Data Protection Policy

DATA PROTECTION POLICY

Effective Date: February 5, 2025

Last Updated: August 1, 2025

1. INTRODUCTION AND COMMITMENT

Minyatech Co., Ltd. ("we," "us," "our," "the Company"), the operator of the Medicine Platform website available at https://medicineplatform.com and its associated services (collectively, the "Platform"), is deeply committed to protecting the privacy and security of the personal data we process. Our registered office is located at Room 1702, Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong.

This Data Protection Policy ("Policy") outlines our principles and practices regarding the collection, use, processing, storage, and disclosure of personal data for our business-to-business (B2B) Users ("you," "your," "User"). As a global platform, we strive to adhere to the highest standards of data protection, in compliance with the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO") and incorporating principles from other major international data protection regulations, such as the European Union's General Data Protection Regulation (GDPR), to the extent applicable to our global user base.

This Policy is intended to provide transparency about what personal data we collect, why we collect it, how it is used, and what rights and choices you have regarding your information. By registering for an Account, accessing, or using our Platform, you acknowledge that you have read, understood, and agree to the practices described in this Policy.

This Policy should be read in conjunction with our Terms of Service.

2. SCOPE OF THIS POLICY

This Policy applies to all personal data processed by Minyatech Co., Ltd. in the course of operating the Platform. This includes:

  • Visitors: Individuals who browse our Platform without a registered account.
  • Registered Users: Individuals who register an account on behalf of a business entity to list products, make inquiries, or use other Platform features.
  • Business Contacts: Individuals from partner companies, service providers, and other organizations with whom we interact.

The data processed relates to identifiable individuals, whether they are acting in their personal capacity or as representatives (employees, directors, agents) of a business entity.

This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage. Any transactions or communications you conduct with other Users on the Platform are subject to their own respective privacy and data protection policies.

3. DEFINITIONS

To ensure clarity, the following key terms are used throughout this Policy:

  • "Personal Data": Any information relating to an identified or identifiable natural person ("Data Subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (like an IP address), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. In the context of our B2B platform, this primarily includes business contact information that can identify an individual representative of a company.
  • "Data Subject": The identified or identifiable natural person to whom the Personal Data relates.
  • "Processing": Any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • "Data Controller": The natural or legal person which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. For the purpose of this Policy, Minyatech Co., Ltd. is the Data Controller.
  • "Data Processor": A natural or legal person which processes Personal Data on behalf of the Data Controller (e.g., a third-party service provider for web hosting or payment processing).
  • "Consent": Any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the Processing of Personal Data relating to them.
  • "User-Generated Content (UGC)": Any content, including text, images, videos, and documents (such as product specifications or company certifications), that Users upload, post, or transmit through the Platform.

4. DATA PROTECTION PRINCIPLES

We are committed to processing Personal Data in accordance with the following core principles, which are central to both the PDPO and GDPR:

  1. Lawfulness, Fairness, and Transparency: We process Personal Data lawfully, fairly, and in a transparent manner. We provide clear information about our data processing activities through this Policy.
  2. Purpose Limitation: We collect Personal Data for specified, explicit, and legitimate purposes and do not further process it in a manner that is incompatible with those purposes.
  3. Data Minimization: We ensure that the Personal Data we collect is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
  4. Accuracy: We take reasonable steps to ensure that Personal Data is accurate and, where necessary, kept up to date. We provide tools for Users to review and correct their information.
  5. Storage Limitation: We keep Personal Data in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data is processed.
  6. Integrity and Confidentiality (Security): We process Personal Data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical and organizational measures.
  7. Accountability: As the Data Controller, we are responsible for, and must be able to demonstrate, compliance with these principles.

5. WHAT PERSONAL DATA WE COLLECT AND WHY

We collect different types of information to provide and improve our Platform and Services. The data we collect can be categorized as follows:

5.1 Data You Provide Directly to Us

This is information that you voluntarily submit when you interact with our Platform.

  • Account Registration Data: When you create an account for your business, we collect information to establish and manage your account. This includes:
    • Contact Information: Full name, job title, business email address, business phone number.
    • Company Information: Company name, business registration number, business address, country of operation, and website URL.
    • Authentication Data: Username and password.
    • Verification Information: We may request copies of business licenses, certifications (e.g., Good Manufacturing Practice - GMP), or other documents to verify the legitimacy of your business.
    • Purpose: To create and secure your account, verify your business identity, comply with our Terms of Service, and facilitate B2B interactions.
    • Lawful Basis: Performance of a contract (our Terms of Service); Legitimate interest (to ensure a trustworthy B2B environment).
  • Profile and Product Listing Data (UGC): When you populate your company profile or list products, you may provide:
    • Public Business Information: Detailed company descriptions, industry classifications, and public-facing contact details.
    • Product Information: Text descriptions, specifications, images, and documents related to the pharmaceutical products or services you offer. While primarily business data, this may contain Personal Data if it includes names or contact details of specific employees (e.g., a sales manager).
    • Purpose: To make your company and products visible to other Users on the Platform as per its core function.
    • Lawful Basis: Performance of a contract; Legitimate interest (to operate the B2B marketplace).
  • Communication Data: When you communicate with us or with other Users through the Platform:
    • Inquiries and Messages: Content of messages sent through our internal messaging system, contact forms, or chat windows.
    • Support Requests: Information provided when you contact our customer support at service@medicineplatform.com, including your name, contact details, and the nature of your query.
    • Purpose: To facilitate communication between Users, provide customer support, and monitor for compliance with our Terms of Service.
    • Lawful Basis: Performance of a contract; Legitimate interest (to provide support and maintain platform integrity).
  • Payment and Transaction Data: When you purchase Paid Services (e.g., advertising, promoted listings):
    • Billing Information: Billing name, billing address, and VAT or tax identification number.
    • Payment Information: We do not directly collect or store your credit card numbers. We use secure third-party payment processors to handle these transactions. The processor may collect your credit card details, but we only receive confirmation of the transaction and limited billing details.
    • Purpose: To process payments for our Paid Services and for accounting and tax purposes.
    • Lawful Basis: Performance of a contract; Legal obligation (for financial record-keeping).

