1. Introduction and Scope
This Privacy Policy describes how SAPIENTIAX CO., LTD (hereinafter referred to as the "Company") collects, uses, stores, and protects the personal data of users located in the European Union, in strict compliance with the General Data Protection Regulation (GDPR). This policy applies to all personal data collected through our official website (sapientlux.com), offline stores, and other business channels. Just like the way we meticulously tailor clothing to fit your body, this policy is dedicated to providing precise protection for your data.
2. Types of Personal Data Collected
The data we collect includes, but is not limited to:
Identity Information: Name, Gender, Contact Information (Email, Phone Number), etc.
Transaction Data: Order Details, Payment Information, Shipping Address, etc.
Browsing Data: Website Visit History, Product Preferences, Search History, etc.
Device Information: IP Address, Browser Type, Device Identifier, etc.
This data, like the fabric composition of clothing, will be transparently displayed through a "Data Material Table" to demonstrate its use and processing.
3. Legal Basis for Data Processing
According to Article 6 of the GDPR, our data processing is based on the following lawful bases:
Performance of Contract: Necessary to fulfill orders, such as clothing sales and delivery
User Consent: For non-essential services such as marketing push and personalized recommendations (you may withdraw your consent at any time)
Legal Obligation: Retain transaction records to comply with EU tax and accounting regulations
Legitimate Interest: Optimize website experience and product design without prejudice to user interests
4. Data Use and Sharing
Primary Uses: Order processing, logistics and delivery, customer service, product improvement, and marketing communications
Data Sharing: Sharing with third-party service providers (such as payment processors and logistics companies) only when necessary and under a data processing agreement requiring them to adhere to equivalent standards of protection
Your personal data will never be sold to any third party
5. Data Retention Period
Transaction Data: Retained for 7 years from the date of order completion (in compliance with EU accounting regulations)
Marketing Data: Automatically deleted after you withdraw your consent or become inactive (12 months of inactivity)
Browsing Data: Non-identifiable data collected through cookies is retained Anonymized after 6 weeks
Data related to legal disputes: Retained until the dispute is resolved or the statutory limitation period expires
Expired data will be processed in accordance with our environmental commitments, using secure anonymization technology similar to clothing recycling.
6. User Data Rights
You have the following rights under the law and can submit a written request to [email protected]:
Right of access: Obtain details of the processing of your personal data
Right of rectification: Request correction of inaccurate data (similar to clothing alteration services)
Right of erasure: Request deletion of your data under certain conditions
Right of restriction of processing: Temporarily freeze data processing activities
Right of data portability: Obtain personal data in a structured format
Right of objection: Object to data profiling based on legitimate interests
We will respond to your request within one month, or up to two months in complex cases with prior notice.
7. Cookies and Tracking Technologies
Necessary Cookies: Used for shopping cart functionality, login verification, etc., and are enabled without user consent.
Analytical Cookies: Used to optimize the website experience and require your active consent (click the "Accept" button).
Marketing Cookies: Used for personalized recommendations and require your separate consent.
In accordance with e-Privacy regulations, you can adjust your cookie preferences at any time through the website settings. We do not automatically grant consent by default.
8. Data Security and Breach Notification
We use technical measures such as encrypted transmission and access rights management to protect data security. In the event of a data breach:
We will notify EU Data Protection Authorities (DPAs) within 72 hours and document the incident details for regulatory review.
If the breach is likely to result in a high-risk situation, affected users will be promptly notified via email, website pop-up notifications, or other means, including a summary of the incident, the scope of impact, and remedial measures.
We will establish an emergency response team, comprised of legal, technical, and customer service departments, to ensure compliance with Article 32 of the GDPR.
9. Cross-border Data Transfers
If your data is transferred outside the EU, we will employ the following safeguards:
Execute EU Standard Contractual Clauses (SCCs) with the recipient.
Prioritize data service providers from GDPR-approved "whitelist" countries/regions.
Ensure that cross-border data transfers do not compromise data protection standards, as demonstrated by our consistent quality standards for global fabric suppliers.
10. Complaints and Dispute Resolution
If you believe your data rights have been infringed, you may:
Contact our Data Protection Officer (DPO) at the email address above.
Complain to a data protection authority within the EU, such as your place of residence, place of work, or the place where the infringement occurred. DPA
Seek support from a nonprofit organization or file a lawsuit in a court of competent jurisdiction.
11. Policy Updates
This policy will be updated as needed based on regulatory changes and business needs. Significant changes will be announced via website announcements and emails. The most current version is always available on sapientiax.com.
Just as our clothing protects the body, this policy safeguards your data. If you have any questions, please contact us at [email protected].