PRIVACY POLICY

Official Website Personal Information Protection Statement

1. Introduction

Liu, Shen & Associates (hereinafter referred to as “the Firm” or “we”) attaches great importance to the protection of your personal information. This Privacy Policy applies to the Firm’s official website (hereinafter referred to as “this Website”) and is intended to explain how we collect, use, store, protect, and delete your personal information. This Policy is formulated in accordance with the Personal Information Protection Law of the People’s Republic of China (hereinafter referred to as the “PIPL”), the Data Security Law, the Cybersecurity Law, and other applicable laws and regulations.

Where this Website is accessed by users located in the European Union, the European Economic Area, or the United Kingdom (collectively, the “EU/EEA/UK”), the processing of their personal data is additionally governed by the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable local implementing legislation. Where this Website is accessed by users located in the United States, relevant U.S. state privacy laws—including but not limited to the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”)—may also apply to the extent their statutory thresholds are met. The jurisdiction-specific supplementary provisions set out in Section 12 of this Policy shall prevail where they conflict with the general provisions herein.
Please read this Privacy Policy carefully before using this Website. By using this Website, you acknowledge that you have read, understood, and agreed to the entirety of this Policy.

2. Scope and Methods of Information Collection

This Website collects information through the following two channels:

(a) “Contact Us” Section

When you submit an inquiry through the “Contact Us” section of this Website, we may collect the following information that you voluntarily provide:

• Name
• Telephone number
• Email address
• Subject of inquiry
• Company name
• Description of the matter

(b) Automatically Collected Information

When you visit this Website, our servers may automatically record the following information:

• Server logs, including your IP address, access time, pages visited, and request paths
• Browser type, operating system, and device information
• Referring URL
• Information collected through cookies and similar tracking technologies

The automatically collected information described above generally cannot directly identify you and is used solely for website operational analysis.

3. Purposes of Information Use

We use your personal information only to the extent necessary to achieve the following specific purposes:

We will not use your personal information for any purpose beyond those stated above. Should we need to change the purpose of use, we will obtain your consent anew.

4. Information Storage and Deletion

(a) “Contact Us” Section Information

After collecting your information through the “Contact Us” section, the Firm will use it solely to arrange for the appropriate professionals to contact you. Once contact with you has been successfully established, we will immediately delete all personal information collected through that section.

(b) Automatically Collected Information

Automatically collected information such as server logs will be retained for a reasonable period after the analytical purpose has been fulfilled, and will be deleted or anonymized upon the expiration of that period.

All personal information is stored on servers located within the territory of the People’s Republic of China. The Firm will not transfer your personal information outside of China, unless otherwise required by applicable laws or regulations, or as described in Section 12 of this Policy regarding cross-border data transfers.

5. Information Sharing, Transfer, and Disclosure

The Firm will not sell, lease, or otherwise provide your personal information to any third party, except in the following circumstances:

• Your explicit consent has been obtained
• It is necessary for the performance of legal obligations or to cooperate with government authorities in the lawful discharge of their duties
• It is necessary to protect the life, property, or other material legitimate interests of you or the public, where obtaining your consent is impracticable
• Other circumstances stipulated by laws and regulations

6. Information Security

The Firm adopts technical measures and management systems consistent with industry standards to protect the security of your personal information and to prevent unauthorized access, disclosure, alteration, or loss. These measures include but are not limited to:

• SSL/TLS encryption for data transmitted through this Website
• Strict access controls over personal information, limited to personnel on a need-to-know basis
• Regular review of information security systems and practices

Although we make every effort to protect your personal information, the security of information transmitted over the Internet cannot be guaranteed to be absolute. Please be fully aware of and assess the relevant risks when submitting personal information.

7. Cookies and Similar Technologies

This Website may use cookies and similar technologies to optimize website performance, analyze traffic, and improve user experience. The information collected through such technologies generally does not include data that can directly identify you. You may refuse or manage cookies through your browser settings; however, doing so may affect the normal functioning of certain features of this Website.

8. Your Rights

Under the PIPL and applicable laws and regulations, you have the following rights with respect to your personal information:

• Right to Know and to Decide: The right to be informed about how we process your personal information and to make autonomous decisions regarding such processing
• Right of Access and Right to Copy: The right to access and obtain a copy of the personal information we hold about you
• Right to Rectification and Right to Supplement: The right to request correction of inaccurate personal information or supplementation of incomplete personal information
• Right to Deletion: The right to request deletion of your personal information under statutory circumstances
• Right to Withdraw Consent: The right to withdraw previously given consent at any time, without affecting the lawfulness of processing carried out prior to such withdrawal

If you wish to exercise any of the above rights, please contact us through the means provided at the end of this Policy. We will respond within fifteen (15) business days after verifying your identity.

Users located in the EU/EEA/UK or in U.S. states with applicable privacy legislation may be entitled to additional rights as described in Section 12.

