Privacy policy
This Privacy Policy ("Policy") describes how Laiya Home ("Company," "we," "us," or "our") collects, uses, shares, and protects your personal information when you access or use our website, including our online store hosted on Shopify (the "Site"), and any related services, features, content, products, or applications (collectively, the "Services"). We are committed to protecting your privacy and handling your data in compliance with applicable laws, including the General Data Protection Regulation (GDPR) in the European Union (EU) and United Kingdom (UK), the Swiss Federal Act on Data Protection (FADP), the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other relevant data protection laws worldwide.Given that our Services are accessible globally, with a primary focus on users in Europe, this Policy emphasizes GDPR compliance while addressing rights under other jurisdictions. If you are in a region with specific data protection laws, additional rights may apply as outlined below.
BY USING THE SERVICES, YOU CONSENT TO THE PRACTICES DESCRIBED IN THIS POLICY. IF YOU DO NOT AGREE, DO NOT USE THE SERVICES.We may update this Policy at any time. We will post the revised Policy on the Site and update the "Last Updated" date. Material changes will be notified where required by law (e.g., via email for GDPR-covered users). Your continued use constitutes acceptance. Review this Policy periodically.Last Updated: January 16, 2026
1. Information We CollectWe collect personal information you provide directly, automatically through your use of the Services, and from third parties. "Personal information" means data that identifies or relates to you, as defined under applicable laws (e.g., "personal data" under GDPR).1.1 Information You Provide
- Account and Order Data: Name, email, shipping/billing address, phone number, payment details (processed securely via Shopify or third-party processors; we do not store full card information), and order history.
- Communications: Newsletter subscriptions, inquiries, surveys, reviews, feedback, or support requests.
- User Content: Reviews, comments, photos, or other submissions via the Services.
- Device and Usage Data: IP address, browser type, operating system, device identifiers, pages viewed, time spent, referral sources, and interactions (collected via cookies, pixels, logs, or similar technologies).
- Location Data: Approximate location inferred from IP address (not precise geolocation unless consented to).
- Analytics: Aggregated usage statistics via tools like Google Analytics or Shopify analytics.
- Payment Processors: Transaction confirmations and status.
- Marketing Partners: Data from ads or referrals (e.g., if you click through from a partner site).
- Social Media: If you connect, login, or share via social platforms (e.g., profile data).
2. How We Use Your InformationWe use your information for legitimate business purposes, including:
- Providing and Improving Services: Processing orders, managing Accounts, fulfilling shipments, handling returns/refunds, providing customer support, personalizing experiences, and enhancing Site functionality.
- Communications: Sending transactional emails (e.g., order confirmations, shipping updates) and, with consent, marketing communications (e.g., newsletters, promotions, surveys).
- Analytics and Optimization: Analyzing usage patterns, detecting fraud/abuse, and improving products/services.
- Marketing and Advertising: Delivering targeted ads, retargeting, and measuring campaign effectiveness (e.g., via cookies).
- Legal and Compliance: Complying with laws, responding to legal requests, enforcing our Terms, and protecting rights, property, or safety.
- Aggregated/ Anonymized Data: Creating de-identified insights for business analysis or sharing with partners.
- Contract performance (Article 6(1)(b) GDPR): For orders, Accounts, and service delivery.
- Consent (Article 6(1)(a) GDPR): For marketing, non-essential cookies, or optional features (withdrawable at any time).
- Legitimate interests (Article 6(1)(f) GDPR): For analytics, fraud prevention, and direct marketing (balanced against your rights; you may object).
- Legal obligations (Article 6(1)(c) GDPR): For tax, accounting, or regulatory compliance.
3. Sharing Your Information
We share information only as necessary and with safeguards:
- Service Providers: Vendors like Shopify (hosting, payments, analytics), shipping carriers (e.g., for delivery), marketing tools (e.g., Mailchimp), and IT/security providers—all contractually bound to confidentiality and data protection standards (e.g., via data processing agreements under GDPR Article 28).
- Affiliates and Partners: For joint services or promotions, subject to similar protections.
- Legal/Regulatory Authorities: If required by law, court order, or to defend legal claims (e.g., fraud investigations).
- Business Transfers: In connection with mergers, acquisitions, or sales (with notice and consent where required by law).
- With Your Consent: As directed by you (e.g., sharing reviews publicly).
