Privacy Policy

Last updated: June 2026 · Effective from: 1 January 2024

This Privacy Policy explains how [COMPANY NAME], trading as Yìn Studio, collects, uses, and protects personal data when you use our website and commission our services. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) where applicable, and the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) (PDPO).

1. Who we are

[COMPANY NAME], a company registered in Hong Kong.
Registered address: [REGISTERED ADDRESS]
Contact email: hello@yinstudio.com

For EU residents, we act as the data controller. For UK residents, we act as the UK data controller. For Hong Kong residents, we are the data user under the PDPO.

2. What data we collect

  • Identity data: your name (including the name submitted for translation), any preferred names or alternative spellings you provide.
  • Contact data: email address, postal address for delivery, phone number if provided.
  • Commission data: answers to our questionnaire, including the meaning and origin of your name, personal preferences, and any cultural or linguistic context you share. This data is used solely for the purpose of translating and carving your seal.
  • Transaction data: purchase details, payment method type (we do not store full card numbers), order history.
  • Technical data: IP address, browser type, device identifiers, pages visited, time on site — collected via cookies and analytics tools.
  • Marketing data: whether you have opted in to marketing communications and your preferences.

3. Legal basis for processing

  • Contract performance: processing necessary to fulfil your commission, ship your seal, and provide after-sale support.
  • Legitimate interests: improving our website, preventing fraud, and sending service-related communications.
  • Consent: marketing emails — you may withdraw consent at any time.
  • Legal obligation: keeping financial records as required by applicable law.

Under the HK PDPO, we rely on the purposes specified in this policy as grounds for collection and use.

4. How we use your data

  • To process and fulfil your commission, including name translation and coordinating with master craftspeople.
  • To communicate with you about your order, including questionnaire delivery, translation proposals, and dispatch notifications.
  • To send marketing communications — only if you have opted in.
  • To improve our website and services.
  • To comply with legal and financial obligations.

Important: Questionnaire data — the personal and cultural details you share about your name — is used only for the purpose of crafting your seal and translation. It is never used for profiling, advertising targeting, or sale to third parties.

5. Who we share your data with

  • Shopify Inc. — e-commerce platform and order management.
  • Stripe Inc. — payment processing. PCI-DSS compliant.
  • PayPal Holdings Inc. — alternative payment processing.
  • Typeform SL — questionnaire delivery and response collection.
  • Klaviyo Inc. — email marketing platform (only used where you have consented to marketing).
  • Google LLC — Google Analytics for website analytics. We use IP anonymisation.
  • Meta Platforms Inc. — Meta Pixel for advertising effectiveness measurement (only if you consent to non-essential cookies).
  • Shipping carriers — including DHL, FedEx, and regional couriers — receive your name and delivery address to fulfil delivery.

We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.

6. International transfers

Your data may be transferred to countries outside the UK and EEA, including Hong Kong, the USA, and Canada, in the course of operating our services. Where UK or EU GDPR applies, we ensure such transfers are made on the basis of adequacy decisions or standard contractual clauses. Transfers to Hong Kong are made on the basis of Article 46 safeguards (standard contractual clauses).

7. Retention periods

  • Commission and order data: seven years from the date of order.
  • Questionnaire / commission data: retained for the duration of your commission plus twelve months, then deleted.
  • Marketing data: until you withdraw consent or we are no longer in contact.
  • Technical / analytics data: up to 26 months (Google Analytics default).

8. Cookies

  • Strictly necessary: required for the site to function. These cannot be disabled.
  • Functional: remember preferences such as currency and language.
  • Analytics: Google Analytics — only set with your consent.
  • Marketing: Meta Pixel — only set with your consent.

9. Your rights — UK and EU residents

Under UK GDPR and EU GDPR, you have the right to access, rectification, erasure, restriction, portability, and to object to processing. UK residents may lodge a complaint with the ICO: ico.org.uk. To exercise any right, email hello@yinstudio.com. We will respond within one calendar month.

10. Your rights — Hong Kong residents

Under the PDPO, you have the right to access and correct personal data we hold, and to opt out of direct marketing. Complaints may be directed to the PCPD: pcpd.org.hk.

11. Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. Shopify and Stripe are PCI-DSS compliant. No method of internet transmission is entirely secure.

12. Children

Our services are not directed at individuals under 16. We do not knowingly collect data from children. Contact us at hello@yinstudio.com if you believe a child has provided us with data.

13. Changes to this policy

We may update this policy from time to time. Where changes are material, we will notify you by email or prominent notice. The "last updated" date at the top reflects the most recent version.

14. Contact us

[COMPANY NAME]
hello@yinstudio.com
[REGISTERED ADDRESS]