Privacy and Security Policy
Thank you for visiting our website (the "Website"). This Privacy and Security Policy (the “Policy”) describes what information we collect from you on the Website, how we process your personal data, the security measures we implement to safeguard your information, and your rights to view, edit, or restrict our use of such information.
This Policy forms part of the Website Terms & Conditions of Use and is legally binding on all Website visitors and users. If you disagree with this Privacy Policy, please cease using the Website immediately.
1. How We Use Your Personal Data
By submitting your personal data to us, you consent to our Website collecting and processing such data to fulfill our contractual obligations and deliver the services you request. We collect and use your personal data for the following legitimate purposes:
· To create your personal account on our Website (e.g. your full name and email address)
· To process and complete your orders (e.g. your full name, delivery address and payment/bank details)
· To send SMS notifications regarding delivery status (e.g. your mobile phone number)
· To send marketing communications including newsletters and product catalogues (e.g. your email address and full name)
· To contact you and resolve any delivery-related issues with your orders (e.g. your telephone number and shipping address)
· To respond to your inquiries and notify you of new or updated services (e.g. your email address)
We will retain your personal data only for the period necessary to provide services to you or as required by applicable laws. We are unable to delete your data if legal retention obligations apply (such as mandatory bookkeeping rules) or if there is a valid legal basis for data storage, including an ongoing contractual relationship between you and us.
Non-personal data will be used in accordance with the above purposes and other manners permitted by applicable law, including combining non-personal data with personal data.
Additionally, we monitor website usage and traffic patterns to optimize our website design, products and services, and to determine suitable offers, promotions and information to send to you.
To enhance your shopping experience, we may aggregate personal information you provide online, via mobile devices, or through our customer service hotline. We may also combine such information with publicly available data and information obtained from authorized cooperative partners. By aggregating these datasets, we can more effectively inform you of our products, services, special events and promotions, and deliver a personalized shopping experience.
We also collect and share limited visitor data with authorized marketing service providers, including Meta (Facebook), TikTok, Google Analytics/Google Ads, and Klaviyo for the following marketing purposes:
· Deploy website tracking pixels to record your browsing behavior, product clicks, cart additions and checkout actions for targeted advertising, conversion tracking and audience retargeting;
· Sync your email address, name and order records to Klaviyo to send segmented newsletters, personalized product recommendations, exclusive discount promotions and order follow-up emails;
· Analyze anonymous traffic data via Google to measure website performance, ad campaign effectiveness and optimize advertising investment.
Data sent to Meta, TikTok, Google and Klaviyo only includes website behavioral logs and contact information you voluntarily submitted. These service providers are prohibited from using your personal data for independent third-party marketing without your separate consent.
2. Your Rights to Your Personal Data
You have the right to request a full copy of all personal data we store about you. If your personal data is inaccurate, incomplete or irrelevant, you may submit a request to correct or delete such information. You are entitled to request one free written record of your account-related personal data each calendar year.
To obtain such documentation, please contact our Website Customer Service. You may withdraw your consent to our use of your personal data for marketing activities (including catalogue distribution, newsletters and promotional offers) at any time via phone or email.
Region-Specific User Rights
GDPR (EU / EEA / UK Residents)
If you are a resident of the EU, EEA or the United Kingdom, you enjoy full GDPR rights including data portability, restriction of processing and the right to object to targeted advertising. You have the right to file a complaint with your local data protection authority. Your data sent to Meta, TikTok, Google and Klaviyo will be stored on overseas servers outside the EU. We adopt Standard Contractual Clauses (SCCs) to guarantee legal protection for cross-border data transfer.
PIPEDA (Canada Residents)
If you reside in Canada, all marketing emails and SMS messages require your explicit opt-in consent. You may withdraw marketing consent at any time by clicking the unsubscribe link in emails or replying “STOP” to SMS notifications.
3. Account Information Management
You may log into your personal account to update your stored personal data. Please note that your account information is protected by your unique username and password. It is your sole responsibility to keep your login credentials confidential; all actions performed while logged into your account shall be deemed acts made by you, for which you bear full liability.
4. Third-Party Data Sharing
We will never sell your personal information to any third party for commercial gain.
However, we may share your data with third parties when it is necessary to complete transactions, deliver services, fulfill administrative procedures, or comply with legal mandates. Any data shared with third parties will only be used to fulfill our commitments to you. Our Website may also disclose your personal data to credit reference agencies or debt collection agencies for identity verification, credit checks, credit rating monitoring and debt recovery purposes.
