Privacy Policy

Last updated: April 2025

This Privacy Policy describes how Impimo Jewels ("we", "us", or "our") collects, uses, and shares your personal information when you visit or make a purchase from impimo.com (the "Site"). We are committed to protecting your privacy in accordance with Thailand's Personal Data Protection Act B.E. 2562 (PDPA).

1. Data Controller

Impimo Jewels is the data controller responsible for your personal data collected through this Site. For privacy-related enquiries, please contact us at info@impimo.com.

2. Personal Information We Collect

When you make a purchase or register on the Site, we collect:

Identity data: name, email address, phone number
Transaction data: billing address, shipping address, order history, payment method (we do not store full card details — payment processing is handled by our secure payment provider)
Technical data: IP address, browser type, device identifiers, pages visited, referring URLs, time and date of visit
Communications data: messages you send us via email, LINE OA, or contact form

3. Lawful Basis for Processing

We process your personal data on the following lawful bases under the PDPA:

Contract performance — to process orders, arrange delivery, and provide after-sales support
Legitimate interests — to prevent fraud, improve our website and services, and send service-related communications
Consent — for marketing emails and cookies (where required). You may withdraw consent at any time
Legal obligation — to comply with applicable Thai law

4. How We Use Your Information

Fulfil and deliver your orders
Process payments and prevent fraudulent transactions
Send transactional emails (order confirmations, shipping updates)
Send marketing emails (with your consent — you may unsubscribe at any time)
Improve our website, products, and customer experience
Comply with legal and regulatory requirements

5. Cookies

We use cookies and similar tracking technologies to personalise your experience and analyse site traffic. These include:

Essential cookies — required for the site to function (e.g., shopping cart, session management)
Analytics cookies — help us understand how visitors use the site (e.g., Google Analytics)
Marketing cookies — used to deliver relevant advertisements (e.g., Meta Pixel, TikTok Pixel)

You can control cookies through your browser settings. Disabling certain cookies may affect site functionality. Where required by law, we obtain your consent before placing non-essential cookies.

6. Data Sharing

We do not sell your personal data. We may share your data with trusted third parties solely to operate the Site and fulfil orders, including:

Payment processors (e.g., Stripe, Omise, PromptPay gateway)
Logistics and delivery providers (Thai courier services)
Email and marketing platforms (e.g., Klaviyo, Mailchimp)
Analytics providers (Google Analytics)
Platform services (Shopify Inc., which hosts the Site)

All third-party processors are required to handle your data in accordance with applicable privacy law.

7. Cross-Border Data Transfers

Some of our service providers (including Shopify Inc., based in Canada) process data outside of Thailand. Where data is transferred internationally, we ensure appropriate safeguards are in place consistent with the PDPA requirements.

8. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including:

Order records: 5 years (to comply with Thai accounting and tax law)
Customer account data: for the duration of your account plus 2 years after last activity
Marketing preferences: until you unsubscribe or withdraw consent
Technical/log data: up to 12 months

9. Your Rights Under the PDPA

As a data subject under Thailand's PDPA, you have the right to:

Access — request a copy of the personal data we hold about you
Rectification — request correction of inaccurate or incomplete data
Erasure — request deletion of your data (subject to legal obligations)
Restriction — request that we restrict processing of your data in certain circumstances
Data portability — receive your data in a structured, machine-readable format
Objection — object to processing based on legitimate interests or for direct marketing
Withdraw consent — withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at info@impimo.com. We will respond within 30 days.

10. Data Security

We implement technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. All transactions are encrypted using SSL/TLS technology. Our Site is hosted on Shopify, which maintains PCI-DSS compliance for payment data.

11. Children's Privacy

Our Site is not directed at children under 20 years of age (the age of majority in Thailand). We do not knowingly collect personal data from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised "Last updated" date. We encourage you to review this policy periodically.