This Privacy Policy (“Policy”) explains how HK XIANWEI E-BUSINESS LIMITED (“we”, “us”, “our”) collects, uses, stores, processes, and protects your personal data when you access, browse, or use our website www.solvaneliving.com (the “Website”), place an order, or interact with our services. We are committed to complying with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA, including its amendment CPRA), and the Hong Kong Personal Data (Privacy) Ordinance (PDPO) to ensure the security and confidentiality of your personal data. By using our Website or services, you (“you”, “your”) acknowledge that you have read, understood, and agreed to the practices described in this Policy.
1. Company Information
Data Controller: HK XIANWEI E-BUSINESS LIMITED
Address: FLAT/RM DO7, 8/F, KAI TAK FTY BUILDING, NO.99 KING FUK STREET, SANPOKONG, KL
We act as the data controller, responsible for determining the purposes and methods of processing your personal data, and ensuring full compliance with applicable data protection laws throughout the data processing lifecycle.
2. What Personal Data We Collect
We collect personal data that is necessary for providing our services, processing your orders, and complying with legal obligations, in line with the data minimization principle under GDPR. The types of personal data we collect include, but are not limited to:
2.1 Personal Identification Data
This includes information you provide when registering an account, placing an order, or contacting customer service, such as your full name, email address, phone number, and shipping/billing address. This data is collected to fulfill our contract obligations with you and ensure smooth order processing.
2.2 Payment Data
When you make a purchase, we collect payment-related information (e.g., credit card number, payment card expiration date) through our third-party payment service providers. We do not store full payment card details; all payment data is processed and stored by our compliant payment partners, who adhere to industry security standards (e.g., PCI DSS).
2.3 Usage and Browsing Data
We automatically collect non-identifiable data when you use our Website, including your IP address, browser type, device information, browsing history (e.g., products viewed, pages visited), and interaction data (e.g., clicks, search queries). This data is used to improve our Website performance, personalize your shopping experience, and analyze user behavior.
2.4 Sensitive Personal Data
Pursuant to CCPA/CPRA, sensitive personal data includes precise geolocation, financial account information (when combined with access credentials), and personal data of individuals under 16 years of age. We do not intentionally collect sensitive personal data unless necessary for order processing (e.g., billing information) or with your explicit consent. We will never collect racial or ethnic background, religious beliefs, or health-related information.
2.5 Consent-Based Data
If you agree to receive marketing communications (e.g., newsletters, promotional offers), we will collect your consent and use your email address to send relevant information. You may withdraw your consent at any time (see Section 6).
3. How We Use Your Personal Data
We use your personal data only for specific, clear, and legitimate purposes, in accordance with the purpose limitation principle under GDPR. The main purposes include:
Processing and fulfilling your orders (e.g., verifying your identity, arranging shipping, processing payments, sending order confirmations and delivery updates);
Providing customer service (e.g., responding to your inquiries, handling returns/exchanges, resolving complaints);
Improving our Website and services (e.g., analyzing user behavior, optimizing product offerings, fixing technical issues);
Sending marketing communications (only if you have given your explicit consent), including promotional offers, new product announcements, and updates about our services;
Complying with legal obligations (e.g., retaining transaction records for tax purposes, responding to legal requests from regulatory authorities);
Preventing fraud and ensuring the security of our Website and services (e.g., detecting unauthorized access, verifying payment authenticity);
Exercising our legitimate business interests (e.g., customer relationship management, market research), provided that this does not override your privacy rights.
4. How We Share Your Personal Data
We will not sell, rent, or disclose your personal data to third parties except in the following circumstances, in compliance with GDPR, CCPA/CPRA, and PDPO:
4.1 Third-Party Service Providers
We may share your personal data with trusted third-party service providers who assist us in providing our services, including: Payment processors (to process your payments securely);Logistics and shipping partners (to deliver your orders and provide tracking information);IT service providers (to maintain our Website, manage data storage, and ensure system security);Marketing service providers (to send marketing communications, only if you have consented).
All third-party service providers are required to sign a data processing agreement (DPA) or similar contract, which obliges them to process your personal data only in accordance with our instructions, implement appropriate security measures, and comply with applicable data protection laws.
4.2 Legal and Regulatory Requirements
We may disclose your personal data if required by law, court order, or regulatory authority (e.g., tax authorities, data protection agencies) to comply with legal obligations or protect our legitimate rights and interests.
4.3 Data Transfers
As a Hong Kong-based company, we may transfer your personal data to Hong Kong or other jurisdictions outside the EU/EEA. In accordance with GDPR’s cross-border data transfer requirements, we ensure that any transfer to a jurisdiction not deemed to provide an adequate level of data protection is accompanied by appropriate safeguards, such as EU Standard Contractual Clauses (SCCs). We also comply with Hong Kong PDPO’s requirements for cross-border data transfers, including assessing the protection level of the receiving jurisdiction.
