• Jinlong Digital HK Trading Limited trading as Hong Kong Wholesalers
• Company Registration No. 76470158
• Office C, 5th Floor, Wing Lock House, 1-3 Lock Road, Tsim Sha Tsui, Kowloon, Hong Kong
• Email: [email protected] | +852 9428 5319

Summary for EU Visitors

This Notice explains how Jinlong Digital HK Trading Limited, trading as Hong Kong Wholesalers, collects and uses personal data of individuals in the EU and EEA. We operate a B2B wholesale business for mobile phones, tablets, laptops, wearables, accessories and related services. We process some data on EU servers and also in Hong Kong and other locations with appropriate safeguards. This Notice complements our Hong Kong Privacy Policy. If you have any questions, contact us using the details above.

1. Introduction and Scope

• 1.1This EU and EEA Privacy Notice explains how we handle personal data of individuals in the European Union and the European Economic Area in accordance with the General Data Protection Regulation.
• 1.2It applies when you visit our websites or portals, communicate with us, submit forms, open a trade account, request a quotation, engage with our support teams or otherwise interact with us while located in the EU or EEA.
• 1.3This Notice complements our Hong Kong Privacy Policy that explains our practices under the Personal Data Privacy Ordinance. Where processing is subject to EU law, this Notice governs. For non EU processing, our Hong Kong Privacy Policy applies.
• 1.4This Notice targets professional and business users. We do not intentionally market to consumers for personal or household purposes.

2. Who We Are and How To Contact Us

• 2.1Controller identity. The controller is Jinlong Digital HK Trading Limited, trading as Hong Kong Wholesalers.
• 2.2Contact. Office C, 5th Floor, Wing Lock House, 1-3 Lock Road, Tsim Sha Tsui, Kowloon, Hong Kong. Email: [email protected]. Tel: +852 9428 5319.
• 2.3 Privacy contact. Address inquiries to our Privacy Officer using the email above.
• 2.4EU representative. We will designate an EU representative as required by Article 27. Once appointed, we will update this Notice with contact details.

3. Applicability of GDPR and Relationship with PDPO

• 3.1GDPR applies when we offer goods or services to EU or EEA based individuals or monitor their behaviour within the EU or EEA.
• 3.2We actively sell to EU and EEA based businesses. We therefore implement GDPR controls in addition to our PDPO framework.
• 3.3This Notice should be read together with our Hong Kong Privacy Policy, which explains general practices, retention, security, and rights available under Hong Kong law.

4. Categories of Personal Data We Collect

Depending on your interaction with us, we collect the following categories.

• a) Identity and contact data. Names, job titles, business emails, phone numbers, company names, addresses, messaging identifiers.
• b) Business account data. Login credentials, role permissions, trade account applications, KYC and due diligence information, references, documents supplied by your company.
• c) Transaction and logistics data. Quotations, orders, invoices, payment confirmations, shipment references, customs details, RMA and warranty records.
• d) Device service data. IMEI or serial numbers for testing, diagnostic results, repair logs, refurbishment notes, photographs for grading.
• e) Communications data. Emails, call notes, portal messages, WhatsApp or WeChat messages if you contact us through those channels.
• f) Website and analytics data. IP addresses, device and browser details, session information, cookies, preferences, usage logs, error logs, security telemetry.
• g) Events and visits. Appointment bookings, visitor logs, meeting notes, on site CCTV where posted.
• h) Marketing preferences. Subscriptions, opt ins, opt outs, category interests.
• i) Compliance data. Sanctions screening results, ownership declarations for buy back or recycling, risk assessments.

We do not intentionally collect special categories of personal data. Please avoid sending sensitive information unless we expressly request it for a lawful purpose.

5. Sources of Personal Data

We collect data directly from you, from your employer or colleagues, through our websites and portals, from service providers such as payment, logistics, KYC and analytics vendors, and from public sources where appropriate for verification and compliance.

6. Purposes of Processing and Lawful Bases

We process personal data for the purposes below. For each purpose we identify the principal lawful bases.

• a)Customer relationship and account management. Evaluating applications, creating and administering accounts, setting permissions, verifying authority.
  Lawful bases. Contract performance. Legitimate interests in operating an efficient B2B service. Legal obligations for screening where applicable.
• b)Sales operations. Quotation, order acceptance, pick and pack, export documentation, delivery coordination, warranty, returns and after sales support.
  Lawful bases. Contract performance. Legitimate interests in fulfilling orders and supporting customers.
• c) Compliance and risk controls. KYC, AML, sanctions checks, fraud prevention, ownership verification for buy back and recycling, regulatory reporting.
  Lawful bases. Legal obligations where applicable. Legitimate interests in preventing fraud and complying with trade rules.
• d) Business communications. Answering inquiries, stock availability notices, service changes, incident updates, appointment coordination.
  Lawful bases. Contract performance. Legitimate interests in communicating with customers and prospects.
• e) Security and continuity. Access controls, logging, monitoring, incident response, business resilience planning.
  Lawful bases. Legitimate interests in maintaining secure systems. Legal obligations where applicable.
• f) Analytics and improvement. Site performance measurement, service optimisation, quality assurance, staff training.
  Lawful bases. Legitimate interests in improving services. Consent where required for non essential cookies.
• g) Direct marketing to business contacts. Newsletters, product updates, trade offers, event invitations.
  Lawful bases. Consent where required by law. Legitimate interests for B2B communications where national laws recognise it. Individuals can object at any time.
• h) Supplier and partner management. Onboarding, due diligence, performance reviews, payments.
  Lawful bases. Contract performance. Legitimate interests in managing suppliers.

