Privacy Policy

RENURAY PRIVACY POLICY (GLOBAL)
Effective Date: February 7, 2026
Last Updated: February 7, 2026
 

1. WHY SHOULD YOU READ THIS PRIVACY POLICY?
In Short: This Policy explains how we handle your Personal Data. It helps you understand what we do with your information and what your privacy rights are.
 

Welcome! This Privacy Policy ("Policy") explains how Lee Digital, trading under RENURAY ("Company", "we", "us", or "our"), handles your Personal Data ("Personal Data" or "Data") when you:
 

• Visit our sales website renuray.com ("Website");

• Purchase health and wellness products like red light therapy devices or sleep aids ("Goods" or "Services") via dropshipping;

• Otherwise interact with us (support, quizzes, social media, marketing, affiliates, etc.).
 

This Policy outlines what Data we collect, purposes, use, sharing, retention, your rights, and protection. We commit to processing Data lawfully, fairly, and transparently under:
 

• General Data Protection Regulation (GDPR);

• ePrivacy Directive 2002/58/EC;

• UK GDPR;

• Australia's Privacy Act 1988 and Australian Privacy Principles (APPs);

• US state laws (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA);

• and other applicable laws.
 

Global application, GDPR-founded, with Regional Addenda below. If you disagree, please don't use our Website/Services. Updates effective on publication—review regularly.
 

2. WHO IS RESPONSIBLE FOR PROTECTING YOUR PERSONAL DATA?
We are: Renuray, your Data Controller.
Company number: 
Registered address: 
353 Lexington Avenue
4th Floor PMB293
New York, NY 10016
Support: info@renuray.com.
DPO: info@renuray.com (oversees obligations).

3. FOR WHAT PURPOSES AND WHAT DATA DO WE COLLECT?
In Short: We collect only needed Data for Goods/Services and Website operation
 

We process Data for clear, lawful reasons (contract, consent, legal obligation, legitimate interests). Purposes:
 

1. Process/fulfill orders (Zendrop dropshipping).

2. Payments/compliance (Stripe, taxes).

3. Customer support.

4. Transactional emails.

5. Direct marketing (consent-based).

6. Social media.

7. Defend legal rights/fraud.

8. Monitor performance/marketing (Google Analytics, Meta Pixel).

9. Quizzes/contests/personalization.

10. Promotional content (AI tools like Gemini/Nano Banana).

11. Affiliates.

12. Feedback review.

13. Website security/functionality (Shopify, GemPages).

Key Notes:

• Lawful Basis: Specified per activity (e.g., contract for orders).

• Sensitive Data: None (no health/religion/biometrics beyond quiz prefs).

• Marketing: Consent/opt-out.

• AI/Automation: Support tools; no sole automated decisions (GDPR Art. 22)—human oversight.

• No Data Sales: Never.

• Children: Not for minors (<13/16); delete if found.

Data Types: Name, email, address, payment, IP, cookies, quiz responses, ad data.

4. FROM WHAT SOURCES DO WE GET YOUR DATA?
In Short: From you, auto-collection, trusted third parties.

• You: Orders, forms, quizzes, support.

• Auto: IP, device, cookies/pixels (GemPages, Meta/Google).

• Third Parties: Shopify, Zendrop, ad platforms, affiliates.

• Public: Rare B2B (LinkedIn). No intra-group.
 

5. DO WE SHARE YOUR DATA WITH OTHERS?
In Short: Minimally, with safeguards (DPAs).

Processors: Shopify, Zendrop, Stripe, Google/Meta, email—bound by instructions.

Controllers: Authorities, fraud services, mergers (notice given).

• Consent: Explicit approval.
No unrelated sales/sharing. Shopify processes on our behalf per their policy.
 

6. HOW LONG DO WE KEEP YOUR DATA?
In Short: Only as necessary, then delete/anonymize.

Orders: 7 years (legal).

Marketing: Until opt-out.

