Privacy Policy

01 — Overview & Scope

This Policy applies to all personal data processed through our corporate website, inquiry and quotation forms, email correspondence, trade show registrations, and any other digital or physical touchpoints operated by Shandong Lion International Trading Co., Ltd., a company registered and operating under the laws of the People's Republic of China.

This Policy governs data relating to natural persons only. Information relating to corporate entities, registered company names, or publicly available trade data is not considered personal data under this Policy. If you are accessing our services on behalf of a legal entity, you represent that you have the authority to accept this Policy on that entity's behalf.

Applicability to International Visitors

Our services are directed to industrial procurement professionals, project engineers, and supply chain managers worldwide. Regardless of your country of residence, we apply consistent baseline data protection standards across all interactions. Where local law imposes stricter requirements, we will comply with those requirements in addition to our baseline standards.

02 — Data We Collect

We collect only the minimum data necessary to fulfill a legitimate business or legal purpose. The categories of personal data we may collect include:

2.1 Information You Provide Directly

• Contact Identification: Full name, job title, professional email address, and telephone number
• Company Information: Company name, registered address, industry sector, and annual procurement volume (where voluntarily disclosed)
• Technical Inquiry Data: Engineering drawings, technical specifications, material requirements, and project timelines submitted via inquiry forms or email
• Correspondence Records: The content of emails, messages, and meeting notes exchanged between you and our commercial or technical teams

2.2 Information Collected Automatically

• Usage Data: IP address, browser type and version, operating system, referring URL, pages visited, and session duration
• Device Data: Device identifiers and approximate geolocation derived from IP address
• Cookie Data: Functional and analytical cookies as described in Section 10 of this Policy

2.3 Information from Third Parties

We may receive limited professional data from publicly available B2B directories, trade platform profiles (e.g., Alibaba, Made-in-China), or industry event organizers where you have consented to data sharing with commercial partners. We do not purchase personal data from data brokers.

03 — How We Use Your Data

We process personal data for the following defined business purposes:

• Responding to technical inquiries, requests for quotation (RFQ), and product specification requests
• Preparing, negotiating, and executing commercial contracts and purchase orders
• Managing ongoing supplier-client relationships, delivery coordination, and after-sales technical support
• Sending relevant product updates, capability announcements, or industry insights where you have opted in to receive such communications
• Complying with export control regulations, customs documentation requirements, and applicable trade laws
• Improving our website's functionality, performance, and user experience through aggregated analytics
• Detecting, investigating, and preventing fraudulent, unauthorized, or illegal activity

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects on individuals.

04 — Legal Basis for Processing (GDPR)

For visitors and contacts in the European Economic Area (EEA), the United Kingdom, and Switzerland, we rely on the following legal bases under Article 6 of the GDPR:

4.1 Contractual Necessity (Art. 6(1)(b))

Processing is necessary to take pre-contractual steps at your request (e.g., preparing a quotation or technical proposal) or to perform a contract to which you are a party (e.g., processing an order, coordinating delivery).

4.2 Legitimate Interests (Art. 6(1)(f))

We process contact and usage data on the basis of our legitimate interests in operating a professional B2B business, maintaining commercial relationships, ensuring website security, and improving our services. We have assessed that these interests are not overridden by your fundamental rights and freedoms.

4.3 Legal Obligation (Art. 6(1)(c))

We process data where necessary to comply with applicable legal obligations, including customs, tax, export control, and anti-money-laundering regulations.

4.4 Consent (Art. 6(1)(a))

Where we send optional marketing communications or use non-essential cookies, we will obtain your prior consent. You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

05 — Disclosure & Sharing

We do not sell, rent, or trade your personal data to any third party for commercial purposes. We may share data only in the following limited circumstances:

• Manufacturing Partners: Sub-contracted production facilities within our verified manufacturing network, strictly for the purpose of fulfilling your order. All partners are bound by confidentiality obligations
• Logistics Providers: Freight forwarders, customs agents, and shipping carriers who require consignee information to complete delivery
• Professional Advisors: Legal counsel, auditors, and financial advisors under strict professional secrecy obligations
• Regulatory Authorities: Government agencies, customs authorities, or courts where disclosure is required by mandatory law or lawful order
• Technology Service Providers: Hosting, email, and analytics providers who process data solely on our behalf under data processing agreements

Any third party receiving personal data on our behalf is contractually required to implement appropriate technical and organizational security measures and to process data only for the purposes specified by us.

