Privacy Policy

Effective Date: 03 February 2026

1. Scope & Regulatory Compliance

This Privacy Policy describes how Stellaire Atelier (“we”, “us”, “our”) collects, uses, discloses, and protects personal data when you access our website or purchase our products.

This policy is intended to comply with applicable data protection laws, including:

  • Malaysian Personal Data Protection Act 2010 (PDPA)

  • EU & UK General Data Protection Regulation (GDPR)

  • Applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA/CPRA)

2. Data Controller

Stellaire Atelier acts as the data controller for personal data collected through this website, as we determine the purposes and means of processing such data.

We use third-party service providers, including Shopify, PayPal, and HitPay, as data processors to process personal data on our behalf and in accordance with our instructions and applicable law.

3. Personal Data We Collect

We may collect the following categories of personal data:

  • Identity data (name, username)

  • Contact data (email address, billing and shipping address, phone number)

  • Transaction data (orders, refunds, payment status)

  • Payment data (processed securely by PayPal, HitPay, or other payment providers; we do not store full card numbers)

  • Technical data (IP address, device type, browser, operating system)

  • Usage and analytics data

  • Marketing and communication preferences

4. How Personal Data Is Collected

Personal data is collected through:

  • Direct interactions (checkout, account creation, customer communications)

  • Automated technologies (cookies, pixels, server logs)

  • Third-party platforms (Shopify, payment gateways, analytics and marketing tools)

5. Legal Basis for Processing (EU/UK)

Where applicable, we process personal data based on:

  • Performance of a contract (order fulfillment)

  • Legitimate business interests (fraud prevention, service improvement)

  • Legal obligations (tax, accounting, regulatory compliance)

  • Consent (marketing communications and non-essential cookies)

6. How We Use Personal Data

We use personal data to:

  • Process and fulfil orders

  • Communicate order updates and provide customer support

  • Process payments and prevent fraud

  • Improve website functionality and performance

  • Send marketing communications where legally permitted

  • Comply with legal and regulatory obligations

7. Cookies & Tracking Technologies

Our website uses cookies and similar technologies provided by Shopify and integrated third-party services.

Cookie categories include:

  • Essential cookies: Required for site operation, security, checkout, and account access

  • Analytics cookies: Used to understand website usage and improve performance

  • Marketing cookies: Used for advertising and remarketing, where applicable

Where required by law (EU/UK), non-essential cookies are used only after consent via a cookie banner. Records of cookie consent are maintained where legally required. You may manage cookies through your browser settings; disabling cookies may affect site functionality.

8. Data Sharing & Third Parties

We may share personal data with trusted third parties strictly for operational purposes, including:

  • Shopify (e-commerce platform)

  • PayPal and HitPay (payment processing)

  • Logistics and shipping providers

  • Analytics and marketing service providers

All service providers are contractually required to protect personal data and process it in accordance with applicable laws.

We do not sell or rent personal data as defined under the CCPA/CPRA.

9. International Data Transfers

Personal data may be transferred to and processed in countries outside your country of residence. Where required, appropriate safeguards (such as standard contractual clauses) are implemented.

10. Data Retention

Personal data is retained only for as long as necessary to fulfil business, legal, and regulatory purposes. Order and transaction records are generally retained for the period required under applicable tax and accounting laws, after which data is securely deleted or anonymised unless further retention is legally required.

11. Data Security

We implement reasonable technical and organisational measures to protect personal data. However, no method of transmission or storage is completely secure, and absolute security cannot be guaranteed.

12. Your Rights

Depending on your jurisdiction, you may have the right to request access to, correction of, deletion of, restriction of processing of, or portability of your personal data, or to withdraw consent where processing is based on consent.

Requests may be submitted to:
📧 stellaire_atelier@hotmail.com

13. Children’s Privacy

Our website is not intended for individuals under the age of 18. We do not knowingly collect personal data from children.

14. Updates to This Policy

We may update this Privacy Policy from time to time. Continued use of the website after updates indicates acceptance of the revised policy.