Privacy Policy

Last Updated: [01-01-2024]

1. Data Controller
MirrorBags (“we”, “our”) operates through luxdeals.ru as a product showcase platform. Payment processing services are independently provided by authorized third-party financial institutions.

2. Information We Process
2.1 Directly Collected Data:

  • Contact Information: Name, email, phone number
  • Logistics Data: Shipping address
  • Technical Data: IP address, device fingerprint

2.2 Third-Party Payment Data:
All financial transactions are conducted through PCI-DSS certified processors (Wise/Paysend/Western Union). We never receive or store:

  • Credit/Debit card numbers
  • Bank account details
  • Cryptographic wallet information

3. Legal Basis & Purpose

Data Type Legal Basis Processing Purpose Retention Period
Contact Info Contract Performance Order fulfillment & logistics 36 months post-transaction
Technical Data Legitimate Interest Fraud prevention & system security 12 months

4. Data Recipients
4.1 Essential Service Providers:

  • Logistics Partners (DHL/UPS/FedEx): Receive delivery addresses
  • Payment Processors: Operate under their respective privacy policies

4.2 Legal Compliance Disclosures:
May disclose information pursuant to:

  • Court orders/subpoenas
  • Anti-money laundering regulations
  • Customs clearance requirements

5. Security Measures

  • AES-256 encryption for data at rest
  • TLS 1.3%20 for data in transit
  • Annual penetration testing
  • Role-based access control (RBAC)

6. Your Rights
Submit requests to [email protected]:
✓ Access & Portability
✓ Rectification
✓ Erasure (Except legal records)
✓ Processing Restriction
✓ Objection to Automated Decisions

7. Cookies & Tracking Technologies
7.1 Functional Cookies:

  • Session ID: Maintains browsing continuity (24h expiry)
  • Cart Preservation: Saves selected items (72h expiry)

7.2 Analytical Cookies:

  • Google Analytics 4: Anonymized behavioral metrics

8. Cross-Border Transfers

  • EU-US Data Transfers: Rely on GDPR Adequacy Decision
  • China Transfers: Follow GB/T 35273-2027 standards

9. Policy Updates

  • Material changes: 30-day advance notice via registered email
  • Version archive: Available upon request

10. Dispute Resolution

  • Primary Jurisdiction: [Insert Your Legal Entity’s Registered Address]
  • Alternative Dispute Resolution: ICDR/AAA mediation

Contact Information
Data Protection Officer:
Email: [email protected]

Visited 3 times, 1 visit(s) today
👋 We are here — chat with us