Sincoole Mall EU Privacy Policy
(Formulated in accordance with the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679))
1. Scope of Application
This Privacy Policy applies to the collection, storage, use, transmission, protection, and other processing activities of consumers’ personal data by Sincoole Mall (Operator Information: Head Office Address – Building E, Kaisheng Wisdom Park, Nanchang No. 3 Industrial Zone, Gushu Community, Bao’an District, Shenzhen City, Guangdong Province, China) when conducting business such as the sale of rugged tablets and after-sales services (including returns and refunds) in the European Union (covering EU member states and EEA countries). It applies regardless of whether you interact with us through Sincoole Mall’s EU regional official website, email, customer service hotline, or other channels.
2. Data Collection and Processing Purposes
2.1 Types of Personal Data Collected
- Identity Data: Full name, email address (e.g., the email associated with [email protected] used for inquiries), phone number (e.g., the contact number linked to the customer service hotline +86-755-23023855 you use), delivery address within the EU, and ID/passport number (collected only when identity verification is required for cross-border customs clearance);
- Transaction Data: Order number, model and serial number of the purchased rugged tablet, payment method, payment amount, VAT information, and order creation and completion time;
- Interaction Data: Records of communications with customer service (including call recordings and email content), materials related to return and refund applications (e.g., photos/videos of issues, inspection reports), login logs of official website accounts, and page browsing and operation records;
- Device Data: IP address of the device used to access Sincoole Mall’s official website, browser type, operating system version, and device identifiers (non-unique identifiers).
2.2 Purposes of Data Processing
- Fulfilling Transaction Obligations: Used to process your order payment, product delivery (including cross-border logistics and customs clearance), invoice issuance, as well as product inspection and refund processing during the return and refund process;
- Providing Customer Service: Responding to your inquiries, complaints, and after-sales needs (e.g., answering questions about the use of rugged tablets, handling return and refund applications) and providing progress updates via email or phone;
- Ensuring Service Compliance: Retaining transaction and after-sales records to meet the requirements of EU regulations related to taxation (e.g., VAT declaration) and consumer rights protection, and addressing potential disputes;
- Optimizing Service Experience: Analyzing the usage of the official website based on non-identifiable device data and browsing records to improve page functions and operation processes (data analysis that does not involve personal identity association).
3. Legal Basis for Data Processing
In accordance with GDPR requirements, the processing of your personal data must meet one of the following legal conditions:
- Performance of a Contract: For example, processing order data to complete product sales and delivery, and processing return and refund data to fulfill after-sales commitments are necessary to implement the transaction contract between you and Sincoole Mall;
- Obtaining Your Consent: For example, before collecting customer service communication records and device browsing data, we will clearly inform you and obtain your consent (which can be withdrawn at any time);
- Compliance with Legal Obligations: For example, retaining transaction records to meet the accounting and declaration requirements of EU tax authorities, and storing return and refund materials to respond to regulatory inspections related to consumer rights.
4. Data Storage and Transmission
4.1 Data Storage
- Storage Period: Your personal data will only be retained for the period necessary to achieve the purposes of data processing. The specific periods are as follows:
- Transaction and return/refund-related data (including orders, payments, and after-sales materials): Retained for 7 years after the completion of the transaction or the end of the return and refund process (to meet EU tax and consumer dispute traceability requirements);
- Customer service communication records: Retained for 2 years after the end of the communication to address potential subsequent after-sales inquiries;
- Device browsing data: Deleted within 30 days after you withdraw your consent or stop accessing the official website;
- Data for which the processing purpose has been achieved and no further retention is necessary will be deleted or anonymized immediately after the expiration of the retention period (anonymized data is no longer considered personal data).
- Storage Method: Your personal data is stored on servers that comply with GDPR security standards (including compliant cloud storage services within the EU and certified secure servers in China). Security measures such as encryption (e.g., SSL encryption for data transmission, AES-256 encryption for storage) and access control (only authorized personnel can access) are adopted to ensure security.
4.2 Data Transmission
- Domestic Transmission: Since Sincoole Mall’s head office is located in China, some data (e.g., transaction records, return and refund materials) needs to be transmitted to China for compliance filing and after-sales collaboration. We ensure compliance through the following methods:
- Signing data processing agreements that meet GDPR requirements (including data security protection clauses) with data processors in China;
- Adopting encrypted transmission technology, restricting data access scope, and using the data only for necessary business collaboration (e.g., the head office’s finance department processing refund payments).
