Privacy Policy
Last Updated: [3/25/26]
Effective Date: [2/25/26]
This Privacy Policy (‘Policy’) describes how Shenzhen Huaruibo Electric Appliances Co., Ltd., located at 3rd Floor, Building A, Chajiaokan Industrial Zone, Sanhe Village, Huarong Community, Dalang Street, Longhua District, Shenzhen City, Guangdong Province, China (‘we’, ‘us’, ‘our’, or the ‘Company’) collects, uses, discloses, and protects your personal information (‘PI’) when you access or use the ALLESILK official website (the ‘Website’), purchase our products (including but not limited to IPL hair removal devices, hair dryers, and facial beauty devices), engage with our customer service, or interact with our marketing activities (collectively, the ‘Services’).
This Policy is compliant with the General Data Protection Regulation (GDPR) for individuals in the European Economic Area (EEA) and the California Consumer Privacy Act (CCPA/CPRA) for California residents. By using our Services, you acknowledge that you have read, understood, and agreed to the practices described herein.
1.Definitions
Personal Information (PI): Any information that identifies, relates to, describes, or can be reasonably linked to you as an individual.
Sensitive Personal Information (SPI): Under CCPA, includes data such as precise geolocation, financial information, or health data (e.g., skin type provided for product usage guidance).
Cookies: Small text files stored on your device that enable Website functionality and analytics.
Data Subject: An individual in the EEA whose PI we process (GDPR).
Consumer: A California resident whose PI we collect (CCPA).
2.Information We Collect
We collect PI in two primary ways: information you provide voluntarily and information we collect automatically. We adhere to the principle of data minimisation—collecting only what is necessary to fulfil the stated purposes.
2.1 Information You Provide
When you interact with our Services, you may choose to provide:
Account & Identity Data: Name, email address, phone number, shipping/billing address, and account credentials.
Transaction Data: Order details, purchase history, and payment method details (note: we do not store full credit card numbers; this data is processed by our third-party payment processors).
Product Usage & Support Data: Information you provide to our support team (e.g., skin type, hair type, device model) to troubleshoot IPL hair removal devices, hair dryers, or facial beauty devices, or to receive usage guidance.
Marketing Consent Data: Your opt-in or opt-out preferences for receiving promotional emails, newsletters, or SMS updates.
User-Generated Content (UGC): Product reviews, photos, or videos you submit for publication on our Website or social media channels.
2.2 Information Collected Automatically
When you use our Website, we automatically collect certain technical and usage data through cookies and similar technologies:
Device & Log Data: IP address, browser type, operating system, device model, unique device identifiers, and referring/exit pages.
Usage Data: Pages viewed, time spent on the Website, product searches, click-through rates, and navigation paths.
Location Data: Approximate geolocation derived from your IP address (used only to determine regional shipping options and comply with local laws).
3.How We Use Your Information
We use your PI for the following legitimate business purposes, which are consistent with GDPR and CCPA requirements:
Purpose | Legal Basis (GDPR) | Applicable Products/Services |
Fulfil Orders & Provide Services | Performance of a contract | Processing payments, shipping IPL devices, hair dryers, and facial beauty devices, and providing order confirmations. |
Customer Support & Troubleshooting | Legitimate interest / Consent | Assisting with device setup, resolving technical issues, and providing post-purchase support. |
Improve Products & Website | Legitimate interest | Analysing usage data to enhance Website usability and refine product features for our beauty devices. |
Send Marketing Communications | Explicit Consent (Opt-in) | Sending personalized offers, new product announcements, and skincare tips (you may opt out at any time). |
Fraud Prevention & Security | Legitimate interest / Legal obligation | Detecting and preventing fraudulent transactions, securing user accounts, and complying with anti-fraud laws. |
Comply with Legal Obligations | Legal obligation | Fulfilling tax, accounting, and reporting requirements. |
4.Disclosure of Your Information
We do not sell your Personal Information to third parties for monetary consideration, as defined by the CCPA. We may disclose your PI to the following categories of third parties only as necessary:
Service Providers:
Logistics & Fulfillment: To ship products (e.g., DHL, FedEx, Amazon FBA).
Payment Processors: To securely process payments (e.g., PayPal, Stripe).
