SUBSCRIBE TO NEWSLETTER

SOME OF THE INFORMATION IS MISSING OR HAS ERRORS. PLEASE REVIEW THE HIGHLIGHTED FIELDS BELOW.

Thanks for Subscribing!
  • Please check the corresponding box to confirm that you agree to the processing of your personal data by JOYCE (“we”, “our” or “us”) in accordance with our Privacy Policy, including the Policy’s Mainland China Notice (the “Privacy Policy”).





PRIVACY POLICY

PRIVACY POLICY

1. General

Thank you for reading this privacy policy (“Privacy Policy”) of JOYCE Group. For the purposes of this Privacy Policy, JOYCE Group comprises Joyce Boutique Group Limited, LCJG Limited and their respective subsidiaries (collectively, we or us).   Respecting and protecting our customers’ privacy and personal data is important to us.  This Privacy Policy will help you understand how we collect, use and safeguard your personal data in our interactions with you.

It also describes your data protection rights, including a right to object to some of the processing which we carry out.

More information about your rights, and how to exercise them, is set out in the section “What rights do I have?”.

If you reside in the European Economic Area, the State of California or Mainland China, additional country-specific notices apply in addition to the main body of this Privacy Policy. Please see the relevant notice at the end of this Privacy Policy.

In this Privacy Policy, we use the following terms from applicable laws, which we’ve defined below for your ease of reference:

  • ‘Data controller’: refers to any organisation or individual that independently determines the purpose and method of processing personal data.
  • ‘Data processor’: refers to any organisation or individual that processes personal data on behalf of and under the instruction of another organisation or individual. 
  • ‘Process/processing of’ data: refers to the collection, storage, use, processing, transmission, provision, disclosure, and deletion of personal data.

2. What information do we collect?

We collect and process personal data about you when you:

  • visit and/or register on any website owned and operated by us (collectively our “Site”), including joyce.com;
  • place an order with us as a guest or as a registered user on our Site;
  • use a third-party service offered by service providers such as analytics companies, advertising networks and cooperatives, demographic companies, and any other third-party service providers that we choose to collaborate or work with, and we obtain your personal data from those third parties;
  • provide us with your personal data via: our physical stores, Wi-Fi, mobile devices, social media platforms/networks or telephone enquiries or your application for or use of our services or loyalty programmes (such as our Privilege Cards or private sales);
  • visit our physical stores or any other of our locations and your image is captured by our in-location CCTV (Closed-Circuit Television) security system (please refer to our CCTV Policy below); or
  • visit our physical stores or any other of our locations and our data analytics cameras carry out real-time data analyses based on your image for statistical research purposes (such as demographics analysis and traffic flow analysis) on an anonymous and aggregated basis, as set out in our Data Analytics Policy. We use personal data in this respect solely to analyse pathways throughout the relevant store or other location; the only personal data that will be collected, processed and used for this purpose will be your facial biometric template derived from your facial image — (i.e. numeric information describing different facial features). This data is anonymised before any such analytics use and is used only as part of an aggregated pool of data.

In this Privacy Policy, your “personal data” means: your name, email address, telephone number, MAC address, IP address, credit/debit card and other payment information, gender, date of birth, age, interests, geographical location, Site usage (including browsing activities), shopping and purchasing activities, your physiological data in images captured by our analytics cameras (which data is anonymised and aggregated before any analytics use) or CCTV, and any other personal data you provide to us.

3. How do we use this information, and what is the legal basis for this use?

We process personal data for the following purposes:

3.1 To conduct our business and pursue legitimate interests — in particular, to:

(a) Provide our services to you, including: responding to any questions you may have of us; providing you with recommendations on products in our stores or on our Site; maintaining your shopping cart on our Site; assessing your applications with us for any of our services or loyalty programmes; providing our Privilege Card to you; fulfilling any orders you may make with us (including verification and security checks of your details, performing appropriate anti-fraud checks such as credit / identity checks, processing of your payments, shipping to you the products that you have ordered from us, and processing your returns or exchanges of our products); providing free Wi-Fi services to you at our physical stores; providing mobile application services to you; personalising our services to you and enhancing your experience in using our services;

(b) Monitor the use of our Site and our services (both online and offline), and use your information to help us monitor, improve and protect our products, content, services (both online and offline) and our Site;

(c) Analyse trends, usage, browsing and shopping behaviour with us (whether on an individualised or anonymised and aggregated basis), which helps us better understand how you and our collective customer base access and use our Site, stores and services, for the purposes of:

  • improving our services;
  • responding to customer needs and preferences;
  • measuring the effectiveness of our marketing campaigns;
  • conducting marketing activities targeted at potential customers (on an anonymised and aggregated basis only); and
  • crowdsourcing data analytics and hackathon activities (on an aggregated and anonymised basis only).

