Welcome to the Portal platform! The “Portal” is a platform aimed to provide users with convenient and safe access to orders, claims and promotional materials, which is operated by Sailun Europe GmbH (Registered address:Grober Hasenpfad,60598 Frankfurt AM Main, hereinafter referred to as “We””). We recognise the importance of your personal information and will do our best to protect the security of your personal information. We are committed to maintaining your trust in us and abide by the following principles to protect your personal information: the principle of consistency of rights and responsibilities, the principle of clarity of purpose, the principle of opt-in consent, the principle of minimum necessity, the principle of ensuring security, the principle of subject participation , the principle of openness and transparency, and so on. We will also provide adequate protection for the security of your personal information in accordance with legal and regulatory requirements and with reference to industry best practices.
This Privacy Policy (hereinafter referred to as “This Policy”) relates to your use of our products or services. We will collect, use, store, share and protect your personal information in accordance with this Policy, so please read it carefully and confirm that you fully understand and agree to this Policy, especially the bolded content, before using our products or services. By using or continuing to use Portal’s products and/or services, you consent to the processing of your information in accordance with this Policy.
This policy includes the following key elements:
I. Definitions and scope of application
II. How we collect and use your personal information
III. How we use cookies and similar technologies
IV. Purposes for which we process your personal data
V. How we do international data transmission
VI. How we keep your personal information
VII. How we protect your personal information
VIII. Your Choices and Rights
IX. How this policy will be updated
X. How do you contact us
Portal Platform: the platform of Sailun Group to provide users with convenient and secure access to orders, claims and promotional materials.
Affiliate: a company or organisation that controls, is controlled by, or is under common control with Sailun Group Corporation in the present or future. Control means having the ability to influence the management/operation of the controlled entity, directly or indirectly, through ownership, voting shares, contracts, actual operating affiliation, or other legally recognised means.
Personal information: refers to all kinds of information related to an identified or identifiable natural person recorded by electronic or other means. Personal information includes, but is not limited to, name, date of birth, identity document number, personal biometric information, address, communication contact, communication record and content, account password, property information, credit information, whereabouts, accommodation information, health and physiological information, and transaction information.
Sensitive personal information: personal information that, if leaked or illegally used, could easily lead to the infringement of a natural person’s human dignity or harm to his or her personal or property safety. Sensitive personal information includes information on biometrics, religious beliefs, specific identities, medical and health care, financial accounts, whereabouts, and the personal information of minors under the age of 14.
Device: means a device that can be used to access our products and/or services, such as a desktop computer, laptop, tablet or smartphone.
Unique Device Identifier (Exclusive ID or UUID): a string of characters programmed into a device by the device manufacturer that can be used to uniquely identify the corresponding device (e.g. IMEI / android ID / IDFA / OpenUDID / GUID / IMSI information of SIM card, etc.).
IP Address: Every device that goes online is assigned a number, which is called an Internet Protocol (IP) address. These numbers are usually assigned based on geographic region. IP addresses can often be used to identify the region in which a device is located when it connects to the Internet.
SSL (Secure Socket Layer): also known as Secure Socket Layer, is a security protocol implemented on the Transmission Communication Protocol (TCP/IP).SSL supports various types of networks, and at the same time provides three basic security services, all through the use of public key and symmetric key technology to achieve the effect of information confidentiality.
Cookie: A small file containing character strings. They are sent and stored (usually encrypted) on your computer, mobile device or other devices when you log in and use a website or other web content.Cookie-like techniques are other techniques that can be used for similar purposes as cookies, e.g. Web Beacon, Proxy, embedded scripts, etc.
(ii) Scope of applicationThis Policy applies to each of the products and services provided to you by the Portal Platform. If an Affiliate uses our products or services in connection with a product or service for which it does not have a separate privacy policy, this Policy also applies. If an Affiliate has a separate privacy policy for the products or services it provides to you, that privacy policy prevails.
This policy does not apply to information collected by third parties accessed through our products or services. If the third party has its own privacy policy, it is advised to review and understand its personal information protection policy carefully. We will make commercially reasonable endeavours to request these subjects to take protective measures for your personal information, but we cannot guarantee that these subjects will take protective measures as requested by us, and you are advised to contact them directly to obtain details of their personal information protection policies. If you find the web pages or applications created by third parties to be risky, we recommend that you terminate the relevant operations to protect your legitimate rights and interests.
