This Privacy Policy is based on the EU General Data Protection Regulation (GDPR) and applies to [Company Name]’s collection, use, storage, transfer and processing of personal data within the EU. We are committed to protecting the privacy of our users’ personal data and ensuring that all data processing activities are lawful, transparent and secure.
Data Controller Information
The data controller is Bytebloom Trade Ltd. If the company has a Data Protection Officer (DPO), the contact information is [DPO Contact Information].
Categories of Personal Data
We may collect the following categories of personal data:
Basic information: name, gender, date of birth, nationality, etc.
Contact information: address, telephone number, email address.
Transaction information: purchase history, payment information, order details.
Browsing information: IP address, browsing history, device information, cookie data.
Sensitive information: In certain businesses, sensitive personal data such as health data, race or ethnicity, political opinions, etc. may be involved, but they are only collected with explicit consent or as permitted by law.
Data Processing Purposes and Legal Basis
Performance of a Contract: Processing of personal data to perform a contract with the user, such as providing products or services, processing orders and delivering goods. The legal basis is Article 6 (1) (b) GDPR.
Legitimate Interests: Processing of data for the legitimate interests of the company, such as market analysis, customer relationship management, security monitoring. However, such processing does not disproportionately affect the rights and freedoms of users. The legal basis is Article 6 (1) (f) GDPR.
Compliance with a Legal Obligation: Processing of personal data where required by law, such as tax reporting, legal proceedings. The legal basis is Article 6 (1) (c) GDPR.
Consent: For specific data processing activities, we obtain the user's explicit, free and informed consent. The user has the right to withdraw consent at any time without affecting the lawfulness of data processing based on consent before its withdrawal. The legal basis is Article 6 (1) (a) GDPR.
Period of Data Storage
We will determine the storage period of personal data based on the purpose of data processing and legal requirements. In general, data will be deleted or anonymized after the processing purpose is achieved, except where it is required to be retained by law. For example, transaction data may be required to be retained for several years in accordance with tax regulations.
Data Recipients
Internal Recipients: Departments within the company involved in data processing, such as sales, customer service, technical support, etc., access and process personal data only to the extent necessary to perform their duties.
Third-party service providers: We may share personal data with third-party service providers, such as payment processors, logistics partners, data analysis companies, etc. These third parties must comply with strict data protection obligations to ensure data security.
Disclosures required by law: We may disclose personal data when required by law or in response to legitimate government requests.
Data Sources
Direct Collection: Personal data is collected directly from users, such as forms filled out when registering, purchasing products or services.
Indirect Collection: Indirect collection through users' use of our websites, applications or interactions with us, such as cookie data, device information.
Third-party Sources: Obtain personal data from authorized third parties, such as user information provided by partners, under the premise of legal compliance.
International Data Transfers
If personal data needs to be transferred to a country or region outside the EU, we will ensure that the recipient has a data protection level equivalent to that of the EU. Specific measures include using standard contractual clauses approved by the European Commission and obtaining data protection certification in the country or region where the recipient is located.
Data Subject Rights
Right of access: Users have the right to request access to their personal data and understand how we process their data.
Right to rectification: Users have the right to request rectification if their personal data is inaccurate or incomplete.
Right to erasure: Users have the right to request the erasure of their personal data, subject to legal provisions, such as when the data is no longer necessary for the processing purpose or when the user withdraws consent.
Right to restriction of processing: Users have the right to request the restriction of the processing of their personal data, such as when there is a dispute about the accuracy of the data.
Right to data portability: Users have the right to obtain their personal data and receive or transmit it to another data controller in a structured, commonly used, machine-readable format.
Right to object: Users have the right to object to our processing of their personal data based on their particular situation, such as processing based on legitimate interests.
Users can exercise the above rights through [email protected], and we will respond to and process the user's request within the period prescribed by law.
Data security measures
We take appropriate technical and organizational measures to protect the security of personal data and prevent unauthorized access, disclosure, tampering or destruction of data. These measures include but are not limited to:
Access control: Implement strict access control policies to limit access to personal data to authorized personnel.
Encryption technology: Encrypt sensitive data for storage and transmission to ensure data confidentiality.
Security vulnerability management: Regularly scan and repair security vulnerabilities to respond to potential security threats in a timely manner.
Employee training: Conduct data protection training for employees involved in personal data processing to improve employees' security awareness and compliance awareness.
Policy Updates
We may update this privacy policy based on changes in laws and regulations, business needs or other reasonable reasons. The updated policy will be published on our website and notified to users when necessary. Users agree to accept the updated privacy policy by continuing to use our services.
Contact information
If you have any questions, complaints or suggestions about this privacy policy or our data processing activities, please contact us:
Contact email: [email protected]