Privacy policy

Privacy Policy

Effective Date: August 21, 2025

Data Controllers

  • Well Known Brand, Inc. (USA)
    Address: 2093 Philadelphia Pike #1628, Claymont, DE, USA 19703

  • Labworks International Design Ltd (Hong Kong)
    Address: Unit 2, 9/F, Block A, Yee Lim Industrial Centre, 2-28 Kwai Lok Street, Kwai Font, NT, Hong Kong.

  • Data Protection Officer: Contact via legal@catalystcase.com.

1. Introduction

This Privacy Policy explains how catalystcase.com (US, outlying islands) and catalystlifestyle.com (Hong Kong, Canada, UK, Australia, international), powered by Shopify, collect, use, and share personal information when you visit, use, or make purchases. It complies with Hong Kong’s Personal Data (Privacy) Ordinance (PDPO), GDPR (EU/EEA, Andorra, Azores, Canary Islands, Channel Islands, French Guiana, Guadeloupe, Isle of Man, Madeira, Martinique, Mayotte, Monaco, Réunion, San Marino, Saint Barthélemy, Saint-Martin, Switzerland, UK sovereign bases in Cyprus, Vatican City), LGPD (Brazil), PIPEDA (Canada), CCPA (California), and laws in Chile, Colombia, Egypt, India, Japan, Malaysia, Morocco, South Africa, South Korea, Taiwan. It covers Switchy.io (link tracking), Vanchat (chatbot), GeoTargetly (geolocation redirects, cookie consent), Shopify Audiences (targeted ads), and third-party services for marketing and analytics.

2. Personal Information We Collect

We collect:

  • Contact Details: Name, address, billing/shipping address, phone, email.

  • Financial Information: Payment card details, transaction data.

  • Account Information: Username, password, preferences.

  • Transaction Information: Items viewed, carted, purchased, returned.

  • Communications: Customer support inquiries.

  • Device Information: IP address, browser type, device ID.

  • Usage Information: Site interactions, navigation.

  • Geolocation Data: IP-derived country, state, city (via GeoTargetly).

  • Vanchat Data: Email, interaction data (e.g., Father’s Day campaign).

  • Shopify Audiences Data: Purchase history, browsing behavior for ad targeting.

Sources:

  • Directly from you (e.g., account creation, purchases).

  • Automatically via Shopify, GeoTargetly, Switchy.io, Vanchat, Google Analytics.

  • Service providers (e.g., payment processors).

  • Shopify Intelligence Network (SIN) for aggregated insights.

  • Third parties (e.g., marketing partners).

3. Consent

We obtain your consent as follows, per PDPO Data Protection Principle (DPP) 3, GDPR, and other applicable laws:

  • Transactions: Implied consent for transaction-related data (e.g., orders, payments), used solely for that purpose unless explicit consent is required (e.g., Hong Kong, Canada).

  • Marketing: Explicit consent via Shopify Cookie Banner, GeoTargetly Geo Consent pop-up, or Vanchat email submission for marketing. You may opt out at any time.

  • GeoTargetly (GeoIP Redirect): Automatic redirection based on IP geolocation or explicit consent via pop-up in required regions (e.g., Hong Kong, Brazil, Canada). Data stored on GeoTargetly’s Google Cloud servers and Shopify (GeoTargetly Privacy Policy, Geo Consent).

  • Vanchat: Explicit consent via email submission for coupons/marketing; emails imported to Shopify/Klaviyo with consent (Vanchat Privacy Policy).

  • Switchy.io: Explicit consent via pop-up for link tracking (Switchy.io Privacy Policy).

  • Cookies: Explicit consent via Shopify Cookie Banner or GeoTargetly Geo Consent pop-up for non-essential cookies in required regions, stored via Shopify’s Customer Privacy API (Shopify Consumer Privacy Policy, Shopify Visitor Privacy Policy).

  • Shopify Audiences: Explicit consent for sharing purchase history, browsing data with SIN for ad targeting, per Shopify Audiences Data and Privacy.

  • Third-Party Marketing: Explicit consent for sharing data (e.g., hashed email, IP) with Meta (Customer List Custom Audiences), Google (Customer Match), TikTok, and others for personalized ads, per Google’s EU User Consent Policy and Meta’s Customer List Custom Audiences Terms.

Withdrawal of Consent:

  • Withdraw consent for marketing, data collection, use, or disclosure at any time via Shopify Privacy Portal, platform settings (e.g., Meta, Google), or by contacting cs@catalystcase.com or mailing: Labworks International Design Ltd., Unit 2, 9/F, Block A, Yee Lim Industrial Centre, 2-28 Kwai Lok Street, Kwai Font, NT, Hong Kong.

  • Hong Kong residents can opt out of direct marketing per PDPO DPP 3.

