Shiningrestore

Privacy & data protection

Privacy Policy

Version dated 16 April 2026 · Applies to visitors and correspondents of https://shiningrestore.world/

This document explains how Shiningrestore collects, uses, stores, shares, and protects personal data when you browse the site, send a message, or otherwise interact with us online. It is drafted to align with transparency expectations under the EU General Data Protection Regulation and with widely recognized privacy principles in other regions. It does not create contractual rights beyond what mandatory law already provides.

Introduction and scope

We publish general informational content about staying active in everyday settings. Personal data processing is limited to what we need to operate the website, respond to inquiries, comply with law, and—only where you consent—understand aggregate traffic or run optional marketing tools.

If you follow links to other websites, their operators process data under their own policies. We encourage you to read those notices before submitting information elsewhere.

Plain summary: We do not sell your personal information as that term is defined under U.S. state privacy laws. We do not use contact form messages to build advertising profiles on unrelated platforms unless a separate, clearly labeled integration exists and you have opted in. California residents: see the U.S. state privacy section below.

Data controller and contact points

The controller responsible for processing described in this policy is:

Shiningrestore
850 3rd Ave, Brooklyn, NY 11232, United States
Email: touch@shiningrestore.world
Phone: +1 718-438-6600

For privacy-specific requests, email is often fastest. Postal mail remains available for formal correspondence. We may ask you to verify identity before disclosing or deleting records, which protects both you and third parties from impersonation.

Key definitions

Personal data means information relating to an identified or identifiable person.

Processing includes collection, storage, organization, retrieval, disclosure, restriction, erasure, or destruction.

Legitimate interests refers to Article 6(1)(f) GDPR: processing that is necessary for our reasonable business or security goals, balanced against your rights.

Consent means a freely given, specific, informed, and unambiguous indication of agreement, obtained where required by law.

Categories of personal data

Depending on your interaction, we may process:

  • Identity and contact data: name, email address, telephone number if you provide it, and similar identifiers.
  • Message content: text you type into forms, attachments if the system allows them, and internal notes we add while handling a request.
  • Technical data: IP address, browser type and version, device category, operating system, referring URL, and approximate geographic area inferred at city or regional level.
  • Usage data: pages viewed, approximate time on page, scroll depth where measured, and interaction events if analytics tools are active with consent.
  • Preference data: cookie banner selections stored locally on your device.
  • Transaction data: if you purchase services, billing address, payment confirmation references, and correspondence about the order.

We avoid collecting special categories of data through ordinary website forms. Please do not send medical records, government identification numbers, or financial account details unless we have explicitly requested them through a secure workflow.

Sources of personal data

Most data comes directly from you when you browse, email, or submit a form. We may also receive technical data automatically from your browser and from hosting logs. Occasionally, a payment processor or fraud-prevention partner sends us confirmation signals related to a transaction you initiated.

Purposes and legal bases

The table below summarizes typical processing. Where multiple bases could apply, we rely on the one that fits the specific situation.

Purpose Legal basis (GDPR)
Deliver pages, fonts, and assets securely Performance of a contract / legitimate interests in secure delivery
Respond to contact form and email inquiries Steps prior to contract, contract performance, or legitimate interests in correspondence
Keep internal records, invoicing, and tax documentation Legal obligation and legitimate interests in orderly administration
Detect abuse, spam, and technical incidents Legitimate interests in security; legal obligations where applicable
Optional analytics or marketing technologies Consent

When we rely on legitimate interests, you may object where GDPR grants that right. We assess objections individually and explain outcomes.

Cookies and similar technologies

Cookies, pixels, and local storage help remember preferences, maintain sessions, and—if you consent—measure traffic or deliver relevant communications. Detailed categories, lifetimes, and controls appear in the Cookie Policy, which forms part of our overall transparency materials.

Retention periods

We keep personal data only as long as necessary for the purposes above, plus any statutory limitation period. Indicative defaults include:

  • Marketing and general correspondence: up to twenty-four months after the last inbound message unless a longer period is required for an open dispute or legal hold.
  • Contract and billing records: duration required by applicable tax and company law, often several years.
  • Server and security logs: short rolling windows, typically days to a few weeks, unless extended for incident investigation.
  • Cookie-controlled identifiers: as described in the Cookie Policy, from session length to a maximum of about thirteen months for many analytics tools.

When retention ends, we delete or irreversibly anonymize data where feasible.

Security measures

We implement administrative, technical, and organizational safeguards appropriate to the risk, including HTTPS transport encryption for the public site, access controls on back-office systems, principle of least privilege for staff accounts, periodic credential rotation, and monitoring for unusual access patterns.

No internet transmission or storage method is flawless. If we become aware of an incident that poses a high risk to individuals, we will notify regulators and affected persons as required by law.

Recipients and categories of recipients

We share personal data only with service providers who help us run the business, such as hosting companies, email delivery services, payment processors, analytics vendors (with consent), and professional advisers bound by confidentiality. We select vendors with reasonable security practices and use contracts that include data-processing terms where GDPR Article 28 requires them.

We do not allow these recipients to use your data for their independent marketing unless you have a direct relationship with them and have agreed separately.

International transfers

Our operations are based in the United States. If you access the site from the European Economic Area, Switzerland, or the United Kingdom, your data may be transferred outside your region. Where GDPR applies, we rely on appropriate safeguards such as Standard Contractual Clauses, supplementary measures when required by case law, or derogations under Article 49 for occasional transfers.

You may request a summary of safeguards by contacting us at the email address above.

Your rights

Subject to applicable law, you may have the right to access, rectify, erase, restrict processing, receive a portable copy, object to certain processing, and withdraw consent at any time for consent-based activities. You may also lodge a complaint with a supervisory authority.

To exercise rights, email touch@shiningrestore.world with a description of the request. We respond within one month for most GDPR requests, with a possible two-month extension for complex cases, which we will explain.

Automated decision-making and profiling

We do not use fully automated decisions that produce legal or similarly significant effects solely by algorithmic means with respect to website visitors. Optional analytics may compute aggregate scores or segments, but they do not determine whether you receive essential services from us.

Children

The site is not directed at children under sixteen. We do not knowingly collect personal data from children without verifiable parental authorization. If you believe we received such information, contact us so we can delete it promptly.

United States state privacy notices

Shiningrestore is located in the United States. Depending on your state of residence, you may have additional rights under local law. This section summarizes common requests we honor for California residents and provides a baseline for other states with similar statutes.

California residents (CCPA and CPRA)

California residents may request the categories and specific pieces of personal information we have collected, the categories of sources, business or commercial purposes, and categories of third parties with whom we share personal information. You may request deletion of personal information we collected from you, subject to statutory exceptions. You may opt out of the “sale” or “sharing” of personal information as those terms are defined in California law. We do not sell personal information for monetary consideration. Where optional analytics or advertising cookies are used, you may limit certain sharing by adjusting cookie preferences on this site or through browser controls.

We will not discriminate against you for exercising privacy rights, for example by denying services or charging different prices solely because you submitted a request, unless permitted by law.

To submit a verifiable California request, email touch@shiningrestore.world or write to the postal address listed in the controller section. We may need to confirm certain details to protect your account from unauthorized access.

Other U.S. states

Residents of Colorado, Connecticut, Virginia, Utah, and other states with comprehensive privacy laws may have analogous rights to access, delete, correct, and opt out of certain processing. Submit requests using the same contact channels. We will respond in accordance with applicable law.

Changes to this policy

We revise this policy when our practices evolve or when regulators publish new guidance. Material changes will be highlighted by updating the date at the top and, where appropriate, an inline notice on high-traffic pages for a reasonable period.

Supervisory authority

If you reside in the EU, you may contact your local data protection authority. A list of EU authorities is published by the European Data Protection Board. For the United States, state-level consumer privacy laws may offer additional complaint channels depending on your residence.