Privacy Policy

HIITIO (“we,” “our,” “us,” or “the Company”) is a leading provider of semiconductor power modules and related electronic components. We are committed to protecting the privacy and security of personal information entrusted to us by our customers, business partners, website visitors, and other stakeholders.

This Privacy Policy describes our practices concerning the collection, use, disclosure, retention, and protection of personal information in connection with:

• Our corporate website at https://www.hiitiosemi.com
• Our semiconductor power module products and services
• Customer support and technical assistance services
• Business communications and transactions
• Marketing and promotional activities

This policy applies to all personal information processed by HIITIO, whether collected online or offline, and regardless of the method of collection. By accessing our website, purchasing our products, or engaging with our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

2.1 Personal Information Provided Directly by You

Contact and Identity Information:

• Full name, professional title, and job function
• Business email address and telephone number
• Company name, business address, and organizational details
• Preferred language and communication preferences
• Login credentials for customer portals (username and encrypted password)

Commercial and Transaction Information:

• Purchase orders and procurement details
• Product specifications and technical requirements
• Quotation requests and pricing information
• Payment information (processed through secure third-party payment processors)
• Shipping and delivery addresses
• Contract and agreement documentation

Communication Records:

• Correspondence via email at sales@hiitio.com
• Messages through WhatsApp at +86 132 1617 9977
• Phone call records via 400-667-9977 (China Only)
• Technical support tickets and service requests
• Feedback, survey responses, and testimonials
• Trade show and event registration information

Professional and Technical Information:

• Engineering specifications and design requirements
• Application details and use case scenarios
• Technical questions and customization requests
• Quality assurance and testing data
• Product performance feedback and warranty claims

2.2 Information Collected Automatically

Website Usage and Analytics Data:

• Internet Protocol (IP) address and geolocation data
• Browser type, version, and language settings
• Operating system and device information
• Referring and exit pages
• Pages viewed, time spent on pages, and click-stream data
• Search queries within our website
• Date and time stamps of visits
• Bandwidth and connection information

Cookies and Tracking Technologies: We use various technologies to collect information automatically:

• Essential Cookies: Necessary for website functionality, security, and navigation
• Performance Cookies: Help us understand how visitors interact with our website
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Google Analytics and similar tools to measure website traffic
• Marketing Cookies: Track your browsing across websites for targeted advertising
• Web Beacons: Small graphic images used in emails to track engagement

Technical and Log Data:

• Server logs and system diagnostics
• Error reports and debugging information
• Security incident logs and authentication attempts
• API usage and integration data

2.3 Information from Third-Party Sources

We may receive information about you from:

• Business partners, distributors, and authorized resellers
• Industry databases and trade associations
• Public records and business registries
• Credit reporting agencies and financial institutions
• Marketing and lead generation service providers
• Social media platforms (LinkedIn, company pages)
• Trade show organizers and event partners

3. How We Use Your Information

3.1 Product and Service Delivery

Order Processing and Fulfillment:

• Verifying and processing purchase orders
• Managing inventory and production scheduling
• Coordinating shipping, logistics, and delivery
• Generating invoices and processing payments
• Managing returns, exchanges, and warranty claims
• Providing product documentation and certifications

Technical Support and Customer Service:

• Responding to technical inquiries and support requests
• Troubleshooting product issues and providing solutions
• Offering design assistance and application engineering support
• Conducting product training and educational webinars
• Providing firmware updates and technical bulletins
• Managing customer accounts and service portals

3.2 Business Operations and Improvement

Quality Assurance and Product Development:

• Analyzing product performance and reliability data
• Conducting market research and customer satisfaction surveys
• Developing new products and improving existing offerings
• Testing and validating product specifications
• Ensuring compliance with industry standards (ISO, RoHS, REACH)
• Managing supply chain and vendor relationships

Internal Analytics and Optimization:

• Understanding customer behavior and preferences
• Improving website functionality and user experience
• Optimizing our sales and marketing strategies
• Forecasting demand and inventory planning
• Evaluating business performance and operational efficiency
• Training our staff and improving service quality

3.3 Communication and Marketing

Customer Relationship Management:

