Privacy policy

Effective Date: March 22, 2026
Last Updated: March 22, 2026

1. INTRODUCTION AND SCOPE

This Privacy Policy (the “Policy”) sets forth the rigorous privacy and data protection principles adhered to by Sparkslette (hereinafter referred to as "the Company," "we," "us," or "our"), a company legally registered and operating under the laws of the People’s Republic of China, with its principal place of business at 北村路101号, 奉贤区, SH, 201416, CN.

The Company operates this e-commerce store and website, offering curated mock jewellery and related services (collectively, the "Services"). We predominantly serve customers within the United Arab Emirates (UAE) and the broader Middle East region. Accordingly, this Policy is drafted to comply with applicable data protection frameworks, including the UAE Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data (the "UAE PDPL"), alongside relevant international standards.

Our store is hosted and powered by Shopify Inc., which provides the underlying e-commerce platform enabling us to provision the Services. This Policy governs the collection, processing, cross-border transfer, and safeguarding of your Personal Data when you access, use, or consummate a transaction through the Services. In the event of any discrepancy between our Terms of Service and this Policy regarding data processing, this Policy shall strictly prevail.

By accessing or utilizing the Services, you acknowledge that you have read, comprehended, and, where legally required, provided your explicit consent to the data practices delineated herein.

2. DEFINITIONS

  • "Personal Data" or "Personal Information" means any information relating to an identified or identifiable natural person, or that can be reasonably linked to you directly or indirectly.

  • "Processing" refers to any operation performed on Personal Data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, transmission, or erasure.

  • "Controller" refers to Sparkslette, which determines the purposes and means of the processing of your Personal Data.

3. CATEGORIES OF PERSONAL DATA WE COLLECT

We adhere to the principle of data minimization and only collect Personal Data strictly necessary for our specified purposes. Depending on your interaction with our Services, we may collect:

  • Contact Information: First and last name, billing address, shipping address, email address, and telephone/mobile number.

  • Financial & Transactional Information: Payment processing details (credit/debit card numbers, financial account details), form of payment, transaction history, purchased items (including mock jewellery preferences, ring/chain sizes), returns, exchanges, and order cancellations. (Note: Payment card details are processed securely via our payment gateways; we do not store full credit card numbers on our local servers).

  • Account Credentials: Usernames, passwords, security questions, and account settings/preferences.

  • Communications Data: Content of inquiries, customer support requests, and any other correspondence transmitted between you and the Company.

  • Technical & Device Data: IP address, browser type and version, time zone setting, browser plug-in types, operating system, network connection, and unique device identifiers.

  • Usage Data: Granular tracking of your interactions with the Services, including URL clickstreams, items viewed, cart additions, wishlist modifications, and page response times.

4. SOURCES OF PERSONAL DATA

Your Personal Data is procured through the following avenues:

  • Direct Provision: Data you proactively submit when registering an account, completing a transaction, subscribing to newsletters, or contacting support.

  • Automated Technologies: Data automatically aggregated via cookies, web beacons, log files, and similar tracking technologies utilized by our platform and Shopify.

  • Third-Party Service Providers: Data securely transmitted to us by payment gateways, fulfillment partners, and IT support infrastructures.

  • Business Partners: Data received from marketing networks, analytics providers, or social media integrations, subject to your external privacy settings.

5. LAWFUL BASIS AND PURPOSES OF PROCESSING

In compliance with the UAE PDPL and applicable laws, we strictly process your Personal Data based on the following lawful bases: (a) your explicit consent, (b) the necessity for the performance of a contract, (c) compliance with a legal obligation, or (d) our legitimate commercial interests, provided such interests are not overridden by your fundamental rights.

We utilize your Personal Data for the following delineated purposes:

  • Service Provision & Contract Execution: To fulfill your purchases, arrange shipping from our facilities (in China) to your designated address (in the UAE/Middle East), process payments, facilitate returns of mock jewellery, and administer your account. (Lawful Basis: Performance of a Contract)

  • Security & Fraud Mitigation: To authenticate user identities, secure the Shopify infrastructure against malicious intrusions, and prevent fraudulent financial transactions. (Lawful Basis: Legitimate Interests; Legal Obligation)

  • Customer Support & Communications: To respond to formal inquiries, provide administrative notices, and manage our ongoing commercial relationship. (Lawful Basis: Performance of a Contract; Legitimate Interests)

  • Marketing & Advertising: Subject to your consent, to deliver tailored promotional materials, newsletters regarding new mock jewellery collections, and targeted advertisements. (Lawful Basis: Consent)

  • Service Optimization: To analyze usage metrics, enabling us to refine the digital user experience and optimize our product offerings. (Lawful Basis: Legitimate Interests)

  • Legal Compliance: To enforce our Terms of Service, comply with binding legal demands from regulatory or law enforcement authorities, and defend the Company in potential litigation. (Lawful Basis: Legal Obligation)

6. DISCLOSURE AND SHARING OF PERSONAL DATA

We maintain a strict prohibition against the unauthorized sale of your Personal Data. We may disclose your information strictly to the following entities under legally binding confidentiality frameworks:

  • Shopify Inc.: As our platform host, Shopify processes your data to facilitate store operations, data analytics, and payment routing.

  • Fulfillment & Logistics Providers: Couriers and customs brokers facilitating the international transport of goods from China to the Middle East.

  • Payment Processors: Third-party financial institutions managing secure transaction clearances.

  • Corporate Affiliates: Entities within our corporate group, bound by equivalent privacy standards, for internal administrative purposes.

  • Legal Authorities: When legally compelled by a valid subpoena, court order, or regulatory directive within applicable jurisdictions, or to protect the vital interests of the Company, our customers, or the public.

7. RELATIONSHIP WITH SHOPIFY

Our Services are hosted by Shopify. Consequently, data submitted through our store is transmitted to, stored, and processed by Shopify across its global server network. To provision enhanced operational features (e.g., fraud algorithms), Shopify may amalgamate data from your interactions with our store alongside data from other merchants. For data processed explicitly for Shopify’s aggregate operational enhancements, Shopify acts as an independent data controller. For a comprehensive understanding of their practices, please review the Shopify Consumer Privacy Policy. You may also exercise specific platform-level privacy rights via the Shopify Privacy Portal.

8. INTERNATIONAL AND CROSS-BORDER DATA TRANSFERS

As Sparkslette is legally domiciled in the People's Republic of China, and given that our infrastructure is hosted by Shopify (which utilizes servers globally, including in North America), your Personal Data will inevitably be transferred outside of the UAE and the Middle East.

By utilizing the Services, you explicitly acknowledge and consent to this cross-border transfer. We implement stringent safeguards to ensure that cross-border transfers comply with the UAE PDPL (e.g., Article 22 & 23) and China's Personal Information Protection Law (PIPL) where applicable. We ensure that any receiving entity or third-party processor is bound by Standard Contractual Clauses or operates in a jurisdiction providing an adequate level of data protection as recognized by relevant data protection authorities.

9. DATA RETENTION AND SECURITY

  • Security Posture: We employ rigorous, industry-standard technical and organizational measures (including encryption, secure socket layer (SSL) technology, and access controls) to protect your Personal Data against unauthorized access, destruction, or alteration. However, recognizing the inherent vulnerabilities of the internet, you bear the responsibility of maintaining the absolute confidentiality of your account credentials.

  • Retention Limitations: We retain your Personal Data only for the duration necessary to fulfill the purposes outlined in this Policy, or as legally mandated by tax, accounting, or commercial laws in China and/or the UAE (typically ranging from 3 to 7 years post-transaction). Upon the expiration of the retention period, data is securely and irreversibly anonymized or destroyed.

10. YOUR STATUTORY RIGHTS AND CHOICES

Depending on your jurisdiction, particularly under the UAE PDPL, you are endowed with definitive legal rights regarding your Personal Data:

  1. Right to Access / Information: You may request confirmation of whether we process your data and demand a transparent copy thereof.

  2. Right to Rectification: You may compel us to correct any inaccurate or incomplete Personal Data.

  3. Right to Erasure ("Right to be Forgotten"): You may demand the deletion of your Personal Data, subject to our overriding legal or contractual retention obligations.

  4. Right to Restriction of Processing: You may request that we suspend the processing of your data under specific legal conditions.

  5. Right to Data Portability: You may request your data in a structured, machine-readable format for transfer to another controller.

  6. Right to Object / Withdraw Consent: Where processing is based on consent or legitimate interests, you possess the absolute right to object to such processing (especially for direct marketing) or withdraw your consent at any time, without affecting the lawfulness of processing conducted prior to the withdrawal.

Exercising Your Rights: You may exercise these rights by submitting a formal request to the contact details provided in Section 14. We will authenticate your identity prior to executing any request and are legally bound to respond within the statutory timeframes (generally 30 days).

11. CHILDREN'S DATA PROTECTION

Our Services are explicitly not directed at, nor do we knowingly collect Personal Data from, individuals under the age of majority in their respective jurisdictions (e.g., under 18 or 21 years of age, depending on specific Middle Eastern laws). Any provision of data by a minor must be authorized by an individual holding parental responsibility. If we become aware that we have inadvertently collected data from a minor without requisite consent, we will execute immediate protocols to purge such data from our systems.

12. THIRD-PARTY LINKS

The Services may contain hyperlinks to external portals not governed by this Policy. We absolve ourselves of any liability regarding the data processing practices of these third-party domains. You are strongly advised to scrutinize the legal frameworks of any external sites you visit.

13. AMENDMENTS TO THIS POLICY

The Company reserves the unilateral right to amend, update, or entirely revise this Policy to reflect legislative enactments, regulatory decrees, or operational modifications. Material changes will be conspicuously promulgated on this page, and the "Last Updated" date will be revised accordingly. Continued usage of the Services post-modification constitutes your formal acceptance of the revised terms.

14. CONTACT INFORMATION AND GRIEVANCES

For any formal inquiries, legal notifications, assertions of your data rights, or to lodge a grievance regarding our privacy practices, please contact our designated Privacy Compliance Team at:

Entity Name: Sparkslette
Registered Address: 北村路101号, 奉贤区, SH, 201416, CN (Beicun Road 101, Fengxian District, Shanghai, 201416, China)
Email Address: jiangyin.sparkslette@gmail.com