For the purposes of this Privacy Policy, the following terms shall have the meanings set out below:

• “Personal Data” or “Personal Information”
  means any information that identifies, relates to, describes, or could reasonably be linked to an individual.
• “Non-Personal Data”
  refers to information that does not directly identify you, such as aggregated or anonymized analytics.
• “Processing”
  means any operation performed on Personal Data, such as collection, storage, or deletion.
• “Services”
  refers to the Jimmy Jewellery online store, website, loyalty programs, marketing activities, and related features.
• “Cookies”
  are small text files placed on your device that enable site functionality and analytics.
• “Data Controller”
  is Jimmy Jewellery Pte Ltd.
• “Data Processor”
  refers to third parties like Shopify, PayPal, or Google Analytics who process data for us.
• “Third Parties”
  include logistics partners, analytics providers, and advertising networks.
• “Consent”
  means your voluntary and informed agreement to data processing.
• “Loyalty / Affiliate Data”
  refers to data collected through membership or influencer programs.

When you use our Services, we may collect different types of personal information and non-personal information, depending on how you interact with us.

2.1 Categories of Personal Information

• Contact Details
  Includes your name, billing address, shipping address, phone number, and email address.
• Financial & Payment Information
  Includes payment method (e.g., Visa, Mastercard, PayPal, Atome), billing address, transaction details, and payment confirmation.
  ⚠️ Note: We do not store your full credit or debit card details.
• Account Information
  Includes your username, password, login details, preferences, saved items, and settings if you create an account.
• Transaction & Order Information
  Includes details about the products you purchase, return, exchange, or add to your cart or wishlist.
• Communications with Us
  Includes information you share when you contact our support team, submit feedback, participate in surveys, or interact with us via email, phone, chat, or social media.
• Device & Technical Information
  Includes details about the device you use to access our Services, such as IP address, browser type, operating system, geolocation (if enabled), device identifiers, and network information.
• Usage Information
  Includes how you interact with our Services — such as pages visited, search history, clicks, time spent, navigation paths, and referral sources.
• Marketing & Engagement Data
  Includes your newsletter subscriptions, campaign responses, participation in promotions, loyalty program activities, and consent preferences.

2.2 Sources of Information

We may collect personal information from the following sources:

• Directly From You
  When you create an account, make a purchase, fill out a form, sign up for a newsletter, contact support, or participate in promotions.
• Automatically Through the Services
  When you browse or interact with our website, we automatically collect device and usage data through cookies, pixels, and similar technologies.
• From Service Providers
  Data collected by Shopify (hosting), payment gateways (PayPal, Atome, Shopify Payments), delivery providers, analytics platforms (Google Analytics), and advertising partners (Meta, TikTok).
• From Business Partners & Affiliates
  Data may also be shared with us by affiliates, influencers, or referral partners who promote our Services.
• From Public or Third-Party Sources
  Limited information may be obtained from publicly available databases, fraud prevention services, or identity verification services.

2.3 Non-Personal Information

We may also collect data that does not directly identify you, such as:

• Aggregated website traffic statistics.
• Device type, browser version, and general geolocation.
• Anonymized analytics reports.

This data helps us improve our Services without directly identifying individual users.

We use the personal information we collect to provide you with our Services, improve your shopping experience, and comply with legal obligations. Depending on how you interact with us, your information may be used in the following ways:

3.1 Service Delivery & Order Fulfillment

• Process and confirm your orders.
• Arrange for shipping and deliveries.
• Handle returns, exchanges, and refunds.
• Provide customer service and support.
• Maintain your account and order history.

3.2 Personalization & Customer Experience

• Save your preferences, such as language or region.
• Remember items in your cart or wishlist.
• Provide tailored product recommendations.
• Customize your shopping experience based on browsing and purchase history.

3.3 Marketing & Promotions

• Send promotional offers, newsletters, and updates (if you have opted in).
• Show you personalized advertisements across platforms such as Google, Meta (Facebook/Instagram), and TikTok.
• Invite you to participate in promotions, contests, or surveys.
• Measure the effectiveness of our marketing campaigns.

