GDPR Compliance Commitment & Privacy Protection Statement

Effective Date: 07 August 2025  

Last Updated: 07 August 2025    

To comply with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws, Pioneeer Brush (hereinafter “we” or “us”) is committed to protecting the security and privacy rights of our users (hereinafter “you” or “your”). This document outlines our principles for processing personal data and your rights under GDPR.

1. Data Collection & Use
  1. Transparency Principle  

We only collect personal data necessary to deliver our services (e.g., name, email, IP address) and clearly inform you through our Privacy Policy about: 

  • The specific types of data collected and their purposes (e.g., account registration, order processing, customer support); 
  • The legal basis for processing (e.g., your consent, contractual necessity, or legal obligations); 
  • Retention periods and storage locations (e.g., EU-based servers or certified cross-border transfer mechanisms).  
2. Your Data Rights

Under GDPR, you may exercise the following rights free of charge by contacting us at info@pioneerbrush.com:  

  1. Right to Access: Request a copy of your personal data and processing records.  
  2. Right to Rectification: Update or correct inaccurate/incomplete data.  
  3. Right to Erasure: Request deletion of your data (“Right to be Forgotten”) unless legal obligations require retention.  
  4. Right to Restrict Processing: Suspend data processing during dispute resolution.  
  5. Right to Data Portability: Receive your data in a structured, machine-readable format and transfer it to another provider.  
  6. Right to Object: Opt out of direct marketing or automated decision-making processes.  

Response Time: We will respond within 30 days of receiving your request, with possible extensions to 60 days for complex cases (we will notify you in advance).  

3. Data Security & Safeguards
  1. Technical Measures 
  • SSL/TLS encryption for sensitive data transmission; 
  • Regular security vulnerability scans and penetration testing;
  • Access controls and anonymization for databases.  
  1. Organizational Measures  
  • Confidentiality agreements with employees and mandatory privacy training; 
  • Limited data access to authorized personnel only;
  • GDPR-compliant Data Processing Agreements (DPAs) with third-party vendors (e.g., cloud services, payment processors). 

4. Data Sharing & International Transfers

  1. Third-Party Sharing

We will not sell or share your data with unrelated third parties without your explicit consent. Exceptions apply for legal requirements (e.g., judicial investigations), in which case we will notify you in advance (unless legally prohibited).  

  1. Cross-Border Transfers  

If data is transferred outside the EU (e.g., to servers in China), we ensure protection through:   

  • EU-approved Standard Contractual Clauses (SCCs); 
  • Service providers certified under Privacy Shield (if applicable) or equivalent frameworks.  
5. Data Breach Response

In the event of a breach that risks your rights, we will:  

  1. Notify the relevant EU supervisory authority within 72 hours;  
  2. Promptly inform affected users and provide mitigation guidance (e.g., password resets).  
6. Children’s Privacy

We do not knowingly collect personal data from individuals under 16 years of age. If you believe a minor’s data was unintentionally collected, contact us immediately for deletion.  

7. Updates & Contact Information

  1. This statement may be updated to reflect legal or operational changes. Updates will be communicated via info@pioneerbrush.com.  
  2. For questions or to exercise your rights, contact:  
  • Data Protection Officer (DPO): Pioneer Brush

Email: info@pioneerbrush.com

Address: Tianjin Pioneer Brush Panzhuang Town Ninghe District 301508 Tianjin.