Privacy Policy

UKKR User Privacy Policy and Personal Information Processing Rules

Effective Date: May 18, 2025

Business Entity: UKKR International Trade Full-Category Mall (hereinafter referred to as "we/us/our")

This Privacy Policy is formulated in accordance with the Personal Information Protection Law of the People's Republic of China, the E-Commerce Law of the People's Republic of China, the EU General Data Protection Regulation (GDPR), and cross-border e-commerce data compliance standards of various countries. It applies to all global users (hereinafter referred to as "you") who access, register with, or use the official website, mobile terminals and supporting services of UKKR Mall. This Policy clearly specifies the rules for our collection, use, storage, sharing and protection of your personal information, as well as your data rights and problem resolution mechanisms, to fully protect your legitimate rights and interests in personal information. Please carefully read and fully agree to all terms of this Policy before using our platform services.

I. Core Definitions

1. Personal Information: Refers to all types of information recorded electronically or in other forms that can identify a specific natural person or reflect a natural person's activities independently or in combination with other information, mainly including name, mobile phone number, email address, shipping address, payment information, order records, device information, browsing records, etc.

2. Sensitive Personal Information: Refers to personal information that, once disclosed, illegally provided or misused, may easily endanger personal and property safety or infringe upon the legitimate rights and interests of natural persons, mainly including precise shipping addresses, payment account information, real-name identity information, precise device location information, etc.

3. Cross-border Services: Refers to all supporting cross-border e-commerce services provided by UKKR for global users, including cross-border commodity display, order placement and transaction, payment and settlement, logistics distribution, after-sales consultation, membership rights and interests services, etc.

II. Scope and Methods of Personal Information Collection

We strictly adhere to the principles of data minimization and necessity and compliance. We only collect personal information necessary for service provision, and never compulsorily collect irrelevant information. All user information is actively submitted by you or legally obtained with your explicit authorization.

1. Information Actively Submitted by You

(1) Account Registration Information: The username, login email address, mobile phone number, login password and basic membership information you submit when registering a UKKR account, which are used for account registration, identity verification, account login and daily account management.

(2) Order and Transaction Information: The consignee’s name, contact phone number, cross-border shipping address, postal code, order remarks and product selection records submitted by you during purchase, which are used for order generation, cross-border performance, logistics delivery and order verification.

(3) Payment and Settlement Information: Payment methods, transaction serial numbers and payment status generated during payment. We do not directly store core payment keys such as bank card passwords or third-party payment passwords. Such information is used for order settlement, transaction verification and after-sales refund processing.

(4) After-sales and Consultation Information: consultation content, problem feedback, rights protection materials and return/exchange information submitted by you through customer service or message channels, which are used for after-sales processing, user problem solving and service optimization.

2. Information Automatically Collected with Your Authorization

(1) Device and Access Information: When you access the platform, we collect your device model, operating system, browser type, IP address, access time, page browsing track and click operation records, which are used to ensure platform access security, troubleshoot faults and optimize page experience.

(2) Cookie and Cache Information: We use Cookies and web cache technologies to record your platform access preferences, login status and frequently used functions, supporting automatic login, personalized page display and platform traffic statistics. You may disable Cookie functions via your browser settings.

(3) Logistics and Customs Clearance Information: Basic declaration data required for cross-border transactions (excluding sensitive real-name information), which is only used for customs clearance and cross-border logistics traceability, and complies with import and export data compliance requirements of relevant jurisdictions.

III. Rules for Personal Information Usage

We only use collected personal information for legitimate, specified and necessary purposes as stated below, and will never use your data beyond scope or abuse user information in disguised forms:

1. Service Performance: To complete core e-commerce services including account registration, login verification, order processing, cross-border delivery, logistics tracking, payment settlement and after-sales return/exchange handling, ensuring smooth transaction performance.

2. Platform Security Protection: To identify, prevent and block account theft, fake transactions, fraud, malicious brushing, unauthorized access and other risky behaviors, maintain platform transaction order, and protect your account and property security.

3. User Communication: To send order notifications, logistics updates, after-sales progress, system announcements and service upgrade reminders via SMS, emails and in-platform messages, and respond to user consultations and complaints.

4. Compliance and Declaration: To cooperate with customs, tax and regulatory authorities in cross-border trade declaration, data filing and compliance verification, and fulfill statutory obligations for cross-border e-commerce operations.

5. Platform Optimization and Upgrade: To conduct anonymized and aggregated analysis of user behaviors for optimizing commodity display, page functions, logistics services and product categories, so as to improve shopping experience.

6. Marketing Push (Separate Authorization Required): We will push new product information, preferential activities and exclusive benefits only after you explicitly consent. You may withdraw authorization and turn off marketing push at any time.

Special Statement: All data analysis and operational statistics are processed anonymously and cannot be traced to individual users, eliminating privacy leakage risks.

IV. Personal Information Storage and Security Protection

1. Storage Rules

(1) Storage Period: We retain your information only during the service term and within the statutory retention period. Account and transaction data will be retained while your account is active. After account cancellation, all data will be completely cleared except compliance filing, tax and logistics traceability records required by laws and regulations, which will be retained for no more than 3 years.

(2) Storage Location: User data is mainly stored in compliant domestic servers. Necessary cross-border transaction data may be legally transmitted to overseas cooperative service providers in compliance with cross-border data transmission rules to ensure cross-border data security.

(3) Classified Storage: Ordinary user information and sensitive payment & address information are stored separately with classified management. Sensitive data is independently encrypted and archived with strictly controlled access permissions.

2. Technical and Management Security Measures

(1) Technical Protection: We adopt SSL encrypted transmission, encrypted database storage, firewall isolation, data desensitization, anti-tampering and anti-attack technologies to protect user data. We conduct regular vulnerability detection and security upgrades to defend against hacker intrusion, data theft and leakage risks.

(2) Personnel Control: We implement an internal hierarchical data permission system. Only core operation, after-sales and compliance personnel can access user data on an as-needed basis. All staff have signed confidentiality agreements. Unauthorized viewing, copying, disclosure or trading of user information is strictly prohibited, and violators will be held legally responsible.

(3) Emergency Response Mechanism: We have established a data security emergency plan. In case of data leakage or loss risks, we will immediately launch emergency disposal, investigate and block vulnerabilities, and report to affected users and regulatory authorities in a timely manner to minimize user losses.

V. Rules for Personal Information Sharing, Transfer and Public Disclosure

We will never sell or rent your personal information to third parties without your authorization. Data sharing or transfer is only conducted under the following compliant scenarios:

1. Compliant Sharing Scenarios

(1) Necessary Service Sharing: To complete cross-border performance, we share necessary order, shipping and transaction data with logistics service providers, payment institutions and customs declaration agencies. Third-party partners may only use such data to provide supporting services for us and shall not reuse or disclose the data.

(2) Technical Service Sharing: Anonymized user data without identifiable personal information may be shared with operation, data statistics and security service providers for platform maintenance and optimization.

2. Legal Transfer and Disclosure Scenarios

(1) Transfer or disclosure with your explicit written consent or active authorization.

(2) In case of platform merger, reorganization, asset transfer or other subject changes, user data will be transferred as platform assets. We will make public notice in advance and ensure the transferee complies with this Privacy Policy.

(3) Disclosure required by valid legal instructions from judicial organs and regulatory authorities in accordance with laws and regulations.

VI. User Rights to Personal Information (Applicable to All Global Users)

You enjoy full legitimate rights over your personal information. You may exercise the following rights via platform customer service or account background, and we will respond within 1 to 3 working days:

1. Right to Know and Access: You may inquire about your stored personal information, usage records and sharing records and obtain detailed privacy processing records.