7. Legitimate Interests Assessment

Where we rely on legitimate interests, we assess necessity and balance those interests against any potential impact on individuals. Our interests include operating a secure, efficient wholesale business, preventing fraud, improving services and communicating relevant information to professional contacts. You may object to processing based on legitimate interests at any time.

8. Direct Marketing Choices

You can unsubscribe from marketing emails using the link provided or by emailing [email protected]. We will record and respect your preference. Operational messages such as order updates or account notices are not marketing and will continue where necessary for contract performance.

9. Cookies and Similar Technologies

We use essential cookies for authentication, security and session stability. We use analytics cookies to understand site usage and improve performance. Where required, we present a cookie banner or preferences tool. You can manage cookies in your browser. Disabling essential cookies may impact the secure areas of our site.

10. Data Retention

We retain personal data only for as long as necessary for the purposes described, taking into account legal limitation periods, tax and accounting requirements, warranty windows, audit duties and security needs. When data is no longer required we will delete or anonymise it. Where anonymisation is used, we take steps to prevent re identification.

11.Disclosures and Recipients

We disclose personal data to trusted recipients on a need to know basis.

• a) Group entities that provide shared services.
• b) Logistics, warehousing, shipping, insurance, and customs partners.
• c) Payment service providers and banks.
• d) KYC, AML, sanctions screening and risk intelligence vendors.
• e) Device repair, refurbishment, testing and recycling partners.
• f) IT hosting, cloud, analytics and security providers.
• g) Professional advisers including auditors and legal counsel.
• h) Authorities, courts and regulators where required by law or to protect legal rights.

We enter into contracts with processors that include confidentiality, security and restricted processing obligations.

12. International Transfers

• 12.1 We host certain data within the EU and EEA for performance and resilience. We also transfer data to Hong Kong and other jurisdictions for operations and support.
• 12.2 For transfers from the EU and EEA to countries without an adequacy decision, we use Standard Contractual Clauses, additional organisational and technical measures and purpose limitations.
• 12.3 We review our transfer mechanisms periodically and update safeguards as guidance evolves. Copies of relevant transfer safeguards can be requested where disclosure does not compromise security or confidentiality.

13. Security Measures

We use administrative, technical and physical safeguards appropriate to the nature of the data and risks involved. These include role based access, need to know controls, encryption in transit and at rest where proportionate, secure configurations, patch management, monitoring, intrusion detection, malware protection, network segmentation, regular testing, supplier due diligence and staff training. We regularly review controls and enhance them where needed.

14. Your GDPR Rights

Subject to applicable law, EU and EEA data subjects have the following rights.

• a) Right to access. Request confirmation whether we process your personal data and obtain a copy.
• b) Right to rectification. Request correction of inaccurate or incomplete personal data.
• c) Right to erasure. Request deletion in the circumstances defined by law.
• d) Right to restriction. Request restriction of processing under certain conditions.
• e) Right to portability. Receive personal data you provided to us in a structured, commonly used, machine readable format and transmit it to another controller where technically feasible.
• f) Right to object. Object to processing based on legitimate interests and to direct marketing.
• g) Rights related to automated decision making. We do not conduct decisions producing legal effects based solely on automated processing.

We will respond within one month where practicable and lawful. That period may be extended by two months for complex requests. We may ask for information to confirm identity and to locate records.

15. Exercising Your Rights and Contact Points

Send your request to [email protected] with enough detail to identify you and the data concerned. We will handle requests in accordance with GDPR and will explain any refusal where permitted by law. You also have the right to lodge a complaint with your local supervisory authority in the EU or EEA.

16. Supervisory Authorities and Complaints

You may contact the competent EU or EEA supervisory authority in the country where you live or work or where you believe an issue concerning your personal data has arisen. We would appreciate the opportunity to address your concerns first. Contact our Privacy Officer using the details provided in section 2.

17. Children’s Data

Our services are intended for professional buyers and suppliers. We do not knowingly collect personal data of individuals under 18 for our B2B activities. If you believe a minor has provided personal data, contact us so we can take appropriate action.

18. Supplier and Partner Data

We process personal data of supplier representatives for onboarding, compliance checks, purchase orders, performance management, invoicing and payments. We may share supplier contact data with customers where required for warranty or regulatory reasons. Lawful bases include contract performance, legal obligations and legitimate interests in managing business relationships.

19. Buy Back, Recycling, Repairs and Refurbishments

For device buy back and recycling, we verify lawful ownership and may request identity confirmations of the person delivering devices. For repair and refurbishment, we process device identifiers, diagnostic information and service records. Please remove accounts and passcodes and back up or erase data before handing over devices. We use reasonable measures to protect data in our custody and limit processing to what is necessary for service.