Analytics: 26 months.
Inactive accounts: 2 years. Secure per purpose.

7. HOW DO WE ENSURE THE SECURITY OF YOUR DATA?
In Short: Strong measures against risks.
SSL encryption, access controls, audits, training, backups, monitoring. No system 100% secure—use strong passwords, avoid phishing. Breaches reported per law (GDPR 72hrs).

8. DO WE TRANSFER YOUR DATA INTERNATIONALLY?
In Short: Mainly EEA; others with safeguards.
To US (Shopify/Google): EU SCCs + TIAs (Schrems II). Adequacy/encryption where needed. Details via DPO.
 

9. DO WE USE AUTOMATED DECISION-MAKING OR PROFILING?
In Short: AI support only; no significant automated effects.
Tools for efficiency (recs, chat); human review. Right to intervention/explanation.

10. WHAT ARE YOUR RIGHTS?
In Short: Full control—access, delete, etc.

Informed, Access, Rectification, Erasure, Restrict, Portability, Object, Withdraw Consent.

Complaint: local authority.
Subject to limits (legal holds).

11. HOW TO EXERCISE YOUR RIGHTS OR CONTACT US?
Email info@renuray.com. ID verification; ≤1 month response (extensions notified). Authorize reps with proof.

12. REGIONAL ADDENDA
Supplements Global Policy for local laws—overrides only where required.
 

UNITED KINGDOM (UK)
UK residents/UK processing: UK GDPR/Data Protection Act 2018.
Rights: Informed (Art. 13–14), Access (15), Rectification (16), Erasure (17), Restriction (18), Portability (20), Object (21), No automated decisions (22).
Transfers: UK IDTA/EU SCCs Addendum + safeguards.
Marketing: Functional unsubscribe.
Authority: ICO, ico.org.uk.

AUSTRALIA
Australian residents: Privacy Act 1988/APPs.
Rights: Access (APP 12), Correction (13), Anonymous/pseudonym (2), Complaint.
Marketing: APP 7/Spam Act—consent, ID/unsubscribe.
Transfers: Contracts/due diligence/encryption.
Breaches: Notify OAIC if serious harm.
Authority: OAIC, oaic.gov.au.

CANADA
Canadian residents: PIPEDA; provincial (QC Law 25, AB/BC PIPA).
Rights: Know/access, Correction, Withdraw consent, Portability (QC), Complaint.
Marketing (CASL): Express/implied consent, ID, unsubscribe; records.
Transfers: Adequate protection (contracts/tech); foreign access noted.
Authority: OPC, priv.gc.ca; QC: CAI, cai.gouv.qc.ca.

UNITED STATES (USA)
US residents (>thresholds): CCPA/CPRA (CA), VCDPA (VA), CPA (CO), CTDPA (CT), UCPA (UT).
Rights: Know/access (categories/specifics), Deletion, Correction, Opt-out sale/sharing/targeted ads/profiling/sensitive use, Portability, Limit sensitive (CPRA).
Opt-Out: "Do Not Sell/Share My Personal Information" footer; GPC/universal signals. No discrimination.
Transfers: Contractual/tech safeguards. CA private action (breaches).
Authority: State AGs (CA: oag.ca.gov/privacy/ccpa).

Cookies/Tracking: Essential/analytics/marketing—banner (Cookiebot). See Cookie Policy.
Third-Party Links: External policies apply.
Updates: Posted; email/banner for material changes. Continued use = acceptance.
 

Contact Us
Renuray
353 Lexington Avenue
4th Floor PMB293
New York, NY 10016
Email: info@renuray.com
 

THE END OF POLICY

Newsletter

Join our email list for new product alerts

Thanks for contacting us. We'll get back to you as soon as possible.

Info

Terms of Service

Privacy Policy

Shipping Policy

Cookie Policy

Order

Track my Order

Returns & Refunds Policy

Contact
Title

© 2026 RENURAY.

RENURAY