Privacy Policy

Last Updated: July 18th, 2022   In this privacy policy, we:
  • Describe the type of personal data we collect, use, store, transfer and how we protect that data
  • Explain your rights and choices with respect to your personal data
  We invite you to read this document carefully. If you have any questions about our data protection practices, please contact us. Topics covered in this privacy policy:
  • General information
  • Types and purpose of personal data
  • Non-personal data
  • Promotional messages
  • Sharing and disclosing data
  • How to access and control your personal data
  • Retention of personal data
  • Protecting your personal data
  • Changes in this Privacy Policy
  • Contact

1. General information

In this section, you can find general information about, its owner and this privacy policy.

1.1 About this Privacy Policy

This privacy policy (the “Privacy Policy”) governs the processing of personal data collected from individual users and merchants (“you” and “your”) via website (, the related subdomains (collectively, “”) and the software applications we manage, collectively, the “Apps” and other means (i.e, social media, interactions with you, etc.)

The Apps and are hereinafter collectively referred to as the “Products”.

This Privacy Policy does not cover any third-party websites, applications or software that integrate with the Products or any other third-party products and services.

When you visit, use our Apps, interact with us or purchase our products online, we collect different types of personal data about you.

1.2 Data controller and data processor

The Products are owned, operated, and offered by Can Code Limited, a limited liability company with registered address at Room 702, Kowloon Building, 555 Nathan Road, Kowloon, Hong Kong (“we”, “us”, or “our”).

We act in the capacity of a data controller and data processor with regard to the personal data processed through the Products in terms of the applicable data protection laws, including, the EU General Data Protection Regulation (GDPR). Our role depends on the specific situation in which data is handled by us, as explained below:

    • Data controller. We are responsible for the collection and use of your personal data through and we make decisions about the types of personal data we collect from you and purposes for which they are used. Therefore, we act as a data controller with regard to the personal data collected directly through
    • Data processor. We act in the capacity of a data processor in situations when we receive personal data for processing through the Apps (the “Service Data”) and that Service Data contains personal data. We do not own, control, or make decisions regarding the Service Data. We process the Service Data only in accordance with the instructions issued by a respective data controller.
1.3 Your consent.

Before you submit any personal data through the Products, you are encouraged to read this Privacy Policy that is available on to understand on what legal basis (other than your consent) we rely when handling your personal data. In some cases, if required by the applicable law, we may seek to obtain your informed consent for the processing of your personal data.

  1.4 Children

The Products are not intended for use by children (i.e., Persons who are minors in their country of residence). Therefore, we do not knowingly collect minors’ personal data and do not wish to do so.

If you become aware that a child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children, we will make our best effort to promptly delete it.

1.5 Cookies

We use cookies on For detailed information on our cookie use practices, please refer to the below.

Cookies We use cookies and similar technologies to collect data about you when you visit our website or use our Apps. Cookies are files that store information on your device or browser that remember actions you take on websites you visited before. We use cookies to give you the best possible experience on our website and/or our Apps, by reviewing your browsing habits, evaluating website activity and generally making services easier to use.   You may refuse to accept Cookies (by modifying the relevant Internet options or browsing preferences of your device), but to do so you may not be able to utilize or activate all of the functions and services.  

2. Types and purposes of personal data

In this section, we explain what types of personal data we collect from you, for what purpose we use that data and on what legal basis we rely when processing it.

2.1 Personal data

We try to minimize the collection of personal data that is necessary for your use of the Products. The types of personal data that we collect from you and process include the following (non-exhaustive list):

    • You name
    • Your address
    • Phone number
    • Your email address
    • Your payment information
    • Other information about yourself or your business
2.2 Purposes of personal data

We use your personal data for limited, specified and legitimate purposes explicitly mentioned in this Privacy Policy. In short, we use it only for the purposes of enabling you to use the Products, providing you with the requested services/products, maintaining and improving the Products, conducting research about the Products and our business activities. We do not repurpose your personal data. It means that we do not use it for any purposes that are different from the purpose for which your personal data was provided.

2.3 Overview of types and purposes of your personal data

The list below provides a description of the types of personal data that we collect and process on behalf of data controllers, the purposes for which we use it, and the legal basis on which we rely when processing your personal data.

    • Contact form

When you contact us by using the contact form available on, we collect your first name, last name, email address, phone number and any information that you decide to include in your message.

We use such data to respond to your enquiries and provide you with the requested information.

The legal basis on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data).

    • Email enquiries

When you contact us by email, we collect your name, email address, and any information that you decide to provide in your message.

We use such data to respond to your enquiries and provide you with the requested information.

The legal basis on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data).

    • Live chat

When you contact us by using the live chat functionality available on, we collect your name, email address, and any information that you decide to provide in your message.

We use such data to respond to your enquiries and provide you with the requested information.

The legal basis on which we rely is ‘your consent’ (for optional personal data).

    • Cookies

When you browse or use the Apps, we collect your cookie-related data. For more information about the purposes for which we use cookies, please refer to our cookie policy.

