Privacy Policy

1 Introduction and Scope

Xi'an Lingyuanshu Information Technology Co., Ltd. (referred to as "the Company," "we," "us," or "our") is committed to protecting the privacy and security of the personal information of our users, customers, partners, and website visitors. This Privacy Policy explains how we collect, use, store, share, and safeguard your personal data when you interact with our services, visit our websites, use our applications, or communicate with us through any channel.

This policy applies to all individuals who interact with the Company in any capacity, including but not limited to: visitors to our digital platforms, registered users of our products and services, prospective and current clients, business partners, vendors, and job applicants. By accessing or using any of our services, you acknowledge that you have read, understood, and agree to the terms outlined in this Privacy Policy.

Our services encompass a range of information technology solutions, software development, digital consulting, cloud-based applications, and related technical services. This Privacy Policy is designed to comply with applicable data protection laws and regulations, including the Personal Information Protection Law of the People's Republic of China (PIPL), the Cybersecurity Law, the Data Security Law, and other relevant regulatory frameworks where we operate.

2 Information We Collect

We collect various categories of personal information necessary to provide, maintain, and improve our services. The specific types of data we collect depend on the nature of your interaction with us. Below is a comprehensive breakdown of the information we may collect.

2.1 Personal Identification Information

• Full Name: Your legal or preferred name used for account registration, service delivery, and communication.
• Contact Details: Email address, phone number (including mobile and landline), postal address, and other relevant contact information.
• Identification Documents: Government-issued identification numbers or documentation where required for identity verification or regulatory compliance.
• Account Credentials: Username, password, security questions, and authentication tokens used to access our platforms.

2.2 Technical and Usage Data

• Device Information: Hardware model, operating system version, device identifiers, IP address, browser type and version, screen resolution, language settings, and regional preferences.
• Log Data: Server access logs, timestamps of visits and actions, requested URLs, referral sources, page interaction data (clicks, scrolls, dwell time), and error reports.
• Network Information: Internet service provider, connection type, network performance metrics, approximate geographic location derived from IP address, and mobile network identifiers.
• Cookies and Tracking Data: Cookie identifiers, session IDs, pixel tag interactions, and data from similar tracking mechanisms (detailed in Section 6).

2.3 Business and Transaction Information

• Company Details: Business name, registration number, tax identification number, company address, industry, and company size when applicable.
• Billing and Payment Information: Invoice details, billing address, transaction history, and payment method information (processed through secure third-party payment gateways; we do not store full payment card numbers on our servers).
• Service Usage Data: Records of products or services purchased, subscription plans, usage frequency, feature utilization, support tickets filed, and service feedback.

2.4 Communication Data

• Correspondence: Records of emails, live chat transcripts, phone call recordings (where permitted by law), and messages exchanged through our platforms.
• Feedback and Surveys: Responses to customer satisfaction surveys, product feedback forms, and voluntary participation in research or beta-testing programs.
• Support Inquiries: Descriptions of technical issues, troubleshooting steps, and any files or screenshots you voluntarily provide during support interactions.

2.5 Sensitive Information (With Explicit Consent Only)

We do not collect sensitive personal data unless it is voluntarily provided with your explicit, informed consent for a specific purpose. Sensitive data may include biometric information, health data, political opinions, religious beliefs, or criminal records. If such data is necessary for a particular service, we will obtain separate, unambiguous consent and process it in accordance with applicable legal requirements.

3 How We Collect Your Information

We collect personal information through a variety of channels, both directly from you and from other legitimate sources. Understanding how your data is collected helps you make informed decisions about your interactions with us.

3.1 Information You Provide Directly

• Account Registration: When you create an account on our platforms, we collect the information you enter during the registration process.
• Service Purchases: When you purchase or subscribe to any of our products or services, whether online, by phone, or through a sales representative.
• Forms and Surveys: When you voluntarily fill out contact forms, registration forms for events or webinars, customer satisfaction surveys, or feedback questionnaires.
• Communications: When you contact us via email, phone, live chat, social media, or any other communication channel for inquiries, support, or other purposes.
• Uploads and Submissions: When you upload documents, files, images, or other content to our platforms or share them with us during the course of service delivery.

3.2 Information Collected Automatically

When you access or use our digital platforms, certain information is automatically collected through technological means. This includes:

• Server Logs: Our servers automatically record information about your device and browsing activity, including IP address, browser type, operating system, referring and exit pages, and timestamps.
• Cookies and Similar Technologies: We use cookies, web beacons, pixel tags, and local storage to collect information about your browsing behavior, preferences, and device characteristics. For detailed information, please see Section 6.
• Analytics Tools: We employ analytics services that use tracking technologies to help us understand how users interact with our platforms, which features are most used, and how we can improve user experience.

