Privacy Policy

1. Introduction

English Text:
Welcome to Voyage TC, operated by Dearshare Technology Limited (“we,” “us,” or “our”). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website voyagetc.shop (the “Site”) or purchase our products.

We are a Hong Kong-based company serving customers worldwide. We strive to comply with applicable data protection laws in the jurisdictions where we operate, including:

• The Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”)
• The EU General Data Protection Regulation (“GDPR”)
• The California Consumer Privacy Act (“CCPA”)
• Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”)
• The Australian Privacy Principles (“APPs”) under the Privacy Act 1988

In the event of any conflict between applicable legal requirements, we will apply the requirements of Hong Kong law as our baseline standard, supplemented by additional rights afforded to you under your local laws where applicable.

By accessing or using our Site, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our Site immediately.

2. About Us – Data Controller Information

English Text:
For the purposes of GDPR, PIPEDA, and other applicable data protection laws, the data controller responsible for your personal information is:

Dearshare Technology Limited
15/F, Room A, Kings Tower
111 King Lam Street, Cheung Sha Wan
Kowloon, Hong Kong

📧 Email: info@voyagetc.shop
📞 Phone: +852 1111 1111

EU Representative (GDPR Article 27):
As a Hong Kong-based company serving EU customers, we are in the process of designating an EU Representative. For urgent privacy matters concerning EU data subjects, please contact us directly at info@voyagetc.shop with the subject line “GDPR Inquiry – EU Representative,” and we will route your request appropriately. 

3. What Personal Information We Collect

English Text:
We collect personal information that you voluntarily provide to us and information that is automatically collected when you interact with our Site.

3.1 Information You Provide Directly

• Identity & Contact Data: Full name, email address, shipping address, billing address, telephone number.
• Order & Transaction Data: Products purchased, order value, payment method (note: full payment card details are processed by our third-party payment processors; we do not store complete card numbers).
• Communication Data: Information you provide when contacting customer support, submitting inquiries, or participating in surveys.
• Custom Order Data: Design preferences, customization requests, photographs, or other materials you provide for personalized products.

3.2 Information Collected Automatically

• Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types, operating system and platform, device identifiers.
• Usage Data: Pages visited, time spent on pages, clickstream data, products viewed, referring/exit pages, search terms.
• Cookie Data: We use cookies and similar tracking technologies. See Section 10 (Cookies & Tracking Technologies) for details.

3.3 Sensitive Personal Information
We do not intentionally collect sensitive personal information (as defined under applicable laws, such as racial or ethnic origin, political opinions, religious beliefs, health data, biometric data). If you provide such information voluntarily (e.g., in custom order notes), you consent to our processing of that information solely for the purpose of fulfilling your request. 

4. How We Use Your Personal Information

English Text:
We use your personal information for the following purposes, relying on the lawful bases indicated below:

Purpose of Processing	Lawful Basis (GDPR Reference)
Processing and fulfilling your orders (including shipping, delivery confirmation, and returns)	Performance of a Contract (Art. 6(1)(b))
Communicating with you about your orders, inquiries, or customer service requests	Performance of a Contract (Art. 6(1)(b))
Processing payments and preventing fraudulent transactions	Performance of a Contract & Legitimate Interests (fraud prevention) (Art. 6(1)(f))
Sending you marketing communications (where you have opted in)	Consent (Art. 6(1)(a))
Improving our Site, products, and customer experience (analytics)	Legitimate Interests (business improvement) (Art. 6(1)(f))
Complying with legal obligations (tax records, regulatory compliance)	Legal Obligation (Art. 6(1)(c))
Handling returns, refunds, and warranty claims	Performance of a Contract (Art. 6(1)(b))

For customers in Canada (PIPEDA) and Australia (APPs), we collect, use, and disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances. 

Marketing Communications: We will only send you marketing emails if you have explicitly consented. You may withdraw consent at any time using the “unsubscribe” link in any marketing email or by contacting us.

5. How We Share and Disclose Your Information

English Text:
We do not sell your personal information to third parties for monetary consideration. We may share your information in the following circumstances:

5.1 Service Providers & Data Processors
We engage trusted third-party service providers to perform functions on our behalf, including:

• Payment Processors (e.g., Stripe, PayPal) – to process transactions
• Shipping Carriers (e.g., DHL, FedEx, local postal services) – to deliver your orders
• Website Hosting & Analytics (e.g., WordPress hosting providers, Google Analytics)
• Email Marketing Platforms – to send transactional and marketing emails

All service providers are contractually obligated to process your data only on our instructions and to implement appropriate security measures. For GDPR purposes, we enter into Data Processing Agreements (DPAs) with these providers. 

5.2 Cross-Border Data Transfers (International Customers)
As a Hong Kong-based company shipping worldwide, your personal information will be transferred to and processed in Hong Kong, and may be further transferred to:

• Shipping carriers in your destination country
• Payment processors located in the United States or other jurisdictions

For EU Customers (GDPR Chapter V): We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for transferring personal data outside the EEA. We also conduct Transfer Impact Assessments (TIAs) where required. 

For Hong Kong PDPO Compliance: We follow the guidance issued by the Hong Kong Privacy Commissioner for Personal Data regarding cross-border data transfers, including the use of Recommended Model Contractual Clauses to ensure that transferred personal data receives protection comparable to Hong Kong standards. 

5.3 Legal & Compliance Disclosures
We may disclose your information where required by law, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety, or that of our customers
• Prevent or investigate fraud or illegal activity

5.4 Business Transfers
In the event of a merger, acquisition, or sale of all or part of our business assets, customer information may be transferred as part of the transaction. You will be notified of any such change in ownership or control of your personal information.

5.5 CCPA Disclosures (California Residents)
Under the CCPA, we confirm that we have not sold personal information in the preceding 12 months and do not sell the personal information of minors under 16. We do share information with service providers for cross-context behavioral advertising; you have the right to opt-out of such sharing. See Section 13 for California-specific rights. 

6. Data Retention – How Long We Keep Your Information

English Text:
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law.

Category of Data	Retention Period
Order & Transaction Records	7 years (to comply with Hong Kong tax and accounting obligations)
Customer Account Information	Until account deletion request or 3 years of inactivity
Marketing Consent Records	Until consent is withdrawn, plus 2 years for audit purposes
Customer Service Communications	2 years from last contact
Technical & Analytics Data	26 months (Google Analytics default)

Once the retention period expires, personal information is securely deleted, destroyed, or anonymized. 

7. Data Security – How We Protect Your Information

English Text:
We implement appropriate technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption: All data transmitted between your browser and our Site is encrypted using SSL/TLS (HTTPS) technology.
• Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis, protected by strong passwords and multi-factor authentication where available.
• Secure Payment Processing: We do not store full credit card numbers. All payment transactions are processed through PCI-DSS compliant third-party gateways.
• Regular Security Reviews: We periodically review our security practices and update them in response to evolving threats.

Please Note: No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Breach Notification: In the event of a data breach involving your personal information that poses a risk of harm, we will notify affected individuals and relevant regulatory authorities in accordance with applicable legal requirements. For GDPR-covered breaches, we will notify the relevant supervisory authority within 72 hours of becoming aware. 

8. Your Privacy Rights by Jurisdiction

English Text:
Depending on your location, you may have specific rights regarding your personal information.

8.1 All Customers (Global Baseline)

• Right to be informed about how your data is used (this Policy)
• Right to access the personal information we hold about you
• Right to request correction of inaccurate information
• Right to withdraw consent for marketing communications

8.2 EU Customers – GDPR Rights 
If you are located in the European Economic Area (EEA), you have the following rights:

• Right of Access (Art. 15): Obtain confirmation of whether we process your data and a copy of that data.
• Right to Rectification (Art. 16): Correct inaccurate or incomplete data.
• Right to Erasure / “Right to be Forgotten” (Art. 17): Request deletion of your data in certain circumstances.
• Right to Restriction of Processing (Art. 18): Limit how we use your data.
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent.
• Right to Lodge a Complaint: With a supervisory authority in your EU member state.

8.3 California Residents – CCPA/CPRA Rights 
If you are a California resident, you have the following rights:

• Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and third parties with whom it is shared.
• Right to Delete: Request deletion of personal information we have collected from you (subject to exceptions).
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: You may opt-out of the “sale” or “sharing” of your personal information for cross-context behavioral advertising. To exercise this right, click the “Do Not Sell or Share My Personal Information” link in our website footer or use the Global Privacy Control (GPC) signal in your browser. 
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes requiring an opt-out right.
• Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights.

California Shine the Light Law: California residents may request information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information for such purposes.

8.4 Canadian Customers – PIPEDA Rights 
Under PIPEDA, you have the right to:

• Access your personal information in our custody or control.
• Challenge the accuracy and completeness of your information and have it amended.
• Withdraw consent at any time (subject to legal or contractual restrictions).
• Lodge a complaint with the Office of the Privacy Commissioner of Canada.

We ensure consent is meaningful and informed. For Quebec residents, we comply with Law 25 (Quebec Privacy Act) requirements regarding transparency and data governance.

8.5 Australian Customers – APP Rights 
Under the Australian Privacy Principles, you have the right to:

• Access personal information we hold about you (APP 12).
• Request correction of inaccurate, out-of-date, or incomplete information (APP 13).
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

We will respond to access and correction requests within a reasonable timeframe, generally 30 days.

8.6 Hong Kong Customers – PDPO Rights
Under the Hong Kong Personal Data (Privacy) Ordinance, you have the right to:

• Request access to your personal data (Data Access Request).
• Request correction of inaccurate personal data.
• Be informed of our policies and practices regarding personal data.
• We may charge a nominal fee for processing Data Access Requests in accordance with the Ordinance.

9. How to Exercise Your Privacy Rights

English Text:
To exercise any of the rights described above, please submit a Data Subject Request using one of the following methods:

📧 Email: info@voyagetc.shop
📞 Phone: +852 1111 1111
📍 Mail: Data Protection Officer, Dearshare Technology Limited, 15/F, Room A, Kings Tower, 111 King Lam Street, Cheung Sha Wan, Kowloon, Hong Kong

Verification Process: To protect your privacy, we will verify your identity before responding to any request. This may require you to confirm details from previous orders or provide a copy of government-issued identification (which will be deleted after verification). 

Response Timelines:

• GDPR Requests: Within 1 month (extendable by 2 months for complex requests, with notification). 
• CCPA Requests: Acknowledgment within 10 business days; full response within 45 calendar days (extendable by 45 days with notice). 
• PIPEDA Requests: Within 30 calendar days (extendable with notice). 
• Other Jurisdictions: Within a reasonable timeframe, generally 30 days.

There is no fee for exercising your rights unless requests are manifestly unfounded or excessive.

10. Cookies & Tracking Technologies

English Text:
Our Site uses cookies and similar technologies to enhance your browsing experience, analyze site traffic, and personalize content.

What Are Cookies? Cookies are small text files placed on your device when you visit a website. They help us remember your preferences (e.g., cart contents, language settings) and understand how you use our Site.

Types of Cookies We Use:

Cookie Type	Purpose	Duration
Essential/Strictly Necessary	Enable core functionality: shopping cart, checkout, secure login. Site cannot function without these.	Session-based
Functional/Preference	Remember your preferences (e.g., currency, language).	Up to 1 year
Analytics/Performance	Collect anonymized data about site usage (e.g., Google Analytics). Help us improve Site performance.	Up to 2 years
Marketing/Advertising	Track browsing habits to deliver relevant ads (e.g., Facebook Pixel, Google Ads).	Varies by provider

Cookie Consent (GDPR/ePrivacy): For visitors from the EU/EEA and UK, we only place non-essential cookies (analytics, marketing) on your device after you provide explicit consent via our cookie banner. Essential cookies are always active. You may withdraw or modify consent at any time by clicking “Cookie Settings” in the website footer. 

