Leaftreasures Privacy Policy

Effective date : March 1, 2024
Last updated : March 1, 2024

introduction

Leaftreasures Privacy Policy

When you use our services, you trust us with your information.

We understand this is a big responsibility, so we work hard to protect your information and put you in control.

Leaftreasures (hereinafter referred to as “we”) respects and protects the personal information security of users (hereinafter referred to as “you”).

leaftreasures Privacy Policy details how we collect, use, store, share and protect your personal information, as well as your rights.

Please read this policy carefully and confirm that you understand and agree to the content of leaftreasures Privacy Policy before using our website (https://www.leaftreasures.com) and related services.

Leaftreasures Privacy Policy definition :

  • Personal information : refers to all kinds of information related to an identified or identifiable natural person recorded electronically or otherwise, excluding information that has been anonymized.
  • Sensitive personal information : refers to personal information that, if leaked or used illegally, may lead to discriminatory treatment of you or serious harm to your personal or property safety, such as biometrics, religious beliefs, specific identities, medical health, financial accounts, etc.
leaftreasures Privacy Policy

1.Scope of application of the Leaftreasures Privacy Policy

Leaftreasures Privacy Policy applies to the processing of personal information generated when you interact with us in the following ways:

  • access or use our website (including mobile-adapted pages);
  • Email : leaftreasures@gmail.com;
  • WhatsApp service number: +44 7706 177174;
  • WhatsApp Business Number: +1 555-720-5098)
  • Offline address : 9 Victoria Rd, Berry Hill Rd, Stoke-on-Trent, England
  • Participate in our marketing activities, surveys or customer service;
  • Purchase our products or services (including online payment and logistics delivery).
  • Account management: register/log in to an account, modify personal information, bind to a third-party platform (such as quick login with Google/Facebook account) or set privacy preferences.

Exceptions:

If you access or use our services through a third-party platform (such as a social media advertising link, PayPal payment page, DHL logistics tracking system), the privacy policy of the relevant third party will apply independently.

For example, when you click on an ad on Facebook to jump to our website, Facebook may collect your browsing data in accordance with its policy; or when you use PayPal to pay, PayPal will process your payment information in accordance with its terms. We recommend that you carefully read the privacy terms of a third party before authorizing it to process your personal information, and you can confirm the scope of data sharing in a specific scenario with us through the contact information provided in Section 17 of leaftreasures Privacy Policy.

2.How Leaftreasures collect your personal information

2.1 Information You Voluntarily Provide

In the following scenarios, you need to actively provide us with personal information to complete specific functions:

  • Register an account : fill in your name, email address, and password (if you choose to log in using an account);
  • To place an order : provide the recipient’s name, contact number, detailed address, and payment information (such as credit card number, third-party payment account);
  • Customer Service : When submitting inquiries via email or WhatsApp, you may include the order number, problem description and relevant screenshots;
  • Participation in activities : When registering for a lottery or questionnaire, you may be required to provide non-essential information such as age, occupation, interest preferences, etc.

2.2 Information Leaftreasures Passively Collect

When you use our services, we will automatically collect the following information through technical means:

  • Device information : IP address, device model, operating system version, browser type, screen resolution;
  • Behavior logs : access time, pages viewed, clickstream data, search keywords, and duration of stay;
  • Location information : approximate geographic location (e.g., country/city) inferred from IP address or GPS (with your permission);
  • Cookies and tracking technologies : Use technologies such as cookies and pixel tags (Web Beacons) to record your browsing preferences for optimizing website experience and advertising (see Article 8 for details).

3.Types of Personal Information Leaftreasures Collect

3.1 Basic Personal Information

  • Name, email address, contact number, mailing address;
  • Account password (encrypted storage), social media account (if you choose to log in through Facebook/Google).

3.2 Payment and Financial Information

  • Credit card number, expiration date, security code (only processed by third-party payment institutions during the payment process, we do not store the full card number);
  • Third-party payment account (such as PayPal, Stripe, mobile phone number or email address bound to App Pay , etc. ).

