Privacy Policy

1. Introduction

Your privacy is important to us. This Privacy Policy explains how Dr.LOOK E-Commerce Limited, operating under the trade name Dr.Look AI ("Company," "we," "us," or "our"), collects, uses, discloses, and protects personal information. Dr.LOOK E-Commerce Limited is based in Hong Kong.

This Privacy Policy applies to the Dr.Look AI AI Learning Camera (the "Device"), the Dr.Look AI companion mobile application (the "App"), our website at https://drlookai.ai (the "Website"), and related cloud services, content, features, and updates (collectively, the "Services"). This Privacy Policy should be read together with our End-User License Agreement (EULA), Terms of Service, Cookie Policy, and Acceptable Use Policy.

Personal information is any information about you that can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and information about how you use the Services.

In the event our Website or App contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy. This Privacy Policy does not apply to any of your activities after you leave our Services.

2. Information We Collect

Information we collect falls into one of two categories: "voluntarily provided" information and "automatically collected" information.

"Voluntarily provided" information refers to any information you knowingly and actively provide us when using or participating in any of our Services and promotions.

"Automatically collected" information refers to any information automatically sent by your devices in the course of accessing our Services.

2.1 Log Data

When you visit our Website or use our App, our servers may automatically log the standard data provided by your web browser or mobile device. It may include your device's Internet Protocol (IP) address, your browser or app version, the pages or screens you visit, the time and date of your visit, the time spent on each page or screen, and other details about your visit.

Additionally, if you encounter certain errors while using the Services, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem.

Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.

2.2 Device Data

When you visit our Website, use our App, or interact with the Device, we may automatically collect data about your device, such as:

 Device type

 Operating system

 Unique device identifiers

 Device settings

 App history and usage data

Data we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.

2.3 Data Collected Through the Device and App

The Dr.Look AI Device and App are designed for use by children aged 3 and older. During use, the Device and App may collect the following types of data:

 Images and photographs captured by the Device camera

 Voice recordings captured during interaction with the Device

 Images, voice recordings, and similar media inputs used to provide recognition and interactive features

 AI chat interactions and text-based inputs

 Object recognition queries and AI interaction logs

 Device usage data and learning progress metrics

 Device identifiers, device type, operating system, and device settings

For full details on how children's data is handled, please refer to Section 5 (Children's Privacy and Parental Consent) of this Privacy Policy.

2.4 Personal Information

We may ask for personal information - for example, when you register an account, make a purchase, or contact us - which may include one or more of the following:

 Name

 Email address

 Phone/mobile number

 Home/mailing address

 Account information supplied by a parent or guardian

 Payment and transaction information associated with purchases and checkout

2.5 User-Generated Content

We may receive user-generated content that parents, guardians, or other users choose to submit through the Services, such as reviews, feedback, support requests, or other materials voluntarily provided to us.

If you choose to submit content for publication, such as a product review, that content may become visible to others once posted. Please avoid including sensitive or unnecessary personal information in publicly visible submissions.

3. Legitimate Reasons for Processing Your Personal Information

We only collect and use personal information when we have a legitimate reason for doing so, and we collect only the data necessary to provide the Services, maintain security, comply with law, and support core product functionality.

4. Collection and Use of Information

We may collect personal information from you when you do any of the following:

 Register for an account

 Purchase a Device or related services

 Use the Device or App

 Post a review, submit feedback, or otherwise send content to us through the Services

 Use a mobile device or web browser to access our content

 Contact us via email or other support channels

 Participate in surveys, troubleshooting, or similar service-related interactions

We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:

 To provide you with our platform's core features and services

 To enable you to customize or personalize your experience

 To process and fulfill orders and transactions

 To personalize educational or device-related experiences

 For product development and improvement of our Services

 For user account registration and management

 For contacting users regarding service-related matters

 For technical assessment, including to operate and improve our App, Device, Website, and associated platforms

We may combine information you provide with information generated through your use of the Services and with information we receive from service providers that support the Services.

5. Children's Privacy and Parental Consent

5.1 Product Directed at Children

The Dr.Look AI Device and App are designed for use by children aged 3 and older. We are committed to protecting children's privacy and to complying with child privacy laws that apply to our Services, including COPPA in the United States and comparable requirements that may apply in other jurisdictions.

