Privacy Policy
Guidelines and legal basis governing the collection, use, and protection of personal and commercial data for Ziptek Auto Parts.
Chongqing Ziptek Auto Parts Co., Ltd. ("Ziptek", "we", "us", or "our") is committed to protecting the personal information of individuals who interact with our business operations, digital platforms, and supply chain services. This Privacy Policy ("Policy") sets out the legal basis, purposes, and safeguards governing the collection, use, storage, and disclosure of personal data.
By engaging with Ziptek through any channel -- including our website, email correspondence, trade exhibitions, or contractual relationships -- you acknowledge that you have read and understood this Policy. If you are providing personal data on behalf of a corporate entity, you represent that you have the authority to do so and to bind that entity to this Policy.
Data Controller
Identity & Contact
The data controller responsible for personal information processed under this Policy is:
Legal Entity: Chongqing Ziptek Auto Parts Co., Ltd.
Registered Address: Chongqing, People's Republic of China
Business Registration: Automotive Manufacturing & Export
Email: autoparts@ziptek.cn
Designated Representative
For data subjects located in the European Economic Area (EEA) or the United Kingdom, Ziptek has designated a representative to handle inquiries relating to GDPR obligations. Contact details for the designated representative are available upon written request submitted to the email address listed in Section 1.1.
Scope & Applicability
Territorial Scope
This Policy applies to all personal data processed by Ziptek in connection with its global business activities, including but not limited to operations in:
- North America (United States, Canada, Mexico)
- European Union Member States and the United Kingdom
- Latin America (Brazil, Chile, Colombia, and regional markets)
- Australia and the Asia-Pacific region
- People's Republic of China (domestic operations)
Subject Matter
This Policy covers personal data relating to: (a) prospective and current B2B clients, including procurement managers, import/export directors, and purchasing officers; (b) representatives of corporate customers and distributors; (c) trade show and exhibition contacts; (d) website visitors and digital communication recipients; and (e) supplier and logistics partner contacts. It does not govern the processing of employee data, which is addressed in a separate internal policy.
Data We Collect
Identity & Contact Data
We collect the following categories of identity and contact information:
| Data Category | Examples |
|---|---|
| Full Name | Given name, family name, professional title |
| Business Contact | Work email, telephone, WhatsApp, WeChat ID |
| Organisation | Company name, registration country, job function |
| Address | Registered office, warehouse, or delivery address |
Commercial & Transaction Data
In the course of B2B procurement relationships, we collect and retain:
- Purchase order details, product specifications, and pricing agreements
- Shipping and customs documentation (including consignee details)
- Payment records and banking details (where applicable)
- Warranty claims, quality dispute records, and after-sales correspondence
- OEM/ODM development briefs and technical specifications
Technical & Usage Data
When you access our website or digital platforms, we may automatically collect: IP address and approximate geolocation; browser type, version, and device identifiers; pages visited, referral sources, and session duration; and communication metadata (e.g., email open timestamps). This data is collected through server logs and analytics tools and is used in aggregated or pseudonymised form where possible.
Legal Basis for Processing
Contractual Necessity
The majority of personal data we process is necessary for the performance of a contract to which the data subject's employer or represented entity is a party, or to take steps prior to entering into such a contract. This includes processing required to fulfil purchase orders, arrange international freight, issue invoices, and administer warranty obligations.
Legitimate Interests
Where processing is not strictly necessary for contract performance, we rely on our legitimate interests as a B2B manufacturer and exporter. These interests include: maintaining accurate business records; communicating product updates and technical bulletins to existing clients; fraud prevention and supply chain integrity; and improving our products and services based on market feedback. We have conducted legitimate interest assessments (LIAs) and determined that such processing does not override the rights and freedoms of data subjects given the B2B commercial context.
Consent
Where we rely on consent as a legal basis -- for example, for the placement of non-essential cookies or the sending of marketing communications to individuals in jurisdictions requiring opt-in consent -- we will obtain explicit, informed, and freely given consent prior to processing. Consent may be withdrawn at any time without prejudice to the lawfulness of prior processing. Withdrawal requests should be directed to privacy@ziptek.com.
Legal Obligation
We process certain personal data to comply with applicable legal obligations, including customs and export control regulations, tax and accounting requirements, anti-money laundering (AML) obligations, and court or regulatory orders. Such processing is non-negotiable and cannot be restricted by data subject requests.
