Privacy Policy

EC Bot Limited (“we”, “us”, or “EC Bot”) is committed to protecting your personal data privacy and fully complies with all requirements of the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) (“the Ordinance”). This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data. By using our website https://shop.ecbothk.com/ (the “Site” or “Online Shop”), placing orders, or providing personal data, you agree to the terms of this Policy. If you do not agree, please do not provide personal data or use the Site.

1. Types of Personal Data We Collect

We may collect the following types of personal data (depending on your interactions with us):

  • Identity and contact information: Name, telephone number, email address, delivery address, billing address.
  • Order and payment information: Order details, payment method (we do not store credit card details directly—handled by third-party payment platforms), invoice requests.
  • Account and website usage data: Login credentials (if you register an account), browsing records, IP address, device information.
  • Communication data: Information provided through email, WhatsApp, or customer inquiries.
  • Other: Voluntarily provided information related to health consultations (note: we do not provide medical advice).

We collect only personal data that is necessary and adequate for the purposes, and we do not collect excessive data (in compliance with DPP1 of the Ordinance).

2. Purposes and Manner of Collection

The primary purposes for which we collect personal data are:

  • Processing and fulfilling orders (including delivery, payment confirmation, and customer service).
  • Managing accounts and providing Site functionality.
  • Improving our services and analyzing website usage (using anonymized aggregated data).
  • Responding to inquiries and sending essential order updates or communications.
  • Complying with legal obligations (e.g., tax and accounting record-keeping).

Collection is carried out in a fair and lawful manner (directly from you or through third-party partners such as payment or logistics providers). Providing personal data is voluntary, but if you refuse to provide necessary data, we may not be able to complete your order or provide services.

3. Use and Disclosure of Personal Data

We use personal data only for the purposes stated at the time of collection or for directly related purposes (in compliance with DPP3). Without your express consent, we will not use it for new unrelated purposes or for direct marketing.

We may disclose personal data (limited to what is necessary) to the following parties:

  • Logistics partners (e.g., SF Express) for delivery purposes.
  • Payment processors (e.g., Stripe, PayPal, Alipay, FPS) for transaction processing.
  • Cloud/hosting service providers (e.g., Shopify, if applicable) for Site operations.
  • Professional advisors (e.g., accountants, lawyers) or law enforcement authorities (if legally required).

We do not sell your personal data. For any cross-border transfers (e.g., to overseas servers), we implement contractual or other safeguards to ensure compliance with the Ordinance.

4. Accuracy and Retention Period

We take all practicable steps to ensure personal data is accurate and kept up to date (DPP2). You are responsible for updating your information (e.g., changes to address).

We retain personal data only for as long as necessary to achieve the purposes for which it was collected, or as required by law (e.g., tax records for 7 years). After order completion, data is generally retained for no more than 3 years (unless you request deletion or there is a legal requirement to retain it). Expired data will be securely deleted or anonymized.

5. Data Security

We implement all practicable security measures (including encryption, access controls, and firewalls) to protect personal data from unauthorized access, loss, alteration, or disclosure (DPP4). All third-party processors are contractually required to maintain equivalent security standards.

6. Cookies and Website Tracking Technologies

The Site uses cookies and similar technologies to enhance user experience, analyze traffic, and remember preferences (e.g., shopping cart items). You can manage or refuse cookies through your browser settings, but this may affect certain Site functionalities. We use tools such as Google Analytics to collect anonymous statistical data (which does not identify individuals). For details, please refer to our Cookies Policy (if a separate page exists).

7. Your Rights (Access and Correction)

Under DPP6 of the Ordinance, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.

To make an access or correction request, please submit it in writing (by email or post) to the contact details below. We will respond within 40 days (a reasonable administrative fee may be charged). If we refuse a request, we will provide written reasons.

8. Direct Marketing

We will not use your personal data for direct marketing purposes without your express consent. If we engage in direct marketing in the future, we will obtain your informed consent in advance and inform you of your right to opt out at any time.

9. Other Matters

  • This Policy is governed by the laws of Hong Kong. Any disputes shall first be resolved amicably through negotiation; failing which, they shall be submitted to the courts of Hong Kong.
  • We reserve the right to amend this Policy at any time. The updated version will be posted on the Site, and continued use constitutes acceptance.
  • If you are under 18 years of age, you must provide personal data only with the consent of a parent or legal guardian.

For any privacy inquiries or complaints, please contact our Data Protection Officer:

Email: info@ecbothk.com

Phone/WhatsApp: +852 9587 8207