Prompt

Your trust is of utmost importance to us. We fully understand the significance of your personal information and are committed to adopting appropriate security measures in accordance with legal and regulatory requirements to ensure the security and controllability of your personal information. In light of this, the Application Service Provider (hereinafter referred to as "we" or "us") has formulated this Application Privacy Policy (hereinafter referred to as "this Policy") and reminds you that:

This Policy applies to all products and services provided by the Application Service Provider. This Policy does not apply to products or services provided by third parties that you access through our products/services ("Other Third Parties," including but not limited to your transaction counterparts, any third-party websites, and third-party service providers).

Before using any of the products or services offered by the Application, please ensure that you have carefully read and fully understood this Policy, particularly the terms highlighted in bold or bold underline. You should commence using our services only after confirming that you fully understand and agree to this Policy. Should you have any questions, comments, or suggestions regarding the content of this Policy, you may contact us through various contact channels provided within the Application.

Part I: Definitions

Application:Refers to the platforms or tools operated and managed by the Application Service Provider and its affiliates, running on the Application and its future newly developed or collaborated platforms.

Application Service Provider:Refers to the internet information and software technology service provider of the Application, S'good International Trade Company Limited. (Registered Address: UNIT 601, F/6 LMI 5 OF THE MILLS NO4.5, PAKTINPAR ST, TSUEN WAN, HONG KONG).

Affiliate:Refers to companies associated with the Application Service Provider as recognized under the Hong Kong Special Administrative Region's Companies Ordinance, Personal Data (Privacy) Ordinance, and other relevant regulations.

Personal Information: Refers to any information recorded electronically or otherwise that can, alone or in combination with other information, identify a specific natural person or reflect the activities of a specific natural person.

Sensitive Personal Information:Refers to personal information that, once disclosed, illegally provided, or abused, may endanger personal and property safety, easily lead to damage to personal reputation, physical and mental health, or discriminatory treatment. Typically, personal information of children aged 14 and below (inclusive) and privacy information of natural persons are considered sensitive personal information.

Deletion of Personal Information:Refers to the act of removing personal information from systems involved in daily business functions, rendering it unretrievable and inaccessible.

Part II: Privacy Policy

This section of the Privacy Policy will help you understand the following:

1.How We Collect and Use Your Personal Information

2.Personal Information Sharing List

3.How We Use Cookies and Similar Technologies

4.How We Share, Transfer, and Publicly Disclose Your Personal Information

5.How We Protect Your Personal Information

6.Your Rights

7.How We Handle Minors' Personal Information

8.Global Transfer of Your Personal Information

9.Updates to This Privacy Policy

10.How to Contact Us

1.How We Collect and Use Your Personal Information

When you use our products and/or services, we need/may need to collect and use your personal information for the following purposes:

1. Basic Functions: To provide you with our products and/or services, we must collect necessary information. If you refuse to provide such information, you will be unable to use our products and/or services normally.
2. Additional Functions: To provide you with additional features of our products and/or services, you may choose to authorize us to collect and use additional information. If you refuse to provide this information, you will be unable to use the relevant additional features or achieve the desired functionality, but this will not affect your use of the basic functions of our products and/or services.

You understand and agree that:

1. Due to the diverse range of products and services we offer and the differing needs of individual users, the types and scope of personal information collected and used for basic/additional functions may vary. Please refer to the specific product/service functionality for details.
2. To enhance your product and service experience, we continuously strive to improve our technology and may occasionally introduce new or optimized features, which may require the collection and use of new personal information or changes to the purpose or manner of use of personal information. In such cases, we will notify you of the purpose, scope, and manner of use of the corresponding information through updates to this Policy, pop-up windows, page prompts, etc., and provide you with the option to consent autonomously. Should you have any questions, comments, or suggestions, you may contact us through various contact channels provided within the Application, and we will respond to you promptly.

We collect and use your personal information for the following purposes:

1.1 User Registration

To help you create an account on the Application, we will obtain your nickname and avatar from WeChat based on your authorization.

