1. Introduction

Hong Kong Wholesalers Limited and its affiliates and subsidiaries in Hong Kong respect the privacy of every business contact, customer, supplier and website visitor. This Privacy Policy explains how we collect, use, retain, disclose, transfer, and secure personal data in connection with our wholesale and distribution business for mobile phones, tablets, laptops, wearables, gadgets, accessories, repairs, refurbishments, recycling, trade-in and buy-back, import and export, sourcing and procurement and related B2B services.

This Policy is designed to comply with the Personal Data (Privacy) Ordinance, Cap. 486 of the Laws of Hong Kong and its Data Protection Principles set out in Schedule 1. These principles cover fairness and transparency in collection, purpose and use limitation, data accuracy and retention, security safeguards, openness and data access and correction rights. elegislation.gov.hk

This Policy applies to our websites, online portals, trade account systems, communications and offline interactions in Hong Kong. By using our channels, submitting inquiries, opening a trade account or otherwise providing personal data, you agree to the practices described here.

2. Who We Are and Contact Details

• Company name: Jinlong Digital HK Trading LimitedCompany name: Jinlong Digital HK Trading Limited
• Registered office: Office C, 5th Floor, Wing Lock House, 1-3 Lock Road, Tsim Sha Tsui, Kowloon, Hong KongRegistered office: Office C, 5th Floor, Wing Lock House, 1-3 Lock Road, Tsim Sha Tsui, Kowloon, Hong Kong
• Business hours: Monday to Saturday, 10:00 AM to 7:00 PM HKTBusiness hours: Monday to Saturday, 10:00 AM to 7:00 PM HKT
• Email: [email protected] Email: [email protected]
• Telephone: Telephone: +852 9428 5319

If you have questions about this Policy or how we handle personal data, contact our Privacy Officer at the details above. You may also contact the Office of the Privacy Commissioner for Personal Data, Hong Kong for general guidance on your rights. If you have questions about this Policy or how we handle personal data, contact our Privacy Officer at the details above. You may also contact the Office of the Privacy Commissioner for Personal Data, Hong Kong for general guidance on your rights.

3. Scope and Roles

This Policy explains our practices when we act as a data user under Hong Kong law. We may appoint service providers that act as data processors on our behalf. These providers process personal data according to our documented instructions and under contract terms designed to protect confidentiality, security, and integrity.data user under Hong Kong law. We may appoint service providers that act as data processors on our behalf. These providers process personal data according to our documented instructions and under contract terms designed to protect confidentiality, security, and integrity.

This Policy does not cover personal data we process as a mere conduit for third-party platforms you choose to use independently. For those, please refer to the third parties’ privacy notices. conduit for third-party platforms you choose to use independently. For those, please refer to the third parties’ privacy notices.

4. Key Definitions

• 4.1

  Personal data: Any data relating directly or indirectly to a living individual, from which it is practicable to ascertain the identity of the individual.Personal data: Any data relating directly or indirectly to a living individual, from which it is practicable to ascertain the identity of the individual.

• 4.2

  Data subject: Data subject: The individual who is the subject of the personal data.

• 4.3

  Data user: A person who, either alone or jointly or in common with other persons, controls the collection, holding, processing or use of the personal data.

• 4.4

  Processing: Processing: Any operation with personal data, including collection, holding, use, disclosure, transfer, storage and deletion.

5. The Legal Framework We Follow

We operate in accordance with the Personal Data (Privacy) Ordinance and the six Data Protection Principles, as interpreted and supported by PCPD guidance. These include obligations concerning fair collection notices, purpose specification, consent for new uses, accuracy, retention policies, security measures, openness about practices and access and correction rights. pcpd.org.hk

We also take into account the PCPD’s guidance on direct marketing and the rules introduced by amendments to the Ordinance. If we engage in direct marketing, we will provide the required notices and obtain valid consent before using personal data for direct marketing or before transferring it to another person for such marketing. pcpd.org.hk

We recognize the PCPD’s guidance on data breach handling and notifications, which encourages prompt containment, assessment, and communication, including voluntary notification to the PCPD using its online form.pcpd.org.hk