3.4 Security & Fraud Prevention

• Authenticate your account and verify your identity.
• Detect, investigate, and prevent fraudulent transactions, unauthorized access, or malicious activity.
• Protect the integrity and security of our Services.

3.5 Analytics & Business Improvement

• Understand how customers use our website and services.
• Monitor and improve website performance and functionality.
• Develop new features, products, and services.
• Conduct business intelligence, research, and statistical analysis (often using anonymized or aggregated data).

3.6 Legal & Compliance Obligations

• Comply with applicable laws, regulations, tax obligations, and accounting standards.
• Respond to lawful requests by government authorities, regulators, or courts.
• Enforce our Terms of Service and other agreements.

3.7 Communications with You

• Send important service messages such as order confirmations, shipping updates, account notices, or changes to our terms and policies.
• Respond to your inquiries, requests, or complaints.
• Maintain customer relationships and support follow-up.

⚠️ Note: We do not use your personal information for purposes unrelated to those stated above unless we have your explicit consent.

When you make a purchase through our Services, your payment information is collected and processed securely by trusted third-party providers. Jimmy Jewellery Pte Ltd does not directly collect, store, or have access to your full payment card details.

4.1 Payment Methods

• Shopify Payments (Visa, Mastercard, American Express, and other supported cards).
• PayPal (linking your PayPal account for faster, secure transactions).
• Atome (Buy Now, Pay Later service).
• Additional payment methods may be offered from time to time.

4.2 Security Measures

• All payment transactions are transmitted via Secure Socket Layer (SSL) encryption, which ensures that sensitive data remains private during transmission.
• Our payment processors are Payment Card Industry Data Security Standard (PCI DSS) compliant — an internationally recognized security standard for organizations that handle credit card information.
• For added protection, some transactions may require multi-factor authentication (3D Secure / OTP verification) by your bank or provider.

4.3 Data Handling

• We do not store your full credit card details on our servers.
• Limited payment-related information may be retained, such as:
• Payment method (e.g., Visa, PayPal, Atome).
• Transaction reference number.
• Billing address (for fraud prevention and verification).
• These details are used only to confirm, verify, and track transactions.

4.4 Third-Party Payment Providers

• Shopify Payments: Facilitates most card-based transactions. View Shopify’s Privacy Policy.
• PayPal: Transactions are processed directly through PayPal. View PayPal’s Privacy Policy.
• Atome: For Buy Now, Pay Later transactions. View Atome’s Privacy Policy.
• Each provider may collect and process your payment details in accordance with their own privacy practices.

4.5 Fraud Prevention

• Transactions are monitored for fraud detection. Suspicious or high-risk transactions may be declined or require additional verification.
• We reserve the right to refuse or cancel any order if fraudulent activity is suspected.

4.6 Customer Responsibility

• Ensuring that your payment information is accurate and up to date.
• Keeping your account and payment credentials secure.
• Notifying your bank or provider immediately if you suspect unauthorized use.

When you visit or interact with our Services, we may use cookies, pixels, and similar technologies to provide you with a secure, personalized, and efficient shopping experience.

5.1 What Are Cookies?

Cookies are small text files stored on your device by your browser. They allow us to remember your preferences, recognize returning users, and understand how our Services are used.

5.2 Types of Cookies We Use

5.3 How We Use Tracking Technologies

We use cookies and pixels to:

• Enable secure checkout and account login.
• Save your cart items between sessions.
• Analyze performance and improve website design.
• Deliver marketing campaigns tailored to your interests.
• Prevent fraudulent activity and enhance security.

5.4 Third-Party Cookies

Some cookies are placed by third parties, including:

• Shopify (to operate our store).
• Google Analytics (to understand site usage).
• Meta and TikTok Pixels (for advertising).

These third parties may collect information across websites and services, in line with their own privacy policies.

5.5 Your Choices & Control

You have control over cookies and tracking:

• Browser Settings: Most browsers let you block or delete cookies.
• Cookie Banners: You may adjust your consent preferences when prompted.
• Third-Party Opt-Outs:
  Google Analytics: Opt-out here
  Meta/Facebook Ads: Manage here
  TikTok Ads: Manage here

⚠️ Note: Disabling cookies may limit certain features, such as checkout or saved cart items.