3.2 When you give us consent (if required):

(a) To allow you to register for and participate in our events and promotions, including verifying your identity at those events and promotions; and

(b) To provide you with direct marketing communications in relation to products, services, events, offers or promotions under the categories stated below, provided by: (i) us or our related companies (including our affiliate and subsidiary companies), (ii) business partners, and/or (iii) other third-party providers.

These marketing communications may:

  • be in various forms, including advertisements, newsletters and special events notifications
  • be delivered by various methods, such as email, SMS, WeChat messages, smartphone app push notifications, notifications on your social media pages, in-app messaging and postal mail; and
  • promote or offer products or services (including special events and promotions) in the following categories: dining, food and beverage, sports, music, film, clothing and accessories, jewellery, luggage and bags, cosmetics, personal health and hygiene, electronics, home furnishings and other homeware, automobiles, transport and travel, hotels, financial services, loyalty and reward programmes, media services, television and other entertainment services and products, social networking services, payment services, on-line advertising services, other e-commerce, information and communications services, concierge services, and other products and services related to any of the above that we think may be relevant to you based on information you have provided to us (for instance, via your participation in our surveys).

3.3 For purposes that are required by law, such as in response to lawful requests by government or law enforcement authorities conducting an investigation.

4. Withdrawing consent or otherwise objecting to direct marketing

Whenever we are required to obtain your consent to the processing of your personal data under applicable law, you will always be able to withdraw any consent you provide to us. We will then stop using your personal data for the purpose in respect of which you have withdrawn your consent, but we may still use, process, store and transfer your personal data for other purposes if applicable law allows us to do so.

You can withdraw your consent by:

(a) amending your preferences in the logged-in area of our Site; and/or

(b) contacting our Data Privacy Officer at dataprivacy@joyce.comor sending your withdrawal request by post to our Data Privacy Officer at JOYCE Group, 30F, One Island South, 2 Heung Yip Road Wong Chuk Hang, Hong Kong; and/or

(c) in the case of direct marketing emails, by clicking the unsubscribe link at the bottom of such emails.

5. Who will we share this data with, where and when?

We may share your personal data with the related companies of Joyce Boutique Group Limited, LCJG Limited and their respective subsidiaries located within or outside Hong Kong for the purposes set out in the section “How do we use this information, and what is the legal basis for this use?” above.

Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes set out in the section “How do we use this information and what is the legal basis for this use?” above, when mandated by law and in compliance with Hong Kong’s Personal Data (Privacy) Ordinance (the “Ordinance”) or other applicable laws.

Personal data will also be shared with those third party service providers located within or outside Hong Kong who we need to process it on our behalf for the purposes identified in this Privacy Policy. Amongst others, we use the following third-party providers:

(a) Courier and other goods delivery services;

(b) Email, SMS and other digital notification services;

(c) Telecom companies (e.g. for providing in-store Wi-Fi services);

(d) Data storage and cloud service providers (e.g. for storing personal data and hosting applications that process personal data for the purposes identified in this Privacy Policy);

(e) Google, Facebook and other advertising networks (for the matching of your personal data with their database in order to send you our direct marketing materials through, e.g., your Google and/or Facebook account(s));

(f) Marketing (including digital marketing) and website analytic agencies for display of advertising materials on our Site and other websites that you may visit, as well as analysis of your online behaviour and usage of our Site – we note that these agencies use cookies; please refer to our separate Cookies Policy (https://www.joyce.com/cookies-policy/) for details;

(g) credit reference and fraud-prevention agencies (e.g. for performing appropriate anti-fraud checks, such as credit / identity checks); and

(h) Data analytics and hackathon service providers and agencies (for the purposes stated in the section “How do we use this information, and what is the legal basis for this use?” above), to whom we will only send anonymised data and then only for the purposes in the section “How do we use this information, and what is the legal basis for this use” above.

We may also sell your personal data to third parties for their own purposes where permitted by applicable laws.

If our business or any part of it is put up for sale, sold or integrated with another business, personal data may be disclosed to our advisers and any prospective purchaser and their advisers and will be passed to the ultimate new owners of the business.