3.3 Device and behavior information

  • Unique device identifier (such as IMEI, MAC address), browser fingerprint;
  • Order history, shopping cart contents, and page access paths.

3.4 Sensitive Personal Information

We only process your sensitive personal information in the following scenarios and will obtain your explicit consent separately:

  • Biometrics : If facial recognition payment or account login functions are introduced in the future;
  • Health information : If you are required to provide specific health information when purchasing healthcare products.

4.How Leaftreasures use your personal information

4.1 Providing and improving services

  • Processing orders, shipments and after-sales refunds;
  • Verify user identity and prevent fraudulent transactions;
  • Recommend related products based on your browsing history (e.g. if you viewed “herbarium box”, similar products will be displayed);
  • Optimize website performance (such as adjusting server load according to visit peaks).

4.2 Legal compliance and security maintenance

  • To respond to legal requirements (e.g., tax reporting, anti-money laundering investigations);
  • Monitor abnormal login behavior and protect account security;
  • Prevent malicious attacks (such as DDoS attacks and data leaks).

4.3 Leaftreasures Marketing and Promotion

  • Send promotional emails or WhatsApp messages (you can unsubscribe at any time via the “unsubscribe” link);
  • Advertisements are placed on third-party platforms (such as Google and Facebook), but your personal information will not be directly shared with advertisers.

5. How Leaftreasures share your personal information

5.1 Third-party service providers

We only share your information with the following types of partners to the extent necessary:

  • Logistics companies : DHL, Royal Mail and other major logistics companies around the world only share the consignee’s name, address and contact number;
  • Payment institutions : Stripe, PayPal, etc., only share the order amount and payment status;
  • Customer service system : Zendesk (for managing email and WhatsApp consultations);
  • Data analysis tool : Google Analytics (used to count website traffic, the data has been anonymized).

5.2 Legal requirements or public interest

We may disclose your information in the following circumstances:

  • In response to a subpoena, government investigation, or law enforcement request;
  • Protect the life and property of us or other users (e.g., prevent suicide and fraud);
  • In the event of a merger, acquisition or asset transfer, to a third party to disclose information necessary to continue to provide services.

5.3 Sharing with Affiliates

If we establish subsidiaries or branches (such as setting up offices in China or the United States in the future), we may share your information to coordinate global business, but we will require related parties to comply with the same confidentiality obligations.

leaftreasures Privacy Policy

6. Cross-border data transfer

6.1 Data Storage Location

Your personal information is mainly stored in the following areas:

  • European Economic Area (EEA): The website server is located in Frankfurt, Germany;
  • United States: Payment data is processed by Stripe and stored in its compliance data center;
  • China: When users communicate through WhatsApp, messages may be transmitted through a node in Hong Kong, China.
  • Other countries: Messages may be transmitted via nodes supported by the corresponding country .

6.2 Compliance Safeguards

When transferring data across borders, we take the following measures to ensure security:

  • Entering into EU Standard Contractual Clauses (SCCs) with third parties;
  • Require US partners to be Privacy Shield certified;
  • Encrypt transmitted data (such as TLS 1.3 protocol).

7. Your rights regarding your personal information

Under applicable law, you have the following rights:

7.1 Access and correction

  • Online self-service modification: After logging into your account, update your name, email address, delivery address, contact number and other basic information in real time in the “Personal Center”;
  • Historical data acquisition: Request a copy of your order history, payment voucher, and device access log (such as IP address, browsing time) via email (leaftreasures@gmail.com), and we will provide it in encrypted email within 7 working days;
  • Information accuracy verification: If you find that the information we process is wrong (such as a misspelled address that causes a delivery failure), you can request an immediate correction and synchronize the update to the associated logistics partner system.

7.2 Deletion and cancellation

You may request deletion of information if any of the following circumstances are met:

  • We no longer need to retain the information to perform the contract (e.g. more than 7 years after the order is completed);
  • You withdraw your consent to the processing (e.g. unsubscribe from marketing emails) and we cannot continue to process it based on other lawful grounds (e.g. legal obligations);
  • We breach the law or this policy (e.g. share your information with third-party advertisers without consent).

Send an email to leaftreasures@gmail.com with the title “Account Cancellation Application” and attach the account registration email or order number to verify your identity.

We will:

  • Delete all identifiable information associated with your account (retain anonymized transaction data for financial audits);
  • Notify associated service providers (such as payment institutions, logistics companies) to stop processing your data;
  • Confirm the cancellation via email and provide the cancellation certificate (such as an encrypted deletion record summary).

7.3 Restriction and opposition

  • Restriction of processing: If you believe that the information we process is inaccurate, illegal, or you need to retain the information to file a legal claim, you can request temporary restriction of processing (such as suspending personalized recommendations). During this period, we can only store the information and not perform other operations;
  • Oppose automated decision-making: If we make a decision that significantly affects you (such as refusing to provide discounts) based on an algorithm (such as recommending products based on browsing history), you have the right to request manual review and explain the decision logic;
  • Right to data portability: If technically feasible and without infringing the rights of others, you can request to export structured, commonly used personal information (such as order lists, delivery address libraries) in CSV or JSON format and transfer it to other data controllers designated by you (such as competitor platforms).

7.4 Withdrawal of consent

  • Sensitive information processing: If you have authorized us to process sensitive information such as biometrics (such as the introduction of face payment in the future), health data (such as customized plant nutrients that require allergy information), etc., you can withdraw your consent at any time by email, and we will stop processing and delete the relevant data within 48 hours;
  • Withdrawal of cross-border transmission: If you have agreed to transfer information to countries outside the EU/US (such as setting up a data center in India in the future), you can withdraw your consent, and we will immediately stop the transmission and require the overseas recipient to delete the received data (if technically feasible).

7.5 Complaints and reporting

  • Complaints to regulators: If you believe that we have violated this policy or applicable laws, you may complain to the following agencies:
  • UK users: UK Information Commissioner’s Office (ICO), submit a form on the official website (https://ico.org.uk/make-a-complaint/);
  • China users: China Cyberspace Administration of China (CAC), make an online complaint through the “12321 Network Bad and Spam Reporting and Acceptance Center”;
  • EU users: the data protection authority of your member state (such as CNIL in France and BfDI in Germany).
  • Internal complaint channel: Contact our Data Protection Officer (DPO) by sending an email to leaftreasures@gmail.com, with the title “DPO complaint” and attaching a specific description of the problem and evidence (such as screenshots, email records).

7.6 Restrictions on the exercise of rights

  • Legal exemptions: We may deny some requests (such as deleting order records involving tax fraud) if exercising rights would interfere with national security, public safety, criminal investigation or the legitimate rights and interests of others.
  • Technical limitations: If the data is completely anonymized or cannot identify you individually (such as statistical data in aggregated analysis reports), access, correction or deletion requests cannot be supported.
  • Frequent requests: If you repeatedly make the same request within 12 months (such as requesting a full order history export once a month), we may charge a reasonable fee to cover administrative costs.
  • Verification of exercising rights: To prevent information leakage, we may ask you to provide proof of identity (such as a passport scan, order number) or receive a verification code through your registered mobile phone number to ensure that the request is initiated by you.
leaftreasures Privacy Policy

8. Cookies and Tracking Technologies

8.1 Technologies Leaftreasures use

  • Necessary Cookies : Maintain basic website functions (such as shopping cart, login status);
  • Analytics Cookies : Google Analytics records visit data and helps optimize page loading speed;
  • Marketing Cookies : Facebook Pixel tracks ad conversions without directly identifying you.

8.2 Leaftreasures How to manage cookies

  • Browser settings : disable cookies in Chrome/Firefox (may affect website functionality);
  • Third-party tools : Use Ghostery or Privacy Badger to block tracking scripts;
  • Options within the website : If a “Reject Non-essential Cookies” button is provided in the future, this will be notified via a pop-up window.

9. Protection of Minors’ Information

  • Since we are targeting the whole world, we uniformly define “children” as minors under the age of 18 ;
  • If we find that a child has provided information without the consent of their guardian, we will immediately delete the relevant data;
  • Guardians can request to review or delete children’s information via leaftreasures@gmail.com.

