Privacy Policy

Company: Shaanxi Canyan Network Technology Co., Ltd.

Trading as: Shine Stone

Registered Address: No. 37, Yongfeng Village South Street Group, Yongle Town, Jinghe New City, Xixian New District, Xi'an City, Shaanxi Province, 710000, China

Email: us@shinestone.hair

Phone: +1 681-946-6520

For the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), Shaanxi Canyan Network Technology Co., Ltd. acts as the data controller with respect to the personal data collected through this website and its associated services.

We collect the following categories of personal data to provide and improve our services:

• Contact Information: Full name, email address, phone number, company name, and job title provided through contact forms, email inquiries, or service requests.
• Technical Data: IP address, browser type and version, device type, operating system, time zone setting, referring URLs, and browsing behavior collected through cookies and similar tracking technologies.
• Usage Data: Information about how you interact with our website, including pages visited, time spent on pages, click patterns, and navigation pathways.
• Business Information: Company details, project requirements, and technical specifications shared during pre-engagement communications or service delivery.
• Communication Records: Correspondence history including emails, phone call logs, and support ticket communications.

We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health information, or biometric data unless explicitly provided by you in the context of a specific service engagement where it is necessary.

We process your personal data for the following specific purposes:

• Provision of Services: To respond to inquiries, deliver consulting and systems integration services, manage client relationships, and fulfill contractual obligations.
• Communication: To send service-related updates, respond to support requests, and provide information about our offerings that you have requested.
• Website Improvement: To analyze usage patterns, diagnose technical issues, and enhance the functionality and user experience of our website.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• Security: To protect our website, systems, and users against fraud, unauthorized access, and other security threats.

We will not process your personal data for purposes incompatible with those described above without first notifying you and, where required, obtaining your consent.

If you are located in the European Economic Area or the United Kingdom, our processing of your personal data is based on the following lawful grounds:

• Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. This applies when we are providing systems design, consulting, or integration services.
• Legitimate Interests: Processing is necessary for our legitimate business interests, including improving our services, maintaining the security of our website, and communicating with clients and prospects, provided that your rights and interests do not override these interests.
• Consent: Where we rely on your consent for specific processing activities such as non-essential cookies or marketing communications, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject, such as tax and accounting requirements.

We do not sell, rent, or trade your personal data to third parties. We may share your information only in the following circumstances:

• Service Providers: We engage trusted third-party service providers who assist us in operating our website and delivering services, including cloud hosting providers, email communication platforms, analytics services, and payment processors. These providers are contractually bound to process data only on our instructions and in compliance with applicable data protection laws.
• Legal Requirements: We may disclose personal data if required to do so by law, regulation, or legal process, or in response to a valid request from law enforcement or governmental authorities.
• Business Transfers: In the event of a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data.
• With Your Consent: We may share your information for any other purpose with your explicit consent.

We conduct due diligence on all third-party processors and require them to maintain appropriate security measures to protect your data.

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand where our visitors come from.

Types of cookies we use:

• Essential Cookies: Necessary for the basic functionality of our website. These cookies enable core features such as security, network management, and accessibility. The website cannot function properly without these cookies.
• Analytics Cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. We use this data to improve our website structure and content.
• Functional Cookies: These cookies enable enhanced functionality and personalization, such as remembering your preferences and settings for future visits.

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality and performance of our website.

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL protocols. Where appropriate, stored data is encrypted at rest.
• Access Controls: Strict access controls and authentication mechanisms are in place to ensure that only authorized personnel have access to personal data on a need-to-know basis.
• Regular Audits: We conduct periodic security assessments, vulnerability scans, and penetration testing to identify and address potential security weaknesses.
• Employee Training: All team members receive regular training on data protection best practices, privacy obligations, and security protocols.
• Incident Response: We maintain an incident response plan to promptly address any data security incidents and notify affected individuals and regulatory authorities as required by law.

While we strive to protect your personal data, no method of transmission or storage is completely secure. We cannot guarantee absolute security but will notify you of any breach that may compromise your data in accordance with applicable legal requirements.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Retention periods are determined based on:

• The duration of our business relationship with you
• Legal and regulatory requirements for record retention
• The statute of limitations for potential legal claims
• Our legitimate business interests in maintaining accurate records

When personal data is no longer needed, we securely delete or anonymize it. In some cases, we may retain anonymized or aggregated data for analytical purposes beyond the applicable retention period.

Your personal data may be transferred to and processed in countries other than your country of residence, including China where our company is headquartered and other jurisdictions where our service providers operate.

When we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we implement appropriate safeguards to protect your data, including:

• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules where applicable
• Other transfer mechanisms recognized under applicable data protection law

By submitting your personal data, you acknowledge that we may transfer, store, and process your information in locations outside your home country. You may request a copy of the relevant safeguards by contacting us at us@shinestone.hair.

Under the GDPR (EEA and UK residents), you have the following rights:

• Right of Access: You may request confirmation of whether we process your personal data and request a copy of that data.
• Right to Rectification: You may request correction of inaccurate or incomplete personal data.
• Right to Erasure: You may request deletion of your personal data where there is no compelling reason for its continued processing, subject to legal obligations.
• Right to Restrict Processing: You may request restriction of processing in certain circumstances, such as when the accuracy of data is contested.
• Right to Data Portability: You may request receipt of your personal data in a structured, commonly used, machine-readable format and have it transmitted to another controller.
• Right to Object: You may object to processing based on legitimate interests, including profiling and direct marketing.

Under the CCPA (California residents), you have the following rights:

• Right to Know: You may request disclosure of the categories and specific pieces of personal data we have collected about you, the sources of collection, the business purpose for collection, and the categories of third parties with whom we share data.
• Right to Delete: You may request deletion of personal data we have collected from you, subject to certain exceptions.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights, including by denying services, charging different prices, or providing a different level of service.
• Right to Opt-Out: You have the right to opt out of the sale of your personal data. We do not sell personal data, as defined by the CCPA.

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately.

If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to delete that information from our systems as promptly as possible.

Our website may contain links to third-party websites, plugins, or services that are not owned or controlled by Shaanxi Canyan Network Technology Co., Ltd. This includes links to social media platforms, partner websites, and external resources.

We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party websites you visit, as their data practices may differ from ours. This Privacy Policy applies solely to data collected through our website and services.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will update the Last Updated date at the top of this policy and may notify you through a prominent notice on our website or by other appropriate communication channels.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Your continued use of our website and services after any changes to this policy constitutes your acceptance of the updated terms.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us:

By Email: us@shinestone.hair

By Phone: +1 681-946-6520

By Mail:
Shaanxi Canyan Network Technology Co., Ltd.
No. 37, Yongfeng Village South Street Group, Yongle Town
Jinghe New City, Xixian New District
Xi’an City, Shaanxi Province, 710000
China

We will acknowledge receipt of your privacy-related inquiry within 5 business days and will work to resolve your concern promptly. If you are unsatisfied with our response, you may have the right to lodge a complaint with your local data protection authority.