-625x207.png "Stridewise")
Welcome to ZEPHYROS TRADING CO., LTD (hereinafter referred to as "we") at zephyrostrade.com. We understand that protecting your personal data is of paramount importance. This Privacy Policy provides a clear and transparent explanation of how we process your personal data in the EU, ensuring compliance with the EU General Data Protection Regulation (GDPR) and related laws and regulations.
1. Data Controller Information
The data controller is ZEPHYROS TRADING CO., LTD. You can contact us at:
Email: [email protected]
Website: zephyrostrade.com
2. Scope
This Privacy Policy applies to our collection, use, storage, transfer, and other processing of personal data of EU residents in the EU. Whether you browse products on our website, place an order, or communicate with our customer service team, our processing of your personal data is governed by this Policy.
3. Definition and Collection of Personal Data
3.1 Definition
Under the GDPR, personal data means any information relating to an identified or identifiable natural person (data subject). For example, information such as your name, contact information (including email address and phone number), address, purchase history, and browsing preferences, as long as it can directly or indirectly identify you, falls under the category of personal data.
3.2 Collection Methods and Purposes
Direct Collection: We directly collect the personal data you provide when you register an account on our website, place an order, participate in a survey, or communicate with customer service. This is done to complete your transaction, provide customer service, and understand your needs in order to optimize our products and services.
Indirect Collection: When you use our website, we may automatically collect certain information through technical means, such as your IP address, browser type, device information, and browsing behavior (pages visited, duration of stay, etc.). This data is used for website operation analysis, user experience optimization, network security, and fraud prevention.
Third-Party Sources: In certain circumstances, we may obtain some of your personal data from partners (such as payment institutions and logistics providers) to complete transactions or improve service quality. However, we only obtain this data when necessary and in compliance with legal requirements, and we ensure that third parties also comply with applicable laws and regulations regarding the processing of your data.
4. Use of Personal Data
Performing Contractual Obligations: We use your personal data to perform our contract with you, including processing orders, arranging delivery, and providing after-sales service.
Providing Personalized Services: We analyze your purchase history and browsing preferences to provide you with personalized product recommendations, promotions, and a customized user experience.
Improving Products and Services: We use collected personal data to understand user needs and feedback and improve our product design, website functionality, and service processes.
Legal Compliance and Security: We use personal data to comply with EU laws and regulations, protect our legitimate rights and interests, and prevent fraud, cyberattacks, and other security threats.
5. Storage and Retention Period of Personal Data
Storage Location: We will implement reasonable technical and organizational measures to ensure that your personal data is stored in a secure environment. Some data may be stored on servers within the EU, while some data may be transferred outside the EU to storage facilities that meet data protection standards for business purposes. Before any cross-border transfer, we will implement appropriate safeguards, such as entering into standard contractual clauses, to ensure that your data is adequately protected overseas. Retention Period: We retain your personal data only for the minimum period necessary to fulfill the purposes for which it was collected, taking into account legal requirements (such as record retention periods under tax and accounting regulations) and business needs. For example, transaction-related data may be retained for several years after a transaction is completed to facilitate potential post-sale dispute resolution or audit requirements; browsing behavior data may be deleted shortly after being used for analytical purposes, unless there is another legitimate reason for continued retention.
6. Sharing and Disclosure of Personal Data
Internal Sharing: Within ZEPHYROS TRADING CO., LTD, relevant departments and employees may share your personal data to the extent necessary to achieve the purposes described in this Privacy Policy. We strictly manage and supervise internal data sharing to ensure that employees comply with our data protection policies and confidentiality obligations.
Third-Party Service Providers: We may provide your personal data to third parties who provide services to us, such as payment processors, logistics partners, data analytics agencies, and marketing service providers. These third parties process your data only under our instructions and are subject to strict data protection and confidentiality obligations. For example, payment processors process your payment information to complete transactions, logistics partners obtain your shipping address to deliver products, and data analytics companies help us analyze user behavior to optimize our services.
Legal Requirements and Protected Rights: We may disclose your personal data to law enforcement agencies, regulators, or other third parties when required by law or to protect our legal rights, the rights of others, or the public interest. For example, we may disclose necessary personal data in response to a subpoena, government investigation, or to prevent fraud or protect network security.
7. Data Subject Rights and Obligations
7.1 Data Subject Rights
Under the GDPR, you, as a data subject, have the following rights:
Right to Know: You have the right to be informed of the manner, purpose, and scope of our collection, use, storage, and sharing of your personal data, as well as the rights associated with such collection. This Privacy Policy serves as an important means of exercising your right to be informed.