9. Protection of Minors

This Website is primarily directed at professionals and business entities, and we do not knowingly collect personal information from minors under the age of fourteen (14). If we discover that we have collected personal information from a minor without the consent of their parent or guardian, we will promptly delete such information.

For users subject to the GDPR, this age threshold shall be interpreted in accordance with the applicable Member State’s law (generally 16 years of age, unless a lower threshold of no less than 13 years has been adopted).

10. Updates to This Policy

The Firm reserves the right to revise this Privacy Policy at any time. Revised content will be published on this Website and the update date will be indicated. For changes that materially affect your rights, we will provide separate notice to you through reasonable means. Continued use of this Website shall be deemed acceptance of the revised Privacy Policy.

11. Cross-Border Data Transfers

As stated in Section 4, your personal information is primarily stored on servers within the People’s Republic of China. However, in the course of responding to inquiries from users located outside of China, the Firm may transmit certain personal information across borders (for example, by sending a reply email to a user’s overseas email address, or by having professionals in our China offices access and review information submitted by an overseas user). In such cases, the following safeguards apply:

(a) Under PRC Law

Cross-border transfers of personal information will comply with the requirements of the PIPL (Articles 38–43), including passing any required security assessment by the Cyberspace Administration of China, entering into standard contracts for cross-border personal information transfers as promulgated by the relevant authorities, or obtaining your separate consent as required by law.

(b) Under the GDPR (EU/EEA/UK Users)

Where we transfer personal data of users located in the EU/EEA/UK to China, we acknowledge that China has not received a general adequacy decision from the European Commission under Article 45 of the GDPR. Accordingly, such transfers will be made subject to appropriate safeguards under Article 46 of the GDPR, including the execution of the European Commission’s Standard Contractual Clauses (SCCs), supplemented by a transfer impact assessment where appropriate. You have the right to obtain a copy of such safeguards by contacting us at the address set out in Section 13.

(c) Under U.S. State Privacy Laws

To the extent that we process personal information of users located in states with comprehensive privacy legislation (including but not limited to California, Virginia, Colorado, Connecticut, and other states with laws in effect), we will honor the rights and obligations set forth in the applicable statutes and will not transfer such information in a manner that diminishes the protections afforded thereunder.

12. Jurisdiction-Specific Supplementary Provisions

(a) Supplementary Provisions for Users in the EU/EEA/UK (GDPR)

If you are located in the EU/EEA/UK, the following supplementary provisions apply to the processing of your personal data:

• Data Controller: [Firm Name] Intellectual Property Law Firm, with its principal office at [Address], is the data controller for the purposes of the GDPR.
• Legal Bases for Processing: (i) Your consent (GDPR Article 6(1)(a)) for “Contact Us” inquiries; (ii) our legitimate interests (GDPR Article 6(1)(f)) for automatically collected information used for website analytics, where such interests are not overridden by your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests at any time.
• Data Subject Rights: In addition to the rights described in Section 8, you have the right to data portability (Article 20), the right to restriction of processing (Article 18), and the right to lodge a complaint with your local supervisory authority.
• Data Protection Officer: If you have questions about how we process your personal data, you may contact our designated data protection contact at [DPO email address].
• Automated Decision-Making: The Firm does not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, in connection with personal data collected through this Website.
• Retention: Your data will be retained only for the periods specified in Section 4. You may request earlier erasure under Article 17 of the GDPR.

(b) Supplementary Provisions for Users in the United States

If you are a resident of a U.S. state with an applicable comprehensive privacy law, the following supplementary provisions apply:

• Categories of Personal Information Collected: The categories are as described in Section 2: identifiers (name, email, phone number, IP address) and internet or electronic network activity information (server logs, browser data, cookies).
• Sale or Sharing of Personal Information: The Firm does not sell your personal information, nor does it share your personal information for cross-context behavioral advertising purposes.
• Consumer Rights: Depending on your state of residence, you may have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of any future sale or sharing of your data. To exercise these rights, please contact us through the means provided in Section 13.
• Non-Discrimination: The Firm will not discriminate against you for exercising any of your privacy rights.
• Response Timeframe: We will respond to verifiable consumer requests within the timeframe required by the applicable state law (for example, forty-five (45) calendar days under the CCPA/CPRA).
• Authorized Agents: Where permitted by applicable law, you may designate an authorized agent to submit a request on your behalf, subject to appropriate verification.

(c) Supplementary Provisions for Users in Other Jurisdictions

If you are accessing this Website from a jurisdiction not specifically addressed above, we will endeavor to comply with the data protection laws applicable in your jurisdiction to the extent that we are subject to such laws. If you have questions regarding the applicability of a particular data protection regime, please contact us using the information set forth in Section 13.

13. Contact Us

If you have any questions, comments, or suggestions regarding this Privacy Policy, or if you wish to exercise your personal information rights, please contact us.