Privacy Policy — Hitek Nova Ltd.
Effective date: [TO BE SET BY LAWYER ON PUBLICATION]
Version: 0.2 DRAFT — for legal review, do not treat as final.
At a glance
- Who we are: Hitek Nova Ltd. (registration number 0313995949), registered in Vietnam.
- What we collect: name, email, phone, company, billing address, tax ID, payment information (via PayPal).
- Why we collect it: to provide TestPod, send invoices, respond to support requests, and meet our legal obligations.
- We do not currently send marketing emails. If we ever start, we'll ask for your consent first and let you say no.
- We share data with: PayPal, our service backend at api.testpod.space, our customer chat provider (Facebook), and hosting providers. We do not sell your data.
- You can: ask what we have, correct it, delete it, withdraw any consent, or file a complaint. Email privacy@hiteknova.com.
- We store data: only as long as needed, then we delete or anonymize it.
- Your data may be processed outside Vietnam (United States, where some of our service providers operate). We use legal safeguards.
1. Who we are
We are Hitek Nova Ltd. ("Hitek", "we", "us", "our"), a company registered in Vietnam under business registration (MST) number 0313995949.
- Registered office: C60 Xom Chieu, Xom Chieu Ward, Ho Chi Minh City, Vietnam
- Trading website: https://hiteknova.com
- Product website: https://testpod.space
- Privacy contact: privacy@hiteknova.com
For Vietnamese Decree 13/2023/ND-CP purposes, we are the Personal Data Controller and, where we determine the means and purposes of processing, also act as Personal Data Processor. For EU/UK GDPR purposes, we are the Data Controller.
2. Information we collect
We collect personal information in three ways: (a) information you give us, (b) information we collect automatically, and (c) information from third parties.
2.1 Information you give us
When you register for TestPod or a related Hitek product (customer registration form):
- Company name and tax ID
- Contact person's full name
- Email address
- Phone number (with country code)
- Country
- Billing address (up to three address lines)
- Choice of printer model and label size
- Service preferences (diagnostics, auto-erase, auto-print-label flags)
- Payment information (processed by PayPal; if you pay in cryptocurrency, the transaction ID — we do not store full card numbers)
- Your PayPal account email (so we can reconcile incoming payments to your account)
When you contact us through the contact form or booking form:
- Full name
- Email address
- Phone number
- Company name
- Country
- Message content
When you subscribe to email updates: email address.
When an administrator signs in to the back-office (employees only): username, hashed password, IP address, timestamp.
2.2 Information we collect automatically
- IP address of the device you use to access our website (used to detect abuse).
- Browser and device information sent automatically by your browser.
- Pages visited and actions taken, stored in server logs.
- Cookies and similar technologies (see Section 11).
2.3 Information from third parties
- From PayPal: payment status, payer identifier, transaction reference. We do not receive card numbers.
- From Facebook Customer Chat (if you use the chat widget): your chat messages and Facebook profile name.
2.4 Information we do not collect
- We do not knowingly collect personal information from anyone under 16.
- We do not collect special-category data (health, biometric, racial, religious, political opinions, sexual orientation, etc.).
- We do not collect information about people who are not customers or prospective customers.
- We do not currently use Google Analytics, Meta Pixel, TikTok Pixel, Hotjar, or any behavioural advertising trackers.