5.6 Do Not Track Signals

Some browsers and devices allow you to send “Do Not Track” (DNT) or Global Privacy Control (GPC) signals. At this time, our Services do not respond to such signals, but you may use the opt-out tools above to manage your tracking preferences.

We respect your privacy and will only disclose your personal information in limited circumstances, as described below. We do not sell or rent your personal information to unrelated third parties.

6.1 Service Providers & Business Partners

We may share personal data with carefully selected third parties who perform services on our behalf, including but not limited to:

These service providers are only authorized to use your data to perform services for us and must handle it in accordance with applicable laws.

6.2 Legal Obligations

We may disclose personal information where required to:

• Comply with applicable laws, regulations, or valid legal processes (e.g., subpoenas, court orders).
• Respond to lawful requests by public authorities or government agencies.
• Investigate and prevent fraud, security threats, or other unlawful activities.

6.3 Corporate Transactions

In the event of a business restructuring, merger, acquisition, financing, sale of assets, or bankruptcy, your personal information may be transferred as part of our business assets. We will ensure that the recipient continues to handle your data in accordance with this Privacy Policy.

6.4 With Your Consent or Direction

We may share your information with third parties where you have explicitly directed or consented, for example:

• Using social media login integrations (Facebook, Google, Apple).
• Participating in influencer, affiliate, or referral programs.
• Requesting that we share details with a third party for warranty, loyalty, or other service purposes.

6.5 Affiliates and Group Companies

We may share data with our affiliates or within our corporate group, provided they also uphold data protection standards consistent with this Privacy Policy.

6.6 Marketing & Advertising Partners

To deliver relevant ads, we may share limited pseudonymized data (such as hashed email addresses) with advertising partners like Meta or TikTok. This helps us display personalized product offers to you across other websites and apps. You can opt out at any time (see Section 5.5).

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The length of time we keep your data depends on the type of data, the purpose for which it was collected, and applicable legal or operational requirements.

7.1 Retention by Data Category

7.2 Anonymization & Deletion

When data is no longer required:

• Personal information is securely deleted or anonymized so that it can no longer identify you.
• Anonymized data may be retained indefinitely for analytics, business intelligence, and statistical purposes.

7.3 Exceptions to Retention

We may retain certain personal data longer where necessary to:

• Comply with legal or regulatory obligations (e.g., tax laws, consumer protection laws).
• Resolve disputes or enforce agreements.
• Detect and prevent fraudulent or unlawful activity.

We take data security seriously and implement a combination of technical, organizational, and administrative measures to protect your personal information against loss, misuse, unauthorized access, disclosure, alteration, or destruction.

8.1 Technical Safeguards

• SSL Encryption: All data transmitted between your browser and our website is protected by Secure Socket Layer (SSL) encryption. You can confirm this by checking for “https://” in the URL and the lock icon in your browser.
• PCI DSS Compliance: Payment transactions processed via Shopify Payments, PayPal, and Atome comply with the Payment Card Industry Data Security Standard (PCI DSS).
• Encryption of Sensitive Data: Payment details and other sensitive data are encrypted during transmission and processing.
• Firewalls & Intrusion Detection: Our systems use firewalls, intrusion detection, and monitoring tools to prevent unauthorized access.
• Server Security: Shopify hosts our Services on secure servers that undergo regular vulnerability testing and patching.

8.2 Organizational Safeguards

• Restricted Access: Access to customer data is limited to authorized personnel who require it to perform their duties.
• Confidentiality Agreements: Staff and contractors with access to personal data are subject to confidentiality obligations.
• Staff Training: Employees are trained on data protection best practices and PDPA requirements.
• Vendor Risk Management: Third-party service providers must comply with appropriate security and privacy standards.