4. Data SecurityWe implement appropriate technical, organizational, and administrative measures to protect your data, including encryption (e.g., SSL/TLS for transmissions), access controls, regular audits, and compliance with standards like PCI-DSS for payments. However, no system is impenetrable; we cannot guarantee absolute security. In the event of a data breach, we will notify affected individuals and authorities as required (e.g., within 72 hours under GDPR Article 33).Report suspected incidents to support@laiyahome.com.
5. Data Retention
We retain personal information only as long as necessary for the purposes described, or as required by law (e.g., 7 years for financial records under tax laws). Criteria include contractual needs, legal obligations, and dispute resolution. When no longer needed, we securely delete or anonymize data. For GDPR, retention periods are documented and available upon request.
6. Your Rights and Choices
You have rights regarding your personal information, varying by jurisdiction. To exercise them, contact us at support@laiyahome.com with "Privacy Request" in the subject line. We will verify your identity and respond within statutory timelines (e.g., 1 month under GDPR, extendable; 45 days under CCPA, extendable).Global Choices:
- Opt-Out of Marketing: Unsubscribe via email links or contact us (does not affect transactional communications).
- Cookies: Manage via browser settings or our cookie banner (see Cookie Policy).
- Do Not Track: We honor opt-outs but do not currently respond to browser DNT signals.
- Withdraw Consent: For consent-based processing, without affecting prior lawfulness.
- Access (Article 15 GDPR): Obtain a copy of your data.
- Rectification (Article 16): Correct inaccurate data.
- Erasure ("right to be forgotten," Article 17): Delete data in certain cases (e.g., no longer necessary).
- Restriction (Article 18): Limit processing pending verification.
- Objection (Article 21): Object to processing based on legitimate interests or direct marketing.
- Data Portability (Article 20): Receive data in a structured format for transfer.
- Automated Decisions (Article 22): Not be subject to solely automated decisions with legal effects (we do not engage in such).
No fee for requests unless manifestly unfounded/excessive.
- Know/Access: Details on data collected, sources, purposes, and sharing.
- Delete: Request deletion (subject to exceptions).
- Opt-Out of Sales/Sharing: We do not sell/share for cross-context behavioral advertising, but you may opt-out if applicable.
- Limit Sensitive Data: We do not process sensitive data for inferred characteristics.
- Non-Discrimination: No retaliation for exercising rights.
We respond to verified requests; agents may submit with authorization.
7. Children's Privacy
Our Services are not directed to individuals under 16 years of age (or higher where required). We do not knowingly collect their data. If we become aware of such collection without verifiable parental consent, we will delete it promptly. Parents/guardians: Contact us for removal.
8. International Data Transfers
Our operations are based in Canada, recognized as adequate by the EU Commission (adequacy decision for PIPEDA). Data may be transferred to and processed in Canada, the US (e.g., via Shopify or Google), or other countries. For transfers from the EU/UK/Switzerland to non-adequate countries, we implement safeguards such as EU Standard Contractual Clauses (SCCs), UK International Data Transfer Agreements (IDTAs), or equivalent mechanisms, plus supplementary measures (e.g., encryption). Binding Corporate Rules may apply for intra-group transfers. Details and copies available upon request under GDPR Article 13(1)(f).
9. Third-Party Links and Services
The Site may contain links to third-party sites or services (e.g., social media, payment gateways). We are not responsible for their privacy practices. Review their policies before interacting.
10. Cookies and Tracking
We use cookies and similar technologies for functionality, analytics, and marketing. See our separate Cookie Policy for details, including types, purposes, and management options. For GDPR, non-essential cookies require consent via our banner.
11. Complaints and Supervisory Authorities
If you believe we have not handled your data appropriately, contact us first. You may also lodge a complaint with your local supervisory authority (e.g., Information Commissioner's Office in the UK, a national Data Protection Authority in the EU, Office of the Privacy Commissioner in Canada, or California Privacy Protection Agency in the US).
12. Contact Us
For questions, requests, or concerns:
Laiya Home
Email: support@laiyahome.com (use "Privacy Request" or "Legal Inquiry" in subject). We are the data controller for your personal information. For joint controllership (e.g., with Shopify), see their privacy policy.
Laiya Home
Email: support@laiyahome.com (use "Privacy Request" or "Legal Inquiry" in subject). We are the data controller for your personal information. For joint controllership (e.g., with Shopify), see their privacy policy.