Privacy Policy of Huiren Tang
1. Introduction
we operates www.thestron.shop. This Privacy Policy explains how we collect, use, disclose, and protect your personal data globally. By using the Site, you consent to the practices described herein. For jurisdiction-specific rights (e.g., GDPR/CCPA), see Section 7.
2. Data We Collect
We collect the following categories of data:
- Identifiers: Name, email, phone, IP address, device ID.
- Commercial Data: Order history, payment details (processed via PCI-DSS-compliant gateways like Stripe/PayPal).
- Technical Data: Browser type, cookies, usage patterns (pages visited, session duration).
- Sensitive Data (if applicable): Only with explicit consent (e.g., health data for custom products).
3. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Fulfill orders & provide support | Contractual necessity |
| Send marketing communications | Consent (opt-in required) |
| Improve Site functionality | Legitimate interests |
| Comply with tax/fraud laws | Legal obligation |
| Personalized advertising | Consent (opt-out for CCPA) |
4. Cookies and Tracking Technologies
We use:
- Essential Cookies: For cart functionality and login (no consent needed).
- Analytics Cookies: Google Analytics (anonymized IPs).
- Advertising Cookies: Facebook Pixel, TikTok Ads (opt-out via Cookie Banner).
Manage preferences: Browser settings or our Cookie Consent Manager.
5. Data Sharing and Third Parties
We share data only as necessary with:
- Service Providers: Payment processors, shipping carriers (e.g., DHL, FedEx).
- Analytics Partners: Google, Meta (data anonymized where possible).
- Legal Authorities: To comply with court orders or laws.
We never sell personal data (CCPA: “Do Not Sell My Personal Information” link required).
6. International Data Transfers
Data may be transferred outside your country under safeguards:
- EU/UK → Non-EEA: Standard Contractual Clauses (SCCs).
- California → Global: CPRA-compliant agreements.
7. Your Rights by Region
| Right | GDPR | CCPA/CPRA |
|---|---|---|
| Access/Portability | Receive copy of data (free) | Access data collected in 12 months |
| Deletion | “Right to be forgotten” | Delete personal data |
| Opt-Out | Withdraw marketing consent | Opt-out of data “sale” |
| Non-Discrimination | N/A | Equal service if rights exercised |
| Submit requests: [privacy@yourbusiness.com] or online portal. |
8. Data Retention
We retain data only as needed:
- Orders: 7 years (tax compliance).
- Marketing lists: Until consent withdrawal.
- Inactive accounts: Deleted after 2 years.
9. Security Measures
- Encryption: SSL/TLS for data transmission.
- Access Controls: Role-based permissions.
- Audits: Annual penetration testing.
10. Children’s Privacy
Our Site is not directed at children under 16. We do not knowingly collect their data. Contact us to report accidental collection.
11. Policy Updates
Changes will be notified via Site banners or email. Review periodically for updates.
12. Contact Us
For questions or rights requests:
- Email: capkun00@gmail.com