Privacy Policy

Guangzhou Miaoliang Electronics Co., Ltd., operating as Xenplus ("we," "us," or "our"), is committed to protecting the privacy and security of business information provided by our B2B clients, partners, and prospective customers. This Privacy Policy outlines how we collect, use, store, and protect business contact and inquiry data in compliance with international privacy regulations.

As a global automotive parts manufacturer and exporter operating in international B2B markets, we process business data across multiple jurisdictions and adhere to applicable data protection laws including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and China's Personal Information Protection Law (PIPL).

1. Information We Collect

1.1 Business Contact Information

We collect business-related information when you:

Submit inquiry or quote request forms on our website
Communicate with us via email, phone, or messaging platforms
Register for trade shows, exhibitions, or business events
Establish a business account or supplier relationship
Subscribe to our B2B newsletters or product catalogs

1.2 Types of Data Collected

Business Identity Data:

Company name, business registration number, tax ID, industry sector

Contact Data:

Name, job title, business email address, business phone number, business address

Transaction Data:

Purchase orders, quotation requests, product specifications, order history, payment terms

Technical Data:

IP address, browser type, device information, website usage analytics

Communication Data:

Correspondence history, inquiry details, product preferences, customization requirements

1.3 Automated Data Collection

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing behavior on our website for analytics, functionality improvement, and B2B marketing purposes. You can control cookie preferences through your browser settings.

2. Purpose of Data Collection

1

Business Communication & Inquiry Response

Processing quote requests, product inquiries, and technical support communications within our average 2-hour response time

2

Order Fulfillment & Contract Performance

Processing orders, managing OEM/ODM projects, arranging logistics, and executing trade agreements

3

Customer Relationship Management

Maintaining business relationships, providing after-sales support, and managing distributor/agent networks

4

B2B Marketing & Business Development

Sending relevant product catalogs, industry updates, trade show invitations, and promotional offers to existing and prospective B2B clients

5

Compliance & Legal Obligations

Meeting regulatory requirements, export controls, customs documentation, and financial record-keeping

6

Quality Improvement & Analytics

Analyzing market trends, improving service delivery, and enhancing product offerings based on client feedback

3. Legal Basis for Processing (GDPR)

For clients and contacts in the European Economic Area (EEA), we process business data based on the following legal grounds:

Contractual Necessity

Processing necessary to fulfill purchase orders, quotations, and OEM/ODM service agreements

Legitimate Business Interests

Maintaining B2B relationships, business development, fraud prevention, and operational efficiency

Legal Compliance

Meeting export regulations, customs requirements, tax obligations, and industry certifications (CE, RoHS, FCC)

Consent

Marketing communications and newsletters (with explicit opt-in for EEA contacts)

4. Data Sharing and Disclosure

We do not sell business contact data. We may share information with the following categories of recipients for legitimate business purposes:

Service Providers

Logistics partners, payment processors, CRM platforms, email service providers, and cloud storage vendors operating under strict confidentiality agreements

Business Partners

Authorized distributors, agents, and co-exhibitors at trade shows (only with explicit consent or contractual necessity)

Legal Authorities

Government agencies, regulatory bodies, and law enforcement when required by applicable law or legal process

Corporate Transactions

In the event of merger, acquisition, or asset sale, business data may be transferred to successor entities

5. International Data Transfers

Global Operations

As a global exporter headquartered in China, we process and store business data across multiple jurisdictions to serve our international B2B client base. Cross-border data transfers are necessary for order processing, logistics coordination, and customer support.

5.1 Safeguards for International Transfers

Standard Contractual Clauses (SCCs): We implement EU-approved SCCs with third-party processors handling EEA data
Data Processing Agreements: All international service providers sign comprehensive data protection agreements
Encryption & Security: Data in transit is protected using industry-standard TLS/SSL encryption protocols
Compliance Monitoring: Regular audits to ensure transfer mechanisms comply with evolving international privacy frameworks

5.2 Data Storage Locations

Business data is primarily stored on secure servers located in China, with redundant backup systems and cloud services that may involve storage in other jurisdictions including the United States, European Union, and Singapore. All storage locations adhere to equivalent data protection standards.

