Privacy Policy

1. Information We Collect

Directly Provided Data

When you interact with our services, we collect:

Account details: Name, email, shipping/billing address

Purchase information: Payment card details (processed securely via PCI-compliant gateways)

Communications: Support tickets, survey responses

Automatically Collected Data

Through cookies and similar technologies:

Device information: IP address, browser type, operating system

Usage analytics: Pages visited, session duration, interaction patterns

Approximate location: Derived from IP address for regional compliance

2. How We Use Your Information

Purpose	Legal Basis
Process orders & payments	Contract fulfillment
Ship products & send updates	Legitimate business interest
Prevent fraud & security risks	Legal compliance
Improve website functionality	Legitimate interest
Send marketing emails (with consent)	User consent

3. Information Sharing

We disclose data only under strict conditions:

Service providers: Payment processors (Stripe, PayPal), logistics partners (FedEx, UPS)

Legal requirements: Court orders, government requests, or to protect vital interests

Business transfers: During mergers/acquisitions (with confidentiality guarantees)
We never sell personal data to third parties.

4. International Data Transfers

As a global company:

Data is processed primarily in the United States

EU/UK data transfers follow Standard Contractual Clauses (SCCs)

China-based operations comply with PIPL requirements

5. Your Privacy Rights

Depending on your location, you may:

Access/request copy of your data

Correct inaccuracies

Delete information (except legally retained records)

Withdraw marketing consent

Object to processing

Lodge complaints with supervisory authorities

6. Cookies & Tracking Technologies

Essential Cookies

Required for core functionality (e.g., shopping cart)

Optional Cookies

Used only with consent:

Analytics (Google Analytics)

Advertising (Meta Pixel)
Manage preferences: Cookie banner on our homepage

7. Children's Privacy

Our services are not designed for users under 16. We do not knowingly collect minor data. Suspected cases? Contact us immediately.

8. Data Security Measures

We implement:

AES-256 encryption for sensitive data

Annual penetration testing

Restricted employee access controls

PCI DSS compliance for payment processing

9. Data Retention Periods

Data Type	Retention Period
Purchase records	7 years (tax compliance)
Account information	Until deletion request
Marketing consents	2 years after last interaction

10. Policy Updates

We will:

Notify users of material changes via email

Post revised policies at hkzauto.com/privacy-policy

Update "Last Updated" date prominently