Effective Date: March 30, 2026
Introduction
This Privacy Policy (“Policy”) applies to Foshan Yakai Integrated Housing Technology Co., Ltd. (“we,” “us,” or “the Company”) and covers our website https://modulardwell.com/ and related services. It explains how we collect, use, disclose, transfer, and protect personal information in compliance with the EU General Data Protection Regulation (GDPR) and the People’s Republic of China Personal Information Protection Law (PIPL). Where a separate data agreement between the parties takes precedence, that agreement shall govern.
Scope
This Policy applies to personal information processed in relation to our business dealings or use of the website by business contacts, representatives, employees, agents, and other individuals (“you”). Legal, regulatory, or contractual provisions that apply shall prevail where relevant.
Categories of Personal Information We Collect
Company information: company name, registration number, tax ID, business license copies.
Contact information: name, position, business email, office phone, mobile phone, office address, instant messaging IDs (e.g., WeChat/WhatsApp).
Transaction and contract information: quotations, orders, contracts, invoices, shipping/customs information, payment receipts, delivery and after-sales records.
Technical and usage data: IP address, device/browser information, access logs, cookies and similar tracking data.
Compliance and risk data: identity verification, sanctions screening, credit assessments, AML/anti-fraud records.
Other information you voluntarily provide or that is included in communications.
Purposes of Processing and Legal Bases
We process personal information for purposes including contract performance (order processing, invoicing, fulfillment), legal compliance (tax, customs, AML, sanctions), identity verification and credit checks, risk control and fraud prevention, customer relationship management and support, service and website optimization (aggregated/anonymous analytics), and marketing where you have given consent. Legal bases under GDPR and PIPL include contract performance, legal obligation, legitimate interests (after balancing), and explicit consent where required (notably for marketing, non-essential cookies, or cross-border transfers under PIPL).
Processing Methods and Data Minimization
We collect only the information necessary and relevant to the stated purposes and take reasonable steps to keep data accurate and up-to-date. Processing operations include collection, storage, use, transfer, disclosure, archiving, deletion, and destruction.
Recipients and Sharing of Personal Information
To achieve lawful purposes, we may disclose personal information to: payment and financial service providers, logistics and customs service providers, cloud and hosting providers, CRM/email platforms, accounting/tax/legal advisors, counterparties and buyers, and regulators or law enforcement. Prior to disclosure, we assess security and compliance and enter into data processing/confidentiality agreements with third parties.
Cross-Border Transfers and Safeguards
Given the international nature of our business, personal information may be transferred across borders. For transfers from within China, we will comply with PIPL requirements by taking measures such as conducting required security assessments, entering standard contractual clauses, or obtaining the data subject’s separate consent where applicable; for transfers from the EU/UK/other regions, we will implement appropriate legal measures (e.g., EU Standard Contractual Clauses) to ensure lawful transfers and adequate protection.
Data Retention Periods
We retain personal information only as long as necessary to achieve the processing purposes, fulfill legal/accounting/tax obligations, resolve disputes, and enforce agreements. Examples: transactional records (invoices, contracts) are typically retained for statutory accounting/tax periods (e.g., at least seven years), and compliance/risk records are retained per regulatory requirements. Specific retention schedules are maintained internally.
Data Subject Rights and How to Exercise Them
Where applicable, you have rights including access, rectification, deletion, restriction of processing, objection to processing, data portability (where applicable), withdrawal of consent, and request for explanation of automated decision-making logic. To exercise rights, contact info@modulardwell.com. We may request reasonable identity or authorization proof to verify requests and will respond within applicable legal timeframes (e.g., GDPR: one month; PIPL: as prescribed), and may extend where permitted.
Automated Decision-Making and Risk Scoring
We may use automated processing for compliance checks, fraud detection, and risk scoring. Where automated decisions produce legal or similarly significant effects, we will provide, as applicable, meaningful information about the logic involved, possible consequences, and how to request human review or contest the decision.
Technical and Organizational Security Measures
We implement appropriate technical and organizational measures to prevent unauthorized access, disclosure, alteration, or loss, including encryption in transit (HTTPS/TLS), encryption at rest where appropriate, access controls and privilege management, least-privilege principles, logging and monitoring, vulnerability management, backups and disaster recovery, employee security training and confidentiality obligations, and vendor security assessments and contractual safeguards. While we take reasonable measures, no system is absolutely secure; in the event of a data security incident, we will follow applicable breach-notification requirements and remedial actions.
Data Minimization and Accuracy
We limit collection to information adequate, relevant, and necessary for the stated purposes and take reasonable steps to keep personal information accurate and up to date; please notify us of changes.
Cookies and Similar Tracking Technologies
The website uses cookies and similar technologies to support site functionality, maintain sessions, perform analytics, and (with consent) provide targeted marketing. Necessary cookies support core functions; non-essential cookies (analytics/marketing) will be enabled only with consent where required and can be managed or refused via preference settings or browser controls.
Sensitive Personal Information
We do not normally collect sensitive personal information (e.g., racial or ethnic origin, health data, religious beliefs, biometric data) unless necessary to comply with legal obligations and with explicit separate consent or under circumstances permitted by PIPL/GDPR. Where such data is processed, we will apply heightened protections and obtain required consents or legal bases.
Minors
Our services are intended for business users and are not directed at minors. We do not knowingly collect personal information of minors; if we discover such data was collected without required authorization, we will take steps to delete it.
Vendor and Subprocessor Management
We conduct security and compliance due diligence on vendors and enter into data processing agreements requiring data protection, confidentiality, security measures, and restrictions on subprocessor use. A list of subprocessors can be made available upon request.
Legal Requests and Mandatory Disclosures
We may be required to disclose personal information in response to lawful requests by courts, regulators, or law enforcement agencies. We will restrict disclosures to the minimum required and take measures to challenge or limit disclosure where permissible.
International Users and Local Law Differences
Rights and remedies vary by jurisdiction. This Policy outlines general practices; local law and supervisory authority requirements applicable to your jurisdiction may afford additional rights or impose additional obligations, and we will apply stricter local requirements where required.
Complaints and Supervisory Authorities
If you believe we have not processed your personal information lawfully, you may submit a complaint to us at info@modulardwell.com. You may also lodge a complaint with the relevant supervisory authority: in the EU/EEA/UK with your local data protection authority; in China with relevant authorities such as CAC or other competent regulators.
Contact and Data Protection Officer (if applicable)
Privacy Contact / Data Protection Officer:
Email: info@modulardwell.com
Address: No. 8 Gaofeng Road, Yundonghai Street, Sanshui District, Foshan City, Guangdong Province, China
Changes to This Policy
We may update this Policy to reflect legal, operational, or technical changes. For material changes affecting rights, we will provide advance notice as required by law; continued use after notice constitutes acceptance of the updated Policy.
Governing Law and Dispute Resolution
This Policy is governed by the laws of the People’s Republic of China / the competent courts in Foshan, China. Disputes should be resolved amicably where possible; unresolved disputes will be referred to the arbitration body or competent court specified in applicable contracts.
Appendix — Compliance and Implementation Checklist (Summary)
Publish privacy and cookie notices;
Maintain records of processing activities and data inventories;
Implement data minimization, access controls, and auditing;
Establish cross-border transfer procedures (security assessments, standard contractual clauses, or obtain separate consent as required by PIPL);
Implement data subject request handling and identity verification;
Conduct vendor due diligence and sign DPAs;
Create incident response and notification procedures;
Appoint privacy lead and deliver staff training.
How to contact us
info@modulardwell.com
No. 8 Gaofeng Road, Yundonghai Street, Sanshui District, Foshan City, Guangdong Province, China