6. Data Retention

We retain business data only for as long as necessary to fulfill the purposes outlined in this policy and to comply with legal obligations:

Data Category	Retention Period	Justification
Active Client Data	Duration of business relationship + 3 years	Contract performance, warranty claims
Inquiry/Quote Data	2 years from last contact	Business development, follow-up
Transaction Records	7 years	Tax, accounting, legal compliance
Marketing Consent	Until withdrawal or 3 years of inactivity	Consent verification, opt-out management
Website Analytics	26 months	Performance analysis, GDPR compliance

Upon expiration of the retention period, data is securely deleted or anonymized unless extended retention is required by law or ongoing legal proceedings.

7. Data Security Measures

We implement comprehensive technical and organizational security measures to protect business data against unauthorized access, disclosure, alteration, or destruction:

Technical Safeguards

• SSL/TLS encryption for data transmission
• Encrypted storage for sensitive business data
• Firewalls and intrusion detection systems
• Regular security audits and vulnerability assessments
• Automated backup and disaster recovery systems

Organizational Controls

• Role-based access controls limiting data access
• Employee confidentiality agreements and training
• Vendor due diligence and security assessments
• Incident response and breach notification procedures
• Compliance monitoring and privacy impact assessments

Data Breach Notification: In the unlikely event of a data breach affecting your business information, we will notify affected parties and relevant supervisory authorities in accordance with applicable legal timeframes (within 72 hours under GDPR).

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your business contact data:

Right to Access

Request confirmation of what business data we hold about you and obtain a copy of that data

Right to Rectification

Request correction of inaccurate or incomplete business contact information

Right to Erasure ("Right to be Forgotten")

Request deletion of your data when no longer necessary for business purposes or legal obligations (subject to legal retention requirements)

Right to Restrict Processing

Request limitation of data processing in certain circumstances (e.g., while accuracy is being verified)

Right to Data Portability

Receive your business data in a structured, commonly used format and transmit it to another controller

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes (including B2B marketing communications)

Right to Withdraw Consent

Withdraw marketing consent at any time without affecting the lawfulness of processing prior to withdrawal

Right to Lodge a Complaint

File a complaint with your local data protection authority if you believe your rights have been violated

California Privacy Rights (CCPA/CPRA)

California-based business contacts have additional rights including:

• Right to know what business information is collected, used, shared, or sold
• Right to opt-out of sale/sharing (note: we do not sell business data)
• Right to non-discrimination for exercising privacy rights

China PIPL Rights

Contacts subject to China's Personal Information Protection Law have rights to access, correct, delete, and withdraw consent for their business information, as well as request explanations of processing activities.

Exercising Your Rights

To exercise any of these rights, please contact us using the details in Section 13 below. We will respond to verified requests within the legally required timeframe (typically 30 days, extendable to 60 days for complex requests).

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance functionality, analyze website traffic, and deliver relevant B2B marketing content. We categorize cookies as follows:

Strictly Necessary Cookies

Essential for website operation, security, and basic functionality. These cannot be disabled.

Examples: Session management, security tokens, load balancing

Performance and Analytics Cookies

Collect aggregated data on website usage, page views, and navigation patterns to improve user experience.

Examples: Google Analytics, visitor statistics, bounce rate tracking

Functional Cookies

Remember your preferences, language settings, and previous interactions to personalize your experience.

Examples: Language preference, region selection, recent product views

Marketing and Targeting Cookies

Track your browsing activity to deliver relevant B2B advertisements and measure campaign effectiveness. Requires explicit consent.