3.3 Information from Third Parties

In certain circumstances, we may receive personal information about you from legitimate third-party sources, including:

• Business Partners: From partners with whom we jointly offer services or who refer you to us, provided they have obtained your consent or have a lawful basis for sharing your information.
• Public Sources: From publicly accessible databases, government registries, and professional networking platforms where you have made your information publicly available.
• Payment Processors: From payment service providers who verify your identity and process transactions on our behalf.
• Social Media Platforms: If you choose to sign in using a social media account or engage with our pages on social media platforms, we may receive certain profile information as governed by that platform's privacy settings and policies.

4 Purposes of Data Processing

We process your personal information for specific, legitimate, and documented purposes. We do not process data in ways that are incompatible with the purposes described in this Privacy Policy without notifying you and obtaining your consent where required.

We do not use automated decision-making or profiling that produces legal effects concerning you without your explicit consent or without implementing appropriate safeguards as required by applicable law.

5 Legal Basis for Processing

We process your personal information only when we have a valid legal basis to do so. The legal bases we rely upon are as follows:

5.1 Consent

We may process your personal data when you have given explicit, informed, and freely given consent for a specific processing purpose. You have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. Consent is typically sought for marketing communications, the collection of sensitive data, and the placement of non-essential cookies.

5.2 Contractual Necessity

We process your data when it is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract. This includes processing required to deliver the services you have requested, process payments, and provide customer support throughout the contractual relationship.

5.3 Legal Obligation

We process your data when it is necessary to comply with a legal or regulatory obligation to which we are subject. This includes compliance with tax laws, anti-money laundering regulations, court orders, data protection laws, and lawful requests from government or regulatory authorities.

5.4 Legitimate Interests

We may process your data when it is necessary for our legitimate interests or those of a third party, provided that such interests are not overridden by your rights, interests, or fundamental freedoms. Our legitimate interests include:

• Operating, maintaining, and improving our business and services.
• Preventing fraud, unauthorized access, and other illegal activities.
• Ensuring network and information security.
• Conducting internal analysis and research to develop better products.
• Communicating important service-related information to our users.

5.5 Vital Interests

In rare circumstances, we may process personal data when it is necessary to protect the vital interests of an individual, such as in a medical emergency or a situation involving immediate threat to life or safety.

6 Cookies and Similar Technologies

Our digital platforms use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to enhance your browsing experience, analyze website traffic, and personalize content. This section explains what these technologies are, how we use them, and your choices regarding their use.

6.1 What Are Cookies?

Cookies are small text files that are placed on your device by a web server when you visit a website. They enable the website to remember your actions and preferences (such as login status, language selection, and display preferences) over a period of time, so you do not have to re-enter them each time you return to the site or navigate between pages.

6.2 Types of Cookies We Use

6.3 Third-Party Cookies

Some cookies on our platforms are placed by trusted third-party service providers. These third parties may include analytics providers (such as website traffic analysis services), advertising networks, and social media platforms. These third parties may use cookies to collect information about your online activities over time and across different websites. We do not have direct control over these third-party cookies, and their use is governed by the respective third parties' privacy policies.

6.4 Your Cookie Choices

You have the right to control whether cookies are placed on your device. You can exercise your preferences through the following methods:

• Browser Settings: Most web browsers allow you to manage cookie preferences through their settings menus. You can choose to block all cookies, accept all cookies, delete existing cookies, or receive a notification when a cookie is set.
• Cookie Consent Banner: When you first visit our platforms, a cookie consent banner will appear, allowing you to accept or decline non-essential cookies based on your preferences.
• Opt-Out Tools: You may use industry opt-out mechanisms, such as the Digital Advertising Alliance's opt-out tool, to manage preferences regarding targeted advertising cookies.

Please note that blocking or deleting essential cookies may affect the functionality of our platforms and may prevent certain features from working correctly.

7 Data Sharing and Disclosure

We take your privacy seriously and do not sell your personal information to third parties. We may share your personal data only under the specific circumstances described in this section, and we ensure that appropriate safeguards are in place whenever data is shared.

7.1 Service Providers and Processors

We may share your personal information with trusted third-party service providers who perform services on our behalf. These providers are contractually bound to process your data only for the purposes we specify and in accordance with our instructions. They are required to implement appropriate security measures to protect your data. Categories of service providers include:

• Cloud Infrastructure Providers: Hosting and data storage services.
• Payment Processors: Secure payment transaction processing.
• Analytics Services: Website and application usage analysis.
• Customer Support Platforms: Ticketing, live chat, and communication tools.
• Email Service Providers: Transactional and marketing email delivery.
• Professional Advisors: Legal, accounting, and consulting professionals bound by confidentiality obligations.

