Privacy Policy

Collection of Information
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address, email address and phone contact. By providing this information to us, you have given your consent for data collection.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email promotional marketing is included by default and comes with an opt-out option: We may send you emails about our store, new products and other updates only with your express permission.
We assure that any such information you provide to us will not be shared, except with your express written consent.

Consent
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
If after you opt-out and you change your mind, you may still contact us at johnnylucy@outlook.com to expressively include your consent for us to contact you for our email promotional marketing.

Data & Payment Security
Our storefront is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
Your credit card information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption.

If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service or Privacy Statement.

If you choose payment through Paypal, you may want to read about Paypal's FAQ about Security.

* Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

Cookies
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.

Third Party Links & Tools
However we do not monitor, have control or provide input to third party links and tools provided via our Services.
It is your responsibility to carefully review the privacy policies and practices of the third parties and make sure you understand them before you engage in any transaction that will inexplicably require your personally identifiable information.

User Feedback
Any personally identifiable information you provide in comments or feedback posted to any blog on this website may be read, collated and used by anyone viewing them.
We are not responsible for personally identifiable information you may choose to make available through these channels. 

Changes to Privacy Policy
We reserve the exclusive right to modify this privacy policy at any time. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

Our Obligations

1. Consent Obligation

1.1 We only collect, use or disclose personal data for purposes for which an individual has given his or her consent.
1.2 We allow individuals to withdraw consent, with reasonable notice, and inform them of the likely consequences of withdrawal. Upon withdrawal of consent to the collection, use or disclosure for any purpose, we shall cease such collection, use or disclosure of the personal data.

2. Purpose Limitation Obligation
2.1 We collect, use or disclose personal data about an individual for the purposes that a reasonable person would consider appropriate in the circumstances and for which the individual has given consent.
2.2 We may not, as a condition of providing our product or Services, require the individual to consent to the collection, use or disclosure of his or her personal data beyond what is reasonable to provide our product or Services.

3. Notification Obligation
3.1 We notify individuals of the purposes for which your organisation is intending to collect, use or disclose their personal data on or before such collection, use or disclosure of personal data.

4. Access & Correction Obligation
4.1 We provide, upon request from an individual, his or her own personal data and information about the ways in which his or her personal data has been or may have been used or disclosed within a year before the request.
4.2 We are, however, prohibited from providing an individual access if the provision of the personal data or other information could reasonably be expected to:

- cause immediate or grave harm to the individual’s safety or physical or mental health;
- threaten the safety or physical or mental health of another individual;
- reveal personal data about another individual;
- reveal the identity of another individual who has provided the personal data, and the individual has not consented to the disclosure of his or her identity; or
- be contrary to national interest.


4.3 We correct any error or omission in an individual’s personal data upon his or her request, as soon as practicable, unless we are satisfied on reasonable grounds that the correction should not be made.

5. Accuracy Obligation
5.1 We make reasonable effort to ensure that personal data collected by us is accurate and complete.

6. Protection Obligation
6.1 We make reasonable security arrangements to protect the personal data that we possess or control to prevent unauthorised access, collection, use, disclosure or similar risks.

7. Retention Limitation Obligation
7.1 We cease retention of personal data or remove the means by which the personal data can be associated with particular individuals when it is no longer necessary for any business or legal purpose.

8. Transfer Limitation Obligation
8.1 We transfer personal data to another country only according to the requirements prescribed under the regulations, to ensure that the standard of protection provided to the personal data so transferred will be comparable to the protection under the PDPA, unless exempted by the PDPC.

9. Openness Obligation
9.1 We make information about your data protection policies, practices and complaints process available on request.

10. Purpose-based Exceptions
10.1 There are exceptions to these policies. Eg., some of these exceptions relate to emergency situations, investigations, publicly available data or where the personal data is used for evaluative purposes. For more exceptions, please refer to the Second to Sixth Schedules of the PDPA.
10.2 We reserve the exclusive right to disclose your personally identifiable information as required by law or any purpose-based exceptions and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order or legal process served on our website.


Questions regarding this privacy policy should be sent to us at johnnylucy@outlook.com, or through our Contact Us page.