1. Information We Collect
1.1 Information You Provide Directly
When you interact with our website and services, you may provide:
Business Contact Information
- Company name and address
- Contact person name and title
- Business email address
- Business phone number
- Company website
Order & Transaction Information
- Product specifications and customization details
- Order quantities and pricing
- Shipping addresses and preferences
- Payment information (processed securely by third parties)
- Tax identification numbers (if applicable)
Communication Data
- Inquiries via contact forms, email, or chat
- Sample requests and feedback
- Customer service communications
- Newsletter subscriptions
1.2 Information Collected Automatically
When you visit our website, we automatically collect:
| Data Type | Examples | Purpose |
|---|---|---|
| Technical Data | IP address, browser type, device information | Security, analytics, compatibility |
| Usage Data | Pages visited, time spent, click patterns | Website improvement, user experience |
| Location Data | Country, city (approximate from IP) | Shipping estimates, regional compliance |
| Cookies & Similar Tech | Session cookies, preference cookies | Functionality, preferences, analytics |
1.3 Information from Third Parties
We may receive information about you from:
- Business partners: Referral information from industry partners
- Social media platforms: When you interact with our social media content
- Service providers: Analytics providers, payment processors
- Public sources: Business directories, trade publications
2. How We Use Your Information
2.1 Primary Business Purposes
Order Fulfillment
- Process and manage wholesale orders
- Coordinate production and customization
- Arrange shipping and logistics
- Provide order updates and tracking
Customer Service
- Respond to inquiries and quote requests
- Provide technical support
- Handle sample requests
- Resolve issues and complaints
Business Operations
- Invoice generation and payment processing
- Inventory and supply chain management
- Quality control and improvement
- Compliance with legal obligations
Marketing & Communication
- Send relevant business updates (with consent)
- Share industry insights and trends
- Announce new products/services
- Invite to trade shows or events
2.2 Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process personal data under the following legal bases:
| Legal Basis | Applicable Activities |
|---|---|
| Contractual Necessity | Processing orders, providing requested services, shipping products |
| Legitimate Interests | Website security, fraud prevention, business analytics, direct marketing (B2B) |
| Legal Obligation | Tax compliance, record keeping, responding to legal requests |
| Consent | Newsletters, non-essential cookies, certain marketing communications |
3. How We Share Your Information
3.1 Service Providers & Partners
We share information with trusted third parties who assist our operations:
3.2 Legal & Compliance Disclosures
We may disclose your information when required by law or to protect our rights:
- To comply with legal obligations or court orders
- To enforce our Terms and Conditions or other agreements
- To protect the rights, property, or safety of our company, customers, or others
- In connection with a business transaction (merger, acquisition, or sale)
3.3 What We Do NOT Share
- ❌ We do not sell your personal information to third parties
- ❌ We do not share your information for unrelated marketing purposes without consent
- ❌ We do not disclose sensitive business information to competitors
- ❌ We do not share your data with unauthorized third parties
5. Your Privacy Rights
5.1 General Rights
Right to Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your data under certain conditions.
Right to Restrict Processing
Request limitation of how we use your data.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests.
5.2 Region-Specific Rights
European Economic Area (EEA) & UK
All GDPR rights apply. You also have the right to:
- Lodge a complaint with a supervisory authority
- Withdraw consent at any time
- Object to automated decision-making
California (CCPA/CPRA)
California residents have the right to:
- Know what personal information is collected
- Opt-out of the sale of personal information (we do not sell data)
- Non-discrimination for exercising privacy rights
- Limit use of sensitive personal information
Other Regions
We respect privacy rights globally and will comply with applicable laws in:
- Canada (PIPEDA)
- Australia (Privacy Act)
- Brazil (LGPD)
- Other jurisdictions with privacy laws
5.3 How to Exercise Your Rights
To exercise any of your privacy rights, please:
- Submit a request via our Privacy Request Form
- Email us at hanchaowei@gefot.com with "Privacy Rights Request" in the subject
- Call us at +86 13828210453 during business hours
Verification Process
For security, we may need to verify your identity before processing requests. We typically respond within 30 days and will inform you if we need more time.
