Privacy Policy
1. Scope of Application This Privacy Policy is formulated in accordance with the EU General Data Protection Regulation (GDPR) and applies to all actions taken by (hereinafter referred to as "we") in the course of our operations to collect, use, store, transfer, and protect the personal data of natural persons (hereinafter referred to as "you") within the EU. This policy applies regardless of whether you interact with us through our official website , emaiL. or other channels. Even if our operating entity is not located within the EU, as long as you are an EU resident and our services involve providing you with menswear products, processing orders, or monitoring your online activities, this policy and the relevant requirements of the GDPR are binding on us.
2. Collection and Processing of Personal Data
2.1 Types of Personal Data Collected Basic Identity and Contact Data: Including but not limited to your name, email address, phone number, delivery address, etc., used for order processing, product delivery, and customer communication. Transaction and Payment Data: Including order number, purchased product information, payment method, transaction amount, etc., used for completing transaction settlement, issuing vouchers, and after-sales rights protection. Online Behavioral Data: This includes your browsing history, search content, page dwell time, and click behavior on . Collected through technologies such as cookies, it is used to optimize website experience and personalize product recommendations. Sensitive Personal Data: If you voluntarily provide body data such as height and weight (for size recommendations), we will take additional protective measures and will only process it with your explicit consent.
2.2 Legal Basis for Data Processing We will only process your personal data when there is a legal basis as stipulated by GDPR, primarily including: Obtaining your explicit consent: If you agree to us analyzing your browsing behavior through cookies and sending you marketing information, you can withdraw your consent at any time, and the withdrawal process is as simple as the consent process. Necessary for fulfilling contractual obligations: Such as processing order information to complete product delivery, processing payment data to settle transactions, etc. Compliance with legal requirements: Such as retaining transaction records as required by tax regulations, responding to legitimate inquiries from regulatory agencies, etc. Protecting legitimate rights and interests: Such as using relevant data in handling after-sales disputes and preventing fraudulent activities.
2.3 Purpose and Scope of Data Processing
We strictly adhere to the principle of "purpose limitation," and the personal data collected will only be used for the following specific purposes and will not be used for any other unrelated purposes without your permission:
Completing the entire sales process: including order confirmation, inventory allocation, logistics and delivery, and receipt feedback.
Providing customer service: responding to your inquiries, complaints, and after-sales requests, and resolving issues through channels such as .
Optimizing products and services: improving product design, adjusting website functions, and optimizing the shopping process based on browsing and purchase data.
Compliance and security: preventing risks such as account theft and transaction fraud, and complying with EU and member state data protection regulations.
3. Data Storage and Cross-Border Transfer
3.1 Storage Period
We will only store your personal data for the period necessary to achieve the data processing objectives:
Transaction and Order Data: Retained for 7 years from the date of transaction completion to meet tax and audit requirements;
Identity and Contact Data: Retained during your use of our services and for 1 year after the termination of services to handle potential after-sales issues;
Browsing Behavior Data: Retained for no more than 180 days from the date of collection unless you authorize it for an extended period.
After the above periods, we will anonymize (making it impossible to associate with a specific individual) or permanently delete the data.
3.2 Cross-Border Transfer Rules
Your personal data may be transferred outside the EU (including our headquarters and partner logistics and payment service providers), but we will ensure that all cross-border transfers comply with GDPR requirements. Safeguards include:
Transferring only to countries or regions deemed by the European Commission to have "adequate data protection levels";
Data Processing Agreements (DPAs) with overseas recipients, clearly defining their data protection obligations;
Using encryption technology to ensure the security of transmitted data. You have the right to know the recipient's information and protection measures before transmission, and can submit inquiries via .
4. Data Subject Rights
According to GDPR, you have the following data rights, and we will respond to your requests free of charge and promptly:
Right to know: You can request us to provide a list of your personal data processing at any time, including information such as data type, processing purpose, and storage period.
Right to access: You can request a copy of your stored personal data, which we will provide in an easily readable format (such as PDF, CSV).
Right to correction: If you find errors in your personal data (such as an incorrect address), you can request us to correct them immediately.
Right to erasure (right to be forgotten): You can request us to erase your personal data in the following circumstances: the data is no longer used for the processing purpose, you withdraw your consent and there is no other basis for processing, you object to data processing and there is no primary legal ground.
Right to restrict processing: If you object to the accuracy of the data or object to data processing, you can request us to suspend the processing of the relevant data (only retain storage). Right to Data Portability: Request that we transfer your personal data to another data controller you designate to ensure data portability.
Right to Object: You may object at any time to any data processing we conduct based on “legitimate interests” (such as personalized marketing), and we will immediately cease such processing unless there is a sufficient and primary legitimate reason.
To exercise the above rights, please send a request to . We will respond within one month; for complex requests, this may be extended to two months, but you will be informed of the reasons for the extension in advance.
5. Data Security and Breach Notification
5.1 Security Protection Measures
We integrate the “Privacy Protection Design” principle into our business processes and adopt multi-layered security measures to protect your personal data:
Technical Protection: We use SSL encryption technology to protect data transmission, encrypt stored data, and regularly update firewalls and antivirus systems.
Management Standards: We restrict data access permissions, authorizing employees to access data only when necessary for the performance of their duties; we provide GDPR compliance training to employees and require them to sign confidentiality agreements. Third-Party Oversight: We conduct data security audits of our partner payment and logistics service providers, requiring them to adhere to the same protection standards and clearly defining responsibilities through contracts.
5.2 Data Breach Handling: In the event of a personal data breach (such as unauthorized access, data loss, etc.), we will report it to the EU data protection regulator within 72 hours of discovery. If the breach may pose a high risk to your rights, we will promptly notify you via email, SMS, etc., informing you of the breach details, impact, and remedial measures.
6. Third-Party Services and Data
Processors: Our services may involve third-party data processors, primarily including: Payment service providers: such as credit card processing institutions, who only use the data to complete payment settlements and have no right to use the data for other purposes; Logistics service providers: such as international courier companies, who only obtain data such as names, addresses, and phone numbers required for delivery; Website analytics tools: such as Google Analytics, used to analyze website traffic, whose processing behavior is subject to this policy. We will rigorously screen third parties, sign data processing agreements, clarify their data protection obligations, and regularly monitor their compliance.
7. Policy Updates and Contact Us
7.1 Policy Updates
This policy may be updated if EU data protection regulations change or our business processes are adjusted. The updated policy will be posted on the homepage of and will automatically take effect 7 days after posting. If the update involves your core rights, we will notify you separately via email.
7.2 Contact Channels
If you have any questions about this policy, need to exercise your data rights, or complain about data processing practices, please contact us through the following methods:
If you believe our processing practices violate GDPR, you may file a complaint directly with the data protection authority (DPA) of an EU member state.