WorldsShopFAQ

PRIVACY POLICY

Last updated: November 11, 2024

1. Introduction

At Trendformer Limited, we value your privacy and are committed to protecting your personal data. This Privacy Policy outlines how we collect, use, and share your data when you interact with our mobile application ("Hey Clay"), website, and online store (collectively, the "Services").

This Policy complies with the General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), and Children’s Online Privacy Protection Act (COPPA) where applicable.

Updates to this Policy will be posted on this page, and continued use of the Services signifies your acceptance of the updated Policy. Please review this Policy periodically. If you have any questions, contact us at [email protected].

We may include links to third-party websites or partner with third parties to manage certain features on our Site. These third-party resources operate under their own privacy policies, which may differ significantly from ours. We are not responsible for their privacy practices or the security of any personal information you provide to them. We encourage you to review the privacy policies of these external sites before interacting with them.

2. Data We Collect and How We Collect It

Personal Information You Provide Directly:
  • Identity Data: Name, email address, password, date of birth, the same data about your family members if you create a family account, mailing (postal) address, passport data, payment information for purchases, and other details you submit by yourself depending on the situation (when you’re registering an account, creating a family account, placing an order for purchase and delivery the physical products, making in-app purchases, etc).
  • Family Account Data: Details on membership status (owner or member), details of family members, and family size.
  • Communication and account-related data: When using our services, we may collect communication metadata (such as logs, messages, IP addresses, in-app activities, and settings) and data related to your account (such as billing and subscription details, preferences).
Automatically Collected Data:
  • Device Data: for proper installation and running of our site, products, and services we may collect IP address, operating system, browser type, app version, language settings.
  • Usage Data: We collect information on how you use our website, products, and services, such as IP address, browser type/version, operating system, interaction logs, purchase records (physical and virtual), and feature usage. This data helps us improve our offerings and enhance your user experience.
  • Location Data: Approximate region derived from IP address for localized content and offers.

Third-Party Sources. We may also receive information about you from third-party partners or service providers when they assist in delivering our services to you. Namely, we receive data from Google Analytics to understand usage habits and trends, and to optimize service performance.

3. How We Use Your Data

We process your data for the following purposes:

  • Service Delivery: To manage accounts, ensure functionality, and provide personalized experiences to enable you to use our services; to perform our obligations; to deliver the products and services you ordered.
  • Customer support: To respond to your inquiries, troubleshoot issues, and provide technical support for our services.
  • Billing and payments: To process payments, issue invoices, and manage your billing history.
  • Service improvements: To ensure smooth connection setup, assess system security and stability, analyze usage trends and behaviors, and improve the functionality of our products and services.
  • Marketing: To send updates about features, promotions, and birthday greetings via email and push notifications.
  • Analytics: To monitor usage trends and app performance.
  • Compliance: To ensure adherence to legal obligations and regulatory frameworks.

Where legally required, we obtain your explicit consent for processing specific categories of data (e.g., marketing emails).

4. Legal Bases for Processing

We process your data under the following legal grounds:

  1. Consent: For marketing and promotional activities.
  2. Contractual Necessity: To fulfill our obligations in delivering the goods and services, or any other obligations established by the agreement with you.
  3. Legitimate Interests: We process your data to improve our services, enhance security, protect against fraud, and conduct analytics.
  4. Legal Obligations: To comply with local and international laws, such as GDPR and COPPA, as well as for tax and accounting purposes if applicable.

5. Sharing Your Data

We may share data only when necessary with the following categories of trusted partners:

  • Service Providers: companies that provide services for us acting on our behalf, for example, hosting providers, analytics platforms (e.g., Google Analytics, Amplitude), email marketing services, delivering companies, etc.
  • Payment Service Providers: for securely processing payments.
  • Legal Authorities: We may disclose your personal data if required by law, in response to a legal request, or to protect our legal rights.

We require all third-party processors to comply with strict data protection standards and ensure their adherence through binding agreements, including Standard Contractual Clauses where applicable.

6. International Data Transfers

Your data may be transferred and processed outside your country of residence, including countries outside the European Economic Area (EEA). In such cases, we implement safeguards like:

  • Standard Contractual Clauses (SCCs) for transfers outside the EEA or UK.
  • Adequacy Decisions for recognized countries.

7. Data Retention

We retain your data for as long as necessary to provide the Services, fulfill and comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Identity Data, Communication, and account-related data: Retained for the duration of your account plus three years for compliance purposes and for resolving any dispute you may raise;
  • Usage Data: Anonymized after 12 months following the deletion of your account for analytical purposes;
  • Billing and financial data, along with any other payment-related information, are retained as required by applicable accounting and tax laws and for the duration necessary to address potential claims or indemnity requests, whether filed by you or us.

Upon account deletion, personal data is securely anonymized whenever possible; if anonymization is not feasible, the data is deleted, unless otherwise required by law or subject to any retention period specified herein, after which it will be permanently erased.

8. Data Security and integrity

We use various technological and procedural security measures in order to protect personal data from loss, misuse, alteration, or destruction. Our security measures are constantly being improved in line with technological developments. However, you should be aware that, due to the open and unsecured character of the Internet, we cannot be responsible for the security of transmissions of personal data over the Internet.

9. Your Rights

You have the following rights under GDPR, UK GDPR, and CCPA:

  • Access: You can request a copy of the personal data we hold about you.
  • Rectification: You can request that we correct inaccurate or incomplete personal data.
  • Erasure: You can request that we delete your personal data, subject to certain conditions (for example, if it is no longer necessary for the purposes for which it was collected).
  • Restriction: You can request that we restrict the processing of your personal data in certain circumstances.
  • Portability: You can request to receive your personal data in a machine-readable format or have it transmitted to another data controller.
  • Opt-out: you can opt in and opt out of marketing communications or specific data uses, for which we are required to receive your consent.

Residents of California also have the right to:

  • You have the right to know what personal information is collected and shared.
  • You cannot be discriminated against for exercising your rights.

To exercise any of these rights, please contact us using the details provided below. We will respond in accordance with applicable data protection laws.

10. Children’s Privacy

Our Services comply with COPPA and GDPR’s child protection requirements:

  • For children under 13 (US) or 16 (EU), parental consent is required for account creation and data collection.
  • If unauthorized data collection is detected, we will delete the data promptly. Parents can contact [email protected] to review or delete their child’s data.

11. Use of Cookies and Tracking Technologies

We and our partners use cookies to enhance functionality and analyze usage. You may manage cookie preferences via browser settings. However, declining cookies may limit certain features.

We do not currently respond to Do Not Track (DNT) signals due to a lack of standardized frameworks.

12. Updates to This Policy

This Policy may be updated to reflect changes in legislation or practices. The revised date will be displayed, and updates will take immediate effect.

13. Contact Us

If you have any questions or concerns regarding your personal data or this Privacy Policy, please contact us at:

  • Email: [email protected]
  • Address: Trendformer Limited, 604, Tower A, New Trade Plaza, 6 On Ping Street, Shatin, N.T., Hong Kong