The legal basis on which we rely are ‘pursuing on legitimate business interests’ (i.e., to analyse and promote our business) and ‘your consent’.

    • Support

If you request support for the Apps from us or contact the customer service, we may ask you to provide us with your personal data that is necessary to deliver the requested support services, such as your name, email address, delivery address, and phone number. We will use such personal data only to provide the requested support.

The legal basis on which we rely is ‘performing a contract’.

    • Payments

When you make a payment, we may have access to your billing information such as your name, billing address, payment card details, or information related to other payment methods that you choose.

The legal basis on which we rely are ‘performing a contract’ and ‘pursuing our legitimate business interests’ (i.e., administer our business).

    • The Apps

When you use the Apps, we collect certain information from your account, such as read and write theme data, product parameters, draft orders, orders, script tags, shop URL, shop name, tariff plan, time zone (list non-exhaustive).

Such information may contain your or other data subjects’ personal data like first names, last names, addresses, email addresses and phone numbers.

We use such personal data to provide you with the requested services and perform our contractual obligations.

The legal basis on which we rely is ‘performing a contract’.

    • Order

When you shop with us online, we will ask you to provide personal data such as your name, address, email, phone number in order to fulfill your order.

The legal basis on which we rely is ‘performing a contract’

We may also ask you to provide personal data when you sign up for a newsletter, respond to a job application or an offer, join us on social media, take part in surveys or contact us for help.

If you don’t want to provide personal data, you don’t have to, but it might limit your ability to do certain things on the website.

2.4 Sensitive data

We do not collect or use any special categories of personal data (“sensitive data”) from you, unless you decide, at your own discretion, to provide such data to us. Sensitive data is information that relates to your health, religious and political beliefs, racial origins, membership of a professional or trade association, or sexual orientation.

2.5 Refusal to provide personal data

If you refuse to provide us with your personal data when we ask to, we may not be able to perform the requested operation and you may not be able to use the full functionality of the Products, receive our services/products, or get our response. Please contact us immediately if you think that any personal data that we collect is excessive or not necessary for the intended purpose.


3. Non-personal data

When you use the Products, we receive some technical data for analytics purposes. In this section, we inform you what non-personal data we collect from you and for what purposes we use that data. 3.1 Log files and analytics data

In order to analyse your use of the Products, we collect and use third-party analytics services to automatically collect certain technical non-personal data about your use of the Products. Such data does not allows us to identify you in any manner. The non-personal data collected by us and third-party analytics providers includes the following information (list non-exhaustive):

    • Your activity on and the Apps
    • How you came to the website
    • Which buttons or links you clicked
    • IP address in an anonymised form
    • Browser type
    • Internet service provider
    • Country
    • Device used
    • Preferred language
  IP address Whenever you visit a website (including, the computer from which the web pages are served needs to know your computer’s public network address so that it can send the pages you request to your browser. The public network address associated with your computer is called its “public IP Address” and is sent automatically each time you access any website. From a computer’s IP Address, it is usually possible to determine the general geographic location of that computer but often not the specific computer and if multiple people use the computer not the specific user (although if your IP Address is unique to you and is published somewhere or if you later identify yourself while using the same IP Address, it is possible that IP Address could identify you).   In many jurisdictions (including California, the EU and Australia), your IP Address is considered to be personal data, and we treat it accordingly. Our website may contain hyperlinks to other websites by third parties. We do not control these third party websites or any of the content contained on those websites. Once you have left our website, we cannot be responsible for the protection and privacy of any information which you provide. You should exercise caution and look at the privacy statement for the websites you visit. 3.2 Your feedback

If you contact us, we may keep records of any questions, complaints, recommendations, or compliments  made by you and the response. Where possible, we will de-identify your personal data (i.e., we will remove all personal data that is not necessary for keeping such records).

3.3 Purposes of non-personal data

We will use non-personal data for the following purpose:

    • To analyse what kind of users use the Products
    • To examine the relevance, popularity, and engagement rate of the Products
    • To investigate and help prevent security issues and abuse
    • To develop and provide additional features to the Products
    • To personalise the Products for your specific needs
3.4 Combined with personal data and de-identified data

In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such data as personal data.

If your personal data is de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any business purpose.


4. Promotional messages

From time to time, you may receive promotional messages from us. Below, we explain when you may receive such notices from us and what you can do to decline our promotional messages. 4.1 Newsletters.

We may send you a newsletter to keep you updated about the latest developments related to the Products, our new services/products, additional features of the Products and special offers. You will receive our newsletters in the following instances:

    • If we receive your express (“opt-in”) consent to receive marketing messages (please note that your voluntary subscription for our newsletters constitutes such consent); or
    • If you are using or purchasing any of our products or services
4.2 Opt-out.

You can opt-out from receiving marketing messages at any time by clicking on the “unsubscribe” link contained in any of the newsletters sent to you or by contacting us directly.

