Privacy
Privacy Policy
Last updated: 29 April 2026
Controller
Sinolinks ("we", "our", "us") is a Hong Kong-registered advisory practice. All privacy enquiries: [email protected].
Scope
This policy applies to www.sinolinksverify.com, including the public exporter directory and the verification-report order flow. It does not apply to external sites we link to.
Data we collect
• Directory browsing: anonymized page-view data, self-hosted on our infrastructure. No cookies, no personal identifiers. • Order data: name, work email, company, country, target-company name, and research context — submitted at /order. • Payment data: name, billing address, and card details — collected by Stripe on Stripe's own systems. We never see or store card numbers; we receive a Stripe transaction reference only. • Communications: emails you send and our replies. • Security: IP address and basic browser metadata during an automated-abuse challenge at form submission; not persisted by us.
Why we collect it
• Deliver verification reports — contract performance (GDPR Art. 6(1)(b)). • Send order confirmations, report delivery, and correspondence — contract performance. • Detect and prevent fraud, abuse, and automated abuse — legitimate interest (Art. 6(1)(f)). • Comply with legal, accounting, and tax obligations — legal obligation (Art. 6(1)(c)).
Public directory data
The directory publishes summary information about Chinese companies derived from publicly-available business-registry filings — registered industry, province, enterprise size, founding year, and operating-status enum. We do not republish full registration records, contact details, ownership chains, or financial figures. Listed companies who wish to dispute or correct their entry may contact us at /contact.
Processors
We engage the following categories of processors: • Payment processor — Stripe (visible to you during checkout) • Cloud infrastructure provider — hosting and database • Content-delivery and security provider — CDN, DDoS protection, automated-abuse challenge • Email delivery provider — transactional mail only (order confirmations, report delivery) • Analytics — self-hosted; no third-party access A current named list of processors is provided to verified data subjects on written request. We do not sell, rent, or share your data with advertising networks or data brokers.
International transfers
As a Hong Kong-based operator serving global clients, some processing occurs outside the EEA or UK. Appropriate safeguards under GDPR Chapter V — including Standard Contractual Clauses where applicable — are in place. The payment processor operates under its own EU-approved transfer mechanisms.
Retention
• Order and payment records: 7 years (Hong Kong Inland Revenue Ordinance). • Support correspondence: 3 years unless a dispute is open. • Analytics: aggregated and non-identifiable.
Your rights
Under GDPR and Hong Kong PDPO, you may access, correct, delete, restrict, object to, and port your data. Email [email protected]. We reply within 30 days.
Cookies and tracking
We do not use advertising or third-party tracking cookies. Our analytics is cookie-free. An automated-abuse challenge at form submission may drop a short-lived cookie; it is removed at session end. Stripe Checkout runs on Stripe's own domain under their cookie policy.
Security
Data in transit is TLS-encrypted. Payment data is handled by Stripe under PCI-DSS Level 1 compliance. Database access is restricted to authorized personnel only. We never email passwords or credentials.
Changes
We may update this policy. Material changes are noted by updating the "Last updated" date at the top of this page.
Contact
Email: [email protected] Postal correspondence is accepted for verified data-subject requests; the mailing address is provided on reply.