How we treat your RFQ data under UU PDP, HK PDPO, and PIPL.

This is a pre-launch staging site for an authorized sales partner desk candidate of Shenzhen Chengtiantai Cable Industry Co., Ltd. (CTT). Legal entity registration, certificate identifiers and project references are placeholders pending issuance. The site is not currently operating as a public commercial channel and does not collect personal data for transactional purposes.

Once the partner desk is registered, the controller of record will be the registered entity (Cathaywire International (HK) Limited, with PT Cathaywire Indonesia Niaga as the Indonesia-side controller for data subjects located in Indonesia). Until then, the site operator is the natural person commissioning the site, contactable at sales@cathaywire.com.

A DPO will be appointed before public launch in line with Indonesia UU PDP Art. 53 and EU GDPR Art. 37 (where the EU GDPR applies through equivalence). The DPO mailbox will be dpo@cathaywire.com.

Name, company, country, contact channel (email / WhatsApp), product interest, specification, quantity, project type, and free-text message. The form does not collect government identifiers (NIK, NPWP), bank account numbers, or payment instruments.

For Indonesia data subjects: Article 20(2)(a) consent + Article 20(2)(b) performance of pre-contract steps under UU PDP No. 27/2022.

For Hong Kong: Personal Information Collection Statement is provided at the form (DPP1, PDPO Cap. 486).

For PRC data subjects: separate consent per PIPL Art. 13 and Art. 39 cross-border transfer mechanism.

For other jurisdictions: pre-contractual necessity under the local equivalent (EU GDPR Art. 6(1)(b), Singapore PDPA, etc.).

Active RFQ records are kept for up to 36 months from last contact. Awarded-order records are retained for 7 years per HK Inland Revenue requirements. Expired records are then erased; backups are overwritten on a 12-month rolling window.

RFQ data submitted from Indonesia, Hong Kong, China, or any other jurisdiction is processed by the partner desk in Hong Kong and stored on AWS Singapore (ap-southeast-1). Transfer mechanism: standard contractual clauses + recipient certifications.

For Indonesia data subjects (UU PDP Law 27/2022 Art. 56): cross-border transfer is permitted to a recipient country with an equivalent level of personal-data protection, or via the controller's binding corporate rules / standard contractual clauses. Singapore is on Komdigi's list of adequate jurisdictions per Permen Komdigi guidance issued under UU PDP; transfers to Hong Kong rely on standard contractual clauses + the controller's BCR. The data subject's express consent (Art. 56(2)(c)) is captured at the RFQ consent checkbox.

For PRC data subjects, the separate-consent + Standard Contract mechanism under CAC Provisions on Standard Contracts for Cross-Border Transfer (Feb 2023) will apply post-launch.

Internal: partner-desk sales engineers and quote analysts.

Sub-processors: AWS (hosting), the email service provider (Resend or equivalent), and the WhatsApp Business API provider (Twilio or equivalent), each governed by their own DPA.

We do not sell, rent or trade personal data to third parties.

Access, rectification, erasure, restriction, objection, and data portability rights apply per UU PDP Art. 5–13, EU GDPR Art. 15–21, HK PDPO DPP6, and PIPL Art. 44–50. Requests to sales@cathaywire.com or dpo@cathaywire.com are responded to within 30 days.

All data in transit is TLS 1.2+. Database access uses row-level security policies (Supabase RLS). Admin access is multi-factor authenticated. We disclose security incidents to data subjects and the relevant regulator within 72 hours per UU PDP Art. 46(3)(c) and GDPR Art. 33.

The site does not currently set tracking cookies or run third-party analytics scripts. If introduced before public launch, a consent banner conforming to ePrivacy / UU PDP Art. 22 (explicit consent for non-essential cookies) will be added.

This notice may be updated as the partner desk completes registration and DPA arrangements. The last-revision date is shown at the bottom of the page. Material changes will be communicated to active RFQ contacts.