Privacy Policy
THE OFFICIAL BOX Privacy Policy
Effective Date: March 20, 2026
Welcome to THE OFFICIAL BOX!
We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose your personal information, as well as your rights regarding that information. By using our website (the "Site"), you agree to the terms of this Privacy Policy.
THE OFFICIAL BOX is a global cross-border e-commerce independent station operating in China, the United States, the European Union, and other countries and regions. We strictly comply with applicable privacy laws and regulations, including China's Personal Information Protection Law (PIPL), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA/CPRA) .
I. Information We Collect
1.1 Information You Provide Directly
-
Account Information: When you register, we collect your name, email address, and password.
-
Order Information: When you purchase a box, we collect your shipping address, phone number, and payment information (payment information is collected directly by third-party payment processors; we do not store your full payment card details).
-
Contact Information: When you contact customer service or participate in promotions, we collect the content of your communications.
1.2 Automatically Collected Information
When you visit our Site, we automatically collect certain information, including:
-
Device Information: IP address, browser type, operating system, device identifiers.
-
Usage Data: Browsing behavior, click records, time spent on pages, referring URLs.
-
Cookies and Similar Technologies: We use cookies to remember your preferences, analyze traffic, and personalize content.
1.3 Sensitive Personal Information
Under applicable laws, certain information is considered sensitive personal information, including:
-
Financial account information (used only for payment processing)
-
Precise geolocation data (collected only with your authorization)
-
Personal information of minors under 14 years of age (we do not knowingly collect this)
We only process sensitive personal information when necessary for specific purposes, with adequate necessity, and under strict protection measures .
II. How We Use Your Information
We only collect and use your personal information to the extent necessary for the purposes described in this Privacy Policy:
| Purpose of Use | Legal Basis (GDPR) | Processing Type (PIPL) |
|---|---|---|
| Process your orders and complete delivery | Necessary for contract performance | Necessary for concluding or performing a contract |
| Communicate order status, respond to inquiries | Contract performance/Legitimate interests | Necessary for concluding or performing a contract |
| Send you marketing information (with your consent) | Your consent | Obtain your separate consent |
| Improve website functionality and user experience | Legitimate interests | Necessary for contract performance or based on consent |
| Prevent fraud and ensure transaction security | Legitimate interests/Legal obligation | Fulfilling legal obligations |
| Comply with legal requirements | Legal obligation | Fulfilling legal obligations |
We follow the principle of data minimization, collecting only information necessary to achieve the above purposes .
III. Information Sharing and Disclosure
We do not sell your personal information. We may share your information in the following circumstances:
3.1 Service Providers
We partner with carefully selected third-party service providers, including:
-
Logistics Partners: Such as DHL, FedEx, for order delivery
-
Payment Processors: Such as Stripe, PayPal, for payment processing (we do not store your full payment card information)
-
Analytics Providers: Such as Google Analytics, for website traffic analysis
-
Customer Service Platforms: For handling your inquiries
These service providers only have access to information necessary to perform their functions and are obligated to protect your information in accordance with our instructions and applicable law .
3.2 Legal Requirements
We may disclose your information if required by law or if we believe in good faith that such action is necessary to:
-
Comply with legal process or governmental requests
-
Protect our rights, property, or safety
-
Protect the rights, property, or safety of our users or the public
3.3 Business Transfers
In the event of a merger, acquisition, asset sale, or reorganization, your information may be transferred as part of the assets. We will notify you via website notice or email and require the recipient to continue to honor this Privacy Policy .
IV. Cross-Border Data Transfers
THE OFFICIAL BOX is a global business. Your personal information may be transferred to jurisdictions outside your country of residence, including China, the United States, and the European Union.
4.1 Transfer Safeguards
We implement the following safeguards to ensure the legality of cross-border transfers:
-
Standard Contractual Clauses (SCCs): We enter into data processing agreements with overseas recipients that include EU and China SCCs
-
Transfer Impact Assessments (TIA): We assess the legal environment of the recipient's country
-
Separate Consent: We obtain your separate consent before transferring your personal information overseas (where required by applicable law)
4.2 Data Localization
For personal information of users in China, we first store it on servers within China. If cross-border transfer is necessary, we strictly comply with the requirements of the Measures for Security Assessment of Personal Information Exports, including submitting for security assessment when required thresholds are met .