5.2 Data We Collect Automatically

When you use our Platform, we automatically collect certain information about your device and your usage of our services.

  • Log and Usage Data:
    • Information Collected: IP address, browser type and version, operating system, referring URLs, pages viewed, time spent on pages, access times and dates, and other diagnostic data.
    • Purpose: To monitor and analyze trends, administer the Platform, ensure security, prevent fraud, and improve the user experience.
    • Lawful Basis: Legitimate interest (for security, analytics, and service improvement).
  • Cookies and Similar Tracking Technologies:
    • Information Collected: We use cookies, web beacons, pixels, and other technologies to collect information about your browsing activities. This can include data about which ads you've seen or clicked on.
    • Purpose: To operate and secure the Platform, remember your settings and preferences, understand user engagement, and deliver relevant advertising. Please see Section 11, "Cookie Policy," for more details.
    • Lawful Basis: Consent (for non-essential cookies like advertising and analytics); Legitimate interest (for essential cookies required for platform functionality).

6. HOW WE USE YOUR PERSONAL DATA (PURPOSES OF PROCESSING)

We use the Personal Data we collect for the following business purposes, with the corresponding lawful bases:

Purpose of Processing Examples of Data Used Lawful Basis (under GDPR/PDPO rationale)
To Provide and Manage Our Services Account, Profile, and Listing Data Performance of a Contract with you (our Terms of Service).
To Personalize Your Experience Usage Data, Cookie Data, Profile Data Legitimate Interest to enhance user experience; Consent for certain personalization features.
To Facilitate B2B Communication Communication Data, Account Data Performance of a Contract; Legitimate Interest in enabling the core marketplace function.
For Security and Fraud Prevention Log Data, Account Data, Payment Data Legitimate Interest to protect our Platform and Users; Legal Obligation to prevent illegal activities.
To Process Transactions Payment Data, Account Data Performance of a Contract for Paid Services.
For Marketing and Communications Contact Information, Usage Data Legitimate Interest to inform you about our services; Consent for direct marketing where required by law.
To Improve Our Platform (Analytics) Anonymized and Aggregated Usage/Log Data Legitimate Interest to develop and improve our business.
To Enforce our Terms and Policies All relevant data categories Legitimate Interest to protect our legal rights.
To Comply with Legal Obligations All relevant data categories as required Legal Obligation (e.g., responding to lawful requests from authorities).

7. DATA SHARING AND DISCLOSURE

We do not sell your Personal Data. We only share your information in the following circumstances:

  • With Other Platform Users: The core function of our B2B platform is to connect businesses. Your company profile information and product listings, which may include individual contact details, are made public on the Platform for other Users to see and interact with.
  • With Third-Party Service Providers (Data Processors): We engage trusted third-party companies and individuals to perform services on our behalf. These include:
    • Hosting and Infrastructure Providers: To host our Platform and databases.
    • Payment Processors: To securely handle payments for our Paid Services.
    • Analytics Providers: To help us understand how our Platform is being used (e.g., Google Analytics).
    • Marketing and Advertising Partners: To manage our advertising campaigns and measure their effectiveness.
    • Customer Support Tools: To manage our support communications.

    These providers are contractually obligated to protect your data and are only permitted to use it to perform the services we have requested.

  • For Legal Compliance and Protection: We may disclose your Personal Data if we believe in good faith that it is necessary to:
    • Comply with a legal obligation, subpoena, court order, or other lawful request by public authorities.
    • Protect and defend the rights, property, or safety of Minyatech Co., Ltd., our Users, or the public.
    • Prevent or investigate possible wrongdoing in connection with the Platform.
    • Enforce our Terms of Service and other agreements.
  • In Connection with a Business Transfer: If Minyatech Co., Ltd. is involved in a merger, acquisition, sale of assets, or bankruptcy, your Personal Data may be transferred as part of that transaction. We will provide notice before your Personal Data is transferred and becomes subject to a different privacy policy.
  • With Your Consent: We may share your information for other purposes with your explicit consent.

