We explicitly state the types of data actively collected from users by our website or application. This includes basic identity information such as name, gender, date of birth, email address, and phone number that users fill in during registration. During the use of our services, we gather behavioral data like browsing history, search history, click behavior, and purchase records. Additionally, we may obtain information such as geographical location, camera, and microphone usage through device permissions. For example: “When you register for our membership service, we collect your name, email, and password to create your account. While you browse our e-commerce pages, we record details of the products you view, the time you stay on each page, etc., to provide you with more accurate recommendation services.”

We elaborate on the user-related data obtained from third-party partners. For instance, credit information from credit rating agencies (if applicable), or social relationship data accessed from social media platforms, which are used to enrich user profiles or enhance service experience. It must be emphasized that we have obtained explicit authorization from users or followed legal data sharing agreements. For example: “With your authorization, we may obtain your friend list from WeChat to facilitate you sharing our product information with your friends.”

We explain how the collected data is used to achieve the core functions of our website or application. For example, we use users’ purchase records to process orders and arrange shipping; we rely on browsing behavior data for algorithm optimization to improve website layout and content recommendation, enabling users to find what they need more quickly. Such as: “We use your order information to arrange logistics and track shipping progress to ensure you receive the purchased goods smoothly. At the same time, by analyzing your browsing habits, we adjust the classification settings of the website pages to improve your browsing efficiency.”

We clarify whether the collected data will be used for marketing purposes, such as sending personalized promotional emails, text messages, pushing in-site notifications, or displaying personalized advertisements. We also clearly inform users of the ways to opt out of marketing activities, such as providing unsubscribe links or setting options. For example: “We may send you exclusive promotional emails based on your interests and purchase history. If you do not want to receive such emails, you can click the unsubscribe link in the email or turn off the ‘Marketing Notifications’ option in your personal settings page.”

We mention how data is used for market analysis and user research to understand industry trends and enhance product competitiveness. We guarantee that the data is anonymized or aggregated before being used for such purposes and will not disclose users’ personal privacy. For example: “We regularly aggregate users’ behavioral data for anonymous analysis to study market demand changes and develop new products that better meet user needs. In this process, your personal identity information will never be disclosed.”

We list in detail the names of third-party institutions or companies with which user data is shared, including but not limited to payment gateways (such as Alipay, WeChat Pay), logistics providers (such as SF Express, YTO Express), data analysis companies (such as Baidu Statistics, Umeng), advertising platforms (such as Facebook, Google Ads), etc., and explain the purpose of sharing. For example: “To achieve secure and fast payment, we share your order amount and payment-related information with Alipay and WeChat Pay; to optimize logistics distribution, we provide your shipping address and contact information to SF Express.

We emphasize that under legal requirements, such as cooperating with law enforcement agencies in investigations and responding to legal proceedings, we have to provide user data to relevant departments; and to ensure the overall security of our website or application, in the event of a hacker attack, data leak, or other security incidents, we share data with professional security agencies to assist in the investigation and fix vulnerabilities, while ensuring strict adherence to legal procedures and security standards. For example: “According to the law, when we receive a subpoena from the court or an investigation request from a law enforcement agency and it complies with legal procedures, we will provide necessary user data to assist in the investigation. In the event of a security threat, we cooperate with professional cybersecurity companies and share relevant data to protect the interests of all users.”

We specify the storage time of data, which is usually determined based on business needs, legal requirements, or contractual obligations. For example: “Your registration information will be retained for 5 years after you cancel your account, which is necessary for financial audit and legal traceability; while your browsing behavior data is only saved for 1 month for real-time service optimization.”

We inform users of the geographical location where their data is stored, whether it is on local servers, cloud storage (such as Alibaba Cloud, Tencent Cloud), or overseas data centers, so that users understand the physical location of their data, considering that different legal regions may have an impact on data protection. For example: “Your data is mainly stored in Alibaba Cloud data centers in China, and some redundant backups are stored in overseas nodes in Singapore to ensure data availability.”

We detail the technical and management measures taken to protect user data, such as data encryption technologies (SSL/TLS encrypted transmission, AES encrypted storage), access control mechanisms (multi-factor authentication, hierarchical permission management), data backup strategies (regular full backups, incremental backups), security audit systems, etc. For example: “We use SSL/TLS encryption technology to ensure the security of data during transmission, and all sensitive data is stored using the AES encryption algorithm. Internal employees need to go through multi-factor authentication to access user data and strictly follow hierarchical permission management, and unauthorized access is strictly prohibited.”

We inform users that they have the right to access their collected data at any time and explain the ways for users to request access, such as through online customer service, sending an email to a specified mailbox, or operating in the personal settings page. For example: “If you want to view your registration information, browsing history, and other data, you can click the ‘My Data’ option in your personal settings page after logging in, or send an email to privacy@yourdomain.com. We will reply within 7 working days.”

We clarify that users can correct their inaccurate or outdated data and elaborate on the specific correction process, which is usually similar to the operation method of the right of access. For example: “If you find that your personal information is incorrect, such as a changed phone number, you can directly modify it in your personal settings page or contact our customer service staff for assistance.”

We emphasize that users have the right to request the deletion of their data, especially after canceling their account, and explain the thoroughness of data deletion and the completion time. For example: “When you cancel your account, we will delete all your personal data, including registration information, browsing behavior, and purchase records, within 15 working days to ensure your privacy is fully protected.”

We explain that if users do not want their data to be used for certain specific purposes, such as marketing promotion, they have the right to object and the corresponding operation methods. For example: “If you do not want us to use your data for marketing activities, you can turn off the ‘Marketing Notifications’ option in your personal settings page or reply to the unsubscribe link in the marketing email. We will respect your wishes.”

We clearly define the minimum age of users targeted by our website or application, such as 13 years old (as stipulated by relevant US laws) or 14 years old (as stipulated by relevant EU laws), and state that we will not intentionally collect data from children below this age limit. For example: “Our services are targeted at users over 13 years old and will not actively collect personal data from children under 13.”

If our website or application does involve the collection of children’s data (such as educational applications), we need to detail the special protection measures taken, such as obtaining the consent of parents or guardians, setting up a special children’s privacy protection mode, and restricting the scope of data use. For example: “For educational applications for children, we will obtain written consent from parents before collecting children’s data. When using the data, it is limited to providing educational services for children and cannot be used for other commercial purposes.”

We provide a dedicated customer service email for handling privacy issues, making it convenient for users to consult, complain, or make rights requests, such as info@wehoovending.com.

If available, we list a hotline number that can be dialed,so that users can quickly contact in case of an emergency.

We explain whether online customer service is provided and its access location in the website or application, such as the chat icon in the lower right corner, to facilitate real-time communication with users.

We state the update frequency of the privacy policy, generally once a year or every six months, or it can be updated in a timely manner according to changes in laws and regulations, business adjustments, etc. For example: “We usually update the privacy policy comprehensively once a year to ensure that it is adapted to the latest legal requirements and business development.”

We elaborate on how users will be notified when the policy is updated, such as posting an announcement on the website homepage, sending an email notification to users, or prompting users to read the new policy in the personal settings page, ensuring that users are aware of and agree to the new policy. For example: “When we update the privacy policy, we will post a prominent announcement on the website homepage and send an email notification to all registered users. Users need to read and confirm the new policy within 30 working days, otherwise it will affect the subsequent use of services.”