EU/EEA and Other Regions: SB Supply manages GDPR compliance for sbsupply.eu/catalyst. Consent recorded via Shopify’s Customer Privacy API (setTrackingConsent).

4. How We Use Your Information

  • Provide Services: Process payments, fulfill orders, manage accounts, personalize experience. The store is hosted by Shopify and Shopify processes your data when you visit and make purchases on your store, including to provide services based on your interactions with other merchants and with Shopify. Your information is shared with Shopify and other third parties that may be located in other countries, in order to provide services to them, including those that incorporate data from their interactions with other merchants and with Shopify.

  • Marketing/Advertising: Send emails/SMS, show personalized ads via Shopify Audiences, Klaviyo, Meta (Facebook, Instagram, Threads), Google Ads (Customer Match), TikTok, Bluesky, YouTube, Pinterest, LinkedIn, Twitter, Snapchat, Reddit, Quora, Bing, Yahoo, WhatsApp, Tinytalk, Airfive, affiliates, Vanchat, Repliant, Lark, Microsoft, ChatGPT, other AI services.

  • Security/Fraud Prevention: Authenticate accounts, detect fraud.

  • Communication: Respond to inquiries, provide support.

  • Analytics: Improve services, track performance via GA4, Shopify Reports.

  • Legal Compliance: Comply with laws (e.g., PDPO, GDPR), respond to legal requests.

5. Third-Party Sharing

We share personal information with third parties to perform services (e.g., marketing, analytics, redirects) on our behalf, with your explicit consent where required by PDPO (DPP 3), GDPR, or platform policies (e.g., Google, Meta). Data is not sold.

Partner

Data Shared

Purpose

SB Supply (EU)

Email, IP, region tag

GDPR-compliant redirection, marketing

Shopify

Contact, transaction, consent data

Store functionality, personalization, cookie consent, Shopify Emails, Shopify Forms, Shopify Audiences, Enhanced Services, Shopify Network Intelligence

Klaviyo

Email, campaign details

Email/SMS marketing, retargeting

Meta (Facebook, Instagram, Threads)

Hashed email, pixel data

Customer List Custom Audiences, retargeting, lookalike audiences (Meta Privacy Policy)

Google (Google Ads, YouTube)

Hashed email, tag data

Customer Match for personalized ads, analytics (Google Privacy Policy)

TikTok

Pixel data

Retargeting, analytics (TikTok Privacy Policy)

Bluesky

Usage data

Marketing, analytics (Bluesky Privacy Policy)

Pinterest

Pixel data

Retargeting, analytics (Pinterest Privacy Policy)

LinkedIn

Usage data

Retargeting, analytics (LinkedIn Privacy Policy)

Twitter

Usage data

Retargeting, analytics (Twitter Privacy Policy)

Snapchat

Pixel data

Retargeting, analytics (Snapchat Privacy Policy)

Reddit

Usage data

Marketing, analytics (Reddit Privacy Policy)

Quora

Usage data

Marketing, analytics (Quora Privacy Policy)

Bing

Usage data

Retargeting, analytics (Microsoft Privacy Statement)

Yahoo

Usage data

Retargeting, analytics (Yahoo Privacy Policy)

Airfive (cs@catalystcase.com)

Email

Customer service, retargeting

WhatsApp

Contact data

Customer communication (WhatsApp Privacy Policy)

Tinytalk

Contact data

Customer communication

Affiliates

Email, usage data

Affiliate marketing

Vanchat

Email, interaction data

Coupon delivery, retargeting (Vanchat Privacy Policy)

Repliant

Email, usage data

Customer support, analytics

Lark

Contact data

Customer communication (Lark Privacy Policy)

Microsoft

Usage data

Analytics, marketing (Microsoft Privacy Statement)

ChatGPT/Other AI

Interaction data

Analytics, personalization (OpenAI Privacy Policy)

GeoTargetly

IP, session, browser data

Geolocation redirects, consent management (GeoTargetly Privacy Policy)

 

Shopify Audiences: Purchase history and browsing data are shared with Shopify Intelligence Network (SIN) to generate audience lists for Meta, Google, TikTok, Pinterest, Snapchat, encrypted and deleted post-matching, per Shopify Audiences Data and Privacy.

Meta Customer List Custom Audiences: Emails are hashed locally before uploading to Meta for matching to create audiences for personalized ads. Meta acts as a data processor under GDPR and PDPO, per Meta’s Data Processing Terms. If you opt out, we remove your data from Meta’s Custom Audiences.

Google Customer Match: Hashed emails and other data are shared with Google to match customers to Google accounts for personalized ads, per Google Ads Data Processing Terms. Google acts as a data processor under GDPR and PDPO.

