Legal

Privacy Policy

Last updated: March 2025  ·  Effective: March 2025
This policy is compliant with GDPR (EU) · UK GDPR · CCPA (California) · PDPA (Singapore/Thailand)

Contents

  1. Who We Are
  2. Data We Collect
  3. How We Use Your Data
  4. Legal Basis (GDPR)
  5. Who We Share Data With
  6. International Transfers
  7. Cookies & Tracking
  8. Data Retention
  9. Your Rights
  10. Security
  11. Children's Privacy
  12. Contact & DPO

1. Who We Are

LIEN GROUP ("we", "us", "our") operates the website at this domain as an international luxury goods e-commerce platform. We are the data controller for personal information collected through our website.

For any privacy matters, you may contact us at: privacy@liengroup.com

2. Data We Collect

2.1 Information You Provide

  • Order information: name, email address, phone number, shipping address, postcode, country
  • Account information: username, email address, password (hashed)
  • Payment information: processed entirely by Stripe — we never store full card numbers on our servers
  • Communications: messages sent to us via WhatsApp or email

2.2 Information Collected Automatically

  • IP address and approximate location (country/region level)
  • Browser type, device type, operating system
  • Pages visited, time spent, referral source
  • Session identifiers (stored in sessionStorage, not cookies)

2.3 Information from Third Parties

  • Payment status from Stripe (no card details shared back to us)
  • Delivery confirmation from shipping providers

3. How We Use Your Data

PurposeData UsedLegal Basis
Process and fulfil your orderName, address, email, phone, payment statusContract performance
Send order confirmation and updatesEmail, phone (WhatsApp)Contract performance
Fraud prevention and securityIP address, order detailsLegitimate interest
Improve our websiteAnonymised analytics dataLegitimate interest
Marketing emails (only if opted in)Email addressConsent
Legal complianceOrder & transaction recordsLegal obligation

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling.

5. Who We Share Your Data With

RecipientPurposeLocation
StripePayment processingUSA / EU (SCCs in place)
Shipping carriers (DHL, FedEx, etc.)Order deliveryGlobal
Cloud hosting providerWebsite & data hostingGlobal (ISO 27001)
Email serviceTransactional emailsUSA / EU

All processors are bound by data processing agreements and must maintain adequate security standards.

6. International Data Transfers

LIEN GROUP serves customers globally. When we transfer your personal data outside the EEA or UK, we ensure appropriate safeguards are in place, including:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreements (IDTAs)
  • Transfers only to countries with an adequacy decision where possible

7. Cookies & Tracking Technologies

What We Use

TypeNamePurposeDuration
Essentialluxevault_cartShopping cart contentslocalStorage (until cleared)
Essentiallg_sessionLogin sessionlocalStorage (until logout)
Essentiallg_sidAnonymous session ID for analyticssessionStorage (tab close)
Preferenceslg_currencyYour selected currencylocalStorage (until cleared)
AnalyticsInternal page viewsAnonymised traffic analytics30 days

We use localStorage and sessionStorage rather than third-party tracking cookies. We do not use Google Analytics, Facebook Pixel, or other third-party advertising trackers.

You can clear stored data at any time via your browser settings (Settings → Privacy → Clear Site Data).

8. Data Retention

  • Order records: 7 years (required for accounting/tax law in most jurisdictions)
  • Account information: until account deletion or 2 years of inactivity
  • Analytics data: 30 days, then anonymised
  • Marketing consent records: until consent withdrawn + 1 year

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

RightDescriptionApplies To
AccessRequest a copy of data we hold about youGDPR, UK GDPR, CCPA
RectificationCorrect inaccurate personal dataGDPR, UK GDPR
Erasure"Right to be forgotten" — delete your dataGDPR, UK GDPR, CCPA
PortabilityReceive your data in a machine-readable formatGDPR, UK GDPR
ObjectObject to processing based on legitimate interestsGDPR, UK GDPR
RestrictLimit how we process your dataGDPR, UK GDPR
Opt-out of saleWe do not sell data — not applicableCCPA
Withdraw consentOpt out of marketing at any timeAll

To exercise any of these rights, email us at privacy@liengroup.com. We will respond within 30 days (GDPR deadline).

10. Security

We implement appropriate technical and organisational measures to protect your personal data:

  • All data transmitted via HTTPS / TLS 1.3
  • Payment processing via Stripe (PCI DSS Level 1 certified)
  • Passwords stored as one-way hashes — never in plain text
  • Access to customer data restricted to authorised personnel only
  • Regular security reviews and updates

In the event of a data breach affecting your rights, we will notify you within 72 hours as required by GDPR.

11. Children's Privacy

Our website is not directed at children under 16 years of age. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.

12. Contact & Data Protection Officer

Get in Touch

📧 Privacy enquiries: privacy@liengroup.com

💬 WhatsApp: +86 16657122166

🕐 We aim to respond to all privacy requests within 5 business days and are legally required to respond within 30 days.

If you are an EU/UK resident and are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority.