Privacy Policy

 

Effective Date: April 15, 2026

 
Welcome to MystiCrystal (referred to as “the Site”, “we”, “us”, or “our”). We are committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website, purchase our crystal jewelry products, or interact with our services (collectively, the “Services”).
 
This policy applies to all users worldwide, including customers, visitors, and individuals accessing our Services in Latin America, South America, Southeast Asia, and other regions, with specific provisions aligned with local privacy regulations (e.g., Brazil’s LGPD, Mexico’s LFPDPPP, Singapore’s PDPA, and more).
 
 

1. Who We Are

 
Our website address is: https://mysticrystal.orm509.euginda.com
 
MystiCrystal is the data controller for your personal information. For privacy-related inquiries, you may contact us at:
 
  • Email: MystiCrystal@gamil.com
  • Phone: +852 84951314
  • Business Address: 8 Castle Peak Road Tuen Mun Hong Kong
 
 

2. Information We Collect From You

 
We collect information you provide directly, as well as data automatically collected when you use our Site:
 

2.1 Information You Provide Directly

 
We collect personal information you voluntarily submit when you:
 
  • Place an order or create an account: Full name, email address, phone number, shipping/billing address, and payment details (we do NOT store full credit card numbers; payments are processed by PCI DSS-compliant third-party providers).
  • Contact customer support: Your name, email, and details of your inquiry/order issue.
  • Subscribe to our newsletter: Your email address, and product preferences (e.g., zodiac crystal interests).
  • Participate in promotions/giveaways: Any information you provide to enter these activities.
 

2.2 Automatically Collected Information

 
When you visit our Site, we may collect:
 
  • Technical data: IP address, device type (mobile/desktop), browser version, operating system, and device identifiers.
  • Usage data: Pages viewed, links clicked, time spent on pages, referral sources, and order history (for logged-in users).
  • General location data: Derived from your IP address (country/region only), to offer relevant shipping options and comply with regional sales rules.
 

2.3 Information From Third Parties

 
We may receive limited data from trusted service providers, including:
 
  • Payment processors (e.g., PayPal, Stripe): To verify payments and prevent fraud.
  • Shipping/logistics providers: To fulfill orders and send tracking updates.
  • Analytics tools (e.g., Google Analytics): Anonymized usage data to improve our Site.
  • Marketing platforms (e.g., Meta Ads): If you interact with our ads, we may receive aggregated performance data.
 
 

3. How We Use Your Personal Information

 
We only process your data for specific, legitimate purposes:
 
  • Order fulfillment: Process payments, arrange shipping, send order confirmations, and handle returns/exchanges.
  • Customer support: Respond to inquiries, resolve order issues, and provide after-sales assistance.
  • Site improvement: Analyze usage to optimize our website, product offerings, and user experience (e.g., identifying popular zodiac crystal designs).
  • Personalized marketing (with your consent): Send newsletters, promotions, and tailored offers for our crystal jewelry (you may opt out at any time).
  • Security and fraud prevention: Verify user identities, detect unauthorized access, and prevent malicious activity.
  • Legal compliance: Meet tax, accounting, and consumer protection requirements in your region.
 
 

4. How We Share Your Personal Information

 
We do NOT sell, rent, or lease your personal information to third parties for marketing purposes without your explicit consent. We may share your data only in the following cases:
 

4.1 Trusted Service Providers

 
We share your information with third parties who assist us in operating our business, including:
 
  • Payment processors (to handle secure transactions).
  • Shipping providers (to deliver your orders).
  • IT/hosting providers (to maintain our secure website servers).
     
    All service providers are contractually required to protect your data and process it only as instructed by us.
 

4.2 Legal Requirements

 
We may disclose your data if required by law, or to protect our rights, property, or safety (e.g., responding to court orders, preventing fraud).
 

4.3 Business Transfers

 
In the event of a merger, acquisition, or sale of our business, your personal information may be transferred as part of the transaction. We will notify you of any such change.
 
 

5. Data Retention

 
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected:
 
  • Order/billing data: Retained for the period required by tax, accounting, and consumer protection laws (typically 5–7 years, depending on your region).
  • Account information: Retained until you request deletion, or for as long as needed to provide our Services.
  • Marketing consent records: Retained until you opt out of communications.
  • Anonymized analytics data: Stored in aggregated form (no personal identifiers) for up to 26 months.
 
If you request deletion of your data, we will comply with applicable laws (e.g., LGPD, PDPA) unless we are legally required to retain certain records.
 
 

6. Your Privacy Rights

 
Depending on your location, you may have the following rights under local privacy regulations:
 
  • Right of Access: Request a copy of the personal information we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure (“Right to be Forgotten”): Request deletion of your data (where legally permitted).
  • Right to Restrict Processing: Request we limit how we use your data in certain circumstances.
  • Right to Data Portability: Request transfer of your data to another controller (where applicable).
  • Right to Object: Opt out of direct marketing communications, or object to processing based on legitimate interests.
  • Right to Withdraw Consent: If you previously agreed to processing (e.g., marketing emails), you may withdraw consent at any time.
 
To exercise any of these rights, please contact us at MystiCrystal@gamil.com. We will respond to valid requests within 30 days (or the timeframe required by your local law) and may verify your identity to process your request.
 
 

7. Cookies and Tracking Technologies

 
Our Site uses cookies and similar tools to enhance your experience:
 
  • Essential Cookies: Required for site operation (e.g., maintaining your shopping cart, processing orders). These cannot be disabled.
  • Performance Cookies: Help us analyze site traffic and improve our Services (e.g., Google Analytics cookies).
  • Functional Cookies: Remember your preferences (e.g., language settings, site theme).
  • Marketing Cookies: Used to deliver relevant ads (with your consent).
 
You can control cookies through your browser settings (e.g., block/delete cookies). Disabling essential cookies may affect site functionality, such as order processing.
 
 

8. Third-Party Links

 
Our Site may contain links to external platforms (e.g., payment gateways, shipping providers, social media). This Privacy Policy does not apply to these third-party sites, and we encourage you to review their privacy policies before sharing your information.
 
 

9. International Data Transfers

 
We operate globally, and your personal information may be transferred to and stored in countries outside your residence (e.g., Hong Kong, where our servers/service providers are located). These countries may have different data protection laws, but we ensure transfers comply with applicable regulations through safeguards like standard contractual clauses (SCCs) and data processing agreements (DPAs).
 
 

10. Data Security

 
We implement industry-standard security measures to protect your data, including:
 
  • Encryption of sensitive information (e.g., payment data handled by PCI-compliant processors).
  • Secure servers with firewalls and regular security updates.
  • Restricted access to personal data (only authorized personnel may access it for job-related purposes).
  • Regular security audits to identify vulnerabilities.
 
While we take reasonable precautions, no method of internet transmission or electronic storage is 100% secure, and we cannot guarantee absolute data security.
 
 

11. Children’s Privacy

 
Our Services are intended for users aged 13 and older. We do not knowingly collect information from children under 13. If you believe we have collected data from a child, please contact us immediately, and we will delete it.
 
 

12. Updates to This Privacy Policy

 
We may update this policy to reflect changes in our practices, legal requirements, or business operations. We will notify you of material changes by posting the updated policy on our Site with a new “Effective Date”. Your continued use of our Services after the effective date constitutes acceptance of the changes.
 
 

13. Contact Us

 
If you have questions, concerns, or requests regarding this Privacy Policy, please reach out to us:
 
  • Email: MystiCrystal@gamil.com
  • Phone: +852 84951314
  • Mailing Address: 8 Castle Peak Road Tuen Mun Hong Kong