top of page

Privacy Policy

Last updated: May 21, 2025

​

Thank you for choosing Daya Stone ("Daya Stone", "we", "us", or "our"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit https://www.dayastone.com (the "Site") or interact with us in any other way.

​

This Policy is written to comply with the European Union General Data Protection Regulation (GDPR), the Personal Information Protection Law of the People’s Republic of China (PIPL), the Cybersecurity Law (CSL), the Data Security Law (DSL), and other applicable international and local data‑protection laws. It is intended for all visitors, customers, suppliers, and other persons located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland.

​

1. Who is the data controller?

Daya Stone

Unit 18C-A 258, Dongdu Road, Huli District, Xiamen City, Fujian Province 361000, China

Email: privacy@dayastone.com

Tel: +86-592-5631310

​

For matters covered by Article 27 GDPR, we have appointed the following representative within the European Union:

[TBC]
Address: [TBC]
Email: [TBC]

​

2. What personal data do we collect?

We may collect the following categories of personal data:

  • Identification and contact details such as your name, company, job title, postal address, email address and telephone number;

  • Commercial information, including purchase orders, invoices, product interests and project specifications;

  • Website and device information, for example your IP address, browser type and version, operating system, referring URLs, pages viewed, date and time stamps, and onsite interactions like clicks or scrolls;

  • Cookie and tracking information, such as unique cookie identifiers, advertising IDs, analytics data and preference settings;

  • Communication records that arise when you interact with us, for example, emails, live‑chat transcripts, contact‑form submissions, and call notes;

  • Payment information limited to bank details or other payment information required for business‑to‑business transactions.

 

We do not intentionally collect special categories of data (such as health, biometric or political data) or children’s data. If you believe a child under 16 has provided us with personal data, please contact us so we can delete it.

​​

We do not intentionally collect special categories of data (e.g. health, biometric, or political data) or children’s data. If you believe a child under 16 has provided us with personal data, please contact us so we can delete it.

​

3. How do we obtain your data?

  • Directly from you when you fill in online forms, place an order, subscribe to newsletters, request quotes, take part in surveys, or correspond with us by email, phone, or otherwise.

  • Automatically through cookies and similar technologies when you browse the Site.

  • From third parties such as analytics providers (e.g. Google Analytics), advertising networks, or publicly available business directories.

​

4. For what purposes and on what legal bases do we process your data?

We process your personal data only when we have a lawful reason to do so under the GDPR. Depending on the context, we rely on one or more of the following legal bases:

  • Contractual necessity (Article 6(1)(b) GDPR) – for example, when we need to process and dispatch your orders, provide quotations or deliver customer service at your request.

  • Legitimate interests (Article 6(1)(f) GDPR) – such as operating and securing our Site, preventing fraud, improving our products and services, or conducting business‑to‑business marketing to existing customers. We carefully balance our interests against your fundamental rights and freedoms.

  • Consent (Article 6(1)(a) GDPR) – for activities like sending marketing newsletters or setting non‑essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing that took place before withdrawal.

  • Legal obligations (Article 6(1)(c) GDPR) – for instance, retaining records for tax and accounting purposes or conducting sanctions screening.

​

Where we rely on legitimate interests, we have balanced those interests against your rights and found they do not override your interests or fundamental freedoms. You may request further information on this balancing test.

​

5. Cookies and similar technologies

We use first‑party and third‑party cookies, web beacons, and pixels to:

  1. Operate the Site (strictly necessary cookies)

  2. Measure performance & analytics (e.g. Google Analytics)

  3. Provide functionality & personalisation

  4. Deliver advertising (re‑targeting, social‑media pixels)

​

Where required, we request your consent via the cookie banner. You may withdraw consent at any time by adjusting your preferences in the banner or by clearing cookies in your browser. Full details are available in our Cookie Policy.

​

6. Data sharing and recipients

We only share personal data when necessary and in accordance with GDPR:

  • Service providers (e.g. website hosting, IT support, payment processors, logistics companies, marketing platforms) are bound by confidentiality agreements

  • Professional advisers (e.g. accountants, lawyers, auditors)

  • Public authorities were required by law to protect rights, safety, or property

  • Business transferees in connection with a merger, acquisition, or asset sale

​

We do not sell or rent your personal data to third parties.

​

7. International data transfers

Because we are headquartered in China, your data may be transferred to and stored or processed in countries outside the EEA/UK that may not have equivalent data‑protection laws. Whenever we transfer personal data internationally, we ensure appropriate safeguards, such as:

  • EU Standard Contractual Clauses (SCCs) or UK Addendum

  • Transfers to organisations certified under an approved adequacy decision

  • Binding corporate rules or other lawful transfer mechanisms

​

A copy of the applicable safeguards can be obtained on request.

​

8. Data retention

We keep personal data only for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by law (e.g. tax laws). Typically:

  • Contractual & billing data – 10 years after the end of the financial year

  • Marketing data – until you withdraw consent or opt out

  • Technical logs – up to 12 months

​

When retention periods expire, data are securely deleted or anonymised.

​

9. Security measures

We apply appropriate technical and organisational measures to safeguard personal data, including but not limited to:

  • HTTPS/TLS encryption

  • Access controls and authentication

  • Regular security monitoring and penetration testing

  • Employee training and confidentiality undertakings

​

However, no internet transmission is completely secure. Please notify us immediately if you suspect any unauthorised use of your personal data.

​

10. Your data‑protection rights

Subject to the conditions set out in the GDPR, you have the right to:

  1. Access your personal data

  2. Rectify inaccurate or incomplete data

  3. Erase your data ("right to be forgotten")

  4. Restrict processing

  5. Data portability

  6. Object to processing based on legitimate interests or direct marketing

  7. Withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal

​

To exercise any of these rights, please contact us using the details in Section 1. We respond to all requests within one calendar month (extendable by two additional months for complex requests).

​

11. How to lodge a complaint

If you believe we have infringed your privacy rights, you may lodge a complaint with your local data‑protection authority. A list of EU supervisory authorities is available at https://edpb.europa.eu. We would, however, appreciate the chance to deal with your concerns before you approach an authority—please contact us first.

​

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any material changes will be notified on the Site or via email. The "Last updated" date at the top indicates when this Policy was last revised.

​

13. Supplemental Information for Individuals in the People’s Republic of China

The following provisions apply in addition to the rest of this Privacy Policy whenever we handle personal information of individuals who are located in mainland China:

​

13.1 Legal Bases for Processing (Art. 13 PIPL)

We collect and process personal information only when at least one of the following conditions is met:

  1. Your informed consent – you have explicitly agreed to the specified purpose, scope and method of processing.

  2. Necessity for concluding or performing a contract – for example, to fulfil purchase orders, arrange deliveries, issue invoices or provide after‑sales service.

  3. Legal obligations or duties – we must retain certain transaction and tax records required by PRC law.

  4. Responding to public‑health incidents or emergencies – to protect life, health or property in urgent situations.

  5. Public‑interest news reporting conducted within the limits of the law.

  6. Processing of publicly disclosed information that you have lawfully made public or that has been lawfully disclosed elsewhere, within a reasonable scope.

  7. Other circumstances provided by laws or administrative regulations, such as cooperating with law enforcement investigations.

​

13.2 Sensitive Personal Information Sensitive Personal Information

We do not intentionally process Sensitive Personal Information as defined by PIPL (e.g. biometric, medical, or precise‑location data). If processing becomes necessary, we will obtain separate, explicit consent and implement enhanced protections.

​

13.3 Children’s Personal Information

Our Site and services are not directed to children under 14 years old. If we become aware that we have collected personal information from a child without verifiable parental consent, we will promptly delete it.

​

13.4 Cross‑Border Transfers from China

Where personal information collected in mainland China must be transferred overseas (for example, to our servers or partners in the EEA), we will:

  1. Conduct a lawful security assessment or conclude PRC Standard Contractual Clauses, if required by the Cyberspace Administration of China (CAC);

  2. Obtain separate consent from you for the cross‑border transfer; and

  3. Ensure the overseas recipient provides a level of protection that is no lower than that required under PIPL.

​

A copy of the transfer mechanism can be provided upon request.

​

13.5 Storage Location and Retention

Unless otherwise agreed or required by law, personal information of PRC individuals is stored on secure servers located in mainland China. We follow the retention periods described in Section 8, after which data are irreversibly deleted or anonymised.

​

13.6 Your Rights under PIPL

In addition to the rights listed in Section 10, PRC individuals have the right to:

  • Copy their personal information;

  • Explain how automated decision‑making impacts their legal rights and interests;

  • Refuse direct marketing communications;

  • Deactivate or delete their account (where applicable).

​

We strive to respond to PIPL‑related requests within 15 working days.

​

13.7 Supervisory Authority

If you believe we have violated PIPL or related regulations, you may lodge a complaint with the Cyberspace Administration of China (CAC) or its local provincial counterpart. We encourage you to contact us first so we may resolve your concern promptly.

​

14. Contact us

Data Privacy Officer
Email: privacy@dayastone.com
Tel: +86‑592‑5631310

​

​

© 2025 Daya Stone. All rights reserved.

bottom of page