We note that Section 33 of the Ordinance (cross-border transfer restrictions) has not yet commenced as of this policy’s effective date. We nonetheless apply contractual and organizational safeguards that are consistent with PCPD guidance for cross-border data transfers. elegislation.gov.hk

We may use electronic records and electronic signatures in our dealings with you where appropriate. These are recognized under the Electronic Transactions Ordinance, Cap. 553. elegislation.gov.hk

We are mindful of the 2021 Amendment Ordinance that created new doxxing offences and extended PCPD powers and we operate to avoid any unlawful disclosure of personal data. pcpd.org.hk

6. What Personal Data We Collect

We collect the following categories of personal data, depending on our engagement with you: We collect the following categories of personal data, depending on our engagement with you:

• 6.1

  Identity and contact data: Names, job titles, company names, business emails, telephone numbers, messaging identifiers and business addresses.

• 6.2

  Trade account data: Trade account data: Registration details, login credentials, role permissions, KYC and AML screening data, supporting business documents that may contain personal data and account preferences.

• 6.3

  Transactional data: Order history, quotations, invoices, payments, shipment and customs references, RMA records, warranty and after-sales communications.Transactional data: Order history, quotations, invoices, payments, shipment and customs references, RMA records, warranty and after-sales communications.

• 6.4

  Verification and compliance data: Documents and information needed to verify lawful ownership of devices for buy-back or recycling, declarations, sanctions and adverse media screening results where applicable and export compliance checks.

• 6.5

  Device service data: Device service data: Repair or refurbishment records, device IMEI or serial numbers tied to service activities, diagnostics logs, service tickets and imagery related to condition assessment.

• 6.6

  Support communications: Emails, chats, phone notes, WhatsApp or WeChat interactions if you choose to contact us via these channels. Emails, chats, phone notes, WhatsApp or WeChat interactions if you choose to contact us via these channels.

• 6.7

  Website and portal data: Account login history, browser type, IP address, device identifiers, usage data, cookies, analytics reports, error logs and security audit trails.

• 6.8

  Event and meeting data: Appointment bookings, meeting notes, access logs for visits to our office and CCTV recordings in our premises where posted locally.

• 6.9

  Marketing and preferences data: Newsletter subscriptions, direct marketing consent records, opt-ins, opt-outs and your category interests for business communications.

If you provide personal data about others, you represent that you have the authority to do so and that the data is accurate. If you provide personal data about others, you represent that you have the authority to do so and that the data is accurate.

7. How We Collect Personal Data

• 7.1Directly from you, when you submit forms, inquiries or trade account applications; when you request a quotation; or when you transact with us.
• 7.2Automatically, when you use our website, portals or digital services that set cookies or collect usage analytics.
• 7.3From your company, colleagues or representatives who interact with us on your behalf.
• 7.4From service providers that support our KYC, AML, sanctions screening, logistics, payment, analytics and security.
• 7.5From public sources and trade references for verification purposes.

At or before collection, we provide notices describing purposes of use, classes of transferees, whether provision is obligatory or voluntary and consequences of failing to provide data, in line with DPP1. pcpd.org.hk

8. Purposes of Use

We use personal data for the following purposes:

• 8.1

  Customer relationship and account management: Evaluating trade account applications, verifying identity and authority, setting permissions and maintaining up-to-date contact details.

• 8.2

  Sales and operations: Sales and operations: Handling quotations, orders, shipments, logistics, customs support, export documentation, warranties, repairs, refurbishments, RMAs and after-sales service.

• 8.3

  Compliance and risk: Compliance and risk: KYC, AML, sanctions screening, fraud prevention, ownership verification for buy-back and recycling and legal or regulatory obligations.

• 8.4

  Business communications: Answering inquiries, issuing stock updates and operational announcements, notifying about service changes or interruptions and coordinating appointments or site visits.

• 8.5

  Security and continuity: Protecting our systems, detecting and investigating incidents, ensuring business resilience and maintaining logs to support audits.

