Privacy Policy

This privacy policy was last updated on December 8, 2018.

At Pandorabox, you make our world beautiful. We love nothing more than to see our community of members thrive. We know you’re unique, and we know you trust us with your personal information when you visit or join our community. This Privacy Policy spells out our commitment to protect that trust. It explains our privacy practices for, the Pandorabox marketplace (collectively, the “Site”) and services provided by Pandorabox Technology Sdn Bhd. (“Pandorabox,” “we,” or “us”).

We believe in full disclosure when it comes to our privacy practices. This Privacy Policy explains what information we collect from you, how we collect it, how we use it and how we protect it. We want you to feel safe in our community, so we use industry-standard safeguards and procedures. We also let you control how much personal information you share and how certain information is used.

By visiting our Site, you accept this Privacy Policy’s terms. You’re not authorized to use this Site unless you agree with this Privacy Policy.

This Privacy Policy applies only to our Site. We’re not responsible for the practices employed by any third-party sites including ones to which we link or that link to us. Those sites will have rules and practices of their own.

If you have any questions or concerns about this Privacy Policy or our privacy practices, please email us at


We collect information from you on this Site to provide a meaningful, safe, efficient, and customized experience. We use this information to:

  • make it easier for you to use this Site,
  • communicate with you about your orders, billing and payment,
  • verify your identity when you make a purchase on our Site,
  • help you more quickly find information on Pandorabox’s products and services,
  • provide targeted online marketing for the Site,
  • create content on this Site that’s more relevant to you, and
  • alert you to new products, services and special offers that might specifically interest you.

Information You Provide

  • When You Join Pandorabox.
    In order to join Pandorabox you must complete a beauty quiz that asks for beauty profile information like your skin tone, eye color, hair color, beauty brands and products you love, and where you usually shop for beauty products (your “Beauty Profile”). We use the Beauty Profile information to personalize your experience. If you subscribe to our Pandorabox program then we will use the Beauty Profile information to send you Pandorabox items that fit your unique profile, alerts about Pandorabox products, services, and other beauty news that might interest you.

    At the end of the beauty quiz, in order to join Pandorabox you must choose a username and password. Your username will be visible to other users when they visit the Site, so please choose carefully. You also must provide a valid email address and your date of birth. We use your email to communicate with you about our Site and your registration. We ask for your date of birth to make sure you’re old enough to use our Site and services. And, of course, we also like to wish you a happy birthday.

  • When You Order from Us. If you subscribe to our Pandorabox or order any Pandorabox Offer products from us, you must provide your: name, shipping address, billing address, and credit card information. If you order products through the Pandorabox Shop, your name, shipping address, and email address will be shared with our Retail Partners, whose products you are purchasing. Please review the privacy policy for that Retail Partner before providing your information. You may find a list of our Retail Partners here.

    We use this information, along with your email, for billing purposes, to fulfil your orders, and to communicate with you about your orders.We collect your credit card information through our Site. The credit card information is encrypted, and transmitted for storage to a high security vault according to strict industry standards. Once the data reaches the vault it is “tokenized”. That means no credit card information is retained in Pandorabox’s own systems. Instead we retain a token associated with your account that has no intrinsic value. Your credit card information is not exposed anywhere in our own systems. Please do not send your credit card information to our team directly, for example by emailing this information to an representative. Please use our secure, online system to enter your credit card information.

  • When You Request Information from Us. If you want us to notify you regarding particular products or special offers, or if you sign up for our emails, you’ll need to give us your email address. We use it to honor your requests, whether that’s emailing you information about certain products or emailing you to tell you about a Pandorabox offer.

  • When You Post Public Content. Information you post publicly on our Site is intended for public consumption. Please be aware that your username and profile image will be publicly displayed. The date you joined Pandorabox and some information from your Beauty Profile (such as skin tone, hair colour and eye colour) may be publicly displayed under your user name, as well as reviews, photos, looks, videos and comments you choose to post. In addition, postings you make on our Site may appear when Internet users execute searches on the subject of your posting. If you do not want this information to be displayed, you may terminate your account at any time. If you have posted information publicly that you cannot remove yourself and wish to have it hidden from public view, please email us at and request removal. We may request additional information from you in order to complete your request.

    Site visitors may be able to identify you or associate you with your Pandorabox account if you include personal information in your account profile or in any content you post. We cannot control who reads your postings or what other users may do with the information you voluntarily post, so we encourage you to exercise discretion and caution with respect to your personal information. You can reduce the risk of being personally identified by choosing a username and profile image that do not identify you and by taking care to exclude any personal information in your comments, reviews, looks, or videos. You can change your username and profile picture at any time by logging into your account.

    We also may collect information you post publicly on third-party sites, but only if you choose to follow instructions we provide. For example, we may collect pictures you post publicly on Instagram and re-post them on our Site, but only if you choose to use the hash tag “#Pandorabox or Pandoraboxmalaysia” inside your Instagram post. You can always have us remove the information from our Site by emailing us at


  • When You Share Information about Your Contacts. You may choose to share personal information about friends, relatives or colleagues with Pandorabox, such as the person’s name, shipping address and email address. Please do not do so without their express permission.

    You may choose to manually invite your friends to Pandorabox by using the “Invite with Email” button on the Site or by uploading data about your contacts to the Site. You also may grant Pandorabox permission to access your contacts list and pull the email addresses of your contacts to invite them to the Site.

    If you use the Site to send others an email invitation to become a Pandorabox member or subscriber, we may store the personal information of each recipient in order to process those requests or facilitate future activities. All information that you enter or upload about your contacts is covered by the Agreement including our Privacy Policy. We use this information about your friends to enable Pandorabox to send invitations and reminders to your friends and to ship products to your friends, if applicable. By providing personal information of others to Pandorabox, you represent that you have authority to do so.


  • When You Connect to Us with a Third-Party Service. You can connect to your Pandorabox account using external third-party services. The Site collects personal information about you from your social media accounts, but only if you opt-in and permit us to do so. When you connect to us through a third-party service like Facebook, Twitter, Google Plus, and Instagram, we receive information from that third party identifying your account. We collect and store this information and use it to help you connect to our Site and to share your public content. Connecting your Pandorabox account to a third-party service is completely optional, and you will have the opportunity to grant permission when you attempt to connect. You can revoke permission by logging into the third-party service and disconnecting the Pandorabox application from there, and through the native applications on your smart phone. We may retain the information we collected previously from you.

Information We Automatically Collect or Receive.

  • Log Files. Like most sites, Pandorabox automatically receives and stores in log files certain information from your browser when you visit the Site. This information includes your Internet protocol (“IP”) address, browser type, Internet service provider, the referring/exit pages, your operating system, and the date/time stamp of your Site visit. We use this information, which doesn’t identify individual Site visitors, to analyze and understand how the Site works for you so we can improve it, to administer the Site, and to gather demographic information about Site visitors for targeted online marketing purposes. We may link this automatically collected information to your personal information.
  • Cookies and Other Tracking Technologies Policy.


    We use a variety of technologies to help us understand how you use , and our services (collectively, “Pandorabox”). This guide explains the tracking technologies Pandorabox uses and is part of our commitment to a high standard of transparency in our privacy practices.

    Types of tracking technologies

    • Cookies. This is a small data file sent from a server to your web browser that is stored in your browser and sent back to the server each time the browser makes a request to the server. Cookies can improve a site user’s experience by, for example, allowing the site to keep a user logged in while browsing, saving a user’s site preferences, and allowing a user to add items to a shopping cart and preserve cart contents between site visits, even when the user is not logged in.
    • Clear gifs, web beacons, tracking pixels. These are tiny graphics with a unique identifier. They function similarly to cookies and are used to track the online movements of web users. Unlike cookies which are stored on a user’s computer hard drive, clear gifs are embedded on web pages and are single pixel wide. Pandorabox does not tie information gathered by clear gifs to your personally identifiable information.
    • If you have turned on location services in your mobile device, we may collect information about your geolocation. If you do not want us to collect this information, you may turn off location services on your smart phone. Turning off location services will not affect your ability to access the app, but you may not be able to access certain geolocation-based promotions that Pandorabox may offer from time to time.

    Tracking Technology Lifespans

    • Single-session tracking technology: lasts only as long as your site visit. Single-session cookies expire and delete themselves when you leave the site or close your browser. They are used for technical purposes such as enabling better navigation through a site or generating aggregated statistics about how a site is used. Single-session cookies do not publicly expose your personal information.
    • Multi-session or persistent tracking technology: remains on your browser or mobile device until you choose to delete it or the cookie expires. Persistent cookies are used to recognize a computer that has previously visited a site. This can improve the user’s experience, for example by continuing preference settings from previous visits and by allowing users to login without entering a password with every site visit.

    Tracking Purposes

    We use tracking technologies for these general purposes:

    • Because it is strictly necessary. This tracking is needed to make Pandorabox work properly.
    • For performance. This tracking helps Pandorabox understand how the Site is functioning so Pandorabox can improve the
    • For functionality. This tracking retains your personal preferences as you use the Site.
    • For advertising. This tracking gathers data to help deliver advertising to you that interests you.

    Cookies Pandorabox currently uses

    • Single session cookies are used to ensure the Site displays correctly on your device.
    • Persistent cookies are used to measure Site metrics such as which pages are popular, how often people visit the Site, whether people are visiting the Site for the first time, and whether visitors make purchases on the Site. They also are used to enhance Site functionality, for example to allow returning users to use the Site without logging in.

    Cookies for email subscribers

    We may use cookies to measure the effectiveness of our email communications and to tailor email content. For example, we may connect the data showing that you clicked a link in an email from Pandorabox then completed an action on our Site such as buying a Pandorabox. This links cookie data with an individual user, so we only do this for users who have consented and opted in to receiving emails from Pandorabox.

    Third Party Cookies

    Pandorabox partners with third-party service providers who set cookies and tracking pixels for Site visitors and members on our behalf in order to deliver their services. These services include targeted online marketing and analysis of data collected through cookies. These technologies allow a partner to recognize your computer or mobile device each time you visit or other sites that also utilize the third party’s services, but do not allow access to personally identifiable information from Pandorabox.

    Third parties may choose to include Pandorabox widgets on their sites. When you load a site that has chosen to include our widgets, we receive analytics information through a cookie that may be used to enhance our data or to improve our services.

    Pandorabox does not have access to or control over these third-party technologies, and they are not covered by our Privacy Policy.

    Managing Cookies

    You can delete cookies stored in your browser at any time. You also can choose not to accept cookies from any site, including, by changing the settings of your browser. If you reject or block all cookies in your browser settings, then you will not be able to fully use Pandorabox’s services.

    Pandorabox does not currently act on “do not track” request headers.

    For more information about cookies, including how to delete them from your computer and configure the type of browser you use to refuse cookies from any site, visit GetNetWise.

  • Information from other sources. We may receive information about our users from third party social platforms, such as Facebook. When you access or use our site or mobile application through such a site, you allow us to access or collect information made available by the third party site in accordance with its privacy policy. This information may be available from your profile or account with the third party site or from cookies placed on your device by the third party site. Depending on your privacy settings this information may include: Facebook interests, gender, friends and location.
  • Information collected automatically.

    We automatically collect information from your browser or device when you visit the Site. This information includes your IP address, device ID, your browser type and language, access times, the content of any undeleted cookies that your browser previously accepted from us, and the referring site address. This information also includes your operating system or application, your location, and your activities voluntarily have submitted to us (for example, your email address). If you are accessing our third-party Affiliate’s stores through the Pandorabox shopper app, this information is automatically collected, too.
  • Information collected from your mobile device When visiting any of our mobile applications, we may use an advertising identifier created by your mobile operating system to store information on our servers and later retrieve it. The Android Advertising ID and Apple iOS IDFA are examples of advertising identifiers. For more information about advertising identifiers, please check the settings of your mobile device.

Other Information We Receive About You.

As you might expect, we usually collect or receive information through our Site. But we also may collect information offline, and it’s important to us that we preserve the privacy of your personal information both online and off. For example, if you call us to place an order, we ask for the shipping address needed to place that order. There are other ways we could learn of personal information offline, but this Privacy Policy doesn’t try to predict all those methods. We just want you to know that we try to treat offline information collection, uses, and disclosures consistently with our online privacy practices.

If you’re not a Pandorabox member but we contacted you, then we may have received your contact information from one of your friends. A Pandorabox member may give us your name and email address so Pandorabox can send a personalized invitation to you to join Pandorabox. We also may send you personalized email ‘reminders’ about Pandorabox from your friends. Similarly, n Pandorabox member may provide your personal information to us so we can ship a gift or other merchandise to you. We ask your contacts to share your personal information only with your permission, and you may unsubscribe from any marketing email you receive by following the unsubscribe link contained at the bottom of the communication.


Information we collect from you may be either personal or aggregate. Personal information is identifiable to you, like your name, email address, shipping and billing addresses, credit card information, and phone number. Aggregate information is summary data of the behaviors and interests of groups or categories, so it won’t identify you.

  • Aggregate Information. We use aggregate information for the purposes of internal business research, sales and business development and reporting back to our brand partners. We may share aggregated information about our visitor and user base with third parties such as our advertising partners. This information may include the number of daily visitors to our Site and the number of orders placed on a certain date. We also may share Beauty Profile information with brand partners. We do not link aggregated data with our users’ personal information.
  • Personal Information. We do not sell, rent, trade, license, or otherwise disclose your personal information to third parties, except in these limited circumstances:

    • Disclosures to Pandorabox Agents, Consultants and Related Third Parties. Like most Internet retailers, we use third parties to help ensure our business runs smoothly. We disclose your information to these third-party companies so they can perform their specific functions for us. For example, we may provide your name, shipping address, email and phone number to third-party shippers to deliver our products to you. We also may provide your credit card information to third-party credit card processors and issuers to help us process your orders from us. Pandorabox’s third party vendors may recognize a tracking code used by your browser or application to enable you to receive customized content, or to enable you to use other technologies such as tags and scripts. The tracking code may reflect de-identified demographic or other data linked to data you. When we employ other companies to perform functions of this nature, we only disclose the information that they need to perform their requested function. We do not authorize them to retain, share, store, or use personal information provided by us for any other purpose.

      If you visit or make a purchase from the Pandorabox Shop, we disclose to our Retail Partners your name and shipping address so that they may fulfil your order and ship products directly to you. We also share your email address with the Retail Partners whose product you purchase in case they need to contact you about that product. We may also disclose to our Retail Partners information about the frequency with which you purchased or accessed a product, which may in turn result in you receiving an email or push notification about that product or service.

    • Disclosures Required by Law or Otherwise. We may disclose your personal information if we believe, in good faith, that it’s necessary to: (1) comply with a legal obligation such as in response to a court order or subpoena; (2) protect the safety of fellow user or the public; (3) protect against legal liability; or (4) protect and defend Pandorabox’s rights or

    • Disclosures for a Business Transaction or Insolvency. We also may disclose your personal information in connection with an actual or proposed corporate transaction or insolvency proceeding involving all or part of Pandorabox’s business or assets. For example, if we merge with another company, we may disclose your personal information to that company, but the disclosure would be subject to our Privacy Policy.

    • Disclosures through Social Media. Remember that you control the privacy settings on each of your social media platforms. We allow you to share information from the Site to social media. In order for this to happen you first must opt-in. You can revoke permission to do this by logging into the social media service and disconnecting the Pandorabox application from there.


  1. Log Into Your Account. You can change the personal information you provide to us and remove any content you post publicly on our Site, including reviews, looks and videos, by logging into your Pandorabox account and making the appropriate changes.
  2. Contact Us. If you are unable to remove content you have posted publicly, you can request that we take down public posts on the Site by email to us . We will remove your public posts from view, but we may retain personal information about you solely for the purposes authorized under this Privacy Policy. For example, we may retain information to prevent, investigate, or identify possible wrongdoing in connection with the Site or to comply with legal obligations. If you do not want your profile information displayed, you may terminate your account.
  3. Opt-Out. You can always “opt-out” of having your personal information used for certain purposes. At your request, we will stop sending you certain emails or even deactivate your account to prevent any future purchases through it. You can submit these requests at any time by emailing
  4. Block Cookies and Targeted Advertising. You can prevent Pandorabox and its third-party partners from setting and accessing cookies on your computer by setting your Internet browser to block cookies. You also may remove yourself from the targeted advertising of companies participating in the Digital Advertising Alliance program by opting out here:

Our Site does not act on “do not track” request headers, but you can still limit tracking by taking these steps.

  • Cancel Your Subscription or Deactivate Your Account. You may cancel your Pandorabox subscription by logging into your account, clicking on “My Account” and choosing “cancel subscription” under “Subscription & Purchases.” You may deactivate your Pandorabox account by emailing us at with the subject line: “Account Deactivation Request.”
  • Contact Our Retail Partners. Our Retail Partners each have their own privacy policies and methods for you to opt-out of having your personal information used for certain purposes. Please contact the Retail Partner directly for more information. You may find a list of the Retail Partners here.


At Pandorabox, we take data security seriously. We use technical, physical and administrative safeguards. Online, we encrypt your personal information using Transport Layer Security (“TLS”). TLS allows for a private, reliable Site connection where your identity is authenticated with cryptography. Offline, we restrict access to your personal information to only those Pandorabox employees who need it to perform a specific job function. And we require all Pandorabox employees with access to your personal information to follow specific practices concerning its proper handling. We also hold our vendors who need access to your personal information to strict confidentiality requirements. Third-party service providers assist us with the physical security of some of our computer hardware. When you visit our Site, you access servers that we backup constantly. Our servers are hosted at locations which are private and secure data centre facilities, behind physical and virtual firewalls.

But please remember, while we use industry-standard precautions to safeguard your personal information, we can’t guarantee absolute security. We wish we could, but 100% security just doesn’t exist anywhere online or off.


We respect children’s privacy. This Site is not intended for persons under the age of 13 (see Pandorabox’s Terms of Use). If you’re under 18 years old, you must have your parent/guardian’s permission to have an account and we ask that you not submit any personal information to us or post on our Site without the consent and supervision of a responsible parent or legal guardian.


Pandorabox will retain your information as long as we deem necessary. If you no longer want Pandorabox to use your information to provide you Services, you may close your account. If you close your account then your profile and the content you posted to the Site will no longer appear on the Site.

You may inform us of any changes or requests about your personal data, and in accordance with our obligations under local data protection law, we will use all reasonable means to update or delete your personal data accordingly. Please email us . You should not expect that all of your information will be completely removed from our databases in response to your request. Pandorabox will retain and use your information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.


We will post any changes and updates to this Privacy Policy on this Site so you can always be aware of what information we collect, use and disclose. We encourage you to review this Privacy Policy periodically so you’ll know if it has been changed or updated.

Created: January 1, 2015

Last Updated: December 8, 2018