Privacy Policy

This Privacy Policy explains how Navitas Electronic Technology (Shenzhen) Co., Ltd. ("NavitasChip", "we", "us", or "our") collects, uses, shares, and protects personal data when you visit navitaschip.com, submit a Request for Quote (RFQ), place an order, or otherwise interact with our services.

NavitasChip is an independent distributor of electronic components serving business customers worldwide. Our customers are typically procurement professionals, engineers, and EMS/OEM manufacturers acting in the course of their employment. This policy is written with that B2B context in mind.

We are committed to handling personal data lawfully, transparently, and only to the extent necessary to deliver the services you have requested or that your employer has engaged us to provide.

1. Scope and Data Controller

This Privacy Policy applies to:

• Visitors to navitaschip.com and any subdomain operated by NavitasChip
• Customers and prospective customers submitting RFQs, quotes, purchase orders, or technical inquiries
• Recipients of sales, technical, or quality-assurance communications
• Suppliers, carriers, and partner contacts whose personal data we process for procurement, settlement, or fulfillment purposes

The data controller is:

Navitas Electronic Technology (Shenzhen) Co., Ltd.
Unit 3601-B8, Building A, Galaxy Century
No. 3069, Caitian Road, Gangxia Community
Futian Street, Futian District
Shenzhen, Guangdong, China 518048

For all privacy-related matters, including rights requests, corrections, and complaints, contact our Data Protection Officer at [email protected] with "Privacy Request" in the subject line.

2. Information We Collect

A. Information You Provide

• Account and contact data — name, business email, business phone, optional WhatsApp/WeChat handle, company name, job title, country, and account password (stored hashed).
• RFQ and quote data — manufacturer part numbers (MPNs), quantities, target prices, delivery deadlines, end-use information where you choose to disclose it, and any Bill of Materials (BOM) you upload.
• Order and invoicing data — billing address, ship-to address, tax identifiers (e.g., VAT, EIN, GST), purchase order numbers and uploaded PO documents, Incoterms preferences.
• Communications — emails, support tickets, sales conversations, RMA submissions under our 60-Day Quality Pledge, and any documents you attach.
• Compliance data — where required for export-control screening or know-your-customer (KYC) checks: company registration documents, end-use statements, end-user details, and beneficial-ownership information.

B. Information Collected Automatically

• Server log data — IP address, browser user-agent, request timestamps, referring URL, and pages visited.
• Cookies and similar technologies — see Section 4.
• Security signals — bot-management and threat-intelligence data routed through our edge security provider (Cloudflare).

C. Information from Third Parties

• Sanctions and denied-party screening lists — including the U.S. OFAC SDN list, EU consolidated list, UK HMT list, and UN Security Council list.
• Public business registries — including DUNS records, government company registries, and tax-authority databases used for due diligence.
• Credit and trade-reference data — where extended payment terms are requested.

3. How We Use Your Information

We process personal data for the following purposes:

• Service delivery — quoting, order processing, lab verification, shipment, returns, and technical support.
• Communications — sending RFQ replies, quote validity reminders, order confirmations, shipping notifications, lab-verification reports, and quality alerts.
• Compliance and risk management — KYC, sanctions screening (OFAC, EU, UK, UN), export-control screening (U.S. EAR, ITAR where relevant, China dual-use rules), anti-money-laundering controls, and fraud prevention.
• Quality assurance — Lot Traceability records, Authenticity-Verified inspection workflow, and RMA processing under our 60-Day Quality Pledge.
• Analytics and improvement — aggregated site analytics, MPN-search trend analysis, and conversion measurement; we do not build individual behavioral profiles for advertising.
• Marketing — sending product updates, stock alerts, and newsletters, only with your consent and with a clear opt-out in every message.
• Legal and accounting obligations — tax records, customs documentation, and accounting retention required by PRC law and applicable foreign trade regulations.

We do not engage in automated decision-making that produces legal or similarly significant effects on you. Quote pricing, credit limits, and order fulfillment decisions are reviewed by our staff before action.

The lawful bases under the EU/UK General Data Protection Regulation (GDPR), where applicable, are:

• Contract performance — for processing necessary to provide quotes, fulfill orders, and respond to inquiries.
• Legitimate interest — for fraud prevention, network security, business analytics, and direct sales communication to existing business contacts.
• Legal obligation — for tax, customs, sanctions, and export-control compliance.
• Consent — for marketing newsletters and any cookies that are not strictly necessary.

4. Cookies and Similar Technologies

We use the following categories of cookies:

• Strictly necessary — session management, CSRF protection, language and currency preference, and shopping-session continuity. These cannot be disabled without impairing core functionality.
• Security — Cloudflare bot-management cookies and Cloudflare Turnstile verification on contact and RFQ forms. These help us mitigate abuse without using a traditional CAPTCHA flow.
• Analytics — aggregated traffic measurement; configured to anonymize IP addresses and exclude personally identifying queries.
• Functional — UI preferences such as theme and region defaults.

We do not currently use cross-site advertising cookies. You can manage cookies through your browser settings. Disabling strictly necessary cookies will prevent the site from functioning correctly.