We will also share your data if required by law or to mitigate potential or suspected fraudulent activity. Furthermore, if our Website undergoes a merger, corporate restructuring, or all or part of our business assets are transferred or acquired by a third party, your personal data may be transferred alongside such assets. If you object to the data sharing practices outlined above, please refrain from submitting your personal information to us.
Authorized Marketing Platforms & Email Service Providers
We share your non-sensitive contact information and anonymous browsing behavior with Meta, TikTok, Google and Klaviyo as our authorized marketing partners solely for advertising tracking and email marketing operations:
1. Meta & TikTok Pixels: We embed official tracking pixels on our website to collect page view, add-to-cart and purchase events. Such data helps us build matching advertising audiences and evaluate ad conversion rates. No full payment details will be transmitted to these social platforms.
2. Google Analytics & Google Ads: Anonymous device, IP and page access data are sent to Google to analyze website traffic, user preferences and ad performance. Google may use aggregated anonymous data for its own advertising network operations in compliance with Google’s privacy terms.
3. Klaviyo Email Marketing Platform: Your email address, name and order history will be stored on Klaviyo’s secure servers to deliver customized marketing emails and post-purchase after-sales reminders. You may withdraw marketing email consent at any time via the unsubscribe link inside each email.
All marketing platforms are bound by strict data processing agreements and cannot sell or rent your personal data to outside advertisers.
CCPA/CPRA Notice for California Residents
For California residents under CCPA/CPRA: Sharing your browsing and contact data with Meta, TikTok and Google for targeted advertising counts as “sharing personal information” under California law. You may opt out of such sharing permanently via the “Do Not Sell Or Share My Personal Information” link placed in our website footer. We will not charge higher prices, restrict services or discriminate against you if you exercise your opt-out right.
5. Cookies
A cookie is a small piece of data stored on a user’s local hard drive that records browsing information. We deploy both session cookies and persistent cookies. We categorize cookies into two core types for full transparency:
1. Necessary Cookies: Required for account login, order checkout and core website functions. These cannot be disabled, as the website will not work normally without them.
2. Marketing & Targeting Cookies: Deployed by Meta, TikTok and Google for retargeting advertising. You can fully block all marketing tracking cookies via our cookie consent pop-up before any tracking scripts load. If you decline marketing consent, Meta and TikTok pixels will be disabled entirely on your visit, and no behavioral data will be sent to advertising platforms.
Cookies do not damage your device or local files, and only the website that deployed a specific cookie can read, modify or delete that cookie file.
If you wish to block data collection via cookies, most mainstream browsers provide simple settings to clear existing cookies, automatically reject new cookies, or prompt you to accept or decline each cookie before it is stored.
You may clear all cookies from your computer or mobile device through your browser’s settings menu. Please refer to the "Help" section of your browser for detailed operation guides. You can fully disable cookies or enable pop-up reminders whenever a new cookie is sent to your device. Please be advised that disabling cookies will limit your access to some full website features.
6. Data Security
Our Website implements comprehensive protective measures to secure users’ personal information.
When you submit sensitive information (such as credit card numbers) on our registration or checkout pages, all data is encrypted via SSL (Secure Socket Layer) encryption technology. A padlock security icon will appear at the bottom of your browser when you are browsing an encrypted secure page (e.g. our order checkout page); no padlock icon will display on unencrypted pages.
Servers storing your personally identifiable information are hosted in secure environments with strict access control restrictions. Nevertheless, all security systems — including encryption technology — carry inherent risks and are not completely invulnerable. While we adopt all reasonable commercial efforts to protect your personal data, we cannot guarantee absolute, unbreakable security of your information.
If you have any questions regarding our website data security practices, please email us at support@elirelle.com.
7. Information Complementation & Updates
To fully fulfill our service obligations to customers, we may supplement the information you submit with data sourced from authorized third parties such as our affiliated partner websites.
For example, we aggregate users’ purchase history with corresponding data from affiliated sites to analyze collective consumption habits and customize our website layout to match user preferences.
If your personally identifiable information changes (including your zip code, phone number, email or mailing address), or you no longer wish to receive our services, we provide accessible channels for you to revise, update, delete or deactivate the personal data we store. You may complete this action via the unsubscribe link contained within our marketing communications.