Privacy Policy
Effective Date: April 10, 2026
Introduction
Robotsdesk (“Robotsdesk,” “we,” “us,” “our”), a global marketplace connecting robotics manufacturers and sellers with buyers for industrial, commercial, and household robots.
As a data user under the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486), we are committed to protecting your privacy and complying with applicable data protection laws across all jurisdictions where we operate. This Privacy Policy explains how we collect, use, share, and protect your personal data. It applies to all visitors, buyers, vendors, and users of our website, mobile applications, and related services.
We take your privacy seriously and have designed this policy to be transparent, fair, and compliant with the global standards. If you have any questions about this policy or our data practices, please contact us immediately.
Primary Contact Information:
Data Protection Officer (DPO): dpo@robotsdesk.com
General Support: support@robotsdesk.com
Postal Address: Robotsdesk, [Your Address], Hong Kong
1. Hong Kong PDPO Compliance (Our Primary Framework)
As a Hong Kong-based business, we prioritize compliance with the Personal Data (Privacy) Ordinance (PDPO), which establishes six core Data Protection Principles (DPPs) that govern our operations:
Data Protection Principles Explained
DPP1 – Collection of Personal Data: We collect your personal data lawfully, fairly, and transparently. Before collecting data, we inform you of the purposes and disclose our identity and contact information. We do not collect data through deception or coercion.
DPP2 – Accuracy and Duration of Retention: We take reasonable steps to ensure your personal data is accurate, complete, and up-to-date. We retain data only as long as necessary to fulfill the purposes for which it was collected. Once the purpose is served, we securely delete or anonymize the data. For instance, order data is retained for 7 years to comply with Hong Kong tax laws, then permanently deleted.
DPP3 – Use of Personal Data: We use your data only for the purposes disclosed at collection. If we wish to use your data for a new purpose (e.g., direct marketing), we obtain your prior consent. This principle prevents us from selling your data to advertisers or using it in ways you did not anticipate.
DPP4 – Access to Personal Data: You have the right to request access to your personal data held by us. We will provide a copy within 30 calendar days of verification. You also have the right to request correction of inaccurate data. We will not unreasonably refuse these requests.
DPP5 – Security of Personal Data: We implement practicable security measures to protect your data from unauthorized access, processing, erasure, or loss. This includes encryption, access controls, regular audits, and staff training. We also require our service providers to maintain equivalent security standards.
DPP6 – Openness: We maintain transparent privacy practices. This Privacy Policy, our cookie policy, and data handling procedures are publicly available. We respond promptly to privacy inquiries and complaints.
Your Rights Under Hong Kong PDPO
You have the following rights:
Right of Access: Request a copy of your personal data
Right of Correction: Request correction of inaccurate or incomplete data
Right to Request Cessation of Use: Request that we stop using your data for direct marketing (e.g., promotional emails, SMS)
How to Exercise Your Rights: Email dpo@robotsdesk.com with your full name, account ID, contact information, and proof of identity (e.g., Hong Kong ID card number or passport). We will acknowledge your request within 7 business days and respond fully within 30 calendar days after verification. Reasonable access fees may apply and will be stated in advance. If you authorize a third party to act on your behalf, they must provide written authorization.
Limits on Your Rights: We may refuse or redact requests where PDPO exemptions apply, such as legal privilege, protection of third-party privacy, or prevention of crime. We will explain any refusal in writing.
2. Data We Collect, Why We Collect It & Legal Basis
We collect only necessary personal data to provide our marketplace services. Below is a detailed breakdown:
2.1 Personal Information You Provide Directly
Account Registration (Buyers & Vendors):
Names, email addresses, phone numbers
Billing and shipping addresses
Company names, tax identification numbers, VAT numbers (for vendors)
Business registration documents (for vendor verification)
Purpose: Service delivery, account management, compliance with tax laws, fraud prevention, and vendor verification.
Order Processing:
Payment details (tokenized via Stripe/PayPal)
Robot serial numbers and product specifications
Delivery preferences and special instructions
Invoice and receipt information
Purpose: Process your order, manage returns within our 14-day return window, arrange shipping, and provide warranty support.
Communications:
Support tickets and chat logs
Feedback surveys and product reviews
Correspondence regarding orders, complaints, or inquiries
Purpose: Provide customer service, respond to complaints, improve our services, and maintain records for dispute resolution.
Marketing Communications:
Email address and opt-in preferences for newsletters and promotions
Preferences for robot categories and product recommendations
Purpose: Send you information about new robot models, special offers, and service updates (only if you have opted in). You may unsubscribe anytime with one click, with no penalty.
2.2 Usage & Technical Data (Collected Automatically)
Device & Network Information:
IP address, browser type and version, operating system
Device ID, screen resolution, time zone
Mobile device identifiers
Behavioral Data:
Pages visited, search queries (e.g., “industrial welding robots,” “cleaning robots”)
Time spent on each page, clickstream data
Products viewed, added to cart, or purchased
Referral source (e.g., Google, social media)
Cookies & Tracking Technologies:
Essential cookies — required for core site functions (e.g., login, shopping cart, payment flow).
