Privacy Policy
Last updated: 12 November 2025
At Toddler Nutrition (“we”, “us”, “our”), we are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you visit our website [www.toddler-nutrition.com] (the “Website”), use our mobile application (the “App”), place orders, create an account, subscribe to our newsletter, or otherwise interact with us.
We are a company registered in Hong Kong Special Administrative Region with company registration number [insert number] and registered office at [insert full address, Hong Kong].
1. Data Controller
Toddler Nutrition is the data controller responsible for your personal data under the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) of Hong Kong.
Contact details: Email: info@toddler-nutrition.com Postal address: Data Protection Officer, Toddler Nutrition, [full address], Hong Kong Telephone: [+852 insert number]
2. Types of Personal Data We Collect
We may collect the following categories of personal data:
a. Identity Data
- Full name, title, date of birth (of parent/guardian and child where relevant)
b. Contact Data
- Billing address, delivery address, email address, telephone numbers
c. Child-related Data
- Child’s name, gender, date of birth, weight, height, allergies, dietary requirements, feeding preferences (considered sensitive personal data)
d. Financial Data
- Payment card details (processed via encrypted payment gateways; we do not store full card numbers)
e. Transaction Data
- Details of products purchased, order number, date, amount, frequency
f. Technical Data
- IP address, browser type, operating system, device identifiers, geolocation data, time zone setting
g. Usage Data
- Pages visited, time spent on pages, clickstream data, search terms
h. Marketing and Communications Data
- Preferences for receiving marketing from us or third parties
i. Correspondence Data
- Records of emails, live-chat transcripts, customer service calls (recorded for training purposes)
3. How We Collect Your Personal Data
- Directly from you: when you register, place an order, fill in forms, contact customer service, or subscribe to newsletters.
- Automatically: through cookies, server logs, and similar technologies (see section 9).
- From third parties: payment providers, delivery partners (e.g., SF Express, Hongkong Post), analytics providers (Google Analytics), advertising networks, and social media platforms (if you log in via Facebook/Google).
4. Purposes and Legal Bases for Processing
We process personal data only when we have a lawful basis under the PDPO:
| Purpose | Legal Basis under PDPO |
|---|---|
| To process and deliver your orders (including payment and shipping) | Performance of contract |
| To manage your account and provide customer support | Performance of contract / Legitimate interests |
| To improve our products, services, and website | Legitimate interests |
| To send promotional offers and newsletters | Consent (opt-in) |
| To comply with legal obligations (e.g., tax, consumer protection) | Legal obligation |
| To detect and prevent fraud | Legitimate interests |
| To personalise content and recommendations (e.g., based on child’s age/allergies) | Consent / Legitimate interests |
Sensitive personal data (child’s health data, allergies) is processed only with explicit consent or where necessary for vital interests (e.g., preventing allergic reactions).
5. Marketing Communications
You will receive marketing communications only if:
- You have purchased from us and have not opted out of marketing (soft opt-in), or
- You have explicitly opted in during registration or later.
You can withdraw consent or opt out at any time by:
- Clicking “unsubscribe” in any email
- Updating preferences in your account
- Emailing info@toddler-nutrition.com
6. Disclosure of Your Personal Data
We may share your data with:
a. Service providers (acting as data processors):
- Payment gateways (Stripe, PayPal, Alipay, WeChat Pay)
- Delivery companies (SF Express, DHL, Hongkong Post)
- IT and cloud storage providers (AWS, Google Cloud – servers located in Hong Kong/Singapore)
- Customer service platforms (Zendesk, LiveChat)
- Analytics and advertising partners (Google, Meta)
b. Professional advisers (lawyers, accountants, auditors)
c. Regulators and law enforcement when legally required
d. In the event of merger, acquisition, or asset sale – your data may be transferred to the new owner.
All third parties are required to sign Data Processing Agreements and maintain confidentiality.
7. International Data Transfers
Your data may be transferred to and stored in countries outside Hong Kong (e.g., Singapore, USA). We ensure appropriate safeguards:
- Use of Standard Contractual Clauses approved by the Hong Kong PCPD
- Binding Corporate Rules (where applicable)
- Adequacy decisions (where available)
8. Data Security
We implement industry-standard measures:
- SSL/TLS encryption for all data in transit
- AES-256 encryption at rest
- Regular penetration testing
- Access controls and two-factor authentication for staff
- PCI-DSS compliance for payment data
However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
9. Cookies and Tracking Technologies
Our Website uses cookies. Detailed information is provided in our separate Cookie Policy [link]. You can manage preferences via the cookie banner or browser settings.
10. Data Retention
We keep personal data only as long as necessary:
| Data type | Retention period |
|---|---|
| Order and transaction data | 7 years (Hong Kong tax law) |
| Account data | Until account deletion + 2 years |
| Marketing preferences | Until consent withdrawn |
| Customer service recordings | 12 months |
| Child health/allergy data | Deleted immediately after order fulfilment unless you request longer storage |
After retention periods, data is securely deleted or anonymised.
11. Your Rights under the PDPO
You have the following rights (free of charge, unless manifestly unfounded or excessive):
- Right to be informed – via this Privacy Policy
- Right of access – request a copy of your data (Data Access Request)
- Right to rectification – correct inaccurate data
- Right to erasure – delete data where no longer necessary
- Right to restrict processing
- Right to data portability (where technically feasible)
- Right to object to direct marketing or processing based on legitimate interests
- Right to withdraw consent at any time
To exercise any right, email info@toddler-nutrition.com or submit a written request. We will respond within 30 calendar days.
You also have the right to lodge a complaint with the Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong: Website: https://www.pcpd.org.hk Telephone: +852 2827 2827
12. Children’s Privacy
Our services are not directed to children under 13. We do not knowingly collect personal data from children under 13 without parental consent. If we become aware of such collection, we will delete the data immediately.
13. Changes to this Privacy Policy
We may update this policy from time to time. The new version will be posted on our Website with the updated “Last updated” date. Significant changes will be notified by email or prominent notice.
14. Third-Party Links
Our Website may contain links to third-party sites (e.g., Instagram, Facebook). We are not responsible for their privacy practices.
15. Contact Us
Name of the store: Toddler-Nutrition
Company name: Klein u. Meng OHG
Company number: HRA 41471
VAT Number: DE 148 123 456
Adress: Keltenstr. 3, 67433 Neustadt an der Weinstraße, Germany
E-Mail: info@toddler-nutrition.com
Phone number: +852 9876 5432
Opening Hours:
- Monday to Saturday: 8:00 AM to 6:00 PM
- Sunday: closed