Privacy policy

PRIVACY POLICY

Effective date: 8 June 2026

Hani Skin operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). Hani Skin is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy.

PERSONAL INFORMATION WE COLLECT OR PROCESS

When we use the term "personal information," we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified. We may collect or process the following categories of personal information, depending on how you interact with the Services:

- Contact details including your name, address, billing address, shipping address, phone number, and email address.
- Financial information including payment card information, transaction details, form of payment and payment confirmation.
- Account information including your username, password, security questions, preferences and settings.
- Transaction information including the items you view, put in your cart, or purchase, return, exchange or cancel.
- Communications with us including the information you include in communications with us, for example, when sending a customer support inquiry.
- Device information including information about your device, browser, or network connection, your IP address, and other unique identifiers.
- Usage information including information regarding your interaction with the Services, including how and when you interact with or navigate the Services.

PERSONAL INFORMATION SOURCES

We may collect personal information from the following sources:

- Directly from you including when you visit or use the Services, communicate with us, or otherwise provide us with your personal information.
- Automatically through the Services including from your device when you use our products or services or visit our website, and through the use of cookies and similar technologies.
- From our service providers including when we engage them to enable certain technology and when they collect or process your personal information on our behalf.
- From our partners or other third parties.

HOW WE USE YOUR PERSONAL INFORMATION

We may use personal information for the following purposes:

- Provide and Improve the Services. To process your payments, fulfil your orders, send notifications related to your account, arrange for shipping, facilitate returns and exchanges, and create a customised shopping experience for you.
- Marketing and Advertising. To send marketing and promotional communications by email, and to show you relevant advertisements for products or services based on your activity on the Services.
- Security and Fraud Prevention. To authenticate your account, provide a secure payment and shopping experience, and detect or take action regarding possible fraudulent or malicious activity.
- Communicating with You. To provide you with customer support and to maintain our business relationship with you.
- Legal Reasons. To comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies.

HOW WE DISCLOSE PERSONAL INFORMATION

We may disclose your personal information to third parties in the following circumstances:

- With Shopify, our e-commerce platform provider, which processes your data to operate our store, payments and order fulfilment.
- With payment processors (including Shopify Payments, PayPal, Apple Pay, Google Pay, Shop Pay) to process your transactions securely.
- With shipping and logistics partners, including our supplier Hypercape (Korea), to fulfil and deliver your orders.
- With email marketing and customer engagement platforms (such as Klaviyo and ManyChat) to send order confirmations, marketing communications you have opted into, and provide customer support.
- With analytics and advertising platforms, specifically TikTok (ByteDance Ltd.), Meta Platforms (Facebook, Instagram), and Google, to measure ad performance, optimise our marketing campaigns, and show you relevant ads. This includes the use of tracking technologies (pixels and server-side Conversion APIs) that share hashed customer information — such as email address, phone number, and IP address — in a privacy-preserving format. You can opt out of personalised ads at any time using the controls listed in the "COOKIES AND TRACKING TECHNOLOGIES" section below.
- With review platforms (Judge.me) to collect and display authentic customer reviews, with your consent.
- When you direct or consent to our disclosure of certain information to third parties, such as to ship you products.
- In connection with a business transaction such as a merger or acquisition, to comply with any applicable legal obligations, or to enforce any applicable terms of service or policies.

RELATIONSHIP WITH SHOPIFY

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy at https://www.shopify.com/legal/privacy/app-users. You may also exercise certain rights with respect to your personal information at the Shopify Privacy Portal at https://privacy.shopify.com/en.

COOKIES AND TRACKING TECHNOLOGIES

Hani Skin uses cookies, pixels, web beacons, and similar tracking technologies to operate the website, understand how visitors use the Services, and deliver relevant marketing. We use three categories of cookies:

- Essential cookies. Required for the website to function (e.g., shopping cart, checkout, login). These cannot be disabled.
- Analytics cookies. Help us understand how visitors interact with the Services (e.g., Shopify Analytics, Google Analytics). These help us improve the customer experience.
- Marketing cookies and pixels. Used by our advertising partners (TikTok Pixel, Meta Pixel, Google Ads) to measure campaign performance and show you personalised ads on those platforms. These technologies may share hashed identifiers (such as your email address) with the respective platforms via server-side Conversion APIs to improve ad attribution while protecting your privacy.

You may disable non-essential cookies through our cookie banner (when available) or your browser settings. Disabling certain cookies may affect website functionality.

To opt out of personalised advertising specifically:

- TikTok: Settings & privacy → Ads → Ad personalisation
- Meta (Facebook/Instagram): Settings → Ads → Ad preferences
- Google: visit https://adssettings.google.com

THIRD PARTY WEBSITES AND LINKS

The Services may provide links to websites or other online platforms operated by third parties. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites.

CHILDREN'S DATA

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children under the age of majority in your jurisdiction. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.

SECURITY AND RETENTION OF YOUR INFORMATION

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee complete security. How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide you with Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies.

YOUR RIGHTS AND CHOICES

Depending on where you live, you may have some or all of the following rights in relation to your personal information:

- Right to Access / Know. You may have a right to request access to personal information that we hold about you.
- Right to Delete. You may have a right to request that we delete personal information we maintain about you.
- Right to Correct. You may have a right to request that we correct inaccurate personal information we maintain about you.
- Right of Portability. You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
- Managing Communication Preferences. We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you.

You may exercise any of these rights by contacting us using the contact details provided below.

COMPLAINTS

If you have complaints about how we process your personal information, please contact us using the contact details provided below. You may also have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au.

INTERNATIONAL TRANSFERS

Your personal information may be transferred to, stored, and processed in countries outside Australia, including:

- South Korea, where our supplier Hypercape is located, for order fulfilment.
- United States, Ireland, and Singapore, where our service providers (Shopify, Meta, TikTok/ByteDance, Google, Klaviyo) store and process data on our behalf.

We take reasonable steps to ensure your personal information is handled in accordance with the Australian Privacy Principles regardless of where it is processed, including by relying on standard contractual clauses and data processing agreements with our service providers.

DATA RETENTION

We retain your personal information only as long as necessary for the purposes described in this Privacy Policy, including:

- Order and transaction data: retained for 7 years to comply with Australian taxation and consumer law obligations.
- Account information: retained while your account is active and for up to 2 years after your last interaction.
- Marketing communications: retained until you unsubscribe or request deletion.
- Cookies and tracking data: retained for up to 13 months unless you clear them earlier.

After these periods, your data is securely deleted or anonymised.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this page and update the effective date accordingly.

CONTACT

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please email us at hello@haniskin.com.