Customer Service & Analytics: To provide support and analyse Website traffic (e.g., Zendesk, Google Analytics).
These providers are contractually obligated to protect your PI and may only use it to perform services on our behalf.
Legal & Compliance: If required by law, regulation, or legal process (e.g., a subpoena), or to protect our rights, property, or safety.
Business Transfers: In the event of a merger, acquisition, or sale of all or part of our assets, your PI may be transferred as part of the transaction (you will be notified via email and Website notice if this occurs).
5.Data Retention
We retain your PI only for as long as necessary to fulfil the purposes for which it was collected, plus any additional time required by law (e.g., tax retention periods).
Order & Transaction Data: Retained for 7 years after the order is completed (to comply with tax and accounting laws).
Account Data: Retained until you request account deletion.
Marketing Data: Retained until you opt out of marketing communications, after which we retain only your opt-out preference to avoid future contact.
Website Usage Data: Retained in anonymized form for 24 months for analytics purposes.
Once retention periods expire, we securely delete, anonymize, or aggregate your PI so it can no longer identify you.
6.Your Rights (GDPR & CCPA)
Your rights regarding your PI depend on your location. We have implemented processes to verify your identity before responding to any request to prevent unauthorized access.
6.1 Rights of EEA Residents (GDPR)
You have the right to:
Access: Request a copy of the PI we hold about you.
Rectification: Request correction of inaccurate or incomplete PI.
Erasure (‘Right to be Forgotten’): Request deletion of your PI, subject to certain legal exceptions (e.g., tax records).
Restriction of Processing: Request that we limit the processing of your PI (e.g., while we investigate a complaint).
Data Portability: Request a copy of your PI in a structured, machine-readable format (e.g., CSV) for transfer to another controller.
Withdraw Consent: At any time, withdraw your consent for marketing communications or non-essential data processing (this does not affect the lawfulness of processing based on consent before withdrawal).
Lodge a Complaint: File a complaint with your local data protection authority (DPA) if you believe we have violated the GDPR.
6.2 Rights of California Residents (CCPA/CPRA)
You have the right to:
Access: Request to know what PI we have collected, used, disclosed, or sold about you in the past 12 months.
Deletion: Request deletion of your PI, subject to certain exceptions (e.g., completing a transaction you requested).
Non-Discrimination: We will not discriminate against you (e.g., by charging higher prices or providing lower quality services) for exercising your CCPA rights.
Opt-Out of Sale/Sharing: Although we do not sell your PI, you may request that we not share your PI with third parties for their own direct marketing purposes.
Do Not Sell or Share My Personal Information: To exercise this right, please visit our Do Not Sell or Share My Personal Information page or contact us at the details below.
7.Data Protection & Security Measures
We take the security of your PI seriously and implement a combination of technical and organizational measures to protect it against unauthorized access, disclosure, alteration, or destruction:
Encryption: All data transmitted between your browser and our Website is encrypted using SSL/TLS technology.
Access Controls: Restricted access to PI only by authorized employees and contractors who need it to perform their job functions.
Secure Storage: Payment details are not stored on our servers; they are processed by PCI DSS-compliant payment processors.
Regular Audits: We conduct regular security audits and vulnerability assessments of our Website and systems.
Data Breach Notification: In compliance with GDPR, we will notify affected Data Subjects and the relevant DPA without undue delay (within 72 hours) if a personal data breach is likely to result in a high risk to your rights and freedoms.
8.Third-Party Links & Services
Our Website may contain links to third-party websites (e.g., social media platforms like Facebook, Instagram, and YouTube). This Policy does not apply to those third parties. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.
9.Children’s Privacy
Our Services are not intended for individuals under the age of 16. We do not knowingly collect PI from children under 16. If we become aware that we have collected PI from a child under 16, we will take immediate steps to delete that information.
10.Changes to This Policy
We reserve the right to update or modify this Policy at any time. When we make material changes, we will notify you by:
1.Posting the revised Policy on our Website with a new ‘Last Updated’ date.
2.Sending an email notification to users who have opted in to receive communications from us.
Your continued use of our Services after the effective date of the revised Policy constitutes your acceptance of the changes.
Sign up for our newsletter
Get the latest news, discount codes, and more—subscribe now and enjoy 10% off your next purchase.