8. INTERNATIONAL DATA TRANSFERS

As a global platform with a user base around the world, your Personal Data may be transferred to, and processed in, countries other than the country in which you are resident. Our company is based in Hong Kong, and our primary servers may be located there or in other data centers globally.

These countries may have data protection laws that are different from the laws of your country. However, we take steps to ensure that your Personal Data remains protected in accordance with this Policy and applicable law.

For Users located in the European Economic Area (EEA), UK, or Switzerland, we ensure that transfers of Personal Data to a third country or an international organization are subject to appropriate safeguards. We rely on:

  • Adequacy Decisions: Transfers to countries that the European Commission has deemed to provide an adequate level of data protection.
  • Standard Contractual Clauses (SCCs): Where an adequacy decision is not available, we may use standard contractual clauses approved by the European Commission which give Personal Data the same protection it has in Europe.
  • Your Explicit Consent: In specific situations, we may ask for your explicit consent to the transfer.

By using our Platform, you consent to the transfer of your Personal Data to countries outside your country of residence, including Hong Kong.

9. DATA SECURITY

We have implemented a range of technical and organizational security measures designed to protect your Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Technical Measures: Use of Secure Sockets Layer (SSL)/Transport Layer Security (TLS) encryption for data in transit; network firewalls; access controls to our systems; and regular security assessments.
  • Organizational Measures: A dedicated internal data protection framework; strict access policies on a "need-to-know" basis; data protection training for our employees; and robust incident response plans.

While we take these precautions seriously, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. You are also responsible for keeping your account password confidential.

10. DATA RETENTION

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Policy. The criteria used to determine our retention periods include:

  • Account Activity: We retain your account information for as long as your account is active or as needed to provide you with our Services.
  • Legal and Regulatory Requirements: We may retain certain data for a longer period if required to comply with our legal obligations (e.g., for tax, accounting, or to resolve disputes).
  • Purpose of Collection: We will not keep Personal Data for longer than the purpose for which it was collected.

Once the retention period expires, we will securely delete or anonymize your Personal Data so that it can no longer be associated with you.

11. COOKIE POLICY

Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. We and our third-party partners use cookies and similar technologies for several purposes, including:

  • Strictly Necessary Cookies: These are essential for you to browse the Platform and use its features, such as accessing secure areas. Without these, the Services cannot be provided.
  • Performance Cookies: These collect information about how you use our Platform, like which pages you visit most often. This data helps us optimize the Platform and make it easier to navigate.
  • Functionality Cookies: These allow our Platform to remember choices you make (such as your username, language, or the region you are in) and provide enhanced, more personal features.
  • Targeting/Advertising Cookies: These cookies are used to deliver advertisements more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with our permission.

Your Choices Regarding Cookies: Most web browsers are set to accept cookies by default. You can usually choose to set your browser to remove or reject browser cookies. To do this, follow the instructions in your browser's settings. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Platform.

12. YOUR DATA PROTECTION RIGHTS

Depending on your location and subject to applicable law, you may have the following rights regarding your Personal Data:

  • The Right to Access: You have the right to request copies of the Personal Data we hold about you.
  • The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete. You can often review and update your account information directly in your account settings.
  • The Right to Erasure (The "Right to be Forgotten"): You have the right to request that we erase your Personal Data, under certain conditions.
  • The Right to Restrict Processing: You have the right to request that we restrict the processing of your Personal Data, under certain conditions.
  • The Right to Object to Processing: You have the right to object to our processing of your Personal Data where we are relying on a legitimate interest as the legal basis for processing.
  • The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, in a structured, commonly used, and machine-readable format, under certain conditions.
  • The Right to Withdraw Consent: Where we have relied on your consent to process your Personal Data, you have the right to withdraw that consent at any time.
  • The Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. In Hong Kong, this is the Office of the Privacy Commissioner for Personal Data (PCPD). If you are in the EEA, you can complain to your local data protection authority.

How to Exercise Your Rights: To exercise any of these rights, please contact our Data Protection team at service@medicineplatform.com. We will respond to your request in accordance with applicable data protection laws. We may need to verify your identity before processing your request.

13. CHILDREN'S PRIVACY

Our Platform is a B2B service and is not intended for or directed at individuals under the age of 18 ("Children"). We do not knowingly collect Personal Data from Children. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we will take steps to remove that information from our servers.

14. CHANGES TO THIS DATA PROTECTION POLICY

We may update this Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Policy on this page and updating the "Last Updated" date at the top. We encourage you to review this Policy periodically for any changes.

15. CONTACT US

If you have any questions, concerns, or requests regarding this Data Protection Policy or our data practices, please do not hesitate to contact us.

Data Protection Contact Point:

By Email:
service@medicineplatform.com

By Visiting our Contact Page:
https://medicineplatform.com/contactus

By Mail:
Minyatech Co., Ltd
Attn: Data Protection Officer
Room 1702, Nam Wo Hong Building
148 Wing Lok Street, Sheung Wan
Hong Kong

24/7 Platform Service

service@medicineplatform.com

For Buyers
For Suppliers
Account Services

MedicinePlatform WeChat

WeChat Mini Program
| About Us | Contact Us | Terms of Service | Data Protection Policy | Copyright Statement