PENUMBRASTITCH LTD - Privacy Policy
PenumbraStitch LTD ("we") respects your privacy and personal data rights and adheres to the EU General Data Protection Regulation (GDPR) and other relevant EU data protection regulations. This policy explains how we collect, use, store, and protect your personal data, as well as your related rights. Please read this policy carefully before using our website (penustitch.com), purchasing products, or interacting with us.
I. Types of Personal Data We Collect
During your interactions with us, we may collect the following personal data:
Identity Information: Name, email address (such as [email protected]), phone number, shipping address, etc.;
Transaction Information: Order details, payment history, invoice information, etc.;
Website Usage Data: IP address, browser type, access time, page views, etc. (collected via cookies and similar technologies, see the "Cookie Policy" for details);
Communication Data: Messages, feedback, or complaints you send via email, social media, or customer service channels;
Other Information: Preferences and size information provided when you participate in surveys.
II. Legal Basis and Purpose of Data Collection
We process your personal data only as permitted by the GDPR. The specific legal basis and purposes are as follows:
Performing Contractual Obligations: To fulfill your order (such as shipping products, processing payments, and providing after-sales service), we need to collect and use your identity information, transaction information, and address information.
Your Consent: When you allow us to send marketing information and use cookies to track website behavior, we process data based on your explicit consent (which you may withdraw at any time).
Legitimate Interests: We may use data for purposes such as optimizing the website experience, preventing fraud, and improving product design, provided that we protect your rights and interests and do not infringe your fundamental rights.
Legal Obligations: If required by law or regulation (such as tax recordkeeping and cooperating with regulatory investigations), we will process necessary data in accordance with the law.
III. Data Storage and Protection
Storage Period: We store your data only for the minimum period necessary to fulfill the purposes for which it was collected. For example, order data will be retained for seven years after the contract is fulfilled (in compliance with EU tax record retention requirements), and marketing data will be deleted immediately upon withdrawing your consent.
Security Measures: We use encryption, access control, and regular security audits to prevent data leakage, loss, or misuse. However, please note that Internet transmission is not completely secure, and we cannot guarantee the risks involved in data transmission.
Storage Location: Your data is primarily stored on servers within the EU. If data is transferred outside the EU for business purposes, we will ensure data security through legal means such as EU "adequacy" certification and Standard Contractual Clauses (SCCs).
IV. Data Sharing
We promise not to sell your personal data to third parties and will only share it with authorized third parties in the following circumstances:
Service Providers: We provide necessary data to our service providers for order fulfillment (such as EU logistics providers), payment processing (such as payment gateways), and customer support, and require them to strictly comply with GDPR and confidentiality obligations.
Legal Requirements: We may disclose relevant data when required by law by courts or regulatory authorities, or to protect the legal rights of us or others.
V. Your Rights (Under GDPR)
As an EU data subject, you have the following rights:
Right of Access: You can request confirmation from us regarding the processing of your data and obtain a copy of that data;
Right of Correction: You can request that we correct your data if it is inaccurate;
Right of Erasure: You can request that we delete your data under certain circumstances (e.g., if the data is no longer necessary or you have withdrawn your consent);
Right to Restriction of Processing: You can request that we suspend processing of your data (e.g., if you dispute its accuracy);
Right to Data Portability: You can request that we transfer your personal data to you or a third party in a structured, commonly used format;
Right to Object: You can object at any time to profiling based on legitimate interests (e.g., marketing);
Right to Withdraw Consent: If the processing of your data is based on your consent, you can withdraw your consent at any time (without affecting any processing that was lawfully processed before your withdrawal).
To exercise these rights, please contact us at:
Email: [email protected]
Please include "Data Rights Request" in the subject line. We will respond within one month (this may be extended to two months in exceptional circumstances with prior notice).
VI. Cookie Policy
Our website uses cookies (small data files) to optimize your browsing experience, such as remembering your preferences and analyzing website traffic. Cookies are categorized as follows:
Necessary cookies: These enable basic website functionality (such as the shopping cart) and cannot be disabled;
Analytical/Functional cookies: These are used to improve services (such as Google Analytics) and can be disabled in your browser settings;
Marketing cookies: These are used for personalized advertising and are enabled with your consent, which can be withdrawn at any time.
You can manage your cookie preferences through your browser settings, but disabling some cookies may affect website functionality.
VII. Data Protection of Minors
We do not intentionally collect data from minors under the age of 16. If you discover that the data has been collected in error, your guardian may contact us to have the data removed.
VIII. Policy Updates and Complaints
We may update this policy from time to time. Updates will be posted on our website and the effective date will be revised. If you have any objections to the processing of your data, you may first contact us for consultation. You may also lodge a complaint with the data protection authority in your member state (e.g., the UK ICO or the German BAfEP). Thank you for your trust in PenumbraStitch LTD. We are committed to protecting your privacy and data security.