Legal & Compliance
Privacy & Data Protection

Privacy
Policy

Dongguan Hitop Sports Co., Ltd. is committed to protecting your personal information and respecting your privacy rights under GDPR (EU) and CCPA (California) regulations.

GDPR - EU 2016/679 CCPA - Cal. Civ. Code §1798 ePrivacy Directive Effective: June 1, 2025

Please Read This Policy Carefully

This Privacy Policy describes how Dongguan Hitop Sports Co., Ltd. collects, uses, stores, and protects your personal data when you visit our website or engage with us as a business partner. By using our website or submitting an inquiry, you acknowledge you have read this policy.

Overview & Data Controller

This Privacy Policy applies to the website operated by Dongguan Hitop Sports Co., Ltd. ("we", "us", "our"), a professional wetsuit manufacturer based in Dongguan, China, serving business clients in the European Union and the United States.

Data Controller

Dongguan Hitop Sports Co., Ltd.

Dongguan City, Guangdong Province, China

Contact for Privacy

privacy@hitopsports.com

Response within 30 days (GDPR Art. 12)

Data We Collect

We collect only the minimum personal data necessary to provide our B2B services. Data is collected through the following channels:

Contact & Inquiry Data

Collected when you submit an inquiry form, send an email, or contact us via Alibaba or trade platforms.

Full Name Business Email Company Name Phone Number Country / Region Message Content

Order & Transaction Data

Collected during the OEM/ODM order process, sample requests, and purchase agreements.

Billing Address Shipping Address Order Details Invoice Records

Technical & Usage Data

Automatically collected when you visit our website through cookies and server logs.

IP Address Browser Type Pages Visited Referral Source Session Duration

How We Use Your Data

We use your personal data solely for legitimate business purposes related to our OEM/ODM wetsuit manufacturing services:

  • Respond to Inquiries & Quotations

    Processing your OEM/ODM inquiry, providing product specifications, pricing, and sample arrangements.

  • Order Fulfillment & Logistics

    Processing orders, coordinating production, arranging shipping, and providing delivery documentation.

  • Customer Relationship Management

    Maintaining business communication, following up on samples, and managing repeat order relationships.

  • Legal & Regulatory Compliance

    Fulfilling export documentation, customs declarations, invoicing, and tax obligations under applicable laws.

  • Website Analytics & Improvement

    Understanding how visitors use our website to improve content, navigation, and user experience (with consent where required).

  • Marketing Communications (Opt-in Only)

    Sending product updates, new collection announcements, or trade fair invitations only where you have provided explicit consent.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

Data Sharing & Third Parties

We may share your data with trusted third-party service providers only to the extent necessary for our business operations. All third parties are contractually bound to protect your data.

Recipient Category Purpose Safeguard
Freight & Logistics Partners Shipping, customs clearance, delivery tracking Contractual data processing agreement
Payment Processors Invoice payment, bank transfer processing PCI-DSS compliant; minimal data shared
IT & Hosting Providers Website hosting, email infrastructure, CRM Data Processing Agreement (DPA) in place
Analytics Providers Website traffic analysis (e.g., Google Analytics) Consent required; IP anonymization enabled
Legal & Regulatory Authorities Compliance with legal obligations, court orders Only when legally required

Data Retention

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, or as required by law.

7

Years

Order & Transaction Records

Financial records, invoices, and order documentation retained for 7 years to comply with tax and accounting regulations in China, EU, and US.

3

Years

Business Correspondence & Inquiry Data

Email communications and inquiry records retained for 3 years after last contact for legitimate business relationship management.

13

Months

Website Analytics Data

Anonymized analytics data retained for up to 13 months. Raw IP data deleted after session ends or within 90 days.

--

Consent-Based Marketing Data

Retained until you withdraw consent or unsubscribe. Deletion processed within 30 days of request.

Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies. Under GDPR and the ePrivacy Directive, non-essential cookies require your prior consent.

Essential Cookies

Always Active

Required for the website to function. Include session management, security tokens, and cookie consent preferences. Cannot be disabled.

Analytics Cookies

Consent Required

Used to understand website traffic and user behavior (e.g., Google Analytics with IP anonymization). Helps us improve our website content for B2B visitors.

Marketing & Remarketing Cookies

Consent Required

Used for targeted advertising on platforms such as Google Ads or LinkedIn. Only activated with your explicit consent via our cookie banner.

