This Privacy Policy is based on the EU General Data Protection Regulation (GDPR) and is intended to provide you with a clear explanation of how we collect, use, store and protect your personal data to ensure that your privacy rights are fully respected and protected. By using our services or interacting with us, you agree to the terms of this Privacy Policy. If you have any questions or concerns about this policy, please feel free to contact us.
Scope of application
This policy applies to all our business activities conducted in the EU and data processing related to EU residents. Whether you provide personal data through our websites, mobile applications, or offline interactions, you are subject to this policy.
Data collection and processing
Data types collected: We may collect various types of personal data, including but not limited to name, contact information (such as email address, phone number), identification information (such as ID number, passport number, only collected in necessary business scenarios), transaction information (if it involves purchasing products or services), browsing behavior data (such as IP address, access time, browsing page records), etc. The purpose of collecting this data is to provide you with better services, improve our products, conduct market analysis, and ensure transaction security.
Collection method: Data is collected mainly through your active provision (such as filling out forms, registering accounts), automatic collection during the use of our services (such as through cookies, server log records), and legal acquisition from third-party partners (with your authorization and in compliance with legal requirements).
Processing purpose: The purpose of our processing of personal data includes but is not limited to fulfilling the contract signed with you (if any), providing customer support, personalized service recommendations, conducting internal operations management, conducting market research and analysis, and complying with legal and regulatory requirements.
Legal basis: We process data based on the lawful basis stipulated in the GDPR, including your consent (such as for certain specific data processing activities, we will explicitly ask for your consent), the necessity of fulfilling the contract (such as processing order-related data to complete transactions), complying with legal obligations (such as reporting data to regulators), and our legitimate interests (provided that it does not harm your rights and interests, such as conducting data analysis to improve service quality).
Consent mechanism
For data processing activities that require your consent, we will explain to you key information such as the purpose of processing, data type, processing method, etc. in a clear and understandable manner, and provide clear consent options. You have the right to withdraw your consent at any time, and the withdrawal of consent does not affect the legality of data processing based on consent before the withdrawal. Giving and withdrawing consent is easy and you can do so through the channels we provide (e.g. privacy options in account settings, specific contact emails, etc.).
Data storage and retention
We will retain your personal data for the shortest period necessary to achieve the purpose of data processing, unless otherwise required by law or you have agreed to a longer retention period. The data is stored in a secure server environment, and appropriate technical and organizational measures are taken to ensure the confidentiality, integrity and availability of the data. When the storage period expires or the data is no longer required, it will be deleted or anonymized in a secure manner.
User rights
Right to be informed: You have the right to know the details of how we collect and process your personal data, and this privacy policy aims to provide you with comprehensive information.
Right to access: You have the right to request a copy of your personal data from us at any time, and we will respond and provide the relevant data within the specified time (usually no more than one month).
Right to correction: If you find that your personal data held by us is wrong or inaccurate, you have the right to request us to correct it. We will verify and update the data in a timely manner.
Right to erasure: In compliance with GDPR, you have the right to request that we delete your personal data, such as when the data is no longer necessary for the purpose of processing, when you withdraw your consent and there is no other lawful basis for processing.
Right to restrict processing: In certain circumstances, you may request that we restrict the processing of your personal data, such as during the period when you object to the accuracy of the data, when the legality of the processing is questioned, etc.
Right to data portability: You have the right to request that we provide your personal data to you or a third party designated by you in a structured, common and machine-readable format, as long as technically feasible.
Right to object: For data processing activities based on our legitimate interests, you have the right to object in certain circumstances, and we will decide whether to continue processing after evaluating your reasons for objection.
Data security
We attach great importance to data security and have taken a series of strict security measures to protect your personal data from unauthorized access, disclosure, tampering or destruction. These measures include but are not limited to data encryption, access control (such as multi-factor authentication, hierarchical permission management), regular security audits, employee security training, etc. At the same time, we have formulated a data breach emergency plan. If a data breach occurs, we will promptly notify you and relevant regulatory authorities in accordance with legal requirements and take measures to mitigate the damage.
Third-party sharing and cross-border transfer
Third-party sharing: We only share your personal data with third parties in the following circumstances: you explicitly agree to share; sharing is necessary to perform the contract signed with you (such as sharing order information with logistics partners to complete delivery); third parties provide services for us (such as data analysis service providers, technical support suppliers), and their processing of data is subject to strict confidentiality agreements; sharing is required by law or to protect our legitimate rights and interests. When sharing, we will ensure that third parties comply with the same strict data protection standards as us.
Cross-border transfer: If it involves transferring your personal data to a country or region outside the EU, we will ensure that the country or region where the recipient is located has a level of "adequate protection" recognized by the European Commission, or take appropriate safeguards (such as signing standard contractual clauses, obtaining security commitments from the recipient, etc.) to protect your data rights and interests. Before cross-border transfer, we will explain the relevant situation to you and obtain your consent (if applicable).
Children's privacy protection
We attach great importance to the protection of children's privacy. If our services are for children under the age of 16 (some EU member states may have different age limits, subject to local laws), we will seek the consent of their parents or legal guardians before collecting personal data from children and take additional security measures to protect children's data. If we find that children's data has been collected without authorization, we will delete the relevant data immediately.
Policy Updates and Notifications
We may update this Privacy Policy in accordance with changes in laws and regulations, business development or other reasonable reasons. The updated policy will be published on our website or related service platform, and notified to you in an appropriate manner (such as sending emails, push notifications in applications, etc.). It is recommended that you review this policy regularly to understand the latest content. If the policy update involves major changes, your continued use of our services will be deemed to be your acceptance of the updated policy; if you do not agree to the updated content, you have the right to stop using the service and exercise relevant data rights.
Contact Us
If you have any questions, comments or complaints about this Privacy Policy or our data processing activities, or wish to exercise your relevant rights, please contact us in the following ways:
Data Protection Officer Email: [email protected]