Privacy & Cookies Policy


Privacy Policy

Last updated: 25 Apr 2025

1. Who we are

This privacy notice is issued by FARO DIGITAL LAB, owner of the website www.formosadoll.com, based in HONG KONG SAR.

Although we are based outside the European Union, we process data of EU residents and fully comply with Regulation (EU) 2016/679 (GDPR) and Regulation (EU) 524/2013 regarding online dispute resolution.

For any privacy-related questions, contact us at: support@formosadoll.com

2. Types of personal data we collect

We may collect and process the following personal data:

  • First and last name
  • Email address
  • Phone number (optional)
  • Shipping address
  • Payment data (not stored, processed via Shopify Payments, Stripe, PayPal)
  • Browsing data (IP address, device, browser)
  • Order history
  • Cookie preferences and consent logs

Information We Collect & How We Use It

We collect personal information from you when you:

  • Make a purchase through our website

  • Subscribe to our newsletter via the email box on our homepage

  • Fill out any online forms or contact forms on our site

While you can browse our website anonymously, certain services (like placing an order or contacting us) require that you provide relevant personal information.

We only collect data necessary to complete your requested interaction with Formosa Doll, and your information is used strictly for the following purposes:

  • To process and fulfill your order

  • To respond to your inquiries or customer service requests

  • To send occasional emails with sales, promotions, or new product updates (only if you’ve opted in)

  • To improve our website experience and functionality

  • To enhance our customer support and overall service

We do not sell, rent, exchange, or otherwise transfer your personal information to outside parties, except as necessary to fulfill your order (e.g. payment processors, shipping partners). Your data is handled with care and confidentiality.

We collect data directly from you (e.g. when you place an order), automatically via tracking tools (e.g. cookies, pixels), and from third-party services we work with (e.g. payment processors, analytics platforms).

3. Purposes and legal basis of processing

We process your data for the following purposes, each with a clearly defined legal basis under Article 6 of the GDPR:

4. How we process your data

Your data is processed using secure electronic systems, with appropriate technical and organisational safeguards in place, such as encryption, firewall protection, and access control.

We take data protection seriously and implement industry-standard security measures, including:

  • SSL (Secure Socket Layer) encryption across the entire website
  • Secure payment gateways that are PCI-DSS compliant (Shopify Payments, Stripe, PayPal)
  • Role-based access control for admin panels
  • Two-factor authentication (2FA) on admin accounts where supported
  • Regular platform-level security updates managed by Shopify
  • Daily encrypted backups in geographically distributed data centres

Shopify, as our service provider, ensures the underlying infrastructure complies with recognised security frameworks, including SOC 2 and ISO/IEC 27001 standards.

In some cases, we may use automated tools (such as chatbots and machine learning systems) to improve customer service and personalise the experience. These systems are designed to operate with minimal personal data and follow strict access and retention policies.

5. Mandatory or optional nature of data provision

Providing your personal data is mandatory for contractual purposes (e.g. orders, deliveries).

Providing it for marketing or profiling purposes is optional and subject to your explicit consent.

6. Data sharing with third parties

We may also share pseudonymised data with marketing and analytics partners, such as Meta and Google, for the purposes of audience creation, campaign optimisation, and interest-based advertising.

  • Shopify Inc. (e-commerce platform and hosting provider)
  • Google LLC (Analytics and Ads)
  • Courier services (e.g. DHL, UPS) for order delivery
  • Legal and accounting consultants (when required by law)

All partners are contractually bound or adhere to Standard Contractual Clauses (SCC).

7. Transfers outside the EU

As we are located outside the EU, your data may be processed in countries such as Hong Kong or the USA.

In all cases, transfers are safeguarded through Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent measures.

8. Data retention

Type of data Retention period

Invoicing and contracts 10 years (legal requirement)

Orders and shipments 24 months

Technical/cookie data 13 months (unless revoked)

Consent logs Until withdrawal + 5 years

9. Your rights

You have the right to:

  • Access, correct or delete your personal data
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time
  • File a complaint with the Data Protection Authority of your country

To exercise your rights, write to us at support@formosadoll.com

10. Minors

Our services are not intended for individuals under the age of 18. We do not knowingly collect data from minors. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to request deletion.

11. Online Dispute Resolution (ODR – EU only)

In compliance with Regulation (EU) 524/2013, EU consumers are informed that an online dispute resolution platform is available at:

https://ec.europa.eu/consumers/odr

You may use it to resolve disputes relating to online purchases in a non-judicial manner.

12. Users from the United Kingdom

For individuals located in the United Kingdom, we process personal data in compliance with the UK General Data Protection Regulation (UK GDPR). Where your data is transferred outside of the UK, we rely on the International Data Transfer Agreement (IDTA) or the UK Addendum to the Standard Contractual Clauses, as applicable.

If you are based in the UK and have any concerns regarding your personal data, you may also lodge a complaint with the Information Commissioner's Office (ICO):

https://ico.org.uk

13. Data breaches

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay and, where required, affected individuals in accordance with Articles 33 and 34 of the GDPR.

Cookie Policy 

Last updated: 25 Apr 2025

1. What are cookies?

Cookies are small text files sent to your device to enhance your browsing experience, collect statistics, and personalise content and advertisements.

We may also use tracking technologies such as pixels, tags, scripts, and software development kits (SDKs) alongside cookies to understand how users interact with our site and advertising.

2. Types of cookies we use

Our website uses cookies to distinguish you from other users and to better understand how our site is used.

Cookies help us to:

  • Estimate the size of our audience and understand how visitors use our site
  • Remember your preferences and customize your experience accordingly
  • Speed up your browsing and searches
  • Recognize you when you return to the site
  • These cookies allow us to enhance your experience and show you content that’s more relevant to your interests.

We use the following categories of cookies on our website: 

  • Essential cookies: Required for basic site functionality, such as shopping cart, checkout, and language preferences. While not mandatory for accessing the website, disabling these cookies may cause certain features, including checkout and account access, to malfunction. Required for basic site functionality (e.g. cart, login, language preferences)
  • Analytics cookies: Used to collect anonymous visit data (e.g. Google Analytics with IP anonymisation)
  • Advertising cookies: Used by Google Ads to show personalised advertisements
  • Third-party cookies: Set by external providers (e.g. Google)

3. Consent and management

You are not required to accept cookies to browse our site. However, certain features (such as placing products in your shopping cart or completing an order) may not function properly without them.

Upon accessing the site, a banner will allow you to:

  • Accept all cookies
  • Reject non-essential cookies
  • Customise your preferences

You can modify your consent at any time by clicking the "Cookie Preferences" link in the website footer.

4. Cookie duration

Cookies have varying lifespans, up to a maximum of 13 months. Essential cookies may only be deleted manually via browser settings.

5. Third-party services used

  • Google Analytics 4: With IP anonymisation and aggregated tracking
  • Google Ads: For remarketing and conversion tracking, subject to consent

6. Disabling cookies via browser

Most browsers allow you to delete or block cookies. Instructions are available on the official sites of Chrome, Firefox, Safari, Edge, etc.

7. Updates to the Cookie Policy

We reserve the right to update this notice. Any changes will be published on this page with the updated date.