2. Right to Rectification and Supplement: You may independently modify incorrect or incomplete personal information via your account background or contact customer service for rectification and supplement.

3. Right to Erasure (Right to be Forgotten): You may apply to delete your personal information if the processing purpose has been fulfilled, the retention period has expired, or the information is collected or processed in violation of regulations. We will clear the data in a timely manner.

4. Right to Withdraw Authorization: You may withdraw your authorization for Cookie collection, marketing push and cross-border data transmission at any time. After withdrawal, we will immediately suspend corresponding data processing without affecting the validity of previous compliant processing.

5. Right to Data Portability: You may apply to export structured personal data such as account and order records for personal retention or compliant transfer.

6. Right to Account Cancellation: You may apply to cancel your UKKR account at any time. After cancellation, we will clear your data in accordance with rules and terminate all data processing services.

7. Right to Complaint and Appeal: If you believe our data processing infringes your legitimate rights and interests, you may file an appeal with us or complain to local regulatory authorities.

VII. Minor Personal Information Protection

UKKR is a cross-border e-commerce platform mainly serving adult consumers globally. We do not actively collect personal information of minors under 18 years old. If you are a minor, please use our services under the supervision and consent of your guardian and do not independently submit personal information. If we unintentionally collect minor’s sensitive information, we will take the initiative to delete it immediately. Guardians may contact us to delete relevant minor data at any time.

VIII. Processing Rules for Cookies and Similar Technologies

1. We adopt Cookies, web logs, pixel tags and similar technologies to record user login status, browsing preferences and access frequency, improve platform fluency and simplify operation procedures.

2. You may accept, reject or clear Cookies through browser settings. Disabling Cookies will only affect partial personalized functions and will not interfere with basic shopping and order placement services.

3. We will not collect sensitive private information including bank card data, passwords and real-name information through Cookies, and all Cookie data is anonymized.

IX. Policy Update and Publication Mechanism

1. We may update this Policy in response to legal revisions, business upgrades and regulatory requirements. The revised version will be posted in a prominent position on the UKKR homepage and take effect upon publication.

2. For major changes (including adjustment of data usage scope, sharing rules and core user rights), we will notify users in advance via in-platform messages or emails. Your continued use of platform services will be deemed acceptance of the updated Policy.

3. This Policy does not apply to third-party external links and cooperative platform services, which are subject to their own privacy policies.

X. Complaint Handling Mechanism for Data Issues

We have established a dedicated privacy compliance channel for user privacy consultations, objections and complaints:

1. Complaint Channels: You may submit feedback via online customer service or official email.

2. Handling Time Limit: General consultations will be responded within 24 hours; information correction, deletion and account cancellation applications will be processed within 3 working days; complex privacy disputes will be settled and feedback within 7 working days.

3. Dispute Resolution: Any privacy dispute shall be settled through negotiation in the first instance. If negotiation fails, users may appeal to local regulatory authorities or resolve disputes through judicial procedures.

XI. Disclaimer

1. We shall not be liable for privacy leakage caused by your own disclosure of account passwords, active disclosure of personal information or unauthorized operation by yourself.

2. We shall be exempted from liabilities for data incidents caused by uncontrollable factors including network attacks, virus intrusion, third-party leakage and force majeure in accordance with laws.

3. We assume no responsibility for personal information processing behaviors of third-party external links and cooperative platforms.

XII. Supplementary Provisions

1. The formulation, performance, interpretation and dispute resolution of this Policy shall be governed by the laws of the People's Republic of China, and comply with the EU GDPR and mainstream global cross-border data compliance rules.

2. This Policy is the official compliance document of UKKR cross-border e-commerce platform. Your use of any platform services shall be deemed voluntary acceptance of all terms of this Policy.

Issuer: UKKR International Trade Full-Category B2B Platform

Data Restoration & Destruction Contact Email: contact@ukkr.com

Last Updated Date: May 18, 2025