PRIVACY POLICY

Privacy policy

1) Who We are

Sandy Liang, LLC and Sandy Liang 88 Corp., (collectively “Company,” “we,” “us,” or “our”),
designs and sells apparel and accessories. We act as the controller (or “business,”
“controller,” or equivalent term under applicable law) for the personal information we
process through the Services..

2) Scope

This Privacy Policy applies to personal information we collect online and in store and
explains your rights under applicable US state and international privacy laws.

3) What We Collect & Why (Notice at Collection).

We collect identifiers, commercial data, device/Internet activity, geolocation data, in-store, CCTV, payment data, and user content. Purposes include transactions, support, fraud prevention, analytics, marketing, and compliance.

4) How We Collect Information

Directly from you, automatically via cookies/pixels/SDKs, and from third parties such as
payment providers, fraud prevention providers, and social platforms.


5) Our Legal Bases (EEA/UK/Switzerland)

Contract, legitimate interests, consent, and legal obligations.


6) How We Use Information


To provide services, personalize experiences, run promotions, conduct analytics, prevent
fraud, comply with obligations, and advertising/targeted advertising (with opt-outs).
7) How We Disclose Information


To service providers and advertising/analytics providers. We do not sell customer lists.


8) Cookies, Tracking & In-App Technologies


We use cookies, pixels, and SDKs. In EEA/UK, non-essential cookies are set only with
consent. We honor Global Privacy Control (GPC) signals.


9) Your Choices


Options include unsubscribing from marketing, opting out of targeted advertising, cookie
controls.


10) Data Retention

We retain personal information as long as necessary for purposes described, applying
retention schedules and secure deletion.

11) Security
We implement safeguards including encryption, access controls, and PCI-DSS compliant
payment processing.


12) Children’s Privacy


Our website is not directed to children under 13. We do not knowingly collect children’s
data.


13) Regional Disclosures & Rights


US state privacy laws: rights of access, correction, deletion, opt-out, portability, etc.
GDPR/UK GDPR: access, rectify, erase, restrict, object, portability, withdraw consent.
PIPEDA: access, correction. LGPD: confirmation, correction, anonymization, portability,
deletion.


14) How to Exercise Your Rights


Requests via web form, email, or phone number. Verification required. Appeals available
where provided by law.

15) In-Store Practices

CCTV for safety and loss prevention; ID verification for returns where lawful; Wi-Fi/beacons with notice.


16) Third-Party Sites & Social Features


Interactions governed by third-party policies.


17) Your Responsibilities

Keep account information accurate and passwords secure.


19) Changes to This Policy

We may update this Policy. Material changes will be posted with a new effective date.


20) Contact Us

Questions? Contact shop@sandyliang.info.


21) Supplemental Notices


A) Financial Incentives

We may offer a loyalty program or discounts in exchange for your enrollment (e.g., email
address, purchase history). Participation is voluntary and subject to Program Terms.


- Categories of Data: Contact information, purchase history, preferences.
- How We Value Data: Good-faith estimate based on discount amounts, program costs, and
anticipated revenue.
- Opt-In/Withdraw: Enroll via [link]; you may withdraw at any time via [link] or emailing
privacy@domain.com.
- Non-Discrimination: We will not discriminate against you for exercising your rights.


B) Cookie Notice (Summary)


Types: Strictly Necessary, Performance/Analytics, Functional, Advertising.
Controls: Manage via Cookie Settings and your browser/mobile OS. In the EEA/UK, non-
essential cookies only with consent.


C) Biometric Data (If Used)


If we deploy biometric systems (e.g., facial recognition for access control or loss
prevention), we will provide a separate Biometric Notice & Consent, maintain a retention schedule, prohibit selling/monetizing biometric identifiers, and use safeguards aligned with applicable laws (e.g., BIPA where applicable).


Notice at Collection – Sample Table

22) State-by-State Addendum
This addendum provides supplemental disclosures required under certain U.S. state privacy laws. These rights are in addition to those described in Section 13. If there are conflicts, the more specific provision controls.


A) California (CPRA/CCPA)
- Right to Know: Access specific pieces of personal information we have collected about you.

- Right to Delete: Request deletion of personal information, subject to legal exceptions.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: You may opt out of the sale or sharing of your personal information for targeted advertising.
- Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal
information for purposes that require a limitation right.
- Shine the Light: California residents may request a list of third parties to whom we
disclosed personal information for their direct marketing purposes in the preceding
calendar year.


B) Virginia (VCDPA)


- Rights include access, correction, deletion, portability, and opting out of targeted
advertising, sale of personal data, or profiling with legal effects.
- Appeals: If we decline your request, you may appeal by emailing appeals@domain.com
with “Privacy Appeal” in the subject line.


C) Colorado (CPA)
- Similar rights as Virginia, including the right to access, correct, delete, portability, and opt-out of targeted advertising, sale, or profiling.
- Appeals process available; unresolved issues can be escalated to the Colorado Attorney General.


D) Connecticut (CTDPA)


- Provides rights similar to Virginia and Colorado, including rights to access, correct, delete, portability, and opt-out of targeted advertising and sales.
- Includes opt-out of profiling in certain contexts.
- Appeals process available.


E) Utah (UCPA)


- Provides rights to access, delete, and portability.
- Right to opt-out of targeted advertising and sale of personal data.
- No right to correct or appeal under UCPA.


F) Oregon (OCPA)


- Provides rights similar to Colorado, including access, correction, deletion, portability, and
opt-out of targeted advertising, sale, or profiling.
- Appeals process available; unresolved complaints can be directed to the Oregon
Department of Justice.


G) Texas (TDPSA)
- Effective July 1, 2024, provides rights to access, correct, delete, portability, and opt-out of targeted advertising, sale, or profiling.
- Appeals process available.