• 8.6

  Analytics and improvement: Understanding usage patterns, improving our website and services, training staff and enhancing user experience.

• 8.7

  Direct marketing: If you have provided valid consent under Hong Kong law, informing you about products, services, promotions, events and trade opportunities relevant to your business. pcpd.org.hk

We will not use personal data for a new purpose unless we have obtained prescribed consent or we can rely on an exception under the Ordinance.

9. Direct Marketing

We may use your name, contact details, business role and declared interests for direct marketing only with your consent, given after we have provided the required information about the classes of marketing subjects and classes of transferees. You can opt out at any time. If we intend to provide your data to another person for their direct marketing, we will obtain your informed consent to the classes of persons and classes of marketing subjects. We will honor all opt-out requests promptly. pcpd.org.hk

10. Cookies and Similar Technologies

We use cookies and similar tools for:

• 10.1Session management, authentication and security
• 10.2Remembering preferences and improving user experience
• 10.3Measuring site performance and usage trends via analytics
• 10.4Detecting abuse and preventing fraudulent activity

You can control cookies through browser settings. Certain features and secure areas of our site or portal may not function properly without essential cookies. Where legally required, we will present cookie notices or preference controls. You can control cookies through browser settings. Certain features and secure areas of our site or portal may not function properly without essential cookies. Where legally required, we will present cookie notices or preference controls.

11. Messaging, Social and Communications Platforms

If you contact us through WhatsApp, WeChat or similar platforms, the personal data you share will be processed for support and communications. These platforms have their own privacy terms which we do not control. Limit sensitive data shared via third party messaging and prefer our official email or portal for account and order details. We retain necessary records of these communications for operational, legal and audit purposes.

12. Accuracy and Retention

We take reasonable steps to ensure personal data is accurate and kept no longer than necessary for the purposes for which it is used. Our retention schedules consider the nature of the data, legal limitation periods, tax and accounting rules, warranty windows and the need to investigate potential issues. Data that is no longer required will be securely erased, anonymized or archived in line with DPP2. pcpd.org.hk

13. Security Measures

We implement administrative, technical and physical measures appropriate to the nature of the data and the risks involved. These measures include access controls, role based permissions, encryption in transit and at rest where proportionate, secure configurations, logging and monitoring, intrusion detection, malware protection, network segmentation, data minimization, staff training, supplier due diligence and contractual confidentiality obligations for processors. We tailor controls using risk assessments and recognized good practices to satisfy DPP4 requirements for data security. pcpd.org.hk

14. Data Breach Handling

We respond to suspected or confirmed data incidents through a structured process: containment, assessment, mitigation, recovery and communication. We assess whether to notify affected individuals and other stakeholders, as well as whether to make a voluntary notification to the PCPD using its online form, as encouraged by the PCPD’s Data Breach Notification guidance. We document our decisions and continuously improve our controls to prevent recurrence. pcpd.org.hk

15. Disclosure and Classes of Transferees

We disclose personal data, on a need-to-know basis and for the purposes described above, to:

• 15.1Our group entities in Hong Kong or other jurisdictions that support sales, operations, finance, logistics or customer service
• 15.2Logistics, warehousing, insurance, customs brokers and other shipment partners
• 15.3Payment service providers and banks
• 15.4KYC, AML, sanctions screening and risk intelligence providers
• 15.5Device repair, refurbishment, diagnostics and recycling partners
• 15.6IT service providers, hosting, security, analytics and support vendors
• 15.7Professional advisers including auditors and legal counsel
• 15.8Government authorities, courts, regulators or law enforcement where required by law or to protect our legal rights

We require our service providers to implement appropriate confidentiality and security safeguards and to process personal data only according to our instructions.