Performance cookies — anonymous/performance analytics used to improve site experience (e.g., Google Analytics).
Marketing cookies — used for advertising and retargeting (e.g., Google Ads).
Purpose: Understand user behavior, improve search rankings and recommendations, detect fraud, personalize your experience, and measure marketing effectiveness.
2.3 Robot Telemetry Data
If you purchase a robot with telemetry capabilities and consent to data collection, we may collect:
Usage hours and operational statistics
Error logs and diagnostic codes
Robot serial numbers and device identifiers
Timestamp and location data (if applicable)
Purpose: Support warranty claims, facilitate returns, diagnose technical issues and provide troubleshooting, and help vendors improve their products and user experience.
Important: You may withdraw consent at any time by contacting dpo@robotsdesk.com. Upon withdrawal, we will cease collection within 7 days, unless retention is required to comply with legal obligations or to complete a warranty claim.
2.4 Data from Third Parties
We also receive personal data from:
Payment Processors: (e.g., Stripe and PayPal) – payment status, transaction amounts.
Shipping Carriers: (e.g., DHL and FedEx) – delivery status, tracking information.
Analytics Providers: (e.g., Google Analytics) – aggregated user behavior data.
Vendors: Buyer contact information for order fulfillment and returns.
This list is illustrative and not exhaustive; we may receive personal data from other third parties as necessary.
2.5 Children’s Data
We do not knowingly collect personal data from children under 16 years old (under UK GDPR and Canadian law) or 13 years old (under US COPPA). Under Hong Kong PDPO, we do not collect data from children without parental or guardian consent. If we become aware that we have collected data from a child without proper consent, we will delete it immediately. Parents or guardians may contact dpo@robotsdesk.com to request deletion of a child’s data.
3. Legal Bases & Purposes for Data Processing
We process your personal data under the following legal bases:
Purpose | Legal Basis | Examples | Retention Period |
|---|---|---|---|
Service Delivery | Contract (necessary for performance) | Process orders, manage 14-day returns, arrange shipping, provide customer support | 7 years post-transaction (tax compliance) |
Security & Fraud Prevention | Legitimate interests (fraud detection, account protection) | Detect fake accounts, prevent payment fraud, verify vendor credentials | 24 months |
Analytics & Service Improvement | Legitimate interests (balanced assessment of business needs vs. privacy impact) | Improve search rankings for robot categories, optimize website performance, analyze user trends | 12–24 months (aggregated) |
Direct Marketing | Consent (opt-in, withdrawable anytime) | Email promotions for new robot models, newsletters, special offers | Until opt-out (then deleted within 30 days) |
Legal Compliance | Legal obligation (tax laws, court orders) | Maintain tax records, respond to regulatory requests, comply with law enforcement | 7 years (tax law requirement) |
Robot Telemetry | Explicit consent (separate, written, freely given) | Warranty support, technical diagnostics, returns processing | 24 months |
4. Data Sharing & International Transfers
4.1 Who We Share Your Data With
Vendors (Fulfillment & Returns):Â We share your name, address, order details, and robot serial number with the vendor fulfilling your order. This is necessary for order delivery, returns processing, and warranty support. All vendors must sign Data Processing Agreements (DPAs).
Legal Requirements:Â We may disclose your personal data if required by law, such as:
Court orders or legal subpoenas
Regulatory investigations by Hong Kong authorities (PCPD, Customs & Excise Department)
Law enforcement requests
Compliance with tax or anti-money laundering regulations
No Sale of Personal Data:Â We do not sell your personal data to third parties for cross-context behavioral advertising. We do not share your data with data brokers or advertisers for profiling purposes.
4.2 International Data Transfers
Our marketplace operates globally, and your data may be transferred to countries outside Hong Kong.
For Hong Kong Data Transferred Overseas (PDPO Requirement):Â We take practicable steps to protect Hong Kong personal data transferred internationally, including:
Use industry-standard encryption for data in transit and at rest (implemented by our service providers)
Access controls limiting who can view your data
Contractual clauses requiring recipients to maintain equivalent security
Notification to you if a breach occurs
5. Your Privacy Rights & How to Exercise Them
You have the following rights under Hong Kong PDPO:
Right | Description | How to Exercise | Timeline | Cost |
|---|---|---|---|---|
Access | Obtain a copy of your personal data | Email dpo@robotsdesk.com with ID verification | 30 days | Free (unless excessive; reasonable fees disclosed in advance) |
Correction | Request correction of inaccurate data | Use account dashboard or email dpo@robotsdesk.com | Same as above | Free |
Deletion | Request deletion of your data (“Right to be Forgotten”) | Submit deletion request form at dpo@robotsdesk.com | Same as above | Free |
Object to Marketing | Opt out of promotional emails/SMS | One-click unsubscribe link | Immediate | Free |
Cease Direct Marketing | Request cessation of all direct marketing | Email dpo@robotsdesk.com | 30 calendar days after verification | Free |
Verification Requirements: To prevent unauthorized access, we verify your identity via email, phone, or ID number before processing requests. Authorized agents must provide written authorization from you.
Limits on Your Rights: We may refuse or redact requests where:
Data is legally privileged (attorney-client communications)
Disclosure would infringe third-party privacy
Data is necessary to prevent or detect crime
Disclosure would harm national security or public interest
We will explain any refusal in writing within the response timeline.
6. Cookies, Tracking & Advertising Technologies
6.1 Types of Cookies We Use
Essential Cookies (Always Active):
Login and session management
Shopping cart functionality
Security features
Language and region preferences
These cookies are necessary for our website to function and cannot be disabled.
Performance Cookies:
Google Analytics (understand how users navigate our site)
Purpose: Improve our website, optimize search rankings, and enhance your experience.
Marketing Cookies (Consent-Based):
Google Ads (show you robots similar to your search history)
Purpose: Show you relevant advertisements across the web.
6.2 Cookie Consent & Management
When you visit Robotsdesk.com, you will see a cookie banner allowing you to:
Accept All: Accept all cookies
Reject All: Reject non-essential cookies
Customize: Choose which cookie types to allow
You may change your cookie preferences anytime or by clearing your browser cookies.
7. Data Security Measures
We use Cloudflare (DDoS mitigation, CDN, and WAF) to help protect our services and the availability of systems that process personal data.
7.1 Organizational Security
Staff Training:
Mandatory data protection training for all employees upon hire
Phishing awareness and social engineering prevention
Confidentiality agreements signed by all staff
7.2 Breach Response & Notification
In the event of a data breach (unauthorized access, loss, or disclosure of personal data), we follow this protocol:
Immediate Actions (Within 24 Hours):
Isolate affected systems to prevent further unauthorized access
Preserve evidence for forensic investigation
Notify our DPO and legal team
Engage a cybersecurity firm for incident investigation
Authority Notification:
Hong Kong PDPO: Notify the PCPD without unreasonable delay if a breach poses a real risk of serious harm to affected individuals.
User Notification:Â We will notify affected users via email (and phone for high-risk breaches) without unreasonable delay, including:
Description of the breach
Types of personal data affected
Steps we have taken to mitigate harm
Recommended actions (e.g., monitor credit, change passwords)
Contact information for our DPO and support team
8. Data Retention Periods
We retain your personal data only as long as necessary to fulfill the purposes for which it was collected:
Data Type | Retention Period | Reason |
|---|---|---|
Account Information | 7 years post-account deletion | Tax compliance (Hong Kong Inland Revenue Department requirement) |
Order & Transaction Data | 7 years post-transaction | Tax records, dispute resolution, warranty claims |
Payment Records | 7 years | Tax compliance |
Support Tickets & Chat Logs | 3 years | Dispute resolution, service quality assurance |
Marketing Communications | Until opt-out; then deleted within 30 days | Compliance with marketing consent regulations |
Cookies & Tracking Data | 12–24 months | Analytics retention limits |
Server Logs & IP Addresses | 12 months | Security monitoring, fraud detection |
Robot Telemetry Data | 24 months | Warranty support, technical diagnostics |
Vendor Verification Documents | 7 years | Compliance with anti-money laundering (AML) regulations |
Your Right to Deletion: You may request deletion of your data anytime by contacting dpo@robotsdesk.com, except where legal obligations require retention (e.g., tax records).
9. Profiling
9.1 Profiling
We create basic user profiles to enhance your shopping experience:
What We Profile:
Your browsing history (pages visited, products viewed)
Your purchase history (robots purchased, categories of interest)
Your search queries (e.g., “industrial welding robots”)
How We Use Profiles:
Recommend robots similar to your past purchases
Personalize search results and homepage content
Suggest relevant product categories
What We Do NOT Profile:
Sensitive data (health, biometrics, political views, sexual orientation)
Data from third parties (we do not buy external data about you)
Inferred sensitive attributes (we do not infer ethnicity, religion, or health status)
10. Ethical Commitments & Responsible AI
We are committed to responsible robotics and do not knowingly facilitate the sale of robots that:
Lethal Autonomous Weapons: Robots designed to cause death or serious injury without human control
Discriminatory Algorithms: Robots that discriminate based on protected characteristics (race, gender, age, disability, religion).
Our Due Diligence:Â We conduct background checks on vendors and review product specifications before listing. We reserve the right to delist robots that violate these commitments.
Any resemblance between AI-generated persons and real individuals is purely coincidental. We do not use real persons’ likenesses without explicit consent.
11. Complaints & Regulatory Oversight
If you have concerns about our data practices, you may:
Internal Resolution
Contact our Data Protection Officer: dpo@robotsdesk.com
Include your name, account ID, and detailed description of your concern
We will acknowledge within 7 business days
We will investigate and respond within 30 calendar days
We will propose remedial actions if appropriate
12. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors.
Material Changes: We will notify you of material changes via:
Email notification to your registered account email
Prominent banner on our website
At least 30 days’ advance notice before changes take effect
Your Acceptance: By continuing to use Robotsdesk.com after material changes take effect, you accept the updated policy. If you do not agree with changes, you may delete your account and request deletion of your personal data.