3. How we use your information
| Purpose | What it covers | Legal basis |
|---|---|---|
| Account creation and management | Creating your TestPod account, enabling login, sending technical setup instructions, hardware provisioning | Performance of a contract — Vietnam Decree 13 Art. 17.4 / GDPR Art. 6(1)(b) / LGPD Art. 7, V |
| Billing and payment reconciliation | Generating invoices, processing payments via PayPal, matching incoming PayPal payments to your account using your PayPal email, sending receipts | Performance of a contract + legal obligation (Vietnamese tax law) |
| Customer support | Responding to your questions, troubleshooting, handling warranty claims | Performance of a contract |
| Service delivery | Sending you device tracking codes, diagnostic reports, and product updates that are part of the service | Performance of a contract |
| Security and fraud prevention | Logging admin sign-ins, monitoring for suspicious activity, detecting bots via honeypot fields | Legitimate interests / legal obligation |
| Legal compliance | Retaining invoices for tax, responding to lawful requests | Legal obligation |
| Improving our website and product | Aggregate analysis of usage, in pseudonymized form | Legitimate interests |
| Marketing communications | We do not currently send marketing emails. If we ever start, we will ask for your specific consent first, and you will be able to say no at any time. | Consent — GDPR Art. 6(1)(a) / LGPD Art. 7, I / Vietnam Decree 13 Art. 11 |
We will never use information collected for billing/support purposes to send marketing without separately asking for your consent.
4. Who we share your information with
| Recipient | Purpose | Where they process data |
|---|---|---|
| api.testpod.space (our service backend) | Storing customer accounts, devices, billing, support tickets. Operated by Hitek and our affiliates. | United States (Google Cloud, us-central1) |
| PayPal (PayPal Pte. Ltd. for Vietnam customers, PayPal Holdings, Inc. globally) | Processing card and PayPal payments; we store your PayPal account email to reconcile payments | Singapore, United States, with offices in EU |
| Meta Platforms Ireland Ltd. (Facebook) | Customer Chat widget on our website | EU, with data flows to United States |
| Google Ireland Ltd. (YouTube) | Embedded product videos on our website | EU, with data flows to United States |
| StableHost LLC | Website hosting; default outbound SMTP for transactional emails (invoices, password resets, account notifications) | United States |
| Our professional advisers (accountants, auditors, lawyers) | Legal, tax, and audit support | Vietnam, possibly other jurisdictions |
| Government authorities | Only when legally required (court order, regulatory request, tax filing) | Vietnam |
We do not sell or rent your personal information to anyone for any purpose.
We do not share your personal information with advertising networks or data brokers.
We do not currently use a third-party email or SMS service. Transactional email is sent via our hosting provider's mail server. We do not send SMS.
If we ever undergo a corporate transaction (merger, acquisition, sale of assets), personal information may be transferred as part of that transaction. We will notify you in advance through this website or by email.
5. International data transfers
Some of our service providers (notably PayPal, Google Cloud, and Meta) are based in the United States and other countries outside Vietnam and the European Union.
When personal data is transferred from Vietnam, the EU, the UK, or Brazil to a country that has not been recognized as providing an "adequate" level of data protection, we use legally required safeguards:
- From Vietnam: a Cross-Border Data Transfer Impact Assessment Dossier filed with the Department of Cybersecurity and High-Tech Crime Prevention (A05) under Decree 13/2023/ND-CP Articles 25-26. [NOTE: this filing is being prepared and will be completed before publication of this policy.]
- From the EU/UK/Brazil: Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent.
You can request a copy of the safeguards we use by emailing privacy@hiteknova.com.
6. How long we keep your information
| Data | Retention period |
|---|---|
| Customer account information (name, email, company, address, tax ID) | For the duration of your account, plus 6 years after account closure to support legal claims and warranty obligations |
| Billing records and invoices | 10 years from the invoice date (Vietnamese Law on Accounting, Article 41) |
| Support tickets and chat history | 3 years after the ticket is closed |
| Marketing consent records (when applicable) | For as long as the consent is active, plus 2 years after withdrawal, as proof of past consent |
| Email subscription | Until you unsubscribe, plus 30 days to process the unsubscribe |
| Administrator login logs | 12 months |
| Server logs and error logs (including IP) | 90 days |
| Cookies | See Section 11 |
| Backups containing the above | Rolling 30-day cycle. Data persisting in a backup is fully deleted when that backup rolls off. |
7. Your rights
Depending on the country you are in, you have some or all of the following rights:
- Right to know / Right of access. Confirm whether we hold your personal information and request a copy.
- Right to correction. Fix information that is wrong or out of date.
