Privacy Policy
1. Data Controller
[Zhongke Sinxin Technology Limited]
[Room 01A, 6/F, Unit C, Fast Industrial Building 658 Castle Peak Road, Lai Chi Kok. Kowloon. H.K]
[75630400-000-08-24-7]
Email: [jeannie@zkscales.com]
Phone: [+85256246596]
Our Representative in the EU/EEA (as required under GDPR Article 27):
[Cazedis France SAS]
[9 Rue Des Colonnes, 75002 Paris, France]
Email:[infoapexchen@gmail.com]
2. Scope
This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our website and/or mobile application (collectively, the “Service“). “Personal data” means any information relating to an identified or identifiable natural person (“data subject“).
3. What Personal Data We Collect & Sources
We may collect and process the following categories of personal data:
Data You Provide Directly:
Contact Information: Name, email address, phone number, postal address (e.g., when registering, contacting us, subscribing, purchasing).
Account Information: Username, password, profile details (e.g., avatar, bio).
Transaction Information: Order details, billing address, payment information (Note: Full payment card details are typically handled directly by payment processors; we may receive limited info for reconciliation).
Communication Data: Content of emails, contact forms, chats, or social media messages with us.
User-Generated Content: Comments, reviews, posts, or other content you submit.
Survey/Feedback Responses.
Data Collected Automatically (via Cookies & Similar Technologies):
Usage Data: IP address, device type/identifier (e.g., advertising ID), browser type/version, operating system, access times/dates, session duration, pages viewed, clickstream data, referring URL.
Location Data: Approximate location derived from IP address (city/region level). Precise location only if explicitly permitted by you via device settings (purpose and separate consent will be clearly stated).
Data From Third Parties:
Social Media Platforms (if you log in or connect via social media).
Advertising/Analytics Partners (subject to cookie consent requirements).
Publicly Available Sources (where lawful and necessary, e.g., for verification).
Business Partners (specify types if applicable).
4. How We Use Your Personal Data (Purposes) & Legal Basis (GDPR Art. 6)
We only process your personal data based on valid legal grounds under the GDPR:
| Purpose of Processing | Categories of Personal Data Used | Legal Basis under GDPR | Notes |
|---|---|---|---|
| To Provide the Service & Perform Contracts | Account, Contact, Transaction, Communication Data | Necessary for the Performance of a Contract (Art. 6(1)(b)) | E.g., account registration/login, order processing, customer support. |
| To Send Transactional/Service Communications | Contact Information | Necessary for Contract Performance (Art. 6(1)(b)) or Legitimate Interests (Art. 6(1)(f)) | E.g., order confirmations, account updates, essential service notices (non-marketing). |
| To Send Marketing Communications | Contact Information (primarily email) | Your Consent (Art. 6(1)(a))) | Requires explicit opt-in consent! Easy unsubscribe must be provided. |
| For Personalization & Targeted Advertising (incl. Remarketing) | Usage, Device, Location (approx), Cookie Data | Your Consent (Art. 6(1)(a))) | Requires cookie consent (especially marketing cookies)! Purposes clearly explained. |
| For Website/App Functionality & Analytics (Non-Personalized) | Usage, Device Data | Your Consent (Art. 6(1)(a)) or Legitimate Interests (Art. 6(1)(f))) | Improving service performance, user experience, security, core functionality. Legitimate Interests assessment required. Essential cookies may rely on LI (use cautiously). |
| Fraud Prevention & Security | Account, Usage, Device, Transaction Data | Compliance with Legal Obligations (Art. 6(1)(c)) and/or Legitimate Interests (Art. 6(1)(f))) | Protecting our Service, users, and business from fraud, abuse, and security threats. |
| Compliance with Legal Obligations | All relevant categories | Compliance with Legal Obligations (Art. 6(1)(c))) | E.g., tax, accounting, responding to lawful law enforcement requests. |
| Internal Administration & Operations | Account, Contact, Transaction Data | Legitimate Interests (Art. 6(1)(f))) | E.g., business management, record-keeping, internal analytics. Legitimate Interests assessment required. |
Regarding Legitimate Interests: Where we rely on Legitimate Interests, we have balanced our interests against your fundamental rights and freedoms. You have the right to object (see Section 7).
5. Cookies & Similar Tracking Technologies
We use Cookies, pixels, web beacons, local storage, and similar technologies.
We categorize cookies based on their purpose (e.g., Strictly Necessary, Preferences, Statistics, Marketing).
Upon your first visit, a clear cookie banner or Consent Management Platform (CMP) will request your consent, especially for non-essential cookies (Marketing/Statistics). You can freely give, refuse, or withdraw consent.
We provide a detailed link to our [Cookie Policy], specifying:
Names, providers, purposes, types, and durations of all cookies used.
How users can manage their cookie preferences (including browser settings).