5.2 Parents, Guardians, and Regional Age Thresholds

In some jurisdictions, including parts of the EEA and the UK, a child may not be able to consent to certain data processing activities on their own. In those cases, a parent or legal guardian must provide the permissions or consents required by applicable law before the child uses the relevant features of the Services.

5.3 Parental Consent and Account Management

Parents and legal guardians are responsible for account registration, consent decisions, device settings, and parental controls associated with a child's use of the Services. Where applicable law requires parental consent before personal information is collected from a child, that consent is required during account registration and before child-facing features that rely on personal information are activated.

Our current Verifiable Parental Consent method uses an email plus confirmation flow. During registration, the parent or guardian provides an email address, we send a consent or confirmation message to that address, and the account holder must follow the instructions in that message before relevant child-facing account features are fully enabled.

We keep records of consent status, confirmation history, and the account information associated with that consent so we can manage permissions, respond to parental requests, and demonstrate compliance where required. Parents may review, update, or revoke consent through available account settings or by contacting support@drlookai.ai.

5.4 Service Providers and Child Data

We may disclose children's personal information to service providers that help us operate, host, secure, support, or improve the Services, but only as reasonably necessary for those purposes and subject to applicable law.

5.5 Parental Rights

Parents and legal guardians have the right to:

 Review the personal information collected from their child

 Request deletion of their child's personal information

 Refuse further collection or use of their child's personal information

 Revoke previously given consent at any time

 Control and configure the child's access to features through the App's parental controls

 Report concerns about content, safety, or product functionality

To exercise any of these rights, please contact us at support@drlookai.ai. Include "Children's Privacy" in the subject line of your email.

5.6 Data Collected from Children

The types of data collected from or about children during use of the Services are described in Section 2.3 of this Privacy Policy. We use that data to provide, maintain, secure, support, and improve the Services, personalize educational experiences, manage accounts, and communicate with parents or guardians about service-related matters, subject to applicable law.

5.7 No Advertising or Behavioral Profiling

The Services do not display advertisements to children. The Company does not use data collected from children for targeted advertising, behavioral profiling, or the sale or sharing of personal information to third parties for marketing purposes.

5.8 Images, Voice Data, and Similar Inputs

The Device may process images, voice recordings, and similar inputs to provide recognition, educational, and interactive features. We do not use the Services for facial recognition for identity, biometric identification, surveillance, tracking, profiling of children, or biometric database creation. Images and voice data are used only for requested feature functionality, service support, safety, and the limited purposes described in this Privacy Policy.

6. AI-Assisted Features and Service Providers

6.1 Third-Party Service Providers

We may use third-party cloud, speech, recognition, storage, moderation, analytics, and AI-assisted service providers to help operate the Services and deliver educational or device-related features. The specific providers we use may change over time.

 Examples of service data that may be processed include images or photos submitted for recognition or learning features.

 Voice recordings or speech-related inputs used for interactive or educational functions.

 Text questions, chat inputs, or other prompts submitted through the Device, App, or Website.

Where we engage third-party providers, we expect them to process data on our instructions or as otherwise permitted by applicable law and their applicable terms.

We do not use children's personal information, images, voice recordings, prompts, or other User Content to train general-purpose AI or machine learning models. Third-party AI or processing providers may process such data only to provide services to us and are not permitted by us to use it to train their own models.

6.2 Product Improvement and Analytics

We may use personal information and service data to operate, maintain, troubleshoot, secure, analyze, and improve the Services. Where we use aggregated or de-identified data for analytics or product improvement, we aim to do so in a manner that does not identify an individual.

6.3 AI Outputs and Automated Processing

Some features of the Services rely on automated processing or AI-assisted outputs. Those outputs may not always be accurate, complete, or appropriate for every situation, so parents and guardians should supervise use as described in our other policies and product materials.

6.4 Service Changes

If the way we use AI-assisted features or related service providers changes materially, we may update this Privacy Policy and any related notices or consent flows as required by applicable law.

7. Security of Your Personal Information

When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.

We use reasonable technical and organizational measures designed to help protect personal information against unauthorized access, disclosure, alteration, loss, and misuse, taking into account the nature of the Services and the information involved.

Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security.

You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our Services.

8. How Long We Keep Your Personal Information

We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this Privacy Policy. For example, if you have provided us with personal information as part of creating an account with us, we may retain this information for the duration your account exists on our system. If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.

Upon a valid deletion request, account closure, or other approved privacy request, we aim to delete or de-identify relevant personal data within 7 days, unless a longer retention period is required or permitted by law, needed for security or fraud prevention, or necessary to complete an ongoing transaction, support request, or dispute process.

We may also retain certain records where necessary for legal, tax, accounting, dispute-resolution, backup, security, or other legitimate business purposes permitted by law.

9. Disclosure of Personal Information to Third Parties

We may disclose personal information to:

 Our employees, contractors, advisers, affiliates, and related entities who need the information to help operate the Services

 Cloud hosting, storage, security, analytics, diagnostics, customer support, repair, or similar service providers

 Payment processors, checkout providers, ecommerce tools, or order-management providers involved in a transaction

 App store operators and platform providers where the App is distributed

 Courts, tribunals, regulators, law enforcement, or other authorities where required by law or to protect our legal rights

 Potential purchasers, successors, investors, or advisers in connection with a merger, acquisition, financing, reorganization, or sale of assets

 Other service providers or business partners where disclosure is reasonably necessary to provide the Services and permitted by law

 We do not sell children's personal information or share children's personal information for targeted advertising.

Examples of categories of third parties or service providers may include:

 Cloud hosting and storage providers

 Recognition, AI-assisted processing, or content moderation providers

 Payment processors and transaction-support providers

 App distribution platforms such as the Apple App Store and Google Play

 Security, analytics, diagnostics, repair, fulfillment, or customer-support providers

10. International Transfers of Personal Information

The personal information we collect may be stored or processed in Hong Kong, the United States, the European Union or European Economic Area, the United Kingdom, and other places where we or our service providers operate.

Where personal information is transferred across borders, the countries involved may not provide the same level of data protection as the country in which the information was originally collected.

Where applicable law requires safeguards for cross-border transfers, we will take steps reasonably designed to implement those safeguards, which may include contractual protections, technical measures, organizational measures, or other steps required or permitted by law.

11. Your Rights and Controlling Your Personal Information

Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us; however, if you do not, it may affect your use of our Services.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person's consent to provide the personal information to us.

Marketing permission: If you opt in to receive promotional communications from us, you may withdraw that consent at any time by using the unsubscribe instructions in the message or by contacting us using the details below.

Access: You may request details of the personal information that we hold about you.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this Privacy Policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.

Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information.

Notification of data breaches: We will comply with the data breach notification laws that apply to us.

Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.

Opt out of communications: If we send you promotional emails or similar non-essential messages, you may opt out at any time using the unsubscribe mechanism in the message or by contacting us directly using the details provided in this Privacy Policy.

Please be aware that even if you opt out of communications, we may still contact you when necessary for non-promotional purposes, including but not limited to managing your account, responding to service inquiries, or providing important updates related to your use of our Services.

12. Use of Cookies

We use "cookies" to collect information about you and your activity across our Website. A cookie is a small piece of data that our Website stores on your computer and accesses each time you visit, so we can understand how you use our Website. This helps us serve you content based on preferences you have specified.

Please refer to our Cookie Policy for more information.

13. Offline Data Handling

Some functions of the Device may continue to operate when the Device is offline. Data created during offline use may remain stored locally on the Device until connectivity is restored, a parent or user deletes it locally, or it is otherwise removed through normal device management and service processes.

14. Business Transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this Privacy Policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.

15. Limits of Our Policy

Our Services may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

16. Changes to This Policy

At our discretion, we may change our Privacy Policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this Privacy Policy, we will post the changes here at the same link by which you are accessing this Privacy Policy.

If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.

If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.

17. Additional Disclosures for U.S. State Privacy Law Compliance

The following section includes provisions that comply with the privacy laws of these states (California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia) and is applicable only to the residents of those states. Specific references to a particular state (in a heading or in the text) are only a reference to that state's law and applies only to that state's residents. Non-state specific language applies to all of the states listed above.

17.1 Do Not Track

Because browser settings and privacy signals are not always uniform, we do not guarantee that every browser-based "Do Not Track" mechanism will be recognised in every case unless required by applicable law.

Where required by applicable law, we may recognise browser-based privacy preference signals, such as Global Privacy Control, as a valid opt-out request for relevant processing activities. Please also review our Cookie Policy for more information.

17.2 Cookies and Pixels

At all times, you may decline cookies from our Website if your browser permits. Most browsers allow you to activate settings on your browser to refuse the setting of all or some cookies. Accordingly, your ability to limit cookies is based only on your browser's capabilities. Please refer to our Cookie Policy for more information.

17.3 California Privacy Laws - CCPA

California residents may also request information about certain disclosures of personal information to third parties for their own direct marketing purposes, if applicable, as permitted by California Civil Code Section 1798.83.

To make such a request, please contact us using the details provided in this Privacy Policy and include "Request for California privacy information" in the subject line.

Nothing in this section limits any other rights that may be available under applicable California law.

17.4 California Notice of Collection

In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA:

 Identifiers, such as name, email address, phone number, account name, IP address, and an ID or number assigned to your account

 Customer records, such as billing and shipping address and payment-related details associated with purchases

 For purposes of certain U.S. state privacy laws, sensitive personal information may include children's personal information, images, voice recordings, account credentials, and similar data collected through the Services.

 We use sensitive personal information only as reasonably necessary to provide the Services, maintain security, comply with law, and carry out other limited purposes permitted by law. Residents of jurisdictions that provide a right to limit the use or disclosure of sensitive personal information, including California where applicable, may request such limitation by contacting support@drlookai.ai.

For more information on information we collect, including the sources we receive information from, review the "Information We Collect" section. We collect and use these categories of personal information for the business purposes described in the "Collection and Use of Information" section, including to provide and manage our Services.

17.5 Right to Know and Delete

You have rights to delete your personal information we collected and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:

 The categories of personal information we have collected about you

 The categories of sources from which the personal information was collected

 The categories of personal information about you we disclosed for a business purpose or sold

 The categories of third parties to whom the personal information was disclosed for a business purpose or sold

 The business or commercial purpose for collecting or selling the personal information

 The specific pieces of personal information we have collected about you

To exercise any of these rights, please contact us using the details provided in this Privacy Policy.

17.6 Shine the Light

If applicable, you may also request information about certain disclosures of personal information for direct marketing purposes as permitted by California law.

Please send such requests using the contact details in this Privacy Policy and include enough information for us to identify and respond to your request.

18. Additional Disclosures for General Data Protection Regulation (GDPR) Compliance (EU)

18.1 Data Controller / Data Processor

The GDPR distinguishes between organizations that process personal information for their own purposes (known as "data controllers") and organizations that process personal information on behalf of others (known as "data processors"). For the personal information described in this Privacy Policy, Dr.LOOK E-Commerce Limited, operating under the trade name Dr.Look AI, acts as a data controller to the extent applicable law says it does.

18.2 Privacy Contact

If you are in the EEA and have a question about data protection or wish to exercise an applicable privacy right, you may contact us at support@drlookai.ai.

18.3 Privacy Requests

We will handle privacy requests in accordance with applicable law. If we are required to provide additional regional contact details or designate a local representative in the future, we may update this Privacy Policy accordingly.

18.4 Legal Bases for Processing Your Personal Information

We will only collect and use your personal information when we have a legal right to do so. If we seek consent for data processing involving a child below the applicable age threshold in the relevant jurisdiction, we will seek consent from a parent or legal guardian where required by law.

Our lawful bases depend on the services you use and how you use them. This means we only collect and use your information on the following grounds:

Consent From You - Where you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time using the facilities we provide; however, this will not affect any use of your information that has already taken place. When you contact us, you may consent to your name and email address being used so we can respond to your enquiry. While you may request that we delete your contact details at any time, we cannot recall any email we have already sent.

Performance of a Contract or Transaction - Where you have entered into a contract or transaction with us, or in order to take preparatory steps prior to our entering into a contract or transaction with you.

Our Legitimate Interests - Where we assess it is reasonably necessary for our legitimate interests, such as operating, securing, supporting, analyzing, and improving our services, provided those interests are not overridden by your rights where applicable law requires such a balancing test.

Compliance With the Law - In some cases, we may have a legal obligation to use or keep your personal information. Such cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations.

18.5 International Transfers Outside of the European Economic Area (EEA)

We will take steps reasonably designed to safeguard transfers of personal information from the EEA to countries outside the EEA where such safeguards are required by law.

18.6 Your Rights Under the GDPR

Restrict: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.

Objecting to processing: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, in order to proceed with the processing of your personal information.

Data portability: You may have the right to request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may also have the right to request that we transfer this personal information to a third party.

Deletion: You may have a right to request that we delete the personal information we hold about you. If you ask us to delete your personal information, we will explain the effect of deletion on your use of the Services where relevant. If you terminate or delete your account, we aim to delete or de-identify relevant personal information within 7 days, subject to legal, security, fraud-prevention, backup, and similar retention needs permitted by law.

19. Additional Disclosures for UK General Data Protection Regulation (UK GDPR) Compliance (UK)

19.1 Data Controller / Data Processor

We, Dr.LOOK E-Commerce Limited, operating under the trade name Dr.Look AI, act as a data controller with respect to the personal information described in this Privacy Policy to the extent applicable UK law says we do.

19.2 Information Received From Third Parties

We may receive personal information about you from third parties when you use payment providers, app stores, customer support tools, or other service providers connected with the Services and those providers are permitted to share the information with us.

We may also receive information from parents, guardians, or other account holders acting on behalf of a child or household.

19.3 Legal Bases for Processing

Data protection laws permit us to collect and use personal information on a limited number of grounds. We will collect and use your personal information lawfully, fairly, and transparently to the extent those laws apply to us.

Our lawful bases depend on the services you use and how you use them. This is a non-exhaustive list of the lawful bases we use:

Consent From You - Where you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time using the facilities we provide; however, this will not affect any use of your information that has already taken place.

Performance of a Contract or Transaction - Where you have entered into a contract or transaction with us, or in order to take preparatory steps prior to our entering into a contract or transaction with you.

Our Legitimate Interests - Where we assess it is reasonably necessary for our legitimate interests, such as operating, securing, supporting, analyzing, and improving our services, provided those interests are not overridden by your rights where applicable law requires such a balancing test.

Compliance With the Law - In some cases, we may have a legal obligation to use or keep your personal information. Such cases may include court orders, criminal investigations, government requests, tax or accounting rules, and regulatory obligations.

19.4 International Transfers of Personal Information

On some occasions, where we share your data with third parties, they may be based outside of the UK or the European Economic Area ("EEA"). These countries to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information.

If we transfer your personal information to third parties in other countries:

 We will take steps reasonably designed to handle such transfers in accordance with applicable UK data protection law where it applies.

 Those steps may include contractual safeguards or other measures required or permitted by law.

19.5 Your Data Subject Rights

Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.

Right to Object: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest.

Right to be Informed: You have the right to be informed with how your data is collected, processed, shared, and stored.

Right of Access: You may request a copy of the personal information that we hold about you by submitting a data access request. We will respond within the time required by applicable law.

Right to Erasure: In certain circumstances, you can ask for your personal data to be erased from the records held by the Company. However, this is a qualified right; it is not absolute, and may only apply in certain circumstances.

When may the right to erasure apply:

 When the personal data is no longer necessary for the purpose for which it was originally collected or processed for

 If consent was the lawful basis for processing personal data and that consent has been withdrawn

 The Company is relying on legitimate interests as a legal basis for processing personal data and an individual has exercised the right to object and it has been determined that the Company has no overriding legitimate grounds to refuse that request

 Personal data are being processed for direct marketing purposes, and the individual objects to that processing

 There is legislation that requires that personal data are to be destroyed

Right to Portability: Individuals have the right to get some of their personal data from the Company in a way that is accessible and machine-readable, for example as a CSV file. Associated with this, individuals also have the right to ask the Company to transfer their personal data to another organization.

However, the right to portability:

 Only applies to personal data which a person has directly given to the Company in electronic form

 Onward transfer will only be available where this is "technically feasible"

Right to Rectification: If personal data is inaccurate, out of date, or incomplete, individuals have the right to correct, update, or complete that data. This right only applies to an individual's own personal data; a person cannot seek the rectification of another person's information.

Notification of data breaches: We will comply with UK data breach notification rules to the extent they apply to us.

Complaints: If you are in the UK and believe your privacy rights have been infringed, you may contact us first using the details below. You may also have the right to complain to the UK Information Commissioner's Office (ICO).

19.6 Enquiries, Reports and Escalation

To enquire about this Privacy Policy or report privacy concerns, please contact us using the details in the Contact Us section of this Privacy Policy.

If you are in the UK and we do not resolve your concern, you may also contact the ICO through its current public channels.

20. Contact Us

For any questions or concerns regarding your privacy, you may contact us using the following details:

Company: Dr.LOOK E-Commerce Limited

Trade Name: Dr.Look AI

Privacy Contact: support@drlookai.ai

Website: https://drlookai.ai

Location: Hong Kong. For requests related to children's privacy, parental rights, or COPPA inquiries, please include "Children's Privacy" in the subject line of your email.