents (CCPA): you also have the right to know what categories of data we collect, the right to opt out of any "sale" of personal data (we do not sell), and the right to non-discrimination for exercising your privacy rights.

EU REPRESENTATIVE (Art 27 GDPR)

[EU_REP_NAME], [EU_REP_ADDRESS].

DATA RETENTION

Order records: 7 years (tax law). Account data: until you delete your account. Marketing consent records: until you withdraw consent + 6 months. Browsing analytics: 26 months.

COOKIES

Strictly necessary cookies are always set. Analytics, marketing, and preference cookies require your consent. Manage cookie preferences via the banner on first visit or via the "Cookie settings" link in our footer.

CHILDREN

The site is not directed to anyone under 16. We do not knowingly collect data from children. If you believe we have, contact [DPO_EMAIL] and we will delete it.

CHANGES TO THIS POLICY

We will notify you of material changes via email or a prominent notice on the site. The "last updated" date above reflects the most recent revision.

CONTACT

Data Protection Officer: [DPO_EMAIL] General privacy questions: [SUPPORT_EMAIL] Postal: [LEGAL_ENTITY], [REGISTERED_ADDRESS]