Privacy Policy

1. Introduction

ChinaAutoGlobal ("we," "us," or "our") operates the ChinaAutoGlobal platform (the "Platform"), a B2B cross-border automotive trade marketplace connecting international buyers with Chinese vehicle manufacturers and suppliers. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our Platform.

By accessing or using our Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Platform.

2. Information We Collect

2.1 Information You Provide Directly

• Account Registration: Name, email address, phone number, company name, and password when you create an account through our OAuth authentication system.
• Supplier Registration: Company name, business registration number, business license documents, contact person details, company address, product categories, and export qualifications.
• Inquiry Submissions: Name, email, phone number, company name, country, product preferences, quantity requirements, preferred trade terms (Incoterms), and any additional messages.
• Contact Forms: Name, email, phone number, company name, and message content when you contact us.
• Complaint Submissions: Contact information, order details, complaint category, and description of the issue.
• Product Listings: Product descriptions, images, pricing information, specifications, and trade terms provided by suppliers.

2.2 Information Collected Automatically

• Authentication Cookies: We use session cookies (JWT-based) to maintain your login state and authenticate your identity across requests.
• Local Storage Data: Language preferences, theme settings, product comparison lists, and favorites are stored locally in your browser.
• Usage Data: Pages visited, features used, interaction patterns, and timestamps for platform improvement purposes.

2.3 Payment Information

Payment processing is handled by Stripe, Inc., a PCI-DSS compliant third-party payment processor. We do not directly collect, store, or process your credit card numbers, CVV codes, or full bank account details. We only store Stripe transaction identifiers (Session ID, Payment Intent ID, Refund ID) for order tracking and reconciliation purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Platform Operations: To create and manage your account, process inquiries, facilitate transactions between buyers and suppliers, and provide customer support.
• Communication: To send you inquiry responses, quotation notifications, order status updates, and important platform announcements.
• Supplier Verification: To review and verify supplier qualifications, business licenses, and export capabilities.
• Platform Improvement: To analyze usage patterns, improve our services, develop new features, and enhance user experience.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes, including export control regulations and anti-money laundering requirements.
• Security: To detect, prevent, and address fraud, unauthorized access, and other security issues.

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Between Buyers and Suppliers: When you submit an inquiry or engage in a transaction, relevant contact and business information is shared between the buyer and the corresponding supplier to facilitate the trade.
• Service Providers: We share information with trusted third-party service providers who assist us in operating the Platform, including cloud hosting (AWS), payment processing (Stripe), and authentication services.
• Legal Requirements: We may disclose information when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, safety, or property.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

5. Cross-Border Data Transfers

As a cross-border trade platform, your information may be transferred to and processed in countries other than your country of residence, including the People's Republic of China and the United States. These countries may have data protection laws that differ from those in your jurisdiction.

We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy when transferred internationally. These safeguards include:

• China (PIPL Article 38): In compliance with the Personal Information Protection Law of the People's Republic of China, we rely on one or more of the following mechanisms for cross-border data transfers: (a) passing the security assessment organized by the Cyberspace Administration of China where required; (b) obtaining certification from a professional institution; (c) entering into standard contracts formulated by the CAC with the overseas recipient; or (d) meeting other conditions provided by laws, administrative regulations, or the CAC.
• EU/EEA (GDPR Article 46): For transfers of personal data from the European Economic Area, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional safeguards where necessary based on transfer impact assessments. Where applicable, we may also rely on adequacy decisions under GDPR Article 45.
• Other Jurisdictions: We comply with applicable local data protection laws and implement appropriate contractual and technical safeguards for international data transfers.

You may request a copy of the relevant transfer safeguard documentation by contacting us at the details provided below.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. We may also retain certain information as required by law, to resolve disputes, enforce our agreements, or for legitimate business purposes such as maintaining transaction records for accounting and audit requirements.

• Account Data: Retained for the duration of your account plus 3 years after account closure.
• Transaction Records: Retained for a minimum of 7 years in compliance with financial record-keeping requirements.
• Inquiry Records: Retained for 3 years after the inquiry is closed.
• Server Logs: Retained for up to 12 months.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encrypted data transmission (TLS/SSL) for all communications
• Secure authentication using JWT tokens with cryptographic signing
• Payment processing through PCI-DSS compliant Stripe infrastructure
• Regular security assessments and monitoring
• Access controls limiting data access to authorized personnel only

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Data Portability: Request a copy of your data in a structured, machine-readable format.
• Objection: Object to the processing of your personal information for certain purposes.
• Withdrawal of Consent: Withdraw your consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at the contact information provided below. We will respond to your request within 30 days.

9. Cookies and Local Storage

Our Platform uses the following types of cookies and local storage:

• Essential Cookies: Session authentication cookies required for the Platform to function. These cannot be disabled.
• Preference Storage: Language and theme preferences stored in your browser's localStorage to remember your settings.
• Functional Storage: Product comparison lists and favorites stored locally for your convenience.

We do not use third-party advertising cookies or tracking pixels. Our analytics are limited to platform improvement purposes.

10. Children's Privacy

Our Platform is designed for business-to-business use and is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected information from a minor, we will take steps to delete such information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date. Your continued use of the Platform after such changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Platform: ChinaAutoGlobal
• Address: Guangzhou, China
• Email: [email protected]
• Contact Page: /contact