Privacy Policy

Ⅰ.Changes to This Privacy Policy

Ⅰ. Changes to This Privacy Policy

Ⅱ.Scope of Application

Ⅲ.What Personal Information We Collect

The personal information we collect varies based on your interaction with our Site and Services. The term "personal information" (or "personal data" under GDPR) refers to any data that can identify, relate to, describe, or be directly or indirectly associated with an individual. Below are the detailed categories and specific types of personal information we collect, in compliance with GDPR and CCPA/CPRA requirements.

ⅰ.Information We Collect Directly from You

We collect information that you actively submit through our Services, which is necessary to provide you with our products and services. This includes:

1.Contact details: Your full name, residential address, phone number, and email address (required for order delivery, customer communication, and compliance with legal obligations);

2.Order information: Your name, billing address, shipping address, payment confirmation details, email address, and contact number (required to process orders, complete transactions, and fulfill contractual obligations);

3.Account information: Your username, password (encrypted), security questions, and other data used for account protection (required to maintain account security and comply with identity verification requirements);

4.Shopping activity data: Product browsing records, shopping cart content, saved items, loyalty points, customer reviews, referral records, gift card information, and purchase history (used to enhance your shopping experience, provide personalized recommendations, and comply with consumer protection laws);

5.Customer support correspondence: Any information you provide when contacting our support team via our platform (required to respond to your enquiries and resolve issues).

Certain advanced features of our Services may require you to submit specific personal information. You may choose not to provide such data; however, this may limit or prevent your access to relevant functions, and we will not be liable for any inconvenience caused thereby.

ⅱ.Information We Collect Automatically (Usage Data)

We automatically collect behavioural data related to your use of our Services ("Usage Data") through cookies, pixel tags, web beacons, and other similar tracking technologies ("Cookies"), in compliance with GDPR and CCPA/CPRA requirements for transparency and user consent.

Usage Data may include: device specifications (model, operating system), browser type, network connection details, IP address (anonymized where required by law), time and date of access, pages visited, and other technical information reflecting your browsing habits and interaction with our Site and account. This data is collected to stabilize website operation, analyze user behavior, and optimize our Services.

ⅲ.Information We Obtain from Third Parties

We may lawfully obtain your information from authorized third-party vendors and service providers acting on our behalf, in compliance with GDPR and CCPA/CPRA requirements for lawful data collection. This includes:

1.Technical service providers supporting our Site operation, such as WordPress (for website hosting and maintenance), which may collect limited technical data to ensure platform stability;

2.Payment processing partners, who collect billing addresses, bank account details, credit or debit card information (encrypted) to complete transaction settlements, fulfill contractual obligations, and process your orders (we do not store full payment card details);

3.Third-party advertising and analytics partners, with your explicit consent (where required by law), to deliver personalized content and measure the effectiveness of our marketing activities.

When you browse our Site, open embedded emails, click promotional links, or interact with our content and advertisements, we and our authorized third-party partners may automatically collect data via web beacons, software development kits (SDKs), third-party libraries, cookies, and other tracking tools. All information obtained from external parties will be processed and protected in accordance with this Privacy Policy and applicable laws.

Ⅳ.How We Use Your Personal Information

We process your personal information strictly for legitimate purposes, in compliance with GDPR (Article 6) and CCPA/CPRA requirements, and only to the extent necessary to fulfill the stated purposes. The specific uses are as follows:

1.Provision of Products and Services

We use your personal data to perform our contractual obligations to you, including: completing payment processing, arranging order fulfillment and delivery, managing product returns and exchanges (after-sales services), maintaining and managing user accounts, and sending transactional notifications (e.g., order confirmations, shipping updates, account changes). To enhance your overall shopping experience, we may enable WordPress to synchronize your account with compatible third-party services that you explicitly choose to utilise.

2.Marketing and Advertising

We may use your contact information to deliver personalized marketing content, promotional offers, and advertising communications via email, text messages, or postal mail, in compliance with GDPR and CCPA/CPRA requirements:

*For residents of the European Economic Area (EEA), all marketing-related data processing activities are conducted based on your explicit consent (where required) or our legitimate commercial interests in accordance with Article 6(1)(f) of the GDPR. You may withdraw your consent at any time;

*For residents of California (U.S.), you have the right to opt out of targeted advertising and the sale/sharing of your personal information, in accordance with CCPA/CPRA.

This data processing allows us to tailor platform content and advertisements across our website and third-party channels, ensuring that the content you see is relevant to your interests.

3.Security and Fraud Prevention

We use your personal information to protect the security of our Site, our users, and our business, including preventing unauthorized access to user accounts, detecting and mitigating fraud, and ensuring compliance with anti-fraud laws.All registered users are solely responsible for maintaining the confidentiality of their account credentials. We strongly advise you not to disclose your username, password, or access information to any external parties. If you suspect unauthorized account access or data breaches, please contact our support team immediately.