• Sending order confirmations and shipping notifications
• Providing account updates and service announcements
• Distributing newsletters and product updates
• Sharing industry news and technical articles
• Announcing new product launches and innovations
• Inviting participation in trade shows and events

Marketing and Promotional Activities:

• Sending promotional offers and special pricing (with consent)
• Conducting targeted advertising campaigns
• Personalizing marketing content based on your interests
• Measuring the effectiveness of marketing campaigns
• Building customer loyalty programs
• Generating leads and expanding our customer base

3.4 Legal and Compliance

Regulatory Compliance:

• Meeting export control and trade compliance requirements
• Complying with industry-specific regulations (semiconductor standards)
• Responding to government and regulatory inquiries
• Maintaining records for auditing and inspection purposes
• Ensuring product safety and environmental compliance
• Managing conflict minerals reporting and supply chain transparency

Legal Protection:

• Enforcing our terms of service and contractual agreements
• Protecting against fraud, security threats, and illegal activities
• Defending legal claims and protecting our rights
• Conducting internal investigations
• Complying with court orders, subpoenas, and legal processes
• Protecting the safety and security of our employees and facilities

4. Legal Basis for Processing (GDPR Compliance)

For individuals in the European Economic Area (EEA), United Kingdom, and other jurisdictions with similar data protection laws, we process personal information based on the following legal grounds:

Contract Performance: Processing necessary to fulfill our contractual obligations to you, including order fulfillment, product delivery, and customer support.

Legitimate Interests: Processing necessary for our legitimate business interests, such as improving products, preventing fraud, maintaining security, and conducting business analytics, provided these interests do not override your fundamental rights.

Legal Obligation: Processing required to comply with applicable laws, regulations, court orders, and governmental requests.

Consent: Processing based on your explicit consent, particularly for marketing communications, optional cookies, and other discretionary activities. You may withdraw consent at any time.

5. Information Sharing and Disclosure

We respect the confidentiality of your personal information and do not sell, rent, or trade your data to third parties for their marketing purposes.

5.1 Service Providers and Business Partners

We may share information with trusted third parties who perform services on our behalf:

Logistics and Distribution Partners:

• Shipping carriers (FedEx, DHL, UPS, SF Express)
• Customs brokers and freight forwarders
• Warehouse and fulfillment centers
• Last-mile delivery services

Technology and IT Service Providers:

• Cloud hosting services (AWS, Azure, Alibaba Cloud)
• Customer relationship management (CRM) systems
• Email service providers and communication platforms
• Website hosting and maintenance services
• Cybersecurity and data protection services
• Software development and integration partners

Financial and Payment Processors:

• Payment gateways and merchant services
• Banks and financial institutions
• Credit verification services
• Accounting and tax preparation services

Marketing and Analytics:

• Digital marketing agencies and advertising platforms
• Market research and survey providers
• Email marketing platforms
• Web analytics services (Google Analytics)
• Trade show organizers and event management

Professional Services:

• Legal counsel and law firms
• Auditors and accounting firms
• Compliance consultants
• Insurance providers

All third-party service providers are contractually obligated to maintain the confidentiality and security of your information and may only use it for the specific purposes we authorize.

5.2 Business Transfers and Corporate Transactions

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred to the successor entity. We will provide notice before your information becomes subject to a different privacy policy.

5.3 Legal Requirements and Protection

We may disclose personal information when required by law or when we believe disclosure is necessary to:

• Comply with legal obligations, court orders, or government requests
• Enforce our terms of service, contracts, and policies
• Protect the rights, property, or safety of HIITIO, our customers, or the public
• Detect, prevent, or investigate fraud, security breaches, or illegal activities
• Respond to claims of intellectual property infringement
• Cooperate with law enforcement or national security agencies

5.4 With Your Consent

We may share your information with other parties when you provide explicit consent or direct us to do so.

6. Data Security and Protection Measures

We implement comprehensive security measures to protect personal information against unauthorized access, alteration, disclosure, or destruction.

Technical Safeguards:

• Industry-standard encryption (TLS/SSL) for data transmission
• AES-256 encryption for sensitive data at rest
• Secure server infrastructure with redundancy and backup systems
• Firewall protection and intrusion detection systems
• Regular security patches and software updates
• Secure API authentication and access tokens
• Multi-factor authentication for system access
• Data loss prevention (DLP) technologies

Organizational Safeguards:

• Strict access controls based on role and necessity
• Comprehensive employee training on data protection
• Background checks for personnel with data access
• Non-disclosure agreements with employees and contractors
• Regular security audits and vulnerability assessments
• Incident response and breach notification procedures
• Data protection impact assessments
• ISO 27001 information security management practices

Physical Safeguards:

• Restricted access to facilities and server rooms
• Video surveillance and security personnel
• Secure disposal of physical documents and hardware
• Environmental controls for data centers

While we strive to protect your information, no security system is impenetrable. We cannot guarantee the absolute security of data transmitted over the internet or stored in our systems.

7. Data Retention and Deletion

We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy and to comply with legal, accounting, and regulatory requirements.

Retention Periods:

• Active Customer Data: Maintained for the duration of the business relationship plus 7 years for accounting and tax purposes
• Transaction Records: Retained for 7-10 years in accordance with commercial and tax laws
• Marketing Communications: Until you unsubscribe or withdraw consent
• Website Analytics: Typically 26 months or as configured in analytics tools
• Technical Support Records: 5 years for quality and warranty purposes
• Legal Documents: Duration specified by applicable law or litigation holds

Deletion Procedures: When information is no longer needed, we securely delete or anonymize it using:

• Secure file deletion methods (DoD 5220.22-M standard)
• Physical destruction of hardware and media
• De-identification and aggregation techniques
• Purging from backup systems according to backup retention schedules

You may request deletion of your personal information subject to legal and contractual obligations.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

8.1 Access and Portability Rights

• Right to Access: Request confirmation of whether we process your personal information and obtain a copy of your data
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller

8.2 Correction and Deletion Rights

• Right to Rectification: Correct inaccurate or incomplete personal information
• Right to Erasure (“Right to be Forgotten”): Request deletion of your personal information under certain circumstances
• Right to Restriction: Limit how we process your data in specific situations

8.3 Objection and Consent Rights

• Right to Object: Object to processing based on legitimate interests, direct marketing, or profiling
• Right to Withdraw Consent: Withdraw previously given consent without affecting prior processing
• Right to Opt-Out: Unsubscribe from marketing communications at any time

8.4 Automated Decision-Making

• Right to Human Review: Contest decisions made solely by automated processing, including profiling, that significantly affect you

8.5 Complaint Rights

• Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe we have violated your privacy rights

Exercising Your Rights: To exercise any of these rights, please contact us at:

• Email: sales@hiitio.com
• Subject Line: “Privacy Rights Request”
• Include: Your name, contact information, and specific request details

We will respond to verified requests within 30 days (or as required by applicable law). We may require additional information to verify your identity before processing certain requests.

9. International Data Transfers

HIITIO operates globally and may transfer personal information to countries outside your country of residence, including countries that may not provide the same level of data protection as your home country.

Transfer Mechanisms: When transferring data internationally, we implement appropriate safeguards:

• Standard Contractual Clauses (SCCs): EU-approved contract terms for international transfers
• Adequacy Decisions: Transfers to countries recognized by the EU Commission as providing adequate protection
• Binding Corporate Rules: Internal policies ensuring consistent data protection across our organization
• Explicit Consent: In specific cases, we may obtain your explicit consent for international transfers

Cross-Border Data Flows: Data may be transferred to and processed in:

• China (headquarters and manufacturing facilities)
• United States (cloud services and business partners)
• European Union (customers and distribution partners)
• Other countries where we operate or where our service providers are located

We ensure that all international transfers comply with applicable data protection laws and that transferred data receives adequate protection.

10. Children’s Privacy

Our products and services are designed for businesses and professionals in the semiconductor industry. We do not knowingly collect personal information from individuals under the age of 18 (or the applicable age of majority in their jurisdiction).

If we become aware that we have inadvertently collected personal information from a child without proper parental consent, we will take immediate steps to delete such information from our records. Parents or guardians who believe we may have collected information from a child should contact us at sales@hiitio.com.