1.2 Product or Service Information Display

To understand product compatibility, identify abnormal account status, and provide you with more relevant page displays and search results, we may request or automatically collect your usage information and store it as web log information, including:

Location:To enhance your discovery of nearby product and service offerings, we provide location-based services when you enable device positioning. By activating location services and utilizing our geolocation features, we may collect and process your geographical data to deliver localized product information within your vicinity. This includes: Providing relevant services without manual location input Calculating actual merchant distances to support informed consumption decisions We employ positioning technologies including:IP address analysis,GPS signals,Sensor technologies (WLAN access points, Bluetooth, and cellular base stations) Please note:We exclusively collect your real-time location coordinates at the point of service delivery. We do not correlate location data across time periods to determine movement tracks or behavioral patterns. (Key business terminology used: location-based services, geographical data, sensor technologies, real-time location coordinates, movement tracks)

Device location permissions can be managed via your settings interface. Disabling this function will restrict geolocation-dependent services and may impact service efficacy.

Device:Based on your specific usage of our software, we may collect and store device-related information, including: - Device characteristics: Model, operating system version, device settings, unique device identifiers, and information about mobile applications and other software used (reflecting hardware and software features). - Location-related information: Authorized GPS location data, along with information from Wi-Fi access points, Bluetooth signals, and cellular towers (sensor information).

Server log:When you use the products or services, we automatically collect detailed records of your engagement through service logs. This includes: - User interactions: Browsing activity, click-throughs, launches, subscriptions, search queries, adding items to favorites, transaction completion, after-sales engagements, and content publishing. - Technical identifiers: IP address, browser type, internet service provider (ISP), language preference, and access dates/timestamps.

Please note that standalone device information, service logs, and location data constitute non-personal information incapable of identifying specific individuals. Should we combine such non-personal information with other datasets to identify individual natural persons, or integrate it with personal information, this combined data will be treated as personal information during processing. Unless authorized by you or required by applicable laws, we will pseudonymize or anonymize such information. To deliver more intuitive, personalized information displays, search results, and push services aligned with your preferences, we analyze your device information, location data, and service logs to identify preference characteristics. Based on these behavioral markers, we conduct indirect user profiling to present tailored content, recommendations, and commercially relevant advertising offers.

Should you wish to opt out of commercial advertisements from our services, you may unsubscribe via SMS prompt reply or through other designated opt-out mechanisms we provide. Separately, when utilizing our in-site search function, we offer the option to receive non-personalized search results not based on your individual profile characteristics.

Additionally, we may use such information in a secure manner to continually enhance and optimize the aforementioned functionalities.

1.3 Sharing Function

When you use our Application, you may choose to share information about interesting products and/or services with other third parties using the sharing function provided. During this process, we will collect service log information including your sharing history to enable this function and other purposes we explicitly inform you of.

1.4 Order Placement and Management

When you place orders for specific products and/or services within our offerings, our system will automatically generate an order containing details of your purchase. This order includes information about the purchased goods and/or services, the specific order number, order date, the amount payable, the payment method, and a QR code for payment. We collect this information to facilitate the completion of your transaction, safeguard transaction security, enable order inquiries, and provide customer service and after-sales support, among other purposes explicitly communicated to you.

To facilitate your order tracking and detailed management, we collect order information generated during your use of our services to display relevant records and enable efficient order administration.

1.5 Payment Processing

To complete transactions, you need to select WeChat Pay and provide the corresponding payment account information. We will share your order number, order transaction amount, and order status with the payment institution corresponding to your chosen payment method.

To facilitate real-time monitoring of transaction status and enable efficient post-sales dispute resolution, you expressly authorize us to collect payment progress data and associated account identifiers from designated transaction counterparties and duly licensed payment institutions corresponding to your selected payment methods. This processing constitutes an essential component for fulfilling contractual obligations and maintaining transaction integrity throughout the service lifecycle.

1.6 Customer Service and Dispute Resolution

When you contact us or file a complaint regarding a sale, after-sales issue, or dispute, we may need you to provide necessary personal information to verify your identity.

To facilitate communication with you, resolve your issues promptly, or record the handling plan and results of related issues, we may save your communication/call records and related content (including account information, order information, other information you provide to prove relevant facts, or contact information you leave).

For purposes of fulfilling legitimate business needs related to service provision and quality enhancement, we may utilize strictly necessary supplementary data, including but not limited to: Correspondence details provided during customer support interactions Survey response data submitted through voluntary questionnaires

1.7 Evaluation and Feedback

You can actively evaluate merchants' products/services on the Application, and we will collect the information you publish, displaying your username, avatar, and published content. If you choose to publish evaluation information anonymously, we will not display your username and avatar.

