Privacy Policy

1. Who we are

Vialdyne ("Vialdyne", "we", "our", "us") is a peptide manufacturer headquartered in Shanghai, China. We operate the website vialdyne.com ("Site") to communicate with qualified business buyers, compounding pharmacies, research institutions, biotech and pharmaceutical companies, medical-aesthetic brands, and distributors.

This Privacy Policy explains how we handle information collected through the Site and through your inquiries with us. It is written to comply with the General Data Protection Regulation (EU GDPR), the California Consumer Privacy Act (CCPA / CPRA), the China Personal Information Protection Law (PIPL), and equivalent regulations in other jurisdictions we serve.

For the purposes of GDPR, Vialdyne acts as the data controller of information you submit through this Site. For PIPL purposes, Vialdyne is the personal information processor.

2. Information we collect

We collect only information necessary to respond to your business inquiry and to operate the Site.

Information you provide directly:

• Salutation, first and last name
• Business email address
• Company or organization name
• Country / region of operation
• Buyer type (compounding pharmacy, med-spa, research lab, biotech, distributor, other)
• Products of interest, including quantities and timing
• Free-text notes you choose to include

Information we collect automatically:

• Standard server logs (IP address, user agent, referrer, request timestamp) retained by our hosting provider Vercel for security and abuse prevention
• Aggregate analytics (visitor count, page views, traffic sources) via Vercel Analytics, cookieless and privacy-preserving
• If you have an active analytics cookie consent (when offered), additional engagement metrics via Google Analytics 4

We do not knowingly collect or process special categories of personal data (health, biometric, racial, political, religious, sexual orientation) through this Site.

3. Lawful basis for processing (GDPR Article 6)

We process personal data under the following lawful bases:

• Legitimate interest, responding to unsolicited B2B inquiries from prospective buyers and maintaining ordinary business correspondence
• Contract, performing pre-contractual steps requested by you (preparing quotations, sending COAs, scheduling follow-up calls)
• Consent, where required, for non-essential analytics and marketing communications, and only after you affirmatively opt in
• Legal obligation, retaining commercial records and tax invoices for periods mandated by local law

4. How we use your information

We use the information we collect to:

• Respond to your sourcing inquiry, prepare a quotation, and send technical documentation (COA, HPLC chromatogram, MS spectrum, stability data, SDS)
• Perform pre-contractual due diligence, including buyer-type verification, sanctions screening, and (where applicable) regulatory eligibility checks
• Communicate with you about your order, confirmations, shipping notifications, invoicing, and post-shipment follow-up
• Send occasional sourcing intelligence and regulatory briefings, only if you opt in
• Protect the Site against fraud, abuse, and unauthorized access
• Comply with our legal obligations, including export controls, customs declarations, and tax reporting
• Improve the Site in aggregate (anonymized analytics only)

We never sell, rent, or trade your personal information to third parties for their independent marketing purposes.

5. Sub-processors and third parties

We share information with the following service providers, each bound by a written data-processing agreement requiring confidentiality and security at least equivalent to ours:

• Vercel Inc. (USA), website hosting, edge CDN, anonymous performance analytics
• Alibaba Cloud (Mail), transactional email delivery for inquiry submissions via SMTP
• Cloudflare Inc. (USA), DNS and DDoS protection at the edge
• Google LLC (USA), Google Analytics 4, with IP-anonymization enabled and no PII passed (only aggregated traffic patterns and key event names such as form submissions and outbound clicks)
• Major email providers (e.g., Microsoft 365, Google Workspace), used by our sales team to receive your inquiries and respond to you
• International couriers (DHL, FedEx, UPS, TNT) when shipping product samples or commercial orders, limited to consignee name, address, and contact details
• Banks and payment processors, only for transactions you have agreed to
• Customs brokers and freight forwarders, only when needed for declared shipments

We do not engage marketing-data brokers, ad-tech retargeting networks, or social-media tracking pixels on this Site.

6. International data transfers

Because we are headquartered in China and our sub-processors are located in the United States and other jurisdictions, your information will be transferred internationally.

