-675x677.png "AllROffice")
1. Introduction
ALLRIVERS TRADING LIMITED (hereinafter referred to as "we" or "us"; official website: allriversoffice.com; contact email: [email protected]) strictly complies with the EU General Data Protection Regulation (GDPR) and related data protection regulations and is committed to protecting the personal data security and legal rights of all EU users (hereinafter referred to as "you") who visit and use our website. This Policy is intended to clearly inform you of the scope and methods of our collection, use, storage, and transfer of personal data, as well as your related rights. Please read and understand this Policy carefully before using our website and services.
This Policy applies to personal data collected from you through our website (allriversoffice.com), online consultations, order submissions, and other channels. By accessing or using our website and services, you are deemed to have fully understood and agreed to all of this Policy.
2. Definition and Scope of Collection of Personal Data
(I) Definition of Personal Data
According to the GDPR, personal data refers to any information that can directly or indirectly identify a specific natural person, including but not limited to identifiers such as name, email address, telephone number, mailing address, IP address, payment information, browser type, and operating system.
(II) Scope of Personal Data Collected
Basic Access Data: When you browse our website, our system automatically collects technical information such as your IP address, access time, pages visited, browser type, and operating system version. This data is used to monitor website performance and optimize services and does not generally directly identify you.
Actively Submitted Data: When you register, place an order, participate in online consultations, or receive after-sales service, you may be asked to provide personal identification information such as your name, email address, telephone number, mailing address details, and payment account information, depending on the service requirements. You may also be asked to provide relevant information such as your company name and contact position.
Special Circumstances: If you participate in online surveys or promotions organized by us, you may be asked to provide additional information such as your occupation and educational background. If a minor uses our services, we require the consent of their legal guardian to provide the necessary information. This information will only be used for the specific service purpose and will be promptly deleted after the service ends.
3. Purpose of Collection and Use of Personal Data
We collect and use your personal data only on a lawful, legitimate, and necessary basis. Specific purposes include:
Providing core services: We will complete the delivery, payment settlement, and after-sales service of stationery and office supplies based on your order information; and respond to inquiries, complaints, and feedback through the contact information you provide.
Optimizing the website experience: We analyze user behavior based on collected access data to improve website layout, product categorization, and loading speed, providing you with a more tailored browsing and shopping experience.
Ensuring service security: We will monitor website operation status, identify and prevent security risks such as hacker attacks and malware intrusions, and protect your account and transaction security. Compliance and Management Needs: We retain relevant data as required by laws and regulations, or for internal audits and data analysis to improve service quality. Such analysis will be anonymized and will not be attributed to specific individuals.
Personalized Communications: With your explicit consent, we will send you updates, promotional information, and other information related to our products. You can opt out of these notifications at any time.
4. Basis for Collection and Use of Personal Data
We collect and use your personal data based on lawful grounds, including the following:
Your Explicit Consent: We will obtain your explicit authorization before collecting any personal data and personalized service notifications that require your active submission, and you have the right to withdraw your consent at any time.
Performance of Contractual Obligations: We collect necessary personal data to fulfill your contractual obligations, such as fulfilling your order and providing after-sales service.
Legitimate Requirements: We collect and store personal data to fulfill our compliance obligations in accordance with relevant EU and Member State laws.
Legitimate Interests: We collect necessary technical data for legitimate interests such as optimizing website services and ensuring transaction security, without prejudice to your legal rights.
5. Storage and Protection of Personal Data
(I) Storage Method and Duration
We store your personal data on servers that comply with GDPR security standards, including our own servers and partnered cloud storage service providers. All data is encrypted and protected by security measures.
Personal data will be stored strictly in accordance with the "minimum necessary" principle, for as long as necessary to achieve the purpose for which it was collected. Specifically, the following applies:
Order-related data (including name, address, payment information, etc.) will be retained after the order is completed and after-sales service obligations have been fulfilled, until the expiration of the maximum recall period prescribed by laws and regulations.
Registered user data will be stored for the duration of your account. If you request to cancel your account, we will promptly delete the relevant data after verifying your identity, unless otherwise required by laws and regulations.
Basic access data (such as IP addresses and access history) will be retained for no more than 12 months and will be anonymized after this period.