6. What rights do I have?

Where permitted by law, you have the right to ask us for a copy of your personal data; to correct, delete or stop any active processing of your personal data, to obtain from us, in a structured, machine-readable format, the personal data you’ve previously provided to us, and to ask us to share this data with another data controller.

In some circumstances, your rights to object to our processing of your personal data may be limited — for example, where fulfilling your objection request would reveal personal data about another person, where it would infringe our rights or the rights of a third party or if you ask us to delete information which we either are required by law to keep or have compelling legitimate interests in keeping.  Relevant exemptions in these respects are provided under applicable laws. We will inform you of any exemptions we rely upon when responding to any objection request you make.

To exercise any of these rights, or to obtain other information (such as a copy of a legitimate interests assessment), you can get in touch with us – or our Data Privacy Officer – using the contact details set out in the section “How do I get in touch with you” below.

7. Who is the data controller?

The data controllers are Joyce Boutique Group Limited, LCJG Limited and their respective subsidiaries; contact details for them can be found in the section “How do I get in touch with you” below.

8. How long will my data be kept?

(a) Personal data collected during your registration on our Site: we process this personal data for as long as (i) you are an active user of our Site and (ii) it is required for our business and/or legitimate interests or by law or regulation.

(b) Personal data processed for marketing purposes or with your consent:, we process the personal data for this purpose until you ask us to stop and for a short period after this to allow us to implement your request. We also keep a record of the fact that you have asked us not to send you direct marketing or not to process your data, so that we can respect your request in the future.

(c) Personal data collected by analytics cameras: we will not keep any images captured by our analytics cameras for longer than is necessary to achieve the purposes for which they are collected, and such images will be anonymised and aggregated before any use of them for the purposes stated in the section “How do we use this information, and what is the legal basis for this use?” above.

9. Our In-Store Photography policy

We may place conspicuous notices in our stores to advise that we do not allow customers to take unauthorised photographs or make unauthorised sound and/or video recordings in our stores, whether for commercial use, private gain, use in press or media or promotional purposes. We reserve the right to remove offenders in this regard from our premises.

We permit photography, sound and/or video recording where the images/recordings are solely for personal use and are not published or reproduced in any form for commercial use, private gain, use in press or media or promotional purposes.

However, permitted photography, sound and/or video recording are all subject to the following conditions:

(1) no photographs or video and/or sound footage are taken of staff members or other customers without the express permission of the staff member or customer;

(2) flash lighting and tripods are not used unless we have given our prior written permission;

(3) customers do not take photographs or record sound and/or video footage where:

  • they are causing concern or nuisance to any staff member or other customers;
  • our staff reasonably believe the customer is causing an obstruction or compromising safety or security in any way;
  • our staff reasonably suspect that the photography, sound and/or video recording activities are for commercial use, private gain, use in press or media or promotional purposes.

Customers who breach any of these conditions must promptly and peacefully leave our premises.  We reserve the right to remove them.  If any in-store customer has questions about this photography policy, the customer may contact the relevant Store Manager.

10. Our CCTV policy

The purpose of our CCTV policy is to give notice and guidance to customers and other visitors to our premises, including to our stores, of our use of CCTV in those premises.  Our use of CCTV in those premises complies with the requirements of the Ordinance and other applicable laws.

We use in-premises CCTV primarily to procure reasonable security in and safety of the monitored area.

In accordance with the Ordinance, the relevant guidelines issued by the Office of the Privacy Commissioner for Personal Data in Hong Kong (the “PCPD”) and other applicable laws:

  • We expressly inform visitors when they are subject to CCTV surveillance, by posting notices reading “CCTV in operation” in areas of surveillance. We also place conspicuous notices at the entrance to and inside any monitored area.
  • In addition, we post notices about CCTV surveillance when CCTV cameras are located very discreetly or in places where a person might not expect to be subject to surveillance.
  • We do not install CCTV cameras in parts of our premises where people have a reasonable expectation of privacy, such as in changing rooms.

Our CCTV notices reflect the use of CCTV in our stores. They remind you to contact us if you have any further enquiries about our processing of your personal data via CCTV:

  • We employ Closed-Circuit Television (CCTV) in our stores. Store premises are subject to CCTV surveillance and activities are recorded by video camera to procure reasonable security in and safety of the monitored area.
  • We use information obtained through CCTV monitoring for safety, security and law enforcement purposes only. We store CCTV footage and images in a secure location that can only be accessed by authorised staff and we delete the footage and images as soon as practicable once the purpose of collection is fulfilled.

