I. Scope of Application

1. This policy applies to all our activities involving the collection, recording, storage, use, processing, transfer, provision, publication, and deletion of personal data of EU users in the course of conducting menswear manufacturing, sales, and related businesses.
2. These terms do not apply to the processing of personal data by third-party platforms or service providers, including but not limited to our partner logistics service providers, payment institutions, and advertising service providers. We will require third parties to strictly comply with GDPR and related regulations to protect users' personal data, but we are not directly responsible for the specific processing practices of third parties. Users can refer to the privacy policies of the third parties for details.

II. Collection and Use of Personal Data

(I) Types of Personal Data Collected

To facilitate our menswear business, improve service quality, and fulfill our legal obligations, we only collect personal data necessary for our business, adhering to the principle of "minimum necessity" and refraining from collecting irrelevant information. This includes:

1. Identification Data: such as name, gender, contact information (telephone, email), address, etc., used for communication with users, order confirmation, and goods delivery;
2. Transaction-Related Data: such as order information, payment records, shipping address, size preferences, etc., used to complete menswear sales transactions, order fulfillment, and after-sales support;
3. Website Usage Data: such as IP address, browser type, access time, browsing history, page dwell time, etc., used to optimize website experience, troubleshoot technical issues, and ensure website security;
4. Communication Data: such as content you communicate with us via email (ceo@glimmertradebiz.com) or other channels, used to respond to your inquiries, handle complaints, and promote business cooperation;
5. Other Data Required by Laws and Regulations: such as relevant personal data required to fulfill legal obligations such as taxation and auditing.

Note: We will not collect sensitive personal data as defined by the EU GDPR (such as race, religion, political opinion, health information, biometric data, etc.) unless we obtain the user's explicit and voluntary consent and have a legal basis.

(II) Data Collection Methods

1. Proactive Provision: Personal data proactively provided by users when browsing our website, submitting orders, sending inquiry emails, or participating in business cooperation;
2. Automatic Collection: Data related to user visits to the website will be automatically collected through website backend technology, cookies, and similar technologies (see Article 4 of these Terms for details on the use of cookies);
3. Legitimate Third-Party Acquisition: With the user's consent or in compliance with laws and regulations, we will obtain necessary personal data from legitimate and compliant third parties (such as logistics service providers and partner platforms) for the purpose of fulfilling business obligations.

(III) Purpose of Data Use

The personal data we collect will only be used for the following legitimate purposes and will not be used beyond the following scope without the user's consent:

1. Fulfilling Transaction Obligations: Confirming, producing, delivering, collecting payment, and following up on after-sales orders for menswear;
2. Providing Services and Communication: Responding to user inquiries, complaints, and feedback, and providing services such as menswear-related product information and size suggestions;
3. Optimizing Business and User Experience: Optimizing website functions, improving menswear product design, and enhancing service quality based on website usage data and user preferences;
4. Ensuring Security: Investigating website security risks, preventing fraudulent activities, and protecting the legitimate rights and interests of users and ourselves;
5. Fulfilling Legal Obligations: Complying with the laws and regulations, tax, audit, and regulatory requirements of the EU and relevant countries, and cooperating with law enforcement agencies' legitimate inquiries and investigations.

III. Storage and Protection of Personal Data

(I) Data Storage

1. Storage Location: We will store EU users' personal data on compliant servers within the EU, or on servers outside the EU that comply with GDPR requirements (if overseas storage is involved, we will ensure compliance with cross-border data transfer requirements, obtain relevant authorizations, or take equivalent protective measures);
2. Storage Period: Personal data will only be stored for the shortest period necessary to achieve the purposes stipulated in these Terms. After the storage period, personal data will be securely deleted or anonymized in accordance with legal requirements and internal data management standards (anonymized data is no longer considered personal data and can be used for legitimate purposes such as business analysis);
3. Storage Security: We will use AES-256 encryption technology to store personal data, and SSL encryption will be enabled during transmission. We will also establish a strict access control mechanism to restrict employee access to personal data. Only authorized personnel can access the relevant data and must fulfill their confidentiality obligations.

(II) Data Protection Measures

We have established a comprehensive personal data security protection system, employing both technical and managerial measures to prevent risks such as leakage, alteration, loss, and misuse of personal data. Specifically, these include:

1. Technical Measures: Deploying firewalls, intrusion detection systems, and data encryption technologies; regularly conducting security checks and vulnerability patching on websites and servers to ensure the security and stability of the data processing system;
2. Managerial Measures: Establishing comprehensive data security management systems, employee confidentiality agreements, and data processing procedures; regularly providing employees with GDPR and data security-related training to enhance their privacy awareness;
3. Emergency Response: Establishing a personal data breach emergency response mechanism. In the event of a data breach, we will promptly notify EU regulatory authorities and affected users within 72 hours as stipulated by GDPR and take necessary measures to mitigate the damage.

IV. Use of Cookies and Similar Technologies

1. To optimize the website user experience, record user browsing preferences, and ensure the normal operation of the website, our website may use cookies and similar tracking technologies to collect user website usage data (such as browsing history, page dwell time, etc.);
2. Users can enable or disable cookies through browser settings. Disabling cookies may affect the normal use of some website functions (such as order submission, page redirection, etc.);
3. We will not collect users' sensitive personal data through cookies, nor will we use the data collected by cookies for purposes other than those stipulated in these terms. The storage period of cookies will strictly follow the "minimum necessary" principle.

