Privacy Policy

Official Document No. SR-PP-2025-001 ⋅ State Record

Article I — Preamble and Scope

This Privacy Policy is issued by Shandong Shizheng Network Technology Co., Ltd., a company organized under the laws of the People's Republic of China, with its registered address at Room 1-102, Building 3, European City, Changjiang Road, Nancheng Subdistrict, Mudan District, Heze, Shandong 274000, China, operating under the trade name State Record (hereinafter referred to as State Record, we, us, or our). This Policy governs the collection, use, disclosure, retention, and protection of personal information obtained through the website located at staterecord.mom and any related subdomains, services, applications, and communication channels operated by State Record (collectively, the Services).

This Policy applies to all individuals who access or use the Services, including visitors, prospective clients, active clients, vendors, and job applicants (collectively, users, you, or your). By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree to the terms of this Policy, you must discontinue use of the Services immediately. State Record reserves the right to amend this Policy at any time; continued use of the Services following the posting of an amended Policy constitutes acceptance of the amended terms.

This Policy is drafted in compliance with the Personal Information Protection Law of the People's Republic of China (PIPL), the Cybersecurity Law of the People's Republic of China, the Data Security Law of the People's Republic of China, and, where applicable to international users, the General Data Protection Regulation (GDPR) of the European Union and the California Consumer Privacy Act (CCPA). In the event of any conflict between this Policy and applicable law, the provisions of applicable law shall prevail.

Article II — Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when you interact with the Services. This includes, but is not limited to:

Contact and Identification Information: Full name, organization or company name, job title, email address, telephone number, postal address, and country of residence.
Correspondence Information: The content of messages, inquiries, and submissions sent through our contact form, email communications, or any other communication channel maintained by State Record, including attachments and metadata.
Business Information: Details regarding your organization, project requirements, technical specifications, procurement needs, and any other information you choose to provide in the course of engaging our services or requesting information about our services.
Account Information: If we make available account registration features, we may collect usernames, passwords, and account preferences.

2.2 Information Collected Automatically

When you access the Services, certain information is collected automatically by our systems and by third-party service providers. This includes:

Technical Log Data: Internet Protocol (IP) address, browser type and version, operating system, device type, screen resolution, referring and exit URLs, date and time stamps, and pages visited.
Usage Data: Clickstream data, scroll depth, time spent on pages, interaction with page elements, and navigation patterns within the Services.
Device and Network Information: Device identifiers, network type, mobile carrier (where applicable), and approximate geographic location derived from IP address.
Cookie Data: Information stored through cookies and similar technologies as described in Article VI of this Policy.

2.3 Information We Do Not Collect

State Record does not knowingly collect, and you should not provide, the following categories of information through the Services:

Government-issued identification numbers (national ID, passport number, social security number, or equivalent) unless explicitly required for a contractual engagement and collected through a secured, offline channel.
Financial account information (bank account numbers, credit card numbers) unless processed through a PCI-DSS-compliant third-party payment processor and never stored on State Record systems.
Special categories of personal data as defined under the GDPR (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation).
Personal information of individuals under the age of 16. The Services are not directed to children, and we do not knowingly collect personal information from minors.

Article III — Purposes and Legal Bases for Processing

3.1 Purposes of Processing

State Record processes personal information for the following specified, explicit, and legitimate purposes:

Purpose	Categories of Data	Legal Basis
Responding to inquiries and providing information about our services	Contact information, correspondence information	Legitimate interest; performance of pre-contractual measures
Entering into and performing contracts for computer systems design, network architecture, and related services	Contact information, business information, correspondence information	Performance of a contract; legitimate interest
Operating, maintaining, and improving the Services	Technical log data, usage data	Legitimate interest; consent (where required)
Ensuring the security and integrity of the Services and our systems	Technical log data, device and network information	Legitimate interest; legal obligation
Complying with applicable laws, regulations, legal processes, and enforceable governmental requests	All categories as required	Legal obligation
Sending administrative communications, including updates to this Policy and our Terms of Service	Contact information	Legal obligation; legitimate interest
Analytics and service improvement, including aggregated and de-identified analysis of usage patterns	Usage data, technical log data	Legitimate interest; consent (where required)

3.2 Legal Bases Under GDPR

Where the GDPR applies to the processing of your personal information, we rely on the following legal bases:

Consent (Article 6(1)(a)): Where you have given clear consent for us to process your personal information for a specific purpose.
Contractual Necessity (Article 6(1)(b)): Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
Legal Obligation (Article 6(1)(c)): Where processing is necessary for compliance with a legal obligation to which we are subject.
Legitimate Interests (Article 6(1)(f)): Where processing is necessary for the purposes of our legitimate interests or those of a third party, provided those interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include operating and improving our business, maintaining the security of our systems, responding to inquiries, and developing our service offerings.

Article IV — Disclosure and Sharing of Information

State Record does not sell, rent, or trade personal information to third parties for their own marketing purposes. We may disclose personal information only in the following circumstances:

4.1 Service Providers and Processors

We engage third-party service providers to perform functions on our behalf, including but not limited to website hosting, analytics, email delivery, and customer relationship management. These service providers are contractually bound to process personal information only on our documented instructions, to implement appropriate technical and organizational security measures, and to comply with all applicable data protection laws. We conduct due diligence on all service providers before engagement and maintain a current list of sub-processors available upon request.

4.2 Legal and Regulatory Disclosures

We may disclose personal information if we determine in good faith that such disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or enforceable governmental request; (b) enforce our Terms of Service or other agreements, including investigation of potential violations; (c) detect, prevent, or otherwise address fraud, security, or technical issues; or (d) protect against harm to the rights, property, or safety of State Record, our users, or the public as required or permitted by law.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, personal information may be transferred as part of the transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy. The acquiring entity will be required to honor the commitments made in this Policy.

4.4 With Your Consent

We may disclose your personal information for any other purpose with your prior explicit consent.

4.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, analytics, or other lawful purposes.

Article V — Cross-Border Data Transfers

State Record is headquartered in the People's Republic of China. Personal information we collect may be stored and processed in China or in any other country where we or our service providers maintain facilities. By using the Services, you acknowledge that your personal information may be transferred to countries outside your country of residence, which may have data protection laws that differ from those in your jurisdiction.

Where we transfer personal information from the European Economic Area (EEA), the United Kingdom, or other jurisdictions with data transfer restrictions to a country not recognized as providing an adequate level of protection, we implement appropriate safeguards in accordance with applicable law. These safeguards may include the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement, or other legally recognized transfer mechanisms. A copy of the relevant safeguard documentation is available upon request.

For transfers of personal information out of the People's Republic of China, we comply with the cross-border data transfer requirements under the PIPL, including conducting any required security assessments, obtaining any required certifications, and entering into standard contracts approved by the Cyberspace Administration of China (CAC) where applicable.

Article VI — Cookies and Similar Technologies

The Services use cookies and similar tracking technologies. A cookie is a small text file stored on your device by your web browser at the request of a website. Cookies may be session cookies (deleted when you close your browser) or persistent cookies (retained until they expire or are deleted).

Category	Purpose	Duration
Strictly Necessary Cookies	Essential for the operation of the Services, including security features like CSRF protection, load balancing, and form submission functionality. The Services cannot function without these cookies.	Session
Functional Cookies	Enable the Services to remember choices you make, such as language preferences. These cookies enhance usability but are not strictly essential.	Up to 12 months
Analytics Cookies	Collect aggregated and anonymized information about how users interact with the Services, including pages visited, time on site, and referring sources. We use this information to improve the Services.	Up to 24 months

You may configure your browser to refuse all cookies, to accept only certain types of cookies, or to alert you when a cookie is being set. Please note that disabling strictly necessary cookies may impair the functionality of the Services. Most browsers provide detailed instructions for managing cookie preferences in their help documentation. You may also use industry-developed opt-out tools, such as the Network Advertising Initiative opt-out page or the Digital Advertising Alliance WebChoices tool, to manage certain types of tracking.

State Record does not currently respond to Do Not Track (DNT) signals sent by web browsers, as no uniform industry standard for DNT has been adopted. We will reevaluate this position if a consensus standard emerges.

Article VII — Data Retention

State Record retains personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. The criteria used to determine retention periods include:

The duration of our contractual or business relationship with you.
Whether there is a legal obligation to which we are subject (for example, certain laws require us to retain records of transactions for a specified period).
Whether retention is advisable in light of our legal position (including with respect to applicable statutes of limitations, litigation, or regulatory investigations).
The nature and sensitivity of the personal information.

When personal information is no longer required, we will securely delete, destroy, or anonymize it in accordance with our data retention and destruction policies. In some circumstances, we may retain personal information in a form that does not permit identification of individuals for research or statistical purposes, in which case we may retain and use this information indefinitely without further notice.

Article VIII — Data Security

State Record implements appropriate technical and organizational measures designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, but are not limited to:

Encryption of data in transit using Transport Layer Security (TLS) protocols.
Encryption of data at rest using industry-standard encryption algorithms.
Logical access controls, including role-based access, principle of least privilege, and multi-factor authentication for administrative access.
Regular security assessments, including vulnerability scanning and penetration testing.
Physical security controls for facilities where data is stored or processed.
Employee training on data protection obligations and confidentiality requirements.
Incident response procedures and breach notification protocols in compliance with applicable law.

While we strive to protect personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you and relevant supervisory authorities as required by applicable law.

Article IX — Your Rights

9.1 Rights Under the PIPL

If you are located in the People's Republic of China, you have the following rights under the PIPL:

Right to Know and Right to Decide: You have the right to know about and to decide on the processing of your personal information, except where laws or administrative regulations provide otherwise.
Right to Access and Copy: You have the right to access and obtain a copy of your personal information from us, except where laws or administrative regulations provide otherwise.
Right to Rectification: You have the right to have incomplete or inaccurate personal information corrected or completed.
Right to Deletion: You have the right to request deletion of your personal information where: the processing purpose has been achieved, is impossible to achieve, or is no longer necessary; we cease providing the Services or the retention period has expired; you withdraw your consent; or we process your information in violation of applicable law or our agreement with you.
Right to Restrict or Refuse Processing: You have the right to restrict or refuse processing of your personal information by us, except where laws or administrative regulations provide otherwise.
Right to Data Portability: You have the right to request transfer of your personal information to another personal information handler designated by you, where the conditions prescribed by the CAC are met.
Right to Explanation: You have the right to request an explanation of our personal information processing rules.

9.2 Rights Under the GDPR

If the GDPR applies to the processing of your personal information, you have the following rights:

Right of Access (Article 15): The right to obtain confirmation as to whether your personal information is being processed, and where that is the case, access to the personal information along with specified information about the processing.
Right to Rectification (Article 16): The right to have inaccurate personal information rectified and to have incomplete personal information completed.
Right to Erasure (Article 17): The right to have your personal information erased under certain conditions, including where the data is no longer necessary, consent is withdrawn, or processing is unlawful.
Right to Restriction (Article 18): The right to restrict processing of your personal information under certain conditions.
Right to Data Portability (Article 20): The right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller.
Right to Object (Article 21): The right to object to processing based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision-Making (Article 22): The right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects.

9.3 Rights Under the CCPA

If you are a California resident, you have the following rights under the CCPA:

Right to Know: The right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purpose for collection, and the categories of third parties with whom we share it.
Right to Delete: The right to request deletion of personal information we have collected from you, subject to certain exceptions.
Right to Opt-Out of Sale: State Record does not sell personal information as defined under the CCPA. We do not sell, and have not sold in the preceding 12 months, personal information to third parties.
Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights.

9.4 Exercising Your Rights

To exercise any of the rights described above, please contact us using the contact information provided in Article XII. We will respond to verifiable requests within the timeframes prescribed by applicable law — typically within 30 days, extendable by up to an additional 30 days where necessary, with notice provided to you of any extension. We may request specific information from you to verify your identity before processing your request. If we cannot comply with your request, we will provide a written explanation.

If you believe that our processing of your personal information violates applicable law, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction. In China, the relevant authority is the Cyberspace Administration of China (CAC). In the EEA, you may lodge a complaint with the data protection authority in your member state. In the UK, the relevant authority is the Information Commissioner's Office (ICO).

Article X — Children's Privacy

The Services are not directed to individuals under the age of 16. State Record does not knowingly collect, use, or disclose personal information from children under 16. If we become aware that we have inadvertently collected personal information from a child under 16 without verifiable parental consent, we will take prompt steps to delete that information from our systems. If you believe that a child under 16 has provided personal information to us, please contact us immediately using the contact information in Article XII.

Article XI — Third-Party Services and Links

The Services may contain links to third-party websites, applications, or services that are not owned or controlled by State Record. This Policy does not apply to such third-party services. We are not responsible for the privacy practices, content, or security of any third-party services. We encourage you to review the privacy policies of any third-party services you access. The inclusion of a link does not imply endorsement by State Record of the linked service or its operators.

Article XII — Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, or to exercise any of your rights as described in this Policy, please contact:

Data Protection Officer
Shandong Shizheng Network Technology Co., Ltd.
Room 1-102, Building 3, European City
Changjiang Road, Nancheng Subdistrict
Mudan District, Heze, Shandong 274000
People's Republic of China

Email: support@staterecord.mom
Telephone: +1 (854) 843-5396

We will acknowledge receipt of your inquiry within 5 business days and provide a substantive response within 30 days. If your inquiry requires more extensive investigation, we will inform you of the reason for the delay and the expected timeline for resolution.

Article XIII — Amendments to This Policy

State Record may amend this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. The current version of this Policy will always be posted on this page, with the effective date indicated below. Material changes will be communicated through a prominent notice on the Services or through direct communication to users where we have contact information on file. We encourage you to review this Policy periodically. Changes are effective upon posting unless otherwise stated.

Effective Date: 1 January 2025
Last Amended: 1 January 2025
Document Reference: SR-PP-2025-001