Privacy Policy

1 Information We Collect

We collect information that you provide directly to us, information collected automatically when you use our services, and information we may obtain from third-party sources, all as described below.

1.1 Information You Provide Directly

• Account & Registration Data: When you create an account, register for a service, or subscribe to a newsletter, we may collect your name, email address, phone number, username, password, and billing information.
• Communication Data: Information you share when contacting our customer support team via email (support@sydahao.shop), phone (15362874613), or other channels, including correspondence, feedback, and survey responses.
• Transaction Data: Details about payments, purchases, orders, and service subscriptions you make through our platform, including payment instrument details (processed through secure third-party payment gateways).
• User Content: Any files, documents, images, messages, or other content you upload, post, or transmit through our services.

1.2 Information Collected Automatically

• Device & Usage Data: IP address, browser type and version, operating system, device identifiers, referring URLs, pages viewed, time spent on pages, navigation paths, and other browsing behaviour data.
• Location Data: Approximate geographic location derived from your IP address. We do not collect precise geolocation without your explicit consent.
• Log Data: Server logs that record technical interactions with our systems, including timestamps, request methods, and error reports.

1.3 Information from Third Parties

We may receive information about you from trusted third-party service providers, analytics partners, advertising networks, and publicly available sources, where permitted by law and subject to your consent where required.

2 How We Use Your Information

We use the information we collect for the following purposes:

1. Provision of Services: To create and maintain your account, process transactions, deliver the products or services you request, and provide customer support.
2. Communication: To respond to your inquiries, send administrative messages (e.g., confirmations, technical notices, updates, security alerts), and provide service-related announcements.
3. Improvement & Personalization: To understand how our services are used, analyse usage trends, diagnose technical problems, improve our offerings, and personalise your experience.
4. Marketing (with Consent): To send promotional communications, newsletters, special offers, and information about our services that may interest you, where you have provided your consent or where otherwise permitted by applicable law. You may opt out at any time.
5. Security & Fraud Prevention: To detect, investigate, and prevent fraudulent, unauthorized, or illegal activities, protect the integrity of our services, and enforce our terms and policies.
6. Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests, and to exercise or defend legal claims.
7. Aggregated Analytics: To create anonymised, aggregated statistical data for business reporting, market research, and product development. This data cannot identify you personally.

3 Legal Basis for Processing

We process your personal data only when we have a lawful basis to do so. Depending on the jurisdiction and the specific processing activity, we rely on one or more of the following legal bases:

3.1 Consent

Where you have given clear, informed consent for us to process your personal data for a specific purpose (e.g., receiving marketing emails, placing non-essential cookies). You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

3.2 Contractual Necessity

Processing is necessary for the performance of a contract with you, or to take steps at your request before entering into a contract (e.g., processing your payment to deliver a purchased service).

3.3 Legal Obligation

Processing is necessary to comply with a legal or regulatory obligation to which we are subject (e.g., retaining transaction records for tax purposes, responding to lawful government requests).

3.4 Legitimate Interests

Processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and interests. Our legitimate interests include:

• Operating, maintaining, and improving our services.
• Ensuring network and information security.
• Preventing fraud and abuse.
• Conducting internal analytics and business planning.
• Communicating with you about service changes and updates.

3.5 Vital Interests

In rare circumstances, processing may be necessary to protect someone's life or physical safety.

4 Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share your data only in the following circumstances:

4.1 Service Providers

We engage trusted third-party vendors and service providers who process personal data on our behalf to support our business operations. These include:

• Cloud hosting and infrastructure providers.
• Payment processing platforms (payment card data is handled directly by PCI-DSS compliant processors; we do not store full card numbers).
• Email delivery and communication services.
• Analytics and performance monitoring tools.
• Customer relationship management (CRM) systems.

All such providers are contractually bound to process data only in accordance with our instructions, maintain appropriate security measures, and not use your data for any independent purpose.

4.2 Legal & Regulatory Compliance

We may disclose your information if required to do so by law, regulation, legal process (e.g., subpoena, court order), or governmental authority, including to meet national security or law enforcement requirements.