V. Transmission and Sharing of Personal Data

(I) Data Transmission

1. We will only transmit personal data in compliance with GDPR and relevant laws and regulations;
2. If it involves the transfer of EU users' personal data outside the EU, we will take the following equivalent protective measures to ensure data security: obtaining adequacy certification from the European Commission, signing a data processing agreement with the recipient that complies with GDPR requirements, using encrypted transmission technology, etc. We will not transfer personal data outside the EU without authorization.

(II) Data Sharing

We strictly limit the sharing of personal data. We will only share EU users' personal data with third parties in the following circumstances, and we will ensure that third parties comply with GDPR and related regulations, fulfilling their data protection obligations:

1. Obtaining explicit and voluntary consent from the user: Before sharing, we will clearly inform the user of the name of the third party, the data type, and the purpose of sharing. Sharing will only proceed after the user confirms their consent in writing or electronically.
2. Necessary for fulfilling business and legal obligations: For example, sharing the user's name, address, contact information, etc., with logistics service providers to complete the delivery of men's clothing; sharing necessary data with tax and auditing agencies to fulfill legal obligations.
3. Necessary for protecting legitimate rights and interests: In the event of an emergency, to prevent fraud, to protect the legitimate rights and interests of users or ourselves, or to cooperate with legitimate inquiries and investigations by EU law enforcement agencies, we may share necessary personal data within the scope permitted by laws and regulations.
4. Third-party service providers: We may entrust third parties (such as website technology service providers and server providers) to process some personal data for website operation, data storage, and other functions. We will sign strict data processing agreements with third parties, clarifying the rights and obligations of both parties, supervising the third party's data processing behavior, and ensuring data security.

Note: We will not sell or rent the personal data of EU users to any third party, nor will we use it for any purpose unrelated to these terms.

VI. User's Personal Data Rights

In accordance with the EU GDPR and related laws and regulations, EU users have the following rights regarding the personal data they provide. We will provide users with convenient and free access to exercise these rights, without unreasonable restrictions:

1. Right of Access: Users have the right to request at any time a copy of their collected, stored, and used personal data, and to understand the purpose, method, and storage period of their data processing;
2. Right of Correction: If users find errors or incompleteness in their personal data, they have the right to request us to correct or supplement the relevant data in a timely manner;
3. Right of Erasure (Right to Be Forgotten): Users have the right to request us to delete their personal data in the following circumstances: the purpose of data collection has been achieved and it is no longer needed; the user withdraws consent; our processing violates laws and regulations; the data is irrelevant to our business, etc. We will delete the relevant data promptly upon receiving the request, unless otherwise stipulated by laws and regulations or there is a legitimate reason for retention;
4. Right to Restrict Processing: Users have the right to request us to restrict the processing of their personal data (such as disputes over the accuracy of the data, the purpose of processing has disappeared but the data needs to be retained, etc.). Upon receiving the request, we will suspend the relevant processing until the dispute is resolved or the restriction conditions disappear;
5. Right to Data Portability: Users have the right to request that we provide a copy of their personal data in a structured, universal, and machine-readable format, or assist in transferring the data to another legal data controller designated by the user;
6. Right to Withdraw Consent: If a user has previously consented to our collection and use of their personal data, they have the right to withdraw their consent at any time. Withdrawal of consent will not affect the validity of our data processing actions based on lawful consent prior to the withdrawal;
7. Right to Complain: If a user believes that our personal data processing actions violate the GDPR and related regulations, they have the right to file a complaint with the EU's Data Protection Authority (DPA), or they have the right to contact us directly for feedback.

(III) Methods of Exercising Rights

Users can submit requests to exercise the above rights by sending an email to our official email address ceo@glimmertradebiz.com. We will respond and process the request within one month of receipt. If the situation is complex, the response period may be appropriately extended, but the extension shall not exceed two months, and the user will be promptly informed of the reasons for the extension.

To protect users' legitimate rights and prevent unauthorized access to their personal data, we may require users to provide necessary identity verification information before processing their requests. We will only proceed after confirming that the requester is the data subject.

VII. Updates and Notifications of Terms

1. This Privacy Policy may be revised in response to updates to EU laws and regulations, our business development, and changing privacy protection needs. The revised terms will be prominently displayed on our website (glimmertradebiz.com) with a clear effective date.
2. If the revisions involve users' core rights (such as the scope of data collection, purpose of use, and sharing methods), we will notify EU users in advance via email, website pop-ups, etc., to ensure that users are aware of all the revised content.
3. The revised terms will take effect from the effective date. Continued interaction with us constitutes acceptance of the revised Privacy Policy. If users do not agree to the revisions, they may cease interaction with us, and we will stop processing their personal data.

VIII. Disclaimer

1. If user personal data is leaked, altered, or lost due to force majeure (such as natural disasters, network interruptions, hacker attacks, etc.), user error, or third-party violations, etc., which are not our subjective reasons, we will take necessary remedial measures to the best of our ability, but will not be liable for any direct or indirect losses caused thereby;
2. If the personal data provided by the user is incorrect or incomplete, or if the user discloses personal data to a third party without authorization, any losses resulting from this shall be borne by the user, and we shall not be liable for any related losses;
3. We are not liable for any personal data processing activities we conduct in accordance with laws and regulations, requirements of law enforcement agencies, or to protect the legitimate rights and interests of users, the public, and ourselves.

IX. Contact Us

If you have any questions, suggestions, or need to exercise your personal data rights or provide feedback on data processing issues regarding this Privacy Policy, please contact us through the following methods:

We will respond promptly upon receiving your email and properly handle your related requests.