5. Sharing Your Information

We share personal data only with categories of recipients listed below, and only to the extent necessary for the purpose:

• International banking partners — for cross-border payment settlement and currency conversion across the 10 major currencies we support (USD, EUR, GBP, HKD, JPY, SGD, CNH, AUD, CAD, NZD).
• Payment processors — PayPal (for card payments and PayPal account payments). We do not store full card numbers on our systems; PayPal is responsible for PCI-DSS Level 1 compliance over the cardholder data environment.
• Logistics carriers — DHL, FedEx, UPS, and similar global couriers, plus their customs brokers; ship-to data is shared as required for export and import clearance.
• Lab verification partners — independent ISO/IEC 17025-aligned laboratories engaged to perform authenticity inspection, only when you have requested or consented to this service.
• Cloudflare — content delivery network, DDoS protection, and Web Application Firewall services. Traffic to our site routes through Cloudflare edge nodes globally, including in the United States, the European Union, and the Asia-Pacific region.
• Email infrastructure — for transactional and notification emails.
• Tax, legal, accounting, and audit advisors — under confidentiality obligations, where required for regulatory compliance.
• Authorities — when compelled by valid court order, customs declaration, regulatory inquiry, or sanctions enforcement action with jurisdiction over us.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not trade contact lists with third parties.

6. International Data Transfers

NavitasChip is established in mainland China. Personal data we process may be transferred outside China for the purposes described in this policy, including to:

• Banking, logistics, and infrastructure partners across the Asia-Pacific region
• Cloudflare edge nodes and origin infrastructure, which may include the United States and the European Union
• Customer destinations worldwide for shipment

For data subjects in mainland China, cross-border transfers comply with the Personal Information Protection Law (PIPL), including separate consent where required by Article 39, security assessment by the Cyberspace Administration of China (CAC) where transfer volume thresholds apply, and standard contract filing where applicable.

For data subjects in the European Economic Area, United Kingdom, or Switzerland, transfers outside that jurisdiction rely on appropriate safeguards including the European Commission's Standard Contractual Clauses (2021/914), the UK International Data Transfer Addendum, supplementary technical and organizational measures, and your explicit consent where applicable. A copy of the relevant safeguards may be requested from our DPO.

7. Data Retention

We retain personal data only as long as necessary for the purpose for which it was collected, or as required by applicable law:

After the retention period expires, data is deleted, anonymized, or aggregated such that it can no longer be linked to an identifiable individual.

8. Your Rights

Subject to applicable law, you may have rights to access, correct, delete, restrict, or port your personal data, object to processing based on legitimate interest, and withdraw any consent you have given. The specific scope of these rights depends on the law that applies to you.

EEA, UK, and Switzerland (GDPR / UK GDPR / FADP)

You have the rights described in Articles 15-22 GDPR, including the right to lodge a complaint with your local supervisory authority (for example, your EU member state Data Protection Authority, the UK Information Commissioner's Office, or the Swiss Federal Data Protection and Information Commissioner).

California Residents (CCPA / CPRA)

In addition to the access, correction, and deletion rights above, California residents may request information about the categories of personal information we have collected, sold, or disclosed in the past 12 months, and may request that we limit the use of sensitive personal information. We do not sell personal information and do not knowingly sell or share personal information of consumers under 16.

Mainland China (PIPL)

You have the rights described in Articles 44-50 PIPL, including the right to be informed of, decide on, restrict, or refuse the processing of your personal information; to access and copy your personal information; to request correction or deletion; to request portability where conditions are met; and to be informed about, and request human intervention in, automated decision-making that significantly affects you.

How to exercise rights

Email [email protected] with "Privacy Request" in the subject line. Please describe the right you wish to exercise and provide enough information for us to verify your identity. We respond within 30 calendar days, or longer where the request is complex and we have notified you of an extension.

9. Security

We implement reasonable technical and organizational measures to protect personal data, including:

• TLS 1.2+ encryption for all traffic to and from the site
• Cloudflare Web Application Firewall and DDoS mitigation at the network edge
• Role-based access controls on internal systems with logged administrative access
• Periodic credential rotation, least-privilege principles, and multi-factor authentication for staff access to sensitive systems
• No card data stored on our servers — payment card information is processed entirely by PayPal under their PCI-DSS Level 1 certification; bank wire (T/T) instructions are transmitted through encrypted channels to our international banking partners

No system is perfectly secure. If a personal data breach affecting your data occurs, we will notify affected data subjects and the relevant supervisory authority where required by applicable law and within the timelines that law prescribes.

10. Children's Privacy

NavitasChip is a B2B procurement platform. Our service is not directed to children, and we do not knowingly collect personal data from individuals under 16 (or the equivalent age of consent in your jurisdiction). If you believe we have inadvertently collected personal data from a minor, contact [email protected] and we will delete it.

11. Third-Party Links and Resources

Our site links to third-party resources, including manufacturer datasheets, OEM technical reference pages, regulatory databases, and partner portals. These resources are governed by the third party's own privacy practices, which we do not control. Please review their policies before submitting any personal data.

12. Changes to This Policy

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. The current version is identified by the "Last updated" date displayed on the page header. For material changes that affect your rights, we will provide at least 30 days' advance notice via the contact email associated with your account or via a banner on the site.

13. Contact Us

For privacy-related questions, requests, or complaints:

14. Governing Law and Disputes

This Privacy Policy is governed by, and shall be construed in accordance with, the laws of the People's Republic of China, without regard to conflict-of-law principles.

Any dispute arising from or relating to this Policy that cannot be resolved through good-faith negotiation shall be submitted to the Shenzhen Court of International Arbitration (SCIA) for arbitration in accordance with the SCIA arbitration rules in force at the time of submission. The seat of arbitration shall be Shenzhen. The language of arbitration shall be English. The arbitral award shall be final and binding on both parties.

This dispute-resolution clause does not limit your right, where it exists under applicable law, to lodge a complaint with the supervisory authority in your jurisdiction or to pursue any other non-waivable statutory remedy.