4.3 Informational notices and updates.

From time to time, we may send you important informational notices, such as service/product-related, technical or administrative emails, your privacy and security, and other administrative matters. Please note that we will send such notices on an “if-needed” basis and they do not fall within the scope of direct marketing communication that requires your prior consent.


5. Sharing and disclosing data

We cooperate with external service providers and share some personal data with them for certain purposes. We will never sell your personal information to any third party.   5.1 Disclosure to data processors If necessary, we will disclose your personal data to other companies, agents or contractors (“Service Providers) with whom we cooperate (our data processors). For example, we may share your personal and non-personal data with companies that provide certain technical support services to us, such as hosting and email distribution services, marketing services, security, infrastructure and IT services. The disclosure is limited to the situations when such data is required for the following purposes:
  • Products/orders fulfilment and shipping
  • Fraud prevention, protection, and credit risk reduction
  • Payment processing
  • Security purposes
  • Ensuring the proper operation of the Products
  • Customer support regarding your purchases or services requested
  • Web hosting
  • Information technology
  • Direct mail and email distribution
  • Administration
  • Marketing services and advertising
  • Analytics services
We do not authorize them to use or disclose your personal data except in connection with providing their services. 5.2 Disclosure of non-personal data. Your non-personal data may be disclosed to third parties for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving the Products, responding to lawful requests from public authorities or developing new products and services.   5.3 Compelled disclosure We reserve the right to use or disclose your personal data if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process. 5.4 Business transfers In connection with any reorganization, restructuring merger or sale, or other transfer of assets, we will transfer information, including personal data to a purchaser or successor entity, provided that the receiving party agrees to respect your personal data in a manner that is consistent with our Privacy Policy. International data transfers When we collect, process and share data in accordance with this privacy policy, it may be transferred to countries other than where you live. When we do transfer data, we will make sure that there are safeguards in place to protect your personal data. For individuals in the European Union (EU), this means that your personal data will be transferred outside of the EU. EU personal data will only be transferred to countries that have been identified as providing adequate protection for EU data or to a third party where we have approved transfer mechanisms in place – this means that we have either entered into an appropriate Data Processing Agreement or by ensuring that the entity has appropriate data protection in place.  

6. How to access and control your personal data

You have the right to control how we process your personal data. Below, we list the rights that you can exercise with regard to your personal data and explain how you can exercise those rights.   The General Data Protection Regulation or "GDPR" gives certain rights to individuals in relation to their personal data. As available and except as limited under applicable law, the rights afforded to individuals are:
    • Right of access: the right to be informed of, and request access to, the personal data we process about you
    • Right to rectification: the right to request that we amend or update your personal data where it is inaccurate or incomplete
    • Right to erasure: the right to request that we delete your personal data
You can exercise your data protection and privacy rights at any time by contacting us at: Email: Mail: Room 702, Kowloon Building, 555 Nathan Road, Kowloon, Hong Kong In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we would be able to identify you in our system. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We may reject requests that are unreasonable or not required by law, including those that would be extremely impractical, could require disproportionate technical effort, or could expose us to operational risks. If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protect authority. If you are in EU, you can lodge a complaint to the supervisory authority under the General Data Protection Regulations (“GDPR”), in the Member State of your residence, place of work where the alleged infringement of the GDPR occurred.

7. Retention of personal data

We retain personal data that you provide to us where we have an ongoing legitimate business need to do so (e.g., to comply with our legal obligations, resolve disputes and enforce our agreements). When we have no ongoing legitimate business need to process your personal data, we securely delete the information or anonymize it or, if this is not possible, securely store your personal data and isolate it from any further processing until deletion is possible.  

8. Protecting your personal data

We strive to ensure that your personal data is kept safe and secure. In this section, we inform you about our measures that help us to protect your personal data. 8.1 Security measures. We use reasonable administrative, logical, physical and managerial measures to safeguard your personal data again loss, theft and unauthorized access, use and modification. These measures are designed to provide a level of security appropriate to the risks of processing your personal data. 8.2 Security breaches. Although we put our best efforts to protect your personal data, given the nature of communications and information processing technology and the internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.

9. Changes in this Privacy Policy

This Privacy Policy may be changed from time to time in response to changing legal, regulatory or operational requirements by posting an updated version. If we make any changes, we will revise the date at the top of this Privacy Policy (Last Updated). Your continued use of the Products after any such updates will constitute acknowledgement and (as applicable) acceptance of those changes. If you do not wish to acknowledge or accept any updates to this Privacy Policy, you may cancel and stop using the Products. We encourage you to periodically review our Privacy Policy to stay informed.

10. Contact

Any request in relation to the above shall be in writing (sent by post or email) and addressed to: Can Code Limited Room 702 Kowloon Building, 555 Nathan Road, Kowloon, Hong Kong Email:   We will respond to your request within one month. You also have the right to complain to your local Data Protection Authority about the collection and use of your personal data. If you have any general questions, complaints, or concerns about how we manage your personal data, please contact us by emailing