Xiuxinfang Privacy Policy

Effective Date: June 18, 2018

​1. Policy Overview

This policy applies to ​Xiuxinfang (“we”) and governs the collection, storage, and processing of personal data through our website (www.xiuxinfang.com) and mobile applications. We adhere to the principles of ​data minimization, security, and transparency, complying with global regulations including the GDPR (EU), China’s PIPL, and other applicable data protection laws.

​2. Data Collection and Use

​2.1 Types of Collected Data

• ​Registration/Login Information: Email, username, and password (encrypted storage).
• ​Payment Information: Processed exclusively via ​PayPal; no storage of full card numbers, CVV, or other sensitive data.
• ​Order Information: Purchase history, shipping addresses, and contact details.
• ​Behavioral Data: Website browsing history, device information (IP address, browser type).

​2.2 Purpose of Data Use

• To fulfill orders and provide customer service.
• To optimize website features and deliver personalized recommendations (based on anonymized analytics).
• To meet compliance requirements (e.g., fraud detection).

​3. Data Storage and Security

​3.1 Storage Period

• ​Registration Data: Stored indefinitely until user deletion or account deactivation.
• ​Order Data: Retained for up to 3 years after order completion (or as required by local laws).
• ​Behavioral Data: Stored anonymously indefinitely for statistical analysis.

​3.2 Security Measures

• ​Encryption: Transport-layer encryption (TLS 1.3) and static data encryption (AES-256).
• ​Access Control: Restricted access to authorized personnel with periodic audits.
• ​Payment Security:
  • Processed through PayPal’s PCI DSS Level 1-certified systems;
  • All payment data stored securely on PayPal’s isolated servers (not retained by us).
• ​Blockchain Immutability: Critical transaction records (e.g., order hashes) permanently recorded on Ethereum blockchain.

​4. Data Sharing and Third-Party Processing

• ​Service Providers: Data may be shared with third parties (under confidentiality agreements):
  • ​PayPal: Payment processing and fraud prevention.
  • ​Logistics Providers: Shipping address and order fulfillment.
  • ​Data Analytics Platforms: Anonymous behavioral data analysis.
• ​Cross-Border Data Transfers: Compliant with GDPR’s adequacy standards (e.g., Standard Contractual Clauses).

​5. User Rights

• ​Right to Know: Understand how we collect and use data via our privacy policy.
• ​Right of Access: Request access to personal data (identity verification required).
• ​Right to Rectification: Correct inaccuracies in your data.
• ​Right to Erasure: Request deletion of account and associated data (except as required by law).
• ​Right to Object: Refuse targeted advertising.

​6. Policy Updates

We reserve the right to amend this policy without prior notice. Revised versions will be published on our website or notified via email. The updated policy becomes effective immediately upon publication, and continued use of our services constitutes acceptance.

​7. Contact Information

• ​Data Protection Officer (DPO):
  • Email: ​dpo@xiuxinfang.com
  • Phone: +86 153-4334-1331 (Business Hours: 9:00 AM – 6:00 PM)
• ​Complaint Channel:
  • EU Users: Submit requests via the GDPR Data Protection Portal;
  • Other Regions: Contact the DPO at the above email.

​Policy Highlights

1. ​Payment Data Isolation: Strict separation of payment data handled by PayPal from our internal systems.
2. ​Blockchain Traceability: Enhanced transaction transparency through immutable blockchain records.
3. ​User Empowerment: Clear rights for data access, correction, and deletion.