PRIVACY & COOKIE POLICY

2.1 Compliance with the PDPO (Hong Kong)

Under Hong Kong’s PDPO, we adhere to the following Data Protection Principles (DPPs):

• DPP1 (Purpose and Manner of Collection): We collect Personal Data only for lawful purposes and ensure fair means of collection.
• DPP2 (Accuracy and Retention):Personal Data is kept accurate and only retained as long as necessary.
• DDP3 (Use of Data)Personal Data is used only for the stated purposes or related purposes.
• DPP4 (Data Security):Adequate security measures are implemented to protect Personal Data.
• DPP5 (Transparency):Policies and practices relating to Personal Data are clearly communicated.
• DPP6 (Access and Correction): Individuals can access and correct their Personal Data.

2.2 Additional Legal Bases (Where Applicable)

• Consent:Where required, we will obtain your explicit consent for specific data processing activities.
• Contractual Necessity: Processing Personal Data is necessary to fulfill our obligations under a contract with you.
• Legal Obligations:We may process your Personal Data to comply with applicable laws and regulations.
• Legitimate Interests:We process Personal Data for purposes such as fraud prevention, security, and improving our Website and Services, provided your rights and freedoms are not overridden.

3.1 Information You Provide Directly

• Contact Details:Name, email address, phone number, company name, and position.
• Transactional Data:Details provided during requests for quotations, purchases, or customer inquiries.
• Communication Data:Information contained in emails, phone calls, or other correspondence with us.

3.2 Information Collected Automatically

• Device Information: IP address, browser type, operating system, and device identifiers.
• Usage Data:Information about how you interact with the Website, such as pages viewed and links clicked.
• Cookies and Similar Technologies:Information about how you interact with the Website, such as pages viewed and links clicked.

3.3 Information from Third Parties

• Credit History: Information obtained from credit bureaus for fraud prevention and due diligence.
• Publicly Available Data:Information from public registers or professional directories.

4.1 Information You Provide to Us

• Through online forms (e.g., RFQ submissions, account registration).
• During direct communication via email, phone, or in person.
• When subscribing to newsletters or other marketing materials.

4.2 Information Collected Automatically

• Using cookies and similar technologies to track your interaction with the Website.
• Through log files generated by our servers to monitor website performance and security.

4.3 Information Provided by Third Parties

• From credit reporting agencies during due diligence checks.
• Through business partners or professional organizations.

5.1 To Fulfill Contracts and Provide Services

• Processing RFQs and managing orders.
• Delivering Products and responding to customer inquiries.

5.2 To Improve and Enhance Our Services

• Analyzing website usage to optimize user experience.
• Conducting surveys and obtaining feedback to improve our offerings.

5.3 For Marketing and Communication

• Sending newsletters, promotional offers, and updates (with your consent).
• Personalizing marketing messages based on your preferences and past interactions.

5.4 For Legal and Compliance Purposes

• Complying with legal obligations, including fraud prevention and responding to regulatory requests.
• Enforcing our terms and conditions and protecting our rights.

6.1 What Are Cookies?

Cookies are small files placed on your device to store data about your preferences and usage of our Website.

6.2 Types of Cookies We Use

• Essential Cookies:Necessary for the operation of the Website (e.g., enabling secure logins).
• Performance Cookies: Collect information on how users interact with the Website to improve functionality.
• Analytics Cookies:Help us understand traffic patterns and user behaviors.
• Advertising Cookies:Used to deliver tailored advertisements based on your browsing history.

6.3 Controlling Cookies

You can manage your cookie preferences through your browser settings. Note that disabling cookies may impact the functionality of our Website.

7.1 With Service Providers

• Third-party vendors who assist in delivering our Services, such as logistics providers, IT support, and payment processors.

7.2 For Legal and Regulatory Compliance

• To comply with lawful requests from regulatory authorities, courts, or law enforcement agencies.

7.3 During Corporate Transactions

• In the event of a merger, acquisition, or sale of assets, your Personal Data may be transferred as part of the transaction.

7.4 With Your Consent

• Where you have explicitly authorized us to share your data with third parties for specific purposes.

8.1 Data Transfer Safeguards

• Hong Kong PDPO Compliance:Cross-border transfers are conducted in compliance with Section 33 of the PDPO, ensuring equivalent protection in the recipient jurisdiction.
• GDPR Compliance:For transfers originating from the European Economic Area (EEA) to non-EEA jurisdictions, we implement safeguards such as:
  • Standard contractual clauses approved by the European Commission.
  • Other mechanisms permitted under GDPR, such as consent-based transfers.
• CCPA Compliance:Transfers of Personal Data concerning California residents are conducted in accordance with applicable U.S. laws.

8.2 Hosting Locations

• Our servers may be located in jurisdictions outside of your home country. By using our Website or Services, you acknowledge and agree to the transfer, processing, and storage of your Personal Data in these jurisdictions.

8.3 Your Rights in Cross-Border Transfers

• You may contact us to learn more about the safeguards we use for international transfers.

9.1 Retention Periods

• General Data:Retained for the duration of your relationship with us and as required for legal, contractual, or operational purposes.
• Legal Obligations:Certain data (e.g., transactional records) may be retained for longer periods to comply with tax, accounting, and regulatory requirements.

9.2 Criteria for Retention

We consider the following factors to determine retention periods:

• The purpose for which the data was collected.
• Legal and regulatory obligations.
• Risk of potential disputes or claims.

9.3 Secure Deletion

When Personal Data is no longer required, we securely delete, anonymize, or destroy it in accordance with our data retention policies.

10.1 Security Measures

• Use of encryption protocols for data storage and transmission.
• Firewalls, secure servers, and intrusion detection systems to protect against unauthorized access.
• Regular security assessments and audits.