Right to Access: You have the right to request access to your personal data at any time to understand what data we hold about you, how we use it, and how it is processed. You can submit an access request by contacting us via email, and we will respond within the statutory timeframe and provide a copy of the relevant data. Right to Correction: If you discover that the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it. You can provide us with the corrected information, and we will promptly update your data records. Right to Erasure (Right to Be Forgotten): You have the right to request that we delete your personal data under certain conditions, such as if the data is no longer necessary for the purposes for which it was processed, if you have withdrawn your consent and there is no other lawful basis for processing, or if you have exercised your legal right to object. However, please note that if there are legal exceptions (such as legal requirements to retain data to meet tax reporting obligations), we may not be able to immediately delete all data. Instead, we may restrict processing of the data and retain it only to the extent permitted by law. Right to Restriction of Processing: In certain circumstances, such as pending verification of your objection to the accuracy of the data or while the lawfulness of your objection to processing is being assessed, you have the right to request that we restrict the processing of your personal data, meaning that we only store the data and do not further process it. Right to Data Portability: You have the right to request that we provide you with your personal data in a structured, commonly used, machine-readable format, or, where technically feasible, transfer the data directly to another data controller designated by you. Right to Object: You have the right to object at any time to data processing activities based on legitimate interests or the public interest, based on your particular situation. If you object, we will cease the relevant data processing unless we can demonstrate compelling legitimate grounds for continuing the processing that override your interests.
Right to Not Be Subject to Automated Decision-Making: In certain circumstances, if we make automated decisions about you (such as algorithm-based personalized recommendations, credit assessments, etc.) and such decisions have a legal or similarly significant impact on you, you have the right to request human intervention, understand the decision-making basis, and object to the decision.
7.2 Obligations of the Data Subject
To ensure the lawful, accurate, and secure processing of your personal data, while enjoying the rights described above, you must fulfill the following obligations:
Obligation to Provide Truthful Information: When providing us with personal data, you must ensure the truthfulness, accuracy, and completeness of the information provided. If your personal information (such as contact information, address, etc.) changes, you must promptly notify us to update it to avoid inaccuracies that may affect your rights and service experience. Obligation to Protect Your Account Information: If you register an account to use our services, you must keep your account name, password, and other login information confidential and not disclose or allow others to use it. You are solely responsible for any personal data security risks or losses resulting from the disclosure of your account information due to your own fault.
Obligation to Comply with Laws and Regulations: When exercising your data subject rights or interacting with us regarding data, you must comply with the relevant laws and regulations of the EU and your member state. You must not use personal data processing activities to engage in any illegal or unlawful conduct, nor harm the legitimate rights and interests of us or third parties.
Obligation to Cooperate with Reasonable Data Processing: You must cooperate with us in reasonable data processing activities, such as identity verification and order confirmation, to fulfill contractual obligations, comply with legal requirements, or ensure the security of our services. Unjustified refusal to cooperate may result in the inability to provide the relevant services.
8. Protection of Children's Personal Data
We take the protection of children's personal data very seriously. In accordance with EU law, we do not actively collect personal data from children under the age of 16 without the consent of their parents or legal guardians (some EU member states may have a lower age of consent, depending on local law). If we discover that we have mistakenly collected a child's personal data, we will immediately take steps to delete that data. If you believe we may have mistakenly collected your child's personal data, please notify us via our contact email address and we will promptly address the issue.
9. Data Security Measures
We implement a variety of technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, modification, or destruction. These measures include, but are not limited to:
Data Encryption: Sensitive data (such as payment information and passwords) is encrypted during transmission and storage to ensure data confidentiality.
Access Control: We implement a strict access control policy to ensure only authorized personnel have access to your personal data, and access rights are restricted based on their job responsibilities.
Security Vulnerability Management: We regularly detect and fix security vulnerabilities in our systems and promptly update security patches to prevent cyberattacks and data breaches.
Employee Training: We provide data protection training to all employees to enhance their data security awareness and compliance practices, ensuring they properly handle personal data in their daily work. Emergency Response Plan: Develop a comprehensive data breach emergency response plan to promptly investigate, notify relevant parties (such as you and regulators), and implement remedial measures in the event of a data breach to mitigate losses and impact.
10. Policy Updates and Notifications
We may update this Privacy Policy based on changes in laws and regulations, business developments, or other legitimate reasons. The updated Privacy Policy will be posted on our website, and we may notify you of significant changes through email, website pop-ups, and other means. Please review this Privacy Policy regularly to stay informed of the latest changes to our handling of your personal data.
11. Complaints and Dispute Resolution
If you have any questions, complaints, or suggestions regarding our handling of your personal data or this Privacy Policy, please feel free to contact us using the contact information provided. We will do our best to resolve your concerns. If you are dissatisfied with our handling of your concerns, you have the right to lodge a complaint with the relevant EU data protection regulator. You can find the contact information and complaint procedures for your member state's data protection regulator on the EU Data Protection Board website.
We are committed to protecting the privacy of your personal data and thank you for your trust and support in ZEPHYROS TRADING CO., LTD.
ZEPHYROS TRADING CO., LTD