Our personal data processing activities are subject to this policy and the GDPR if any of the following conditions are met:

1. We have a business establishment within the EU, and the personal data processing activities fall within the scope of those business establishments;
2. We do not have a business establishment within the EU, but we process the personal data of data subjects within the EU, and this processing is related to the provision of clothing products or services (whether or not for a fee) to data subjects within the EU;
3. We process the personal data of data subjects within the EU, and this processing involves monitoring the activities of data subjects within the EU.

Types of Personal Data Collected

To provide apparel products, services, and related business to data subjects, we may collect and process the following types of personal data:

1. Identifying information: such as name, email address, phone number, delivery address, etc.;
2. Transaction information: such as order details, payment records, purchase preferences, etc.;
3. Device and usage information: such as IP address, browser type, access history, and click behavior when accessing our official website (dexintimates.com);
4. Special categories of personal data (such as health-related clothing fit requirements, etc.), which will only be collected with the explicit consent of the data subject and will be subject to additional protective measures.

Legal Basis for Data Processing

Our personal data processing activities are based on one of the following legal bases:

1. Explicit Consent from the Data Subject: For non-essential data processing activities, we will clearly inform the data subject of the purpose and scope of processing, and proceed only after obtaining the data subject’s clear and voluntary consent. The data subject has the right to withdraw consent at any time, and the withdrawal process is as simple as the consent-giving process;
2. Fulfillment of Contractual Obligations: To complete the signing and performance of contracts such as those for the sale of apparel products, it is necessary to process the data subject’s relevant personal data;
3. Compliance with Legal Obligations: In accordance with applicable laws and regulations, it is necessary to process relevant personal data to fulfill compliance obligations;
4. Protection of the Vital Interests: When necessary, personal data will be processed to protect the vital interests of the data subject or other natural persons, such as life and property;
5. Pursuit of Legitimate Interests: Under the premise that our legitimate business interests do not conflict with the rights and freedoms of the data subject, we will process personal data for legitimate purposes such as business optimization, product improvement, and market analysis.

We collect personal data solely for the following specific and explicit purposes, and will not use the data for any other undeclared purposes without the data subject’s separate consent or as permitted by law:

1. To provide, maintain, and optimize apparel products and related services, including order processing, logistics, and after-sales service;
2. To communicate with data subjects, respond to inquiries, and handle complaints and suggestions;
3. To conduct market analysis and product development, improve product quality and service experience, and provide personalized product recommendations to data subjects;
4. To ensure transaction security and prevent risks such as fraud;
5. To comply with relevant laws and regulations and fulfill compliance obligations.

Furthermore, we adhere to the principle of data minimization, collecting only the minimum personal data necessary to achieve the above purposes and not collecting any additional irrelevant data.

According to the GDPR, data subjects enjoy the following rights, and we have established corresponding processes and mechanisms to ensure timely response to data subjects’ requests for rights:

1. Right to Know: The right to know the purpose, scope, and methods by which we collect and process their personal data;
2. Right to Access: The right to request a copy of their personal data and to understand the processing status of their personal data;
3. Right to Correction: The right to request that we correct inaccurate or incomplete personal data;
4. Right to Erasure (Right to Be Forgotten): Under certain circumstances, the right to request that we delete their personal data;
5. Right to Restrict Processing: Under certain conditions, the right to request that we restrict the processing of their personal data;
6. Right to Data Portability: The right to request that we provide their personal data in a structured, universal, and machine-readable format;
7. Right to Object: Users have the right to object to personal data processing activities based on “pursuing legitimate interests” or “public tasks;”
8. Right to Object to Automated Decision-Making: Users have the right to object to decisions that have a significant impact on them based solely on automated processing (including profiling).

Data subjects can submit their rights requests through the contact information provided at the end of this policy. We will respond and process them within the time limit stipulated by laws and regulations, and will not charge data subjects unreasonable fees for this purpose.

We adhere to the principle of limited storage periods, storing personal data only for the shortest period required to achieve the data processing purpose. After the storage period expires, we will promptly and securely delete or anonymize the personal data, unless otherwise stipulated by laws and regulations.

To ensure the integrity and confidentiality of personal data, we have adopted appropriate and sufficient technical and organizational security measures, including data encryption, access control, security audits, and regular risk assessments. We have also established a data breach emergency response mechanism to report breaches to EU regulatory authorities within 72 hours if necessary.

We will not share data subjects’ personal data with third parties indiscriminately, and may only share it with explicit consent, to fulfill contractual obligations, to comply with legal requirements, or to protect vital interests.

For cross-border transfers outside the EU, we prioritize countries with adequate data protection levels or use appropriate safeguards such as EU standard contractual clauses to ensure compliance with GDPR requirements.

We maintain detailed Record of Personal Data Processing Activities (RoPA) and conduct regular compliance assessments. If required by law, we appoint a Data Protection Officer (DPO) to ensure GDPR compliance.

This Privacy Policy may be updated due to legal changes or business adjustments. Updated versions will be published on our official website (dexintimates.com), and we will notify data subjects of significant changes through appropriate channels.