Privacy Policy

Update on 1 November 2025

This Privacy Policy explains how Atelier Ricky Hong "Artilier" collects, uses, discloses, and safeguards your personal data when you visit www.atelierrickyhong.com (the “Site”) or purchase from us. We comply with the Personal Data (Privacy) Ordinance (Cap. 486) of the HKSAR (“PDPO”) and the Data Protection Principles (“DPPs”).

PERSONAL DATA WE COLLECT

Device Information
When you visit the Site, we automatically collect certain information about your device and interaction with the Site, including:

Browser type, IP address, time zone, language, and device identifiers
Cookies stored on your device
Pages or products viewed, referring/exit pages, search terms, and interaction data
We collect Device Information via:
Cookies: Small files placed on your device. You can manage cookies via your browser settings. Learn more at http://www.allaboutcookies.org
Log Files: Including IP address, browser type, ISP, referring/exit pages, and timestamps
Web Beacons/Tags/Pixels: Used to understand browsing behavior and campaign performance

Order Information
When you place or attempt to place an order on the Site, we collect:

Name, billing and shipping addresses
Contact details (email address, phone number)
Payment information (e.g., cardholder name, masked card details, transaction identifiers). We do not store full card numbers or CVV after authorization if using third‑party payment gateways.

Personal Data means any data relating to a living individual from which it is practicable to ascertain the identity of the individual, directly or indirectly. For purposes of this Policy, Personal Data includes Device Information and Order Information to the extent they identify you.

PURPOSES OF COLLECTION AND USE
We use your Personal Data for the following purposes, in line with DPP1 (purpose and manner of collection):

Order Fulfilment: To process payments, arrange shipping, provide invoices/confirmations, handle returns/warranties, and provide customer support
Communication: To contact you about your orders, account, service updates, or policy changes
Fraud and Security: To screen for risk and prevent fraud, maintain Site security and integrity
Service Improvement and Analytics: To analyze browsing and usage to improve our Site, products, and services
Marketing: To provide you with information or advertising relating to our products or services, where permitted by law and in accordance with your marketing preferences (see “Direct Marketing” below)
Legal and Compliance: To comply with legal obligations, regulatory requests, and to establish, exercise, or defend legal claims

LEGAL BASIS/COMPLIANCE POSITION UNDER HKSAR LAW
While the PDPO does not adopt a “legal basis” framework like the GDPR, we collect and use personal data in accordance with the DPPs, including fairness and transparency (DPP1), data accuracy and retention (DPP2), use limitation (DPP3), security (DPP4), openness (DPP5), and access/correction (DPP6). Where we use data for direct marketing, we comply with PDPO requirements, including notification and consent/opt‑out mechanisms.

DISCLOSURE OF PERSONAL DATA
We do not sell your Personal Data. We may disclose Personal Data to:

Service Providers (Data Processors): Payment processors, IT hosting, logistics/fulfilment, customer support, analytics, and marketing service providers engaged under written agreements imposing confidentiality and security obligations consistent with DPP4
Business Transfers: In connection with mergers, acquisitions, reorganizations, or sale of assets, subject to continued protection of Personal Data for similar purposes
Joint Activities: Where we engage in co-marketing or joint promotions, we will notify you of the categories of data shared, purposes, and the responsible parties
Legal/Regulatory: Where required by applicable laws, court orders, or law enforcement/regulatory authorities, or to protect life, health, or property, or to prevent or investigate suspected unlawful activity

DIRECT MARKETING

We may use your name, contact details, demographic information, transaction history, and browsing behavior for direct marketing of our products and services and related offerings.
We will not use your Personal Data for direct marketing unless we have obtained your consent or are otherwise permitted by law. You may opt out at any time, free of charge, by following the unsubscribe instructions in our communications or contacting us using the details below.

ONLINE ADVERTISING AND COOKIES

We may use cookies and similar technologies for analytics, performance, and advertising personalization.
You can manage cookies via your browser settings or, where available, our cookie banner/preferences tool. Disabling certain cookies may affect Site functionality.
Where required, we will seek consent for non-essential cookies.

CROSS-BORDER DATA TRANSFERS
If we transfer Personal Data outside Hong Kong (for example, to service providers or data centers), we will take all reasonably practicable steps to ensure the transferee provides a level of protection comparable to the PDPO, including through contractual safeguards and due diligence. We will comply with any applicable PCPD guidance on cross-border data transfers.

DATA SECURITY
We implement reasonable and practicable administrative, technical, and physical safeguards to protect Personal Data against unauthorized or accidental access, processing, erasure, loss, or use, consistent with DPP4. Measures may include encryption in transit and at rest, access controls, least-privilege policies, and vendor security assessments. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

DATA RETENTION
We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law or regulation (e.g., tax and accounting retention). Order Information may be retained for warranty, accounting, and legal compliance. When data is no longer needed, we will take steps to erase or anonymize it in a secure manner.

YOUR RIGHTS
Subject to the PDPO, you have the right to:

Request access to your Personal Data we hold about you
Request correction of inaccurate Personal Data
Opt out of direct marketing at any time
Requests may be made using the contact details below. We may charge a reasonable fee for data access requests as permitted by law. We will verify your identity before processing requests and respond within a reasonable time.

CHILDREN’S PRIVACY
Our Site is not directed at children. If you are under the age of majority in your place of residence, please use the Site only with the involvement or consent of a parent or guardian. If we become aware that we have collected Personal Data from a child without appropriate consent, we will take steps to delete such data.

THIRD-PARTY SITES AND SERVICES
Our Site may contain links to third-party websites or services. We are not responsible for the privacy practices of third parties. Please review their privacy policies before providing any personal data.

UPDATES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes to our practices, technologies, legal requirements, or for other operational reasons. The revised Policy will be posted on this page with an updated “Last Updated” date. Your continued use of the Site after such changes constitutes your acknowledgment of the updated Policy.

Email: info@atelierrickyhong.com
Data Protection Contact/Officer: Please address correspondence to “Data Protection Officer”
Address: Flat G, 16/F, Seabright Plaza, Shell Street, North Point, Hong Kong