Privacy Policy of LINNALL ERP

Preface

LINNALL highly values user privacy. This privacy policy covers how we collect, use, share, and protect your personal information, particularly the personally identifiable information (PII) of Amazon sellers and their customers. We promise to comply with global privacy regulations, including the laws of the People's Republic of China, the European General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and adhere to the privacy and security compliance requirements of Amazon SP-API.

This website (including www.linnall.com and its subdomains) respects and protects the personal privacy rights of all users who use the services. In order to provide you with more accurate and personalized services (including but not limited to online ordering services, order fulfillment transportation services, and online order processing services), this website will collect, use, and disclose your personal information in accordance with the provisions of this privacy policy. But this website will treat this information with high diligence and prudence. Unless otherwise specified in this privacy policy, this website will not disclose or provide this information to third parties without your prior permission. This website may update this privacy policy from time to time. This website is developed and maintained by Shenzhen Wanlian Wuyuan Information Technology Co., Ltd. If you have any questions, please contact our information security officer (email: maxj@wlwytech.com ).

1、 Information collection

(a) When you register an account on this website, you provide the personal registration information required by this website;

(b) When you use the network services of this website or access the website platform pages, this website automatically receives and records information from your browser and computer, including but not limited to your IP address, browser type, language used, access date and time, software and hardware feature information, and the webpage records you require;

(c) The customer information you provide to the mall operator when registering in the mall, as well as the recipient information you maintain in the mall and the recipient information of orders, etc;

(d) The personal information filled in by your enterprise during the registration of internal user accounts on this website;

(e) This website obtains user personal data from business partners through legal means.

When working with Amazon sellers through Amazon SP-API, we may collect and process the following types of personally identifiable information (PII): seller's account information, order information, buyer's contact information (such as buyer's name, shipping address, phone number, etc.). We will strictly comply with Amazon's regulations on API data access and will not collect, store, or process personally identifiable information unrelated to the service.

1. Sharing

We will not share your user information with other organizations or individuals, except in the following circumstances:

1) Sharing with explicit consent: With your explicit consent, we will share your user information with other parties;

2) Sharing under legal circumstances: We may share your user information with external parties in accordance with legal regulations, litigation, arbitration needs, or as required by administrative or judicial authorities in accordance with the law;

3) We will sign strict confidentiality agreements and information protection agreements with companies, organizations, and individuals with whom we share user information, requiring them to handle user information in accordance with our instructions, this privacy policy, and any other relevant confidentiality and security measures.

2. Transfer

We will not transfer your user information to any company, organization, or individual, except in the following circumstances:

1) Transfer with explicit consent: With your explicit consent, we will transfer your user information to other parties;

2) In the event of a merger or acquisition involving cross communication and other legal entities, or in other cases involving the transfer of user information, we will require the new company or organization holding your user information to continue to be bound by this policy. Otherwise, we will require the company, organization, and individual to seek your authorization and consent again.

3. Exceptions to obtaining prior authorization and consent when sharing or transferring information

In the following situations, sharing, transferring, or publicly disclosing your user information does not require your prior authorization and consent:

1) Related to national security and defense security;

2) Related to public safety, public health, and major public interests;

3) Related to criminal investigation, prosecution, trial, and execution of judgments;

4) For the purpose of safeguarding your or other individuals' significant legitimate rights and interests such as life and property, but it is difficult to obtain my consent;

5) Personal information that you disclose to the public on your own;

6) Collecting personal information from legally disclosed information, such as legitimate news reports, government information disclosure, and other channels.

The personal information we collect includes but is not limited to:

• Identification information: name, email address, phone number, etc.
• Account information: username, password, login logs, etc.
• Transaction information: order information, payment information, etc.
• Device information: IP address, device type, operating system, browser information, etc.
• Location information: With your consent, we may collect your location information.
• Other information: Information voluntarily provided by you when using our services.

2、 Purpose of Information Use

(a) This website will not provide, sell, rent, share, or trade your personal information to any unrelated third party unless you have given prior permission or the third party and this website (including its affiliated companies) provide services to you separately or jointly. The main scenario involves providing detailed order information to cooperating third-party warehousing and logistics companies to provide you with order fulfillment services; Through your authorization, we provide information to third-party software service providers to facilitate their order processing services for you.

(b) This website also does not allow any third party to collect, edit, sell or disseminate your personal information for free by any means. If any user of this website platform engages in the above activities, once discovered, this website has the right to immediately terminate the service agreement with the user.

(c) For the purpose of serving users, this website may provide you with information that interests you through the use of your personal information, including but not limited to sending you product and service information.

