Topease GDPR Compliance Statement

Topease (“we”, “us”, or “our”), operated by Shanghai Topease Information Technology Co., Ltd., provides the website https://topease.net/en/ (the “Service”). As an AI-driven digital marketing and trade data platform, Topease is committed to protecting the personal data we process in accordance with the General Data Protection Regulation (GDPR). This statement outlines how personal data is collected, used, and safeguarded in a lawful, fair, and transparent manner to protect the rights of our users and business partners worldwide.

1. Subject Matter and Objectives

This section describes the principles applied by Topease in the processing of personal data. It provides the general framework for how personal data is managed to ensure responsible use and the protection of individual rights.

2. Scope of Application

Topease applies GDPR-aligned principles in the following contexts:

• Operational Scope: Processing activities carried out as part of our business operations, regardless of whether such processing occurs within or outside the European Union.
• EU Individuals: Processing related to offering services to individuals located in the European Union or monitoring behavior occurring within the EU.
• Processing Methods: Application to all personal data processed by automated systems, as well as structured manual filing systems.

3. Key Definitions

To ensure clarity for users and partners, Topease defines its data practices as follows:

• Personal Data: Any information relating to an identified or identifiable individual.
• Processing: Any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, or use.
• Controller: Topease acts as a controller when determining the purposes and means of personal data processing.

4. Processing Principles

Topease ensures that all personal data is:

• Lawful, Fair, and Transparent: Processed with a valid basis and in a clear and understandable manner.
• Purpose-Limited: Collected for explicit, legitimate, and defined purposes.
• Data-Minimized: Limited to what is relevant and necessary for intended purposes.
• Accurate: Kept up to date, with inaccuracies corrected or removed without delay.
• Storage-Limited: Retained only as long as necessary for processing purposes.
• Secure: Protected through appropriate technical and organizational safeguards.

5. Legal Basis for Processing

Topease processes personal data only when at least one of the following conditions is met:

• Consent: The individual has provided clear and affirmative consent for specific purposes.
• Contract Necessity: Processing is required to fulfill contractual obligations.
• Legal Requirement: Processing is necessary to comply with applicable legal obligations.
• Legitimate Interests: Processing is necessary for legitimate business interests, provided these do not override individual rights and freedoms.

6. Rights of Individuals

We ensure that individuals whose data is processed can exercise the following rights:

• Right of Access: Obtain confirmation and access to personal data being processed.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of personal data under applicable conditions.
• Right to Restriction: Request limitation of processing in certain circumstances.
• Right to Data Portability: Receive personal data in a structured, commonly used, machine-readable format and transfer it to another provider.
• Right to Object: Object to processing based on legitimate interests or direct marketing purposes, including profiling.

Topease responds to valid requests within one month. This period may be extended by up to two additional months for complex requests, in which case individuals will be informed accordingly.

7. Data Security and Responsibility

Topease applies “data protection by design and by default” across its systems and operations and implements appropriate technical and organizational safeguards to protect personal data, including:

• Encryption and Pseudonymization to protect identifiable information
• System Resilience Measures to ensure confidentiality, integrity, and availability
• Data Recovery Mechanisms to restore access following incidents
• Continuous Testing and Evaluation of security controls

8. Data Breach Response

In the event of a personal data breach, Topease will notify the relevant supervisory authority without undue delay and, where possible, within 72 hours of becoming aware of the incident. Where a breach presents a high risk to individuals, affected users will also be informed in clear and understandable language.

9. International Data Transfers

Where personal data is transferred outside the European Economic Area, Topease ensures an adequate level of protection through recognized safeguards, including:

• Transfers to jurisdictions with recognized adequate protection standards
• Standard contractual safeguards approved by regulatory authorities
• Internal compliance frameworks governing intra-group data transfers where applicable

10. Record Keeping of Processing Activities

Topease maintains internal records of data processing activities, including:

• Purposes of processing
• Categories of data subjects and data types
• Categories of data recipients
• Retention periods
• Security and protection measures applied

11. Governing Law

This statement shall be interpreted and applied in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), and where applicable, the laws governing the relevant contractual relationship between Topease and its users.

12. Contact Information

For any questions regarding this GDPR Compliance Statement or to exercise your data protection rights, you may contact our team:

• Email: enquiry@topease.net
• Response Time: We aim to respond to all legitimate requests within 30 days.

Topease remains committed to cooperating with relevant supervisory authorities and continuously improving its data protection standards in line with evolving regulatory and technological requirements.