Foodvio Privacy Policy

01 · Introduction & Scope

Beijing Foodvio Food Technology Co., Ltd. ("Foodvio," "we," "us," or "our"), as the operator of this website (www.foodvio.com.cn, the "Site") and processor of your personal information, takes your privacy seriously. We process your personal information in accordance with the Personal Information Protection Law of the People's Republic of China ("PIPL"), the Data Security Law, the Cybersecurity Law, and other applicable laws and regulations.

This Privacy Policy applies to all interactions between you and our Site, including the "Foodvio" main brand site and the "ChinnPaPa" brand showcase pages. For international visitors, where applicable, we additionally observe international standards including the EU General Data Protection Regulation ("GDPR").

02 · Information We Collect

2.1 Information You Voluntarily Provide

When you submit an inquiry form (including "Sample Request," "Catalog Download," "Custom Inquiry," "Meeting Booking," "Origin Tour," and "General Contact" use cases), we collect:

• Identity & contact information: name, email address, phone number, company or organization name, job title
• Business context: industry, sourcing intent, product categories of interest, geographic region
• Communication content: any message text you voluntarily provide

2.2 Information We Automatically Collect

• Device & browser information: IP address (anonymized), browser type and version, operating system, device type
• Usage information: visit time, pages viewed, time on page, referring URL, CTA button clicks
• Cookies & local storage: see Section 09

2.3 Sensitive Information We Do Not Collect

Unless you voluntarily provide it with explicit informed consent, we do not solicit:

• Government-issued IDs (national ID, passport, driver's license, etc.)
• Bank accounts, payment passwords, credit card numbers, or other financial credentials
• Biometric data (face, fingerprint, voiceprint)
• Health or medical information
• Religion, political views, or other sensitive categories

03 · How We Use Your Information

We use your personal information only for the following purposes:

• Inquiry response: our sales team contacting you, providing quotations, arranging samples, advancing partnership discussions
• Service provision: enabling catalog downloads, factory visit bookings, custom development consultations
• Customer support: responding to your inquiries, complaints, and suggestions
• Site improvement: optimizing site content and user experience based on aggregated, anonymized usage data
• Legal compliance: meeting legal obligations and responding to lawful requests by regulatory authorities

For any use beyond these purposes, we will seek your separate consent.

04 · How We Share, Transfer & Disclose

4.1 Sharing Principles

We do not sell your personal information to any unrelated third party. We may share your information in limited circumstances:

• Affiliated entities: with the ChinnPaPa brand team within our company, where you are explicitly informed and your inquiry relates to that brand
• Service providers: third-party technical services we use, including:
  • Cloud database: Supabase (storage location detailed in Section 05)
  • Email notification services for inquiry alerts
  • Site hosting: GitHub Pages
  All providers operate under data processing agreements and process your data only on our instructions and within strict necessity.
• Legal requirements: pursuant to applicable laws or lawful requests by government or judicial authorities

4.2 Transfers

Except in connection with corporate mergers, acquisitions, or asset transfers (in which case we will notify you prominently and seek your consent), we do not transfer your personal information.

4.3 Public Disclosure

We do not publicly disclose your personal information except with your explicit consent or as required by law. Customer testimonials and case studies require written authorization, which you may decline without affecting our partnership.

05 · Data Storage & Cross-Border Transfers

5.1 Legal Basis for Cross-Border Transfer

Pursuant to PIPL Article 38, when transferring your personal information abroad, we:

• Inform you of the overseas recipient's identity, contact details, processing purpose, processing methods, and personal information categories (this Policy provides such notice)
• Obtain your separate consent (via the "I have read and agree" checkbox in the inquiry form)
• Take necessary measures to ensure the overseas recipient's processing meets PIPL standards

5.2 Overseas Recipient Information

• Recipient: Supabase, Inc.
• Location: United States
• Purpose: data storage and retrieval
• Compliance commitments: GDPR-compliant practices and SOC 2 Type II certification

5.3 Your Choice

If you do not agree to this cross-border arrangement, please do not submit the inquiry form. You may still contact us by phone or email (see Section 12).

5.4 GDPR Notice for EU Users

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, transfers of your personal data outside these regions rely on appropriate safeguards including standard contractual clauses (SCCs) where applicable. You retain rights under GDPR including access, rectification, erasure, restriction, portability, and objection. You may also lodge a complaint with your local Data Protection Authority.

06 · Data Retention

We retain your information only as long as necessary for the purposes stated:

• Inquiry data: 24 months from your last interaction; uncontacted leads are auto-archived or anonymized
• Active customer data: duration of contractual relationship plus statutory retention period (typically 10 years for accounting/tax)
• Access logs: 6 months, then aggregated and anonymized
• Cookies: see Section 09

After the retention period, we delete or anonymize your personal information in accordance with applicable law.

07 · Your Rights

Under PIPL and other applicable laws, you have the following rights regarding your personal information:

• Right to know and decide
• Right to access and copy
• Right to correct or supplement
• Right to delete
• Right to withdraw consent (withdrawal does not affect prior lawful processing)
• Right to deregister (this Site does not currently maintain registered accounts)
• Right to explanation
• Right to complain to relevant regulatory authorities

For EU/EEA users under GDPR: rights of access, rectification, erasure, restriction, portability, and objection apply.

To exercise these rights, contact us via Section 12. We will respond within 15 business days.

08 · Children's Privacy

This Site is positioned as a B2B commercial service primarily targeting institutional customers. We do not intentionally collect personal information from children.

8.1 ChinnPaPa-Related Use

"ChinnPaPa" is our consumer brand for children's nutrition products. The end consumers may include children, but this Site (including the ChinnPaPa showcase) only displays product information and does not directly engage with children.

8.2 Guardian Responsibility

If you are the guardian of a minor under 14 (under PIPL) or under 13 (under COPPA for U.S. users), and you interact with this Site on behalf of the child, please affirm guardianship via the corresponding checkbox. We process only the minimum necessary information for the inquiry.

8.3 Inadvertent Collection

If we discover that we have inadvertently collected personal information from a child without verifiable guardian consent, we will delete it promptly. Please notify us immediately via Section 12 if you become aware of such collection.

09 · Cookies & Similar Technologies

This Site uses cookies and local storage technologies. For details, see our separate Cookie Policy.

In summary:

• Essential cookies (basic functionality, no consent required)
• Analytics cookies (aggregated usage data, requires consent)
• Marketing cookies (not currently used)

10 · Data Security

We implement the following technical and organizational measures:

• Encryption in transit: HTTPS / TLS 1.3 site-wide
• Access controls: row-level security (RLS) on Supabase database
• Data minimization: collect only what is necessary
• Confidentiality obligations: employees handling personal information sign confidentiality agreements
• Regular audits: periodic compliance reviews of data processing activities

Despite these measures, the internet is not absolutely secure. In the event of a personal data breach, we will notify you and report to authorities as required by law.

11 · Changes to This Policy

We may update this Policy from time to time. For material changes, we will notify you by:

• Posting an update notice on the Site homepage
• Sending email notification to clients with active contact records
• Updating the "Last updated" date and version number at the top

Continued use of the Site after the effective date constitutes acceptance of the updated Policy.

12 · Contact Us

For questions, concerns, or complaints regarding this Policy or your personal information, contact us:

You may also lodge a complaint with the Cyberspace Administration of China, the State Administration for Market Regulation, or — for EU users — your local Data Protection Authority.