Privacy Policy

23. mai 2025

Last Updated: May. 23rd 2025
Effective: til Dec. 31st 2025

1. Who We Are

DFMeteorite is a specialized e-commerce platform operated by [Company Name], offering meteorite specimens, scientific samples, and meteorite-themed cultural products globally.
Data Controllers:

Oriental Meteorite Museum

2. Information We Collect

2.1 Directly Provided Information

Category	Purpose
Account Details	Name, email, phone (for account registration & order management)
Payment Data	Encrypted credit card/PayPal credentials (processed via PCI-DSS certified gateways)
Meteorite Attributes	Classification certificates, lab reports (for custom/high-value items)
Shipping Info	Delivery address, customs declarations (mandatory for international orders)

2.2 Automatically Collected Data

Category	Collection Method
Device Fingerprint	IP address, browser type (for anti-fraud detection)
Behavioral Analytics	Page click heatmaps, search keywords (anonymized via cookies)

2.3 Third-Party Sources

Payment Risk Control: Fraud scores from PayPal/Stripe
Logistics Tracking: Shipment updates from DHL/UPS

3. Data Usage & Legal Basis

Purpose	Data Types	Legal Basis
Order Fulfillment	Account + Payment + Shipping Info	Contractual Necessity
Scientific Collaboration	Anonymized meteorite composition data	Legitimate Interest (Research)
Marketing	Email + Browsing History (opt-in required)	Explicit Consent
Compliance Screening	Transaction records + ID verification	Legal Obligation (CITES Export Controls)

4. Data Sharing & Cross-Border Transfers

4.1 Essential Third Parties

Recipient	Shared Data	Protection Measures
Global Logistics	Recipient name + HS codes	AES-256 encrypted transfer
Research Institutions	De-identified meteorite data	Data Processing Agreements

4.2 Transfer Mechanisms

EU → US: SCCs + Supplementary Clauses
Other Regions: APEC CBPR certification

5. Your Rights

Core Rights:

📥 Data Portability: Export order history (CSV/JSON formats)
🚫 Opt-Out of Profiling: Disable personalized recommendations via account settings
🗑️ Deletion Request: Processed within 15 business days upon submission

Exercise Your Rights:

Web Portal: "Privacy Policy "

Email: sunhongji.aboarding@gmail.com

6. Data Retention

Data Type	Retention Period	Basis
Transaction Records	7 years	Tax Compliance
Customer Service Interactions	3 years	Dispute Resolution
Behavioral Logs	1 year	Anonymized for analytics

7. Children’s Privacy

Strictly prohibit registrations under age 13 (COPPA compliance)
Terminate underage transactions immediately and notify guardians

8. Updates & Dispute Resolution

🔔 Material changes notified via email 30 days in advance
⚖️ Jurisdiction: Hong Kong International Arbitration Centre (HKIAC)

Back to blog

Item added to your cart