16. Cross-Border Transfers

We may transfer personal data to locations outside Hong Kong to support global operations, logistics or shared systems. While Section 33 of the PDPO has not yet commenced, we adopt risk-based measures consistent with PCPD’s guidance for cross-border personal data transfers. These measures can include contractual clauses, assessments of the recipient’s legal framework and practices and technical safeguards to ensure protection comparable to the Ordinance. pcpd.org.hk

17. Your Rights

Subject to the Ordinance, you may request:

• Access to personal data we hold about youAccess to personal data we hold about you
• Correction of inaccurate dataCorrection of inaccurate data

Submit requests in writing to our Privacy Officer. We may require reasonable information to verify your identity and locate the data. We will respond within a reasonable time in line with statutory requirements and may charge a reasonable fee for supplying a copy. If a correction is made, we will supply a copy of the corrected data. If a correction is not made, we will state the reasons for refusal and how you may complain. Submit requests in writing to our Privacy Officer. We may require reasonable information to verify your identity and locate the data. We will respond within a reasonable time in line with statutory requirements and may charge a reasonable fee for supplying a copy. If a correction is made, we will supply a copy of the corrected data. If a correction is not made, we will state the reasons for refusal and how you may complain.

If you have consented to direct marketing, you may opt out at any time. We will record and respect your preference. pcpd.org.hk

18. Your Choices

• 18.1

  Account information: Account information: You can update business contact details by contacting your account manager or our support team.

• 18.2

  Communications: You may opt out of non-operational direct marketing emails. We may still send service or transactional messages.Communications: You may opt out of non-operational direct marketing emails. We may still send service or transactional messages.

• 18.3

  Cookies: Manage cookies via your browser. Essential cookies cannot be disabled if you wish to use secure areas.Cookies: Manage cookies via your browser. Essential cookies cannot be disabled if you wish to use secure areas.

19. Children’s Privacy

Our business targets professional buyers and suppliers. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided personal data, contact us and we will take appropriate steps. Our business targets professional buyers and suppliers. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided personal data, contact us and we will take appropriate steps.

20. Recruitment Privacy

If you apply for a role, we collect and use personal data for recruitment and selection, background checks permitted by law, interview scheduling and communication. Candidates’ data is retained for a limited period to consider future openings, unless you request earlier deletion and no legal obligation requires retention.

21. CCTV and Visitor Records

For security, safety and asset protection, our office premises may use CCTV monitoring in clearly posted areas. Visitor logs may be maintained for access control and safety.
Records are kept for limited periods and shared only on a need-to-know basis or in response to lawful requests.

22. Procurement and Supplier Data

We collect personal data of supplier representatives to evaluate, onboard and manage suppliers, including quality, compliance, anti-corruption certifications, banking coordination and performance assessments. We may share supplier personal data internally and with our customers where required for transparency or compliance obligations.

23. Buy-Back and Recycling

For device buy-back and corporate recycling, we may collect identity and authority confirmations of the person delivering devices, ownership declarations and logistics details. To protect privacy and security, you must erase or back up data and remove account locks before handing over devices. We will apply responsible data handling during diagnostics and testing and will not attempt to access content unrelated to the service.

24. Repairs and Refurbishments

When providing assessment, repair or refurbishment, we may collect device identifiers, fault descriptions, diagnostic results and warranty claims data. We ask that you deactivate security locks and remove personal data from devices prior to service. We provide commercially reasonable measures to protect data while the device is in our custody and limit processing to service requirements.

25. Security Commitments to Our Customers

We align security controls with the nature of our operations and the risks involved. This involves layered defenses, well-defined incident handling, supplier oversight and regular reviews. We promote a culture of confidentiality through staff training and discipline. We evaluate and strengthen controls over time as technologies and threats evolve, consistent with DPP4. pcpd.org.hk

26. Data Sharing in Corporate Transactions

If we enter into a reorganization, merger, acquisition, asset sale, financing or similar transaction, personal data may be shared with advisors, counterparties and their representatives under appropriate confidentiality obligations. If ownership or control changes, the successor entity will continue to handle personal data under a policy consistent with this one.

27. Government, Legal and Regulatory Requests

We may disclose personal data to Hong Kong authorities, courts, regulators or law enforcement where required by law, regulation, court order or in response to lawful requests. We may also disclose personal data to protect our legal rights, property, operations or users or to investigate fraud or security incidents.

