SUPPLY LEADER PRIVACY POLICY

1. General Information

This Privacy Policy explains how Supply Leader Systems LTD ("Supply Leader", "we", "our" or "us") collects, uses, stores, and protects personal data of users ("you", "User") when you access or use our website https://supplyleader.com, including its mobile version and mobile application (collectively, the "Platform").

The purpose of this document is to inform you about the categories of personal data we collect, the legal grounds for processing, and your rights under applicable laws.

This Policy is an integral part of our general terms and conditions and is designed in compliance with:

• The General Data Protection Regulation (GDPR) of the European Union;
• The California Consumer Privacy Act (CCPA);
• The Personal Data (Privacy) Ordinance (PDPO) of Hong Kong.

By using the Platform, you agree to the practices described in this Privacy Policy. We encourage you to review this Policy regularly, as we may update it from time to time. The latest version is always available on our website.

2. Data Controller

For the purposes of this Privacy Policy and applicable data protection laws, the primary data controller is:

Supply Leader Systems LTD
Registered address: FLAT/RM B26, 5/F, TSUEN WAN INDUSTRIAL BUILDING, TSUEN WAN, NT, HONG KONG
This entity is responsible for the operation, management, and processing of user data collected via the Platform.

In addition, certain data (such as order, payment, and delivery information) may be processed by Supply Leader Systems LLC, a company registered in the United States, acting as a logistics and purchasing operator on behalf of Supply Leader Systems LTD.

Any data processing performed by Supply Leader Systems LLC is carried out strictly under the instruction and supervision of the main data controller, Supply Leader Systems LTD.

3. Acceptance and Consent

By accessing or using the Supply Leader Platform, you confirm that you have read, understood, and accepted the terms of this Privacy Policy. You expressly consent to the collection, use, transfer, and processing of your personal data in accordance with this Policy.

The Platform is operated by Supply Leader Systems LTD, a company registered in Hong Kong. By continuing to use the Platform from any jurisdiction, you acknowledge and agree that your personal data may be transferred to and processed in Hong Kong, the United States, or other countries where we or our partners operate, in accordance with applicable data protection laws — including, but not limited to, the Personal Data (Privacy) Ordinance (PDPO), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), or other similar laws in your jurisdiction.

You are solely responsible for ensuring that your use of the Platform complies with the laws of your jurisdiction. If the use of the Platform or the processing of your personal data would be unlawful under the laws applicable to you, you must not use the Platform.

If you do not agree with this Privacy Policy or do not consent to the processing of your personal data as described herein, please refrain from using the Platform.

4. Collection and Processing of Personal Data

We collect and process personal data to provide and improve our services, ensure secure access to the Platform, and fulfill our contractual and legal obligations.
Personal data may be collected directly from you, automatically through your interaction with the Platform, or from third-party sources, as described below.

Categories of personal data we may collect and process:

• Identification data: your full name, email address, phone number, mailing and billing addresses, company name (if applicable);
• Account data: your login credentials, user profile information, preferences, and support communications;
• Order and transaction data: purchase history, order details, payment method (excluding full card numbers), delivery information;
• Device and usage data: IP address, browser type, operating system, device ID, language preferences, referring URLs, access times, and usage statistics;
• Interaction data: details of your interactions with our Platform, including pages viewed, clicks, and navigation patterns.

This data is collected:

• when you register, place an order, or submit a request via the Platform;
• when you interact with our emails, support, or other communications;
• automatically, via cookies and analytics tools (as further described in the Cookie Policy).

We only collect and process data that is necessary for specified purposes, in accordance with applicable laws and with appropriate legal bases, which are detailed in the next section.

5. Legal Grounds for Processing

We process your personal data only when there is a valid legal basis to do so, in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Personal Data (Privacy) Ordinance (PDPO) of Hong Kong. Depending on the specific situation and the nature of the interaction, we rely on one or more of the following legal grounds:

• Consent – when you have given us explicit permission to process your personal data for one or more specific purposes (e.g., marketing communications or analytics cookies);
• Contractual necessity – when processing is required to perform a contract with you, or to take steps at your request before entering into such a contract (e.g., order fulfillment);
• Legal obligation – when we are legally required to process your data to comply with applicable laws (e.g., tax, accounting, or consumer protection regulations);
• Legitimate interests – when processing is necessary for our legitimate business interests and does not override your fundamental rights and freedoms (e.g., fraud prevention, platform security, service improvement);
• Vital interests – in exceptional cases, where processing is necessary to protect your vital interests or those of another person;
• Public interest – when processing is required for reasons of substantial public interest under applicable law.

