-649x577.png "AEON PEAK CO., LTD")
1. Scope of Application
This Policy applies to the personal data of EU residents processed by us in the following scenarios: towel product display, consultation and communication, order processing, and other services conducted through the aeonpeak.com website; offline transactions with EU customers; and other business activities involving the data of EU residents. Regardless of whether our business is located in the EU, any processing of personal data of EU residents is subject to this Policy and the GDPR.
2. Collection and Processing of Personal Data
(I) Types of Personal Data Collected
Identity and Contact Data: includes, but is not limited to, name, email address, phone number, mailing address, etc., primarily collected through your active provision when inquiring or placing an order on the website, or through information submitted during offline business interactions.
Transaction Data: includes order number, towel product type, quantity, amount, payment method, logistics and delivery information, etc., generated during the transaction process between you and us.
Technical Data: includes IP address, browser type, access device information, website browsing history (such as towel product pages viewed and duration of stay), etc., automatically collected by the system when you visit aeonpeak.com. Other data: such as preferences you provide when participating in our product research (e.g., towel material and style requirements), or other relevant information provided through customer service communications.
(II) Legal Basis for Data Processing
All of our data processing activities are conducted on the lawful basis set forth in the GDPR, primarily including:
Your explicit consent: If you agree to receive notifications about product updates, we process your contact information accordingly.
Performing contractual obligations: To fulfill your towel order, we need to process data such as your shipping address and payment information.
Legitimate obligations: For example, retaining transaction-related data for tax reporting purposes.
Legitimate interests: For example, analyzing website browsing data to optimize product display or verifying transaction information for anti-fraud purposes. Such processing does not infringe upon your legal rights.
(III) Purposes of Data Processing
We process personal data only for the following specific, legitimate, and explicit purposes and do not use it for other unrelated purposes beyond the stated scope:
Providing products and services: This includes responding to your inquiries, processing towel orders, arranging logistics and delivery, and providing after-sales service.
Ensuring transaction security: Preventing fraud and protecting your financial security by verifying transaction information and monitoring unusual access.
Optimizing User Experience: We use browsing data to improve website functionality and product display, providing you with towel product recommendations that better meet your needs.
Compliance and Record Retention: To meet legal requirements such as tax and audit requirements, we retain necessary transaction and data processing records.
Communication and Notification: With your consent, we will send you information about new product launches, promotions, and other events, or notify you of changes in order status.
3. Data Storage and Protection
(I) Storage Period
We adhere to the "storage limitation" principle and retain personal data only for as long as necessary to fulfill the purposes for which we process it:
Transaction Data: We retain personal data for 7 years from the date of the transaction to meet tax compliance requirements.
Identity and Contact Data: We retain personal data for 2 years after the last interaction (e.g., inquiry, order) unless you request deletion. If you explicitly subscribe to receive notifications, we retain personal data until you unsubscribe.
Technical Data: We retain personal data such as IP addresses for 90 days after anonymization. The original data is deleted immediately after fulfilling anti-fraud and website optimization purposes.
Data related to legal obligations: We will retain it for the required period and anonymize or completely delete it immediately upon expiration.
(II) Security Protection Measures
We implement technical and organizational security measures that comply with GDPR requirements to safeguard the integrity and confidentiality of personal data:
Technical Protection: We encrypt data transmission using TLS 1.2 or higher, and encrypt stored data. We conduct regular vulnerability scans and penetration tests to mitigate the risk of data breaches.
Access Control: We strictly restrict data access rights to authorized personnel only for those who need to access relevant data to perform their duties. We enable two-factor authentication for administrator accounts to ensure secure access.
Operational Records: We retain data processing operation logs for at least six months to trace the data flow.
Emergency Response: We have established a data breach emergency plan. In the event of a personal data breach that may compromise your rights, we will notify the relevant regulatory authorities within 72 hours. If the breach poses a high risk, we will directly notify the affected individuals and implement remedial measures.
4. Data Sharing and Transfer
(I) Data Sharing
We adhere to the principle of "data minimization" and only share personal data with the following third parties when necessary. We ensure that these third parties comply with GDPR requirements:
Logistics service providers: To complete the delivery of towel products, we share your name, address, contact number, and other necessary logistics information. Third parties may use this information only for delivery purposes and not for any other purpose.
