Privacy Policy

1. Introduction

Qionghai Koumo Information Technology Co., Ltd. (hereinafter referred to as "Koumo IT," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your information when you visit our website at www.koumo.shop (the "Site") or interact with our services.

We operate in compliance with the Personal Information Protection Law of the People's Republic of China (PIPL), the Cybersecurity Law of the People's Republic of China (CSL), the Data Security Law of the People's Republic of China (DSL), and other applicable data protection regulations. If you are located outside of China, additional protections under the General Data Protection Regulation (GDPR) or similar laws may apply to you as described in this policy.

By using our Site and services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our Site and services immediately.

2. Definitions

"Personal Information" means any information, recorded electronically or otherwise, that relates to an identified or identifiable natural person, excluding anonymized data. This includes but is not limited to name, identification number, contact information, location data, online identifier, and any other information that can be used to identify you.

"Sensitive Personal Information" refers to personal information that, once leaked or illegally used, may cause harm to the dignity or property of natural persons, including but not limited to biometric data, financial account information, precise geolocation data, health information, and information concerning minors under the age of 14.

"Processing" means any operation or set of operations performed on personal information, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.

"Service Provider" means any natural or legal person who processes personal information on behalf of Koumo IT pursuant to a written agreement.

3. Information We Collect

We collect information you provide directly to us, information collected automatically when you use our Site, and information we obtain from third-party sources. The categories of information we collect include:

• Contact Information: Your name, email address, phone number, company name, and job title when you fill out forms on our Site, subscribe to newsletters, register for events, or contact us for support.
• Account Information: If you create an account with us, we collect your username, password, and account preferences.
• Communication Data: Records of your communications with us, including email correspondence, chat messages, and call recordings where legally permitted and with your consent where required.
• Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, operating system and platform, device type, and other technology on the devices you use to access the Site.
• Usage Data: Information about how you use our Site, including pages visited, time spent on pages, clickstream data, search queries, and referring URLs.
• Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies as described in Section 5 below.

4. How We Collect Your Information

We collect personal information through the following methods:

• Direct Interactions: When you fill out contact forms, subscribe to newsletters, request services, participate in surveys, or correspond with us by phone, email, or otherwise.
• Automated Technologies: As you interact with our Site, we automatically collect technical and usage data through cookies, server logs, and similar technologies.
• Third Parties: We may receive personal information about you from third-party sources such as business partners, analytics providers, advertising networks, and social media platforms, subject to your consent where required by applicable law.

5. Cookies and Tracking Technologies

Our Site uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand where our visitors come from. Cookies are small text files stored on your device by your web browser.

Types of Cookies We Use:

• Essential Cookies: Required for the basic functioning of our Site. These cannot be disabled.
• Functional Cookies: Remember your preferences and choices to improve your experience.
• Analytics Cookies: Help us understand how visitors interact with our Site by collecting anonymous information.
• Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our Site. We will obtain your consent before placing non-essential cookies where required by applicable law.

6. Purposes of Processing

We process your personal information for the following legitimate purposes:

• Service Delivery: To provide, maintain, and improve our services, including processing transactions, managing accounts, and responding to inquiries.
• Communication: To communicate with you about our services, respond to your requests, send administrative information, and provide customer support.
• Marketing: To send you marketing communications, newsletters, and promotional materials, subject to your consent where required by applicable law. You may opt out at any time.
• Improvement: To analyze usage patterns, conduct research, and improve the quality and functionality of our Site and services.
• Security: To detect, prevent, and address fraud, security incidents, and other harmful activities.
• Legal Compliance: To comply with applicable legal obligations, respond to lawful requests from government authorities, and enforce our terms and conditions.

7. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal information based on the following legal grounds:

• Consent: Where you have given us explicit consent for specific processing purposes (e.g., marketing communications).
• Contractual Necessity: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legitimate Interests: Where processing is necessary for our legitimate interests (e.g., improving our services, network security, direct marketing) and your interests and fundamental rights do not override those interests.
• Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.

8. Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information with the following categories of recipients under the circumstances described below:

• Service Providers: We may share information with trusted third-party service providers who perform services on our behalf, such as hosting, analytics, payment processing, email delivery, and customer support. These providers are contractually obligated to protect your information and use it only for the purposes we specify.
• Business Partners: We may share information with business partners with whom we jointly offer services or co-branded products, subject to your consent where required.
• Legal Authorities: We may disclose information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
• Corporate Transactions: In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and the choices you may have.

9. International Data Transfers

We are based in China and may transfer your personal information to countries outside of China, including but not limited to the European Economic Area, the United States, and other jurisdictions where our service providers operate. Where we transfer your information across borders, we implement appropriate safeguards as required by applicable law, including:

• Standard contractual clauses approved by the European Commission or relevant Chinese regulatory authorities;
• Binding corporate rules;
• Certification mechanisms such as the EU-US Data Privacy Framework; and
• Security assessments conducted in accordance with the PIPL and CSL for cross-border data transfers from China.

By submitting your personal information to us, you acknowledge that we may transfer, store, and process your information in countries that may have different data protection laws than your country of residence. However, we will ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable law.

10. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal information, and applicable legal requirements.

In general, we retain customer communication data for a period of three (3) years following your last interaction with us, and technical/usage data for a period of two (2) years. When personal information is no longer required, we will securely delete or anonymize it in accordance with our data retention and disposal policies.

11. Data Security

We implement a comprehensive set of technical, organizational, and administrative security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols (minimum TLS 1.2);
• Encryption of sensitive data at rest using industry-standard algorithms (AES-256);
• Strict access controls based on the principle of least privilege;
• Regular security audits, vulnerability assessments, and penetration testing;
• Employee training on data protection and privacy best practices;
• Incident response and breach notification procedures;
• Data backup and disaster recovery processes;
• Physical security measures at our facilities.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we take every reasonable precaution to safeguard your data.

12. Your Rights

Depending on your jurisdiction and applicable law, you may have the following rights regarding your personal information:

• Right to Know: You have the right to know whether we process your personal information and to obtain information about the categories, purposes, and recipients of such processing.
• Right to Access: You have the right to request a copy of the personal information we hold about you.
• Right to Rectification: You have the right to request correction of inaccurate or incomplete personal information.
• Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal information under certain circumstances, subject to legal retention obligations.
• Right to Restrict Processing: You have the right to request restriction of processing of your personal information under certain circumstances.
• Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
• Right to Object: You have the right to object to processing of your personal information for direct marketing purposes or based on our legitimate interests.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Complain: You have the right to lodge a complaint with a relevant data protection supervisory authority.

To exercise any of these rights, please contact us at support@koumo.shop. We will respond to your request within the timeframe required by applicable law (generally 15–30 days). We may need to verify your identity before processing your request.

13. Children's Privacy

Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from minors. Under the PIPL, personal information of minors under the age of 14 is considered sensitive personal information and requires parental consent for processing. If we become aware that we have collected personal information from a child under 14 without verification of parental consent, we will take steps to delete that information as soon as possible. If you believe that a minor may have provided us with personal information, please contact us immediately.

14. Third-Party Links and Services

Our Site may contain links to third-party websites, plugins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policies of every website you visit. This Privacy Policy applies solely to information collected by Koumo IT through our Site and services.

15. Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you, unless we have obtained your explicit consent or such processing is necessary for the performance of a contract. If we implement such processing in the future, we will inform you and provide information about the logic involved, the significance, and the envisaged consequences of such processing.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we may also provide additional notice via email or a prominent notice on our Site. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

17. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact our Data Protection Officer:

Qionghai Koumo Information Technology Co., Ltd.
Room 103, No. 29 Dongfeng Road, Jiaji Town
Qionghai City, Hainan Province 571400, China
Email: support@koumo.shop
Phone: +86 15277346271

We will acknowledge receipt of your inquiry within five (5) business days and respond fully within thirty (30) calendar days. If we need additional time, we will inform you of the reason and expected response period.