- Third-Party Transmission: Your data will only be transmitted to strictly screened third-party partners when necessary to achieve the purposes of data processing. We will clarify their data protection obligations through contracts. Types of third-party partners include:
- Logistics service providers: Used for product delivery and logistics tracking of returned products for refunds;
- Payment institutions: Used for processing order payments and refund operations;
- Compliant inspection institutions: Used for quality inspection of rugged tablets during returns and refunds (only necessary product and issue description data is provided).
We ensure that all third-party partners comply with GDPR data protection requirements and will not use your data for purposes unrelated to our agreement.
5. Rights of Data Subjects
In accordance with GDPR, as a data subject, you have the following rights. You can submit an application through the channels in the “Contact Information” section of this Policy, and we will respond and process it within 1 month (complex cases may be extended to 2 months, and we will notify you in advance):
- Right of Access: The right to request us to provide a copy of your personal data and inform you of the purposes, methods, storage period, and recipients of data processing;
- Right to Rectification: If your personal data (e.g., delivery address, contact information) is incorrect or incomplete, the right to request us to rectify it;
- Right to Erasure: The right to request us to delete your personal data when the purpose of data processing has been achieved, you withdraw your consent, or other legal circumstances apply (except when retention is required by legal obligations);
- Right to Restriction of Processing: If you have objections to the legality of data processing, the right to request us to suspend data processing (e.g., suspending the use of your contact information to send service notifications);
- Right to Data Portability: The right to request us to provide your transaction and account-related data in a structured, machine-readable format (e.g., CSV files) to facilitate your transfer to other service providers;
- Right to Object: If we process your data based on “legitimate interests” (e.g., non-essential service optimization analysis), you have the right to object, and we will stop the processing (unless there are more important legitimate reasons).
6. Data Security Assurance
We adopt dual technical and management measures to protect the security of your personal data and prevent data leakage, loss, or unauthorized access:
- Technical Measures: Adopting SSL/TLS encryption protocol for data transmission, AES-256 encryption technology for storage, and conducting regular security vulnerability scans and penetration tests on servers;
- Management Measures: Strictly restricting data access rights (only authorized personnel in specific positions can access), providing GDPR data protection training to employees, and formulating emergency response plans for data breaches;
- Breach Notification: In the event of a personal data breach that may damage your rights and interests, we will notify you via email or phone within 72 hours of discovering the breach, inform you of the type of leaked data, impacts, and response measures, and report to the relevant EU Data Protection Authority (DPA) at the same time.
7. Third-Party Links and Services
Sincoole Mall’s official website may contain links to third-party platforms (e.g., the EU ODR dispute resolution platform, logistics service providers’ official websites). We are not responsible for the privacy policies and data processing behaviors of these third parties. It is recommended that you carefully read the privacy policies of third-party platforms before accessing them.
8. Policy Updates and Notifications
We may update this Privacy Policy in accordance with changes in EU regulations or business adjustments. The updated policy will be publicly displayed in a prominent position on Sincoole Mall’s EU regional official website, and notifications will be sent via email to consumers who have retained their contact information (if you do not receive the notification, you can log in to the official website to check the latest version). Policy updates do not have retrospective effect, and the original policy will still apply to personal data that has already been processed.
9. Contact Information
If you have questions about personal data processing, need to exercise your rights as a data subject, or wish to file a complaint about data protection issues, you can contact us through the following methods:
- EU Regional Data Protection Officer Email: [email protected] (please indicate “GDPR Data Request + Your Full Name” in the email subject);
- Customer Service Hotline: +86-755-23023855 (Service Hours: Monday to Friday, 9:00 AM – 6:00 PM CET/CEST, adjusted accordingly during daylight saving time);
- Head Office Address: Building E, Kaisheng Wisdom Park, Nanchang No. 3 Industrial Zone, Gushu Community, Bao’an District, Shenzhen City, Guangdong Province, China
If you are not satisfied with our processing results, you can file a complaint with the Data Protection Authority (DPA) of the EU member state where you reside (e.g., Verbraucherzentrale in Germany, CNIL in France) or initiate cross-border dispute resolution through the EU ODR platform (ec.europa.eu/odr).
