Privacy Policy

How Sand Rock collects, uses, and protects your information

Last Updated: October 15, 2024 | Effective Date: October 15, 2024

1. Introduction

Sand Rock (referred to as we, our, or us throughout this document) is committed to protecting the privacy of individuals who interact with our website, services, and business operations. This Privacy Policy explains our practices regarding the collection, use, disclosure, and protection of information when you visit our website at https://www.sandrock.hair or engage with our computer systems design and integration services.

Sand Rock is the trade name and developer name under which Songyuan Shalei Network Technology Co., Ltd. operates its technology consulting and systems integration business. Our registered business address is Room A0131, 4th Floor, No. 102 Commercial Enterprise, Building 2, Commercial Complex, Boxue Road, Ningjiang District, Songyuan City 131000, China. We operate in the computer systems design and related services industry within the Professional, Scientific, and Technical Services sector.

Please read this policy carefully. By accessing our website or using our services, you acknowledge that you have read and understood the practices described below. If you do not agree with any part of this policy, please discontinue use of our website and services.

2. Information We Collect

2.1 Information You Provide Directly

When you interact with our website or engage our services, we may collect the following categories of information that you voluntarily provide:

  • Contact and Identity Information: Full name, email address, phone number, company name, job title, and business address when you complete our contact form, request a consultation, or correspond with us via email or telephone at mail@sandrock.hair or +14246679477.
  • Project and Business Information: Details about your IT infrastructure, systems architecture, business requirements, technical specifications, and project scope that you share during discovery calls, assessments, or ongoing engagements.
  • Communication Records: Records of correspondence including emails, meeting notes, support tickets, and feedback you provide through any communication channel.
  • Account Information: If we establish an account for you on any of our platforms, we collect usernames, authentication credentials, and account preferences.

2.2 Information Collected Automatically

When you visit our website, certain information is automatically collected through standard web technologies:

  • Device and Browser Information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
  • Usage Data: Pages visited, time spent on pages, navigation paths, referral sources, search terms used to find our site, and interaction patterns with our content.
  • Cookies and Similar Technologies: We use essential cookies required for website functionality, analytics cookies to understand site usage patterns, and preference cookies to remember your settings. You can manage cookie preferences through your browser settings at any time.
  • Server Logs: Web servers automatically log standard information including timestamps, requested URLs, HTTP status codes, bytes transferred, and user agent strings for security and diagnostic purposes.

2.3 Information from Third Parties

We may receive information about you from third-party sources in certain circumstances:

  • Business Partners: Information shared by technology vendors, system integrators, or consulting partners with whom we collaborate on client engagements, always with appropriate consent and contractual safeguards.
  • Publicly Available Sources: Business contact information from professional networking platforms, company websites, and industry directories used for legitimate business development purposes.
  • Service Providers: Data from analytics providers, hosting services, and security monitoring tools that support our website operations.

3. How We Use Your Information

We use the information we collect for the following legitimate business purposes:

3.1 Service Delivery and Operations

  • To respond to your inquiries, consultation requests, and service proposals
  • To deliver our computer systems design, integration, and consulting services according to agreed statements of work
  • To manage client relationships, including billing, contract administration, and project coordination
  • To provide technical support, troubleshoot issues, and maintain service quality
  • To communicate important updates about our services, policies, or terms that affect your engagement with us

3.2 Business Development and Marketing

  • To send relevant information about our services, industry insights, case studies, and event invitations that may interest your organization
  • To personalize your experience on our website and deliver content aligned with your interests
  • To analyze market trends and client needs to improve our service offerings
  • To conduct customer satisfaction surveys and gather feedback on our performance
  • You may opt out of marketing communications at any time by contacting us or using the unsubscribe link in our emails

3.3 Security, Compliance, and Legal Obligations

  • To detect, prevent, and investigate security incidents, fraud, and unauthorized access to our systems
  • To comply with applicable laws, regulations, legal processes, and enforceable governmental requests
  • To enforce our terms of service and protect our rights, property, and safety, as well as those of our clients and the public
  • To maintain audit trails and records required by industry standards and regulatory frameworks

3.4 Research and Development

  • To analyze aggregated and anonymized data to improve our methodologies, tools, and service delivery
  • To develop new service offerings and capabilities based on market demand patterns
  • To benchmark performance metrics and industry trends for internal research purposes

4. Legal Basis for Processing

Depending on your jurisdiction and the nature of the processing, we rely on the following legal bases:

  • Contractual Necessity: Processing required to perform our obligations under a service agreement or to take steps at your request before entering into a contract.
  • Legitimate Interests: Processing necessary for our legitimate business interests, including marketing our services, improving our website, and protecting our systems, provided these interests are not overridden by your rights and freedoms.
  • Consent: Processing based on your explicit consent, which you may withdraw at any time without affecting the lawfulness of processing conducted prior to withdrawal.
  • Legal Obligation: Processing required to comply with applicable laws, regulations, court orders, or governmental requests.

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their independent marketing purposes. We may share information in the following limited circumstances:

5.1 Service Providers and Business Partners

We engage trusted third-party service providers to perform functions on our behalf, including website hosting, email delivery, analytics, payment processing, cloud infrastructure, and collaboration tools. These providers access information only as necessary to perform their functions and are contractually bound to maintain confidentiality, implement appropriate security measures, and not use data for any other purpose.

5.2 Legal and Regulatory Disclosures

We may disclose information if required by law, regulation, subpoena, court order, or governmental request. We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, investigate fraud, respond to a security incident, or protect the safety of any person.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, asset sale, or similar corporate transaction involving Sand Rock or Songyuan Shalei Network Technology Co., Ltd., client information may be transferred as part of the business assets. We will notify affected individuals of any such change in ownership or control of their personal information.

5.4 With Your Consent

We may share your information for any purpose with your explicit consent or at your direction, such as when we coordinate with other technology vendors on your behalf as part of a systems integration engagement.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by applicable law. The criteria used to determine our retention periods include:

  • The duration of our ongoing relationship with you and the services we provide
  • Whether there is a legal obligation to retain records for a specific period under applicable laws or regulations
  • Whether retention is advisable in light of our legal position regarding statutes of limitations, litigation, or regulatory investigations
  • The nature and sensitivity of the information and the potential risk of harm from unauthorized use or disclosure

When information is no longer needed, we securely delete or anonymize it. Project-related technical data is retained in accordance with client contractual agreements and applicable professional standards for the computer systems design industry.

7. Data Security

We implement and maintain technical, administrative, and physical security measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

  • Encryption of data in transit using industry-standard TLS protocols and encryption of sensitive data at rest
  • Access controls based on the principle of least privilege, with role-based permissions and multi-factor authentication
  • Regular security assessments including vulnerability scanning, penetration testing, and security architecture reviews
  • Security monitoring and logging with automated alerting for suspicious activities
  • Employee training on data protection, confidentiality obligations, and security best practices
  • Incident response procedures to promptly address and contain any security events
  • Physical security controls at our facilities including access control systems and surveillance

While we implement robust security measures, no method of electronic storage or transmission over the internet is completely secure. We cannot guarantee absolute security, but we continuously review and improve our security posture to address evolving threats.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

8.1 Access and Portability

You have the right to request access to the personal information we hold about you and to receive a copy in a structured, commonly used, and machine-readable format. We will provide this information within the timeframes required by applicable law, typically within 30 days of verifying your identity.

8.2 Correction and Deletion

You have the right to request correction of inaccurate personal information and completion of incomplete information. You also have the right to request deletion of your personal information under certain circumstances, such as when the information is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when the information has been unlawfully processed.

8.3 Restriction and Objection

You have the right to request restriction of processing in certain situations, including when you contest the accuracy of the information, when processing is unlawful but you oppose deletion, or when we no longer need the information but you require it for legal claims. You also have the right to object to processing based on legitimate interests, including direct marketing.