- Right to deletion ("right to be forgotten"). Delete your personal information, unless we have a legal reason to keep it (e.g. tax records).
- Right to restrict processing. Stop using your information while we investigate a complaint or correct an error.
- Right to object. Object to specific uses of your information, such as legitimate-interest processing.
- Right to data portability. Get a copy of your information in a machine-readable format.
- Right to withdraw consent. Where processing depends on your consent, withdraw it at any time.
- Right to lodge a complaint. Complain to us at privacy@hiteknova.com or to a supervisory authority — see Section 13.
- Right not to be subject to fully automated decision-making. We do not currently make any such decisions about you.
We will respond to any rights request within 30 days of receiving it. We may extend by 60 days for complex cases and will tell you why. We may need to verify your identity. There is no charge unless the request is clearly excessive.
8. How to exercise your rights
Email privacy@hiteknova.com with:
- Your full name and the email address associated with your account
- What right you want to exercise
- (Optional) the country you are in, so we apply the right framework
We acknowledge within 5 business days and respond fully within 30 days.
9. Security
We use commercially reasonable technical and organizational measures:
- HTTPS for all traffic
- Password hashing (we never store passwords in plain text)
- Access controls so only authorized staff can reach customer data
- Regular software updates
- Logging and monitoring of administrative access
- Anti-bot honeypot fields on public forms
- Captcha on administrator login
No method of transmission or storage is 100% secure. If we discover a personal-data breach that is likely to result in risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.
10. Children's privacy
Our service is intended for businesses and adults. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.
For Vietnam (Decree 13/2023 Art. 20): processing of data of a person under 7 requires the legal guardian's consent. For persons aged 7-15, both the guardian's and the child's consent are required.
11. Cookies and similar technologies
A "cookie" is a small text file that a website saves on your device. We use cookies in three ways:
| Type | Purpose | Examples | Lifetime | Consent needed? |
|---|---|---|---|---|
| Strictly necessary | Keep you signed in, remember language, security | PHP session cookie (ci_session) | Session, or up to 7 days for "remember me" | No |
| Functional | Improve your experience | Language preference | Up to 1 year | No |
| Third-party (chat, video) | Facebook Customer Chat; YouTube embeds | Cookies set by facebook.com and youtube.com | Varies | Yes |
We do not use analytics cookies, advertising cookies, or any cross-site tracking pixels.
You can manage cookies through: our cookie banner (shown on first visit, re-openable via "Cookie settings" link in the footer), your browser settings, or Facebook's and Google's privacy settings.
12. Changes to this policy
We may update this policy from time to time. For material changes to your rights, we will update the effective date, notify you by email if you have an account, and display a prominent notice on the website for at least 30 days.
The current version is always at https://hiteknova.com/post/policy. Older versions on request.
13. Contact and complaints
General privacy contact
Email: privacy@hiteknova.com
Post: C60 Xom Chieu, Xom Chieu Ward, Ho Chi Minh City, Vietnam — attention: Data Protection contact.
Vietnam — Supervisory authority
You may complain to the Department of Cybersecurity and High-Tech Crime Prevention (A05), Ministry of Public Security:
47 Pham Van Dong, Mai Dich Ward, Cau Giay District, Hanoi
Hotline: 069 219 4053
European Union / United Kingdom
You can lodge a complaint with your local Data Protection Authority. EU DPA list: https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK: Information Commissioner's Office at https://ico.org.uk.
Brazil
LGPD (Law 13.709/2018) applies. Authority: Autoridade Nacional de Proteção de Dados (ANPD), https://www.gov.br/anpd.
California
You have rights under the CPRA, including the right to know, delete, correct, and limit. We do not sell personal information. We do share some information (cookies, IP) with chat and video providers in ways that may be considered "sharing" under the CPRA. A "Do Not Sell or Share My Personal Information" link is in our footer.
Canada
PIPEDA applies. Complain to the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca.
v0.2 DRAFT — pending legal review before final publication.