Purposes of Processing
We process personal data for the following documented purposes. Where the legal basis is "LI", this denotes Legitimate Interests:
| Purpose | Data Categories Used | Legal Basis |
|---|---|---|
| Order fulfilment & logistics coordination | Identity, Contact, Commercial | Contract |
| Warranty administration & after-sales support | Identity, Commercial | Contract / LI |
| OEM/ODM development collaboration | Identity, Contact, Commercial | Contract |
| Product & technical communications | Identity, Contact | LI / Consent |
| Customs, export control & trade compliance | Identity, Commercial | Legal Obligation |
| Website analytics & performance optimisation | Technical | LI / Consent |
| Fraud prevention & security monitoring | Identity, Technical | LI / Legal Obligation |
Disclosure & Third Parties
Data Processors
We engage third-party data processors who act on our instructions and are bound by data processing agreements (DPAs) ensuring equivalent protections. Categories of processors include:
- International freight forwarders and customs brokerage firms
- Cloud-based CRM and ERP software providers
- Email and business communication platform providers
- Website hosting and analytics service providers
- Certified quality inspection and testing laboratories (SGS, TUV)
We do not sell personal data to third parties, nor do we disclose it for third-party direct marketing purposes.
International Transfers
As a China-based exporter serving global markets, personal data may be transferred internationally. Such transfers are governed by appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission, for transfers to/from EEA data subjects.
- Data transfer impact assessments and security evaluations in compliance with China’s Personal Information Protection Law (PIPL) when exporting data from our China headquarters.
- Adequacy decisions recognized by applicable supervisory authorities.
Retention Periods
We retain personal data only for as long as necessary to fulfil the purposes outlined in this Policy, or as required by law. Standard retention periods are as follows:
- Commercial & Transaction Data: Retained for 10 years following the conclusion of the fiscal year in which the transaction occurred, complying with international customs and PRC tax accounting laws.
- Identity & Contact Data (Active Clients): Retained for the duration of the business relationship plus 5 years to facilitate warranty claims and future procurement.
- Technical & Usage Data: Retained for a maximum of 26 months, after which it is automatically deleted or permanently anonymised.
Your Rights
Access & Portability
You have the right to request confirmation as to whether we process your personal data, access a copy of the data, and, where legally applicable (e.g., under GDPR), request that we transmit this data in a structured, commonly used, and machine-readable format to you or another controller.
Rectification & Erasure
You may request the correction of inaccurate or incomplete data. Furthermore, you have the right to request the erasure ("right to be forgotten") of your personal data when it is no longer necessary for the purposes collected, or if you withdraw consent and no other legal ground for processing exists.
Objection & Restriction
You have the right to object to processing based on our legitimate interests. Upon such objection, we will cease processing unless we demonstrate compelling legitimate grounds that override your rights. You may also request the restriction of processing during the resolution of disputes regarding data accuracy or the lawfulness of processing.
Security Measures
Ziptek implements robust technical and organisational measures to safeguard personal data against unauthorised access, accidental loss, alteration, or destruction. These measures include TLS/SSL encryption for digital transmissions, role-based access control (RBAC) within our ERP systems, regular security audits, and strict confidentiality agreements with all employees and third-party processors. However, no digital transmission or storage system is entirely infallible, and we cannot guarantee absolute absolute security.
Minors
Ziptek’s services are exclusively intended for B2B commercial entities and professionals over the age of 18. We do not knowingly collect or process personal data from individuals under 18 years of age. If we become aware that such data has been inadvertently collected, we will take immediate steps to delete it from our systems.
Amendments
We reserve the right to amend this Privacy Policy periodically to reflect changes in our processing practices or evolving legal requirements. Significant material changes will be communicated to active B2B clients via direct email notice. The "Effective Date" at the top of this document indicates when the latest revisions entered into force. Continued engagement with Ziptek following policy updates constitutes acknowledgment of the revised terms.
Contact & Complaints
To exercise your data protection rights, or if you have questions regarding this Policy, please submit a written request to our Data Privacy team at:
Email: autoparts@ziptek.cn
Response Time: We aim to respond to all legitimate inquiries within 30 calendar days.
If you believe our processing of your personal data violates applicable data protection laws, you retain the right to lodge a formal complaint with the competent supervisory authority in your jurisdiction.