(II) Security Protection Measures
We have established a strict information management system and a professional technical team. We implement technical measures such as data encryption, access rights control, and firewall protection to prevent unauthorized access, disclosure, tampering, or destruction of personal data. We provide rigorous compliance training to employees and partners involved in data processing, clearly define data handling responsibilities, and limit access to personal data to authorized personnel within the necessary scope. In the event of a high-risk personal data security breach, we will notify EU data protection authorities and affected users within 72 hours of discovery and implement remedial measures to mitigate the risk.
6. Sharing and Transfer of Personal Data
(I) Data Sharing
We promise not to arbitrarily share your personal data with third parties, and will only do so in the following limited circumstances:
With your explicit consent, we will share your personal data with partners necessary to provide services, such as logistics providers who need to obtain your name and address to complete deliveries, or payment institutions who need to obtain relevant payment information to process transactions.
We will disclose necessary personal data to relevant organizations in accordance with laws and regulations, or in accordance with lawful instructions from judicial or government authorities.
In the event of a merger, division, acquisition, or asset transfer involving the transfer of personal data, we will ensure that the transferee complies with this Privacy Policy and the GDPR requirements and provide you with advance notice.
We will share necessary data to the extent permitted by law to protect our or others' legitimate rights and interests, prevent fraud, or respond to emergencies. All third parties receiving personal data must sign a data processing agreement with us, clearly defining their data protection obligations and ensuring compliance with data processing regulations.
(II) Cross-border Data Transfer
If your personal data needs to be transferred from the EU to other countries or regions, we will implement the following measures to ensure compliance:
Transfers will only be made to countries or regions that have been deemed "adequate" under the GDPR.
For recipients in regions that have not received an adequacy assessment, we will ensure data security through the signing of standard data processing clauses and the implementation of additional safeguards such as encrypted transmission.
7. Your Rights
Under the GDPR As a data subject, you have the following rights, and we will provide necessary assistance in exercising them:
Right of access: You have the right to request confirmation from us regarding whether we are processing your personal data and to obtain information regarding the purpose, scope, and recipients of such processing.
Right to rectification: If you discover that your personal data stored by us is inaccurate or incomplete, you have the right to request that we promptly correct it.
Right to erasure (right to be forgotten): You have the right to request that we delete your personal data if the purpose of the processing has been achieved, you have withdrawn your consent, or our processing violates applicable law. However, retention is required by law or regulations, or is necessary for the public interest or to protect freedom of expression.
Right to restriction of processing: You have the right to request that we restrict data processing if you dispute the accuracy of the data, object to data processing, or if the purpose of processing has ceased but the data must be retained.
Right to data portability: You have the right to request that we provide your personal data in a structured, commonly used, and machine-readable format, and to transfer it to another data controller.
Right to withdraw consent: You have the right to withdraw your consent at any time for data processing based on your consent, without affecting the validity of any lawful processing based on consent prior to withdrawal. If you wish to exercise the above rights, please submit a written request to us at [email protected]. We will verify your identity and respond within one month, taking appropriate action.
8. Data Processing Risk Assessment
For data processing activities that may pose a high risk to your rights and freedoms (such as large-scale order data aggregation and analysis, personalized recommendation algorithm optimization, etc.), we will conduct a data protection impact assessment in advance, detailing the risks and the security measures implemented to ensure compliance and controllability of the processing.
9. Policy Updates and Notifications
We will update this Privacy Policy from time to time based on GDPR revisions and business development needs. When we update this policy, we will prominently post an update notice on our website homepage and send a reminder to the email address you have provided. The updated policy will take effect from the date of posting. Your continued use of our website and services after the policy update constitutes your acceptance of the updated content.
You can visit allriversoffice.com at any time to view the latest version of this policy. 10. Complaints and Dispute Resolution
If you believe our processing of personal data violates the GDPR or this Policy, you may submit a complaint to us at [email protected]. We will promptly investigate and address the matter. If you are dissatisfied with the outcome, you may lodge a complaint with the data protection supervisory authority in your EU member state.
11. Disclaimer
We are not responsible for the disclosure or loss of personal data in the following circumstances:
Personal data leakage caused by sharing your account password with others or sharing your account with others;
Personal data loss caused by factors beyond our control, such as hacker attacks, computer virus intrusion, force majeure, or government regulations;
Personal data leakage and related consequences caused by third-party websites linked to our website.