7.2 Business Partners

We may share your information with trusted business partners with whom we jointly offer products or services, or who provide complementary services. In such cases, we will ensure that you are informed about the sharing arrangement and, where required by law, obtain your consent before sharing your data.

7.3 Legal and Regulatory Disclosures

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation, court order, subpoena, or governmental request.
• Protect and defend our rights, property, or safety, or the rights, property, or safety of our users or others.
• Enforce our terms of service, investigate potential violations, and detect or prevent fraudulent or illegal activities.
• Respond to lawful requests from public authorities, including to meet national security or law enforcement requirements.

7.4 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data and will ensure that the receiving entity agrees to protect your data in a manner consistent with this Privacy Policy.

7.5 With Your Consent

We may share your personal information with third parties in any other circumstance where we have obtained your explicit, informed consent to do so.

8 Data Retention and Storage

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. The retention period varies depending on the type of data and the purpose of processing.

8.1 Retention Criteria

We determine appropriate retention periods based on the following criteria:

• Duration of Service Relationship: We retain data for the duration of your active relationship with us, plus a reasonable period afterward to allow for account reactivation or to address any post-service issues.
• Legal and Regulatory Requirements: Certain data must be retained for specific periods as mandated by tax laws, anti-money laundering regulations, financial reporting requirements, and other applicable legal obligations (typically ranging from three to ten years).
• Statutes of Limitations: We may retain data for the duration of any applicable statute of limitations for legal claims.
• Ongoing Business Needs: Data necessary for fraud prevention, security investigations, and audit purposes may be retained for extended periods based on risk assessment.

8.2 Data Storage

Your personal information is primarily stored on secure servers located within the People's Republic of China. We have implemented appropriate technical and organizational measures to ensure that your data is stored securely and protected against unauthorized access, accidental loss, or destruction.

8.3 Data Deletion and Anonymization

Once the retention period expires or the purpose for processing has been fulfilled, we will securely delete, destroy, or anonymize your personal information in a manner that prevents its reconstruction or re-identification. Anonymized data (data that can no longer be associated with an identifiable individual) may be retained indefinitely for analytical, statistical, and research purposes.

9 Data Security Measures

Protecting your personal information is a top priority for us. We implement a comprehensive set of technical, organizational, and administrative security measures designed to safeguard your data against unauthorized access, alteration, disclosure, or destruction. Our security framework is continuously reviewed and updated to address emerging threats and comply with industry best practices.

9.1 Technical Security Measures

• Encryption: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security) protocols. Sensitive data at rest is encrypted using industry-standard AES-256 encryption algorithms.
• Access Controls: Strict role-based access controls (RBAC) and multi-factor authentication (MFA) are enforced for all systems and databases containing personal information. Access is granted only on a need-to-know basis.
• Network Security: Our infrastructure is protected by firewalls, intrusion detection and prevention systems (IDPS), and regular vulnerability assessments and penetration testing.
• Monitoring and Logging: Comprehensive logging and real-time monitoring systems detect and alert on suspicious activities, unauthorized access attempts, and potential security incidents.
• Regular Backups: Encrypted backups of critical data are performed regularly and stored in secure, geographically separated locations to ensure business continuity and data recoverability.

9.2 Organizational Security Measures

• Data Protection Policies: We maintain written information security policies and procedures that govern the handling, storage, and processing of personal data across the organization.
• Employee Training: All employees and contractors receive mandatory training on data protection, privacy principles, security best practices, and incident response procedures.
• Confidentiality Agreements: All personnel with access to personal information are bound by strict confidentiality obligations.
• Third-Party Due Diligence: We conduct security assessments of third-party service providers before engaging their services and require contractual commitments to data protection standards.
• Incident Response Plan: We maintain a documented incident response plan to promptly detect, contain, investigate, and remediate any data security incidents, and to notify affected individuals and regulatory authorities as required by law.

9.3 Data Breach Notification

In the unlikely event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant regulatory authorities without undue delay and within the timeframes prescribed by applicable law. Our notification will include a description of the nature of the breach, the categories and approximate number of data subjects and records concerned, and the measures we have taken or propose to take to address the breach and mitigate its potential adverse effects.

10 Your Rights and Choices

Depending on your jurisdiction and the applicable data protection laws, you may have the following rights regarding your personal information. We are committed to facilitating the exercise of these rights and will respond to your requests in a timely manner, typically within thirty (30) calendar days, unless a longer period is permitted or required by law.