Our CCTV procedures

A. Proper Storage and Handling of CCTV Footage

Our CCTV system and any personal data collected by it (“Footage”) is subject to security measures to protect it and to prevent unauthorised access to or handling of it, including the following measures:

(a) Storage: All Footage is encrypted and stored in secured physical and digital locations. Access to the physical storage locations is secured and restricted to authorised users only.  Digital storage of the Footage can be accessed only by authorised users and then only by way of a traceable log-in and password. Records are kept of the authorised users who access the Footage.

(b) Use: Authorised users are only permitted to access and view the Footage when an incident is reported to us that reasonably requires the Footage to be viewed (“Incident”), such as an offence being committed on the premises or for the purposes of a police investigation. If such an Incident occurs, the Footage is stored as set out above until the Incident is investigated and closed.

If the Footage is to be moved in digital format through email or any other electronic transmission method, it will only be moved in encrypted form to an authorised user, and then only as necessary in accordance with this policy.  We have safeguards in place to protect our electronic transmission systems from interception.  All movement of the Footage is documented.

(c) Deletion: If no Incident is reported to us within a reasonable period of time from the date on which the Footage was first recorded, or when an Incident is closed, the relevant Footage will be securely and permanently destroyed. If the Footage is in hard copy form, it will be destroyed by shredding and then secure disposal; if it is in electronic form, the Footage will be permanently erased from our systems.

(d) Compliance: We carry out compliance checks and audits annually to review the effectiveness of the safeguards and procedures of the CCTV system.

B. Transfer of CCTV records to third parties

(a) We will only disclose Footage to a third party in accordance with the section “Who will we share this data with, where and when”.

(b) If we are requested to provide Footage to a law enforcement agency, e.g. to the Police for criminal investigation purposes, we will only do so in compliance with a written request provided by the relevant law enforcement agency and if we reasonably believe that an exemption under the Ordinance or other applicable laws applies.

C. Customer enquiries about our use of CCTV

You may report any suspected misuse of our CCTV system using the contact details set out in the in the section “How do I get in touch with you” below.

Please note that we are unable to accept requests from customers to view Footage, because the Footage may contain personal data of other third parties that we may not be allowed to share under applicable laws.

11. Our Data Analytics policy

The purpose of this data analytics policy is to explain the use of data analytics cameras in our stores. Data analytics cameras are used in our stores for statistical research purposes, such as demographics analysis and traffic flow analysis within our stores.

(a) Collection and use of data: As noted further above in our Privacy Policy the only personal data we collect from these analytics cameras is facial biometric templates derived from a facial image – i.e. numeric information describing different facial features. This numeric information is then processed by the analytics cameras into anonymised and aggregated data for the above research purposes.  All analysis conducted on the data by the analytics cameras is done in real time. No video footage, images or other personally identifiable data are stored by the data analytics system; you cannot be identified by them.

(b) Security and destruction of data: We have security measures in place to prevent unauthorised access to our data analytics system. The facial biometric templates collected using the analytics camera are securely and permanently deleted within 24 hours of being collected, and only the aggregated and anonymised data is retained.

(c) Notice: We notify customers and other visitors to our stores when data analytics cameras are in use by the conspicuous posting of notices stating “analytics cameras in operation” at both the entrance to any monitored area of the store and inside the area itself. Notices are also posted to alert customers if the analytics cameras themselves are very discreetly located. No analytics cameras are installed in places where people have a reasonable expectation of privacy, such as in changing rooms.

The facial biometric templates collected using the analytics camera are disclosed only to our third-party service providers who operate the analytics cameras for the research purposes stated above.

12. Language

This Privacy Policy has been prepared in English and Chinese. If there is any discrepancy between the English and Chinese versions of it, the English version of it will prevail.

13. How do I get in touch with you?

We hope that we have been able to satisfy any queries you have about the way we collect and process your personal data.  However, if you have any unresolved questions or concerns about the topics we’ve discussed in this Privacy Policy, or you would like to opt out of direct marketing from us, please contact us at dataprivacy@joyce.com or by writing to the Data Privacy Officer, JOYCE Group, 30/F, One Island South, 2 Heung Yip Road, Wong Chuk Hang, Hong Kong. You may also access, verify or update your personal data by logging into our Site or by completing a “Customer Information Renewal Form” at one of our stores.

