Privacy Policy

Last updated: May 2026

1. Introduction & Data Controller

Vierlot (referred to as "we", "us", or "our") operates the official website vierlot.com. This policy explains how we collect, use, store and disclose your personal data during your browsing, ordering and after-sales service.

We are the official data controller of all your personal information.

Only contact method: service@vierlot.com

We fully comply with EU GDPR, California CCPA/CPRA, China Personal Information Protection Law and global cross-border data protection laws.

2. Data We Collect

We collect only necessary data to complete orders, delivery and customer service, in line with the "minimum necessary" principle of global data protection laws.

Personal Identifiable Data

  • Email address
  • Full name
  • Contact phone number
  • Shipping & billing address
  • Wholesale inquiry information: WhatsApp, Instagram account, business details

Payment Data

All bank card and payment details are processed and stored by third-party payment platforms Stripe & PayPal. We do not save complete bank card information internally, and payment data is only used for order settlement.

Device & Usage Data

IP address, browser information, access time, page browsing records, device identification code. All anonymous data will not be linked to personal identity, nor will it be traced or filed.

Luxury Appraisal & Transaction Data

Product condition photos, authenticity verification records and transaction files are only used for item appraisal, after-sales rights protection and compliance filing, and will never be disclosed to luxury brands or unrelated third parties.

3. Legal Basis for Processing

We process your personal data based on legitimate legal grounds:

  1. Contract performance: complete order payment, cross-border delivery and after-sales guarantee.
  2. Legitimate interests: anti-fraud risk control, website security, service optimization.
  3. User consent: marketing notification, advertisement & behavior analysis.
  4. Legal obligations: cross-border tax filing, customs compliance and record retention.

4. International Data Transfer & Third-Party Sharing

International Data Transfer

Your personal data may be transmitted and stored in regions with different data protection regulations. We take standard contractual clauses and encryption measures as appropriate safeguards for cross-border data transmission. By using our website, you agree to cross-border data transmission.

Authorized Third-Party Sharing

We only share necessary information with qualified partners, and sign confidentiality agreements with all third parties:

  1. Third-party payment processors: Stripe, PayPal.
  2. International logistics & customs clearance agencies.
  3. Shopline platform system for order management.

We will never sell, rent or trade your personal privacy data for commercial profit.

5. Data Security, Retention & Deletion

We adopt SSL full-site encrypted transmission to protect user data security. No internet transmission or electronic storage is absolutely 100% secure.

We retain personal order data for 7 years in accordance with international cross-border tax and customs legal requirements.

After the statutory retention period, data will be completely and securely deleted or anonymized.

Tax and customs archived records cannot be deleted according to mandatory legal regulations, even if users submit deletion applications.

6. Your Privacy Rights

You own full data rights under global privacy laws, and we will not charge any fees for exercising your rights:

  1. Right to access: query all personal data we hold.
  2. Right to correction: modify inaccurate personal information.
  3. Right to erasure: apply for data deletion (excluding legal tax archives).
  4. Right to restrict data processing.
  5. Right to data portability.
  6. Right to withdraw marketing consent anytime.
  7. Opt out of personal information sale & sharing (CCPA California).
  8. Non-discrimination rights: no worse service for exercising privacy rights.

We respond to all user data applications within 30 calendar days.

7. GDPR Non-EU Enterprise Representative

As a cross-border enterprise established outside the EU, we have designated a representative in the EU to handle GDPR-related data subject requests and regulatory communications, in full compliance with GDPR mandatory requirements.

8. Data Breach Emergency Response

In case of personal data leakage, we will comply with GDPR mandatory requirements: report to the competent data protection regulatory authority within 72 hours, and notify affected users in a timely manner when high security risks exist.

9. Cookie Tracking Policy

We use two types of website cookies:

  1. Necessary mandatory cookies: ensure normal operation of shopping cart, checkout and page access, cannot be disabled.
  2. Optional analysis & retargeting cookies: used for website statistics and advertising, you can choose to refuse at any time.

You can manage all cookie settings directly through your browser, or withdraw relevant consent through the website frontend.

10. Minors' Privacy Protection

Our luxury service is only for adults aged 18 and above.

We will never knowingly collect personal information from users under 13 years old.

If you are a guardian and find your minor child has submitted personal data, please contact us immediately, and we will delete relevant data promptly.

11. Policy Updates & Contact

We will update this privacy policy with legal changes, business adjustments or regulatory requirements. Revised content will be published on this page directly, and the update date will be revised simultaneously.

Privacy policy inquiries & data right applications: service@vierlot.com

Cart

loading