20. Business Communications

We send operational messages about quotations, stock lists, shipping, RMAs and support. These are necessary for contract performance or legitimate interests. You may still receive operational communications even if you opt out of marketing.

21. Automated Decision Making and Profiling

We do not use automated decision making that produces legal or similarly significant effects. We may use limited profiling for fraud risk or sanctions screening based on criteria defined by law or by reasonable risk models. You can contact us to obtain further information and to exercise your rights.

22. Data Minimisation and Purpose Limitation

We collect only data that is relevant and necessary for clearly defined purposes. We will not use personal data for a new incompatible purpose without a lawful basis, which may include consent where required.

23. Data Breach Response

If a data breach occurs that is likely to result in a risk to the rights and freedoms of natural persons, we will assess the incident promptly, take remedial steps and notify the competent supervisory authority without undue delay and where feasible within seventy two hours. Where the risk is high, we will also inform affected individuals without undue delay.

24. Transparency for Cookies and Analytics

We provide appropriate notices regarding cookies and analytics. For non essential cookies or similar technologies, we will seek consent based on the applicable national rules. You can withdraw consent at any time through available controls. Withdrawal does not affect the lawfulness of processing before withdrawal.

25. Links and Third Parties

Our sites and portals may link to third party services. Their privacy practices are outside our control. Review their policies before sharing personal data. We do not control third party cookies placed by external services embedded on our site.

26. International Structure and Cross Reference to PDPO

We operate as a Hong Kong based wholesale company with customers and partners worldwide. This EU and EEA Notice addresses GDPR obligations. Our separate Hong Kong Privacy Policy describes our PDPO based practices and is available on our website. Both documents operate together to provide a complete overview of our data protection approach.

27. Records of Processing and Accountability

We maintain records of processing activities as required by Article 30. We embed privacy by design and by default into relevant processes. We conduct risk based assessments where appropriate, including data protection impact assessments for higher risk processing. We review our vendor contracts and monitor compliance.

28. International Transfers in Detail

• 28.1 Adequacy decisions. Where the European Commission has adopted an adequacy decision for a destination, we may rely on that decision.
• 28.2 Standard Contractual Clauses. For Hong Kong and other non adequate countries, we use Standard Contractual Clauses and apply additional measures where appropriate.
• 28.3 Derogations. In limited cases and only where suitable, we may rely on specific derogations such as contract necessity or explicit consent.
• 28.4 Copies of safeguards. You may request a copy of the relevant transfer safeguards. We may redact confidential information.

29.Your Responsibilities as Business Contacts

If you provide personal data of your colleagues or representatives to us, you confirm that you have authority to do so and that those individuals have been informed about this Notice. If you act as a controller with respect to your customers, you remain responsible for your own compliance duties.

30. Changes to This Notice

We may update this Notice to reflect changes in law, guidance, or our operations. We will indicate the effective date at the top and, where appropriate, notify registered account holders or prominent site users of material changes. The updated Notice replaces previous versions.

31. Contact Information

• Controller. Jinlong Digital HK Trading Limited, trading as Hong Kong Wholesalers.
• Address. Office C, 5th Floor, Wing Lock House, 1-3 Lock Road, Tsim Sha Tsui, Kowloon, Hong Kong.
• Email. [email protected]
• Tel. +852 9428 5319
• Privacy Officer. Please address requests and complaints to the Privacy Officer at the email above.

Annex A. Lawful Bases at a Glance

• 1.Contract performance. Processing necessary to enter into or perform a contract with you or your company.
• 2.Legal obligation. Processing necessary for compliance with EU or Member State laws that apply to us.
• 3.Legitimate interests. Processing for reasonable business purposes such as service delivery, fraud prevention, network security, product improvement, supplier management and communications with professional contacts, balanced against your interests.
• 4.Consent. Used for direct marketing where required and for certain cookie uses. You can withdraw consent at any time.

Annex B. Data Subject Rights Reference

• 1.Access. Article 15
• 2.Rectification. Article 16
• 3. Erasure. Article 17
• 4. Restriction. Article 18
• 5. Portability. Article 20
• 6. Objection. Article 21
• 7. Automated decision making. Article 22

Annex C. Examples of Retention Periods

• 1.Account and invoice data. At least the period required by tax and accounting laws, then deletion or archiving.
• 2.Order and shipment records. Retained for limitation periods to manage claims and warranties.
• 3.Support tickets and RMA logs. Retained for warranty windows and reasonable audit needs.
• 4.Marketing preferences. Retained as long as you remain subscribed or to record an opt out.
• 5.Web logs and security telemetry. Short operational windows with longer retention for investigations where necessary.

Annex D. Security Measures Overview

• 1.Governance. Policies, training, confidentiality undertakings, vendor management.
• 2.Technical controls. Encryption, hardened configurations, vulnerability management, access controls, monitoring, backups and recovery.
• 3.Physical controls. Secure facilities, visitor logs, CCTV where posted, restricted areas.
• 4.Testing and improvement. Risk assessments, penetration testing, incident simulations, corrective actions.