Harbour Currency
Privacy Policy
This Privacy Policy explains how Harbour Currency (“we”, “us”) collects, uses and protects personal data when you use harbourcurrency.com and related services.
1. Who we are
Harbour Currency operates an online store for banknote and coin collectibles based in Hong Kong. For privacy enquiries, contact us at the email address shown on our Contact page.
2. Personal data we collect
We may collect the following information when you use our website:
- Account details: name, email address, phone number and password (or Google sign-in identifier when you use Google login).
- Order and delivery details: shipping address, MTR meetup preferences, order notes and purchase history.
- Payment-related information: orders are paid through Stripe. We do not store full card numbers on our servers.
- Communications: messages you send through our contact form or email.
- Technical data: cookies, browser type, device information and analytics data (see Section 8).
3. How we use your data
We use personal data to:
- Create and manage your customer account.
- Process orders, payments, delivery and customer support.
- Send order confirmations, account messages and responses to enquiries.
- Improve our website, security and customer experience.
- Comply with legal and regulatory obligations.
4. Legal basis and Hong Kong PDPO
We handle personal data in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong where applicable. We collect data where necessary to perform a contract with you (for example, fulfilling an order), with your consent, or for legitimate business purposes such as fraud prevention and service improvement.
5. Sharing with third parties
We may share personal data with trusted service providers only as needed to operate our store:
- Stripe — payment processing.
- Google — sign-in authentication when you choose “Continue with Google”.
- Email and hosting providers — transactional email delivery and website hosting.
- Shipping carriers — delivery of mail orders.
We do not sell your personal data. Service providers are required to protect your information and use it only for the services they provide to us.
6. Data retention
We keep account and order records for as long as needed to provide our services, meet legal and tax requirements, and resolve disputes. You may request deletion of account data subject to legal retention obligations.
7. Security
We use reasonable technical and organisational measures to protect personal data, including secure connections (HTTPS), access controls and reputable payment processing. No method of transmission over the internet is completely secure.
8. Cookies and analytics
We use cookies and similar technologies for essential site functions (such as shopping cart and login sessions) and analytics (such as Google Analytics) to understand how visitors use our website. You can control cookies through your browser settings.
9. Your rights
Depending on applicable law, you may request access to, correction of, or deletion of your personal data, or object to certain processing. To make a request, contact us using the details on our Contact page. We may need to verify your identity before responding.
10. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date at the bottom of this page shows when it was last revised. Continued use of the website after changes means you accept the updated policy.
Last updated: 2026-07-11