U.S. Household Goods Data Security Notice

Dear customer, thank you for choosing our U.S. household goods services (including kitchen products, cycling gear, and pet products)! We fully understand the importance of user data security and privacy protection, and we make data security one of the core principles of our service operations. This Data Security Notice is designed to clearly explain how we collect, use, store, and protect your personal data, ensuring that you can enjoy our services with confidence and peace of mind regarding your data security.

1. Scope of Data Collection: Only Necessary Data Collected, No Excessive Collection

To provide you with core services such as product purchases, logistics delivery, and customer service inquiries, we only collect the minimum data necessary to perform these services. The types of data we collect and their specific purposes are as follows:

• Identity and Contact Data: When you place an order for products such as corkscrews, dish racks, or motorcycle and bicycle cup holders, we will collect your name, contact number, and email address (e.g., if you communicate with us via service@mail.ximorent.com or provide other personal emails for order notifications). This data is used solely for order confirmation, logistics communication, and after-sales contact, ensuring that you receive timely information about your products.
• Shipping Address Data: To ensure the accurate delivery of products such as silicone pot lid mats, thermal head covers, and dog chew ropes, we will collect your detailed shipping address (including state, city, street, and house number). This data is used exclusively for coordinating with logistics service providers to complete the delivery, and it will be stored securely after the delivery is completed.
• Order and Transaction Data: The order number, product names (such as adjustable bungee straps for motorcycles, helmet phone mounts, and plush cat beds), purchase quantities, payment amounts, and payment method (e.g., credit card payment, PayPal payment, etc.) are collected during your order process. We do not store your full payment account information. This data is used to process orders, verify transaction status, and provide order tracking services, as well as for after-sales support.
• Communication Interaction Data: When you inquire about product use (such as how to use a peeler), logistics status (such as tracking the delivery of a plush cat bed), or request after-sales support, we collect your communication records with customer service (including text, images, etc.). This data is used solely to resolve your current issues and as a reference for improving our customer service.

2. Data Usage Rules: Strictly Limited Purposes, No Misuse

We implement a "clear purpose, controlled scope" principle for the use of collected user data. All data usage is centered around service needs and will not be used beyond the following legitimate scenarios:

• Service Fulfillment: We use your identity, contact, and address data to coordinate logistics delivery (within 1-3 business days of shipping, excluding weekends and public holidays, with actual delivery time estimated at 12-15 business days). We will also notify you of order status updates (such as shipment and delivery) through your reserved contact information.
• Customer Service: Based on your communication interaction data and order data, we will answer product questions, resolve after-sales issues (such as product replacement or return requests), and provide service during our customer service hours (Monday to Friday, 9:00 AM to 6:00 PM UTC+8:00). We strive to respond efficiently to your needs and ensure a smooth service experience.
• Security Assurance: After anonymizing and de-identifying the data, we use order and communication data to detect abnormal transactions (such as fraudulent orders or fake transactions), prevent fraud risks, and optimize our system's security policies to ensure the safety of your account and transactions.
• Service Optimization: We analyze anonymized user data (such as product purchase preferences or frequently asked questions) to adjust inventory (e.g., optimizing stock based on sales of kitchen, cycling, and pet products), improve product descriptions, and enhance customer service efficiency, ultimately providing services that better meet your needs.

3. Data Security Protection Measures: Multi-Layer Protection, Comprehensive Security

We use industry-leading technical methods and management standards to establish a multi-layered data security protection system that ensures the security of data throughout its lifecycle—from collection, transmission, storage to destruction:

• Data Transmission Encryption: When you submit personal data (such as entering shipping addresses or sending inquiry emails), we use SSL encryption technology to ensure that data is not stolen, tampered with, or intercepted during transmission, thus protecting data security from your device to our system.
• Data Storage Security: User data is stored in servers that meet international security standards, equipped with firewalls, intrusion detection systems (IDS), and encrypted data storage technologies to restrict unauthorized access. We also regularly scan and fix security vulnerabilities in our storage systems to prevent hacking, data leaks, and other risks.
• Access Control Management: We have established strict internal data access control systems, granting access to user data only to necessary staff (e.g., order processors, customer service personnel). All authorized personnel must sign confidentiality agreements, undergo data security training, and all operations are fully traceable to prevent internal misuse of data.
• Data Retention and Destruction: The retention period for user data strictly follows the "service necessity + legal requirements" principle. If you stop using our services, we will safely delete or anonymize data that is no longer needed (e.g., after the after-sales period ends and there is no legal obligation to retain it) through data destruction methods like data wiping and physical destruction to ensure it cannot be recovered or misused.

4. Data Sharing Principles: Cautious Authorization, Full Monitoring

We are committed to not selling or renting user data to any unrelated third parties. We only share limited data with third parties in the following necessary scenarios, under strict supervision and confidentiality agreements:

• Logistics Service Providers: To complete product delivery, we share your name, contact number, and shipping address with our logistics service partners. These partners are only permitted to use this data for delivery purposes and must destroy or return the data once the delivery is completed. We will monitor their data usage.
• Payment Service Providers: If you choose third-party payment platforms (such as PayPal or Klarna), we will share your order number, payment amount, and other transaction data with them to confirm payment status and complete settlement. Payment service providers will protect your payment-related information according to their own privacy policies. We do not collect or store your full payment account details.
• Legal Requirements: We will only provide necessary user data to relevant departments when required by law (e.g., judicial authorities or administrative regulators) and will ensure that the data shared is in line with the legal request. We will also notify you in advance whenever possible, unless prohibited by law.

5. User Data Rights: Self-Management, Traceable at Any Time

You have the right to query, correct, delete, and withdraw consent for the use of your personal data. We provide convenient channels for you to exercise these rights and protect your data sovereignty:

• Data Query and Correction: If you need to query or correct your personal data (e.g., updating shipping addresses or modifying contact numbers), please contact us via our official email service@mail.ximorent.com. After verifying your identity (such as order number or reserved phone number), we will assist you in completing the query or correction within 1-2 business days.
• Data Deletion and Withdrawal of Authorization: If you wish to delete non-essential data (such as historical communication records) or withdraw consent for data usage (such as no longer receiving order status notifications), you can submit a request via customer service email. We will process your request within 3-5 business days after verifying your identity and notify you of the result. If you no longer use our services, you can also request account cancellation, after which we will delete all personal data that can be legally removed (except where retention is required by law).
• Data Security Complaints: If you suspect that your personal data has been exposed to risks or detect unusual data usage, please contact us immediately via our official email. We will initiate a data security investigation and inform you of the results and subsequent actions within 3 business days to ensure the protection of your data security rights.

6. Data Security Declaration and Updates

We promise to regularly upgrade our data security protection system, optimizing our data security strategy according to technological developments and regulatory changes to ensure compliance with the latest data security standards.

If there are updates to this Data Security Notice (e.g., changes in data collection scope or enhanced security measures), we will announce them on our official platform (e.g., website notifications, order notification emails). The updated notice will take effect after a public notice period of at least 7 days. If you continue to use our services after the notice period, it means you accept the updated content.

This notice is subject to the relevant laws and regulations, such as the U.S. Data Security Act and the Consumer Privacy Protection Act, ensuring the legitimacy and compliance of user data security and privacy protection.

If you have any questions about this Data Security Notice or need further details about our data protection practices, feel free to contact us via our official email service@mail.ximorent.com. We are committed to ensuring your data security!