6. Disclosure

We may disclose your personal information if required by law (e.g., PDPO, GDPR, court orders) or if you violate our Terms of Service. Under PDPO, we notify the Privacy Commissioner for Personal Data (PCPD) and affected individuals promptly of data breaches, per the 2021 amendment.

7. Shopify

Our stores are hosted on Shopify Inc., providing a secure e-commerce platform. Your data is stored on Shopify’s secure servers behind a firewall, encrypted per Payment Card Industry Data Security Standard (PCI-DSS). Transaction data is deleted after purchase completion, unless required for legal purposes. See Shopify Consumer Privacy Policy, Shopify Visitor Privacy Policy, and Shopify Terms of Service.

8. Cookies and Tracking

Cookies and tracking data are sourced from:

  • Shopify: Session, visit, cart, and secure session cookies (e.g., _session_id, cart) via Shopify Cookie Banner, stored on Shopify’s servers (Shopify Consumer Privacy Policy).

  • GeoTargetly: Cookies for geolocation redirects and consent preferences via Geo Consent pop-up, stored on Google Cloud servers and Shopify (GeoTargetly Cookies Opt-Out).

  • Switchy.io: Cookies for link tracking (e.g., Meta Pixel, Google Tag Manager) via consent pop-up, stored on Switchy.io servers (Switchy.io Privacy Policy).

  • Third-Party Platforms: Cookies for analytics/marketing (e.g., Meta Pixel, Google PREF) from Meta, Google, TikTok, Pinterest, Snapchat, with consent via Shopify Cookie Banner or GeoTargetly pop-up.

Vanchat does not set cookies. Consent for non-essential cookies is obtained and stored via Shopify’s Customer Privacy API. Refer to the Shopify's Consumer Privacy Policy for more details. You can Opt-out via Shopify Privacy Portal.

9. Data Security and Retention

Data is stored on secure servers (Shopify, GeoTargetly’s Google Cloud, Vanchat) with industry-standard encryption (e.g., SSL, AES-256). Hashed data for Meta, Google, and Shopify Audiences is securely processed and deleted post-matching. Per PDPO (DPP 2, Section 26), we erase personal data when no longer needed, unless required by law or public interest. We maintain a data retention policy to comply with PDPO, deleting unnecessary data promptly (e.g., transaction data post-purchase, marketing data post-opt-out).

Data Breach Notification: Per PDPO 2021 amendment, we notify PCPD and affected individuals promptly in case of a data breach, taking remedial actions (e.g., system scans, password resets).

10. International Data Transfers

Data may be transferred outside your region (e.g., to Shopify, GeoTargetly, Google, Meta). For Hong Kong residents, we follow PDPO guidance on cross-border transfers, using Standard Contractual Clauses or equivalent safeguards to ensure protection equivalent to PDPO, per PCPD’s recommended model clauses. We conduct due diligence on data importers to verify compliance.

11. Your Rights

Under PDPO (Sections 19, 20), Hong Kong residents have the right to:

  • Access: Request access to your personal data using the PCPD’s Data Access Request Form, processed within 40 days.

  • Correction: Request correction of inaccurate data.

  • Erasure: Request erasure of unnecessary data, subject to legal obligations.

Other regions (e.g., GDPR, CCPA) provide similar rights:

  • Access, correct, delete, or port your data.

  • Opt-out of marketing, targeted advertising, Google Customer Match, Meta Customer List Custom Audiences, or Shopify Audiences via Shopify Privacy Portal, platform settings, or by contacting us.

  • Withdraw consent via Shopify Cookie Banner, GeoTargetly pop-up, or platform options.

  • File complaints with PCPD (www.pcpd.org.hk) or your local data protection authority.

Requests: Submit via GDPR Request Form, email cs@catalystcase.com, or mail: Catalyst, Unit 5B, 5th Floor, High Fashion Centre, 1-11 Kwai Hei Street, Kwai Chung, NT, Hong Kong. For EU users, contact SB Supply at sbsupply.eu/privacy.

12. Third-Party Websites

Links to third-party sites (e.g., social media) are not governed by this Privacy Policy or our Terms of Service. Review their privacy policies (linked above).

13. Age of Consent

By using our sites, you represent that you are at least the age of majority in your region (19 in Canada, 20 in Japan/Taiwan/South Korea, 21 in Chile). We do not knowingly collect or share data from minors.

14. Changes to This Policy

We may update this policy, effective upon posting on catalystcase.com. Material changes will be notified here. Per PDPO, we ensure transparency in data practices.

15. Questions and Contact Information

For access, correction, deletion, complaints, or more information, contact our Privacy Compliance Officer at legal@catalystcase.com or mail: Catalyst, Unit 5B, 5th Floor, High Fashion Centre, 1-11 Kwai Hei Street, Kwai Chung, NT, Hong Kong.