28. Doxxing and Unauthorised Disclosure

We do not tolerate the malicious disclosure of personal data. We implement procedures to avoid unlawful publication or misuse of personal data and to respond to requests from authorities concerning cessation of unlawful disclosures, consistent with the 2021 Amendment Ordinance. concerning cessation of unlawful disclosures, consistent with the 2021 Amendment Ordinance. pcpd.org.hk

29. Third-Party Links and Services

Our websites or portals may contain links to other sites, apps, or services. We are not responsible for their content or privacy Our websites or portals may contain links to other sites, apps, or services. We are not responsible for their content or privacy practices. Review their privacy statements before providing personal data. We do not control third-party cookies placed by external services. Your use of third-party platforms is at your discretion and subject to their terms.

30. International Users

We are based in Hong Kong and process data in Hong Kong. If you access our services from outside Hong Kong, you consent to the transfer and processing of your personal data in Hong Kong and other jurisdictions where our group or service providers operate, with safeguards as described in this Policy and in line with PCPD guidance on cross border transfers. other jurisdictions where our group or service providers operate, with safeguards as described in this Policy and in line with PCPD guidance on cross border transfers. pcpd.org.hk

31. Electronic Records and Signatures

By interacting with our website, portals or email, you agree that communications, agreements and consents may be provided electronically where appropriate. Electronic records and signatures have legal effect under the Electronic Transactions Ordinance, subject to exclusions under that law and any specific requirements for certain documents. elegislation.gov.hk

32. Openness and Availability of Policy

We make this Policy available on our website. We can provide a copy on request. We may update this Policy to reflect changes in law, technology or our operations. We will indicate the effective date at the top of the Policy and, where appropriate, notify registered account holders of significant changes.

33. How to Exercise Your Rights

To request access or correction:

• 1. Write to our Privacy Officer with your full name, contact details and sufficient information to locate the data.
• 2. For access requests, specify the categories of personal data sought. A reasonable fee may be charged for providing a copy.
• 3. For correction requests, provide evidence of the inaccuracy where available.

We will respond within a reasonable time and in accordance with the Ordinance and PCPD’s guidance.

To withdraw consent to direct marketing or to object to further use for that purpose, use the unsubscribe link in our emails or write to us. We will record your preference and action it promptly. pcpd.org.hk

34. How to Make a Complaint

If you believe your privacy has not been respected or your data has been mishandled, contact our Privacy Officer with details. We will investigate and respond. You may also lodge a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong. The PCPD provides guidance and resources on its website that explain your rights and how to submit complaints. has been mishandled, contact our Privacy Officer with details. We will investigate and respond. You may also lodge a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong. The PCPD provides guidance and resources on its website that explain your rights and how to submit complaints.

35. Data Minimization and Purpose Limitation

We collect the minimum personal data necessary for our business purposes and use it only for the purposes stated at or before collection or for directly related purposes. Any intended new use not originally specified will be explained and, where required, we will obtain prescribed consent before proceeding, consistent with DPP1 and DPP3. collection or for directly related purposes. Any intended new use not originally specified will be explained and, where required, we will obtain prescribed consent before proceeding, consistent with DPP1 and DPP3. pcpd.org.hk

36. Business Communications and Operational Messages36. Business Communications and Operational Messages

We send operational messages about quotations, stock lists, shipping, RMAs and support. These are necessary to perform the relationship and are not marketing. If you opt out of marketing, you may still receive operational communications. We avoid unnecessary personal data in these messages and keep an auditable trail for compliance and service quality. unnecessary personal data in these messages and keep an auditable trail for compliance and service quality.

37. Analytics and Improvement

We analyze aggregated and de-identified usage information to improve site performance, portal stability, user experience and content. We use commercially reasonable measures to avoid re-identification of aggregated data. We do not sell personal data.

38. Security Events and Notifications

If we identify an incident that creates a real risk of harm, we will act promptly to contain and investigate and consider notifying affected individuals and the PCPD. The PCPD encourages voluntary breach notification using its online form and emphasizes the importance of prompt action to minimize and contain impact. pcpd.org.hk

39. Sensitive Information and Account Security

We do not intentionally collect sensitive categories such as race, religion or biometric data in the ordinary course of business. Avoid sending sensitive or unnecessary data through open channels. Protect your account credentials and notify us immediately if you suspect unauthorised use.