14. Changes to the Privacy Policy

We may change the Privacy Policy in order to comply with the evolving regulatory environment or, provided that the Privacy Policy continues to comply with applicable law, the needs of our business. Subject to any applicable legal requirements to provide additional notice, any changes to this Privacy Policy will be communicated through our Site and our mobile applications. We will obtain your consent to such changes where required to do so by applicable laws.

GDPR: Notice for Residents in the European Economic Area

Last updated: February 15, 2023

In addition to the main body of the Privacy Policy, this notice applies solely to customers who reside in the European Economic Area (“EEA”) and is presented in compliance with the General Data Protection Regulation (“GDPR”).

Relying on our legitimate interests

We have carried out an assessment on all the data processing activities described in this Privacy Policy in order to balance any privacy implications of them with our legitimate business interests. You can obtain information on any of our assessments by contacting us using the details set out in the section “How do I get in touch with you” above.

Withdrawing consent or otherwise objecting to direct marketing

Applicable laws permit us to send you direct marketing without your consent where we rely on our business or legitimate interests.  However, regardless of the type of legal basis on which we rely to send you direct marketing, you have an absolute right to opt out at any time from direct marketing by us or from any profiling we carry out for that direct marketing.

Who will we share this data with, where and when?

If we transfer your personal data outside the EEA to a business partner or third-party service provider in a country that is not subject to an adequacy decision by the EU Commission, the personal data will be adequately protected by EU Commission-approved standard contractual clauses, an appropriate Privacy Shield certification or the third party or business partner’s Processor Binding Corporate Rules. A copy of the relevant mechanism can be provided for your review on request to the contact mentioned in the section “How do I get in touch with you” above.

Your personal data may be transferred to the Hong Kong Special Administrative Region, the Macao Special Administrative Region, Mainland China, the Taiwan Region, Indonesia, Singapore, Australia, United States and/or Japan.

What rights do I have in relation to the processing of my personal data?

You can object to our processing of your personal data where we do not need to process the data for business interests, other legitimate interests, purposes for which consent has been given (including direct marketing) or other legal requirements.

You have the right to complain about any unresolved data privacy concerns to an EU data protection authority where you live, work or where you believe a breach may have occurred.

How long will my data be kept?

Where we process personal data for our Site’s security purposes, we retain it for seven years after any business and legitimate interests no longer exist.  Where we process personal data in connection with performing a contract or for a competition, event or promotion, we keep the data for seven years from your last interaction with us.

CALIFORNIA CONSUMER PRIVACY ACT: Notice for California Residents

Last updated: February 15, 2023

In addition to the main body of the Privacy Policy, this notice applies solely to customers who reside in the State of California and is presented in compliance with the California Consumer Privacy Act of 2018 (“CCPA”).

Information we collect

We are required to disclose to you the categories and sources of personal data we have collected from you within the last 12 months. Please refer to the sections “What information do we Collect?” and “How do we use this information, and what is the legal basis for this use?,” above, for details on the personal data we collect.

Sharing personal data/Do not sell my personal data

We may disclose your personal data to third parties for certain business purposes. Please refer to the “Who will we share this data with, where and when?” section above for details.

We do not sell your personal data to third parties for their own marketing, advertising or other business purposes, unless permitted by the CCPA.

Your Other California Privacy Rights

Right to Know

You have the right to request us to disclose to you certain information about our collection of your personal data over the past 12 months (“Personal Information”). Upon receipt and confirmation of your verifiable request, we will disclose to you the following information in respect of that period:

  • The categories of Personal Information we collected about you;
  • The categories of sources from which we collected Personal Information about you;
  • Our business or commercial purpose for collecting or selling such Personal Information;
  • The categories of third parties with whom we share such Personal Information;
  • The specific pieces of Personal Information we collected about you;
  • If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing the categories of Personal Information involved in:
    • sales, and the category third party to whom the data was sold;
    • disclosures for a business purpose, and the category of third party to whom the data was disclosed.

Right to Request Deletion

You have the right to request us to delete Personal Information we have collected from you. Upon receipt and confirmation of your verifiable request, we will delete such Personal Information from our records, unless it is necessary to be retained in order for us or our service providers to:

  • Complete the transaction for which such Personal Information was collected, fulfil the terms of a written warranty or product recall conducted in accordance with applicable law, provide a product or service you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • De-bug products to identify and repair errors that impair existing intended functionality;
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
  • Comply with the California Electronic Communications Privacy Act;
  • Engage in public or peer-reviewed scientific, historical or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you previously provided informed consent;
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
  • Comply with a legal obligation; or
  • Use such Personal Data, internally, in a lawful manner that is compatible with the context in which you provided such Personal Information.