4.3 Business Transfers

In the event of a merger, acquisition, restructuring, sale of assets, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your data.

4.4 With Your Consent

We may share your data with third parties when you have given us explicit consent to do so.

4.5 Anonymised Data

We may share aggregated, anonymised data that cannot reasonably identify you with partners, researchers, or for industry analysis without restriction.

5 Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting obligations.

5.1 Retention Periods

• Account Data: Retained for the duration of your active account, plus a reasonable period thereafter (typically 90 days) to allow for account reactivation or data export, unless you request earlier deletion.
• Transaction Records: Retained for the period required by applicable tax and commercial law (typically 5–7 years after the transaction date).
• Communications & Support Records: Retained for up to 3 years after the last interaction, unless a longer retention is required for legal or regulatory purposes.
• Usage & Log Data: Retained for up to 12 months, after which it is anonymised or securely deleted.
• Marketing Preferences: Retained until you withdraw consent or opt out, plus a short transition period to ensure your preference is honoured across all systems.

5.2 Data Disposal

When personal data is no longer needed, we securely destroy or permanently anonymise it using industry-standard methods, including secure deletion, cryptographic erasure, or physical destruction of storage media where applicable.

6 Data Security

Protecting your personal data is a priority. We implement a comprehensive set of technical, organisational, and administrative security measures designed to safeguard your information against unauthorised access, alteration, disclosure, or destruction.

6.1 Technical Measures

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS). Sensitive data at rest is encrypted using AES-256.
• Access Controls: Strict role-based access controls (RBAC) ensure that only authorised personnel with a legitimate business need can access personal data.
• Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), and regular vulnerability scanning protect our infrastructure.
• Monitoring & Logging: Systems and network activity are continuously monitored for suspicious behaviour. Security logs are retained and reviewed regularly.
• Secure Development: We follow secure coding practices, conduct regular code reviews, and perform security testing (including penetration testing) on our applications.

6.2 Organisational Measures

• Staff Training: All employees and contractors with access to personal data receive regular training on data protection, privacy, and information security best practices.
• Policies & Procedures: We maintain written information security policies, incident response plans, and data breach notification procedures aligned with industry standards (ISO 27001 principles).
• Vendor Due Diligence: Third-party service providers are evaluated for their security posture and contractually required to maintain equivalent safeguards.

6.3 Incident Response

In the unlikely event of a data breach, we have an incident response plan in place. We will notify affected users and relevant supervisory authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

7 Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data. We will respond to all legitimate requests within the timeframes required by applicable law (typically within 30 days).

7.1 Right to Access

You have the right to request confirmation of whether we process your personal data and, if so, to obtain a copy of that data along with information about how it is processed.

7.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

7.3 Right to Erasure (Right to Be Forgotten)

You may request that we delete your personal data where: (a) it is no longer needed for the purposes for which it was collected; (b) you withdraw consent and no other legal basis applies; (c) you object to processing based on legitimate interests and your objection overrides our interests; (d) the data has been unlawfully processed; or (e) deletion is required by law.

7.4 Right to Restrict Processing

You may request that we restrict the processing of your personal data in certain circumstances, such as when you contest its accuracy or object to processing while we verify your request.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller, where processing is based on consent or contract and carried out by automated means.

7.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

7.7 Rights Under CCPA (California Residents)

If you are a California resident, you have additional rights under the CCPA:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
• Right to Opt Out: The right to opt out of the sale of your personal information. We do not sell personal information, but we respect this right.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

7.8 How to Exercise Your Rights

To exercise any of the above rights, please contact us using the details in Section 10. We may need to verify your identity before processing your request. We will not charge a fee unless your request is manifestly unfounded or excessive.

8 Cookies & Tracking Technologies

Our website and services use cookies, web beacons, pixel tags, and similar tracking technologies to enhance your experience, analyse usage, and deliver relevant content.

8.1 What Are Cookies?

Cookies are small text files stored on your device by your web browser. They enable websites to remember your preferences, login status, and other information between visits.

8.2 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the operation of our website. These include cookies that enable you to log in, navigate, and use core features. Without these cookies, the service cannot function properly. No consent is required for these cookies.
• Functional Cookies: Used to remember your preferences (e.g., language, region) and provide enhanced functionality. Consent is required where local law mandates it.
• Analytics & Performance Cookies: Help us understand how visitors interact with our website by collecting aggregated, anonymous data on page visits, time spent, and error rates. We use tools such as Google Analytics (with IP anonymisation enabled) for this purpose.
• Marketing Cookies: Used to track your browsing habits across websites to deliver targeted advertisements that are relevant to you and measure the effectiveness of our campaigns. These are only placed with your explicit consent.

8.3 Third-Party Cookies

Some cookies are placed by third-party services that appear on our pages. We do not control these cookies. Please review the privacy policies of these third parties (e.g., Google, social media platforms) for details on their cookie practices.

8.4 Cookie Consent & Management

Upon your first visit, we display a cookie consent banner that allows you to accept or reject non-essential cookies. You can change your preferences at any time by clicking the "Cookie Settings" link in the footer of our website.

8.5 Managing Cookies via Browser

Most browsers allow you to control cookies through their settings:

• Google Chrome: Settings → Privacy and Security → Cookies and other site data.
• Mozilla Firefox: Options → Privacy & Security → Cookies and Site Data.
• Safari: Preferences → Privacy → Cookies and website data.
• Microsoft Edge: Settings → Cookies and site permissions → Cookies and site data.

Disabling certain cookies may affect the functionality and performance of our website.

8.6 Do Not Track (DNT)

Our website does not currently respond to "Do Not Track" (DNT) browser signals. You may control tracking through the cookie preference tools described above.

9 International Data Transfers

We are based in the People's Republic of China. Your personal data may be transferred to, stored, and processed in jurisdictions other than your own, including China and other countries where our service providers operate.

9.1 Transfers from the EEA, UK, or Switzerland

When we transfer personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that have not been deemed by the European Commission to provide an adequate level of data protection, we rely on appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): The European Commission's approved contractual clauses designed to ensure adequate data protection for international transfers.
• UK International Data Transfer Agreement (IDTA): The equivalent mechanism for transfers from the United Kingdom.
• Binding Corporate Rules (BCRs): Where applicable.

You may request a copy of the relevant safeguards by contacting us using the information in Section 10.

9.2 Transfers from California (USA)

For California residents, we ensure that any transfer of your personal information outside the United States is subject to appropriate contractual protections and that we maintain a level of protection that is comparable to that required under the CCPA.

9.3 Data Localization Requirements

To the extent required by applicable law, we may store certain categories of personal data on servers located within specific jurisdictions. We comply with all applicable data localization requirements, including those under Chinese cybersecurity and data protection laws.

9.4 Your Consent

By using our services and providing your personal data, you acknowledge that your information may be transferred to and processed in countries that may have different data protection laws than your country of residence. Where required by law, we will obtain your explicit consent before such transfer.

10 Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us.

Response Timeframe

We aim to acknowledge all privacy-related inquiries within 48 hours and to respond substantively within 30 calendar days. If your request is complex or we receive a high volume of requests, we may extend this period by up to 60 additional days, with notice to you.

11 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs.

11.1 Notification of Changes

• Material Changes: If we make significant changes to the way we collect, use, or share your personal data, we will notify you prominently on our website, via email (where you have provided it), or through an in-service notification at least 30 days before the change takes effect.
• Minor Changes: Non-material changes (e.g., clarifications, formatting updates) will be posted on this page with an updated "Last Updated" date at the top of this policy.

11.2 Your Continued Use

By continuing to access or use our services after any changes to this Privacy Policy become effective, you acknowledge and agree to the updated terms. If you do not agree with the changes, you should discontinue use of our services and, where applicable, request deletion of your data.

11.3 Historical Versions

We will maintain an archive of previous versions of this Privacy Policy. You may request a copy of any prior version by contacting us. The version number and effective date are displayed at the top of this page for your reference.