We collect and use personal information that you voluntarily provide to us in the course of using the Portal platform, that is required for our products and/or services, and that we indirectly obtain from third parties, in accordance with laws and regulations and the principles of propriety, legality and necessity. If we obtain your personal information indirectly from a third party, we will, prior to collection, explicitly request in writing that the third party identify the source of its personal information and whether it has your legal authorisation to collect, use and provide us with your personal information. Except for cases expressly permitted by law, we will only collect your personal information from a third party after confirming that the third party has obtained your authorisation. If the scope of the third party’s authorisation does not cover the purpose of our collection and use, we will collect your personal information by ourselves or request the third party to obtain your consent. At the same time, our professional security team will strengthen the security of personal information (including sensitive information reporting, encrypted storage of sensitive information, access rights control, etc.). We will use no less protective means and measures for the protection of indirectly acquired personal information than we do for our own users’ personal information.
In order to bring you a better product and service experience, we are constantly striving to improve the products, services and technology of the Portal Platform, and as a result, we may introduce new or optimised features from time to time, which may change the purpose, manner and scope of collection and use of personal information to some extant. In the event of such changes, we will provide you with detailed information by updating this Policy, pop-up windows, page reminders, etc. We will also provide you with the means to choose whether you consent or not, and we won’t start collecting and using your personal information until we obtain your consent. In this process, if you have any questions, comments or suggestions, you can contact us through the contact information at the end of this policy, and we will answer your questions as soon as possible.
The personal information we collect and use include information that is necessary to fulfil the business functions of our products and/or services. You have a choice whether or not to authorise us to collect and use this information; your rejection will not affect your ability to use the underlying business functions. We are committed to creating a wide range of products and services to meet your needs. Due to the wide variety of products and services we provide to you, and the specific product/service scope chosen by different users, the business function and the type and scope of personal information collected and used are different, please refer to the specific product/service functions;
(i)Business Functions
1. Shipment Management
In the shipment management module, if you act as the company's receiving contact person, you are required to provide your recipient name, recipient address, recipient postal code, recipient email address, and recipient phone number. These details will be used for communication regarding shipment matters and confirmation of delivery receipt.
When you use our products and/or services, we may use cookies and cookie-like technologies to collect some of your personal information, including: your website access habits, your browsing information, your login information. Such collection is based on the necessity of your use of our products and/or services, and is to simplify the steps of your repeated operations (e.g., registration, login), to facilitate you to to simplify the steps you have to take (e.g., registering, logging in), to allow you to review your usage history, to provide you with services that better meet your personal needs and content that you may be more interested in, to protect your information and account security, and to enhance our products and services.
We will not use cookies and cookie-like technologies for any purpose other than those described in this policy. You can manage or delete cookies and/or similar technologies according to your preferences. If you object to our use of cookies and similar technologies to collect and use your information, you can manage, refuse (partially/entirely) or delete cookies and/or similar technologies that have been stored on your computer, mobile device or other device through your browser’s settings, provided that your browser has such functionality, so that we are unable to track all or part of your personal information. For more information on how to change your browser Settings, please refer to the Settings page of the browser you are using. You understand that some of our products/services are only available through the use of cookies or cookie-like technologies, and that if you refuse to use or delete them, you may not be able to use our products and/or services properly or get the best experience with our products and/or services, and that this may also have an impact on the protection of your information and the security of your account.
We process your personal data on a specific legal basis. We will explain below the legal basis for the processing of your personal data, the purposes for which we process it, the processing operations we carry out and the types of data involved for our different purposes.
(i) Legal basisContractual fulfillment - Depending on the nature of the contract, our obligations are set out in our employment or service agreement with you. In order to fulfil these obligations, we must use your personal data.
(ii) PurposeThe following lists the reasons why we process your personal data and explains what personal data we use in each case. We may also provide you with more specific notices about some of the processing described below, and in the rare cases where we are required to obtain your consent, we will only ask for your consent at the time of collecting your personal data.
If it involves the processing of your personal data, it may be due to contractual fulfilment.
If personal data is involved, your personal data may be disclosed to the following recipients:
(a) Sailun Europe GmbH in Germany, as the data processor providing the Portal Platform;
(b) The purpose of the IT service provider is to fix vulnerabilities or mitigate other IT issues related to the system.
(c) Your personal information may be shared between our affiliates to provide you with better and consistent products and services. We will only share your personal information with our affiliates for lawful, legitimate and necessary purposes, and will only share personal information necessary for the products or services provided, and subject to the purposes stated in this policy. We will bind recipients to ensure that they adhere to the same level of privacy protection as we do. We will inform you and obtain your individual consent before sharing your personal information with our affiliates, and we will obtain your authorised consent again if the affiliates change the purpose of the handling and use of the personal information, or the way of handling it.
(d) In order to provide you with better and quality products and services, some of our services will be provided by authorised partners. We may share some of your personal information with our partners to provide better customer service and user experience. We will only share your personal information for lawful, legitimate, necessary, specific and defined purposes, and only share personal information that is necessary to provide the services. At the same time, we will sign strict confidentiality agreements with our partners requiring them to handle your personal information in accordance with our instructions, this policy, and any other relevant confidentiality and security measures. Our partners have no rights to use the shared personal information for any other purpose, and we will ask for your separate consent again if we want to change the purpose, means, or scope of the processing of personal information. If you refuse to allow our partners to collect personal information necessary for the provision of their services, this may result in you being unable to use that third party’s services on our platform. Typically our partners include the following types:
1) Suppliers & service providers. In order to ensure the smooth completion of the services provided to you, we may share your personal information with suppliers and service providers that support our business, including logistics business, technical services, payment services, financial services, etc. The personal information shared may include your contact information, enquiry and feedback information, payment information, address/location information, etc.
(2) Third Party Merchants. If you purchase products and/or services through the Portal Platform, we will, at your option, share the necessary transaction-related information from your order information to the provider of the relevant products and/or services to fulfil your transaction and after-sales service needs.
The Portal platform is hosted locally in Germany on Amazon Cloud Services and only necessary data, such as registration account generation, is transferred to China. As China is not subject to the European Commission's adequacy decision and is not considered adequate under applicable data protection laws, we have included in our contracts with our Chinese recipients the standard data protection clauses adopted by the European Commission (where applicable) for transfers of personal data outside the European Economic Area (“EEA”) (which clauses have been adopted in accordance with Article 46 (2) of the EU Data Protection Regulation). (these are the clauses adopted pursuant to Article 46 (2) of the EU Data Protection Regulation). A copy of these standard data protection clauses can be obtained by contacting the following.
For more information on the rules for data transfers outside the EEA, including the safeguards we rely on, please click to go to the site https://commission.europa.eu/law/law-topic/data-protection_en?prefLang=de.
For a copy of the mechanism, please contact us via Privacy@sailuntire.com.
In accordance with laws and regulations,we store your personal data collected locally in Germany. If there is a need for cross-border transmission of data, we will clearly inform you (including the purpose of the data export, the recipient, the way and scope of use, the content of the use, security measures, security risks, etc.) and obtain your individual consent, and we will ensure that the recipient of the data has adequate data protection capabilities to protect your personal information.
(ii) Retention periodUnless otherwise stipulated by law or administrative regulations, we will only store your personal information for the shortest period of time necessary to fulfil the purpose of the processing. After the aforementioned retention period, we will delete or anonymise your personal data.
If we cease to operate, we will promptly cease activities that continue to collect your personal information, notify you of the cessation of operations by individual delivery or announcement, and delete or anonymise personal information held after termination of the services or operations.
(1) We attach great importance to information security and have set up a specialised responsible team. We endeavour to provide you with information protection by adopting appropriate management, technical and physical security measures, and establishing an information security guarantee system that is in line with domestic and international business information security standards and best practices.
(2) We use industry-standard security measures to protect the personal information you provide against unauthorised access, public disclosure, use, modification, damage or loss of data. From the perspective of the life cycle of data, we have established security protection measures in all aspects of data collection, storage, display, processing, use and destruction, and have adopted different control measures according to the level of sensitivity of the information, including, but not limited to, access control, encrypted SSL (Secure Socket Layer), and desensitised display of sensitive information, etc. We have taken reasonable and practicable security measures that comply with industry standards to protect the personal information provided by you. We have taken reasonable and practicable security measures in line with industry standards to protect the security of personal information provided by you, using encryption technology to improve the security of personal information, using trusted protection mechanisms to prevent personal information from malicious attacks, unauthorized access, public disclosure, use, modification, damage or loss of personal information.
(3) We have deployed the access control mechanisms to try our best to ensure that only authorised personnel have access to personal information. We have also adopted strict management of employees who may have access to your information, and can monitor their operations. We have established an approval mechanism for important operations such as data access, internal and external transmission and use, desensitisation, decryption, etc., and have signed confidentiality agreements, etc. with the relevant employees. At the same time, we also regularly conduct information security training for our employees, requiring them to form good operating habits in their daily work and enhance their awareness of data protection.
(4) Notwithstanding the foregoing security measures, please understand that there is no such thing as “perfect security” on the Internet. We will provide appropriate security measures to protect your information in accordance with available technology, and we will endeavour to ensure that your information is not disclosed, destroyed or lost.
