Privacy Policy

At Brightway HK, protecting your privacy is a top priority. This Privacy Policy explains how we collect, use, share and protect your personal information in compliance with European data protection laws, including the General Data Protection Regulation (GDPR). By using our website or services, you agree to the terms of this Privacy Policy.

Information We Collect

We may collect the following types of information:

Personal Identifiable Information (PII):

  • Name, email address, phone number and billing/shipping addresses.
  • Payment details for processing transactions.

Non-Personal Data:

  • IP address, browser type, operating system and device information
  • Cookies and analytics data to improve user experience.

Transaction Data

  • Details of purchases, returns and customer support interactions.

Communication Data:

  • Information provided through inquiries, feedback, or customer support.

How We Collect Information

Directly from You:

  • When you place an order, contact us, or subscribe to our stock updates.

Automatically:

  • Through cookies, web beacons and analytics tools when you visit our website.

From Third Parties:

  • Payment processors or couriers may share data necessary for fulfilling services.

How We Use Your Information

We use your data to:

Provide Services:

  • Process orders, payments and deliveries.

Improve User Experience:

  • Analyze website performance and optimize navigation.

Marketing and Communication:

  • Send promotional offers, stock updates and service notifications (with your consent).

Legal and Compliance Purposes:

  • Meet regulatory requirements and prevent fraud or abuse.

Legal Basis for Processing Your Data

We process your data under the following lawful bases:

  • Consent: For sending marketing emails or using non-essential cookies.
  • Contractual Necessity: To fulfill your orders and provide services.
  • Legitimate Interests: For business improvements, analytics and fraud prevention.
  • Legal Obligations: To comply with tax, financial and other regulatory laws.

Sharing Your Information

We do not sell or rent your personal data. However, we may share your information with:

Service Providers:

  • Couriers (e.g., DHL, UPS) for shipping orders.
  • Payment processors for secure transaction handling.

Business Partners:

  • Analytics providers like Google Analytics to improve our services.

Legal Authorities:

  • When required by law or to protect our rights, property, or safety.

Data Retention

Retention Periods:

  • Personal data is retained as long as necessary to fulfill its purpose.
  • Transaction data is retained for six years for tax and audit purposes.

Deletion:

  • Once data is no longer needed, it is securely deleted or anonymized.

Your GDPR Rights

As a resident of the European Economic Area (EEA), you have the following rights:

Right to Access:

  • Request a copy of the personal data we hold about you.

Right to Rectification:

  • Request correction of inaccurate or incomplete information.

Right to Erasure:

  • Request deletion of your data under certain conditions (e.g., when no longer needed).

Right to Restriction:

  • Request limited processing of your data in specific circumstances.

Right to Data Portability:

  • Receive your data in a structured, commonly used format.

Right to Object:

  • Object to data processing for direct marketing or legitimate interests.

Right to Withdraw Consent:

  • Request correction of inaccurate or incomplete information.

Right to Rectification:

  • Withdraw consent for processing where applicable (e.g., marketing).

How to Exercise Your Rights

To exercise your rights, please contact us:

We will respond to your request within 30 days, as required by GDPR.

Data Security

We use robust security measures to protect your personal data, including:

Technical Safeguards:

  • SSL encryption for secure online transactions.
  • Secure servers and firewalls to prevent unauthorized access.

Organizational Safeguards:

  • Limiting access to personal data to authorized personnel only.
  • Regular staff training on data protection policies.

Cookies and Tracking Technologies

We use cookies to enhance user experience and analyze website traffic. For more details, please refer to our Cookie Policy.

Data Transfers Outside the EEA

If personal data is transferred outside the EEA, we ensure compliance with GDPR safeguards, including:

  • Standard Contractual Clauses (SCCs).
  • Binding Corporate Rules (BCRs).
  • Adequacy decisions from the European Commission.

Contact Us

For questions or concerns about this Privacy Policy, please contact us:

Contact Information

For questions about these Terms, please contact us at: