1. Who we are
Controller: Shuxin Tech
Address: [Room 516, Unit 1, No. 291 Dongbao Road, Dongcheng Street, Dongguan City, Guangdong Province]
Email: [email protected]
Jurisdiction: European Union / EEA
Data Protection Contact / DPO (if applicable): [email protected]. If we appoint an external DPO, we will update this page with their contact details.
2. What data we collect
2.1 Data you provide
- Contact details (name, email, phone).
- Account data (login credentials, profile information).
- Transactional data (orders, invoices, billing address, VAT ID).
- Communications (support requests, feedback, survey responses).
- User-generated content (uploads, forms, comments).
2.2 Data collected automatically
- Device and usage data (IP address, browser type, OS, pages viewed, timestamps, referrers).
- Approximate location (derived from IP address).
- Cookies and similar technologies (see our Cookie Policy).
2.3 Third-party sources
- Analytics and advertising partners (subject to your consent).
- Payment, anti-fraud, and identity verification providers.
- Publicly available data and social profiles, where permitted by law.
3. Purposes and legal bases
We process personal data only when we have a lawful basis under GDPR:
- Contract – to provide, maintain, and support our services; to create and manage accounts; to process transactions; to communicate about service updates.
- Consent – for non-essential cookies/trackers, direct marketing by email or SMS (where required), analytics, advertising personalization, and political-ad personalization (explicit, separate consent).
- Legitimate interests – to improve and secure services, prevent abuse, defend legal claims, and measure performance. We balance these interests against your rights.
- Legal obligation – to comply with tax, accounting, AML, and other statutory requirements.
- Vital interests – where necessary to protect life or safety.
4. Political advertising
We do not use political-ad personalization unless you grant explicit, separate consent via our cookie banner or settings. Without such consent, any ads you see may be contextual or non-personalized.
5. How we use your data
- Operate, deliver, and personalize our services.
- Provide support and respond to inquiries.
- Process payments, refunds, and billing.
- Analyze performance and improve functionality (subject to consent for analytics cookies).
- Prevent fraud, secure accounts, and ensure integrity of our systems.
- Comply with legal obligations and enforce our terms.
- Send marketing communications with your consent and provide opt-out mechanisms.
6. Sharing and disclosures
We share personal data with:
- Processors (cloud hosting, analytics providers, email/SMS vendors, payment processors, customer support tools) under data processing agreements.
- Business partners where you engage with co-branded or integrated services (only as necessary and with appropriate safeguards).
- Authorities and legal recipients when required by law or to protect our rights, users, or the public.
- Corporate events (merger, acquisition, restructuring), subject to confidentiality and notice requirements.
7. International transfers
If we transfer personal data outside the EEA/UK, we rely on GDPR-approved safeguards, including:
- EU Standard Contractual Clauses (SCCs) and supplementary measures.
- Adequacy decisions by the European Commission.
- Binding Corporate Rules (if applicable).
8. Retention
We keep personal data only as long as necessary for the purposes set out in this policy, including to meet legal, accounting, or reporting requirements. Typical retention ranges from 6 months to 7 years, depending on the data category.
9. Your rights (GDPR)
- Access and obtain a copy of your personal data.
- Rectify inaccurate or incomplete data.
- Erase data (“right to be forgotten”) in certain circumstances.
- Restrict processing in certain circumstances.
- Data portability (receive data in a structured, commonly used format).
- Object to processing based on legitimate interests and to direct marketing.
- Withdraw consent at any time without affecting prior lawful processing.
- Lodge a complaint with your local supervisory authority.
To exercise your rights, contact us at [email protected]. We may ask for information to verify your identity.
10. Children’s data
Our services are not directed to children under the age required by local law for consent to online services. If we learn we have collected data from a child without appropriate consent, we will delete it.
11. Security
We implement technical and organizational measures to protect personal data, including encryption in transit, access controls, logging, and employee confidentiality obligations. No system is 100% secure; we encourage strong passwords and enabling multi-factor authentication where available.
12. Automated decision-making
We do not engage in automated decision-making producing legal or similarly significant effects without human involvement, except where permitted by law and with suitable safeguards.
13. Third-party links and integrations
Our site may link to third-party websites or integrate third-party services. Their privacy practices are governed by their own policies.
14. Changes to this policy
We may update this policy from time to time. We will post the new effective date and, where appropriate, notify you of material changes.