Privacy Policy

1. Who we are & how to contact us

PONIPACK CO., LTD is a food packaging manufacturer based in Taiwan. We are responsible for the personal information collected through our website and services.

• Registered address — No. 82, Ln. 150, Gong 1st Rd., Wulin Vil., Longtan Dist., Taoyuan City 32560, Taiwan (R.O.C.).
• Contact email — [email protected].

If you have any questions about this Privacy Policy, wish to exercise your rights regarding your personal information, or have concerns regarding how your personal data is handled, please feel free to contact us at the email address above.

2. Information we collect

We collect information that you voluntarily provide to us, along with limited technical information necessary to securely operate, maintain, and improve our website. We do not use marketing, analytics, or advertising cookies, and we do not track your activity across third party websites. The only cookies that may be set are strictly necessary cookies used by our security provider (Cloudflare) to protect our website from bots and abuse.

The information we collect falls into the following categories:

A. Information you provide voluntarily

• Enquiry & form data — When you use our contact, enquiry, or custom design forms, we collect the information you provide, such as your name, email address, company name, country/region, message content, and any files or artwork you choose to attach.
• Business & transactional data — If your enquiry develops into a business relationship, order or sample request, we collect additional details necessary to fulfill a contract, issue quotations/invoices, arrange shipping, manage accounting and tax records, and maintain our relationship. This includes business contact details, billing and shipping addresses, tax identifiers, and transaction history.

B. Automatically collected technical information

• Security & server logs — When you visit our website or submit a form, our server and anti-spam provider process limited technical data to maintain website security, prevent abuse, and block bots or spam. This data includes your IP address, browser type, requested pages and the time of access. Standard server logs may retain this information for a limited period for security purposes.

C. Browser local storage

• If you use our product enquiry cart, your selected products are stored locally in your browser’s local storage. This information remains strictly on your device and is not transmitted to us until you actively submit the enquiry form. You can clear this data at any time by clearing your browser’s cache or storage settings.

3. How we use your information

We process your personal information for the following specific purposes:

• Responding to your enquiries — To respond to your requests and provide quotations, product samples, product information, or custom design consultation.
• Business communication — To communicate with you regarding your enquiry, sample request, custom design specification, potential order, or ongoing business relationship.
• Contract fulfillment — To process orders, arrange manufacturing and delivery, issue invoices, maintain business records, and manage our business relationship with you.
• Customer support & quality control — To provide customer services, handle quality enquiries, manage complaints or disputes, and maintain appropriate business history.
• Website security & optimization — To operate, secure, maintain and improve our website, including using anti-spam measures to prevent bots, fraud, unauthorized access, or other security issues.
• Legal compliance — To comply with applicable law, regulations, tax requirements, accounting standards, or legal obligations, and to establish, exercise, or defend our legal rights.

We do not sell your personal information, and we do not use your data for automated decision-making or profiling.

4. If you choose not to provide your information

When you contact us through our enquiry, custom design, or contact form, certain information is marked as required because it is necessary for us to understand and process your request.

If you choose not to provide this required information, please note that we may be unable to:

• Respond to your enquiry or answer your questions.
• Provide accurate quotations or respond to custom design requests.
• Arrange sample deliveries or process manufacturing orders.
• Follow up on potential business opportunities or provide related customer services.

5. Legal basis & statutory notice

Where required by applicable data protection laws, including Taiwan’s PDPA and, where applicable, EU/UK GDPR, we rely on appropriate legal bases for processing personal data, including your consent, performance of a contract, taking steps prior to entering into a contract at your request, compliance with legal obligations, and our legitimate interests in maintaining website security, responding to business enquiries, and managing B2B customer relationships.

6. Cookies & local storage

We believe in privacy by design. Our website does not use marketing, analytics, or advertising cookies, and we do not track your online activities across third party websites.

• Enquiry cart — If you use our product enquiry cart, your selected items are stored locally in your web browser’s local storage. This allows your selections to remain intact while you browse different pages. This data remains strictly on your personal device and is never transmitted to our servers until you actively choose to submit your enquiry form. You can delete this data at any time by clearing your browser’s cache or storage settings.
• Security & anti-spam token (Cloudflare Turnstile) — When you visit our website or submit an enquiry, custom design request, or contact form, our security provider, Cloudflare Turnstile, may set a strictly necessary security cookie or token. This cookie or token is strictly used to verify that the submission is made by a genuine human user and not an automated bot or malicious spammer. This process is necessary to secure our website infrastructure and does not track your behavior or build user profiles for advertising purposes.

7. Who we share your information with

We do not sell, rent, or trade your personal data to third parties for marketing purposes. To operate effectively and deliver our customer packaging services, we may share your information with trusted third party service providers who act as data processors. These providers process your information strictly on our behalf, under confidential terms, and only to the extent necessary to perform their specific business functions.

A. Third party service providers

Our essential business operations rely on the following types of service providers:

• Cloudflare, Inc. — Used for website hosting, website security, and bot/spam prevention through Cloudflare Turnstile. Where applicable, Cloudflare may process technical data, security tokens, and data related to form submissions to protect our website and forms.
• Resend — Used to ensure the reliable and secure delivery of enquiry notification emails from our website forms to our sales team.
• Professional services & logistics — Trusted third parties who assist us with order fulfillment, international shipping/delivery, accounting, tax auditing, or legal compliance.

B. Legal & regulatory disclosures

We may disclose your personal information if required to do so by applicable laws, regulations, court orders, or requests from government or law enforcement authorities. We may also disclose data when necessary to establish, exercise, or defend our legal rights.

C. Business transfer

In the event of a proposed or actual corporate restructuring, merger, sale of company assets, financing, acquisition, or similar corporate transaction, personal data held by us may be disclosed or transferred to the prospective buyers or partners, as permitted by applicable law and subject to standard confidentiality protections.

8. International data transfers

PONIPACK CO., LTD is located in Taiwan. Because we use global cloud service providers for website hosting, file handling, and email transmission, your personal data may be transferred to, stored, or processed in countries or regions outside Taiwan, the European Economic Area (EEA), or the United Kingdom (UK).

Where we transfer personal data internationally, we take reasonable and appropriate measures to protect your data, such as standard contractual clauses where applicable, service providers’ data protection terms, or equivalent protections.

9. How long we keep your information

We retain your personal data only for as long as necessary to fulfill the specific purposes for which it was collected, or to satisfy applicable legal, tax, accounting, or regulatory requirements.

Our specific data retention criteria are as follows:

• Inquiries & design files — General enquiry messages, contact forms, and any attached custom design files or artwork are generally retained for up to 24 months following our last contact with you. After this period, they are permanently deleted or anonymized, unless a longer retention period is required to establish, exercise, or defend legal claims.
• Business & transaction records — If your enquiry develops into a sample order, transaction, or contractual relationship, the relevant business documents including quotations, invoices, tax records, shipping/delivery data, and communication history will be retained for the duration required by applicable statutory limitation periods and financial regulations (such as commercial accounting and tax laws).
• Security & server logs — Technical server logs and anti-spam verification data are retained strictly for a limited operational period necessary to ensure website security, unless a longer retention window is triggered by an ongoing security investigation, fraud prevention audit, or legal compliance obligation.

10. Your data protection rights

We respect your rights over your personal data. Depending on your location and the laws applicable to you, you have specific legal rights regarding the information we hold.

A. Rights under Taiwan’s Personal Data Protection Act (PDPA)

In accordance with Article 3 of the PDPA, you may exercise the following statutory rights at any time regarding your personal data held by us:

• Right of enquiry & review — The right to make an enquiry of and to review your personal data.
• Right to request copies — The right to request a copy of your personal data.
• Right to supplement or correct — The right to request the supplementation or correction of any inaccurate or incomplete personal data.
• Right to cessation of use — The right to demand that we stop collecting, processing, or using your personal data.
• Right to deletion — The right to request the permanent deletion of your personal data.

B. Additional international rights (GDPR/UK GDPR)

Where European or UK data protection laws apply, you may possess additional rights, including:

• The right to withdraw your consent at any time where processing is based on consent.
• The right to object to or request the restriction of certain data processing activities.
• The right to data portability, allowing you to transfer your data to another controller.
• The right to lodge a complaint with a competent data protection supervisory authority.

C. How to exercise your rights

To exercise any of the rights listed above, please submit your request to us at [email protected].

For security purposes and to protect your privacy, we may require you to provide proof of identity before we can fulfill your request. We will review and respond to all legitimate requests within the statutory timelines required by applicable law.

11. Third party links

Our website may contain links to external third party websites, plug-ins, platforms, or services (such as messaging applications, social media networks, or logistics partners). Clicking on those links or enabling those connections may allow third parties to collect or share data about you.

Please be aware that this Privacy Policy applies strictly to our website and services. We do not control, oversee, or accept responsibility for the privacy practices, content, or security of these third party platforms. We strongly encourage you to review the privacy policy of every external website or service you visit before providing them with any personal information.

12. How we protect your information

We use appropriate technical and organizational measures, such as HTTPS encryption, access controls, secure file handling procedures, and anti-spam/security tools, to protect personal data and business files.

13. Children’s privacy

Our website and services are intended for business users and are not directed at children. We do not knowingly collect personal data from children under 18 or the age required by applicable law. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business operations, website functions, or legal obligations. When we make updates, we will revise the "Last Updated" date. Where required by applicable law, we will provide additional notice or obtain consent before material changes take effect.