10. Data security measures

10.1 Technical protection

  • Data encryption: TLS 1.3 is used for transmission and AES-256 is used for storage;
  • Anonymization: hash the IP address and remove unnecessary log fields;
  • Access control: Employees can only access the production environment through two-factor authentication (2FA).

10.2 Management measures

  • Regular security training: Require employees to complete GDPR compliance courses every year;
  • Third-party audits: We hire independent organizations to conduct penetration tests and privacy impact assessments (PIA) every year.

10.3 Data Breach Response

  • If a breach occurs, it will be reported to the UK ICO within 72 hours (if it involves EU users);
  • Notify affected users via email or website announcement and provide remedial measures (such as free credit monitoring).

11. Third Party Links and Embedded Content

  • The website may contain links to YouTube product videos or Instagram user reviews;
  • When you click on a third-party link, your information will be subject to their privacy policy, for which we are not responsible;
  • Embedded content (such as Google Maps) may collect anonymous information such as your IP address when you are not logged in.

12. Automated decision making (AI algorithms)

  • We do not currently use fully automated decision making (such as credit scoring without human intervention);
  • If an AI recommendation system is introduced in the future, you can request manual review of the recommendation results, or apply to turn off the personalization function via email.

13. Advertising and Marketing

13.1 Personalized Advertising

  • Display relevant ads based on your browsing history (e.g. viewing the “dried flower decorations” page);
  • Advertisers (such as Google Ads) may use cookies to match your interest tags.

13.2 How to Unsubscribe Leaftreasures

  • “Unsubscribe” link at the bottom of the email;
  • Reply “STOP” to WhatsApp messages;
  • Contact customer service to request that your email/phone number be added to the “Do Not Market List”.

14. Leaftreasures Employee and Contractor Management

  • All employees are required to sign a non-disclosure agreement (NDA), and violators may face legal prosecution;
  • Third-party service providers (such as logistics companies) must be ISO 27001 certified and undergo regular audits by us.
leaftreasures Privacy Policy

15. Data Retention Period For Leaftreasures

Information TypeRetention PeriodDeleting a condition
Order data7 years after completion of deliveryDeletion upon user request or early destruction as required by law
Customer service conversation records3 years after problem solvedExtended retention when user complaints are not resolved
Device logs30 daysAutomatic anonymization
Marketing preferencesStop using immediately after user unsubscribesIf there is no interaction within 2 years, it will be deleted

16. Applicable Law and Dispute Resolution

  • leaftreasures Privacy Policy is governed by English law (as the company is registered in England);
  • The dispute shall first be resolved through friendly negotiation. If the negotiation fails, it shall be submitted to the London Court of International Arbitration (LCIA) for arbitration;
  • If you are a Chinese user, you may choose to file a lawsuit with a People’s Court with jurisdiction in China.

17. Leaftreasures Contact Information

  • Data Protection Officer (DPO) : leaftreasures@gmail.com
  • Customer service phone : +44 7706 177174 (Service hours: Monday to Friday 9:00-18:00 GMT)
  • Offline address : 9 Victoria Rd, Berry Hill Rd, Stoke-on-Trent, England, ST4 2RD

18.Multi-language version

  • leaftreasures Privacy Policy is provided in the original English version. In case of any conflict between the two, the English version shall prevail.
  • If other language versions are added in the future, they will be announced through the website.

19.Policy Updates and Notifications

We will notify you of policy revisions by:

  • Pop-up window on the homepage of the website (displayed continuously for 7 days);
  • Email push to registered users;
  • WhatsApp broadcast messages (if you have subscribed to notifications).

Major changes (such as adding countries for cross-border transfers) require your renewed consent.

20. Effective Date

leaftreasures Privacy Policy will take effect on March 1, 2024, replacing all previous versions.

The Leaftreasures team is committed to protecting your privacy with transparency and accountability.

If you have any questions, please feel free to contact us.

WhatsApp us
×