Managing Cookies Through Browser Settings: Most web browsers allow you to control cookies through settings. You can block or delete cookies, but this may affect Site functionality. Visit your browser’s help section for instructions.

Do Not Track (DNT) Signals: Our Site currently does not respond to DNT signals due to lack of standardized interpretation. However, we honor Global Privacy Control (GPC) signals for California residents. 

Third-Party Tracking Tools We Use:

• Google Analytics 4: Collects anonymized usage data. You may opt-out via the Google Analytics Opt-Out Browser Add-on.
• Meta (Facebook) Pixel: Tracks conversions from our advertising. EU/EEA users must consent before this pixel activates.

11. Children’s Privacy

English Text:
Our Site is not intended for children under the age of 16, and we do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at info@voyagetc.shop. Upon verification, we will promptly delete such information from our records.

For EU customers, we comply with GDPR Article 8 regarding the age of consent for information society services. For US customers, we comply with the Children’s Online Privacy Protection Act (COPPA).

12. Third-Party Links

English Text:
Our Site may contain links to third-party websites, plug-ins, or applications (e.g., social media sharing buttons, payment gateways). Clicking those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

13. California-Specific Disclosures (CCPA/CPRA)

English Text:
This section supplements this Privacy Policy and applies solely to California residents, as required under the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020).

Categories of Personal Information Collected in the Last 12 Months:

Category	Collected?	Source	Purpose	Shared With
Identifiers (name, email, address, IP address)	Yes	Direct from you; automated	Order fulfillment, communication, analytics	Service providers
Commercial Information (purchase history)	Yes	Direct from you	Order fulfillment, record-keeping	Payment processors, shipping carriers
Internet/Network Activity (browsing history)	Yes	Automated (cookies)	Analytics, Site improvement	Analytics providers
Geolocation Data (IP-based approximate location)	Yes	Automated	Shipping calculation, fraud prevention	Shipping carriers
Inferences (preferences, shopping behavior)	Yes	Derived from usage	Personalization (non-automated)	Not sold or shared
Sensitive Personal Information	No	N/A	N/A	N/A

Sales and Sharing: We have not sold personal information in the last 12 months. We do share limited information (e.g., via cookies) with advertising partners for cross-context behavioral advertising. You have the right to opt-out of such sharing. 

Notice of Financial Incentive: We do not offer financial incentives or price/service differentials in exchange for the collection of personal information.

Authorized Agents: You may designate an authorized agent to submit a CCPA request on your behalf. We will require written authorization and may verify your identity directly.

14. Canada-Specific Disclosures (PIPEDA)

English Text:
This section supplements this Privacy Policy for Canadian residents.

Accountability: We have designated a Privacy Officer responsible for ensuring compliance with PIPEDA and this Privacy Policy. Contact: info@voyagetc.shop (Attn: Privacy Officer).

Consent: By using our Site and providing personal information, you consent to the collection, use, and disclosure described in this Policy. You may withdraw consent at any time, subject to legal or contractual restrictions. We will inform you of the implications of withdrawal. 

Access and Correction: You may request access to your personal information in our custody. We will respond within 30 days and may charge a minimal fee for transcription or reproduction costs. If we refuse a request, we will provide reasons and inform you of recourse options with the Office of the Privacy Commissioner of Canada. 

Retention and Disposal: We retain personal information only as long as necessary and dispose of it securely using methods appropriate to the sensitivity of the information.

Challenging Compliance: You may challenge our compliance with PIPEDA by contacting our Privacy Officer. If unsatisfied, you may file a complaint with the Office of the Privacy Commissioner of Canada.

Quebec Law 25 Compliance: For Quebec residents, we confirm that:

• We conduct Privacy Impact Assessments (PIAs) for projects involving personal information.
• We provide transparency regarding automated decision-making (we do not currently use fully automated profiling for decisions with legal effects).
• Our Privacy Officer contact remains the same.

15. Australia-Specific Disclosures (APPs)

English Text:
This section applies to Australian residents under the Privacy Act 1988 (Cth).

Anonymity and Pseudonymity (APP 2): You may interact with our Site anonymously or using a pseudonym where practicable. However, to fulfill an order or respond to inquiries, we will require accurate identification information.

Cross-Border Disclosure (APP 8): As noted in Section 5.2, we transfer personal information to Hong Kong and to shipping carriers in destination countries. We take reasonable steps to ensure overseas recipients comply with the APPs or equivalent protections. 

Access and Correction (APPs 12-13): We will respond to access/correction requests within 30 days. If we refuse access, we will provide written reasons and inform you of your right to complain to the OAIC.

Complaints (OAIC): If you believe we have breached the APPs, please contact us first. If unsatisfied with our response, you may lodge a complaint with:
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992

16. Hong Kong-Specific Disclosures (PDPO)

English Text:
This section applies to all customers, as our baseline compliance standard.

Data Protection Principles (DPPs): We adhere to the six Data Protection Principles under the PDPO:

1. DPP1 – Purpose and Manner of Collection: We collect personal data lawfully and fairly, only for purposes directly related to our business.
2. DPP2 – Accuracy and Retention: We take practicable steps to ensure data accuracy and retain data no longer than necessary.
3. DPP3 – Use of Data: We use personal data only for the purposes for which it was collected or directly related purposes, unless we obtain your express consent.
4. DPP4 – Security: We implement security measures as described in Section 7.
5. DPP5 – Transparency: This Privacy Policy serves as our public disclosure of data handling practices.
6. DPP6 – Access and Correction: You have the right to request access to and correction of your personal data.

Data Access Requests: Under Section 18 of the PDPO, you may submit a Data Access Request. We may charge a reasonable fee to cover administrative costs. We will respond within 40 days of receiving your request and any required fee.

Cross-Border Transfers: While PDPO Section 33 is not yet in force, we voluntarily follow the Hong Kong Privacy Commissioner’s Guidance on Cross-Border Data Transfers (2014 and 2022 Guidelines) and implement Recommended Model Contractual Clauses in our vendor agreements. 

Direct Marketing: Under Section 35A of the PDPO, we will only use your personal data for direct marketing with your explicit consent. You may opt-out at any time.

17. Changes to This Privacy Policy

English Text:
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. The “Last Updated” date at the top of this page indicates when revisions were made.

For material changes, we will provide prominent notice on our Site or send an email notification to registered customers. Your continued use of the Site after changes become effective constitutes acceptance of the revised Privacy Policy. We encourage you to review this page periodically.

18. How to Contact Us / Complaints

English Text:
For any questions, concerns, or complaints regarding this Privacy Policy or our data practices, please contact our Privacy Officer:

Dearshare Technology Limited
Attn: Privacy Officer
15/F, Room A, Kings Tower
111 King Lam Street, Cheung Sha Wan
Kowloon, Hong Kong

📧 Email: info@voyagetc.shop
📞 Phone: +852 1111 1111

EU Supervisory Authority: If you are an EU resident and believe we have not adequately resolved your concern, you have the right to lodge a complaint with the data protection supervisory authority in your member state. Contact details are available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

California: You may also contact the California Privacy Protection Agency (CPPA) at www.cppa.ca.gov.

Canada: Office of the Privacy Commissioner of Canada – www.priv.gc.ca

Australia: Office of the Australian Information Commissioner – www.oaic.gov.au

Hong Kong: Office of the Privacy Commissioner for Personal Data – www.pcpd.org.hk