For EEA residents, security-oriented data processing is carried out based on our legitimate interest in safeguarding our website, platform stability, and user data security, in compliance with Article 6(1)(f) of the GDPR.

4.Customer Communication and Service Improvement

Your personal information is used to respond to customer enquiries, provide professional technical support, and continuously optimize our product quality and service experience. This processing constitutes our legitimate business interest in maintaining effective customer communication and long-term cooperative relationships, as defined under Article 6(1)(f) of the GDPR.

5.Compliance with Legal Obligations

We may process your personal information to comply with applicable laws, regulations, and legal requirements, including responding to legal subpoenas, court orders, and regulatory investigations, as well as fulfilling tax, accounting, and reporting obligations.

Ⅴ.Cookies and Tracking Technologies

Our Site utilises cookies and similar tracking technologies in the same manner as most commercial websites, in compliance with GDPR and CCPA/CPRA requirements for transparency and user control. For detailed information regarding WordPress-based cookie deployment, please review the official WordPress Cookie Policy.

ⅰ.Purpose of Cookies

Cookies are used to: stabilize website operation (e.g., maintaining your login status), remember user preferences (e.g., language settings), conduct data analysis (to understand user behavior and optimize our Services), and deliver personalized content and advertisements. We may also allow trusted third-party service providers to deploy cookies to customize services, advertisements, and content across online platforms.

ⅱ.User Control Over Cookies

Most web browsers accept cookies by default. You may adjust your browser settings to restrict, block, or delete stored cookies at any time. Please note that disabling cookies may negatively affect your browsing experience and cause partial website functions to malfunction or become unavailable. Restricting cookies will not fully prevent limited data sharing with our advertising partners.

ⅲ.Global Privacy Control (GPC)

Our website fully supports the Global Privacy Control (GPC) framework, in compliance with CCPA/CPRA requirements. Any GPC privacy preferences you enable in your browser will be recognized as a valid request to opt out of targeted advertising and non-essential data sharing on your current browser and device. For further information about Global Privacy Control, please visit the official GPC website.

Ⅵ.Disclosure of Personal Information

Your personal information will only be disclosed to third parties under limited, legally compliant circumstances, in accordance with GDPR and CCPA/CPRA requirements. We will never sell, rent, or lease your personal information to third parties for commercial purposes without your explicit consent (where required by law).

ⅰ.Circumstances of Disclosure

We may disclose your personal information in the following situations:

1.To authorized service providers assisting our daily operations, including IT maintenance, payment processing, data analysis, customer support, cloud storage, order fulfillment, and logistics delivery. These providers are contractually obligated to protect your personal information and only process it in accordance with our instructions;

2.To business and marketing partners, for the purpose of delivering targeted promotions and collaborative services, only with your explicit consent (where required by law);

3.To third-party organizations, where you provide explicit consent or active authorization for data disclosure;

4.To affiliated enterprises and internal corporate groups for standardised business management, provided that these entities comply with this Privacy Policy and applicable data protection laws;

5.To comply with legal obligations, including responding to legal subpoenas, court orders, regulatory requirements, enforcing our Terms of Service, and protecting the legitimate rights and interests of our platform, users, and relevant third parties;

6.In connection with corporate transactions such as mergers, acquisitions, or bankruptcy proceedings, where the receiving party is contractually obligated to protect your personal information.

ⅱ.Disclosures in the Past Twelve Months

Over the past twelve months, we have disclosed the following categories of personal data to authorized third parties (in compliance with GDPR and CCPA/CPRA reporting requirements):

1.Identification information, including basic contact details, account data, and order records;

2.Commercial activity information, including transaction records, shopping preferences, and customer support correspondence;

3.Network interaction data and usage statistics (anonymized where possible);

4.Geolocation data derived from IP address analysis and other technical positioning tools (only to the extent necessary for order delivery and fraud prevention).

ⅲ.Third Party Websites and Links

Our Site may contain hyperlinks to external websites and third-party platforms beyond our management and supervision. When accessing external links, you are advised to carefully review the independent privacy policies and terms of service of third-party operators.

We assume no responsibility or liability for the data security, content accuracy, and privacy protection measures of external websites. Information shared on public and semi-public third-party platforms may be accessible to other online users, and we are not responsible for such disclosure.

ⅳ.International Data Transfers

We may transfer your personal data to regions outside the European Union (EU), European Economic Area (EEA), and the United States. All cross-border data transmissions are implemented with sufficient protective measures, in compliance with GDPR and CCPA/CPRA requirements, including the adoption of standard contractual clauses (SCCs) approved by the European Commission and other legally recognized mechanisms to ensure the security and compliance of your personal information. We will only transfer your data to countries or regions that provide an adequate level of data protection.