8.4 Marketing Opt-Out

You may opt out of receiving marketing communications from us at any time by clicking the unsubscribe link in our emails, by contacting us at mail@sandrock.hair, or by calling +14246679477. Opting out of marketing does not affect transactional or service-related communications necessary for ongoing client relationships.

8.5 Cookie Preferences

Most web browsers allow you to manage cookie preferences through browser settings, including the ability to delete cookies, block all cookies, or receive warnings before cookies are stored. Please note that disabling certain cookies may affect website functionality.

8.6 Exercising Your Rights

To exercise any of these rights, please contact us using the contact information provided in Section 12 of this policy. We may need to verify your identity before processing your request. We will respond to verified requests within the timeframes required by applicable law and will not discriminate against you for exercising your privacy rights.

9. International Data Transfers

Sand Rock is headquartered in Songyuan City, China. If you are located outside China and choose to provide information to us, your information may be transferred to, processed, and stored on servers located in China and other jurisdictions where we or our service providers operate. These jurisdictions may have data protection laws that differ from those in your country of residence.

We implement appropriate safeguards for cross-border data transfers, including:

  • Standard contractual clauses approved by relevant data protection authorities
  • Assessment of the legal framework in the destination country to ensure adequate protection of your rights
  • Technical measures such as encryption and access controls applied irrespective of the processing location
  • Contractual obligations on any third parties receiving transferred data that are equivalent to the protections described in this policy

By using our website and services, you consent to the transfer of your information to facilities located in China and other jurisdictions and to the processing and storage of your information in those locations as described in this policy.

10. Childrens Privacy

Our website and services are intended for business professionals and are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a person under 18 has provided us with personal information, we will take steps to delete such information from our systems. If you believe a child has provided us with personal information, please contact us immediately.

11. Third-Party Websites and Services

Our website may contain links to third-party websites, platforms, or services that are not owned or controlled by Sand Rock. This Privacy Policy does not apply to those third-party properties. We encourage you to review the privacy policies of any third-party services you interact with. We are not responsible for the privacy practices, content, or security of third-party websites or services.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information below:

Developer / Organization NameSand Rock (Songyuan Shalei Network Technology Co., Ltd.)
Registered AddressRoom A0131, 4th Floor, No. 102 Commercial Enterprise, Building 2, Commercial Complex, Boxue Road, Ningjiang District, Songyuan City 131000, China
Websitehttps://www.sandrock.hair
Emailmail@sandrock.hair
Phone+14246679477
IndustryComputer Systems Design and Related Services, Professional Scientific and Technical Services

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will post the updated policy on this page with a revised Last Updated date and, where appropriate, provide notice through our website or direct communication.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our website and services after any changes to this policy constitutes your acceptance of the updated terms.

14. Industry Context

As a computer systems design and integration firm, our work involves handling technical information about client IT environments, network architectures, and system configurations. We treat all client technical data with the same level of confidentiality and protection that we apply to personal information. Our security and privacy practices are informed by industry standards applicable to the Professional, Scientific, and Technical Services sector, including frameworks established for computer integrated systems design, IT consulting, and related professional services.

Our approach to data protection is also shaped by our engagement with clients across multiple industries within the Professional, Scientific, and Technical Services sector, including accounting, architectural and engineering services, legal services, management and technical consulting, scientific research and development services, specialized design services, and advertising and public relations services.

15. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Peoples Republic of China, without regard to conflict of law principles. Any disputes arising from or relating to this policy shall be subject to the exclusive jurisdiction of the courts located in Songyuan City, Jilin Province, China.

For individuals located in jurisdictions with specific data protection legislation such as the European Unions General Data Protection Regulation or the California Consumer Privacy Act, we will process your personal information in accordance with the applicable requirements of those laws to the extent they apply to our processing activities.