For transfers of EU/EEA personal data to non-adequate jurisdictions, we rely on the European Commission's Standard Contractual Clauses (SCCs) and additional safeguards consistent with the Schrems II decision. For UK personal data, we rely on the UK International Data Transfer Addendum.

For transfers of personal information of PRC data subjects abroad, we rely on the standard contract for cross-border transfer of personal information under PIPL Article 38, and we conduct personal-information-impact assessments where required.

For California consumer data, the CCPA does not restrict cross-border transfer but does impose disclosure obligations, which this section satisfies.

Copies of our transfer agreements are available on request by writing to the address in Section 14.

7. Data retention

We keep your information only as long as necessary for the purposes described in this Policy or as required by law:

• Inquiry correspondence, 3 years from your last interaction, then archived for an additional 4 years for legal-defense purposes
• Commercial invoices and shipping records, 10 years (PRC accounting law requirement)
• Server logs, 30 days (or as set by Vercel)
• Marketing-consent records, until you withdraw consent, then 2 years for compliance evidence

When the applicable retention period expires, we securely delete or irreversibly anonymize the data.

8. Your rights

Depending on the law applicable to you, you may have the following rights regarding your personal information:

• Right of access, confirm whether we hold your data and obtain a copy
• Right to rectification, correct inaccurate or incomplete information
• Right to erasure (the right to be forgotten), request deletion, subject to legal-retention obligations
• Right to restrict or object to processing, limit how we use your information
• Right to data portability, receive your data in a structured, machine-readable format and have it transmitted to another controller
• Right to withdraw consent, for any processing based on consent, at any time and without penalty
• Right not to be subject to solely automated decision-making with significant effects, we do not engage in such processing
• Right to lodge a complaint, with your local data-protection authority (in the EU, your national DPA; in the UK, the ICO; in California, the CPPA; in mainland China, the CAC)

To exercise any of these rights, email info@vialdyne.com with the subject "Privacy Request" and tell us which right you wish to exercise. We will respond within 30 calendar days. We may ask you to verify your identity before fulfilling the request.

9. Marketing communications

Outside the direct response to your inquiry, we will only send you marketing emails (sourcing intelligence, regulatory briefings, new SKU announcements) if you have explicitly opted in. Every marketing email contains a one-click unsubscribe link, which is honored within 5 business days.

10. Cookies and similar technologies

We use a minimal set of cookies and similar technologies. See our Cookies Policy for a complete list, durations, and instructions for management.

11. Security

We protect your information with industry-standard safeguards:

• Transport, TLS 1.2 or higher for all traffic; HSTS preload enabled
• Storage, end-to-end encrypted email transport with our providers; access-controlled storage at Vercel
• Access, least-privilege access for our employees; multi-factor authentication required for all administrative accounts
• Auditing, quarterly internal review of access logs and processor agreements
• Vendor due diligence, written DPAs with all sub-processors and reasonable security assurances on file

No internet transmission or storage system is 100% secure. While we work to protect your data, we cannot guarantee absolute security and recommend using your own safeguards (encrypted email, secure file transfer) when sharing sensitive commercial or regulatory documents.

12. Data-breach notification

If we become aware of a breach affecting your personal data, we will notify the relevant supervisory authority within 72 hours when required by law (GDPR Article 33) and notify you directly without undue delay when the breach is likely to result in a high risk to your rights and freedoms (GDPR Article 34, PIPL Article 57).

13. Children

This Site is intended for qualified business buyers and is not directed to children under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with information, please contact us so we can delete it.

14. How to contact us

Privacy inquiries: info@vialdyne.com with subject line "Privacy"

General sales: info@vialdyne.com

Postal address: Vialdyne, Shanghai, China

For EU/EEA matters, you may also contact your local data-protection authority directly.

15. Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in law or our operations. We will revise the Effective Date at the top of this page and, when changes are material, post a notice on the Site. Continued use of the Site after the Effective Date constitutes acceptance of the updated Policy.