V. Your Rights
Depending on your jurisdiction, you may have the following rights:
| Right | Description | GDPR | PIPL | CCPA/CPRA |
|---|---|---|---|---|
| Right to Know | Learn what information we collect and how we use it | ✓ | ✓ | ✓ |
| Right to Access | Obtain a copy of your personal information | ✓ | ✓ | ✓ |
| Right to Correct | Correct inaccurate personal information | ✓ | ✓ | ✓ |
| Right to Delete (Right to be Forgotten) | Request deletion of your personal information | ✓ | ✓ | ✓ |
| Right to Restrict Processing | Restrict how we process your information | ✓ | ✓ | ✗ |
| Right to Data Portability | Receive your information in a structured format | ✓ | ✓ | ✗ |
| Right to Object | Object to processing based on legitimate interests, including marketing | ✓ | ✓ | ✓ (opt-out) |
| Right to Withdraw Consent | Withdraw your consent at any time | ✓ | ✓ | ✓ |
| Right to Non-Discrimination | No discrimination for exercising your rights | ✓ | ✓ | ✓ |
To Exercise Your Rights: Please contact us at privacy@theofficialbox.com. We will respond to your request within the timeframes required by applicable law (typically 30 days) .
VI. Children's Privacy
We do not knowingly collect personal information from children under 14 (or other ages as defined by applicable law). If we discover that we have inadvertently collected personal information from a child, we will take immediate steps to delete that information. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately .
VII. Data Security
We implement industry-standard security measures to protect your personal information:
-
Encryption: Data in transit is encrypted using TLS 1.3+; data at rest is encrypted using AES-256
-
Access Controls: Strict role-based permissions, minimizing internal access privileges
-
Security Audits: Regular vulnerability scans and penetration testing
-
Employee Training: All employees receive regular data privacy and security training
While we take reasonable measures, no method of transmission over the Internet or electronic storage is 100% secure .
VIII. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:
-
Account Information: Retained until a reasonable period after you close your account, or until you request deletion
-
Order Information: Retained for the duration required to fulfill tax, accounting, and legal obligations (typically 5-7 years)
-
Marketing Preferences: Retained until you opt out of marketing communications
-
Cookie Data: Retained according to the periods specified in our Cookie Policy
After the retention period expires, your personal information will be deleted or anonymized .
IX. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your browsing experience:
-
Essential Cookies: Enable basic site functionality; cannot be disabled
-
Functional Cookies: Remember your preferences and settings
-
Analytics Cookies: Help us understand how visitors interact with the site (e.g., Google Analytics)
-
Marketing Cookies: Used for personalized advertising and marketing content
You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect site functionality.
For more information, please see our complete Cookie Policy.
X. Privacy Policy Updates
We may update this Privacy Policy from time to time to reflect changes in law or our business practices. Material changes will be notified to you through:
-
Prominent notice on the Site homepage
-
Email notification (if you have a valid email address in your account)
-
Updating the "Effective Date" at the top of this policy
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information .
XI. Contact Us
If you have any questions, comments, or complaints about this Privacy Policy or our data processing practices, please contact us at:
THE OFFICIAL BOX Privacy Team
Email: privacy@theofficialbox.com
Mailing Address (US):
123 Soccer Way, Suite 100
Los Angeles, CA 90001
USA
Attn: Legal Department
Response Time: We will acknowledge receipt of your request within 48 hours and provide a substantive response within 30 days .
Supplemental Information for Specific Jurisdictions
For EU Users (GDPR)
If you are located in the European Economic Area (EEA), you have the right to lodge a complaint with your local data protection supervisory authority. Our lead supervisory authority is [Irish Data Protection Commission/other].
Data Controller: THE OFFICIAL BOX LTD.
Legal Basis for Processing: As described in Section II, we process your personal information based on: your consent, performance of a contract with you, our legitimate interests, or compliance with legal obligations.
For California Users (CCPA/CPRA)
If you are a California resident, you have the right to:
-
Know the categories and sources of personal information we collect
-
Request deletion of your personal information (subject to exceptions)
-
Opt out of the sale of your personal information (we do not sell personal information)
-
Non-discrimination for exercising your rights
Categories of Personal Information Collected: Identifiers (name, email, IP address), commercial information (purchase history), internet activity, geolocation data.
To exercise your rights, please call our toll-free number: [phone number] or email privacy@theofficialbox.com.
For China Users (PIPL)
If you are located in China, you have all rights provided under the Personal Information Protection Law, including:
-
The right to request explanation of this Privacy Policy
-
The right to request transfer of your personal information (subject to CAC conditions)
-
The right to request deletion in circumstances including: purpose achieved, no longer necessary, you withdraw consent, processing unlawful, etc.
Sensitive Personal Information Processing: When we process your sensitive personal information (such as payment information), we have obtained your separate consent and informed you of the necessity and impact on your rights .
Person in Charge of Personal Information Protection: Mr. Zhang
Contact: dpo@theofficialbox.com
Thank you for trusting THE OFFICIAL BOX. We are committed to protecting your privacy so you can collect World Cup memories with confidence.
THE OFFICIAL BOX
Officially Licensed · Worldwide Shipping · One Box, One World