Privacy Policy

Last Updated: 2025-09-05 (Taipei Time)

Thank you for visiting Lilia (the “Website”, “we”, “our”, or “us”). We value your privacy and process personal data in accordance with applicable laws, including the Taiwan Personal Data Protection Act (PDPA), the EU/UK General Data Protection Regulation (GDPR), and California CCPA/CPRA. This policy explains how we collect, use, share, and protect information on our Website (e.g., main domain, landing pages, forms, campaign pages, cookie tools, and third‑party plugins). For our apps/devices, please see the separate App & Device Privacy Policy.

Related Legal Pages (Separate Tabs)

Our legal documents are published as separate pages:

  1. This Privacy Policy (Website only)
  2. Cookie Policy — details on cookies/pixels, categories, retention, and preferences
  3. Terms of Use — rules for using the Website, IP, disclaimers, liability

TL;DR Summary

  • We collect data only when needed: when you submit forms, subscribe to newsletters, join events, or when cookies/analytics operate.
  • Main purposes: provide/maintain the Website, respond to inquiries, measure/improve experience, security, and (where permitted) marketing.
  • You may withdraw consent, manage cookie preferences, and exercise rights under applicable laws (access, rectification, deletion, restriction, portability, objection, etc.).
  • We do not sell personal information. If sharing with ad partners is required, we comply with law and provide opt‑out mechanisms.
  • We use reasonable technical and organizational safeguards (TLS in transit, access controls, logging, training).

Cookie Preferences: Use our Cookie Preferences Center (link in footer or consent banner). Full cookie details live in the Cookie Policy.

Scope

This policy covers personal data processed on the Website. Third‑party sites/services (e.g., social media, payment, video embeds) are governed by their own policies.

Information We Collect

1) Information You Provide

  • Contact details: name, email, phone, company/organization, title, country/region
  • Form content: inquiry text, feedback, event sign‑ups
  • Marketing subscriptions: newsletter topics, language preferences

2) Information Collected Automatically

  • Device & logs: IP address, browser/OS, language settings, referrers, pages viewed, time on page, clicks, error logs
  • Cookies & similar tech: see the Cookie Policy for categories and retention

3) Information from Third Parties

  • Analytics/ads partners: aggregated reports and audience stats (not directly identifying you)
  • Publicly available sources: used only for clear, lawful purposes

We do not seek to collect sensitive data (e.g., medical diagnoses, religion, precise location, government IDs). If you voluntarily submit such data, you consent to our processing under this Policy; we may suggest deleting or anonymizing it.

How We Use Information (Purposes)

  • Provide, operate, and improve the Website and its content
  • Respond to your inquiries (support, technical or business communication)
  • Analyze usage (traffic, performance, A/B tests, debugging)
  • Marketing (newsletters, remarketing/retargeting, event invites) where permitted by law and/or with your consent
  • Compliance with legal obligations, protection of rights, security, and fraud prevention

Legal Bases (Illustrative)

  • Consent (GDPR Art. 6(1)(a) / PDPA lawful purposes): newsletters, events, certain marketing cookies; you can withdraw at any time
  • Contract performance (GDPR Art. 6(1)(b)): responding to your requests, providing requested Website features
  • Legal obligation (GDPR Art. 6(1)(c)): responding to lawful requests by authorities/courts
  • Legitimate interests (GDPR Art. 6(1)(f)): security, fraud prevention, service integrity, performance monitoring (balanced against your rights)

Cookies & Tracking (Summary)

We use strictly necessary, performance/analytics, functional, and advertising/retargeting cookies or similar technologies to provide core functionality, measure performance, enhance UX, and show more relevant content.

  • See the full Cookie Policy for details and retention
  • Manage preferences via the Cookie Preferences Center (footer link/banner) or your browser settings

How We Share Information

We share data only as needed and in line with this Policy and applicable laws:

  • Processors/Service providers: hosting/CDN, analytics, email/newsletter tools, customer support systems
  • Analytics/ads partners: limited identifiers and/or aggregated data, subject to your consent or legal allowance
  • Authorities/third parties: when required by law
  • Corporate transactions: as reasonably necessary in mergers, acquisitions, or similar events (with notice and options where appropriate)

We do not sell personal information. If our practices change, we will update this Policy and provide a “Do Not Sell or Share My Personal Information” option where required (e.g., under CPRA).

International Transfers

Your data may be transferred outside Taiwan (e.g., to the EU, US, or other regions where providers operate). We rely on lawful transfer mechanisms such as Standard Contractual Clauses (SCCs) and adopt appropriate safeguards.

Retention

We keep data only as long as necessary for the purposes collected or as required by law/contract. Typical periods:

  • Inquiries/contact records: until follow‑up is completed, then 12–24 months (longer if needed for disputes/compliance)
  • Newsletter subscriptions: until you unsubscribe or we discontinue the service
  • Logs/analytics: deleted or anonymized after tool‑default or business‑need‑based periods (e.g., 90–540 days)

Security

We maintain reasonable technical and organizational measures (e.g., TLS encryption, least‑privilege access, audit logging, staff training) to protect against unauthorized access, disclosure, alteration, or destruction. No method of transmission or storage is 100% secure.

Your Rights

Under Taiwan PDPA

Rights include access, copy, supplementation/rectification, cessation of collection/processing/use, and deletion. Not providing certain data may affect service completeness.

Under GDPR (EEA/UK)

Rights include access, rectification, erasure, restriction, portability, objection (including to processing based on legitimate interests or direct marketing), and withdrawal of consent (without affecting prior lawful processing). You may lodge a complaint with a supervisory authority.

Under CCPA/CPRA (California)

Rights include know/access, delete, correct, opt‑out of “sale/share”, limit use/disclosure of sensitive PI, and non‑discrimination. Where applicable, we will provide a “Do Not Sell or Share My Personal Information” link/mechanism.

To exercise rights: see Contact Us below. We may verify your identity before fulfilling requests.

Children & Minors

The Website is not directed to children under 13 (or the applicable age of consent in your jurisdiction). If you are a parent/guardian and believe we collected a child’s data without consent, please contact us so we can delete it.

Updates to This Policy

We may update this Policy due to service changes or legal updates. We will revise the “Last Updated” date above and, for material changes (e.g., purpose changes), provide prominent notice (banner, pop‑up, or email where applicable).

We may need to verify your identity before processing certain requests to protect your data.