Official Website: lwwlimited.com | Contact Email: service@lwwlimited.com

I. Scope and Legal Basis of Data Collection

We collect necessary personal data only for specific, explicit, and legal purposes, strictly adhering to the principle of "data minimization," and do not collect information unrelated to the service.

1. Types of Personal Data Collected:

• Identification and Contact Information: Name, email address, phone number, delivery address, etc., used for order processing, logistics, and after-sales communication;
• Transaction Information: Order number, product model/quantity purchased, payment amount, payment method, etc., used for transaction fulfillment, invoice issuance, and transaction record retention;
• Device and Usage Information: IP address, browser type, access time, page browsing history, etc., used to optimize the website experience, troubleshoot technical issues, and ensure website security;
• Sensitive Personal Data: Unless you actively provide it (e.g., special body shape requirements, health-related fabric preferences), we will not collect sensitive personal data such as race or health status. If it is necessary to process such data, we will obtain your explicit consent separately.

2. Legal Basis for Data Processing (Based on Article 6 of the GDPR):

• Obtaining your explicit consent: You may withdraw your consent at any time for non-contractual purposes such as sending marketing messages and processing sensitive personal data;
• Compliance with legal obligations: To meet legal requirements such as tax reporting and transaction record retention;
• Protection of your legitimate rights: To ensure the security of your account, handle after-sales disputes, or prevent fraud.

II. Purpose of Use of Personal Data

The personal data we collect will only be used for the following purposes. If use is required beyond these purposes, your consent will be obtained separately:

• Processing and fulfilling your orders, including order confirmation, product delivery, logistics tracking, and after-sales service;
• Providing you with personalized product recommendations and marketing campaign notifications (requires your consent);
• Optimizing our product design, website functionality, and service quality;
• Ensuring transaction security and preventing illegal activities such as fake orders and fraud;
• Responding to your inquiries, complaints, or requests and resolving related issues;
• Complying with the laws and regulations of the EU and relevant countries, and retaining necessary transaction records.

III. Data Storage and Protection

1. Storage Period:

We will only store your personal data for the minimum period required to achieve the above objectives. After this period, the data will be securely destroyed through methods such as encrypted deletion and anonymization. For example, transaction records will be retained for 7 years after the order is completed (to meet tax retention requirements), and marketing-related data will be deleted immediately upon your withdrawal of consent.

2. Security Measures:

We adopt technical and management measures that comply with GDPR requirements to ensure the security of your data:

• Technical Level: We use AES-256 encryption technology for data transmission and storage, our official website uses the SSL security protocol, and we regularly scan and patch system security vulnerabilities;
• Management Level: We implement strict access controls, authorizing only employees to access personal data, and requiring them to adhere to confidentiality obligations; we regularly provide GDPR compliance training to employees, clarifying their data protection responsibilities.

In the event of a data breach, we will report it to the relevant EU data protection authority (such as the DPA in your country) within 72 hours of becoming aware of the breach, and will promptly notify you and implement relevant measures if the breach may pose a high risk to your rights and freedoms.

IV. Data Sharing and Cross-Border Transfer

1. Data Sharing:

We will not sell your personal data to third parties. We will only share data with trusted third parties in the following circumstances, and require these third parties to comply with GDPR and related confidentiality requirements:

• Logistics service providers: Sharing your name, address, contact information, and other necessary information to complete the delivery of goods;
• Payment service providers: Sharing necessary information related to transactions to process payments;
• Legal and regulatory requirements: Disclosing necessary personal data upon legitimate requests from courts, regulatory agencies, etc.

2. Cross-Border Transfer:

As our business involves global supply, your personal data may be transferred to countries outside the EU (including countries such as China that have not obtained EU adequacy certification). We ensure that all cross-border transfers comply with GDPR requirements and will ensure that data protection levels are no less than EU standards through appropriate safeguards such as signing EU Standard Contractual Clauses (SCCs) and adopting encrypted transmissions. You can contact us via email for detailed information on these safeguards.

V. Your Core Data Rights (Based on Articles 15-20 of the GDPR)

As a data subject, you have the following rights, and we will respond to your requests free of charge and promptly:

• Right to Know: You have the right to request confirmation from us regarding whether your personal data is being processed and to obtain relevant processing information as described in this policy;
• Right to Access: You have the right to request a copy of your personal data from us;
• Right to Correction: You have the right to request us to correct any inaccuracies or incompleteness in your personal data;
• Right to Erasure (Right to Be Forgotten): You have the right to request us to erase your personal data if the data processing purpose has been achieved, if you withdraw your consent, or if we violate the GDPR;
• Right to Restrict Processing: You have the right to request us to suspend the processing of your personal data under specific circumstances (such as objections to the accuracy of the data);
• Right to Object: You have the right to object to our data analysis or marketing data processing based on legitimate or public interests;
• Right to Data Portability: You have the right to request us to provide your personal data in a structured, machine-readable format or to transfer it directly to other data controllers.

If you wish to exercise the above rights or have any objections to data processing, please contact us at service@lwwlimited.com. We will respond within one month of receiving your request, which may be extended to three months in complex cases (with advance notice). If you are dissatisfied with our response, you have the right to file a complaint with the data protection authority of your Member State.

VI. Third-Party Links and Child Data Protection

1. Third-Party Links:

Our website may contain links to third-party websites. The privacy policies of these websites are not our responsibility, and we recommend that you review the privacy policies of the third parties.

2. Child Data:

Our products are not intended for children under the age of 16. We will not knowingly collect children's personal data unless with the explicit consent of their legal guardian. If any miscollection is discovered, the relevant data will be deleted immediately.

VII. Policy Updates and Effectiveness

This Privacy Policy is effective from the date of its publication. If EU data protection laws and regulations change, or if our business model changes resulting in changes to data processing methods, we will update this policy promptly and notify you through website announcements, email notifications, etc. The updated policy will be effective from the date of its publication.