You can withdraw your consent at any time where processing is based on consent, without affecting the lawfulness of processing based on consent before its withdrawal.

6. Types of Personal Data and Purposes

We collect and use the following categories of personal data for specific, lawful purposes, as outlined below:

1. Identification and contact details

Examples: full name, email address, phone number, company name, billing and shipping addresses
Purpose:
– creating and managing your account
– processing orders and deliveries
– communicating with you, including support and service notifications
– issuing invoices and confirmations

2. Account and service data

Examples: login credentials, user preferences, language settings, support history
Purpose:
– providing personalized features
– technical support and troubleshooting
– improving user experience

3. Order and transaction information

Examples: product details, order history, delivery status, payment confirmation (excluding full payment card details)
Purpose:
– order processing
– fulfillment and customer service
– fraud detection and payment verification

4. Device and technical data

Examples: IP address, browser type, operating system, device ID, log files, cookies
Purpose:
– maintaining website functionality and security
– analytics and performance optimization
– enforcing usage policies

5. Usage and interaction data

Examples: page views, clicks, session duration, navigation paths
Purpose:
– analyzing behavior to improve services
– measuring service performance and detecting issues

6. Customer data from users

Examples: personal data of your customers (if you share it with us for order processing)
Purpose:
– enabling you to use our services to fulfill your customers' orders
– processing and tracking deliveries on your behalf

We only use this data for the purposes for which it was collected, unless otherwise permitted by law or with your additional consent.

7. Use of Your Personal Information

We use your personal data only for clearly defined and lawful purposes, based on the legal grounds outlined in this Policy. Depending on your interactions with the Platform, we may use your data for the following purposes:

• To process and fulfill orders placed through the Platform, including payment verification, shipping arrangements, and order confirmation;
• To communicate with you, including responses to inquiries, service updates, account notifications, and customer support;
• To detect and prevent fraud, abuse, or unauthorized use, including verification of account activity and risk monitoring;
• To provide you with information or promotional content, if you have given consent or it is permitted under applicable law;
• To analyze user behavior for service improvement, usability optimization, and development of new features;
• To maintain the security and functionality of the Platform and our infrastructure;
• To comply with legal obligations, including record-keeping, reporting, and responding to lawful requests.

We do not use your data for automated decision-making or profiling without your knowledge and, where required, your explicit consent.

8. Disclosure to Third Parties

We do not sell, rent, or lease your personal data to third parties.

However, we may disclose your personal data to certain third parties strictly for the purposes set out in this Privacy Policy and only where such processing is lawful, necessary, and proportionate. These third parties may include:

• Service providers and contractors, such as hosting providers, payment processors, logistics companies, email services, and analytics platforms, who support the operation of our Platform and service delivery;
• Professional advisers, including legal, tax, accounting, or audit firms, who are bound by strict confidentiality obligations;
• Authorities and regulators, if required by law, including in response to court orders, subpoenas, or other lawful requests from competent authorities acting within their legal powers;
• Third parties in connection with corporate transactions, such as mergers, acquisitions, asset sales, or corporate reorganizations, provided that any such party is subject to appropriate confidentiality and data protection obligations;
• Authorized resellers or affiliates, where you access our services through them, solely for the purpose of fulfilling your request.

All such disclosures are made based on appropriate legal grounds and with adequate safeguards in place, including data processing agreements or confidentiality obligations, where required.

All disclosures are carried out in full compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Personal Data (Privacy) Ordinance (PDPO) of Hong Kong.

9. Cross-border Data Transfers

As a global platform, we may transfer your personal data to jurisdictions outside of your country of residence, including to Hong Kong and the United States, where our operational infrastructure and service providers are located.

Whenever such transfers occur, we ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws, including:

• entering into Standard Contractual Clauses (SCCs) or equivalent agreements approved by regulatory authorities;
• ensuring that third-party processors in other jurisdictions are subject to binding contractual obligations to maintain adequate levels of data protection;
• complying with the requirements of the Personal Data (Privacy) Ordinance (PDPO) in Hong Kong, and the General Data Protection Regulation (GDPR) of the European Union, where applicable.

By using our Platform, you acknowledge and agree that your personal data may be processed in jurisdictions that may have different data protection standards than your own. Such processing will always be carried out in a manner that ensures the confidentiality, integrity, and lawful handling of your data.

If you would like more information about international tranprivacy_policysfers or the safeguards we use, you may contact us at legal@supplyleader.com.

10. Behavioural Advertising

We may use certain elements of your personal data (such as browsing behavior, device identifiers, or location) to deliver personalized advertising and marketing content based on your interests and interactions with our Platform. This practice is known as behavioural (or interest-based) advertising.

