Privacy Policy

How we collect, use, and protect your personal information.

Introduction

This Privacy Policy explains how Hui Feng Shui Advisory LTD (“we,” “us,” or “our”) collects, uses, stores, and protects your personal data when you use our website (hui-fengshui.com), purchase our services, or communicate with us.

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our website or engaging our services, you acknowledge that you have read and understood this policy.

Data Controller

The data controller responsible for your personal data is:

Hui Feng Shui Advisory LTD
Email: [email protected]

Information We Collect

Information you provide directly

  • Contact details: name, email address
  • Birth data: date of birth, time of birth, and place of birth (required to provide consultation services)
  • Communication content: messages exchanged via WhatsApp, WeChat, or email during the consultation process
  • Shipping address: if you purchase physical products
  • Account information: username and password if you create an account on our website

Information collected automatically

  • Device and browser information: IP address, browser type, operating system
  • Usage data: pages visited, time spent on pages, referring website
  • Cookies: see the Cookies section below for details

Payment information

Payments are processed by third-party providers (Stripe and PayPal). We do not store your full credit card number, CVV, or bank account details on our servers. These providers handle your payment data under their own privacy policies and PCI-DSS compliance standards.

How We Use Your Information

We use your personal data for the following purposes:

  • Service delivery: to perform the consultation analysis you have requested, using your birth data and questions
  • Communication: to respond to your enquiries, deliver reports, and provide follow-up support
  • Order fulfilment: to process purchases and ship physical products
  • Account management: to maintain your website account and order history
  • Marketing: to send you updates about our services, only with your explicit consent (you can unsubscribe at any time)
  • Website improvement: to understand how visitors use our site and improve the experience
  • Legal compliance: to meet our obligations under applicable laws and regulations

Legal basis for processing

We process your data based on: (a) contractual necessity, to deliver the services you have purchased; (b) your consent, for marketing communications; (c) legitimate interests, for website analytics and fraud prevention; and (d) legal obligation, for tax and accounting records.

Who We Share Your Data With

We do not sell your personal data to anyone. We share data only with trusted third-party service providers who help us operate our business:

  • Payment processors: Stripe and PayPal (to process your payments securely)
  • Email marketing: Klaviyo (to send newsletters and updates, only if you have opted in)
  • Website hosting and analytics: Jetpack by Automattic (site statistics and security)
  • Advertising platforms: Meta (Facebook/Instagram) pixel for measuring ad performance
  • Cookie consent: Complianz (to manage your cookie preferences)

Each of these providers processes data under their own privacy policies and in compliance with applicable data protection laws. We may also disclose your data if required by law or to protect our legal rights.

How Long We Keep Your Data

  • Birth data and consultation reports: retained indefinitely to support ongoing and future consultations, unless you request deletion
  • Communication records: retained for the duration of our client relationship and up to 3 years after the last interaction
  • Payment and transaction records: retained for 7 years as required by UK tax law
  • Website analytics data: retained in anonymised form
  • Marketing consent records: retained until you withdraw consent

Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • SSL/TLS encryption on all website pages
  • Secure payment processing through PCI-DSS compliant providers
  • Restricted access to personal data (only accessible by Master Hui)
  • Regular security updates and monitoring

While we strive to protect your data, no method of transmission over the internet is completely secure. We cannot guarantee absolute security, but we take all reasonable steps to minimise risk.

Cookies

Our website uses cookies to function properly and to understand how visitors interact with our pages. Cookies are small text files stored on your device.

Types of cookies we use

  • Essential cookies: required for the website to function (login sessions, shopping cart, security). These cannot be disabled.
  • Analytics cookies: help us understand how visitors use our site (Jetpack site statistics). Collected in aggregate form.
  • Marketing cookies: used to measure advertising effectiveness (Meta pixel). Only set with your consent.

Managing your cookie preferences

When you first visit our website, you will see a cookie consent banner where you can choose which non-essential cookies to accept. You can change your preferences at any time through the cookie settings link in our website footer, or by adjusting your browser settings.

Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: ask us to correct inaccurate or incomplete data
  • Right to erasure: ask us to delete your personal data (subject to legal retention requirements)
  • Right to restrict processing: ask us to limit how we use your data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests or for marketing purposes
  • Right to withdraw consent: withdraw your consent at any time where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.

International Data Transfers

Our website is hosted on servers outside the UK. Some of our third-party service providers (such as Stripe, PayPal, and Klaviyo) may process data in the United States or other countries. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to protect your data to the same standard as under UK law.

Third-Party Links

Our website may contain links to external websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before providing any personal information.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

For significant changes that affect how we process your data, we will notify you by email where possible.

This policy was last updated in May 2026.

Scroll to Top