6. Data Sharing & Recipients
We only share your personal data as described below, ensuring recipients provide adequate protection:
Service Providers (Processors): We engage third-party companies and individuals to perform services on our behalf (e.g., hosting, payment processing, email delivery, analytics, advertising, customer support, fraud prevention). They act as data processors, processing data only per our instructions under strict contracts (Data Processing Agreements – DPAs – compliant with GDPR Art. 28).
Key Categories (link to detailed Subprocessor list if possible): Cloud Infrastructure (e.g., AWS, Google Cloud), Payment Gateways (e.g., Stripe, PayPal), Email Service Providers (e.g., Mailchimp), Analytics Providers (e.g., Google Analytics – highlight anonymization/IP masking), Advertising Partners (e.g., Google Ads, Meta Ads – highlight reliance on consent).
Business Transfers: In connection with any merger, acquisition, sale of assets, or bankruptcy, your data may be transferred. We will notify you of any ownership change affecting your data.
Legal Requirements: To comply with applicable law, respond to valid legal process (e.g., subpoena, warrant), protect our rights or property, or prevent imminent physical harm.
With Your Consent: For specific purposes where we have obtained your explicit prior consent.
7. International Data Transfers
Our primary operations and data storage are located within [Specify Location, e.g., the European Economic Area (EEA)].
If we transfer your personal data outside the EEA to a country not deemed by the European Commission to provide an adequate level of data protection (e.g., to the US), we will ensure appropriate safeguards are implemented as required by GDPR Chapter V. These safeguards may include:
The recipient’s Binding Corporate Rules (BCRs – Art. 47).
EU Standard Contractual Clauses (SCCs – Art. 46(2)(c)) adopted by the European Commission (including the 2021 versions), potentially supplemented by additional technical and organizational measures and Transfer Impact Assessments (TIAs).
An approved certification mechanism (e.g., EU-US Data Privacy Framework for transfers to certified US companies – Art. 45).
You can request details of the specific safeguards applied to your data transfers by contacting us.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Policy, including to:
Provide the Service to you.
Comply with legal obligations (e.g., tax, accounting laws).
Resolve disputes, enforce agreements.
Maintain security and prevent fraud.
Retention periods vary based on the data type, purpose, and legal requirements. Criteria used to determine retention include:
The nature and sensitivity of the data.
The potential risk of harm from unauthorized use/disclosure.
Whether we can achieve purposes through other means.
Applicable legal/regulatory requirements.
[Optional: Provide examples, e.g., “Transaction data is retained for 7 years for tax compliance,” “Marketing consent data is retained until you withdraw consent or we cease using the channel.”]
9. Your Data Subject Rights (GDPR Chapter III)
Under the GDPR, if you are located in the EEA/UK, you have the following rights regarding your personal data:
Right of Access (Art. 15): Request a copy of your personal data we hold.
Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
Right to Erasure / “Right to be Forgotten” (Art. 17): Request deletion of your data under certain circumstances (e.g., if no longer necessary, consent withdrawn).
Right to Restriction of Processing (Art. 18): Request we limit how we use your data under certain circumstances (e.g., while accuracy is contested).
Right to Data Portability (Art. 20): Request a structured, commonly used, machine-readable copy of data you provided directly, or ask us to transmit it to another controller (where feasible).
Right to Object (Art. 21): Object, on grounds relating to your particular situation, to processing based on Legitimate Interests. You have an absolute right to object to direct marketing at any time.
Right to Withdraw Consent (Art. 7(3)): Withdraw previously given consent at any time (does not affect lawfulness of processing before withdrawal).
Right not to be subject to Automated Decision-Making (Art. 22): The right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects or similarly significantly affects you (unless necessary for contract, authorized by law, or based on explicit consent).
Exercising Your Rights: To exercise any of these rights, please contact us using the details in Section 1 (“Data Controller”). We may need to verify your identity before fulfilling your request. We will respond within one month of receipt (extendable by two months for complex requests; we will inform you).
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority (data protection regulator) in the EU/EEA country where you live, work, or where the alleged infringement occurred. A list of EU/EEA supervisory authorities can be found here: [Link to EDPB list: https://edpb.europa.eu/about-edpb/about-edpb/members_en].
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction, considering the risks involved and the nature of the data. These include encryption (in transit/at rest), access controls, secure development practices, and staff training. However, no internet transmission or storage system is 100% secure.
11. Children’s Privacy
Our Service is not directed to individuals under the age of 16 (or higher age if specified by local law). We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information. If you believe we might have collected data from a child under 16, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or for other operational reasons. The “Last Updated” date at the top indicates when the latest changes were made. Material changes (e.g., significant new data uses, new sharing partners impacting privacy) will be notified to you via email (if we have it) and/or via a prominent notice on our Service before the change becomes effective. We encourage you to review this Policy regularly.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Controller using the details provided in Section 1.