The personal information we obtain from Amazon is limited to the following purposes:

• Provide Amazon seller services, including order processing, fulfillment management, financial statement generation, and other functions.
• Only when necessary, share your order information (including buyer PII) with logistics partners and third-party warehousing service providers to ensure order fulfillment and delivery.
• According to Amazon's requirements, we only collect, process, and use necessary order data and guarantee that the data will not be used for purposes unrelated to the service.
• We will ensure that all data you provide is processed in a legal and secure environment, fully complying with Amazon's API security standards and privacy requirements.

3、 Legal compliance

In the following circumstances, this website will disclose all or part of your personal information based on your personal wishes or legal provisions:

(a) Disclosure to third parties with your prior consent;

(b) To provide the products and services you request, it is necessary to share your personal information with third parties;

(c) Disclosure to third parties or administrative or judicial institutions in accordance with relevant legal provisions or requirements of administrative or judicial institutions;

(d) If you violate relevant Chinese laws, regulations, or the service agreement or rules of this website, you need to disclose it to a third party;

(e) In a transaction created on the platform of this website, if either party fulfills or partially fulfills the transaction obligations and requests information disclosure, this website has the right to decide to provide the user with necessary information such as the contact information of the counterparty to facilitate the completion of the transaction or the resolution of disputes.

(f) Other disclosures deemed appropriate by this website in accordance with laws, regulations, or website policies.

We process your personal information based on the following legal grounds:

• Your explicit consent: In most cases, we will obtain your explicit consent.
• Fulfill the contract: To provide the services you requested.
• legitimate right: To safeguard our legitimate rights and interests without harming your rights and interests.
• Legal obligations: Comply with the requirements of laws and regulations.

4、 Data subject rights

The information and materials collected by this website about you will be stored on the servers of this website and/or its affiliated companies. These information and materials may be transmitted to your country, region, or overseas where this website collects information and materials, and accessed, stored, and displayed overseas.

You have the right to:

• Accessing your personal information
• Correcting incorrect personal information
• Delete your personal information
• Restrict the processing of your personal information
• Data portability right
• Oppose handling

Authorization and data access restrictions

When using our platform, sellers need to provide us with necessary API access permissions so that we can effectively provide services. We will only request permissions related to order processing, inventory management, logistics tracking, and report analysis, and will not request any other permissions beyond our service scope.

Authorization revocation process

Sellers should have the right to view or modify their API authorization at any time and may request the revocation of all or part of the authorization.

You can view, modify, or revoke the granted API permissions at any time through the API management page on our platform. Any revocation or modification will take effect within 24 hours, and we will delete or stop accessing the relevant data accordingly.

5、 Data Security

(a) All accounts on this website have security protection functions. Please keep your username and password information safe. This website will ensure that your information is not lost, abused, or altered through security measures such as encrypting user passwords. Despite the aforementioned security measures, please also note that there are no "comprehensive security measures" on the information network.

(b) When using the network services of this website, you inevitably need to disclose your personal information, such as contact information or postal address, to cooperating service providers (such as logistics providers, overseas warehouses, etc.). Please protect your personal information properly and only provide it to others when necessary.

In any case, if it is necessary to share data with third parties (such as logistics providers, accounting service providers), we will adopt contractual constraints and data protection agreements (DPA) to ensure that third parties comply with the same privacy and security standards as us when processing data.

We have taken advanced technological and organizational measures to protect your personal information, including but not limited to:

• Data Encryption: We encrypt all sensitive data (such as buyer PII) transmitted through Amazon SP-API using AES-256 encryption and ensure data security during storage.
• Access control: Only authorized employees and partners can access personal data of Amazon sellers or buyers. All access is strictly reviewed and follows the principle of minimum privilege.
• Regular review and monitoring: We conduct regular security scans of the system, monitor potential threats, and perform vulnerability fixes when necessary.
• Emergency response to data breaches: In the event of any data breach, we will immediately activate emergency plans and notify affected users and relevant regulatory agencies within 24 hours, in accordance with Amazon's reporting requirements.

1. The services provided by LINNALL including processing, storing, uploading, downloading, distributing, and processing data through other means, are all your user business data, and you fully own your user business data. As an enterprise cloud service provider, LINNALL will only strictly follow your instructions to process your business data, and will not engage in any unauthorized use or disclosure of your business data, except in accordance with the agreed terms or clear legal and regulatory requirements.

2. You are responsible for the source and content of your user business data. LINNALL reminds you to carefully judge the legality of the data source and content. All consequences and liabilities arising from the violation of laws, regulations, departmental rules, or national policies by the content of your user business data shall be borne solely by you.

3. In order to optimize service quality and provide you with new products and services, LINNALL will collect your transaction data, transaction process, and order information related to LINNALL’s products for data analysis, and share the above business data (except for sensitive information) with LINNALL affiliated companies.

