Shanghai Aurora International Trade Company

Get a Quote
Privacy Policy - Aurora International Trade Company

Privacy Policy

Last Updated: January 4, 2026

1. Introduction

Shanghai Aurora International Trade Company ("Aurora ITC", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with:

  • EU GDPR: General Data Protection Regulation (EU) 2016/679
  • China PIPL: Personal Information Protection Law of the People's Republic of China
  • Russia: Federal Law No. 152-FZ "On Personal Data"

2. Data Controller Information

Data Controller: Shanghai Aurora International Trade Company
Registration: Lingang Free Trade Zone, Shanghai, China
Contact Email: info@aurora-itc.com
Website: aurora-itc.com

3. What Information We Collect

3.1 Information You Provide

  • Contact Information: Name, company name, email address, phone number, business address
  • Business Information: Company registration details, tax identification numbers, banking information for transactions
  • Transaction Data: Purchase orders, contracts, invoices, shipping documents, customs declarations
  • Communication Records: Emails, messages, and call records related to our services
  • Identity Verification: Passport copies, business licenses, or other documents required for compliance (KYC/AML)

3.2 Information Collected Automatically

  • Website Usage Data: IP address, browser type, device information, pages visited, time spent on site
  • Cookies and Tracking: See our Cookie Policy for detailed information
  • Analytics Data: Aggregated statistics about website usage and service performance

3.3 Information from Third Parties

  • Public business registries and databases
  • Credit reference agencies (for business credit checks)
  • Customs authorities and logistics partners
  • Suppliers and manufacturers (for order processing)

4. Legal Basis for Processing (GDPR)

For EU clients and data subjects, we process personal data based on:

  • Contract Performance: Processing necessary to fulfill our service agreements with you
  • Legal Obligation: Compliance with customs laws, tax regulations, AML/KYC requirements
  • Legitimate Interests: Business administration, fraud prevention, service improvement (where not overridden by your rights)
  • Consent: Marketing communications and non-essential cookies (you may withdraw consent at any time)

5. How We Use Your Information

5.1 Service Delivery

  • Processing import/export orders and transactions
  • Coordinating with suppliers, manufacturers, and logistics providers
  • Preparing customs documentation and declarations
  • Quality control and inspection services
  • Customer support and communication

5.2 Legal and Compliance

  • Compliance with customs regulations (China, Russia, EU)
  • Tax reporting and accounting requirements
  • Anti-money laundering (AML) and Know Your Customer (KYC) verification
  • Sanctions screening and export control compliance
  • Responding to legal requests and government inquiries

5.3 Business Operations

  • Invoice generation and payment processing
  • Financial accounting and auditing
  • Risk assessment and fraud prevention
  • Service quality monitoring and improvement
  • Statistical analysis and business planning

5.4 Marketing (with consent)

  • Sending newsletters and service updates
  • Informing you about new services or market opportunities
  • Industry insights and trade intelligence

You may opt-out of marketing communications at any time using the unsubscribe link in emails or by contacting us.

6. Data Sharing and Disclosure

6.1 Service Providers

We share data with trusted third parties who assist in our operations:

  • Logistics Partners: Shipping companies, freight forwarders, customs brokers
  • Suppliers and Manufacturers: For order fulfillment and quality control
  • Payment Processors: Banks and financial institutions for transaction processing
  • IT Service Providers: Website hosting, email services, data storage, cybersecurity
  • Professional Advisors: Lawyers, accountants, auditors (under confidentiality obligations)

6.2 Legal Requirements

We disclose data when required by law or regulatory authorities:

  • Chinese customs authorities and regulatory bodies
  • Russian customs and tax authorities
  • EU customs and data protection authorities
  • Law enforcement agencies (with proper legal basis)
  • Courts and arbitration tribunals

6.3 Business Transfers

In the event of merger, acquisition, or sale of business assets, your data may be transferred to the new entity, subject to the same privacy protections.

6.4 No Sale of Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

7. International Data Transfers

7.1 Cross-Border Transfers

Due to the nature of our China-Russia-Europe trade operations, data may be transferred between:

  • China (our primary operations base)
  • European Union member states
  • Russian Federation
  • Other countries where our suppliers or partners operate

7.2 GDPR Safeguards for EU Data

For transfers of EU personal data outside the EU, we implement appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Contractual obligations requiring equivalent data protection

7.3 China PIPL Cross-Border Transfers

For transfers of Chinese personal data abroad, we comply with PIPL requirements including:

  • Security assessments where required
  • Standard contracts for cross-border transfers
  • Individual consent where mandated

7.4 Russian Data Localization

For Russian citizens' data subject to localization requirements, we maintain data processing infrastructure in Russia or use service providers compliant with Federal Law 152-FZ.

8. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

  • Active Client Data: Duration of business relationship plus retention period required by law
  • Transaction Records: Minimum 5 years (or longer as required by customs/tax law in China, Russia, or EU)
  • Financial Records: 10 years (for accounting and tax purposes)
  • Marketing Data: Until you withdraw consent or request deletion (whichever comes first)
  • Website Analytics: Typically 26 months maximum

After retention periods expire, we securely delete or anonymize data unless continued retention is required by law.

9. Data Security

We implement technical and organizational measures to protect your data:

9.1 Technical Measures

  • SSL/TLS encryption for website and email communications
  • Encrypted storage for sensitive data
  • Regular security audits and vulnerability assessments
  • Firewall and intrusion detection systems
  • Secure backup systems with encryption

9.2 Organizational Measures

  • Access controls limiting data access to authorized personnel only
  • Employee training on data protection and confidentiality
  • Confidentiality agreements with staff and partners
  • Incident response procedures for data breaches
  • Regular review and update of security practices

9.3 Data Breach Notification

In the event of a data breach affecting your personal data, we will:

  • Notify affected individuals within 72 hours (GDPR requirement)
  • Report to relevant data protection authorities as required
  • Provide information about the breach and mitigation steps
  • Take immediate action to contain and remedy the breach

10. Your Rights

10.1 EU Data Subjects (GDPR Rights)

  • Right to Access: Request confirmation of data processing and obtain a copy of your data
  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal retention requirements)
  • Right to Restriction: Limit processing of your data in certain circumstances
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for marketing purposes
  • Right to Withdraw Consent: Withdraw consent for consent-based processing at any time
  • Right to Lodge a Complaint: File a complaint with your national data protection authority

10.2 Chinese Data Subjects (PIPL Rights)

  • Right to know about and access your personal information
  • Right to correct or supplement inaccurate personal information
  • Right to request deletion of personal information
  • Right to withdraw consent for processing
  • Right to request explanation of processing rules
  • Right to request copy of personal information

10.3 Russian Data Subjects

  • Right to access your personal data processed by us
  • Right to correct inaccurate or incomplete data
  • Right to block unlawful processing
  • Right to delete data processed unlawfully or no longer necessary
  • Right to withdraw consent

10.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: info@aurora-itc.com
Subject line: "Data Subject Rights Request"

We will respond to your request within:

  • 30 days (GDPR and PIPL requirement)
  • 10 business days (Russian data protection law)

We may request additional information to verify your identity before processing your request.

11. Children's Privacy

Our services are designed for business-to-business transactions. We do not knowingly collect personal information from individuals under 18 years of age (or the applicable age of majority in your jurisdiction). If we become aware that we have collected data from a minor, we will delete it promptly.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to improve website functionality and analyze usage. For detailed information about our cookie practices, including how to manage cookie preferences, please see our Cookie Policy.

13. Third-Party Links

Our website may contain links to third-party websites (suppliers, logistics partners, payment processors). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Updates will be posted on this page with a revised "Last Updated" date.

For material changes affecting your rights, we will:

  • Provide prominent notice on our website
  • Send email notification to active clients
  • Obtain new consent where required by law

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

Privacy Contact:
Email: info@aurora-itc.com
General Contact: info@aurora-itc.com
Website: aurora-itc.com

Data Protection Authority Contacts

EU: You may contact your national data protection supervisory authority
China: Cyberspace Administration of China (CAC)
Russia: Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media)

16. Specific Provisions by Jurisdiction

16.1 For EU/EEA Residents

Our EU representative (if appointed) can be contacted through our privacy email. You have the right to lodge a complaint with your local supervisory authority.

16.2 For Chinese Residents

In accordance with PIPL, we process personal information in China through our Shanghai operations. Cross-border transfers are conducted in compliance with PIPL security assessment requirements.

16.3 For Russian Residents

Personal data of Russian citizens is processed in accordance with Federal Law 152-FZ. Where required, data is stored and processed within the Russian Federation territory.