Philifast Privacy Policy

Effective date: November 14, 2025

1. Introduction

Philifast (“Philifast”, “we”, “us” or “our”) is a PCB & PCBA manufacturer providing PCB fabrication, component sourcing, assembly, testing and turnkey solutions. We respect your privacy and are committed to protecting personal information. This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and your rights in relation to that information.

This policy applies to personal information collected when you visit our websites, interact with our services, contact us (including by email), upload files for quotation or manufacturing, or otherwise communicate with us, whether online or offline.

2. Data Controller and Contact

Data Controller: Philifast
Contact (Privacy & general enquiries): [email protected]

(Replace the company legal name and address below with your official legal entity and address if required by law.)

3. Personal Data We Collect

We collect personal data that you provide to us and data collected automatically when you use our website or services. Categories include:

a. Identity & contact information
- Name, job title, company name, business address, email, telephone, messaging handles (e.g., WhatsApp, WeChat).

b. Commercial & transactional information
- Quotations, order details, contract and invoice data, payment or billing information (note: payment card data is processed by our payment providers and is not stored by Philifast unless explicitly stated).

c. Technical & usage information
- IP address, device identifiers, browser and operating system details, pages visited, referrer URLs, cookies, analytics data, server logs.

d. Uploaded project files and support content
- Files you upload or send (Gerber files, BOMs, pick-and-place files, assembly drawings, test scripts). These may include contact details or other personal data embedded by you.

e. Marketing & preference data
- Communications preferences, consents, and responses to surveys.

f. Support & correspondence
- Emails, chat transcripts, voicemail recordings and other communications with our team.

g. Special categories
- We generally do not request sensitive personal data (e.g., health, racial origin, biometrics). If you provide such data, we will only process it where necessary and as permitted by law.

4. How We Collect Personal Data

We collect data:

Directly from you (e.g., contact forms, emails, uploads).
Automatically when you use our website (cookies and similar technologies).
From third parties, including payment processors, logistics providers, analytics providers, and publicly available sources.
From your authorized representatives, partners, or agents.

5. Purposes of Processing & Legal Basis

We process personal data for the following purposes:

To provide services and fulfill orders (contract performance).
To prepare quotes and perform DFM reviews (contract performance / legitimate interest).
To process payments, invoices and fulfil regulatory obligations (legal obligation / contract).
To provide customer support and handle enquiries (contract performance / legitimate interest).
To improve our services, website and products (legitimate interest).
To operate, secure and troubleshoot our systems (legitimate interest / legal obligation).
To send marketing communications where you have given consent or where permitted by law (consent / legitimate interest).
To comply with legal or regulatory obligations, including tax and customs (legal obligation).

If you are in the EU/EEA, the legal bases we rely on include performance of a contract, compliance with a legal obligation, consent (where applicable), and legitimate interests (e.g., improving our services, fraud prevention) balanced with your rights.

6. Cookies, Tracking & Analytics

We use cookies, pixels and other tracking technologies for site functionality, analytics and marketing. Cookie categories typically used:

Essential cookies — required for site operation (session, security).
Performance & analytics cookies — to measure and improve site performance and usage.
Functional cookies — to remember preferences.
Advertising & targeting cookies — to deliver relevant ads (only used with consent where required).

You can manage cookie preferences via your browser settings and any cookie banner on our site. Disabling certain cookies may affect functionality.

7. Sharing, Disclosing & Third-Party Processors

We share personal data only as necessary to provide services and operate our business, including with:

Service providers and processors: cloud hosting, website hosts, CRM/email providers, analytics, payment processors, IT and security vendors.
Logistics & shipping partners: carriers and customs agents for order fulfilment.
Component suppliers and subcontractors: for manufacturing and procurement purposes.
Professional advisors: legal, audit, tax advisors.
Authorities: where required by law (court orders, regulatory requirements).

We require service providers to process data under contract and to implement appropriate security measures.

8. International Transfers

Your data may be transferred to and stored in countries other than where you live (for example, China, the United States, or other jurisdictions). When we transfer personal data internationally, we use appropriate safeguards required by law (e.g., standard contractual clauses or other approved mechanisms) to protect data.

9. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, and to meet legal, tax and accounting obligations. Typical retention periods:

Transactional records & invoices: retention according to applicable accounting/tax law (commonly 6–10 years).
Customer accounts & order histories: retained while account is active and for a reasonable period after (commonly 3–7 years).
Support and correspondence records: retained for up to 3 years unless longer retention is required.
Marketing records & consents: retained until you withdraw consent or unsubscribe.
Backups & logs: retention periods vary; logs may be kept for troubleshooting and security for up to 12 months or as required.

We may retain anonymized or aggregated data indefinitely for analytics.

10. Security Measures

We employ organizational and technical measures to protect personal data, including: access controls, encryption in transit and at rest where appropriate, firewalls, intrusion detection, secure backups, vendor security assessments, employee training and least-privilege access. While we aim to protect data, no system is 100% secure; in the event of a breach, we will take steps required by law, including notifications to affected individuals and authorities as appropriate.

11. Your Rights

Depending on your jurisdiction you may have rights including:

Access: request access to copies of your personal data.
Rectification: request correction of inaccurate data.
Erasure (Right to be forgotten): request deletion where allowed.
Restriction: request restriction of processing in certain circumstances.
Portability: request a copy of your personal data in a structured, machine-readable format.
Object: object to processing based on legitimate interests, including profiling.
Withdraw consent: where processing is based on consent.
Opt-out of sale/sharing: if applicable in your jurisdiction (for example, CCPA/CPRA).
Complain: to a supervisory authority (for EU/EEA residents) or applicable regulator.

How to exercise rights: send an email to [email protected] with subject “Privacy Request” and describe your request. To protect privacy and security, we will verify identity before fulfilling certain requests. We will respond to requests in accordance with applicable law.

12. Special Rules for California Residents (CCPA / CPRA)

If you are a California resident, you may have additional rights, including the right to:

Request disclosure of the categories and specific pieces of personal information we have collected or disclosed about you in the prior 12 months.
Request deletion of your personal information, subject to exceptions.
Opt-out of any sale or sharing of personal information (we do not knowingly sell personal information of consumers).
Non-discrimination for exercising privacy rights.

To make a request, email [email protected] with “California Privacy Request” in the subject. We will verify requests consistent with applicable law.

13. Marketing Communications & Opt-Out

We send marketing emails only where you have consented (where required) or where we have a legitimate interest and you have not opted out. You may unsubscribe via links in our emails or by emailing [email protected]. Even after unsubscribing, we may send you non-marketing communications relating to your orders or transactions.

14. Uploaded Files & Project Data

Files you upload (Gerbers, BOMs, PNP files) are used to provide quotations, DFM reviews and manufacturing. These files may be shared with suppliers, subcontractors or service providers strictly to fulfil your order. Do not include personal data in uploaded files unless necessary. If personal data is included, it will be processed according to this policy.

15. Automated Decision-Making & Profiling

We do not perform automated decision-making with legal or similarly significant effects based solely on profiling. If we implement any automated decisions in the future, we will disclose the logic and how to request human review where required by law.

16. Children’s Privacy

Our services are not directed at children under 16 (or the higher age required by local law). We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact [email protected] and we will take steps to delete it.

17. Data Breach Notification

Where required by law, we will notify affected individuals and relevant regulators of a data breach within the legally required timeframe. We will also take all reasonable steps to mitigate the effects of a breach.

18. Third-Party Links

Our site may contain links or embedded content from third parties (e.g., Google Maps, payment gateways). We are not responsible for the privacy practices of third parties. Review third-party privacy policies before providing personal data.

19. International Business Transfers & Subprocessors

Because we operate internationally, your data may be processed by subprocessors located in other countries. We maintain a list of subprocessors upon request; contact [email protected] to request details of current subprocessors and transfer safeguards.

20. Changes to This Policy

We may update this Privacy Policy from time to time. The “Effective date” at the top will show when this policy was last updated. Significant changes will be published on our website and — where required — notified to you.

21. How to Contact Us

If you have questions, requests or concerns about this policy or our data practices, contact:
Email: [email protected]

If you are dissatisfied with our response, you may lodge a complaint with your local data protection authority (for EU/EEA residents) or other relevant regulator.

22. Disclaimer & Legal Review

This Privacy Policy is a template intended to be comprehensive for a PCB/PCBA manufacturer operating internationally. It is not legal advice. Philifast should have this policy reviewed and adapted by qualified legal counsel to ensure compliance with local laws and regulations applicable to your business operations, customers and jurisdictions.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.