Privacy Policy

THINTIME LIMITED is dedicated to protecting your privacy while providing transparent, sustainable fashion. This notice explains how we handle your personal information in compliance with global privacy laws.

A. Our Commitment to Privacy

At THINTIME LIMITED, we view privacy as a fundamental right. We collect only the data necessary to provide our services and never share it for purposes unrelated to your shopping experience without explicit consent.

B. What Information Do We Collect?

Directly from You:

  • Purchase Details: Name, address, email, phone number, and payment information (processed via Stripe, a PCI-DSS compliant provider).
  • Account Data: When you register, we collect your username, password (encrypted), and preferences (e.g., size, style interests).
  • Communications: Records of emails, chats, or calls with our customer service team (stored for quality assurance).

Automatically Collected:

  • Device and Usage Data: IP address, browser type, operating system, and interactions with our site (e.g., products viewed, cart activity) via cookies, web beacons, and analytics tools .
  • Location Data: Approximate location based on IP address (used to suggest local shipping options; you can disable this in your device settings).

C. Legal Basis for Processing (GDPR Applicable)

For EU residents, we process data based on:

  • Your consent (e.g., for marketing communications).
  • Performance of a contract (e.g., processing orders).
  • Legitimate interests (e.g., fraud prevention, service improvement).
  • Legal obligations (e.g., tax and accounting requirements).

D. How Long We Keep Your Data

  • Purchase Records: Retained for 7 years to comply with tax laws.
  • Account Information: Kept until you delete your account (with the option to anonymize data afterward).
  • Marketing Data: Retained until you opt out, plus 60 days to process your request.
  • Analytics Data: Anonymized after 12 months.

E. Your Rights Under Privacy Laws

For All Users:

  • Access: Request a free copy of your data.
  • Rectification: Correct inaccurate information.
  • Erasure: Request deletion of your data (subject to legal exceptions).

For EU Residents (GDPR):

  • Restriction of Processing: Temporarily limit how we use your data.
  • Data Portability: Receive your data in a machine-readable format.
  • Withdraw Consent: At any time (e.g., for marketing), with no impact on previous processing.

F. Third-Party Links and Services

Our website may contain links to third-party sites (e.g., social media, payment processors). These sites have their own privacy policies, and we are not responsible for their practices. We recommend reviewing their policies before providing data.

G. Security Measures

To protect your data:

  • We use end-to-end encryption for all transactions.
  • Our servers are hosted in secure, SOC 2-compliant data centers.
  • We conduct annual penetration testing and require multi-factor authentication for staff accessing sensitive data.