When publishing content through our services, you acknowledge that user-uploaded images in reviews may contain personal or sensitive information(e.g., ID cards, geotagged photos, payment credentials).

1.8 Inviting Friends

You may utilize our sharing functionality to distribute our products and/or services to your contacts. To facilitate this feature, we will retain the following information associated with your application account: Profile nickname and avatar image Registered mobile number Device metadata

1.9 Network Safety Assurance

To enhance the security of your use of the services provided by us, our affiliated companies, and partners, ensure the safety of the operating environment, and identify abnormal states of member accounts, we strive to better protect the personal and property safety of you, other users, or the public from infringement. Furthermore, we aim to better prevent security risks such as phishing websites, fraud, network vulnerabilities, computer viruses, network attacks, and unauthorized network intrusions. Additionally, we seek to more accurately identify violations of laws, regulations, or application-related agreement rules. To achieve these goals, we may use or integrate your user information, transaction information, device information, service log information, as well as information obtained from our affiliated companies and partners with your authorization or shared in accordance with the law. This integrated information will be used to comprehensively assess your account and transaction risks, conduct identity verification, detect and prevent security incidents, and take necessary record-keeping, auditing, analysis, and disposal measures in accordance with the law.

1.10 Additional Services

To provide you with more convenient, high-quality, and personalized products and/or services, and to continuously improve your experience, we may collect and use your personal information in the following additional services we offer. If you choose not to provide this information, it will not affect your access to basic services such as browsing, searching, and purchasing on our platform. However, you may not be able to enjoy the enhanced user experience these additional services provide. These supplementary services include

1. Based on the camera-enabled supplementary services, this functionality enables: QR Code Processing,for Group access initiation, merchandise purchases, and promotional offer redemption, Direct Media Capture & Upload, for Image submissions for reviews and social sharing, Secured Transaction Operations,for Payment processing and event participation in specifically authorized contexts
2. Based on the photo/video library access and upload services, this functionality enables:uploading avatars for account customization,posting reviews/shared content with user-generated media,submitting visual evidence during service disputes.Based on your uploaded photos/images, we may identify products or services of potential interest to you, and may utilize review content containing your submitted visuals for relevant features.
3. Calendar-Based Additional Services: Upon enabling permission for us to read/write to your calendar, we will collect your calendar information to provide you with shopping records, benefit redemption tracking, and related reminders

You understand and agree that the aforementioned additional services may require you to enable access permissions for your camera, photo gallery, and/or calendar on your device. This enables the collection and utilization of information associated with these permissions to deliver the corresponding services. You may review the status of these permissions individually through your device settings or our mini-program settings, and may enable or disable these permissions at any time at your discretion. Please note: Enabling any permission constitutes your authorization for us to collect and use relevant personal information to provide the associated service.7 Disabling any permission constitutes revocation of your authorization. We will cease collecting and using the relevant personal information based on that permission and will be unable to provide the corresponding service.7 Your decision to disable permissions shall not affect any prior collection and use of information based on your authorization.

1.11 Other

Where the information you provide contains personal data of other users, you must ensure that lawful authorization has been obtained prior to disclosing such personal data to the application.

Should we process the information for purposes not stated in this policy, or repurpose data collected for specific objectives, or proactively obtain your personal data from third parties, we will always secure your prior explicit consent.

Where we indirectly obtain your information from third parties, we shall mandatorily require in writing such third parties to: (a) collect personal information only after securing your lawful consent in compliance with applicable regulations; (b) explicitly disclose to you the specific content of shared information; and (c) obtain your express reconfirmation prior to supplying any sensitive data to us—while compelling formal warranties regarding the legitimacy and compliance of data sources, with express stipulation that violators bear corresponding legal liabilities，concurrently, our specialized security team implements robust data protection measures for personal information (including sensitive data reporting, encrypted storage of sensitive information, and access permission controls)68. We apply protection standards to indirectly obtained personal information that are no less stringent than those employed for our direct users' data.

