Privacy Policy
AimallWorld Privacy Policy
1. Types of Information We Collect
1.1 Personal Data Provided Directly
Order Information:
- Name, billing address, shipping address, email address, phone number
Payment Information:
- Credit card number, expiration date, security code (transmitted via encryption to the payment gateway; we do not store the complete details)
Account Information (e.g., when registering as a member):
- Username, encrypted password, order history
Customization Details (e.g., for natural hair products):
- Hair texture preferences (curl type, length, color), scalp sensitivity notes
1.2 Automatically Collected Technical Data
Device Information:
- IP address, browser type (e.g., Chrome/Safari), operating system (e.g., Windows/iOS), device model
Usage Behavior:
- Pages visited, products added to the cart, duration of stay, click heatmap data
Cookies and Tracking Technologies:
- Necessary Cookies: Session cookies (to maintain cart status), security verification cookies
- Analytical Cookies: Google Analytics (records traffic sources; can be disabled via browser settings)
- Marketing Cookies: Facebook Pixel (used for ad retargeting; displays a consent banner on first visit)
1.3 Third-Party Source Data
Social Media Platforms (e.g., Facebook):
- When you log in using a social account, we obtain publicly available profile information (username, profile picture)
Logistics Partners (e.g., DHL):
- Package delivery status feedback is transmitted to our system
2. Purposes and Scenarios for Data Usage
2.1 Core Business Purposes
- Order Processing:
Verifying addresses, generating shipping labels, sending logistic notification emails - Customer Support:
Resolving returns/exchanges and quality issues via email or phone (communication history is recorded for traceability) - Payment Processing:
Real-time integration with payment gateways such as Stripe/PayPal to complete charges
2.2 Service Optimization Purposes
- Personalized Recommendations:
Displaying similar wig styles based on browsing history (e.g., if “curly bob” was viewed, related accessories are recommended) - Market Analysis:
Analyzing purchasing preferences of African-descendant users (e.g., quarterly reports on popular colors)
2.3 Legal and Security Purposes
- Fraud Detection:
Analyzing abnormal multiple order behaviors from the same IP address - Cooperation with Law Enforcement:
Providing order data related to suspected money laundering or illegal transactions as required by law
3. Data Sharing Recipients and Scope
3.1 Mandatorily Shared Third Parties
| Third Party Type | Shared Data Scope | Purpose | Data Processing Agreement |
|---|---|---|---|
| Payment Processors (PayPal) | Order amount, billing address, payment credentials | Transaction completion | PCI-DSS certification + encrypted transmission |
| Logistics Companies (DHL) | Recipient’s name, address, phone number | Package transportation and tracking | Confidentiality agreement (NDA) |
| Cloud Services (AWS) | All business data (encrypted storage) | Data hosting | AWS GDPR compliance terms |
3.2 Selectively Shared (Requires Your Consent)
- Email Marketing Services (e.g., Mailchimp):
Only email addresses are shared for sending promotional information (you may unsubscribe at any time)
3.3 Legally Mandated Disclosure
- In the event of receiving a court subpoena or government investigation order, we may provide the relevant data as required by law.
4. International Data Transfer and Safeguards
Data Recipient Locations:
- China (Hair Product Suppliers):
Transmits order specification data (e.g., hair length, hair volume) under the standard contracts stipulated by the “Personal Information Protection Law of China”. - Nigeria (Natural Hair Procurement Team):
Transmits supplier quality inspection reports protected by the EU Standard Contractual Clauses (SCCs).
User Rights Protection:
- You may request to review specific records of cross-border data transfers.
5. Your Data Rights and How to Exercise Them
5.1 GDPR (for EU Users) Rights
| Right | How to Exercise | Response Timeframe |
|---|---|---|
| Right of Access | Log into your account to download data or email the DPO | 30 days |
| Right to Rectification | Edit personal information directly on the “My Account” page | Effective immediately |
| Right to Erasure (Right to be Forgotten) | Complete the online form and provide identification (e.g., order number) | 14 days |
| Right to Restrict Processing | Contact customer support to freeze your account | 48 hours |
5.2 CCPA (for California Users) Rights
- Opt-Out of Data Sale:
Click the “Do Not Sell My Personal Information” link in the website footer. - Right to Information:
You may request disclosure of the categories and purposes of the data collected over the past 12 months.
6. Data Security Measures
Technical Measures:
- TLS 1.3 encryption for all data transmissions
- Daily incremental backups of the database (retained for 30 days)
Administrative Measures:
- Annual privacy protection training for employees
- Strict tiered access controls (only customer service personnel can view order addresses)
7. Children’s Privacy Protection
- Ordering is prohibited for users under the age of 13. If data for a child is inadvertently collected:
- Immediately delete the account and all related order data.
- Notify the guardian and retain written records.
8. Policy Updates and Notifications
- Change Log:
List the update dates and summaries of changes at the bottom of the policy. - Major Change Notifications:
Announced via website pop-ups and reminders sent to registered email addresses.
9. Contact Us
Data Protection Officer (DPO):
- Email: support@aimallworid.com (please include “Privacy Request” in the subject line)
- WhatsApp:+86 18081903317
- Mailing Address:Room 13, 27/F, Goodview Commercial center,2-16 Fat Yuen street, Mongkok, Kowloon, HongKong
Response Commitment:
All requests will receive an initial response within 72 hours and be fully processed within 30 days.
