HYSTOU Privacy Policy
Last Updated: April 14, 2025
1. Data Security Measures
We implement industry-standard technical and organizational measures to protect data:
- Full-site SSL/TLS encryption for secure browser-server communication.
- Core systems certified under ISO 27001 with annual third-party audits.
- Sensitive data stored using AES-256 encryption and hierarchical access controls (keys managed by a dedicated security team).
- Regular penetration testing and vulnerability assessments.
2. Information Collection Scope
We collect necessary information through:
-
Active Submission
- Account registration: Name, company, address, email, phone number.
- Order processing: Delivery details, invoice info, encrypted payment data.
- Customer support: Communication records and related information.
-
Automatic Collection
- Device info: IP address, device model, OS version, browser type (partial opt-out via browser settings).
- Behavioral logs: Visit timestamps, page interactions (using cookies; see Section 4).
- Geolocation: Approximate location via IP (opt-out available in account settings).
3. Data Usage Purposes
Data is strictly used for:
- Identity verification and account security.
- Order fulfillment and logistics.
- Product optimization and anonymized analytics.
- Service notifications and compliance updates.
- Fraud detection and risk management.
4. Cookie Policy
- Functional Cookies: Essential for language preferences and cart contents.
- Analytical Cookies: Anonymous traffic analysis via Google Analytics (opt-out via “Cookie Preferences Center”).
- Advertising Cookies: Personalized ads (disabled by default; requires user consent).
5. Third-Party Services
Third parties with independent privacy policies include:
- Payment processors: PayPal, Stripe ([Policy Link]).
- Logistics partners: DHL, FedEx ([Policy Link]).
- Cloud providers: AWS, Alibaba Cloud ([Policy Link]). Data Sharing Compliance: We sign Data Processing Agreements (DPAs) to ensure GDPR, CCPA, and PIPL compliance.
6. Your Data Rights
Under applicable laws (GDPR, CCPA, PIPL), you have the right to:
| Right Type | Details | Response Time |
|---|---|---|
| Access | Obtain a copy of your data (may incur reasonable fees) | 30 days* |
| Rectification | Request correction of inaccurate/incomplete data | 15 days |
| Deletion | Request data deletion under legal conditions | 30 days* |
| Restriction | Restrict specific data processing activities | 10 days |
| Portability | Receive machine-readable data for migration | 30 days* |
| Opt-Out | Object to marketing communications (via unsubscribe link or settings) | 72 hours |
CCPA-Specific Rights:
- Request categories and purposes of data collected in the past 12 months.
- Prohibit the sale of personal data (HYSTOU does not sell user data; see official statement).
*Note: Complex requests may extend to 60 days with prior notice.
7. Updates & Contact
- Policy Updates: Major changes will be notified via website, email, or SMS. Archived versions are available on our website.
- Contact Channels:
- Email: sales@hystou.com
- Mail: 5F Flat 2, Blk C, No 142 Xiangshan Rd, Songgang Bao An, Shenzhen, China 518000
- Phone: +86-755-12345678 (Mon-Fri 9:00-18:00 GMT+8)
- Complaints: You may lodge complaints with your local data protection authority.