40. Procurement, Tenders and Trade References

Where we collect personal data as part of supplier onboarding or tendering, we use it to evaluate capability, carry out compliance checks and manage the resulting relationship. We may share limited supplier contact data with customers where transparency is required for warranty or regulatory reasons.

41. Corporate Clients, Resellers and Distributors

We primarily process data of employees and representatives of corporate clients and partners. We expect you to inform your staff of this Policy and to ensure that you have the authority to provide their personal data to us for the stated purposes. corporate clients and partners. We expect you to inform your staff of this Policy and to ensure that you have the authority to provide their personal data to us for the stated purposes.

42. Lawful Requests and Investigations

We may preserve and disclose personal data when required by Hong Kong law, lawful process or as necessary to protect our rights or the safety of our users, staff or the public. We balance such disclosures with our privacy obligations and document our decisions.

43. Cross-Organizational Cooperation

Where our group companies provide shared services, system hosting or consolidated analytics, personal data may be shared within the group under binding rules and contractual controls that ensure protection comparable to the Ordinance. Where third party processors are involved, we require appropriate confidentiality, security and restricted processing obligations.

44. Marketing Preferences and Unsubscribe

We honor your marketing choices. If you unsubscribe from marketing, we will retain a minimal record to ensure your choice is respected in the future. If you later wish to re subscribe, you may contact us or use available signup forms for explicit is respected in the future. If you later wish to re subscribe, you may contact us or use available signup forms for explicit re-consent. pcpd.org.hk

45. Changes to This Policy

We may update this Policy from time to time. Changes take effect when posted on our site and indicated by the “Last updated” date. For material changes, we may notify registered users by email or through our portal. when posted on our site and indicated by the “Last updated” date. For material changes, we may notify registered users by email or through our portal.

46. Language

If this Policy is translated, the English version will prevail where there is any inconsistency.

47. Effective Date

This Policy takes effect on the date shown at the top. Please review it periodically to stay informed about our practices.

Annex A: Summary of Data Protection Principles We Follow

Annex B: Direct Marketing Compliance Statement

If we intend to use your personal data for direct marketing or to provide your data to another person for their direct marketing, we will: If we intend to use your personal data for direct marketing or to provide your data to another person for their direct marketing, we will:

• 1.Inform you of our intention, the classes of marketing subjects and the classes of transferees (if any)
• 2.Use or provide the data only with your consent
• 3.Provide a simple, free-of-charge method for you to opt out at any time
• 4.Honor your opt-out promptly and keep a record of your preference Honor your opt-out promptly and keep a record of your preference

These requirements reflect Part VIA of the Ordinance and PCPD guidance on direct marketing. pcpd.org.hk

Annex C: Data Breach Response Overview

If we suspect a data breach, our priorities are to:

• 1. Contain and investigate the incident
• 2. Assess likely risk and harm
• 3. Take remedial action to mitigate impact
• 4. Consider notifying affected individuals and the PCPD using its online form
• 5. Record the incident and lessons learned to strengthen controls

The PCPD encourages prompt action and voluntary notification to minimize harm and enhance accountability. pcpd.org.hk

Annex D: Cross-Border Transfers

While Section 33 has not commenced, we adopt measures consistent with PCPD’s cross-border guidance, including:

• 1.Contractual safeguards with overseas recipients
• 2.Due diligence on recipient protections and practices
• 3.Technical controls such as encryption and access restrictions
• 4.Purpose limitation and minimization
• 5.Training and oversight

We monitor developments regarding Section 33 and will adapt our approach if the law is brought into force. pcpd.org.hk

Annex E: Electronic Records and Signatures

We may obtain consents, acknowledgements and agreements electronically where suitable. Electronic records and signatures are generally recognized under Hong Kong’s Electronic Transactions Ordinance, subject to exclusions and any formalities required for specific documents.