Such advertising may be facilitated by third-party platforms, advertising networks, or analytics providers that use cookies, pixels, and similar technologies to track activity across websites and apps. We only engage in such activities where permitted by law and, where required, with your prior consent.

You may opt out of interest-based advertising at any time by adjusting your browser settings, mobile device preferences, or by using the following external tools:

• Facebook: www.facebook.com/settings/?tab=ads
• Google: www.google.com/settings/ads/anonymous
• Bing: advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
• Digital Advertising Alliance: optout.aboutads.info

For more information about how cookies and similar technologies are used, please refer to our Cookie Policy.

11. Data Retention and Security Measures

We retain your personal data only for as long as it is necessary to fulfill the purposes for which it was collected, including to comply with legal, accounting, and regulatory obligations.

The retention period depends on the type of data and the reason for its collection. In general:

• Order and transaction data is retained for the duration of the business relationship and for a period required by applicable financial and tax regulations;
• Account and identification data is retained while your account remains active, or until you request its deletion;
• Technical and usage data (e.g., logs, device data) is retained for short-term operational and security purposes, unless a longer period is required for investigation or compliance;
• Marketing-related data is retained until you withdraw your consent or object to processing.

You may request deletion of your data at any time by contacting us at support@supplyleader.com, unless retention is required by law or for the establishment, exercise, or defense of legal claims.

Security Measures

We implement appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of your personal data, including:

• Encryption of data in transit and at rest;
• Access controls based on roles and necessity;
• Secure server infrastructure and firewalls;
• Regular backups and business continuity protocols;
• Internal security policies, monitoring, and employee training.

Despite our best efforts, no system can guarantee absolute security. If you believe that your account or data has been compromised, please contact us immediately.

12. Web Cookies

We use cookies and similar technologies on our Platform to improve functionality, personalize your experience, analyze user behavior, and support secure authentication and order processing.

Cookies are small text files placed on your device that store information such as your preferences, session status, or technical identifiers. Some cookies are essential for the operation of the Platform, while others help us understand how users interact with the site.

By default, most browsers accept cookies. You may change your browser settings at any time to disable or delete cookies. Please note that disabling cookies may affect the performance and availability of certain features of the Platform.

For detailed information on the types of cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

13. Analytics

We use analytics tools to understand how users interact with our Platform, identify technical issues, optimize functionality, and improve our services. These tools may collect information such as pages visited, time spent on the site, browser type, device information, and referral sources.

In some cases, we partner with third-party analytics providers (such as Google Analytics) who place cookies or similar technologies on your device to gather anonymized or pseudonymized usage data over time.

We do not use analytics for profiling or automated decision-making. Data collected through analytics tools is used in aggregated form and does not directly identify individual users.

For more information on the use of cookies and tracking technologies, including how to manage your preferences, please refer to our Cookie Policy.

14. Mobile Application Data

When you access our Platform through a mobile application (e.g., via the Apple Store), we may collect certain information automatically to ensure proper functionality and improve user experience. This includes:

• Device information: mobile device ID, model, manufacturer, operating system and version, screen resolution, IP address, and system language;
• Usage data: frequency of use, application features accessed, crash logs, and performance metrics;
• Installation source: the app store or platform from which the application was downloaded.

Geo-location

We do not access or track precise location data from your mobile device without your explicit consent. However, we may infer approximate location based on IP address to provide localized content or comply with regulatory requirements.

Push notifications

With your permission, we may send push notifications related to account activity, order status, or service updates. You can disable push notifications at any time through your device settings.

Mobile analytics

We use mobile analytics tools to understand how the app is used and how it performs across devices. This data is processed in aggregated or pseudonymized form and is not linked to any directly identifiable personal information.

15. Social Media and Third-party Platforms

Our Platform may offer features that allow you to interact with third-party platforms, such as social networks (e.g., logging in with social media credentials or sharing content).

When you choose to connect your Supply Leader account to a third-party platform, we may receive certain personal data from that platform — such as your name, profile picture, email address, or other information you have made publicly available — in accordance with the privacy settings of your social media account.

We do not post to your social media profile or share your account data with third-party platforms without your knowledge or consent. Any data we receive through such integrations is processed in accordance with this Privacy Policy.

We recommend reviewing the privacy settings and terms of use of the relevant third-party platforms to control what information is shared with us.

16. Amazon MWS Data Protection

If you use our services in connection with Amazon Marketplace Web Service (Amazon MWS), certain data retrieved via Amazon APIs may be processed by our systems to support business analysis and order-related operations.

All Amazon-related information — including any data classified as Personally Identifiable Information (PII) — is handled in strict accordance with Amazon's Marketplace Developer Agreement, Acceptable Use Policy, and Data Protection Policy.

