Privacy Policy

Shamillaa ("we", "us", or "our") is the data controller responsible for your personal information collected through our website (shamillaa.com) and related services. If you have any questions about this Privacy Policy or our data practices, you can contact us at service@shamillaa.com.

2.1 Information You Provide

When you create an account, make a purchase, sign up for our newsletter, or contact customer support, we may collect: name, email address, shipping and billing address, phone number, payment card details (processed securely by our payment provider), and account credentials.

2.2 Information Collected Automatically

With your consent, when you visit our website, we may automatically collect: device type and screen resolution, browser type and version, operating system, IP address, pages visited and time spent, referral source and landing page, language and timezone, and anonymous visitor/session identifiers.

2.3 Cookies and Similar Technologies

We use cookies, localStorage, and sessionStorage to operate our website, analyze traffic, and support marketing campaigns. For detailed information about the specific cookies we use, please see our Cookie Policy. You can manage your cookie preferences at any time via the "Cookie Settings" link in our website footer.

We use your personal information for the following purposes:

• Order Processing: To process and fulfill your orders, manage payments, and arrange delivery.
• Account Management: To create and manage your account, authenticate your identity, and provide customer support.
• Communications: To send order confirmations, shipping updates, and respond to your inquiries.
• Marketing (with consent): To send promotional communications about our products, offers, and events. You can opt out at any time.
• Analytics (with consent): To understand how visitors use our website, optimize our user experience, and improve our services.
• Legal Compliance: To comply with applicable laws, regulations, and legal proceedings.

We process your personal data based on the following legal grounds under the GDPR:

• Contract Performance (Article 6(1)(b)): Processing necessary to fulfill your orders and manage your account.
• Consent (Article 6(1)(a)): For analytics cookies, marketing cookies, and email marketing. You can withdraw consent at any time.
• Legitimate Interest (Article 6(1)(f)): For website security, fraud prevention, and basic site operation analytics.
• Legal Obligation (Article 6(1)(c)): For tax records, regulatory compliance, and responding to legal requests.

We do not sell your personal information. We may share your information with trusted third-party service providers who assist us in operating our business:

• Payment Processors: To securely process your transactions.
• Shipping Partners: To fulfill and deliver your orders.
• Analytics Services: To help us understand website usage (only with your consent).
• Email Service Providers: To send transactional and marketing emails.

All third parties are contractually required to protect your data and use it only for the specific purpose for which it was shared.

Some of our service providers may process your data outside of your country of residence. When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected: Order data is retained for 7 years (tax and legal obligations). Account data is retained until you delete your account. Cookie consent records are retained for a minimum of 6 months (GDPR compliance). Analytics data is retained in anonymized form for up to 26 months. Marketing preferences are retained until you withdraw consent.

We implement appropriate technical and organizational measures to protect your personal information, including: encryption of data in transit (TLS 1.3), secure password hashing (PBKDF2/BCrypt), access controls and authentication, regular security reviews, and secure payment processing through certified payment providers. While we strive to protect your data, no method of transmission over the Internet is 100% secure.

Under applicable data protection laws (GDPR, UK GDPR, China PIPL), you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data (subject to legal retention requirements).
• Right to Restrict Processing: Request limitation of how we process your data.
• Right to Data Portability: Receive your data in a structured, commonly used format.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw any previously given consent at any time.

To exercise any of these rights, please contact us at service@shamillaa.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you have an account) or by placing a prominent notice on our website. The 'Last Updated' date at the top of this page indicates when this policy was last revised.

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us:

• Email: service@shamillaa.com
• Website: shamillaa.com/contact