This Privacy Policy is formulated in accordance with the EU General Data Protection Regulation (GDPR) and aims to clarify the rules governing the collection, use, storage, transmission, and protection of personal data of data subjects (i.e., EU residents) within the EU by QORTEX TRADING CO., LTD (hereinafter referred to as "we"), and to safeguard the legitimate rights and interests of data subjects. This policy applies to all our business activities involving the processing of personal data of EU residents, including but not limited to personal data processing activities generated through our official website, email communication, order transactions, and cooperation negotiations.
Data Controller Information
If you have any questions, complaints, or needs regarding the processing of your personal data, please contact us through the above email address, and we will respond within a reasonable timeframe.
Scope and Purpose of Personal Data Collection
(I) Types of Personal Data Collected
To achieve our business objectives, we will collect and process the following necessary personal data, strictly adhering to the principle of "minimization" and not collecting information unrelated to our business:
Identity and Contact Information
Including name, email address, phone number, contact address, etc., used for order communication, after-sales service, cooperation coordination, etc.
Transaction-Related Information
Including order number, type and specifications of purchased footwear, payment information (processed by a third-party payment institution; we do not store complete payment passwords or other sensitive payment data), logistics information, etc.
Device and Usage Information
Including IP address, browser type, access time, page browsing history, etc., used to optimize the website experience and ensure website security.
Sensitive Personal Data
Unless we obtain your explicit and separate consent, we will not proactively collect your sensitive personal data such as race, health status, and financial details.
(II) Legal Basis and Purpose of Data Processing
Our personal data processing activities are all based on legal grounds, primarily including:
Methods of Personal Data Processing and Retention Period
(I) Processing Methods
We will process personal data in a legal, fair, and transparent manner, including operations such as collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, and deletion. All data processing activities will employ appropriate technical and organizational security measures.
(II) Retention Period
Sharing and Cross-Border Transfer of Personal Data
(I) Data Sharing
We will not share your personal data with third parties indiscriminately. We will only share data in the following circumstances:
For contractual purposes
Sharing with logistics/payment providers to complete transactions
For third-party processing
Entrusting professional agencies with data protection services
To comply with laws
Disclosing data as required by court judgments or regulations
To protect rights
Disclosing data in case of fraud or infringement
(II) Cross-Border Transfer
Your personal data may be transferred to countries outside the EU/EEA, with safeguards including:
Rights of Data Subjects (Based on GDPR)
Right of Access
Request confirmation and copy of your personal data
Right of Correction
Request correction of inaccurate/incomplete data
Right of Erasure
Request deletion of your personal data in specific circumstances
Right to Restrict Processing
Request restriction of data processing in specific circumstances
Right of Data Portability
Request data in a machine-readable format
Right of Object
Object to processing based on legitimate interests
Right to Withdraw Consent
Withdraw consent at any time (no impact on prior processing)
To exercise these rights, contact us at office@qortexco.com - we respond within 1 month (extendable to 3 months for complex cases).
Additional Provisions
Data Security and Breach Notification
We use encryption, firewalls, and employee training to protect data. In case of breach with high risk, we report to regulators within 72 hours and notify affected individuals promptly.
Data Protection Impact Assessment (DPIA) and DPO
We conduct DPIA for high-risk processing activities. A dedicated person is responsible for GDPR compliance (DPO appointed if required).
Policy Updates and Notifications
Policy may be updated for legal/business reasons. Significant changes are notified via qortexco.com or email.
Complaint Channels
Contact us at office@qortexco.com for GDPR-related complaints, or file a complaint with EU data protection authorities if dissatisfied with our response.
