Privacy Policy
Your privacy matters to us. This policy explains how viviinnis collects, uses, and protects your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable international trade website standards.
Last updated: June 1, 2025 · Effective date: June 1, 2025
Table of Contents
Who We Are
viviinnis ("we," "our," or "us") is a B2B false eyelash trading company based in the United States, supplying premium false eyelash products to retail sellers, Amazon sellers, and independent e-commerce businesses primarily in the USA.
For the purposes of GDPR and applicable data protection law, viviinnis acts as the data controller responsible for the personal data you provide through our website and business communications.
Our website and services are intended for business professionals and commercial buyers. We do not knowingly collect data from consumers for direct retail purposes.
Data We Collect
We collect the following categories of personal data:
Information You Provide Directly
- Full name and job title
- Business name and company address
- Business email address and phone number
- Inquiry content, product requirements, and order details
- Billing and shipping addresses for trade transactions
- Any other information you voluntarily submit via contact forms or email
Information Collected Automatically
- IP address and approximate geographic location
- Browser type, version, and operating system
- Pages visited, time on site, and referring URL
- Device identifiers and session data via cookies and similar technologies
Information from Third-Party Sources
- Business contact details obtained through platforms such as Alibaba.com or trade shows
- Publicly available professional information (e.g., LinkedIn)
Note: We do not collect sensitive personal data (such as health information, racial or ethnic origin, or financial account credentials) through our website.
How We Use Your Data
We use your personal data for the following purposes:
-
Responding to inquiries and quotes -- Processing your contact form submissions and product inquiries.
-
Order fulfillment and trade operations -- Managing B2B orders, shipping logistics, invoicing, and after-sales service.
-
Business relationship management -- Maintaining records of our trading partners and communication history.
-
Marketing communications -- Sending new product launches, catalog updates, and promotional information to business contacts who have consented or with whom we have an existing business relationship.
-
Website analytics and improvement -- Understanding how visitors use our site to improve user experience and content.
-
Legal and compliance obligations -- Fulfilling our obligations under applicable laws, including export/import regulations and tax requirements.
Legal Basis for Processing
Under GDPR Article 6, we rely on the following legal bases to process your personal data:
Contract Performance
Processing necessary to fulfill or enter into a B2B trade contract with you (Art. 6(1)(b)).
Legitimate Interests
Processing for our legitimate business interests, such as B2B marketing to existing contacts and website analytics (Art. 6(1)(f)).
Legal Obligation
Processing required to comply with applicable laws, export regulations, and tax obligations (Art. 6(1)(c)).
Consent
Where we rely on your explicit consent, such as for marketing emails to new contacts. You may withdraw consent at any time (Art. 6(1)(a)).
Cookie Usage
Our website uses cookies and similar tracking technologies to enhance your browsing experience and gather analytical data. A cookie is a small text file stored on your device when you visit our website.
Types of Cookies We Use
| Cookie Type | Purpose | Consent Required |
|---|---|---|
| Essential / Strictly Necessary | Required for the website to function correctly (e.g., session management, security tokens, form submissions). | Not required |
| Analytics / Performance | Collects anonymized data about how visitors use our site (e.g., Google Analytics -- pages visited, session duration, bounce rate). | Required |
| Functional | Remembers your preferences such as language settings and form auto-fill data. | Required |
| Marketing / Targeting | Used to deliver relevant advertisements and track ad campaign effectiveness (e.g., Meta Pixel, Google Ads). | Required |
Managing Your Cookie Preferences
When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or decline non-essential cookies. You may update your preferences at any time by clicking the "Cookie Settings" link in our website footer.
You can also control cookies directly through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For guidance, visit aboutcookies.org.
Data Sharing & Third Parties
We do not sell, rent, or trade your personal data to third parties. We may share your data with trusted service providers who assist us in operating our business, subject to strict data processing agreements:
- Logistics & freight partners -- For processing and delivering your orders (e.g., freight forwarders, customs brokers).