10.1 Right to Be Informed

You have the right to be informed about the collection and use of your personal data. This Privacy Policy serves as our primary means of fulfilling this obligation. We will provide additional specific notices at the point of data collection where appropriate.

10.2 Right of Access

You have the right to request confirmation from us as to whether we are processing your personal data and, if so, to request a copy of that data along with supplementary information about how it is processed.

10.3 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. You may also update certain information directly through your account settings.

10.4 Right to Erasure (Right to Be Forgotten)

You have the right to request the deletion of your personal data when one of the following grounds applies:

• The data is no longer necessary for the purposes for which it was collected.
• You withdraw your consent and there is no other legal basis for processing.
• You object to the processing and there are no overriding legitimate grounds.
• Your data has been unlawfully processed.
• Deletion is required to comply with a legal obligation.

10.5 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data, when the processing is unlawful but you oppose deletion, or when we no longer need the data but you require it for the establishment, exercise, or defense of legal claims.

10.6 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance from us, where the processing is based on consent or contract and is carried out by automated means.

10.7 Right to Object

You have the right to object, on grounds relating to your particular situation, to the processing of your personal data based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

10.8 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

10.9 Right to Lodge a Complaint

If you believe that our processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with the competent data protection supervisory authority in your jurisdiction.

10.10 Exercising Your Rights

To exercise any of the rights described above, please contact us using the information provided in Section 15. We may need to verify your identity before processing your request to ensure that we are responding to the legitimate data subject. We will not discriminate against you for exercising any of your privacy rights. In most cases, we will respond to your request free of charge; however, we may charge a reasonable fee for repetitive, unfounded, or excessive requests.

11 International Data Transfers

As a company operating within the People's Republic of China, your personal information is primarily stored and processed within China. However, in certain circumstances, we may need to transfer your personal data to jurisdictions outside of China, including to our service providers, partners, or affiliates located in other countries.

11.1 Cross-Border Transfer Mechanisms

When we transfer personal data across borders, we ensure that appropriate safeguards are in place to protect your information in accordance with applicable data protection laws. These safeguards may include:

• Standard Contractual Clauses: We may use standard data protection clauses approved by relevant authorities to govern cross-border data transfers with our partners and service providers.
• Security Assessment: Where required by Chinese law, we will conduct a security assessment of any cross-border data transfer and obtain approval from the relevant regulatory authority before proceeding.
• Binding Corporate Rules: For transfers within our corporate group, we may adopt internal policies that ensure a consistent level of data protection across all entities.
• Consent: In certain cases, we may rely on your explicit consent as the basis for transferring your data internationally, after informing you of the potential risks associated with such transfers.

11.2 Countries We May Transfer Data To

Depending on the nature of our services and the location of our service providers, your data may be transferred to countries such as:

• Singapore
• Japan
• South Korea
• United States (to cloud service providers with appropriate safeguards)
• European Union member states (to partners and service providers)

11.3 Your Rights Regarding International Transfers

You have the right to be informed about the appropriate safeguards we have implemented regarding the transfer of your personal data. If you would like a copy of the relevant transfer mechanisms or further information about how your data is protected when transferred internationally, please contact us using the details in Section 15.

12 Children's Privacy

We are committed to protecting the privacy of children and minors. Our services are not directed toward or intended for use by individuals under the age of eighteen (18), or under the age of majority as defined in their jurisdiction, without the involvement and consent of a parent or legal guardian.

12.1 Age of Consent

In accordance with the Personal Information Protection Law of the People's Republic of China and other applicable laws, we consider any individual under the age of fourteen (14) to be a minor for the purposes of data protection. For minors between fourteen (14) and eighteen (18) years of age, we require parental or guardian consent before collecting and processing personal data unless otherwise permitted by applicable law.

12.2 Our Policy

• We do not knowingly collect, use, or disclose personal information from children under the relevant age of digital consent without verifiable parental or guardian consent.
• If we become aware that we have inadvertently collected personal information from a child without appropriate consent, we will take immediate steps to delete that information or obtain the necessary consent.
• We will not use children's personal information for behavioral advertising, profiling, or any other purpose that may be detrimental to their welfare.
• We encourage parents and guardians to monitor their children's online activities and to instruct them never to provide personal information through our services without parental permission.

12.3 What to Do If You Believe a Child Has Provided Us with Personal Data

If you are a parent or guardian and you believe that your child has provided us with personal information without your consent, please contact us immediately using the details in Section 15. We will take all reasonable steps to investigate and, if confirmed, promptly delete the child's personal information from our systems.