(5) Despite our efforts, please understand that due to technological limitations and a variety of potentially malicious attacks, security measures cannot be perfect or infallible, and permanent and absolute security cannot be guaranteed. Accordingly, we strongly recommend that you take proactive measures to protect the security of your information, including, but not limited to, using complex passwords, changing your passwords regularly, and avoiding disclosure of your account passwords or other information related to logging into your account.
(ii) Security incident handlingIn the unfortunate event of a personal information security incident, we will activate our emergency response plan to stop the security incident from expanding, and will inform you of the basic situation and possible impact of the security incident, the measures we have taken or will take to deal with the incident, the suggestions that you can take on your own to prevent and reduce the risk, and the remedial measures that will be taken against you, in accordance with the requirements of laws and regulations. We will inform you of the incident-related situation by email, phone call, push notification, etc. When it is difficult to inform the subject of personal information one by one, we will adopt a reasonable and effective way to make a public announcement. We will also take the initiative to report the handling of information security incidents in accordance with the requirements of the regulatory authorities.
You have certain rights in relation to your personal data, which are described in detail below. If you would like to know more information about these rights, or want to exercise one of them, please contact us at Privacy@sailuntire.com. We will respond to your request in the manner and within the timeframe set out in this Privacy Policy.
If you have already given your consent, you may revoke it at any time (Article 7(3) GDPR). The withdrawal of consent does not affect the legality of processing based on consent prior to the withdrawal of consent.
In particular, you have the right to object to the processing of your personal data:
(1) In certain circumstances, if we process your data (including analysis) in accordance with Article 6 (1) €or (f) of the EU Data Protection Act, or in accordance with Article 21 (1) of the EU Data Protection Act, or
(2) if we process your data for direct marketing purposes (Article 21 (2) of the EU RTI Act).
In principle, you are also entitled to ask us:
(1) To obtain information about and copies of your personal data stored by us (Article 15 of the Personal Data Protection Act),
(2) to provide you or other controllers with some of your personal data in a commonly used and machine-readable format (Article 20 of the GDPR),
(3) You may update or correct your personal information if it is inaccurate (Section 16 of the Personal Information Rights Act),
(4) to delete your personal information (including your account) from our systems in certain circumstances (Article 17 of the GDPR),
(5) Restriction of the processing of your personal data in certain cases (Article 18 of the European Convention on the Right to Personal Data).
(6) If you intend to make a complaint about how we handle your information, please contact us at Privacy@sailuntire.com first, we will endeavour to deal with your request as quickly as possible.
(7) You also have the right to lodge a complaint with a local data protection authority in the European Economic Area if you believe that we have not complied with applicable data protection laws. The relevant local authority depends on your country of habitual residence. In the EEA, the European Data Protection Board website (https://www.edpb.europa.eu/about-edpb/about-edpb/members_de) provides more information on how to contact your local data protection authority.
(i) The contents of this Policy may be updated from time to time to keep pace with legal, technological or commercial developments. However, we will not reduce your rights under this Policy without your express consent. We will update the latest Privacy Policy by posting it on the Portal.
(ii) For significant changes, we will also provide a more prominent notice (we will indicate the specific changes to this policy by means including, but not limited to, email, text message, or a special alert on the viewing page).
Significant changes vv include, but are not limited to:
(1) Significant changes in our service model. For example, the purpose of processing personal information, the type of personal information processed, and how personal information is used;
(2) We experience significant changes in our ownership structure, organisational structure, etc, such as business adjustment, bankruptcy merger and acquisition caused by the owner change;
(3) Changes in the primary recipients of personal information to be shared, transferred or publicly disclosed;
(4) Significant changes in your rights to participate in the processing of personal information and the manner in which you exercise them;
(5) In the event of a change in the department responsible for handling the security of personal information, contact information and complaint channels;
(6) When the personal information security impact assessment report indicates a high risk.
(iii) We will also archive older versions of this policy for your review.
(iii) We will also archive older versions of this policy for your review.
(iv) In order for you to receive timely notifications, we recommend that you notify us when your contact information is updated.Continuing to use our services after the effective date of the update to this Policy represents that you have fully read, understood and accepted the updated Policy and are willing to be bound by the updated Policy. We encourage you to review this Policy each time you use our Services. You can view this Policy on the Portal Platform at the bottom of the home page.
You can contact us in the following ways. In general, we will accept and process your request for personal information within 15 working days.
Email: Privacy@sailuntire.com
If you are not satisfied with our response and believe that our personal information handling behaviour has damaged your legitimate rights and interests, you can file a complaint with our dedicated department for personal information protection, or file a complaint or report with the supervisory authority, or file a lawsuit with the people's court with jurisdiction over the defendant’s domicile.