Privacy Policy

PRIVACY POLICY

Effective Date: [ June 5, 2025]
Last Updated: [June 5, 2025]

1. Who We Are

Heiyo Inc. ("we", "us", or "our") operates https://www.heiyoxq.com (the "Site").

 

  • Contact: heiyo@hsinchitek.com

2. Data We Collect

Category Purpose Examples
Identifiers Order processing, account creation Name, email, shipping/billing address
Commercial Data Payment verification, returns Order history, product preferences
Technical Data Site functionality optimization IP address, device type, browser cookies
Usage Data Marketing analytics Page views, clickstream data (via GA4)
Inference Data Personalization (opt-in required) AI-generated product recommendations

🔹 Sensitive Data Notice: We never collect:

  • Government IDs (e.g., SSN, passport)

  • Biometric data (e.g., facial recognition)

  • Health information

3. How We Use Your Data

Purpose Legal Basis (GDPR)
Fulfill orders & process returns Contractual necessity
Send transactional emails Legitimate interests
Prevent fraud & security risks Legal obligation
Personalized ads (opt-in) Consent
Improve products via AI analytics Legitimate interests

4. Data Sharing & Third Parties

We share data only with:

  • Payment Processors:
    Shopify Payments (PCI-DSS certified) – Shares: Order total, email
    PayPal (EU-US DPF certified) – Shares: Billing address

  • Shipping Carriers:
    UPS/FedEx – Shares: Delivery address, phone (deleted after 90 days)

  • Marketing Services:
    Google Analytics 4 (IP anonymization enabled)
    Meta Ads (data hashing applied)

No sale/sharing for cross-context behavioral advertising (CCPA compliant).

5. International Data Transfers

  • EU → US: Under EU-US Data Privacy Framework certification.

  • UK → US: Under UK Extension to the EU-US DPF.

6. Your Rights

X

Email heiyo@hsinchitek.com to request data copy
Deletion Submit request via [在线请求表单链接]
Correction Update account details in "My Profile"
Opt-Out of Sale/Sharing Click "Do Not Sell My Personal Information" in footer
Withdraw Consent Toggle off in "Cookie Settings" at any time

🔹 We respond within 30 days (GDPR) / 45 days (CCPA).

7. Cookies & Tracking Technologies

  • Essential Cookies: Always active (e.g., shopping cart functionality).

  • Analytics/Marketing Cookies: Enabled only with consent via:
    Cookie Settings Center

To opt out globally:

8. Children’s Privacy

We do not target or collect data from children under 16.
If we learn that a child’s data was submitted, we will delete it immediately.

9. Security Measures

  • Encryption: SSL/TLS for data in transit; AES-256 for data at rest.

  • Access Control: Role-based permissions + 2FA for staff.

  • Breach Response: Notify regulators within 72 hours, users if high risk.

10. Policy Updates

We will notify you of material changes (e.g., new data uses) via:

  • Email 30 days prior

  • Site banner with summary & link to [Archive of historical versions]

Minor updates are reflected in the "Last Updated" date above.

11. Contact & Dispute Resolution

       US Legal Requests: legal@heiyo.com