Privacy Policy

Effective date: 23 September 2025
SabaiSkin™ (powered by Tindahan Global Distribution Co. Ltd.) (“SabaiSkin”, “we”, “us”, “our”) is committed to protecting your privacy. This Policy explains what personal data we collect, how we use it, the legal bases for processing, how we share and secure it, and the rights available to you. It applies to our website, online store, dealer portal, social channels, and any services that link to this Policy (collectively, the “Services”).

By using our Services, you agree to the practices described here.

1) Who we are & scope

  • Data controller: SabaiSkin™ (Tindahan Global Distribution Co. Ltd.), operating in Hong Kong with supply-chain operations in Thailand and the Philippines.
  • Contact (Data Protection Officer): privacy@sabaiskin.com
  • Postal contact: Data Protection Officer, SabaiSkin™, Hong Kong (please email for the current mailing address).

This Policy is designed to comply with applicable privacy laws including Hong Kong’s Personal Data (Privacy) Ordinance (PDPO), Thailand’s PDPA, Philippines’ Data Privacy Act of 2012, and—where applicable—GDPR for EU/UK visitors.

2) The data we collect

We collect information in three ways: you provide it, we collect it automatically, or we obtain it from third parties.

A. Data you provide

  • Account & profile: name, username, password, email, phone, country/region, preferred language.
  • Purchases & delivery: shipping/billing addresses, order details, receipts, return/exchange information.
  • Dealer/wholesale portal: business name, tax/registration numbers, contact persons, positions, business addresses, payment details, resale certifications, marketing preferences.
  • Support & communications: the content of emails, chats, social messages (e.g., Facebook/IG/WhatsApp), survey responses, product reviews.
  • Marketing consent: your opt-in/opt-out choices for email/SMS/WhatsApp/direct marketing (see §9).

B. Data we collect automatically

  • Device & usage: IP address, browser type, device identifiers, pages viewed, timestamps, referral URLs, clickstream data.
  • Cookies & similar tech: session cookies, preference cookies, analytics and performance cookies, and—if enabled—advertising cookies (see §7).

C. Data from third parties

  • Payment processors (e.g., card gateways, wallet providers): tokenized payment confirmations (we do not store full card numbers).
  • Logistics partners: shipping status and delivery confirmations.
  • Anti-fraud & security tools: risk scores and signals to protect accounts and transactions.
  • Social platforms (if you connect/sign in): your public profile information and account identifier.

We do not intentionally collect data from children; our Services are not directed to persons under 18 (see §14).

3) Why we use your data (purposes) & legal bases

We process personal data for the purposes below, under one or more of these legal bases: contract, consent, legal obligation, legitimate interests.

  1. Provide and improve the Services (account creation, checkout, order fulfillment, returns, dealer management, customer support). Legal bases: contract; legitimate interests.
  2. Authenticate and secure accounts, prevent fraud/abuse, protect our users and brand. Legal bases: legitimate interests; legal obligation.
  3. Communicate with you (order updates, service notices, replies to inquiries). Legal bases: contract; legitimate interests.
  4. Direct marketing (news, offers, brand updates) only with your consent where required (see §9). Legal bases: consent; legitimate interests.
  5. Analytics and performance (to understand usage and improve experience). Legal bases: legitimate interests; consent for certain cookies where required.
  6. Compliance with applicable laws, tax, accounting, and regulatory requests. Legal bases: legal obligation.

4) How we share information

We share personal data only as needed and with safeguards:

  • Vendors/Processors: hosting, payment gateways, logistics/couriers, email/SMS providers, analytics, anti-fraud, customer support tools—bound by confidentiality and data-processing terms.
  • Brand principals & affiliates (need-to-know): As the sole distributor of OHO in Hong Kong and a supplier of Precious Skin, Joji Secret, Lemon Me, and Thai Moni, we may share limited, aggregated, or pseudonymized sales/operations data with brand owners to support authenticity, recall, compliance, or after-sales care.
  • Business transfers: merger, acquisition, financing, or sale of assets (your data remains subject to this Policy or a successor policy with equal or stronger protections).
  • Legal compliance: where required to comply with law, court orders, or to protect rights, safety, and security of users and our company.

We do not sell personal data.

5) International transfers

Your data may be processed in Hong Kong, Thailand, the Philippines, and other locations where our vendors operate. We implement appropriate safeguards (contractual clauses, access controls, encryption in transit, vendor due diligence) to protect your data during cross-border transfers.

6) Data retention

We keep personal data only for as long as necessary for the purposes in §3, including:

  • Orders & invoices: up to 7 years (or longer if laws require).
  • Accounts & dealer records: while active, then for a reasonable period to manage queries/claims (typically 2–5 years).
  • Marketing data: until you withdraw consent or object.
  • Security logs: typically 12–24 months, unless needed for investigations.

When no longer needed, we securely delete or anonymize data.

7) Cookies & similar technologies

We use cookies/pixels to:

  • Operate the site: login, cart, checkout, preferences.
  • Measure performance: traffic, pages visited, conversion, error diagnostics.
  • (Optional) Marketing/ads: remarketing and campaign effectiveness.

You can manage cookies via our cookie banner and your browser settings. Disabling certain cookies may affect site functionality.

8) Analytics & ads

We may use analytics platforms to understand how our Services are used and improve them. For interest-based ads (if any), participating networks typically offer opt-outs. Details appear in our cookie banner or settings page when enabled.

9) Direct marketing (PDPO-compliant)

  • We may use your name, contact information, purchase history, and preferences for direct marketing of SabaiSkin™, OHO, and our curated Thai beauty brands only if you have given consent where required.
  • You can withdraw consent or object at any time by using the unsubscribe links in messages or contacting privacy@sabaiskin.com.
  • We honor Hong Kong PDPO requirements relating to direct marketing and consent/opt-out management.

10) Your rights

Depending on your location, you may have rights to:

  • Access your personal data (PDPO Data Access Request) and receive a copy.
  • Correct/Update inaccurate or incomplete data.
  • Delete/erase certain data (subject to legal retention).
  • Object to or restrict processing, including direct marketing.
  • Portability (where applicable).
  • Withdraw consent at any time (does not affect prior lawful processing).

We aim to respond within the time frames required by law (e.g., PDPO generally within 40 days). To exercise rights, contact privacy@sabaiskin.com. We may request information to verify your identity.

11) Security

We apply administrative, technical, and physical safeguards, including:

  • Encryption in transit (HTTPS/TLS).
  • Role-based access controls and least-privilege principles.
  • Multi-factor authentication for internal systems where feasible.
  • Vendor due diligence and contractual security obligations.
  • Regular backups and incident response procedures.

No method is 100% secure; if we become aware of a data incident affecting you, we will notify you and regulators as required by law.

12) Third-party links & platforms

Our Services may link to third-party sites or allow interactions via social platforms (e.g., Facebook, Instagram, WhatsApp). Their privacy practices are governed by their own policies. Please review those policies; we are not responsible for their content or practices.

13) Payments

Payments are processed by third-party gateways. We receive payment confirmations and tokens but do not store full card or wallet credentials. Please refer to each provider’s privacy/security policy for details.

14) Children’s privacy

Our Services are not intended for individuals under 18. We do not knowingly collect data from children. If you believe a minor has provided us data, contact privacy@sabaiskin.com and we will delete it where required.

15) Changes to this Policy

We may update this Policy to reflect legal, technical, or business developments. Changes take effect when posted with a new “Effective date.” For material changes, we will provide prominent notice (e.g., banner or email).

16) How to contact us or lodge a complaint

  • Email: support@sabaiskin.com (fastest)
  • Mail: Data Protection Officer, SabaiSkin™, Hong Kong (email us to confirm the current mailing address).

If you are in Hong Kong and believe your rights have been infringed, you may also contact the Office of the Privacy Commissioner for Personal Data (PCPD). If you are in other jurisdictions, you may contact your local data protection authority.