4.4 CCPA/CPRA Sale and Sharing Disclosure
Pursuant to CCPA/CPRA, “sale” refers to transferring personal data for monetary or other valuable consideration, and “sharing” refers to providing personal data for cross-context behavioral advertising. We do not sell or share your personal data with third parties for cross-context behavioral advertising without your explicit consent.
5. Data Security and Retention
5.1 Data Security
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction, in line with the integrity and confidentiality principle under GDPR. These measures include: Encryption of personal data during transmission and storage;Access control measures (e.g., password protection, role-based access) to limit access to personal data;Regular security audits and updates to our IT systems;Training for our employees on data protection and security best practices;A data breach notification mechanism, in compliance with Hong Kong PDPO’s requirement to report data breaches to the Privacy Commissioner for Personal Data within 72 hours if they pose a risk to individuals.
While we take all reasonable steps to protect your personal data, no method of data transmission or storage is 100% secure. We cannot guarantee the absolute security of your personal data, but we will always act in good faith to minimize risks.
5.2 Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law, in accordance with the storage limitation principle under GDPR. Specific retention periods include: Order and payment data: Retained for 7 years from the date of the order (to comply with tax and legal obligations);Account and contact data: Retained for as long as your account is active, or for 2 years after your account is closed (to handle any post-purchase inquiries or complaints);Marketing data: Retained until you withdraw your consent, or for 2 years after your last interaction with our marketing communications;Usage and browsing data: Retained in anonymized form (no longer identifiable to you) for up to 1 year for analytics purposes.
Once your personal data is no longer needed, we will securely delete or anonymize it to ensure it cannot be linked to you.
6. Your Data Protection Rights
Pursuant to GDPR, CCPA/CPRA, and PDPO, you have the following rights regarding your personal data. We will respond to your requests free of charge within a reasonable time (no later than 30 days, or 45 days for complex requests):
6.1 Right to Access
You have the right to request a copy of the personal data we hold about you, including details of how we collect, use, and share your data.
6.2 Right to Correction
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you (e.g., updated shipping address, contact information).
6.3 Right to Deletion (Right to Be Forgotten)
You have the right to request that we delete your personal data if: it is no longer needed for the purpose it was collected; you withdraw your consent; we have processed your data unlawfully; or deletion is required by law. We may refuse your request if we need to retain the data to comply with legal obligations or exercise our legitimate rights.
6.4 Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data if: you dispute the accuracy of the data; the processing is unlawful but you do not want it deleted; we no longer need the data but you need it for legal claims; or you have objected to processing based on legitimate interests.
6.5 Right to Data Portability
You have the right to request that we provide your personal data in a structured, machine-readable format, or to transfer it directly to another data controller, where technically feasible.
6.6 Right to Object
You have the right to object to the processing of your personal data for marketing purposes or based on our legitimate interests. We will stop processing your data unless we have compelling legitimate grounds to continue, or we need to process it for legal reasons.
6.7 CCPA/CPRA-Specific Rights
If you are a California resident, you have additional rights under CCPA/CPRA, including: The right to know the categories and specific pieces of personal data we collect, use, and disclose;The right to opt out of the sale or sharing of your personal data;The right to limit the use and disclosure of your sensitive personal data;The right to non-discrimination for exercising your privacy rights (we will not deny you services, charge you higher prices, or provide lower-quality services because you exercise your rights).
6.8 How to Exercise Your Rights
To exercise any of the above rights, please contact us at wayne@dramapapa.com, providing your full name, email address, and sufficient details to verify your identity (to ensure we do not disclose data to unauthorized individuals). We may request additional information if needed to process your request.
7. Cookies and Similar Technologies
We use cookies and similar technologies (e.g., web beacons, pixels) to enhance your browsing experience, analyze Website usage, and personalize content. Cookies are small text files stored on your device that allow us to recognize your browser and remember your preferences.
You can manage your cookie preferences through your browser settings (e.g., block or delete cookies). However, disabling certain cookies may affect the functionality of our Website (e.g., inability to process orders or remember your account details).
8. Children’s Privacy
Our Website is not intended for children under the age of 16. We do not intentionally collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without parental/guardian consent, we will immediately delete the data. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at wayne@dramapapa.com to request deletion.
9. Changes to This Policy
We reserve the right to modify this Privacy Policy at any time to reflect changes in data protection laws, our business practices, or regulatory requirements. Any changes will be posted on our Website, and the revised Policy will take effect immediately upon posting. Your continued use of our Website or services after the changes take effect will constitute your acceptance of the revised Policy.
We encourage you to review this Policy regularly to stay informed about how we protect your personal data.
10. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or our data protection practices, please contact us at: Email: wayne@dramapapa.com Address: FLAT/RM DO7, 8/F, KAI TAK FTY BUILDING, NO.99 KING FUK STREET, SANPOKONG, KL
If you are not satisfied with our response, you may lodge a complaint with the relevant data protection authority: EU/EEA: Your local data protection authority (e.g., CNIL in France, ICO in the UK);California (USA): California Attorney General’s Office;Hong Kong: Privacy Commissioner for Personal Data.
