XIAGUSHOP 隐私政策(CN)

版本:V2025-08-29(UTC)
生效日期:以平台页面公示为准

本隐私政策适用于你使用 xiagu.shop 及其子页面、会员服务与数字商品(统称“平台”)时的数据处理活动。除非另有说明,本政策中“我们/平台”指 XIAGUSHOP

(为便于阅读,中文条款采用中文大写序号+阿拉伯数字编排;英文版见文末。)

一、适用范围与角色

  1. 本政策说明我们作为个人信息控制者如何收集、使用、共享和保护你的个人信息。
  2. 平台涉及的主要功能包括:账户注册与认证、KYC 信息提交、会员购买与交付、站内钱包余额与交易、订单与发票、同意留痕、合规记录。
  3. 若你通过第三方支付或登录服务(例如支付通道、邮箱服务商),你的信息亦受其各自政策约束。

二、我们收集的个人信息

  1. 账户信息:用户名、邮箱、手机号码、姓与名、生日、国家/地区、显示名称/昵称头像(如你自行上传)
  2. KYC 信息:证件类型与号码、以及你在注册/认证流程中主动提交的其他资料。我们不在线下核验,但会按法律义务保存提交记录。
  3. 订单与会员信息:订单号、购买的会员等级与时长、价格、发票资料、合规记录。
  4. 站内钱包:余额、充值/扣款金额、交易时间、交易备注与对账流水。
  5. 设备与日志:IP 地址、设备与浏览器信息(UA)、操作时间戳、页面与按钮点击、同意开始与结束时间等留痕。
  6. 沟通与客服:你与我们联系时提供的内容、申诉材料与处理结果。

三、使用目的与法律依据

  1. 提供与维护服务:创建账户、完成 KYC、处理订单与交付数字商品、计算与展示钱包余额与交易记录。
  2. 安全与合规:防止欺诈与滥用、留存合规日志、履行税务与账务留存义务、回应监管与执法请求。
  3. 客户支持:处理咨询、投诉、纠纷(在适用法律与业务范围内)。
  4. 改进体验:基于汇总与去标识数据进行统计与功能优化,不用于识别单个自然人。
  5. 法律依据(依辖区而定):履行合同、履行法定义务、合法利益、你已明确同意。

四、Cookies 与本地存储

  1. 平台使用必要类 Cookie(会话、登录、购物车、钱包结算、同意偏好)以保证功能可用。
  2. 我们目前不进行基于第三方广告追踪的定向营销。若将来变更,将于页面显著位置告知并征求同意。

五、共享与委托处理

  1. 处理者/服务商(仅为实现功能):主机与 CDN、邮件与短信服务商、支付通道与对账服务、反滥用安全服务、统计与日志服务、开票与会计服务。
  2. 法律与合规:依法向有权机关提供必要信息,或为维护我们的合法权益在合理范围内披露。
  3. 我们不出售你的个人信息。

六、国际传输

  1. 你的信息可能在马来西亚或其他国家/地区被存储或处理。
  2. 如你位于欧盟、英国或其他国家/地区,你的个人信息可能会被转移至我们运营的国家;在进行这些转移时,我们会采取适当的措施以确保你的信息得到保护。
  3. 针对跨境传输(例如从欧盟/英国转移至其他地区),我们将采用**标准合同条款(SCCs)**或法律允许的其他保障机制。

七、保留期限

  1. 账户、订单、会员以及站内钱包及其对账资料:在提供服务所必需的最短期间内保存,最长不超过 90 天;如法律、税务或监管另有更长保存要求的,依相关规定执行。
  2. 安全事件与同意留痕日志:为安全审计、合规证明与纠纷处理之目的,最长不超过 90 天;如法律另有要求的,从其规定。
  3. 到期后,我们将删除或在法律允许且为正当目的所必需的情况下以去标识化方式保留。

八、安全

  1. 采取合理且与风险相适配的安全措施,包括 HTTPS 传输、访问控制、角色权限、最小化授权、日志监控与备份。
  2. 互联网并非绝对安全环境,我们无法保证信息在任何情况下 100% 安全,但将尽力降低风险并在发生严重事件时依法通知。

九、你的权利与请求渠道

  1. 你可以按照适用法律行使与个人信息相关的权利(例如访问、更正、删除等)。
  2. 你可通过账户设置联系我们提出请求;为保护安全,我们可能要求验证身份,并在法律允许的时限内处理。
  3. 你可申请导出与账户相关的对账资料(如钱包、订单与同意日志等);我们将在法律允许且技术可行的范围内提供。

十、未成年人

  1. 我们的服务面向具有完全民事行为能力的自然人。
  2. 若你未达所在辖区的法定成年人年龄,应在监护人同意与指导下使用,并由监护人代表行使相关权利。

十一、政策更新

  1. 当功能或法律发生变化时,我们会更新本政策,并在页面显著位置提示。
  2. 重大变更将征求你的再次同意(如法律要求)。

十二、联系我们

  1. 联系人:xiagushop@gmail.com
  2. 为加速处理,请在邮件主题注明“隐私请求”,并说明你的账户邮箱与请求类型。

十三、公开展示与匿名

  1. 为实现账户标识、会员服务与创作者/艺术家页面等功能,平台在站内进行必要的公开展示时,将以匿名/化名(显示名称/昵称)为主;如你上传头像,则可能一并展示。上述处理基于合同履行平台的正当利益(例如防冒名、交易识别、权属标记与页面可用性)。
  2. 你可在账户设置中修改显示名称/昵称与头像;平台不主动公开你的证件号、生日、联系方式、站内余额、交易明细等非公开信息。
  3. 页面上的提示语**“根据隐私政策匿名”**仅用于说明该展示遵循本隐私政策中的匿名/化名规则,并非单独授权或同意机制

XIAGUSHOP Privacy Policy (EN)

Version: V2025-08-29 (UTC)
Effective date: as publicly posted on the Site

This Policy explains how XIAGUSHOP collects, uses, shares, and protects personal data when you use xiagu.shop, its sub-pages, membership services, and digital goods (collectively, the “Platform”). Unless otherwise stated, “we/us/Platform” refers to XIAGUSHOP.