Right to access Personal Data

You may submit requests to exercise your rights in relation to your Personal Information to the email address set out in the “How do I get in touch with you?” section above . We will seek to disclose and deliver to you the required information in accordance with the CCPA.

Right not to be discriminated against

We will not discriminate against you because you exercise your California privacy rights, and we will not deny you goods or services, charge you a different price or rates for goods or services or provide a lower quality of goods or services to you due to your exercise of any of those rights.

PERSONAL INFORMATION PROTECTION LAW: Notice for Residents of Mainland China

Last updated: February 15, 2023

In addition to the main body of the Privacy Policy, this notice applies solely to customers and other individuals who reside in Mainland China and use our services, and to our processing within Mainland China of those individuals’ personal data (which term includes sensitive personal data (see below) when used in this Notice).

Your Data Controller

The data controller for the purposes of this Notice is Joyce Boutique (China) Ltd, whose registered address is at Room 319, 3rd Floor, No. 1266 Nanjing Xi Lu, Jing’an District, Shanghai, and its affiliates in the PRC. For questions or concerns related to your personal data, please contact us at dataprivacy@joyceboutique.com.cn.

Purpose

In addition to the purpose of processing described in the main body of the Privacy Policy, with respect of our Mainland China physical stores, we process your personal data to verify your identity as required under applicable law in order to provide our free Wi-Fi service to you.

Consent

We will obtain your consent (and, where applicable, your separate consent) to process your personal data if and to the extent required by applicable laws.

Sensitive Personal Data

The types of personal data processed as described in our Privacy Policy above include certain data that applicable PRC law calls “sensitive personal data”.

“Sensitive personal data” means personal data that, if leaked or illegally used, could easily harm the dignity of a person or the safety of that personal or their property. It includes: (i) biometric data; (ii) religious belief; (iii) specific social status; (iv) medical health information; (v) financial accounts; (vi) tracking/location information; and (vii) personal data of minors aged under 14.

We will only process your sensitive personal data as is necessary for the purposes described in the Privacy Policy and only with your separate consent.

Disclosure of Personal Data to Third Party Data Controllers 

With your separate consent, we may disclose your personal data to our third party data controllers located within Mainland China for the purposes described in the Privacy Policy. You may contact us via dataprivacy@joyceboutique.com.cn if you would like to further details about the disclosures.

Overseas Transfer of Personal Data

With your separate consent, we may transfer, access or store your personal data outside Mainland China, provided that either we are satisfied that adequate levels of protection are in place to protect the integrity and security of your personal data or we have adopted adequate security measures in compliance with applicable laws, such as appropriate contractual arrangements.

Where required by applicable laws, we will put in place appropriate measures to ensure that all processing of your personal data outside of Mainland China is safeguarded by the equivalent level of data protection as in Mainland China. You may contact us via dataprivacy@joyceboutique.com.cn if you would like to further details about these overseas transfers. 

Security

We have implemented reasonable and appropriate technical and organisational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, access and other unlawful or unauthorised forms of processing, in accordance with applicable laws.

Your Rights

in addition to the rights already set out in the Privacy Policy, you also have the following rights:

  • the right to withdraw your consent to our processing of your personal data;
  • the right to request de-registration of your account with us (if any); and
  • the right to refuse decisions that materially impact you, where those decisions have been based solely on automated decision-making technology.

Children’s Personal Data

We will not knowingly collect or process the personal data of any child under the age of 14 (“Child”), unless with the consent of the Child’s parent or guardian. If we become aware that we hold personal data of a Child, we will take steps to delete the personal data of the Child as soon as possible. Parents or guardians can also contact us to request such deletion.

Changes to the Mainland China Notice

We may change this Mainland China Notice in order to comply with the evolving regulatory environment or, provided that this Mainland China Notice continue to comply with applicable law, the needs of our business. Subject to any applicable legal requirements to provide additional notice, any changes to this Mainland China Notice will be communicated through our Site and our mobile applications. We will obtain your consent to such changes where required to do so by applicable laws.

Contact us

If you have any concerns about how we process your data, please contact us at dataprivacy@joyceboutique.com.cn.