13 Third-Party Services and Links

Our digital platforms may contain links to third-party websites, applications, plug-ins, services, or features that are not owned or controlled by Xi'an Lingyuanshu Information Technology Co., Ltd. This includes, but is not limited to, links to social media platforms, payment gateways, analytics providers, and partner websites.

13.1 External Links

We may provide links to external websites for your convenience and informational purposes. These links are identified by their URL or by contextual indicators. When you click on a third-party link, you will leave our platform and be directed to a website or service that is beyond our control. We are not responsible for the privacy practices, content, or security of any third-party websites or services.

13.2 Third-Party Integrated Services

Our platforms may integrate with third-party services that enhance functionality, such as payment processors, mapping services, authentication providers, or communication tools. When you use these integrated services, the third-party provider may collect certain information directly from you. The collection and use of your data by these third parties is governed by their respective privacy policies, not this Privacy Policy.

13.3 Social Media Features

Our platforms may include social media features, such as sharing buttons, embedded feeds, or login widgets. These features may collect your IP address and may set cookies to enable proper functioning. Your interactions with these features are governed by the privacy policies of the respective social media companies.

13.4 Our Responsibility and Your Caution

While we strive to link only to reputable third-party services that share our commitment to privacy and security, we have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party services you interact with before providing them with your personal information.

14 Changes to This Privacy Policy

Xi'an Lingyuanshu Information Technology Co., Ltd. reserves the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our data processing practices, legal and regulatory requirements, technological advancements, or business operations. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

14.1 Notification of Material Changes

If we make material changes to this Privacy Policy that significantly affect how we collect, use, or share your personal information, we will provide prominent notice to you through one or more of the following means:

• Displaying a conspicuous notice on our website or platforms.
• Sending an email notification to the email address associated with your account.
• Presenting a notification or banner within our applications or services upon your next login.
• Any other method of communication that is reasonably calculated to reach you.

14.2 What Constitutes a Material Change

Material changes to this Privacy Policy may include, but are not limited to:

• Changes in the types of personal information we collect.
• Changes in how we use or share your personal information.
• Changes in the entities with whom we share your personal information.
• Changes in your rights regarding your personal information.
• Changes in the legal basis for processing your personal information.
• Changes to our data retention practices.

14.3 Effective Date and Versioning

The most recent version of this Privacy Policy will always be available on our website, with the effective date clearly displayed at the top of the document. Each version of this Privacy Policy is identified by its effective date. We encourage you to check the effective date when you review this policy to determine whether any changes have been made since your last review.

14.4 Your Continued Use

Your continued use of our services after any revision to this Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the changes, you should discontinue using our services and contact us to address any concerns or exercise your rights regarding your personal information. Where required by applicable law, we will obtain your separate consent for material changes.

15 Contact Information

If you have any questions, concerns, requests, or complaints regarding this Privacy Policy or our data processing practices, please do not hesitate to contact us. We have designated personnel responsible for overseeing data protection compliance and handling privacy-related inquiries.

15.1 Our Contact Details

• Company Name: Xi'an Lingyuanshu Information Technology Co., Ltd.
• Email: support@lingyuanshu.shop
• Phone: (+86) 153-6452-9055
• Address: Room 1502, Unit 1, Building 1, Lantian Tower, Weiyang Road, Weiyang District, Xi'an, Shaanxi Province, China
• Office Hours: Monday through Friday, 9:00 AM to 6:00 PM (China Standard Time, UTC+8)

15.2 Data Protection Contact

For privacy-specific inquiries, data subject rights requests, or to contact our Data Protection Officer (DPO), please use the following communication channel:

• Privacy Inquiries: support@lingyuanshu.shop
• Subject Line: Please include "PRIVACY REQUEST" in the subject line of your email to ensure prompt handling.

15.3 How to Reach Us

You may contact us through any of the following methods:

• By Email: Send your inquiry or request to support@lingyuanshu.shop with a clear description of your concern or request. We will acknowledge receipt within two (2) business days and respond substantively within the timeframe prescribed by applicable law.
• By Phone: Call us at (+86) 153-6452-9055 during our office hours. Please note that we may ask you to verify your identity before discussing personal data matters over the phone.
• By Mail: Write to us at our physical address listed above. For security purposes, we recommend using registered mail for written correspondence containing personal information.

15.4 Data Protection Supervisory Authority

If you are not satisfied with our response to your privacy-related inquiry or concern, or if you believe that we have not adequately addressed your data protection rights, you have the right to lodge a complaint with the competent data protection authority in your jurisdiction. In China, the primary regulatory authority for personal information protection is the Cyberspace Administration of China (CAC).