Privacy policy
Privacy Policy
Last updated: June 23, 2026
Pluffio ("we", "us", "our") operates this store and website at trypluffio.com, including all related information, content, features, tools, products and services (collectively, the "Services"). Pluffio is a trading name of Providence Global Trading Limited, a company registered in Hong Kong. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit, use, or make a purchase through the Services, or otherwise communicate with us.
This Privacy Policy is written to comply with the UK General Data Protection Regulation (UK GDPR), the UK Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).
If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.
By using the Services, you acknowledge that you have read and understood this Privacy Policy.
Personal Information We Collect
When we use the term "personal information", we mean information that identifies or can reasonably be linked to you. Depending on how you interact with the Services, we may collect or process the following categories of personal information:
- Contact details: your name, billing address, shipping address, phone number, and email address.
- Financial information: payment card information, financial account details, transaction details, payment confirmations. Card numbers are processed directly by our payment processor (Shopify Payments / Stripe) and are not stored on our servers.
- Account information: your username, password, preferences and settings (where you create an account).
- Transaction information: items you view, add to cart, add to wishlist, purchase, return, exchange or cancel, and your order history.
- Communications: the content of messages you send to us (customer support, returns inquiries, reviews).
- Device information: your device type, browser, operating system, IP address, and similar unique identifiers.
- Usage information: how you interact with and navigate the Services, pages visited, time spent, click behaviour.
How We Collect Your Personal Information
- Directly from you when you create an account, place an order, contact us, or submit a form.
- Automatically through your device and our use of cookies, pixels, and similar technologies (see "Cookies and Tracking" below).
- From our service providers including Shopify, payment processors, shipping carriers, and email/marketing platforms.
- From advertising and analytics partners including Meta (Facebook/Instagram), Google, TikTok, and similar platforms where you have interacted with our ads or content.
How We Use Your Personal Information and Legal Basis
Under UK GDPR, we must have a lawful basis for processing your personal information. The basis depends on the purpose:
| Purpose | Legal Basis |
|---|---|
| Processing your order, payment, shipment, returns | Contract — necessary to perform our contract with you |
| Creating and managing your account | Contract |
| Customer support and responding to inquiries | Contract / Legitimate Interests |
| Marketing emails (where you have opted in) | Consent |
| Personalised advertising (where applicable) | Consent |
| Analytics and improving the Services | Legitimate Interests |
| Fraud prevention and account security | Legitimate Interests / Legal Obligation |
| Compliance with tax, accounting, and consumer protection law | Legal Obligation |
You may withdraw consent at any time by contacting us at or using the unsubscribe link in any marketing email.
How We Disclose Personal Information
We may share your personal information with the following categories of third parties:
- Shopify, our e-commerce platform provider, which hosts the Services and processes data on our behalf.
- Payment processors (e.g. Shopify Payments, Stripe) to process your payments securely.
- Shipping and fulfilment partners to deliver your order, including international carriers and last-mile delivery couriers.
- Marketing and advertising partners (e.g. Meta, Google, TikTok, Klaviyo, Mailchimp) to deliver and measure our marketing.
- Analytics providers (e.g. Google Analytics, Shopify Analytics) to understand how the Services are used.
- Customer support tools to manage your inquiries.
- Professional advisors (lawyers, accountants, auditors) where necessary.
- Government authorities, law enforcement, or other parties where required by law, court order, or to protect our legal rights.
- A buyer or successor in the event of a merger, acquisition, restructuring, or sale of assets.
We do not sell your personal information.
Cookies and Tracking Technologies
The Services use cookies, pixels, and similar technologies to function properly, remember your preferences, analyse traffic, and deliver personalised advertising. By using the Services, you consent to our use of cookies as described in any cookie banner displayed on the site. You can manage your cookie preferences in your browser settings or via the cookie banner.
Relationship with Shopify
The Services are hosted by Shopify Inc. Shopify processes personal information about your interactions with the Services to provide, secure, and improve the platform. Information you submit to the Services may be transferred to and processed by Shopify and its sub-processors in countries other than where you reside.
To learn more about how Shopify processes your personal information, visit the . You may exercise certain rights via the .
International Data Transfers
We are based in Hong Kong, and your personal information may be transferred to, stored, and processed in Hong Kong, the United States, and other countries where our service providers operate.
Where we transfer personal information of UK or EEA residents outside the UK or EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or transfers to countries the UK or EU has determined to provide an adequate level of protection.
Data Retention
We retain your personal information only for as long as necessary for the purposes set out in this Privacy Policy or as required by law:
- Order and transaction records: 7 years from the date of the order (UK tax and accounting law)
- Account information: until you delete your account or request deletion
- Marketing data: until you unsubscribe or 2 years of inactivity, whichever is sooner
- Customer support records: 3 years from the date of last contact
- Website analytics data: typically 14–26 months, depending on the provider
Children's Data
The Services are intended for adults purchasing products on behalf of children. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at and we will delete it.
Your Rights Under UK GDPR
If you are based in the UK or EEA, you have the following rights with respect to your personal information:
- Right to be informed about how we process your personal information (this Privacy Policy).
- Right of access to a copy of the personal information we hold about you.
- Right to rectification of inaccurate or incomplete personal information.
- Right to erasure ("right to be forgotten") in certain circumstances.
- Right to restrict processing in certain circumstances.
- Right to data portability — to receive a copy of your personal information in a structured, machine-readable format.
- Right to object to processing based on legitimate interests or for direct marketing.
- Right to withdraw consent at any time where we rely on consent.
- Right not to be subject to automated decision-making that produces legal or similarly significant effects.
To exercise any of these rights, email us at . We will respond within one month, as required by UK GDPR. We may need to verify your identity before processing your request. These rights are subject to certain legal exceptions.
Marketing Preferences
We may send you marketing emails about new products, offers, and content if you have opted in. You can unsubscribe at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at . Even if you unsubscribe from marketing, we may still send you transactional emails (order confirmations, shipping updates, returns).
Security
We implement reasonable technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. However, no transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security. We recommend you do not share your account password with anyone and use a strong, unique password.
Complaints
If you have a complaint about how we process your personal information, please contact us first at so we can try to resolve the issue.
You also have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK
Helpline: 0303 123 1113
Website:
If you are based in the EEA, you may also lodge a complaint with your local data protection authority. A list of EEA supervisory authorities is available .
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to our practices or for legal, operational, or regulatory reasons. We will post the revised Privacy Policy on this page and update the "Last updated" date. Material changes will be communicated by email where appropriate.
Contact Us
For any questions about this Privacy Policy or to exercise your rights, please contact us:
Data Controller:
Providence Global Trading Limited
Hong Kong Company No. 80656992
Flat 5, 4/F, Won Hing Building, 74-78 Stanley Street, Central, Hong Kong
Email: