Menu
Your Cart

Privacy Policy

1. Introduction and Scope of Application
1.1 Purpose of Policy
This Privacy Policy is prepared in accordance with the EU General Data Protection Regulation (GDPR) and aims to clearly inform users in the European Economic Area (EEA) about the collection, use, storage, and protection of personal data by SENRI TECHNOLOGY LIMITED (hereinafter referred to as "we"), thereby safeguarding their data sovereignty and legal rights.
1.2 Applicable Parties
This Policy applies to all EEA users, including individual consumers and corporate contacts, who visit or use our official website (unitbuying.com), purchase our phone cases, or engage with us through other channels.
1.3 Data Controller Information
Name: SENRI TECHNOLOGY LIMITED
Contact: Email: [email protected]
Inquiries regarding data protection can be directed to the above email address.

2. Collection and Processing of Personal Data
2.1 Data Sources
We only obtain personal data through the following lawful channels:
User-provided data: including name, email address, and phone number when registering an account, and delivery address when submitting an order;
Business interactions: order payment records, logistics tracking information, product inquiries, and after-sales service records;
Technically necessary data collection: device type, browser information, IP address, and page browsing history when accessing the website (solely used to optimize the service experience).

2.2 Lawful Basis for Data Processing
Pursuant to Article 6 of the GDPR, we process personal data based on the following lawful bases:
User consent: such as user authorization to send product update notifications;
Necessary for contract performance: such as the delivery address required to arrange logistics delivery according to order information;
Fulfillment of legal obligations: such as retaining transaction records to meet tax regulatory requirements;
Legitimate interests: analyzing product preferences to optimize product design without prejudice to user rights (data anonymization is implemented).

3. Use and Sharing of Personal Data
3.1 Data Usage Limitations
We strictly adhere to the principle of "data minimization" and use personal data only for the following intended purposes. No further use is permitted without the user's prior consent:
Order processing and delivery: including order confirmation, payment verification, logistics scheduling, and delivery notifications;
Customer service: responding to inquiries, processing returns and exchanges, and resolving product quality issues;
Product and service optimization: improving the website experience and optimizing product design based on browsing and purchase history;
Compliance communication: sending notifications of policy updates and privacy-related reminders.​

3.2 Data Sharing Rules
We promise not to sell or rent personal data to any unrelated third parties, and will only share personal data in the following necessary circumstances:
Service Partners: For example, logistics providers need to obtain delivery addresses to complete deliveries, and payment institutions need to verify transaction information (both parties have signed Data Processing Agreements (DPAs) that clearly stipulate confidentiality obligations);

Regulatory Requirements: Upon lawful request from EU or member state law enforcement agencies, necessary data will be disclosed upon providing formal legal documentation;

Corporate Restructuring Needs: In the event of a merger, acquisition, or spin-off, data may only be transferred to the successor entity, who must ensure compliance with this Privacy Policy.

4. Data Storage and Cross-Border Transfer
4.1 Storage Period
We adhere to the principle of "minimizing use" and retain personal data according to the following standards:
Transaction-related data (order, payment, logistics): Retained for 7 years from the date of order completion (to meet tax and commercial regulatory requirements);
Consulting and after-sales data: Retained for 2 years from the end of service;
Technical data used solely for website optimization: Retained for no more than 3 months and automatically anonymized upon expiration. After the above period, we will completely delete or pseudonymize the data through secure technological means to ensure that the user's identity cannot be identified.

4.2 Cross-border Transfer Safeguards
Given that our production and operations are located outside the EEA, cross-border transfers of personal data will strictly comply with Article 44 of the GDPR and implement the following safeguards:
Engage in a standardized contract with the data recipient that complies with EU standards;
Use bank-grade AES-256 encryption for transferred data;
Regularly review the data protection capabilities of the recipient to ensure they meet "adequacy of protection" requirements.

5. User Data Subject Rights

Pursuant to Articles 15-21 of the GDPR, EEA users have the following data subject rights, which we will respond to within one month of receiving a request:

5.1 Right to Information and Access
Users have the right to request a copy of their personal data, including complete information about the source of the data, the purpose of processing, and the parties with whom it has been shared. The first copy is free of charge.
5.2 Right to Correction and Erasure (Right to Be Forgotten)
If you discover that your personal data is incorrect or incomplete, you may request that we promptly correct it. You may also request that your personal data be completely erased if the data no longer serves the purposes for which it is processed, if you withdraw your consent, or if other legal grounds apply.
5.3 Right to Restriction of Processing and Right to Portability
You may request the restriction of data processing under certain conditions (such as pending verification of data accuracy). You may also request that we provide your personal data in a structured, commonly used, and machine-readable format, or have it transferred directly to another data controller.
5.4 Withdrawal of Consent and Right to Object
You may withdraw your consent at any time (e.g., to opt out of marketing communications), without affecting any processing based on consent prior to your withdrawal. You may object to non-essential processing based on legitimate interests, which we will cease upon verification (unless there are overriding legitimate grounds).
5.5 Right to Complain
If you believe that our processing of your personal data violates the GDPR, you may file a complaint with a supervisory authority in an EU member state (e.g., the French Commission Nationale de l'Informatique et des Libertés (CNIL)).

6. Data Security Measures
6.1 Technical Security Protection
We implement multi-layered security measures in compliance with Article 32 of the GDPR:
Data is stored on encrypted servers, and all transmitted data is encrypted via SSL/TLS.
We deploy the SecureSphere database protection system and regularly conduct over 1,500 vulnerability scans and security assessments.
We implement least privilege access control for employees, and require two-factor authentication for critical data operations.
6.2 Data Breach Emergency Response
If a personal data breach occurs, we will notify the relevant regulatory authorities within 72 hours of discovery, in accordance with Article 33 of the GDPR. If the breach may harm user rights, we will immediately notify users via email or SMS and provide risk mitigation recommendations.
6.3 Security Measures Testing and Updates
We conduct penetration tests on our data security systems quarterly, conduct annual Data Protection Impact Assessments (DPIAs), and promptly optimize our security policies based on technological developments and regulatory updates.

7. Policy Updates and Effective Date
7.1 Update Mechanism
This Privacy Policy will be updated as necessary based on GDPR revisions and business development needs. Updates will be prominently posted on the homepage of unitbuying.com for at least seven days, and registered users will be notified via email.
7.2 Effective Date
This Policy is effective from the date of publication and supersedes all previous privacy terms related to EEA users.

8. Contact Us
If you have any questions about this Policy, wish to exercise your data subject rights, or report a data security issue, please contact us via the following methods:
We will acknowledge receipt of your request within three business days and process and respond to your request within the statutory timeframe.