Managing Cookies: You can manage or withdraw your cookie consent at any time by clicking the "Cookie Settings" link in our website footer, or by adjusting your browser settings. Note that disabling certain cookies may affect website functionality.

Your Rights Under GDPR (EU/EEA)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

Right of Access

Request a copy of the personal data we hold about you (Art. 15).

Right to Rectification

Request correction of inaccurate or incomplete personal data (Art. 16).

Right to Erasure

Request deletion of your data ("right to be forgotten") where no legal obligation requires retention (Art. 17).

Right to Restriction

Request that we limit how we use your data while a dispute is being resolved (Art. 18).

Right to Portability

Receive your data in a structured, machine-readable format to transfer to another controller (Art. 20).

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes at any time (Art. 21).

How to Exercise Your Rights: Submit a written request to privacy@hitopsports.com. We will respond within 30 days as required by GDPR Article 12. We may request identity verification before processing your request.

Right to Lodge a Complaint: You have the right to file a complaint with your local supervisory authority (e.g., ICO in the UK, CNIL in France, BfDI in Germany) if you believe your data has been processed unlawfully.

Your Rights Under CCPA (California)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA grants you the following rights:

Right to Know

You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purpose, and any third parties with whom it was shared.

Right to Delete

You may request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, ongoing business relationships).

Right to Opt-Out of Sale / Sharing

We do not sell or share your personal information with third parties for monetary consideration. If this practice ever changes, we will provide a "Do Not Sell or Share My Personal Information" link.

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. Exercising these rights will not affect the quality or price of our services.

Right to Correct

You may request correction of inaccurate personal information we maintain about you.

Submitting a CCPA Request: Email privacy@hitopsports.com with subject line "CCPA Privacy Request." We will respond within 45 days, with a possible 45-day extension. You may designate an authorized agent to submit requests on your behalf.

International Data Transfers

As a manufacturer based in China serving EU and US clients, your personal data may be transferred to and processed in the People's Republic of China. We ensure appropriate safeguards are in place for all cross-border data transfers.

For EU/EEA Data Subjects

  • Standard Contractual Clauses (SCCs) adopted by the European Commission
  • Data Processing Agreements with all sub-processors
  • Transfer Impact Assessments where required

For US/California Data Subjects

  • Data minimization principles applied to all transfers
  • Contractual protections equivalent to CCPA requirements
  • Secure transmission protocols (TLS 1.2+) for all data in transit

Security Measures

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

SSL/TLS Encryption

All data transmitted via HTTPS with TLS 1.2+ encryption.

Access Controls

Role-based access; only authorized personnel process your data.

Secure Data Storage

Data stored on secured servers with regular backups and monitoring.

Breach Notification

We notify affected parties and supervisory authorities within 72 hours of discovering a breach (GDPR Art. 33).

Staff Training

Regular data protection training for all staff handling personal data.

Vendor Vetting

All third-party processors assessed for security compliance before engagement.

Minors & Children's Privacy

Our website and services are directed exclusively to business professionals and are not intended for individuals under the age of 16 (EU) or 18 (US). We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe a minor has submitted data to us, please contact privacy@hitopsports.com immediately.

Policy Changes & Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify existing business contacts by email where required by law
  • Post a prominent notice on our website homepage for significant changes

We encourage you to review this policy periodically. Continued use of our website after changes are posted constitutes acceptance of the updated policy.

Contact & Data Protection Officer

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us using the information below. We are committed to resolving your concerns promptly and transparently.

Data Controller

Dongguan Hitop Sports Co., Ltd.

Dongguan City, Guangdong Province
People's Republic of China

sales@hitopsports.com

Privacy / DPO Inquiries

Data Protection Officer

For GDPR/CCPA requests, data subject rights, and privacy complaints.

privacy@hitopsports.com

Response Time Commitment

We acknowledge all privacy requests within 5 business days and provide a full response within 30 days (GDPR) or 45 days (CCPA). For complex requests, we may extend this period by an additional 30/45 days with prior notice. All communications are handled in English.

Version 1.0 Effective: June 1, 2025 Last Updated: June 1, 2025

© 2025 Dongguan Hitop Sports Co., Ltd.

Questions About Your Data?

We're Here to Help

Contact our privacy team -- we respond within 30 days as required by GDPR.

Contact DPO General Inquiry