This Privacy Policy applies to the processing of personal data collected within the European Economic Area (“EEA”) or processed in the context of our establishment in the EEA (“EU Personal Data”).
Shining 3D Tech Co., Ltd. (and its affiliated companies listed below) acknowledges that the protection of personal data is one of our most significant legal obligations.
As described below, this Privacy Policy applies to the activities of:
• Shining 3D Tech Co., Ltd.
• Shining 3D Technology GmbH.
• Shining 3D Technology Inc.
Such entities shall be jointly and severally referred to as “we” and “us”.
This EU Privacy Policy sets out what EU Personal Data we collect, how we collect it, how we use it, and your rights in connection with how we process your EU Personal Data. We are committed to protecting your EU Personal Data as joint data controllers in accordance with our duties under the General Data Protection Regulation (“GDPR”). This Privacy Policy applies to all of us and for your convenience you may exercise any of your rights against any of us, and we will ensure it is routed to the correct department.
1. Collection, use and transfer of EU Personal Data
We have set out below, in a table format, a description of the types of EU Personal Data we collect, the sources we collect it from, how we plan to use your EU Personal Data, and which are the legal basis we rely on to do so.
You can refer to section 12. Glossary for a description of the terms used in the table below.
| Categories of EU Personal Data | Source of EU Personal Data | Use | Legal Basis |
| – Identity Data – Contact Data | – Direct interactions with the customer – Voluntary submission by the customers on websites | – Enabling general customer care and customer service, such as responding to questions – Enabling communication with you via post, e-mail, telephone or SMS/MMS | – For the performance of a contract with you or in order to take pre-contractual steps at your request – For the legitimate interests of communicating with our customers |
| – Identity Data – Contact Data | – Direct interactions with the customer – Voluntary submission by the customers on websites | – Marketing ourselves and our products via e-mail, SMS/MMS, post and telephone – Providing you with relevant information and customized offers in newsletters and on the internet | – For the legitimate interests of informing you about our products and services |
| – Identity Data – Contact Data | – Direct interactions with the customer – Voluntary submission by the customers on websites | – Responding to complaints and requests in connection with our processing of EU Personal Data | – To comply with our legal obligations as a Data Controller – For the legitimate interest of ensuring your concerns are addressed |
| – Identity Data – Contact Data – Product Use Data | – Direct interactions with the customer – Voluntary submission by the customers on websites – Use of our products and software | – Responding complaints and to requests for technical support | – For the performance of a contract with you – For the legitimate interest of ensuring your concerns are addressed |
| – Identity Data – Contact Data – Financial Data | – Direct interactions with the customer – Voluntary submission by the customers on websites | – Fulfilling our obligations towards you as a customer, such as carrying through purchases and the provision of service and support | – For the performance of a contract with you or in order to take pre-contractual steps at your request |
| – Product Use Data – Scan Object Data | – Automated data collection when using the products and the software | – Improving our products | – For the legitimate interests of improving our product performance |
| – Website Use Information | – Automated technologies when customers visit the websites, including cookies | – Improving our website, customer service and customer support through statistics | – For the legitimate interest of improving our website |
Please note that depending on the purpose for which we use your EU Personal Data, we may rely on more than one legal basis for processing. When we rely on legitimate interest, we do so because we have determined that this processing is required to be performed by us or a third party controller for the specific business interest specified in the table above. In making this determination we have considered your rights under European data protection law and balanced them against our legitimate interests. If you have any queries, you can contact us at the email address listed in section 13. Contact Us of this policy.
We may use your EU Personal Data for purposes other than the ones listed above. Should this be the case, we will inform you of the purpose in accordance with applicable laws and regulations.
2. Recipients
In order to achieve our purposes set out in the table above, we may share your EU Personal Data with the following categories of recipients:
(1) distributors and resellers in your territory;
(2) third party vendors that are used for providing marketing services;
(3) third parties to which you grant us permission;
(4) other third parties to which we are obliged or entitled to disclose the data by virtue of applicable law or by order of a court or other competent authorities.
We require all third parties who process EU Personal Data on our behalf to respect the security of your EU Personal Data and to treat it in accordance with their contractual obligations.
We may need to share your EU Personal Data with more recipients than the ones listed above. Should this be the case, we will inform you of the change in accordance with applicable laws and regulations.
3. If you fail to provide EU Personal Data
Where we need to collect EU Personal Data by law, or under the terms of a contract we have with you and you fail to provide the data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with scanners and scanning services). If that is the case, we may have to cancel a product or service you have with us.
4. International Transfer of EU Personal Data
We are an international organization and we might need to transfer your EU Personal Data to countries outside the EEA for processing in order to provide you with our services. Third party countries we may transfer your EU Personal Data include:
• China
• Japan
• The United States
We will only transfer your EU Personal Data outside the EEA with adequate safeguards in place and in full compliance with applicable laws. For example, we will only transfer your EU Personal Data to countries that have been deemed to provide an adequate level of protection. We have established standard contractual clauses with our service providers to ensure they protect your information and to enforce legal transfers of data internationally.
5. Your rights in relation to EU Personal Data
You have the following rights regarding your EU Personal Data that we hold:
(1) Right of access
You can request details of your EU Personal Data that we hold. We will confirm whether we are processing your EU Personal Data and we will disclose supplementary information including the categories of data, the sources from which it originated, the purpose and legal basis for the processing, the expected retention period, and the safeguards regarding data transfers to non-EEA countries, subject to the limitations set out in applicable laws and regulations. We will provide you free of charge with a copy of your EU Personal Data, but we may charge you a fee to cover our administrative costs if you request further copies of the same information.
(2) Right of correction
We will comply with your request to correct incomplete or inaccurate parts of your EU Personal Data, although we may need to verify the accuracy of the new information you provide us.
(3) Right to be forgotten
At your request, we will delete your EU Personal Data promptly if:
• it is no longer necessary to retain your EU Personal Data;
• you withdraw the consent which formed the basis of your EU Personal Data processing;
• you object to the processing of your EU Personal Data and there are no overriding legitimate grounds for such processing;
• the EU Personal Data was processed illegally;
• the EU Personal Data must be deleted for us to comply with our legal obligations.
We will decline your request for deletion if processing of your EU Personal Data is necessary:
• to comply with our legal obligations;
• in pursuit of a legal action;
• to detect and monitor fraud; or
• for the performance of a task in the public interest.
(4) Right to restrict processing of your EU Personal Data
At your request, we will limit the processing of your EU Personal Data if:
• you dispute the accuracy of your EU Personal Data;
• your EU Personal Data was processed unlawfully and you request a limitation on processing, rather than the deletion of your EU Personal Data;
• we no longer need to process your EU Personal Data, but you require your EU Personal Data in connection with a legal claim; or
• you object to the processing pending verification as to whether an overriding legitimate ground for such processing exists.
We may continue to store your EU Personal Data to the extent required to ensure that your request to limit the processing is respected in the future.
(5) Right to data portability
At your request, we will provide you free of charge with your EU Personal Data in a structured, commonly used and machine readable format, if:
• you provided us with EU Personal Data;
• the processing of your EU Personal Data is based on your consent or required for the performance of a contract; or
• the processing is carried out by automated means.
(6) Right to object
Where we process your EU Personal Data based upon our legitimate interest (or that of a third party), you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms. We will comply with your request unless we have compelling legitimate grounds for the processing which override your rights and freedoms, or where the processing is in connection with the establishment, exercise or defense of legal claims.
(7) Right not to be subject to decisions based solely on automated processing
You will not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your EU Personal Data, unless you have given us your explicit consent or where they are necessary for a contract with us.
(8) Right to withdraw consent
You have the right to withdraw any consent you may have previously given us at any time.
(9) Right to complain to a supervisory authority
If you are not satisfied with our response, you have the right to complain to or seek advice from a supervisory authority and/or bring a claim against us in any court of competent jurisdiction.
If you wish to contact us in connection with the exercise of your rights listed above, please email us at the email address listed in section 13. Contact Us of this policy. We will respond to your written request as soon as possible and no later than 30 days from receiving it.
Unless stated otherwise, we will not charge you any fee in connection with the exercise of your rights. In so far as it is practicable, we will notify the recipients of your EU Personal Data of any correction, deletion, and/or limitation on processing of your EU Personal Data.
Please note that if you decide to exercise your rights under sub-sections (3), (4), (5), (7), and (8), depending on our response, you may not be able to take full advantage of all of our benefits and services from that point on.
6. Retention Period
We keep your information as long as it is needed to achieve our purposes listed above, as well as for the amount of time necessary to meet any legal, tax, or reporting requirements.
We do not keep your personal information for longer than necessary unless we cannot delete it for legal or technical reasons.
7. Security
We have a management system to correct and prevent unauthorised access, loss, destruction, falsification, and leakage of EU Personal Data, as well as the appropriate technical and organizational measures to address such risks, as further detailed below. The goal of these measures is to maintain our data protection standards and to ensure we have the necessary safeguards for the processing of EU Personal Data.
Our security measures include:
(1) encryption of EU Personal Data;
(2) limiting access to EU Personal Data to authorized employees only;
(3) ensuring EU Personal Data can only be accessed through our secured intranet (also known as network isolation); and
(4) selecting service providers that have adequate safeguards in place to protect your EU Personal Data.
8. Children
We do not collect EU Personal Data from children under the age of 16. If we discover that that we have accidentally collected EU Personal from a child below 16, we will remove that child’s personal data from our records as soon as reasonably possible.
9. Accountability
We are responsible for all the safeguards implemented in relation to the processing of EU Personal Data, and we maintain an electronic record of all processing activities of our EU Personal Data.
10. Cookies
Google Analytics: This cookie allows us to see information on user website activities including, but not limited to page view, source and time spend on website. The information is depersonalized and is displayed as numbers, to help protect your privacy. Using Google Analytics we can see what content is popular on our website, and strive to give you more of the things you enjoy reading and watching.
Google Adwords: Using Google AdWords code we are able to see which pages helped lead to contact form submissions. This allows us to make better use of our paid search budget.
DoubleClick: We use remarketing codes to log when users view specific pages, allowing us to provide targeted advertising in the future.
11. Updates
This Privacy Policy may be updated to reflect changes to our EU Personal Data processing policy. In the event there is material change to this Privacy Policy we will inform you via our website.
12. Glossary
Some of the words in this Privacy Policy have the meanings set out below:
• Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession);
• Contact Data means email address, telephone number, and address;
• Identity Data means name, surname, user name, company name, job title, industry and location;
• Financial Data means bank account and payment bank details;
• Product Use Data means the purchase date, device code, serial number, the device activation date, and the use frequency, device location, computer specification, operation system, software installation status, software use date, error description, and rating and comments provided by the device user etc.;
• Scan Object Data means scan object type, scan object size, scan object image and parameter;
• Website Use Information means information about the pages you visit, access channels and time spend on website;
• Cookies are small pieces of data stored on your device (computer or mobile device);
• Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed;
• Websites refer to the websites operated by us for the purpose of performance our services or promoting our products.
13. Contact Us
If you have any questions or opinions regarding this Privacy Policy, or if you have a request regarding information you provided us, you may either email us or send us a letter to the address below:
dp@shining3d.com
Last updated: June 14, 2018