We regard the information security of you as our highest commitment. This policy will explain:
► How to collect/use your data ► Your control ► How we protect privacy

I. What information do we collect?

1.1 Required information
► When placing an order: name, delivery address, email, phone number (for order fulfillment and logistics)

1.2 Optional information
► Member account: password, favorite product record (encrypted storage)

II. How is the data used?
2.1 Core Purpose
┌ Complete order production and delivery
├ Send handmade progress notifications (such as "Your scarf has started to be sewn!")
└ Provide after-sales support (size modification/return)
2.2 Purposes with your consent
┌ Subscribe to e-newsletters (new products/maintenance tips, can be unsubscribed at any time)
└ Display user stories on social media (must obtain written authorization first)

III. Data Sharing Principles
3.1 Strictly restrict third parties
► Logistics partners: only share information required for delivery
► Payment gateway: do not store your bank card number
3.2 Never share/sell
► Refuse advertising data transactions ► Disable user portrait resale

IV. Your Data Sovereignty
4.1 Five major control rights
① Access right: Request a copy of your data by email (reply within 3 days)
② Correction right: Member center updates address/phone number at any time
③ Deletion right: Data is completely cleared after account cancellation (custom order records are retained for 7 years in accordance with Hong Kong law)
④ Right to object: refuse to receive marketing emails (click Unsubscribe at the bottom of the email)
⑤ Right to carry: order history can be exported as a CSV file

V. International data transfer
Due to the use of cross-border cloud services (AWS Singapore node):
► All data is encrypted for transmission ► Sign the EU Standard Contractual Clauses (SCCs)
► Mainland China users please note: data is transferred through Hong Kong and is not directly governed by the "Cybersecurity Law"

VI. Special protection of children and pets' privacy
6.1 Not for children under 13 years old
► No intentional collection of children's information, and delete it immediately upon discovery
6.2 Rules for the use of pet photos
► The owner's name/address is hidden when displaying user stories
► Please indicate #DeleteFurryChildPortrait in the email if you need to delete photos

VII. Security measures
7.1 Technical protection
► SSL full-site encryption ► PCI-DSS certification for payment page
► Employees can only access the backend through two-factor authentication
7.2 Risk response
► If a data breach occurs, you will be notified by email within 72 hours
► PwC Hong Kong is commissioned to perform penetration testing throughout the year

VIII. Policy updates and contacts
8.1 Modification and update: effective 30 days after being announced on the official website
8.2 Privacy Commissioner Email: mereled02@outlook.com (dedicated line for handling data requests)
8.3 Regulatory Complaints: Office of the Privacy Commissioner for Personal Data (PCPD) of Hong Kong

At mereled, every stitch carries trust.
We protect your privacy and security like we protect our furry friends.