Examples: Retargeting pixels, conversion tracking, LinkedIn Insights, Google Ads

Managing Cookie Preferences

You can control and delete cookies through your browser settings. Please note that blocking certain cookies may impact website functionality:

Chrome: Settings → Privacy and Security → Cookies

Firefox: Options → Privacy & Security → Cookies

Safari: Preferences → Privacy → Cookies

Edge: Settings → Privacy → Cookies

For more information about cookies and how to manage them, visit www.allaboutcookies.org

10. Third-Party Services and Links

We may integrate third-party business services and platforms to enhance our operations. These include:

CRM Platforms

Customer relationship management systems for inquiry tracking

Email Marketing

Professional email campaign and newsletter delivery services

Payment Processors

Secure transaction processing for international B2B payments

Logistics Partners

Shipping and freight forwarding service integrations

Analytics Tools

Website analytics and business intelligence platforms

Cloud Storage

Secure document storage and file sharing systems

Third-Party Privacy Policies

Each third-party service provider maintains its own privacy policy governing how they collect, use, and protect data. We are not responsible for the privacy practices of external services. When you interact with third-party platforms (e.g., payment gateways, LinkedIn, Alibaba), you are subject to their respective privacy policies. We encourage you to review the privacy statements of any external service you engage with.

External Links

Our website may contain links to third-party websites, including industry partners, certification bodies, and trade organizations. Xenplus is not responsible for the content or privacy practices of external websites. We recommend reviewing the privacy policies of any third-party sites you visit.

11. B2B Marketing Communications

11.1 Communication Types

We may send B2B marketing communications to existing and prospective business clients, including:

Product catalogs, new product launches, and technical specifications
Trade show invitations, exhibition announcements, and industry event updates
Promotional offers, volume discounts, and special B2B pricing campaigns
Industry insights, automotive aftermarket trends, and technical white papers
Company newsletters, certification updates, and capability announcements

11.2 Consent and Legitimate Interest

Existing Business Relationships: For current clients and recent inquirers, we may send relevant B2B marketing based on legitimate business interest (soft opt-in), as permitted under applicable law.

New Prospects: For new contacts without an existing business relationship, we obtain explicit consent before sending marketing communications, particularly for recipients in the EEA.

Regulatory Compliance: Our B2B marketing practices comply with CAN-SPAM (USA), CASL (Canada), GDPR (EU), and other applicable anti-spam regulations.

11.3 Opting Out of Marketing

You can unsubscribe from B2B marketing communications at any time through:

Unsubscribe Link
Click the unsubscribe link in any marketing email

Email Request
Send an opt-out request to our contact email

Preference Center
Manage your communication preferences online

Note: Opting out of marketing communications will not affect transactional emails related to existing orders, quotations, or essential business communications.

12. Children's Privacy

Xenplus operates exclusively in the B2B automotive aftermarket sector. Our services are intended solely for business professionals, corporate entities, and commercial organizations. We do not knowingly collect information from individuals under the age of 18. Our website and communications are designed for business-to-business transactions and are not directed at minors. If we become aware that we have inadvertently collected data from a minor, we will promptly delete such information.

13. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy periodically to reflect changes in our business practices, legal requirements, or technological developments. Material changes will be communicated through the following methods:

• Prominent notice on our website homepage
• Email notification to active business clients
• Updated "Last Updated" date at the top of this policy

Effective Date: Revisions become effective immediately upon posting unless otherwise specified. Continued use of our services after policy updates constitutes acceptance of the revised terms. For significant changes affecting your rights, we will obtain renewed consent where required by applicable law.

We encourage you to periodically review this Privacy Policy to stay informed about how we protect your business information. Historical versions of this policy may be available upon request.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact our Data Protection team:

Xenplus (Guangzhou Miaoliang Electronics Co., Ltd.)

Address:

Guangzhou, Guangdong Province, China

Email:

privacy@xenplus.com

General Inquiries: info@xenplus.com

Phone:

Available upon request (24/7 support in 12 languages)

Response Timeframes

2h

General Inquiries

Average response: ≤2 hours

30d

Privacy Rights Requests

Standard response: 30 days

72h

Data Breach Notifications

GDPR compliance: Within 72 hours

EU Representative (if required):

For GDPR-related matters, European Economic Area contacts may reach our designated EU representative at:

eu-representative@xenplus.com

Supervisory Authority

If you are located in the European Economic Area and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority. For China-based contacts, complaints may be directed to the relevant provincial Cyberspace Administration office or other competent regulatory body.