Privacy Policy

This Privacy Policy is prepared in accordance with the EU General Data Protection Regulation (GDPR) and related laws and regulations. It defines CLOUDREACH TRADE LLC ("we" or "us"; official website: cloudreachtrade.com; customer service email: [email protected])'s collection, use, storage, transfer, and other processing activities regarding the personal data of data subjects located in the EU, as well as the related rights of data subjects. This Policy applies to all personal data processing activities related to the sale and after-sales service of tablecloth products provided to individuals within the EU.

1. Scope and Data Subjects

Applicable Scenario: This Policy covers the processing of personal data in all interactions with customers located in the EU, including website browsing, account registration, order submission, after-sales service, consultations, and market research.

Definition of Data Subject: A natural person located in the EU whose personal data we collect, store, and process. Even if our business locations are outside the EU, as long as the data processing activities involve the provision of tablecloth products or services to individuals located in the EU, those individuals are considered data subjects for the purposes of this Policy. 2. Collection and Processing of Personal Data

(I) Types of Personal Data Collected

Basic Identity Data: includes, but is not limited to, name, gender, date of birth, contact information (telephone number, email address, mailing address), and other information used to identify the data subject.

Transaction Data: includes order information (product model, quantity, specifications), payment records, logistics and delivery information, invoice information, and other data related to wallpaper purchases.

Technical Interaction Data: includes technical data generated through visits to the official website, such as IP address, browser type, access time, page view history, and device identifiers.

Communication and Feedback Data: includes inquiries, complaints, after-sales service requests, and related processing records sent through the customer service email ([email protected]) or other channels.

(II) Legal Basis for Data Collection

Necessary for the performance of the tablecloth sales contract with the data subject;

Obtain the data subject's explicit consent (which may be withdrawn at any time);

To comply with applicable legal obligations (such as tax reporting, order filing, etc.);

To protect the vital interests of the data subject or other natural persons;

To achieve our legitimate business interests (such as market analysis and product optimization), without prejudice to the fundamental rights and freedoms of the data subject.

(III) Purposes of Data Processing

Complete order processing, product delivery, and after-sales service, including logistics tracking and returns and exchanges;

Maintain the normal operation of the official website, optimize the user experience, and ensure network security;

Respond to inquiries, complaints, and suggestions from data subjects and provide personalized service support;

Conduct market research and analysis to improve tablecloth product design, material selection, and service quality;

Send important business-related notifications (such as order status updates, product recall information, etc.);

Comply with the data protection laws and regulations of the EU and relevant countries.

3. Data Storage and Transfer

(I) Storage Period

Personal data will be stored only for as long as necessary to achieve the purposes stated in this Policy. Transaction-related data will be retained for [7] years from the date of order completion (in compliance with business record keeping requirements); Data collected based on the consent of the data subject will be deleted immediately after the consent is withdrawn or the purpose of collection is achieved, unless otherwise provided by laws and regulations; Personal data that exceeds the storage period will be completely deleted through encryption, destruction, anonymization, etc.

(II) Storage Security Measures Use encryption technology (such as SSL/TLS) to transmit and store personal data, and limit access to authorized personnel only; Establish a data access rights management system and conduct data security training and audits on a regular basis; Deploy technical protection measures such as firewalls and intrusion detection systems to prevent data leakage, loss or tampering; Conduct data protection impact assessments for high-risk data processing activities, record processing activities and retain relevant documents.

(III) Data Transfer Rules

Domestic transfers: These transfers are conducted only between our authorized operations teams and service providers (such as logistics partners and payment institutions), and all parties have signed data processing agreements that clearly define confidentiality obligations and the division of responsibilities.

Cross-border transfers: If personal data is transferred outside the EU, one of the following safeguards will be implemented:

Transfer to a country or region with an "adequacy assessment";

Use of Standard Contractual Clauses (SCCs) or other cross-border transfer mechanisms approved by the European Commission;

Ensuring that the receiving party has the same level of data protection as domestically.

4. Data Subject Rights

Under GDPR Data subjects have the following rights, and we will respond to and process relevant requests within a reasonable period of time:

Right of access: The right to request confirmation that we are processing their personal data, a copy of that data, and information related to the processing (such as purpose, source, and recipients);

Right to rectification: The right to request that we promptly correct or supplement any inaccurate or incomplete personal data;

Right to erasure (right to be forgotten): The right to request that we delete their personal data under certain circumstances (such as when the data is no longer necessary, when consent is withdrawn), unless retention is required by law or regulations or is necessary for public interest;

Right to restriction of processing: The right to request that we delete any personal data that is not processed by the data subject. Request the restriction of processing of their personal data if there are doubts about the authenticity of the data or the purpose of the processing has been achieved;

Right to data portability: The right to request that we provide their personal data in a structured, commonly used, and machine-readable format, and to transmit it directly to another data controller, where technically feasible;

Right to withdraw consent: The right to withdraw consent at any time for personal data collected based on consent, without affecting the lawful processing of data based on consent before its withdrawal;

Right to object: The right to object to processing of personal data for direct marketing purposes and certain data processing activities based on legitimate interests;

Right to complain: The right to lodge a complaint with the relevant EU data protection authority (DPA) if you believe our processing of your personal data violates the GDPR.

5. Third-Party Service Providers

We only share personal data with third-party service providers necessary to fulfill our business purposes. These primarily include:

Logistics and delivery service providers: used for warehousing and delivery of tablecloth products. Data shared is limited to name, address, contact information, and order information;

Payment processors: used to complete transaction payments. Data shared is limited to necessary payment-related information;

Technical service providers: used for website maintenance, data storage, and security. Data shared is limited to technical interaction-related information.

All third-party providers are required to comply with GDPR requirements and sign strict data processing agreements with us that clearly define their data protection obligations. They are only permitted to process personal data within the scope of their authorization. We monitor and audit third-party data processing activities.

6. Data Breach Notification

In the event of a high-risk personal data breach, we will notify the relevant data protection authority within 72 hours of discovery. If the breach is likely to compromise the rights and freedoms of data subjects, we will promptly notify the affected data subjects by reasonable means (e.g., email or text message), explaining the nature of the breach, the potential impact, and any remedial measures implemented.

7. Compliance Assurance

We have established a comprehensive internal data protection control system that clearly defines the data protection responsibilities of each department and individual.

For highly sensitive data processing and large-scale data activities, we have designated a Data Protection Officer (DPO) to oversee data processing compliance, conduct employee training, and respond to data subject requests.

We regularly conduct data protection risk assessments and compliance audits to promptly improve data protection measures.

Any violation of GDPR regulations will result in legal liability, including but not limited to penalties imposed by data protection authorities (up to 4% of our global annual revenue or €20 million, whichever is greater).

8. Policy Updates and Contact Us

This Privacy Policy will be updated as needed based on GDPR revisions and business development needs. The updated policy will be posted on our official website (cloudreachtrade.com) and will take effect if no objections are received within 15 days of posting. Data subjects will be notified separately of any significant changes.

If you have any questions about this policy or wish to exercise the aforementioned data subject rights, please contact us through the following methods:

Customer Service Email: [email protected]

Response Time: We will respond within one month of receiving your request. For complex cases, this time may be extended by two months, and we will provide the reason in advance.

CLOUDREACH TRADE LLC solemnly promises to strictly abide by this Privacy Policy and GDPR regulations to effectively protect the security of your personal data and your legal rights.