RMDEA Mall (hereinafter referred to as "we") operates legally in the United States, and we prioritize your personal privacy and data security. We strictly comply with federal and state privacy protection regulations, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), among other relevant provisions. We are committed to safeguarding your personal information generated during your shopping experience, ensuring the protection of your legal rights. This Privacy Policy will explain how we collect, use, store, and protect your personal information, as well as the rights you have regarding your information. Please read and understand this policy carefully.

By using our services or purchasing our products, you agree to our processing of your personal information as described in this Privacy Policy. If you do not agree to any part of this policy, please do not use our services or purchase related products.

1. Scope of Personal Information Collection

In order to provide you with a smooth, convenient shopping, delivery, and customer service experience, we only collect the necessary personal information required for your shopping experience. We do not collect any information that is unrelated to our services. The specific categories include the following, in compliance with the principle of data minimization:

1. Identity and Contact Information: Your name, email address, phone number, shipping address, etc., provided during registration or ordering, which are used to confirm orders, deliver products, and communicate with customer service.
2. Order and Transaction Information: Your order number, product details, payment records, order time, etc., used to process orders, prepare goods, ship products, track logistics, and handle after-sales services, ensuring your order is shipped within 1-3 business days.
3. Consultation and Communication Information: Your inquiries, requests, and communications via official email, used for customer service to respond to your questions, resolve your issues, and ensure service quality.

We will not proactively collect sensitive personal information (such as biometric data, health data, political opinions, etc.), unless you explicitly provide written authorization. We will strictly protect sensitive personal information in accordance with CPRA regulations.

2. Purpose of Personal Information Use

The personal information we collect will only be used in the following lawful and necessary scenarios, within the scope of your consent, and in compliance with U.S. privacy regulations:

1. Order Processing and Delivery: Using your shipping address, phone number, etc., to complete product preparation, quality checks, shipment, and logistics tracking, ensuring delivery to your U.S. address within 12-14 business days and providing logistics updates.
2. Customer Service and After-Sales: Using your contact information and inquiry details to respond to your product inquiries, order queries, after-sales requests, etc., and assist you during customer service hours (Monday to Friday, 9:00 AM to 6:00 PM UTC+8:00).
3. Compliance Retention and Auditing: Retaining your personal information and order data in accordance with U.S. regulations, for the necessary retention period. After the retention period expires, we will securely destroy the data to prevent residual risks.
4. Service Optimization: Using anonymized, de-identified information to analyze customer shopping behavior, optimize product selection, delivery processes, and customer service, and enhance your shopping experience (this process will not identify you personally).

3. Personal Information Protection Measures

We use industry-leading security technologies and management systems to establish a full lifecycle data security protection mechanism, strictly preventing risks such as data leakage, tampering, loss, or misuse. Specific measures include:

1. Encryption Protection: Using AES-256 static encryption and TLS 1.3 transmission encryption technology to secure your personal information (especially sensitive data such as shipping address and phone number) during collection, transmission, and storage.
2. Access Control: Following the "least privilege principle," we strictly limit internal personnel's access to personal information. We have established a multi-factor authentication system, and all data access actions are logged and traceable.
3. Security Operations: We regularly conduct data security vulnerability testing and fixes, deploy Data Loss Prevention (DLP) and Web Application Firewalls (WAF), and establish risk alert and emergency response mechanisms to ensure timely responses to security incidents.
4. Compliance Auditing: We conduct internal privacy compliance audits quarterly and commission third-party institutions for security assessments annually to ensure that our personal information processing activities comply with CCPA, CPRA, and other U.S. privacy regulations.

4. Sharing and Disclosure of Personal Information

We solemnly promise not to sell, rent, or share your personal information without your consent, except in the following legal or agreed-upon situations:

1. Obtaining Your Explicit Written Authorization: With your voluntary consent, we may share necessary personal information with authorized third parties, clearly informing you of the scope and purpose of the shared data.
2. Legal and Regulatory Requirements: We may disclose your personal information to comply with U.S. federal and state laws, judicial orders, or administrative agency requirements.
3. Service-Related Sharing: We may share your information with third parties who provide essential services such as logistics or payment processing (e.g., sharing your shipping address and phone number with logistics providers for product delivery), with strict privacy protection agreements in place to ensure they only use the data for the agreed purposes.

5. Your Privacy Rights (Under CCPA/CPRA)

As a U.S. user, you are entitled to the following privacy rights under applicable privacy regulations, and we will fully cooperate in enabling you to exercise these rights, without any discriminatory treatment:

1. Right to Know: You have the right to inquire about the specific scope, purposes, retention periods, and sharing situations regarding your personal information that we collect, use, and store.
2. Right to Correct: If you find any errors or incomplete information in the personal data we retain, you have the right to request timely corrections.
3. Right to Delete: Subject to legal requirements and business necessity, you have the right to request the deletion of your personal information (except in specific retention scenarios). We will respond within 45 business days after receiving a valid request. Special circumstances may extend the response time to 90 business days.
4. Right to Opt-Out: You have the right to request that we stop sharing your personal information with third parties (if applicable). We will promptly cease such activities.
5. Right to File Complaints: If you believe our processing of your personal information is non-compliant, or if you suspect that your data security has been compromised, you have the right to file a complaint with us.

6. Exercising Your Rights and Contact Information

If you wish to exercise the privacy rights mentioned above or have any questions, concerns, or complaints regarding personal information protection or our privacy policy, please contact us through the following official channels. We will promptly respond and handle your request during customer service hours:

✅ Official Service Email: service@mail.rmdea-mall.com
✅ Customer Service Hours: Monday to Friday, 9:00 AM to 6:00 PM (UTC+8:00)

Note: To ensure your rights are protected, we may request necessary identity verification information (such as your name and phone number) before processing your request. This information will only be used for identity verification and will not be used for other purposes.

7. Updates and Changes to the Privacy Policy

We may update and improve this Privacy Policy from time to time based on updates to U.S. privacy regulations, platform operational needs, and technological developments. The revised Privacy Policy will be publicly posted on our platform and will take effect immediately after posting.

Please regularly check for updates to this Privacy Policy. If you continue to use our services or purchase our products, you agree to the updated Privacy Policy. If you do not agree, you can stop using our services, and we will cease processing your personal information accordingly.

8. Disclaimer

1. Force Majeure and Third-Party Malicious Attacks: We are not liable for personal information leakage or loss caused by force majeure, third-party malicious attacks, or your own operational errors, but we will assist in taking remedial actions.
2. Risks from Voluntarily Disclosing Information: If you voluntarily disclose personal information to third parties or provide it through unofficial channels, the associated risks are borne by you.
3. Legal Disclosure of Retained Information: Personal information retained in compliance with U.S. regulations will be securely protected during the retention period. If disclosure is required by law, we will fulfill the legal obligations without additional liability.

RMDEA Mall remains committed to protecting your privacy. Thank you for your understanding, support, and trust. We will continue to enhance our personal information protection measures and strictly adhere to U.S. privacy regulations, providing you with a safe and secure shopping environment!