- Payment processors -- For secure handling of trade invoices and payments.
- IT and website service providers -- Including our web hosting provider, CRM platform, and email service provider.
- Analytics providers -- Such as Google Analytics for aggregated, anonymized website usage data.
- Legal and regulatory authorities -- Where required by law, court order, or to protect our legal rights.
All third-party processors are contractually required to handle your data in accordance with applicable data protection laws and only for the specified purposes.
Data Storage & Protection
We take the security of your personal data seriously. We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, destruction, or alteration.
Encryption
All data transmitted via our website is encrypted using SSL/TLS. Sensitive business data is encrypted at rest.
Access Controls
Access to personal data is restricted to authorized personnel only, on a need-to-know basis, with role-based access controls.
Secure Hosting
Our website and data are hosted on reputable cloud infrastructure with regular security audits and backups.
Breach Response
In the event of a data breach that poses a risk to your rights, we will notify relevant supervisory authorities within 72 hours and affected individuals without undue delay.
Important: While we implement robust security measures, no method of internet transmission or electronic storage is 100% secure. We encourage you to protect your own credentials and contact us immediately if you suspect any unauthorized use of your account.
International Data Transfers
As an international B2B trader operating between the USA and China, your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States and the People's Republic of China.
Where such transfers occur, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V requirements, including:
- Relying on Standard Contractual Clauses (SCCs) approved by the European Commission where applicable.
- Ensuring third-party processors in non-EEA countries provide equivalent data protection guarantees.
- Limiting cross-border data transfers to the minimum necessary for trade operations.
You may request further information about the specific safeguards in place for international transfers by contacting us at the details in Section 13.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. Our general retention periods are:
| Data Category | Retention Period |
|---|---|
| Business inquiry & contact records | 3 years from last contact, unless a business relationship is established |
| Trade order and transaction records | 7 years (to comply with US and international tax/accounting regulations) |
| Marketing consent records | Until consent is withdrawn, then deleted within 30 days |
| Website analytics data (cookies) | Up to 26 months (Google Analytics default) |
| Legal dispute or compliance records | As required by applicable law or until resolution of dispute |
When data is no longer required, we securely delete or anonymize it in accordance with our data disposal procedures.
Your Privacy Rights
Depending on your location and applicable law, you may have the following rights regarding your personal data. EEA/UK residents have these rights under GDPR; US residents may have additional rights under applicable state laws (e.g., CCPA for California residents).
Right of Access
Request a copy of the personal data we hold about you and information about how we use it.
Right to Rectification
Request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure
Request deletion of your personal data where there is no compelling reason for us to continue processing it ("right to be forgotten").
Right to Restriction
Request that we restrict the processing of your data in certain circumstances, such as while we verify its accuracy.
Right to Data Portability
Request your personal data in a structured, machine-readable format for transfer to another controller.
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we demonstrate compelling grounds.
Right to Withdraw Consent
Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint
Lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your EU member state's data protection authority).
California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, please contact us using the details in Section 13.
To exercise any of your rights, please submit a written request to privacy@viviinnis.com. We will respond within 30 days (extendable by a further 60 days for complex requests, with notice). We may need to verify your identity before processing your request.
Children's Privacy
Our website and services are directed exclusively at business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children.
If you believe we have inadvertently collected personal data from a minor, please contact us immediately at privacy@viviinnis.com and we will promptly delete such information.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this policy.
- Notify existing business contacts by email where the changes significantly affect how we use their data.
- Display a prominent notice on our website for a reasonable period following the update.
We encourage you to review this policy periodically. Your continued use of our website or services after changes are posted constitutes your acknowledgment of the updated policy.
Contact & Data Controller
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
viviinnis
We aim to respond to all privacy-related inquiries within 5 business days. For formal data subject requests, we will respond within the legally required timeframe.
If you are located in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.
© 2025 viviinnis. All rights reserved. · This policy was last reviewed on .
Back to top