Statutory Exemptions to Consent Requirement

You expressly acknowledge and agree that we may collect and use your personal information without your explicit consent under the following circumstances, and we may not comply with requests for correction/modification, deletion, account cancellation, consent withdrawal, or data access:

1. Covered under National Security and Defense Security Exemptions
2. Pertaining to public safety, public health, and significant public interests
3. Pertaining to judicial or administrative law enforcement concerning criminal investigation, prosecution, trial, and execution of judgments
4. Where processing is imperative for safeguarding vital interests of the data subject or other natural persons, and obtaining consent is operationally unfeasible
5. Personal information voluntarily disclosed by you to the public
6. Lawfully collected personal information from publicly disclosed sources, including lawful news reporting and government information releases
7. Where necessary for the performance of agreements or other written documents executed with you
8. Necessary for maintaining the secure and stable operation of the provided products and/or services, such as detecting and resolving malfunctions
9. Necessitated by legitimate journalistic activities
10. Where processing by academic research institutions is necessary for public interest-driven statistical or academic studies, and personal information contained in results disclosed externally undergoes de-identification
11. Other circumstances as stipulated by laws and regulations

Please be advised that under applicable laws, where we implement technical and organizational measures to process personal information such that data recipients cannot re-identify specific individuals nor restore the original data - or where we may conduct de-identified research, statistical analysis, and predictive modeling to enhance application content/layouts, support business decision-making, and improve our products/services (including utilizing anonymized data for machine learning or algorithmic model training) - such use of processed data shall neither require separate notification to you nor necessitate obtaining your consent.

In the event of discontinuation of our application products or services, we shall promptly cease collection of your personal information, notify you of such termination via individual notices or public announcements, and either delete or anonymize personal information held by us in connection with the discontinued operations (with anonymization conducted in accordance with ISO/IEC 20889 standards).

2.Personal Information Disclosure Register

To ensure proper functioning and secure operation of the application, we integrate third-party Software Development Kits (SDKs) for specific technical implementations.

We conduct rigorous security vetting of third-party SDKs and mandate partners to implement stringent measures protecting your personal data. When adapting to new service requirements or functional changes, we may adjust integrated SDKs and promptly disclose updates within this documentation.

3. Implementation of Cookies and Similar Tracking Technologies

To ensure operational integrity and enhance user experience, we deploy cookie technology on your terminal devices. These data files contain anonymized identifiers, site-specific codes, and cryptographic strings that enable preference storage functionalities essential for service delivery

You retain full control to manage or delete cookies according to your preferences. All cookies stored on mobile devices can be purged through system-level operations.

4. Data Disclosure Frameworks: Sharing, Transfer and Public Dissemination Mechanisms

4.1 Sharing

Data disclosures are strictly confined to vetted Application Service Providers (ASPs), except under these legally circumscribed conditions:

1. Explicit Consent-Based Data Sharing: Transfer mechanisms activated upon validated user authorization
2. Legally Mandated Disclosures: Data sharing pursuant to statutory obligations and authoritative legal processes.
3. Intra-Group Data Sharing: To facilitate our affiliates' delivery of services through linked accounts, provide personalized recommendations aligned with your interests, and protect the personal/property safety of affiliated entities, users, or the public from infringement, your personal information may be shared with our corporate affiliates. Such sharing shall be strictly limited to necessary data elements. Where sensitive personal information is shared or affiliates alter the purpose of processing, we shall obtain your explicit re-authorization through standalone consent mechanisms.
4. Controlled Third-Party Collaboration: Selected services are jointly delivered with authorized partners strictly for purposes defined in this Privacy Policy. We may disclose specific personal data elements to enhance customer service and user experience, adhering to legally mandated principles of legitimacy, necessity, specificity, and transparency. All data transfers are liimited to operationally essential information,contractually restricted to predefined service objectives,and prohibited from secondary processing unrelated to contracted deliverables.

We execute binding data protection agreements with all entities and individuals receiving personal information from us, mandating their compliance with our instructions, this Privacy Policy, and all applicable confidentiality and security protocols.

4.2 Transfer

Restricted Data Transfers: No disclosure to third parties except under these legally circumscribed conditions:

1. Transfer Upon Explicit Consent: We will transfer your personal information to third parties upon obtaining your explicit consent.
2. In the event of mergers, acquisitions, bankruptcy proceedings, or similar transactions involving our application service providers, should any personal information transfer occur, we shall legally require the successor entity holding your information to remain bound by this Policy. Failing such commitment, said company or organization must re-obtain your express authorization.