The processing of such data is governed by a separate Data Processing Agreement (DPA) that outlines applicable safeguards, including access control, encryption, retention limits, and incident response procedures. This agreement is available upon request.

For more information or to request a copy of the Amazon-specific DPA, please contact us at legal@supplyleader.com.

17. Security

We implement appropriate technical and organizational measures to ensure the security of your personal data and to protect it from unauthorized access, loss, misuse, alteration, or destruction. These measures include, but are not limited to:

• encryption of data in transit and at rest;
• access controls based on roles and necessity;
• secure infrastructure and firewalls;
• employee access restrictions and confidentiality commitments;
• regular system monitoring, updates, and vulnerability assessments.

While we take all reasonable steps to safeguard your data, no system or transmission method over the Internet is entirely secure. Therefore, we cannot guarantee absolute security and disclaim liability for unauthorized access beyond our control (e.g., as a result of third-party breaches).

You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. If you suspect unauthorized access to your account or data, please contact us immediately at support@supplyleader.com.

18. User Rights

Depending on your jurisdiction and applicable data protection laws, you may have the following rights regarding your personal data:

• Right of access – to request confirmation of whether we process your personal data and to receive a copy of it;
• Right to rectification – to correct inaccurate or incomplete personal data;
• Right to erasure ("right to be forgotten") – to request deletion of your personal data, subject to legal limitations;
• Right to restriction of processing – to request limitation of processing in specific circumstances;
• Right to data portability – to obtain and reuse your personal data across services, where processing is based on consent or contract;
• Right to object – to object to processing carried out on the basis of legitimate interest or for direct marketing;
• Right to withdraw consent – where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at legal@supplyleader.com. We may need to verify your identity before processing your request.

In accordance with applicable laws, we will respond to your request within the legally required timeframe and will inform you if any exceptions or limitations apply.

19. Privacy Policy Changes

We reserve the right to update or modify this Privacy Policy at any time in response to legal, regulatory, operational, or technological developments.

All changes will be published on this page, with the effective date clearly indicated at the top of the document. Unless otherwise stated, the updated version of the Policy will apply immediately upon publication and will govern all personal data we hold about you.

We encourage users to review this Policy periodically to stay informed of how we protect their information.

In cases where changes are material or significantly affect your rights, we may provide additional notice (e.g., via email or in-app notifications). It is your responsibility to keep your contact details up to date to receive such notifications.

20. Children

The Platform is not intended for access or use by individuals under the age of 13. Supply Leader does not knowingly collect, store, or process personal data of children under 13 years of age, unless such processing is expressly permitted under applicable law, including where verifiable parental consent has been obtained in accordance with the Children's Online Privacy Protection Act (COPPA).

By using the Platform, each user confirms that they are at least 13 years of age. Any submission of personal data by individuals under 13 without the necessary legal basis constitutes a violation of this Policy.

If it is established that personal data of a child under 13 has been collected in violation of applicable requirements, such data will be promptly and securely deleted in accordance with internal compliance procedures.

Parents or legal guardians who believe that their child's data has been submitted to the Platform in breach of this Policy may submit a formal request for account removal and data deletion by contacting support@supplyleader.com.

For users located in the European Economic Area, the age threshold for valid consent to data processing may vary by country but generally ranges from 13 to 16 years.

21. Do-Not-Track Policy

Some web browsers and mobile operating systems offer a "Do-Not-Track" (DNT) setting, which allows users to signal their preference not to be tracked across websites.

At this time, there is no universally accepted standard for how such signals should be interpreted or applied by websites. Therefore, our Platform does not currently respond to DNT signals.

We continue to monitor developments in this area and may update our practices if an industry-wide standard is adopted and becomes legally binding.

22. Links to Other Policies

This Privacy Policy is part of the overall legal framework governing the use of the Supply Leader service. Users are encouraged to review the following related documents, which apply in conjunction with this Policy:

• Terms and Conditions – terms governing the use of our service and user obligations;
• Cookie Policy – detailed information about our use of cookies and similar technologies;
• Refund Policy – conditions and procedures for subscription refund requests;
• Shipping Policy – terms and procedures related to the delivery of goods;
• Data Processing Agreement (DPA) – available upon request at legal@supplyleader.com, outlining data handling terms in accordance with GDPR, CCPA, and other applicable regulations.

These documents are available on our website or provided upon request.

23. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us using the details below:

• General inquiries and support:
  support@supplyleader.com
• Legal matters and data protection requests (including DPA access):
  legal@supplyleader.com

We will respond in accordance with applicable data protection laws and within the legally required timeframes.