Explanation of Data Access Permissions

To ensure data security and privacy, we minimize all access permissions.

• Administrator role: Only administrators have the authority to view, modify, and delete sensitive data (such as customer PII and order history). All operations must undergo two factor authentication and be recorded in internal logs.
• Employee role: Ordinary employees can only view order information and logistics data related to their functions, and cannot access buyer PII or account information.
• API call permissions: We strictly follow the call rules of Amazon SP-API to ensure that all sensitive data access is limited to the actual needs of service providers (such as order processing and logistics fulfillment), and regularly review permissions.
• All users' system access and data operation behaviors will be recorded in the access log. We will regularly review the access to all sensitive data to ensure that permission settings comply with the principle of minimization and prevent any unauthorized data access behavior.
• Every call to the Amazon API interface is logged, including the visitor's identity, data request type, and time.

We will conduct internal permission reviews every quarter to ensure that all access permissions comply with Amazon's compliance requirements and remove unnecessary access permissions.

6、 Data retention

We only retain your personal information when necessary and follow the principle of minimization. When your personal information is no longer needed for the above purposes, we will take reasonable measures to delete or anonymize your personal information.

If there is a request to delete or modify Amazon buyer PII data, we will first verify your identity and ensure that the operation complies with Amazon API data processing rules. We promise to complete your data management operations within 30 working days after receiving the request, and provide you with change records and confirmation information.

7、 Cross border data transmission

The information and materials collected by this website about you will be stored on the servers of this website and/or its affiliated companies. These information and materials may be transmitted to your country, region, or overseas where this website collects information and materials, and accessed, stored, and displayed overseas.

We may transfer data obtained through Amazon SP-API to our servers in other countries/regions for processing, but in any cross-border transfer process, we will comply with relevant data protection laws and regulations and take necessary security measures, such as data encryption and signing data protection agreements, to ensure the security and privacy of the data are not violated.

8、 Privacy Impact Assessment (PIA)

All information collected on this website will be stored, transmitted, and used strictly in accordance with the relevant regulations of the local government where the information is stored, and will be properly stored and used. The user's personal information (mainly recipient information) included in the order shall be deleted within one month after the order is completed, and the total storage time shall not exceed three months. User personal information (including internal users and external customers) will be deleted within one month of account cancellation.

For processing activities that may involve a large amount of personal information of Amazon sellers and buyers, we will conduct a Privacy Impact Assessment (PIA) in advance to ensure that data processing does not have a significant impact on users' privacy rights and complies with relevant provisions of GDPR and CCPA.

9、 The use of cookies

We use cookies to collect your information in order to provide you with better service. You can manage cookies through browser settings.

10、 Children's Privacy

We mainly provide products and services to adults. If you are a minor, we request that you ask your parents or guardians to carefully read this privacy policy and use our services or provide information to us with their consent.

In the case of collecting personal information of minors through the use of our products or services with the consent of parents or guardians, we will only use, share, transfer, or disclose this information as permitted by laws and regulations, with the explicit consent of parents or guardians, or as necessary to protect minors.

11、 Changes to this policy

We may update this privacy policy in a timely manner. When there are changes to the relevant terms, we will display the updated privacy policy to you in the form of website announcements, push notifications, and pop ups during your login and version updates. Once you continue to use LINNALL's services, it will be deemed as acceptance and recognition of the updated privacy policy.

12、 Contact Us

If you have any questions about this privacy policy, please contact our Information Security Officer (email: maxj@wlwytech.com) We will reply to you within 10 working days after receiving the relevant information.

13、 Complaint

If you have any dissatisfaction with our handling of your personal information, you can file a complaint with the local data protection regulatory agency.

Important statement:

• This privacy policy may be updated due to changes in laws and regulations, please refer to the latest version.
• This privacy policy only applies to the services provided by LINNALL and does not apply to other third-party websites or applications.

Special note:

• GDPR compliance: This policy covers all core principles of GDPR, including lawful, fair, and transparent processing; Purpose limitations; Data minimization; Accuracy; Storage restrictions; Integrity and confidentiality; Accountability system, etc.
• CCPA compliance: This policy complies with the consumer rights stipulated by CCPA, such as the right to information, access, deletion, etc.
• Laws in other regions: If you are located in another region, we will also comply with applicable privacy laws and regulations in that area.
• Regular review and update: With the development of laws, regulations, and technology, we will regularly review and update our privacy policy.
• User Education: Explain the privacy policy to users in clear and understandable language to enhance their awareness of privacy protection.
• Technical measures: We will continuously improve our technical measures to ensure the security of user data.