3. Public Disclosure

We will only disclose your personal information publicly under the following circumstances:

1. We may publicly disclose your personal information only upon your explicit consent or proactive election.
2. If we determine that you have violated laws, regulations, or the relevant agreement and rules of the application, or in order to protect the personal and property safety of users of the application and its affiliated companies, or the public, from infringement, we may disclose your personal information, including relevant violations and measures taken against you by the application, in accordance with laws, regulations, or the relevant agreement and rules of the application, and with your consent.

4. Exemptions from Prior Consent for Sharing, Transferring, or Publicly Disclosing Personal Information

In the following cases, we may share, transfer, or publicly disclose your personal information without your prior authorization:

1. Covered under National Security and Defense Security Exemptions
2. Pertaining to public safety, public health, and significant public interests
3. Pertaining to judicial or administrative law enforcement concerning criminal investigation, prosecution, trial, and execution of judgments
4. Where processing is imperative for safeguarding vital interests of the data subject or other natural persons, and obtaining consent is operationally unfeasible
5. Personal information voluntarily disclosed by you to the public
6. Lawfully collected personal information from publicly disclosed sources, including lawful news reporting and government information releases

Under applicable laws, sharing or transferring de-identified personal information with legally binding non-reidentification obligations does not constitute external data processing, exempting us from additional notices or consents for its storage and handling.

5. How We Protect Your Personal Information

We implement industry-standard, reasonably feasible security measures to safeguard your personal information against unauthorized access, disclosure, use, alteration, damage, or loss. Our comprehensive protections include:‌ Encryption Technologies to enhance data security Trusted Protection Mechanisms defending against malicious attacks Strict Access Controls limiting information access to authorized personnel Mandatory Privacy Training reinforcing employee awareness of data protection.

We possess an industry-leading data security management system centered around the data lifecycle. This system enhances the overall security of our entire system through multidimensional improvements in organizational development, institutional design, personnel management, product technology, and other aspects.

Data Minimization & Retention Discipline: Implementation of operationally feasible controls to limit data collection and enforce purpose-bound retention timelines

Recognizing that the internet infrastructure does not constitute an absolutely secure environment, we strongly advise against transmitting personal information through communication channels not expressly recommended by our application platform. All connections and mutual data sharing should be exclusively facilitated through our services. When initiating communications, transactions, or content sharing via our platform, you maintain autonomous control to designate specific counterparties as third-party recipients who will thereby gain access to relevant information including but not limited to transactional particulars, contact details, communication records, or shared materials subject to your configured visibility parameters.

We execute binding data protection agreements with entities receiving personal information from us, mandating strict compliance with our instructions, this Privacy Policy, and applicable confidentiality/security protocols; in cases of suspected account or password compromise, immediately notify our application support team via designated channels to initiate containment measures per your verified request. Be advised that voluntary information dissemination through our services may expose personal/sensitive data of yourself or third parties, necessitating heightened caution regarding information sharing or public disclosure during service usage

We undertake to ensure the security of any information you provide to us. Should our physical, technical, or administrative safeguards be compromised, resulting in unauthorized access, public disclosure, alteration, or destruction of your information, which adversely affects your legitimate rights and interests, we will assume corresponding legal liability.

Our security risk updates and personal information security impact assessment reports will be periodically refreshed and publicly disclosed, accessible exclusively through in-app notification systems to ensure timely and secure dissemination of critical cybersecurity insights

In the unfortunate event of a personal information security incident, we will promptly notify you in accordance with applicable laws and regulations by providing: (1) essential details regarding the nature of the security incident and its potential impact, (2) remediation measures we have implemented or intend to implement, (3) actionable recommendations for you to independently mitigate risks, and (4) compensatory remedies available to affected individuals; such notifications shall be delivered through multiple channels including but not limited to email, postal correspondence, telephone communications, and push notifications, with publicly posted announcements constituting an alternative notification method when individual communication proves impracticable, all while maintaining compliance with regulatory reporting obligations by submitting detailed incident handling reports to relevant supervisory authorities as mandated.

6. How do you manage your personal information

You are entitled to exercise comprehensive access and administrative control over your personal information exclusively through the following designated protocols:

Access your personal information

You have the right to access your personal information, subject to statutory exceptions. The specific access path shall be determined by the corresponding product or service features within the application.

To update or supplement personal information

You have the right to request correction of your personal information when you identify inaccuracies in our records.

Delete your personal information

You may request deletion of your personal information under the following circumstances:

1. If our processing of personal information violates laws or regulations
2. If we collect or use your personal information without obtaining your explicit consent
3. If our processing of personal information seriously violates our agreement with you
4. If you cease using our products or services, or actively deactivate your account
5. If we permanently discontinue providing products or services to you

Upon granting your deletion request, we will also notify entities that received your personal information from us to promptly delete such data, unless otherwise required by law or if such entities obtained your separate authorization.

When you delete information from our services, residual copies may persist in operational backup systems until the next scheduled backup rotation cycle.

Revise the scope of authorization you have consented to

Each business function requires essential personal information to operate properly(refer to Section II, Article 1 of this Privacy Policy). For the collection and use of any additional personal information, you may grant or revoke your authorization through our application's customer support team

Account Deletion Process for Data Subjects

You may terminate your previously registered account at any time through the following self-service options:

You may submit an account closure request through our customer service team. Upon receipt, we will promptly process your termination request in accordance with our standard procedures.

Upon account termination, we will cease providing products/services and delete your personal data as requested, unless otherwise required by applicable laws and regulations.

Governance of Automated Decision-Making Systems

In certain business functions, decisions may be made solely through non-human automated systems (e.g., algorithms). Should such decisions significantly affect your legal rights, you may request explanations. We will provide recourse methods without compromising trade secrets, other users’ rights, or the public interest.

We will process your request accordingly.

For security purposes, you may need to submit a written request or provide alternative identity verification. We may require identity confirmation before processing your request.

We will provide a written response within 15 calendar days. Should you remain dissatisfied with the resolution, you may lodge a formal complaint through our application's customer support channel.

We generally do not charge for reasonable requests. However, for repeated or excessive requests, a reasonable fee may apply to cover administrative costs. Requests that are unfounded, overly burdensome (e.g., requiring new system development or fundamental operational changes), pose risks to others' legal rights, or are impractical may be declined. (Professional legal/compliance wording: balances clarity with regulatory precision while maintaining corporate tone.)

We regret that we are unable to comply with your request under the following circumstances as required by laws and regulations:

1. Covered under National Security and Defense Security Exemptions
2. Pertaining to public safety, public health, and significant public interests
3. Related to criminal investigations, prosecution, adjudication, or sentence enforcement.
4. Where clear evidence indicates the data subject has acted in bad faith or abused their rights
5. Where responding to the request would materially infringe upon the lawful rights and interests of you, other individuals, or organizations
6. Trade secret-related

7. Guidelines for Processing Minors' Personal Information

If you are a minor under the age of 18, you must review this Privacy Policy jointly with your parent or legal guardian and obtain their express consent prior to accessing or using the application and related services

In compliance with applicable national laws and regulations, we protect minors' personal information, processing such data only when legally permitted, with explicit parental/guardian consent, or when strictly necessary to safeguard minors; should any collection occur without verifiable prior parental consent, we will promptly delete the information. Guardians with inquiries regarding minors' personal data may contact us through the designated channels specified in this Privacy Policy

8. Global Data Transfers & Safeguards

Personal information collected and generated through our in-country/regional operations will be stored within the corresponding national/regional jurisdictions, except in the following scenarios:

1. Where expressly required by applicable laws and regulations
2. Upon obtaining your explicit authorization;
3. For your personal cross-border transactions or other proactive actions conducted via the internet
4. For all above scenarios, we ensure adequate protection of your personal information in strict compliance with this Privacy Policy

9. Privacy Policy Updates

We reserve the right to amend our Privacy Policy. Updates will be communicated through our designated notification channels.

We will not restrict any of your rights under this Privacy Policy without your explicit consent. Any changes to the policy will be notified to you in advance via platform announcements.

10. How to Contact Us

For questions, feedback, or complaints regarding this Privacy Policy or your personal data,access "Customer Service" within the application, or mailservice@siguworks.com，Response within 5 days (business days)。