Privacy Policy

01 — Introduction

This Privacy Policy describes how Heze Chengchao Network Technology Co., Ltd. (referred to as we, our, or the Company) collects, uses, stores, and protects the personal information of individuals who interact with our website at chengchao.autos, use our services, or communicate with us. We are committed to safeguarding your privacy and ensuring that your personal data is handled in accordance with applicable laws including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Our registered address is: Unit 1002, Area F1, Yiwu Commodity City, Huanghe Road, Beicheng Subdistrict, Mudan District, Heze City, Shandong Province, 274000, China. For any privacy-related inquiries, you may reach us at spt@chengchao.autos or by phone at +12724635629.

02 — Types of Data We Collect

We may collect the following categories of personal data when you interact with our website or services:

• Contact Information. When you reach out to us via email, phone, or contact forms, we collect your name, email address, phone number, and any details you voluntarily provide in your message.
• Technical Data. Our servers automatically log certain information when you visit our website, including your IP address, browser type and version, operating system, referring URL, pages viewed, and the date and time of your visit.
• Communication Records. If you correspond with us through email, phone calls, or other channels, we may retain records of those communications to provide support and maintain a history of our business relationship.
• Service Data. When you engage us for systems design or integration services, we may collect business-related information necessary to fulfill our contractual obligations, including technical specifications, project requirements, and organizational details.

03 — How We Use Your Data

We use the personal data we collect for the following purposes:

• To provide and maintain our services. We use your information to deliver the systems design, integration, and consulting services you have requested, including project communication, technical support, and account management.
• To improve our website. Technical data helps us understand how visitors interact with our site, allowing us to enhance usability, performance, and content relevance.
• To communicate with you. We respond to inquiries, send service-related announcements, and provide updates about project status or policy changes that may affect you.
• To comply with legal obligations. We may process your data where required by applicable law, regulation, or legal process, including responding to lawful requests from public authorities.

04 — Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal basis for processing your personal data includes:

• Consent. Where you have given clear consent for us to process your data for a specific purpose, such as receiving marketing communications.
• Contractual Necessity. Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legitimate Interests. Processing is necessary for our legitimate business interests, such as improving our services, maintaining security, and communicating with clients, provided those interests do not override your fundamental rights and freedoms.
• Legal Compliance. Processing is necessary to comply with a legal obligation to which we are subject.

05 — Data Sharing and Disclosure

We do not sell, trade, or rent your personal data to third parties. We may share your information in the following circumstances:

• Service Providers. We may engage trusted third-party service providers to assist us in operating our business, such as cloud hosting providers (e.g., Firebase), email services, and analytics tools. These providers are contractually bound to protect your data and may only use it to perform services on our behalf.
• Legal Requirements. We may disclose your personal data if required to do so by law, regulation, or legal process, or in response to a valid request from law enforcement or other government authorities.
• Business Transfers. In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and ensure your data continues to be protected.

06 — Cookies and Tracking Technologies

Our website uses minimal cookies and similar tracking technologies solely for essential operational purposes. We do not use cookies for advertising, profiling, or cross-site tracking.

Cookies are small text files stored on your device by your web browser. We use the following types:

• Strictly Necessary Cookies. These are required for the website to function properly and cannot be disabled in our systems. They are set only in response to actions you take, such as setting privacy preferences or navigating between pages.
• Analytics Cookies. We may use anonymous analytics to understand general usage patterns — this data is aggregated and does not identify individual users. You may opt out of analytics cookies through your browser settings.

You can manage or disable cookies through your browser settings. Please note that blocking certain cookies may affect website functionality.

07 — Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols.
• Secure data storage with access controls and authentication requirements.
• Regular security assessments and vulnerability reviews.
• Employee training on data protection practices and confidentiality obligations.
• Incident response procedures to address potential data breaches promptly.

While we strive to protect your personal data, no method of transmission or storage is completely secure. We cannot guarantee absolute security, but we will notify you and relevant authorities in accordance with applicable law if a breach occurs that affects your data.

08 — Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. The retention period depends on the nature of the data and the purpose for which it was collected:

• Contact and communication data is retained for the duration of our business relationship plus a reasonable period thereafter for record-keeping purposes, not exceeding three years after the last communication.
• Technical data such as server logs is retained for up to 12 months, after which it is anonymized or deleted.
• Service-related data is retained for the duration of the contractual relationship and for a period consistent with applicable legal and regulatory requirements, typically up to six years.

When data is no longer needed, we securely delete or anonymize it.

09 — Your Rights (Including CCPA)

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to Access. You may request a copy of the personal data we hold about you, along with information about how we use it and with whom we share it.
• Right to Rectification. You may request that we correct any inaccurate or incomplete personal data we hold about you.
• Right to Erasure. You may request that we delete your personal data where there is no compelling reason for its continued processing. This is also known as the right to be forgotten.
• Right to Restrict Processing. You may request that we suspend the processing of your personal data in certain circumstances, such as while we verify the accuracy of disputed data.
• Right to Data Portability. You may request a copy of your personal data in a structured, machine-readable format, or request that we transfer it to another controller where technically feasible.
• Right to Object. You may object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.
• Right to Non-Discrimination (CCPA). If you are a California resident, you have the right not to receive discriminatory treatment for exercising any of your CCPA rights. We will not deny services, charge different prices, or provide a different level of service based on your exercise of these rights.

To exercise any of these rights, please contact us at spt@chengchao.autos. We will respond to your request within the time frame required by applicable law (typically 30 days for GDPR requests and 45 days for CCPA requests). We may need to verify your identity before processing your request.

10 — Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete that information promptly. If we become aware that a child under 16 has provided us with personal data without verifiable parental consent, we will remove that data from our records.

11 — International Data Transfers

As a company based in China with clients and users in various countries, your personal data may be transferred to, stored in, and processed in countries outside your country of residence, including China and the United States. Where we transfer data across borders, we ensure appropriate safeguards are in place:

• Data transfer agreements incorporating Standard Contractual Clauses (SCCs) as approved by the European Commission.
• Compliance with applicable data protection frameworks and bilateral agreements.
• Verification that receiving entities maintain data protection standards substantially similar to those required by applicable law.

By submitting your personal data, you acknowledge that we may transfer, store, and process it in countries where data protection laws may differ from those in your jurisdiction. We will take all reasonable steps to ensure your data is treated securely and in accordance with this policy.

12 — Third-Party Links

Our website may contain links to third-party websites, services, or resources that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites. We encourage you to review the privacy policies of any third-party services you interact with. This Privacy Policy applies solely to information collected by our website and services.

13 — Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will notify you by updating the effective date at the top of this page and, where appropriate, by posting a notice on our website or contacting you directly.

We encourage you to review this page periodically for the latest information on our privacy practices. Your continued use of our website and services after any changes constitutes your acceptance of the updated policy.

14 — Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us: