Applies to: htrbamboo.com and related subdomains (the “Site”) operated by HTR Bamboo Products (“we”, “us”, “our”).

We run a B2B manufacturing business and collect only what we need to quote, fulfill orders, and support customers. We don’t sell personal data. This policy explains what we collect, why, how long we keep it, and your choices.

1) Who we are & how to contact us

  • Controller: HTR Bamboo Products, Singapore.
  • Data Protection Contact: privacy@htrbamboo.com (preferred) or +65 96421218.

2) What we collect

We collect B2B contact and order data you or your company give us, and limited technical data from using the Site.

A. You provide (forms, email, chat, phone)

  • Identity & contact: name, job title, company, work email, work phone, country/region.
  • Business details: RFQ specs, dimensions, materials, required standards (e.g., E0/E1), delivery terms, sample requests.
  • Transaction & support: purchase orders, invoices, shipment details, claims/returns materials (photos, videos), warranty/after-sales communications.

B. Collected automatically (Site & emails)

  • Device/usage: IP address, device/OS/browser, pages viewed, time on page, referrer, UTM tags.
  • Cookies/pixels: analytics, conversion tracking, and basic site operations (see §10).

C. From third parties (B2B context)

  • Lead sources: industry directories, LinkedIn/business profiles, trade fair lists (where permitted).
  • Logistics & KYC: forwarders/carriers, payment providers, and due-diligence checks to prevent fraud/abuse.

We do not intentionally collect special categories of data (health, religion, etc.) and we do not target children; see §12.

3) Why we use your data (purpose & legal basis)

Contract & pre-contract (GDPR Art. 6(1)(b)) / PDPA “reasonable purposes”:

  • Respond to RFQs, provide quotes/spec sheets, supply samples, manufacture to order, ship goods, provide after-sales service.

Legitimate interests (GDPR Art. 6(1)(f)) / PDPA:

  • Running and securing the Site (WAF, bot filtering, logs).
  • Preventing fraud and abuse.
  • B2B sales outreach to relevant business contacts (you can opt out any time).
  • Improving website funnels and product information.

Consent (where required):

  • Non-essential cookies/remarketing pixels.
  • Optional marketing subscriptions.

Legal obligations:

  • Tax, accounting, sanctions/export-control screening, responding to regulators.

4) What we don’t do

  • No consumer retail profiles, no behavioral “data brokerage,” no selling personal data for money.
  • No hidden third-party fulfillment of services (manufacturing is in-house; third parties are logistics and processors only).

5) How we share data (processors & recipients)

We share B2B personal data only as needed:

Processors (act on our instructions):

  • Hosting & infrastructure: HOST NAME / CLOUD PROVIDER, with Cloudflare for CDN/WAF/DDoS protection.
  • Email & productivity: EMAIL PROVIDER, FILE STORAGE PROVIDER.
  • CRM/automation: CRM/MA PLATFORM (or self-hosted n8n on SERVER/PROVIDER).
  • Analytics & ads: Google Analytics/Ads, possibly Meta/TikTok/LinkedIn pixels if enabled (see §10).
  • Ticketing/support (if used): TOOL NAME.

Business recipients (independent controllers where applicable):

  • Freight forwarders/ocean carriers/couriers (to deliver goods).
  • Banks/payment providers (to process payments).
  • Inspection/testing labs (if you request third-party testing).
  • Government/customs (where law requires).

We sign or accept reasonable data-processing terms where available. We do not grant processors rights to use your data beyond our stated purposes.

6) International transfers

We operate and ship globally. Your data may be processed in countries outside your own, including CHINA, SINGAPORE, the EU/EEA, the US, and others where our providers or servers are located.When required (e.g., EU/UK data), we use Standard Contractual Clauses or comparable safeguards. For Singapore PDPA, we ensure overseas recipients provide a comparable standard of protection.

7) Retention—how long we keep data

  • Prospect/RFQ records: up to 24 months after last contact, unless you ask us to delete sooner (subject to legal holds).
  • Customer/order records: typically 7 years to meet tax/audit laws.
  • Site analytics logs: raw logs up to 12 months; aggregated analytics may be kept longer without personal identifiers.We delete or anonymize data when no longer needed.

8) Security (what we actually do)

  • HTTPS/TLS site-wide; Cloudflare WAF and bot mitigation.
  • Hardened WordPress (least-privilege, MFA for admins, timely updates, plugin hygiene).
  • Server security: provider-level isolation, malware scanning, off-site encrypted backups, role-based access, activity logging.
  • Email & account security: MFA, phishing-aware workflows.No system is perfect, but we apply practical controls suitable for a B2B site and review them periodically.

9) Your rights & choices

Depending on your location (e.g., EU/UK GDPR, Singapore PDPA, California CCPA/CPRA), you may have rights to:

  • Access and receive a copy of your data.
  • Correct inaccurate data.
  • Delete data (subject to legal retention).
  • Object to or restrict certain processing (e.g., marketing).
  • Withdraw consent where processing relies on consent.
  • Portability (EU/UK).Requests: email privacy@htrbamboo.com. We’ll verify identity at a level proportionate to the request.

Marketing opt-out: All marketing emails include an unsubscribe link. You can also email us to opt out of outreach.

10) Cookies & similar technologies

We use cookies, pixels, and tags for:

  • Essential operations (load balancing, security, form handling).
  • Analytics (e.g., Google Analytics) to understand traffic and improve the Site.
  • Advertising/measurement (e.g., Google Ads conversions; optional remarketing if enabled).

Your options:

  • Use our cookie banner to accept/decline non-essential cookies.
  • Control cookies in your browser and use https://tools.google.com/dlpage/gaoptout for Google Analytics opt-out.
  • Ad settings: https://adssettings.google.com (Google).Details live in our Cookie Notice (link this page or a separate cookie policy).

11) Do Not Sell / Share (CCPA/CPRA – if applicable)

We don’t sell personal information for money. If we use cross-context behavioral advertising (remarketing), that may be considered “sharing” under California law. California residents can submit a “Do Not Sell or Share” request via [DO-NOT-SELL LINK OR EMAIL] and can opt out of non-essential cookies in the banner.

12) Children

This Site and our products are for businesses. We do not knowingly collect data from children under 16 (or a higher age where required). If you believe a child provided data, contact privacy@htrbamboo.com to have it removed.

13) Third-party websites

Links to external sites are provided for convenience. Their privacy practices apply when you visit them.

14) Changes to this policy

We’ll update this policy when our practices change. Material changes will be noted by updating the “Last updated” date and, where required, by reasonable notice.