Privacy Policy

Last updated:

1. Introduction

Shiningbrightao ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://shiningbrightao.world and use our services.

We comply with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Dutch Implementation Act of the GDPR (Uitvoeringswet AVG), and other applicable data protection laws.

2. Data Controller Information

The data controller responsible for your personal data is:

Shiningbrightao
30 Oudegracht, 3511 AP Utrecht, Netherlands
Email: team@shiningbrightao.world

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Information You Provide Directly

  • Contact Information: Name, email address, phone number (optional)
  • Order Information: Details provided when placing an order through our contact form
  • Communication Data: Messages, inquiries, and correspondence with us

3.2 Information Collected Automatically

  • Technical Data: IP address, browser type and version, operating system, device information
  • Usage Data: Pages visited, time spent on pages, click patterns, referring websites
  • Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

  • Consent (Art. 6(1)(a)): When you have given explicit consent for specific processing activities, such as receiving marketing communications or accepting non-essential cookies.
  • Contract Performance (Art. 6(1)(b)): When processing is necessary to fulfill a contract with you or to take steps at your request before entering into a contract.
  • Legal Obligation (Art. 6(1)(c)): When processing is necessary to comply with legal requirements, such as tax and accounting obligations.
  • Legitimate Interests (Art. 6(1)(f)): When processing is necessary for our legitimate business interests, provided these do not override your fundamental rights and freedoms.

5. Purposes of Processing

We use your personal data for the following purposes:

  • Processing and fulfilling your orders
  • Responding to your inquiries and providing customer support
  • Sending order confirmations and updates
  • Improving our website and user experience
  • Analyzing website usage and generating statistics
  • Ensuring website security and preventing fraud
  • Complying with legal and regulatory requirements
  • Sending marketing communications (only with your explicit consent)

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Data Category Retention Period
Order and transaction data 7 years (for tax and legal compliance)
Customer inquiries 3 years after resolution
Marketing consent records Until consent is withdrawn + 1 year
Website analytics data 26 months
Cookie consent preferences 12 months

7. Data Sharing and Recipients

We may share your personal data with:

  • Service Providers: Third-party companies that assist us in operating our website, processing payments, or delivering products (e.g., hosting providers, payment processors, shipping companies).
  • Legal Authorities: When required by law, court order, or governmental authority.
  • Professional Advisors: Accountants, lawyers, and auditors as necessary for our business operations.

All third-party service providers are contractually obligated to protect your data and process it only according to our instructions, in compliance with GDPR requirements.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with an adequacy decision by the European Commission
  • Other legally approved transfer mechanisms

9. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): You can request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): You can request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17): You can request deletion of your personal data under certain circumstances.
  • Right to Restriction (Art. 18): You can request that we limit the processing of your data.
  • Right to Data Portability (Art. 20): You can request your data in a structured, machine-readable format.
  • Right to Object (Art. 21): You can object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent (Art. 7): You can withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: You can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

To exercise any of these rights, please contact us using the details provided in Section 2. We will respond to your request within one month, as required by GDPR.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for data transmitted over the internet
  • Secure storage systems with access controls
  • Regular security assessments and updates
  • Employee training on data protection
  • Limited access to personal data on a need-to-know basis

11. Children's Privacy

Our website and services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately so we can delete such information.

12. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you, as described in Article 22 of the GDPR.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will notify you by posting a prominent notice on our website or by sending you an email, where applicable. The "Last updated" date at the top of this page indicates when this policy was last revised.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Shiningbrightao
30 Oudegracht, 3511 AP Utrecht, Netherlands
Email: team@shiningbrightao.world

We will make every effort to respond to your inquiry promptly and address your concerns in accordance with applicable data protection laws.