PRIVACY & POLICY

Xylon Worldwide Trading Ltd ("Xylon", website: xylonwwt.com, contact email: business@xylonwwt.com), as the data controller, strictly adheres to the EU General Data Protection Regulation (GDPR) and relevant data protection regulations of each EU member state, and is committed to protecting the personal data security and legitimate rights of all data subjects within the EU (including customers, partners, website visitors, etc.). This policy clearly informs you how we collect, use, store, transfer, and protect your personal data, as well as your related rights and how to exercise them.

Ⅰ

Scope of Application

This policy applies to all processing activities of personal data of data subjects within the EU in Xylon's business activities of bag design, production, sales, and global trade, including but not limited to personal data collected and processed through the company website (xylonwwt.com), business negotiations, contract signing, product delivery, etc.

Ⅱ

Purpose of Collection and Processing of Personal Data

We collect personal data only for legitimate, explicit, and specific purposes, and the scope of collection strictly follows the principle of "data minimization," collecting only the minimum data necessary to achieve the established purpose.

1. Types of Personal Data Collected

Depending on the business scenario, we may collect personal data including but not limited to name, contact information (email, phone number, address), payment information, order information, delivery information, product preferences, website browsing history, and cookie data. Sensitive personal data (such as race, religion, and health information) will never be collected unless we obtain your explicit consent and there is a legitimate business need.

2. Core Processing Purpose and Legal Basis

(1) Fulfilling Contractual Obligations: To provide you with services such as the sale and delivery of bag products, we process your order information, delivery information, and payment information. The legal basis is "fulfilling contractual obligations to the data subject."
(2) Obtaining Explicit Consent: To push information on new bag products, promotional activities, design news, and other marketing content to you, or to obtain your feedback on product design, we will obtain your explicit consent in advance, and you have the right to withdraw your consent at any time. The legal basis is "data subject consent."
(3) Compliance with Legal Obligations: To meet legal requirements such as tax declaration, financial auditing, and product quality traceability, necessary transaction records and personal data are retained. The legal basis for this is "compliance with legal obligations."
(4) Pursuit of Legitimate Interests: Data is processed for legitimate business purposes such as optimizing the user experience of the official website, improving the rationality of product design, and preventing commercial fraud, and will not harm your legitimate rights and interests. The legal basis for this is "the legitimate interests of the data controller."

Ⅲ

Restrictions on the Use and Sharing of Personal Data

1. Data Use Restrictions

We strictly use personal data in accordance with the purposes stated in this policy. Without your explicit consent or legal permission, we will never use personal data for any purpose unrelated to the established purpose. If the purpose of data processing needs to be changed due to business development, we will inform you in advance and explain the reasons for the change to ensure that the changed processing purpose complies with GDPR requirements.

2. Data Sharing Restrictions

We promise not to sell or rent your personal data to any unrelated third party. Data will be shared with relevant parties only under the following specific circumstances, after strict review:

(1) As required to fulfill contractual obligations: such as sharing receiving information with third-party logistics providers to complete product delivery, or sharing necessary payment information with payment institutions to complete transaction settlement;
(2) With your explicit consent: such as sharing relevant design or order data with your designated partners at your request;
(3) To comply with legal or regulatory requirements: such as providing relevant data as legally required by EU and member state regulatory agencies or judicial authorities;
(4) To protect the legitimate rights and interests of all parties: such as necessary sharing to prevent fraud, safeguard the company's legitimate rights and interests, or protect the personal and property safety of you and others.

For all data sharing recipients, we will clarify their data protection obligations through data processing agreements, require them to take sufficient security measures, and supervise their data processing activities.

Ⅳ

Storage and Cross-border Transfer of Personal Data

1. Storage Period

We adhere to the "storage limitation" principle and will only store your personal data for the shortest period necessary to achieve the data processing purpose. Upon expiration of the storage period, we will promptly process the relevant data through anonymization, deletion, or other methods, unless required by law or to protect legitimate rights.

2. Storage Security

We employ technical and managerial security measures compliant with GDPR requirements, including data encryption, access control, security audits, and contingency plans, to prevent unauthorized access, theft, alteration, or disclosure of personal data. We also regularly assess and upgrade our security measures to ensure their effectiveness.

3. Cross-border Transfers

If your personal data needs to be transferred outside the EU (including Xylon's non-EU branches or partners), we will strictly comply with GDPR cross-border transfer rules to ensure that the transfer process meets data protection requirements. Specific measures include, but are not limited to: transferring to countries or regions deemed by the European Commission to have an "adequacy protection level"; signing EU Standard Contractual Clauses (SCCs) with the recipient; implementing supplementary security measures such as encryption and anonymization; or obtaining your explicit consent (if applicable).

Ⅴ

Core Rights of Data Subjects

According to GDPR, as a data subject, you enjoy the following core rights, and we will provide you with convenient channels to exercise these rights:

1. Right to Know

You have the right to know the details of how we collect and use your personal data, including the purpose of processing, data type, shared recipients, and storage period.

2. Right to Access

You have the right to request a copy of your personal data and an explanation of the relevant data processing activities.

3. Right to Correction

If your personal data is inaccurate or incomplete, you have the right to request that we correct or supplement it promptly.

4. Right to Erasure

Under legally permissible circumstances, you have the right to request that we delete your personal data (Right to Be Forgotten).

5. Right to Restrict Processing

You have the right to request that we suspend the processing of your personal data under specific circumstances.

6. Right to Object

You have the right to object to our processing of your personal data based on "legitimate interests" or marketing purposes.

7. Right to Data Portability

You have the right to request that we provide your personal data in a structured, machine-readable format.

8. Right to Withdraw Consent

You have the right to withdraw your consent to data processing at any time.

To exercise the above rights, you can contact us at business@xylonwwt.com. We will respond to and process your request within the period stipulated by GDPR (generally no more than 30 days, which may be extended to 90 days in complex cases). If you are dissatisfied with our processing results, you have the right to file a complaint with the data protection authority (DPA) of your EU member state.

Ⅵ

Use of Cookies and Similar Technologies

To optimize the browsing experience of our official website (xylonwwt.com), analyze user behavior, and provide personalized services, we may use cookies and similar tracking technologies. We will prominently display the types of cookies, their purposes, and how to refuse them on the homepage. You can refuse unnecessary cookies through your browser settings, but this may affect the normal operation of some website functions.

Ⅶ

Data Breach Notification

In the event of a major data breach that may affect the security of your personal data, we will promptly notify the relevant data subjects and the corresponding data protection authorities of the EU member states within 72 hours of discovering the breach (unless the breach is unlikely to pose a high risk to your rights and freedoms). The notification will include basic information about the breach, its potential impact, the remedial measures we have taken, and protection recommendations for you.

Ⅷ

Policy Updates and Notifications

We may revise this Privacy Policy in accordance with updates to EU data protection regulations or business adjustments. The revised policy will be published prominently on our website, indicating the new effective date. If the revisions involve your core rights, we will notify you separately via email, website pop-ups, etc., to ensure you are aware of the policy changes.

Ⅸ

Contact Information

If you have any questions, suggestions, or complaints regarding this Privacy Policy, please contact us through the following methods:

Company Name

Xylon Worldwide Trading Ltd

Website

xylonwwt.com

Business Email

business@xylonwwt.com

(For data protection related inquiries only)

We will respond to your requests promptly and do our utmost to protect your personal data rights.

PRIVACY & POLICY

Privacy Policy (GDPR Compliance)

Data Controller

Official Website

Contact Email