Ⅶ.User Rights (GDPR ＆ CCPA/CPRA Compliance

In accordance with GDPR (for EU/EEA residents) and CCPA/CPRA (for U.S. residents, particularly California residents), you hold the following data subject rights. We will not charge you a fee for exercising these rights, unless the request is excessive, repetitive, or unfounded.

ⅰ.Rights for EU/EEA Residents (GDPR)

1.Right of access: The right to access and obtain a copy of your stored personal information, as well as information about how we process your data;

2.Right to rectification: The right to correct inaccurate or incomplete personal data;

3.Right to erasure ("right to be forgotten"): The right to request permanent deletion of your personal information, where the processing is no longer necessary, you withdraw your consent, or the processing is unlawful;

4.Right to restriction of processing: The right to request that we restrict the processing of your personal information (e.g., if you dispute the accuracy of the data);

5.Right to data portability: The right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit it to another data controller;

6.Right to object: The right to object to the processing of your personal information based on our legitimate interests (e.g., marketing), and we will stop processing unless we can demonstrate compelling legitimate grounds for the processing;

7.Right to withdraw consent: If you have given consent for data processing, you may withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

ⅱ.Rights for U.S. Residents (CCPA/CPRA)

1.Right to know: The right to request information about the categories and specific pieces of personal information we collect, use, and disclose;

2.Right to delete: The right to request deletion of your personal information, subject to certain exceptions (e.g., compliance with legal obligations);

3.Right to opt out: The right to opt out of the sale or sharing of your personal information (including for targeted advertising);

4.Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights (e.g., charging higher prices or providing lower-quality services).

ⅲ.How to Exercise Your Rights

To exercise any of the above rights, please contact us via the official contact methods listed below. We may request reasonable identification to verify your identity (to protect your personal information from unauthorized access) and will respond to all valid requests within the statutory time limit (1 month under GDPR, 45 days under CCPA/CPRA, extendable in limited circumstances).

Ⅷ.Children’s Privacy

In compliance with GDPR (which requires parental consent for processing data of children under 16) and CCPA/CPRA (which protects children under 13), we do not intentionally collect or request personal information from individuals under the age of 16. If we become aware that minor users have submitted personal data without parental or legal guardian consent, we will delete the relevant information immediately and take steps to prevent further collection.

Should you discover any unauthorized collection of minor information, please notify our team promptly via the contact details below.

Ⅸ.Data Retention

We only retain your personal information for the duration necessary to fulfill the collection purpose, as well as to meet legal taxation, accounting, and regulatory reporting obligations, in compliance with GDPR and CCPA/CPRA requirements. The retention period varies based on the type of information and the purpose of processing:

1.Transaction and order information: Retained for the duration of the contractual relationship plus 7 years (to comply with tax and accounting laws);

2.Account information: Retained for as long as your account is active, plus 7 years after account closure;

3.Marketing information: Retained until you withdraw your consent or opt out of marketing communications;

4.Usage data: Anonymized and retained for analytical purposes, or deleted within 12 months of collection.Upon the expiration of the retention period, we will permanently delete or fully anonymise your data to eliminate identification risks, ensuring that the data can no longer be linked to an individual.

Ⅹ.Data Security

We implement appropriate technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction, in compliance with GDPR and CCPA/CPRA requirements. These measures include:

1.Encryption of sensitive data (e.g., passwords, payment information) in transit and at rest;

2.Regular security audits and vulnerability assessments;

3.Access control measures to restrict access to personal information to authorized personnel only;

4.Employee training on data protection and security best practices;

5.Contractual obligations requiring third-party service providers to maintain the same level of security.

While we take all reasonable steps to protect your personal information, no method of data transmission or storage is 100% secure. We cannot guarantee absolute security, but we will promptly notify you and relevant authorities of any data breach that may pose a risk to your rights and freedoms, in accordance with GDPR and CCPA/CPRA requirements.

Ⅺ.Complaints and Disputes

If you have any enquiries or objections regarding our personal data processing practices, or if you believe we have violated applicable data protection laws (GDPR, CCPA/CPRA, etc.), you may submit a complaint via email or phone (contact details below). We will review your complaint and respond to all valid complaints within 30 working days.

If you are not satisfied with our resolution, you have the right to file a formal appeal with the relevant data protection authority:

1.For EU/EEA residents: Your local data protection authority (e.g., Information Commissioner's Office (ICO) in the UK, CNIL in France);

2.For U.S. residents: The California Attorney General's Office (for CCPA/CPRA complaints) or the Federal Trade Commission (FTC).

Ⅻ.Contact Information

For questions regarding this Privacy Policy, our data protection practices, or to submit a data subject right request, complaint, or enquiry, please contact us at:
Email: onetenthglobal@163.com

In accordance with applicable data protection laws, Onetenth Global acts as the independent Data Controller for all personal information collected through our Services, unless otherwise explicitly stipulated in writing.