10.2 Limited Access

Access to Personal Data is restricted to authorized personnel who require it to perform their duties.

10.3 Incident Response

In the event of a data breach, we will take immediate action to mitigate risks, notify affected individuals as required by law, and report incidents to relevant authorities.

11.1 Rights Under Hong Kong’s PDPO

• Access: You have the right to request access to your Personal Data.
• Correction:You have the right to request corrections to inaccurate or incomplete Personal Data.

11.2 Rights Under GDPR (For EU Residents)

• Right to Access: Obtain a copy of your Personal Data.
• Right to Rectification:Correct inaccuracies in your data.
• Right to Erasure: Request deletion of your data (subject to legal obligations).
• Right to Restrict Processing:Limit how your data is processed.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to data processing based on legitimate interests or for marketing purposes.

11.3 Rights Under CCPA (For California Residents)

• Right to Know:Request information about categories and specific pieces of Personal Data collected.
• Right to Delete:Request deletion of your Personal Data.
• Right to Opt-Out:Opt out of the sale of your Personal Data.
• Non-Discrimination:Exercise your rights without fear of discrimination.

12.1 How to Submit Requests

You can submit data access, correction, or deletion requests by:

• Email: info@eugogroup.com
• Mailing Address: RM1508, Yuen Long Trading Center, 33 Wang Yip Street, Yuen Long, Hong Kong

12.2 Verification of Identity

To protect your data, we may verify your identity before processing your request. This may involve:

• Providing proof of identification.
• Confirming details associated with your account.

12.3 Response Time

We aim to respond to all requests within 30 days, as required by the PDPO, GDPR, and CCPA. Extensions may apply if requests are complex or voluminous, in which case we will notify you.

13.1 Data Protection Principles

We adhere to the six Data Protection Principles (DPPs) under the PDPO:

• Data collection must be lawful and fair.
• Data must be accurate and not retained longer than necessary.
• Data must be used for the stated purpose or directly related purposes.
• Data must be safeguarded against unauthorized access or processing.
• Transparency in data policies and practices.
• Individuals have the right to access and correct their data.

13.2 Access and Correction Requests

• Individuals may request access to or correction of their Personal Data by contacting us at info@eugogroup.com.
• We will respond to such requests within the statutory period of 40 days, as required by the PDPO.

13.3 No Use for Direct Marketing Without Consent

We will not use your Personal Data for direct marketing without your prior consent, in accordance with Section 35G of the PDPO.

14.1 Legal Basis for Processing

We process Personal Data under the GDPR on the following legal bases:

• Contractual Necessity: To fulfill our obligations under a contract.
• Consent: When you provide explicit consent.
• Legitimate Interests: To improve our Services, prevent fraud, and safeguard our Website.

14.2 Data Transfers to Non-EEA Jurisdictions

For transfers of Personal Data outside the EEA, we implement safeguards such as:

• Binding Corporate Rules (if applicable).
• Standard Contractual Clauses approved by the European Commission.

14.3 Complaints and Supervisory Authority

If you believe we have infringed your rights under GDPR, you have the right to lodge a complaint with your local Data Protection Authority (DPA).

15.1 Your Rights Under CCPA

• Right to Know:You may request that we disclose:
  • The categories of Personal Data we have collected about you.
  • The categories of sources for that data.
  • The purposes for collecting or sharing that data.
  • The categories of third parties with whom we share that data.
  • Specific pieces of Personal Data collected about you.
• Right to Delete: You may request that we delete your Personal Data, subject to certain exceptions (e.g., compliance with legal obligations).
• Right to Opt-Out: You may direct us not to sell or share your Personal Data.
• Non-Discrimination: We will not discriminate against you for exercising your rights under the CCPA.

15.2 How to Exercise Your CCPA Rights

You can submit a request to exercise your CCPA rights by contacting us atinfo@eugogroup.com.

15.3 Verification Process

To protect your data, we may require verification of your identity before processing your request, which may include providing proof of identification or confirming specific account details.

16.1 No Collection from Children Under 13

• Our Website and Services are not intended for use by children under 13 years of age.
• We do not knowingly collect Personal Data from children under 13.

16.2 Actions Upon Discovery

• If we discover that we have inadvertently collected Personal Data from a child under 13, we will delete such data promptly.

16.3 Parental Rights

• If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us at info@eugogroup.com.

17.1 No Responsibility for Third-Party Practices

• We are not responsible for the privacy policies, terms of use, or content of third-party websites.
• We encourage you to review the privacy policies of any third-party websites you visit.

17.2 Third-Party Services

• Our Website may include integrations with third-party services (e.g., payment processors or analytics tools). Your interactions with such services are governed by their respective privacy policies.

17.3 Public Forums and Social Media

• Any information you disclose in public forums (e.g., comment sections, reviews) or on social media platforms is considered public and may be viewed, collected, or used by others.

18.1 Automated Decision-Making

• Automated tools may be used to:
  • Detect fraudulent activities.
  • Assess risks in business transactions.
  • Optimize marketing campaigns.

18.2 Profiling

• Profiling may be conducted to:
  • Tailor our marketing messages based on your preferences.
  • Analyze customer behavior to improve our Products and Services.

18.3 Your Rights Regarding Automated Processing

• If you are located in a jurisdiction that restricts automated decision-making (e.g., GDPR), you have the right to:
  • Request human intervention.
  • Express your viewpoint.
  • Contest automated decisions.

19.1 Notification of Changes

• Minor updates will be posted on our Website with a revised “Effective Date”.
• For significant changes, we will provide a prominent notice on the Website or notify you directly where required by law.

19.2 Your Continued Use Constitutes Acceptance

• By continuing to use our Website or Services after changes are posted, you agree to the updated Policy.