1. Scope & Roles

  1. This Policy describes how we, acting as a data controller, collect, use, share, and protect your personal data.
  2. Main features covered include: account registration and verification, KYC submission, membership purchase and delivery, on-site wallet balance and transactions, orders and invoices, consent records, and compliance records.
  3. If you use third-party payment or sign-in services (e.g., payment gateways, email providers), your data there is also governed by those providers’ policies.

2. Data We Collect

  1. Account data: username, email, phone number, given/family name, date of birth, country/region, display name/nickname, and avatar (if you upload one).
  2. KYC data: ID type/number and other materials you voluntarily submit during onboarding. We do not conduct offline verification but keep submission records as required by law.
  3. Orders & memberships: order ID, plan level and duration, price, invoice details, and compliance records.
  4. On-site wallet: balance, credit/debit amounts, timestamps, notes, and reconciliation records.
  5. Device & event records: IP address, device/browser (UA), timestamps, page/button interactions, and consent start/end timestamps.
  6. Support: the content of your enquiries, supporting materials you provide, and our handling outcomes.

3. Purposes & Legal Bases

  1. Provide & maintain services: create accounts, complete KYC, process orders and deliver digital goods, calculate and display wallet balances and transactions.
  2. Security & compliance: prevent fraud/abuse, keep compliance evidence, meet tax and accounting retention duties, and respond to regulatory/law-enforcement requests.
  3. Customer support: handle enquiries, complaints, and disputes (within applicable laws and business scope).
  4. Improve services: perform statistics and product improvement using aggregated/de-identified data; not used to identify individuals.
  5. Legal bases (depending on jurisdiction): performance of contract, legal obligations, legitimate interests, and—where required—consent.

4. Cookies & Local Storage

  1. We use necessary cookies (session, login, cart/checkout, wallet settlement, consent preferences) to keep the Platform functional.
  2. We do not currently conduct third-party ad tracking for targeted advertising. If this changes, we will provide prominent notice and request consent where required.

5. Sharing & Processors

  1. Processors/service providers (solely to provide functions): hosting/CDN, email/SMS, payment and reconciliation, security/anti-abuse, analytics/logging, invoicing/accounting.
  2. Legal and compliance: we may disclose data when required by law or to protect our rights in a reasonable and proportionate manner.
  3. We do not sell your personal data.

6. International Transfers

  1. Your data may be stored or processed in Malaysia or other countries/regions.
  2. If you are located in the EU, UK, or other jurisdictions, your personal data may be transferred to countries where we operate. We take appropriate measures to ensure your information is protected during such transfers.
  3. For EU/UK transfers, we rely on Standard Contractual Clauses (SCCs) or other lawful safeguards.

7. Retention

  1. Accounts, orders, memberships, and on-site-wallet records (including reconciliation): retained for the minimum period necessary to provide the services and no longer than 90 days, unless a longer period is required by tax, accounting, or other laws.
  2. Security and consent records (evidence): kept for audit, compliance, and dispute handling for no longer than 90 days, unless a longer period is legally required.
  3. Upon expiry, we delete the data or retain de-identified records where permitted by law and necessary for legitimate purposes.

8. Security

  1. We implement reasonable safeguards proportionate to risk, including HTTPS in transit, access controls, role permissions, least-privilege principles, logging/monitoring, and backups.
  2. The internet is not absolutely secure; while we cannot guarantee 100% security in all circumstances, we work to reduce risks and will notify as required by law in the event of a serious incident.

9. Your Rights & Requests

  1. Subject to applicable laws, you may request access, correction, deletion, and other rights available in your jurisdiction.
  2. You can submit requests via account settings or Contact Us. For security, we may need to verify your identity and will process the request within legally permitted time limits.
  3. You may request exports related to your account (e.g., wallet, order, and consent records); we will provide them where legally permitted and technically feasible.

10. Children

  1. Our services are intended for individuals with full legal capacity.
  2. If you are below the age of majority in your jurisdiction, you should use the services under guardian consent and guidance; guardians may exercise the relevant rights on your behalf.

11. Changes

  1. We will update this Policy when functions or laws change and will provide prominent notice on the Site.
  2. Where required by law, material changes will be presented for renewed consent.

12. Contact Us

  1. Contact: xiagushop@gmail.com
  2. To expedite handling, include “Privacy Request” in the subject and provide your account email and request type.

13. Public Display & Anonymity {#public-display-anonymous}

The on-page notice “According to the Privacy Policy: Anonymous” only indicates that the display follows the anonymity/pseudonymity rules in this Policy; it is not a separate authorization or consent mechanism.

To enable account identification, membership services, and creator/artist pages, the Platform may conduct necessary public display primarily using anonymous/pseudonymous identifiers (display name/nickname); if you upload an avatar, it may be shown as well. The above processing is based on contract performance and our legitimate interests (e.g., anti-impersonation, transaction identification, attribution marks, and page usability).

You may modify your display name/nickname and avatar in Account Settings. We do not proactively disclose your ID numbers, date of birth, contact details, on-site wallet balance, or transaction details.

键入搜索

商品购物车

0
image/svg+xml

No products in the cart.

继续购物