TOOOONY

Cross-Border Data Transfer Authorization

Last updated: 4/28/2026

In accordance with applicable laws and regulations (including China's Personal Information Protection Law and Data Security Law), we hereby inform you about the cross-border transfer of your personal information and obtain your authorization.

1. Why We Transfer Data Cross-Border

To provide you with better services, your personal information may need to be transferred cross-border in the following situations:

  • Global Service Support: Parts of our business span multiple countries and regions, requiring data synchronization between servers in different locations
  • Third-Party Services: Some third-party service providers we use (such as cloud storage, data analytics, payment processing) have servers located overseas
  • Business Collaboration: Necessary business collaboration and data exchange with overseas partners
  • Legal Compliance: Data transfers required by applicable law or regulatory requirements

2. Types of Personal Information Transferred

Personal information that may be subject to cross-border transfer includes but is not limited to:

2.1 Basic Information

  • Account information (username, email, phone number)
  • Profile information (nickname, avatar, etc.)

2.2 Usage Data

  • Device information (device model, OS version, device identifiers)
  • Log information (IP address, access time, pages visited)
  • Usage preferences and behavioral data

2.3 Transaction Information

  • Order information
  • Payment information (encrypted)
  • Delivery address and related information

3. Destinations of Cross-Border Transfers

Your personal information may be transferred to the following countries or regions:

  • United States: Cloud storage and data analytics services
  • Singapore: Asia-Pacific server clusters
  • European Union: Service support for European users
  • Other regions: As required by business needs

4. Overseas Recipients

4.1 Third-Party Service Providers

  • Cloud service providers (e.g., AWS, Google Cloud, Azure)
  • Content delivery network (CDN) providers
  • Data analytics service providers
  • Payment service providers

4.2 Affiliated Companies

Our overseas affiliated companies or subsidiaries, used to provide a unified service experience and business support.

4.3 Business Partners

Other business partners authorized by you.

5. Security Measures

5.1 Technical Measures

  • Encrypted Transmission: Industry-standard encryption (TLS/SSL) to protect data in transit
  • Access Controls: Strict access control to ensure only authorized personnel can access personal information
  • Data Anonymization: Anonymization or de-identification of data where possible
  • Security Audits: Regular security audits and vulnerability scans

5.2 Administrative Measures

  • Contractual Safeguards: Data processing agreements with overseas recipients
  • Standard Clauses: EU Standard Contractual Clauses or equivalent internationally recognized frameworks
  • Compliance Assessment: Evaluation of recipients' data protection capabilities
  • Oversight: Continuous monitoring and periodic review

5.3 Incident Response

  • Data breach emergency response procedures in place
  • Timely notification to you and relevant regulators in the event of a data breach
  • Remediation measures to reduce risk and harm

6. Data Protection Standards of Recipients

  • Legal Compliance: Recipients are subject to a comprehensive personal information protection legal framework
  • Certifications: Recipients hold internationally recognized certifications (e.g., ISO 27001, SOC 2)
  • Data Localization: We prioritize local data storage where applicable
  • Rights Preservation: You can still exercise access, rectification, and deletion rights

7. Your Rights

Even when your personal information is transferred overseas, you retain the following rights:

  • Right to Know: Be informed of which countries your data is transferred to
  • Right to Withdraw Consent: Withdraw consent at any time (may affect service availability)
  • Right of Access: View your personal information stored overseas
  • Right of Rectification: Request correction of inaccurate information
  • Right of Erasure: Request deletion of your personal information
  • Right to Complain: Lodge a complaint with a supervisory authority

To exercise these rights, contact us via the details below.

8. Authorization and Withdrawal

8.1 Your Authorization

By using our services, you acknowledge that you have read and understood this notice and authorize the cross-border transfer of your personal information as described herein.

8.2 Withdrawing Authorization

You have the right to withdraw your authorization at any time. You may do so by:

  • Using the privacy options in the app settings
  • Contacting our customer service
  • Sending an email to support@toooony.cn

Please note: Withdrawing authorization may result in our inability to continue providing some or all services to you.

9. Protection of Minors

Personal information of children under 14 years of age will not be transferred cross-border without explicit guardian consent. We will immediately stop any such transfer and delete the information if discovered.

10. Policy Updates

We may update this authorization notice for changes to: destination countries, overseas recipients, types of personal information transferred, or security measures. We will notify you of material changes and obtain renewed authorization.

11. Contact Us

  • Data Protection Officer Email: support@toooony.cn
  • Address: China

We will respond to your request within 15 business days.

Important Notice:

  • Cross-border transfer requires your separate authorization
  • You may withdraw authorization at any time, which may affect certain services
  • We are committed to taking adequate security measures to protect your personal information
  • If you have any questions, please contact us at any time

© 2025 Toooony. All rights reserved.