No Fee Policy
We do not charge fees for reasonable privacy rights requests unless they are manifestly unfounded or excessive.
6. Data Security
6.1 Security Measures
We implement appropriate technical and organizational measures to protect your data:
Encryption
SSL/TLS encryption for data in transit, encryption for sensitive data at rest
Access Controls
Strict access controls, role-based permissions, multi-factor authentication
Monitoring & Detection
Continuous security monitoring, intrusion detection systems, regular audits
Training & Policies
Employee privacy training, clear data handling policies, confidentiality agreements
6.2 Data Retention
We retain personal data only as long as necessary for the purposes outlined:
| Data Type | Retention Period | Reason for Retention |
|---|---|---|
| Active Customer Data | Duration of business relationship + 7 years | Ongoing service, tax compliance, warranty |
| Inquiry Data (No Purchase) | 3 years | Business development, follow-up |
| Transaction Records | 7-10 years | Legal, tax, accounting requirements |
| Marketing Consent | Until withdrawal | Respect for consent preferences |
| Website Analytics | 26 months | Trend analysis, improvements |
After retention periods expire, we securely delete or anonymize your data.
6.3 Data Breach Procedures
In the unlikely event of a data breach, we will:
- Immediately investigate and contain the breach
- Assess the risk to individuals' rights and freedoms
- Notify affected individuals and relevant authorities as required by law
- Take steps to prevent future breaches
Our Commitment: We have never experienced a significant data breach, but we maintain incident response plans and regularly test our security measures.
7. Children's Privacy
Our website and services are not directed to children under the age of 16.
We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@yourdomain.com.
If we learn we have collected personal information from a child under 16, we will delete that information promptly.
Business-to-Business Context
As a B2B wholesale apparel manufacturer, our services are intended for business entities and their authorized representatives, not individual consumers or children.
8. International Data Transfers
Our company is based in China, but we serve customers worldwide. Your information may be transferred to, and processed in, countries other than your own.
Why Transfers Occur
- Our servers and primary operations are located in China
- We use international service providers (payment, shipping, analytics)
- We ship products to customers worldwide
- Our team members may access data from different locations
Transfer Safeguards
When we transfer data internationally, we use appropriate safeguards:
- Standard Contractual Clauses (SCCs) for transfers from EEA/UK
- Service provider due diligence and contracts
- Data minimization and encryption
- Regular privacy impact assessments
Region-Specific Information
European Economic Area (EEA) & UK
Transfers from the EEA/UK to China are protected by Standard Contractual Clauses and supplementary measures where necessary.
United States
We comply with applicable US privacy laws and provide opt-out mechanisms as required.
Other Countries
We respect and comply with applicable privacy laws in all countries where we operate.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect:
- Changes in our data practices
- New services or features
- Legal or regulatory requirements
- Industry standards and best practices
Update Process
- We will post the updated policy on this page with a new "Last Updated" date
- For significant changes, we may notify you by email (if we have your contact information)
- We encourage you to review this policy periodically
Recent Updates
- March 15, 2024: Added details about international data transfers
- January 10, 2024: Clarified data retention periods
- November 5, 2023: Initial comprehensive privacy policy
10. Contact Us
Privacy Officer
Email: hanchaowei@gefot.com
Phone: +86 13828210453 (ask for Privacy Officer)
Hours: Monday-Friday, 9:00-18:00 UTF-8
Postal Address
Gefot.com
Attention: Hank
Huicheng Business Building, Tianhe District, Guangzhou City
Guangzhou, Guangdong 510000
China
Complaints
If you have a complaint about how we handle your data, please contact us first. We will investigate and respond promptly.
If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority in your country.