Payment processors: To complete transaction settlement, we share necessary payment-related information. Third parties must strictly comply with payment security regulations.
Compliance and service providers: For audit or legal matters, we share necessary data with accounting firms, law firms, etc., subject to the signing of confidentiality agreements.
We will not sell your personal data to any third party for marketing purposes.
(II) Cross-border Transfer
If your personal data needs to be transferred from within the EU to locations outside the EU (including our locations), we will implement the following compliance measures to ensure the security of this transfer:
Enter into EU Standard Contractual Clauses (SCCs) with the data recipient to clarify the data protection responsibilities of both parties.
Use encryption and other security technologies to ensure that data is not illegally accessed or tampered with during transmission. We regularly audit the processing activities of data recipients to verify the effectiveness of their data protection measures.
5. Data Subject Rights
Under the GDPR, you, as a data subject, have the following core rights, and we will facilitate your exercise of these rights:
Right to Information: You have the right to request information from us as specified in this Policy, including the type of your personal data, the purpose of processing, and the parties with whom it is shared.
Right to Access: You have the right to obtain a copy of the personal data we hold about you. We will provide this information in a common format, such as a .csv file, within 30 days of receiving your request. The first request is free of charge.
Right to Correction: If your personal data is inaccurate or incomplete (such as a change in delivery address), you have the right to request that we promptly correct it. You can also modify some basic information through your website account.
Right to Erasure (Right to Be Forgotten): You have the right to request that we completely erase your personal data if: the data is no longer necessary for the processing purpose; you have withdrawn your consent and there is no other basis for processing; you have objected to the processing and there is no overriding legitimate interest; or the processing is unlawful. We will complete the deletion within 30 days of receiving your request, including deleting backups and data shared with third parties. Right to Restrict Processing: You have the right to request that we suspend data processing when the accuracy of your data is in dispute, the purpose of processing has been achieved but retention is necessary to meet legal requirements, or you have objected to the processing but the lawfulness of the processing has not yet been verified.
Right to Data Portability: You have the right to request that we provide your personal data to you in a structured, commonly used, and machine-readable format, or transfer it directly to another data controller designated by you (if technically feasible).
Right to Object: You have the right to object to non-essential data processing based on our legitimate interests (such as personalized product recommendations) and to withdraw your consent to information push notifications at any time, without affecting any prior processing based on consent.
Right to Object to Automated Decision-Making: If our automated decisions (such as order risk assessments) significantly affect you, you have the right to request a human review and an explanation of the decision-making basis.
If you wish to exercise any of these rights, please contact us at [email protected] and we will respond within 30 days. If you are dissatisfied with our processing, you have the right to lodge a complaint with an independent data protection supervisory authority in an EU member state.
6. Use of Cookies
Our website, aeonpeak.com, uses cookies to optimize the user experience. Cookie usage follows a hierarchical management principle:
Necessary cookies: These cookies are used to ensure the operation of core website functionality, such as shopping cart memory. These cookies are enabled by default and do not require additional consent. Disabling them will affect your ability to use the website.
Analytical cookies: These cookies are used to measure website visits and user browsing habits, to optimize website design and product display (for example, analyzing user preferences for towels). These cookies require your active consent before they are enabled.
Advertising cookies: These cookies are used to deliver product information relevant to your needs. These cookies require your secondary consent before they are enabled.
You can manage or delete cookies through your browser settings, or turn cookies on or off by category through the "Preferences Center" pop-up window on the website.
7. Policy Updates and Notifications
We will review and update this Privacy Policy regularly in accordance with GDPR requirements, business developments, and legal changes. Upon update, we will prominently post the updated content and new effective date on our website, aeonpeak.com, and notify you of any significant changes (such as adjustments to the purpose of data processing and the scope of data sharing) via the email address you have provided. Your continued use of our products or services will be deemed your acceptance of the updated policy.
We maintain access to past versions of this policy. If you would like to review historical versions, please contact us through our contact email.
8. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or report a data protection issue, please contact us through the following methods:
Company Name: AEON PEAK CO., LTD
Contact Email: [email protected]
Website: aeonpeak.com
If our business involves large-scale systematic monitoring or large-scale processing of sensitive data, we will appoint a Data Protection Officer (DPO) in accordance with the law. The DPO's contact information will be publicly available in this policy.