Privacy policy

This Privacy Policy describes how www.hearttreasures.asia (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.  

 Collecting Personal Information  

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.  

 Device information

  • Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.  
  • Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.  
  • Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.  
  • Disclosure for a business purpose: shared with our processor Shopify, DonorBox, Stripe and Paypal.   

 Order information 

  • Examples of Personal Information collected: name, billing address, email address, shipping address, payment information (including credit card numbers, Stripe and PayPal Account Details), email address, and phone number.  
  • Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.  
  • Source of collection: collected from you.  
  • Disclosure for a business purpose: shared with our processor Shopify, Donorbox, Stripe and PayPal and our shipping provider, City Link Express.  

 Newsletter subscription information

  • Examples of Personal Information collected: Email address only.  
  • Purpose of collection: to provide you with the latest updates and promotions about Heart Treasures.  
  • Source of collection: collected from you.  
  • Further Information:You may unsubscribe from newsletters or notifications at any time by clicking the unsubscribe link at the bottom of every newsletter email.  

 Customer support information  

  • Examples of Personal Information collected:name, email address, phone number and any additional information voluntarily disclosed.  
  • Purpose of collection: to provide customer support.  
  • Source of collection: collected from you.  
  • Disclosure for a business purpose:

 Sharing Personal Information

We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:  

  • We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.  
  • We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.  
  • We use Paypal to facilitate online payments and donations. You can read more about how Paypal uses your personal information here: https://www.paypal.com/au/webapps/mpp/ua/privacy-full
  • We also use Stripe to facilitate online payments and donations. You can read more about how Stripe uses your personal information here: https://stripe.com/en-au/privacy
  • We use DonorBox to facilitate online donations. You can read more about how DonorBox uses your personal information here: https://donorbox.org/privacy.  

 Using Personal Information  

We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.  

 Lawful basis  

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:  

  • Your consent;  
  • The performance of the contract between you and the Site;  
  • Compliance with our legal obligations;  
  • To protect your vital interests;  
  • For our legitimate interests, which do not override your fundamental rights and freedoms.  

 Retention  

When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information.   

 Heart Treasures uses strict procedures and security features to prevent unauthorised access wherever possible. Personal data provided to Heart Treasures via our website or via any Applications and online credit card transactions are protected during transit using encryption such as Transport Layer Security (TLS). When personal data is stored by Heart Treasures, we use computer systems with limited access housed in facilities using physical security measures. Data stored in cloud services is in encrypted form including when we utilize third-party storage. The level of security of personal data which is kept in a non-electronic environment is also treated with strict procedures and means.  

 For more information on your right of erasure, please see the ‘Your rights’ section below.  

More information on the retention of your personal information can be found here: https://www.shopify.com/legal/privacy#information-protection.  

 However, no method of online transmission or storage can be 100% secure. This means that we cannot guarantee 100% security of your personal information.  

 Automatic decision-making  

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.  

We  DO NOT engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.  

 Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.  

 Services that include elements of automated decision-making include:  

  • Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.  
  • Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.  

 Your rights  

GDPR  

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.  

Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.  

 California Consumer Privacy Act (CCPA)  

If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.  

If you would like to designate an authorized agent to submit these requests on your behalf, please contact us at the address below.  

 Australian Privacy Act Compliance  

We adopt the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.  

Malaysian Personal Data Protection Act  

If you are a resident of Malaysia, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.  

This is in accordance with the Personal Data Protection Act 2010 (Malaysia).  

Japanese Act on the Protection of Personal Information  

Heart Treasures adopts and acknowledges the principles set out in the Japanese Act on the Protection of Personal Information 2017 (Japan). This Act regulates the use and retention of the personal data of all Japanese citizens regardless of the location of the data-retaining corporation. This Act places obligations on every business that obtains personal information from Japanese consumers.  

South Korean Personal Information Protection Act  

Heart Treasures adopts and acknowledges the principles set out in the Personal Information Protection Act 2020 (South Korea). This policy abides by the principles set out in that Act regarding the use of data belonging to consumers within South Korea.  

 New Zealand Privacy Act  

Heart Treasures adopts the Information Privacy Principles (IPPs) contained in the Privacy Act 2020 (NZ). The IPPs govern the way in which Heart Treasures collects, uses, stores and transfers the data of individuals within New Zealand.   

Individuals within New Zealand have the right to contact Heart Treasures regarding their personal information, using the contact details listed below.  

 Cookies  

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.  

We use the following cookies to optimize your experience on our Site and to provide our services.  

 Cookies Necessary for the Functioning of the Store  

Name  

Function  

_ab  

Used in connection with access to admin.  

_secure_session_id  

Used in connection with navigation through a storefront.  

cart  

Used in connection with shopping cart.  

cart_sig  

Used in connection with checkout.  

cart_ts  

Used in connection with checkout.  

checkout_token  

Used in connection with checkout.  

secret  

Used in connection with checkout.  

secure_customer_sig  

Used in connection with customer login.  

storefront_digest  

Used in connection with customer login.  

_shopify_u  

Used to facilitate updating customer account information.  

Reporting and Analytics  

Name  

Function  

_tracking_consent  

Tracking preferences.  

_landing_page  

Track landing pages  

_orig_referrer  

Track landing pages  

_s  

Shopify analytics.  

_shopify_fs  

Shopify analytics.  

_shopify_s  

Shopify analytics.  

_shopify_sa_p  

Shopify analytics relating to marketing & referrals.  

_shopify_sa_t  

Shopify analytics relating to marketing & referrals.  

_shopify_y  

Shopify analytics.  

_y  

Shopify analytics.  

  

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.  

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.  

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.  

 Do Not Track  

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.  

 Changes  

We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.  

 Contact  

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at hearttreasuressb@gmail.com or by mail using the details provided below:  

 Heart Treasures, No.147A, Lorong Persiaran Rainbow, Jalan Tun Ahmad Zaidi Adruce, 93150 Kuching, Sarawak, Malaysia, 93150 Kuching SWK, Malaysia  

 Last updated: 11/05/2021  

 If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority.