Privacy Policy

ROYAL CAVIAR CLUB

Privacy policy

This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from royalcaviarclub.com (the “Site”).

Last Updated: 10/7/2025

1. Introduction

Royal Caviar Club Limited ("we," "us," or "our") operates www.royalcaviarclub.com (the "Site"). We are committed to protecting your privacy and handling your personal information with transparency and security. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Site or make a purchase. By accessing the Site, you consent to the practices described herein. For questions, contact our Data Protection Officer at info@royalcaviarclub.com.

2. Personal Information We Collect

2.1 Device Information

When you browse the Site, we automatically collect:

  • Technical Identifiers: IP address, browser type/version, operating system, device type (mobile/desktop), and time zone.

  • Browsing Behavior: Pages viewed, products browsed, clickstream patterns, session duration, scroll depth, and mouse movements.

  • Referral Data: Search terms, referral URLs (e.g., social media links), and campaign tags (UTM parameters).

  • Cookie Data: Authentication tokens, shopping cart identifiers, and language preferences.

Collection Technologies:

Technology Purpose Opt-Out Mechanism
Cookies Session management, cart retention Browser settings / AllAboutCookies.org
Web Beacons Email open-rate tracking, page engagement Disable images in emails
Log Files Security auditing, performance diagnostics N/A (server-side)
Session Replay UX optimization via heatmaps (e.g., Hotjar) Hotjar Opt-Out
SDKs Mobile app analytics (if applicable) Device OS settings

2.2 Order Information

During checkout, we collect:

  • Identity Data: Full name, title, date of birth (for age verification).

  • Contact Details: Email, phone number, billing/shipping addresses.

  • Payment Information:

    • Credit/debit cards (Visa, Mastercard, Amex)

    • Bank transfers (via SWIFT/IBAN)

    • Cryptocurrencies (Bitcoin, Ethereum)

    • Third-party wallets (PayPal, Apple Pay)

  • Transaction Records: Order history, product preferences, and return requests.

2.3 Supplemental Data

  • Offline Interactions: Customer service call recordings, in-person event registrations.

  • Third-Party Data: Marketing lists from trusted partners (e.g., luxury goods databases), social media profiles (with consent).

  • User-Generated Content: Product reviews, survey responses.

Note: We do not collect sensitive data (e.g., health information) without explicit consent.

3. How We Use Your Personal Information

3.1 Order Information Processing

Purpose Legal Basis (GDPR) Examples
Order fulfillment Contractual necessity Shipping confirmation, payment processing
Fraud screening Legitimate interest Address verification, transaction monitoring
Customer communications Legitimate interest Delivery updates, return notifications
Personalized marketing Consent (opt-in) VIP product launches, caviar pairing suggestions
Loyalty program management Contractual necessity Reward point tracking, tier benefits
Legal compliance Legal obligation Tax reporting, regulatory audits

3.2 Device Information Utilization

  • Site Optimization: A/B testing page layouts, reducing load times.

  • Analytics: Conversion rate tracking, bounce rate analysis.

  • Advertising:

    • Retargeting abandoned carts via Facebook/Instagram

    • Lookalike audience campaigns on Google Ads

    • Lifetime value (LTV) modeling for high-value clients

  • Security: Brute-force attack prevention, bot detection.

4. Sharing Your Personal Information

4.1 Service Providers

Category Vendors Purpose Data Shared
E-commerce Shopify Store infrastructure Order Information, Cookies
Analytics Google Analytics, Mixpanel Traffic analysis Device Information
Payment Processing Stripe, Adyen Secure transactions Payment details
Shipping DHL, FedEx Global logistics Address, phone number
Marketing Klaviyo, Mailchimp Email campaigns Email, purchase history
Fraud Prevention Signifyd, Sift Risk scoring IP, device fingerprints

All vendors operate under strict data processing agreements (DPAs) and may access data only for contract-bound purposes.

4.2 Legal & Business Transfers

We disclose information:

  • To comply with subpoenas, court orders, or Interpol requests.

  • During mergers/acquisitions (e.g., asset sale to luxury conglomerate).

  • To investigate illegal activities (e.g., caviar trafficking).

4.3 International Transfers

Data is transferred globally under safeguards:

  • EU → US: Standard Contractual Clauses (SCCs) with Shopify.

  • UK → Hong Kong: Binding Corporate Rules (BCRs) for intra-group sharing.

  • Switzerland: Adequacy decisions.

5. Behavioral Advertising & Opt-Out

5.1 How Targeting Works

We use:

  • Dynamic Product Ads: Show recently viewed caviar tins on Instagram.

  • Geofencing: Target ads to users near luxury hotels in Hong Kong.

  • Predictive Analytics: Identify clients likely to purchase premium Ossetra.

5.2 Opt-Out Mechanisms

6. User Rights & Requests

6.1 GDPR (EU/UK/EEA)

You may:

  • Access: Request a copy of your data (free of charge).

  • Rectify: Update inaccurate address/payment details.

  • Erasure: Delete account ("Right to Be Forgotten").

  • Restrict Processing: Temporarily freeze data during disputes.

  • Data Portability: Receive order history in CSV format.

  • Object: Opt out of direct marketing.

Response Time: 30 days (extendable for complex requests).

6.2 CCPA/CPRA (California)

  • Know: Disclose data categories collected in past 12 months.

  • Delete: Remove personal information (exceptions apply).

  • Opt-Out: Prevent "sale" of data (defined broadly under CCPA).

  • Non-Discrimination: No service degradation for exercising rights.

Submit Requests: Email info@royalcaviarclub.com with "CCPA Request" in subject line.

6.3 Other Jurisdictions

  • Brazil: LGPD requests via our DPO.

  • Hong Kong: PDPO compliance through our Privacy Officer.

7. Data Retention & Security

7.1 Retention Schedule

Data Type Retention Period Reason
Order Records 7 years Tax compliance (HMRC/HK IRD)
Marketing Profiles 2 years after last activity Re-engagement campaigns
Server Logs 90 days Security forensics
Service Recordings 6 months Quality assurance

7.2 Security Protocols

  • Encryption: AES-256 for data at rest, TLS 1.3 for data in transit.

  • Access Controls: Role-based permissions, biometric authentication.

  • Audits: Annual penetration testing, SOC 2 Type II compliance.

  • Breach Response: 72-hour GDPR notification protocol.

8. Minors' Privacy

  • The Site is strictly for users aged 21+.

  • We use age-gating at checkout and third-party verification (Yoti).

  • Minors' data discovered accidentally will be purged within 48 hours.

9. Policy Updates & Version Control

We will notify you of changes via:

  • Email Alert: For material revisions (e.g., new data sharing).

  • Site Banner: 30-day advance notice for non-material updates.

  • Archive: Previous versions [available here].

Recent Changes:

  • [Date]: Added cryptocurrency payment details (Section 2.2).

  • [Date]: Implemented GPC support (Section 5.2).

10. Contact Information

Data Protection Officer (DPO):

  • Email: dpo@royalcaviarclub.com

  • Mail: Royal Caviar Club Limited
    Attn: Data Protection Officer
    18 On Lan Street, 13/F, Central
    Hong Kong SAR

EU Representative (GDPR Article 27):
[Insert Name & Address of EU Representative]

Response Timeline:

  • General inquiries: 5 business days

  • Data requests: 30 calendar days

  • Complaints: Escalation path to Hong Kong SARG (Privacy Commissioner)

11. Cookies & Tracking Technologies

11.1 Cookie Classification

Type Purpose Examples
Essential Site functionality Shopping cart IDs, login tokens
Analytics Performance metrics Google Analytics, Hotjar
Marketing Behavioral advertising Facebook Pixel, AdRoll
Preference User customization Language settings, currency

11.2 Consent Management

Withdraw consent anytime via our [Cookie Preference Center].

12. Third-Party Links & Integrations

  • External Sites: We are not responsible for privacy practices on linked sites (e.g., caviar sustainability certifications).

  • Social Plugins: Facebook "Like" buttons may collect data independently.

13. Legal Frameworks & Compliance

  • Primary Regulations: GDPR (EU), PDPO (Hong Kong), CCPA (California).

  • Cross-Border Mechanisms: SCCs, APEC CBPR, UK Addendum.

  • Dispute Resolution: Hong Kong Arbitration Centre.

CONTACT US

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e‑mail at info@royalcaviarclub.com or by mail using the details provided below:

RoyalCaviarClub
[Re: Privacy Compliance Officer]
Main office address : Royal Caviar Club Limited, 29/F, Singga Commercial Centre, 148 Connaught Road West, Hong Kong