8.3 Administrative Safeguards

• Security Policies: We maintain internal data protection and security policies in line with industry best practices.
• Incident Response: In case of a suspected breach, we follow a defined incident response plan to contain, assess, and notify as required by law (see Section 15: Data Breach Notification).
• Regular Reviews: Our data protection measures are reviewed and updated periodically.

8.4 Customer Responsibilities

• Keeping your account credentials (username, password) secure and confidential.
• Using strong, unique passwords and updating them regularly.
• Logging out after using shared or public devices.
• Notifying us immediately if you suspect any unauthorized use of your account.

8.5 Limitations

While we strive to safeguard your personal information, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security, but we continuously improve our security measures to keep your data safe.

9. Your Data Rights

We respect your rights over your personal data. Depending on where you live and applicable laws, you may have some or all of the rights described below. These rights are not absolute and may be subject to legal or operational limitations.

9.1 Right to Access

You have the right to request confirmation of whether we process your personal data, and if so, to request a copy of the data we hold about you. This may include information such as categories of data collected, the purposes of processing, and with whom it has been shared.

9.2 Right to Correction / Rectification

You may request that we correct or update inaccurate or incomplete personal information about you.
Example: updating your shipping address, email, or contact number.

9.3 Right to Deletion / Erasure

You may request that we delete your personal data, subject to legal and contractual obligations.
For example, we may retain order records for tax and accounting purposes even after deletion of your account.

9.4 Right to Withdraw Consent

Where our processing is based on your consent (e.g., receiving newsletters or marketing), you have the right to withdraw consent at any time. Withdrawal will not affect the lawfulness of processing prior to withdrawal.

9.5 Right to Data Portability (Advanced – GDPR/Global Readiness)

In certain circumstances, you may request a copy of your personal data in a structured, commonly used, and machine-readable format. Where technically feasible, you may also request that we transfer this data directly to another service provider.

9.6 Right to Restrict or Object to Processing

You may object to the processing of your personal information for direct marketing purposes at any time. You may also request restrictions on processing where data is contested, no longer needed, or under legal review.

9.7 Managing Communication Preferences

You can opt out of promotional emails at any time by clicking the “unsubscribe” link included in our emails. Even if you opt out, we may still send you non-promotional communications such as order confirmations, account notices, or service updates.

9.8 Identity Verification

For your protection, we may require verification of your identity before fulfilling rights requests (e.g., government ID, account confirmation). Authorized agents may submit requests on your behalf, but we may require proof of authorization and direct verification with you.

9.9 Complaints

If you have concerns about our data practices, you may first contact us at [Insert Privacy Email].
If unresolved, Singapore customers may escalate complaints to the Personal Data Protection Commission (PDPC): https://www.pdpc.gov.sg.

Our services rely on Shopify, Google Analytics, Meta, TikTok, and delivery partners. Each follows their own privacy policy.

Your data may be transferred internationally (e.g., to Shopify’s servers in the US or Canada) with contractual safeguards in place.

We use algorithms for product recommendations and fraud prevention, not for legal or financial decisions.

You can unsubscribe from marketing emails or manage ad preferences via Google, Meta, and TikTok settings.

If a breach occurs, we will investigate and notify affected customers and authorities promptly.

We do not knowingly collect data from individuals under 13. Contact us to remove such data.

We do not collect sensitive personal data such as health, religion, or political affiliation.

Any reviews, testimonials, or photos you submit may be visible publicly. Please ensure they do not infringe others’ rights.

This Privacy Policy may be updated periodically. Continued use of our site constitutes acceptance of the latest version.

This Policy is governed by the laws of Singapore. Disputes will be handled exclusively in Singapore courts.

Contact us at [Insert Privacy Email Address]. If unresolved, you may escalate to the PDPC Singapore.

21.1 Loyalty / Membership Programs: We collect and use data to operate your Sparks or membership programs.

21.2 Influencer / Affiliate Programs: We may track referrals and conversions to manage commissions.

21.3 Newsletter & Marketing Consent: By subscribing, you consent to receive marketing updates (you can unsubscribe anytime).

21.4 Social Media Login Data: If you log in via Facebook, Google, or Apple, we may receive your name and email for authentication only.