06 — International Data Transfers

As a China-based company serving a global clientele, data you submit may be transferred to and processed in the People's Republic of China. Where we transfer personal data from the EEA, UK, or other jurisdictions with data export restrictions to countries not recognized as providing an adequate level of data protection, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Agreements (IDTAs) for transfers from the United Kingdom
• Contractual and technical measures equivalent to those required under the applicable adequacy framework

You may request a copy of the applicable transfer mechanism by contacting our Data Protection contact as described in Section 11.

07 — Data Retention

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, or as required by applicable law. Our standard retention periods are:

• Inquiry & Pre-contract Data: 2 years from the date of last contact, unless a contract is concluded
• Contract & Transaction Records: 7 years from the date of contract completion, in accordance with commercial accounting and tax retention requirements
• Technical Drawings & Specifications: Duration of the business relationship plus 3 years, unless a longer period is required by product liability law
• Marketing Consent Records: Until consent is withdrawn, plus 1 year for record-keeping purposes
• Website Analytics Data: 26 months in aggregated or pseudonymized form

Upon expiry of the applicable retention period, data is securely deleted or irreversibly anonymized in accordance with our internal data lifecycle procedures.

08 — Your Data Subject Rights

Depending on your jurisdiction of residence, you may be entitled to exercise the following rights with respect to your personal data:

Rights Under GDPR (EEA / UK)

• Right of Access (Art. 15): Obtain confirmation of whether we process your data and receive a copy of that data
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data
• Right to Erasure (Art. 17): Request deletion of your data where no overriding legal basis for retention exists
• Right to Restriction (Art. 18): Request that we limit processing of your data in certain circumstances
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes
• Right to Lodge a Complaint: File a complaint with your national supervisory authority (e.g., the relevant EU Data Protection Authority or the UK Information Commissioner's Office)

Rights Under CCPA (California Residents)

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by us
• Right to opt out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

Rights Under PIPL (PRC Residents)

• Right to be informed about the processing of personal information
• Right of access, correction, deletion, and portability of personal information
• Right to withdraw consent and request cessation of processing

To exercise any of the above rights, please submit a written request to the contact details provided in Section 11. We will respond within the timeframe required by applicable law (typically 30 days under GDPR). We may need to verify your identity before processing your request.

09 — Security Measures

We implement industry-standard technical and organizational measures to protect personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. These measures include:

• TLS/SSL encryption for all data transmitted via our website and email systems
• Access controls limiting data access to authorized personnel on a need-to-know basis
• Regular security assessments and vulnerability scanning of our digital infrastructure
• Employee training on data protection obligations and information security protocols
• Documented incident response procedures in the event of a personal data breach

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected individuals without undue delay in accordance with our obligations under applicable law.

10 — Cookies & Tracking Technologies

Our website uses cookies and similar technologies to ensure basic functionality and to analyze site performance. We categorize cookies as follows:

10.1 Strictly Necessary Cookies

These cookies are essential for the website to function correctly (e.g., session management, form security tokens). They cannot be disabled without impairing core functionality. No consent is required for these cookies.

10.2 Analytics Cookies

With your consent, we use analytics tools (such as Google Analytics with IP anonymization enabled) to collect aggregated, pseudonymized data about how visitors use our website. This helps us improve content relevance and site performance. You may opt out at any time via our cookie preference center or by installing the Google Analytics opt-out browser add-on.

10.3 Managing Cookie Preferences

Upon your first visit, a cookie consent banner will present your options. You may modify your preferences at any time by clearing your browser cookies and revisiting the site, or by contacting us directly. We do not use advertising, behavioral targeting, or social media tracking cookies.

11 — Contact & Data Protection Inquiries

For all questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us through the following channels:

We aim to resolve all privacy-related inquiries within 30 calendar days. If you are not satisfied with our response, you retain the right to escalate your complaint to the competent data protection supervisory authority in your jurisdiction.

Policy Updates

We reserve the right to update this Privacy Policy periodically to reflect changes in our data processing practices, legal requirements, or business operations. Material changes will be communicated via a prominent notice on our website. The "Last Updated" date at the top of this page will always reflect the most recent revision. Continued use of our website or services following the effective date of any revision constitutes your acknowledgment of the updated Policy.