GDPR Data Protection Notice
This GDPR Data Protection Notice is intended to explain the principles governing the processing of personal data by RankMarket in the course of providing platform services and conducting related operational activities, the applicable legal bases for such processing, and the rights available to users. This Notice is formulated in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and applies to the RankMarket platform and its related services.
I. General Principles of Personal Data Processing
In the course of operating the RankMarket platform and providing services to users, we may process personal data relating to users within a reasonable and necessary scope. Such processing activities are primarily conducted to support the provision and operation of platform services, fulfill platform obligations, safeguard system and user security, and comply with applicable legal and regulatory requirements.
When processing personal data, we adhere to the principles of lawfulness, compliance, and data minimization. Personal data is processed only to the extent necessary to achieve clear and legitimate service purposes, and based on the reasonable expectations formed by users in the course of using the platform services.
II. Legal Bases for Personal Data Processing
We process personal data only where a valid legal basis as prescribed by applicable laws and regulations exists, for the purposes of providing and performing platform services, complying with legal and regulatory obligations, and ensuring the normal operation and security of the platform.
In practice, such processing activities typically relate to the following business scenarios:
– Supporting the service relationship and related contractual arrangements between users and the platform; – Completing orders, top-ups, payment confirmations, after-sales support, and related operations; – Complying with applicable legal, tax, accounting, and regulatory obligations; – Safeguarding the security of the platform and users, and preventing fraud, abuse, or other improper conduct; – In specific circumstances where explicitly required by law, based on the user’s explicit authorization.
We do not process personal data in the absence of a valid legal basis. Depending on the specific circumstances, personal data processing may be based on the performance of a contract, compliance with legal obligations, the legitimate interests of the platform, or the explicit consent of the user, subject to the nature of the data and the purpose of processing.
III. Categories of Personal Data
Within a reasonable and necessary scope, RankMarket may process the following categories of personal data relating to users:
– Account and contact information (for account creation, identity verification, and service communications); – Order and service information (for order fulfillment, service delivery, and after-sales support); – Payment-related reference information (such as transaction status and order-related identifiers, excluding full payment card details); – Technical and security information (such as device, log, or access-related information, used to ensure system security and stability); – Information generated through communications between users and the platform (such as customer support records).
These categories of data are processed solely to the extent necessary to achieve specific service purposes and to fulfill legal obligations.
Payment-related data processing is primarily carried out by third-party payment service providers within their compliant systems. RankMarket does not store complete payment card numbers, CVV codes, or other sensitive payment authentication information in its own systems. The platform only receives transaction results, order status information, and relevant reference identifiers returned by payment service providers, to the extent necessary for order processing, reconciliation, refunds, and customer support.
IV. Use, Access, and Sharing of Personal Data
Personal data is used and accessed solely within the scope necessary to achieve the purposes described above and to comply with applicable legal obligations.
In the course of platform operations, certain personal data may be processed by RankMarket’s internal systems, or, where necessary, by third-party service providers that support platform operations and service performance on behalf of RankMarket.
Such third parties are permitted to process personal data only to the extent necessary to perform their respective service functions, and are required, pursuant to contractual arrangements and applicable data protection laws, to implement appropriate technical and organizational security measures.
V. Cross-Border Data Processing and Protection
Due to the platform’s technical architecture, service coverage, and operational characteristics, personal data may be processed or stored in different countries or regions.
Where personal data is transferred from the European Union to locations outside the EU, RankMarket will implement compliant transfer mechanisms and appropriate technical and organizational safeguards in accordance with applicable data protection laws, to ensure that personal data remains adequately protected throughout the processing lifecycle.
Such cross-border transfers may be conducted on the basis of adequacy decisions issued by the European Commission, Standard Contractual Clauses (SCCs), or other lawful transfer mechanisms.
VI. Data Retention and Lifecycle Management
We retain personal data only for the period reasonably necessary to achieve the purposes for which it is processed, to fulfill legal or compliance obligations, to safeguard platform security, or to resolve relevant disputes.
Once the relevant purposes no longer exist or the retention period expires, personal data will be processed in accordance with applicable legal requirements through deletion, anonymization, or other compliant methods.
VII. Data Controller Information
For the personal data processing activities described in this Notice, the entity responsible for the operation and management of the RankMarket platform acts as the relevant Data Controller.
Contact Information:
Users may contact us regarding personal data matters via:Email: [email protected]
Where applicable, RankMarket has designated personnel responsible for data protection matters based on its business scale and risk profile, and such matters are handled through the contact details provided above.
VIII. Users’ Personal Data Rights
In accordance with applicable data protection laws, eligible users are entitled to exercise the following rights in relation to their personal data, including but not limited to:
– The right to confirm whether we process their personal data and to request access; – The right to request correction of inaccurate or incomplete personal data; – The right to request deletion of personal data where legally permissible; – The right to request restriction of, or to object to, certain processing activities; – The right to receive their personal data in a structured, commonly used, and machine-readable format and to exercise data portability; – The right to withdraw consent at any time where processing is based on consent (without affecting the lawfulness of processing prior to withdrawal).
Users may submit relevant requests through the contact channels published by RankMarket. RankMarket will respond to such requests in accordance with applicable data protection laws within a reasonable timeframe, generally not exceeding 30 days. Where requests are complex or require an extension, users will be informed in accordance with legal requirements.
IX. Automated Processing and Risk Management
In the course of platform operation and security management, RankMarket may use automated technical measures to assist with system administration, risk identification, fraud prevention, and service stability assurance.
Such automated processing is used solely as a supporting measure and will not, in the absence of appropriate safeguards or human intervention mechanisms, be used as the sole basis for decisions producing legal effects or similarly significant impacts on users.
Users may request human review through platform channels if they have questions regarding the outcomes of such processing.
X. Data Security and Protection Measures
We have implemented technical and organizational measures appropriate to our business scale, technical capabilities, and risk profile to prevent unauthorized access, disclosure, alteration, or misuse of personal data, and to reduce potential security risks during data transmission and storage.
XI. Complaints, Communication, and Regulatory Remedies
If users believe that the processing of their personal data does not comply with applicable data protection laws, they have the right to lodge a complaint with the competent personal data protection supervisory authority.
We encourage users, where possible, to contact RankMarket through the published contact channels prior to seeking regulatory remedies, so that we may address and resolve concerns promptly.
XII. Updates to This Notice
We may update this Notice from time to time in response to changes in laws, regulatory requirements, or platform operations. Updated versions will be published on the platform and will take effect as of the date of publication.
XIII. Use of Cookies and Similar Technologies
To ensure the normal operation of the RankMarket platform and to maintain platform security, RankMarket may use cookies or similar technologies (such as local storage or logging technologies) during platform operation.
Such technologies may be used for the following purposes:
– Ensuring the proper functioning and stability of core platform features; – Identifying and preventing abnormal access, abuse, or security risks; – Recording basic usage status to support account management and service continuity.
Where required by applicable data protection laws, matters relating to the use of cookies or similar technologies will be handled in accordance with legal requirements.