11. Cookies and Tracking Technologies

11.1 Types of Cookies We Use

Strictly Necessary Cookies (Cannot be disabled):

• Session management and authentication
• Security and fraud prevention
• Load balancing and performance optimization
• Language and regional preferences

Performance and Analytics Cookies (Can be disabled):

• Google Analytics for traffic analysis
• Heatmaps and user behavior tracking
• A/B testing and website optimization
• Error tracking and debugging

Functional Cookies (Can be disabled):

• Remembering user preferences and settings
• Chat support functionality
• Video player settings
• Form auto-fill features

Marketing and Advertising Cookies (Can be disabled):

• Retargeting and remarketing campaigns
• Conversion tracking
• Social media integration
• Third-party advertising networks

11.2 Managing Cookie Preferences

Browser Controls: You can control cookies through your browser settings:

• Google Chrome: Settings > Privacy and Security > Cookies
• Firefox: Options > Privacy & Security > Cookies
• Safari: Preferences > Privacy > Cookies
• Edge: Settings > Privacy > Cookies

Cookie Banner: When you first visit our website, you can accept or decline optional cookies through our cookie consent banner.

Do Not Track (DNT): We currently do not respond to DNT signals due to the lack of industry standard. However, you can control tracking through browser settings and opt-out mechanisms.

Third-Party Opt-Outs:

• Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout
• Network Advertising Initiative: https://optout.networkadvertising.org
• Digital Advertising Alliance: https://optout.aboutads.info

12. Third-Party Links and Services

Our website may contain links to third-party websites, applications, and services that are not operated by HIITIO. We are not responsible for the privacy practices of these third parties.

Third-Party Integrations:

• Social media platforms (LinkedIn, YouTube)
• Payment processors
• Shipping and logistics trackers
• Technical documentation repositories
• Industry forums and communities

We encourage you to review the privacy policies of any third-party sites you visit. Providing information to third-party sites is governed by their respective privacy policies, not this Privacy Policy.

13. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know:

• Categories of personal information collected
• Sources from which information is collected
• Business purposes for collection
• Categories of third parties with whom we share information
• Specific pieces of personal information we hold about you

Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.

Right to Opt-Out: Opt-out of the “sale” or “sharing” of personal information (we do not sell personal information).

Right to Correct: Request correction of inaccurate personal information.

Right to Limit Use: Limit the use and disclosure of sensitive personal information.

Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

Authorized Agent: You may designate an authorized agent to submit requests on your behalf with proper documentation.

Verification Process: We verify your identity through email confirmation or by matching information you provide with data we maintain.

To exercise CCPA/CPRA rights, contact us at sales@hiitio.com with “California Privacy Rights” in the subject line.

14. Privacy Policy for Specific Regions

14.1 European Economic Area (EEA) and United Kingdom

Data Controller: HIITIO is the data controller for personal information processed under this policy.

Data Protection Officer: For privacy inquiries, contact our DPO at sales@hiitio.com.

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

14.2 China

We comply with the Personal Information Protection Law (PIPL) and Cybersecurity Law of the People’s Republic of China, including:

• Cross-border data transfer regulations
• Personal information security requirements
• Data localization obligations where applicable
• Individual rights protection mechanisms

14.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate, including but not limited to:

• Canada (PIPEDA)
• Australia (Privacy Act)
• Japan (APPI)
• Singapore (PDPA)
• Brazil (LGPD)

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or business operations.

Notification of Changes:

• Posting the updated policy on our website with a new “Effective Date”
• Email notification for material changes affecting your rights
• Prominent notice on our website homepage for significant updates
• Requesting renewed consent where required by law

Review Frequency: We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Continued use of our services after changes indicates acceptance of the updated policy.

Version History: Previous versions of this Privacy Policy are available upon request at sales@hiitio.com.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

HIITIO Privacy Department

Email: sales@hiitio.com
Website: https://www.hiitiosemi.com
WhatsApp: +86 132 1617 9977
Phone: 400-667-9977 (China Only)

Written Correspondence: Privacy Officer
HIITIO
[Please contact us via email for our mailing address]

We will respond to all inquiries within 30 days or as required by applicable law.