π York Candy Factory -- Your Trusted Custom Marshmallow OEM/ODM Partner
Privacy Policy
At York Candy (yorkcandy.com), we are committed to protecting your personal and business information. This policy explains how we collect, use, and safeguard your data.
Who We Are
York Candy Factory ("we," "us," or "our") is a China-based manufacturer specializing in custom shaped marshmallows, operating the website yorkcandy.com. We provide OEM and ODM manufacturing services to retail buyers, brand owners, event companies, and food businesses primarily in the European Union and United States.
We act as the data controller for personal information collected through this website and our business communications. Our operations comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and applicable Chinese data protection regulations including the Personal Information Protection Law (PIPL).
Registered Address: York Candy Factory, [Factory Address], China
Website: yorkcandy.com
Data Protection Contact: yorkscandy@gmail.com
Data We Collect
As a B2B-focused manufacturer, we primarily collect business contact and inquiry information. We collect data through our website contact forms, quote request forms, email correspondence, trade shows, and direct business communications.
Business Contact Information
- Full name and job title
- Business email address
- Company name and business type
- Phone number (optional)
- Country / region
Inquiry & Order Information
- Product specifications and customization requirements
- Estimated order quantities and frequency
- Packaging and labeling preferences
- Shipping destination and delivery requirements
- Brand assets or logo files (for OEM/ODM projects)
Technical & Usage Data
- IP address and approximate geographic location
- Browser type and device information
- Pages visited, time spent, referral source
- Cookie identifiers (see Section 9)
How We Use Your Data
We use your information solely for legitimate business purposes related to our manufacturing and export services:
Processing Inquiries & Quotations
Responding to your product inquiries, preparing custom quotations, and managing sample requests for OEM/ODM projects.
Order & Contract Management
Managing production orders, coordinating logistics, issuing invoices, and fulfilling contractual obligations with business clients.
Business Communications & Follow-up
Sending relevant product updates, new seasonal collections, or industry information to existing clients and qualified leads (with opt-out available at any time).
Website Improvement & Analytics
Analyzing website traffic and usage patterns to improve user experience, content relevance, and conversion for B2B visitors.
Legal & Compliance Obligations
Maintaining records required by export regulations, food safety certifications (BRC, FDA, ISO 22000), and applicable tax and customs laws.
We do not sell, rent, or trade your personal information to third parties for marketing purposes. We do not use your data for automated decision-making or profiling that produces legal effects.
Legal Basis for Processing (GDPR)
For individuals in the European Economic Area (EEA) or United Kingdom, we process personal data under the following lawful bases as defined by GDPR Article 6:
| Legal Basis | GDPR Article | When Applied |
|---|---|---|
| Contract Performance | Art. 6(1)(b) | Processing orders, managing OEM/ODM agreements, invoicing |
| Legitimate Interests | Art. 6(1)(f) | Responding to inquiries, B2B marketing to existing clients, website analytics |
| Legal Obligation | Art. 6(1)(c) | Compliance with export regulations, food safety certifications, tax records |
| Consent | Art. 6(1)(a) | Newsletter subscription, non-essential cookies, marketing to new prospects |
Data Sharing & Third Parties
We only share your information with trusted third parties who assist in delivering our services. We do not sell your data. Categories of recipients include:
Logistics & Freight Partners
International freight forwarders and customs agents who require shipment recipient details to process export documentation and deliver goods to EU/US destinations.
Payment & Banking Services
International banks and payment processors to facilitate wire transfers, letters of credit, and other trade finance instruments for B2B transactions.
Technology & Cloud Service Providers
Website hosting, CRM systems, email platforms, and analytics tools (e.g., Google Analytics) used to operate yorkcandy.com and manage client communications.
Regulatory & Certification Bodies
Food safety certification auditors (BRC, ISO 22000), FDA registration agents, and SMETA auditors who may access limited business records as part of compliance audits.
Legal & Government Authorities
When required by applicable law, court order, or government regulation in China, the EU, or the US -- including customs authorities and tax agencies.
All third-party service providers are contractually bound to process your data only as instructed by us and to maintain appropriate security standards consistent with GDPR requirements.
International Data Transfers
As a China-based company serving EU and US clients, your personal data will be transferred to and processed in China. We ensure appropriate safeguards are in place for such transfers:
EU/EEA Transfers (GDPR Chapter V)
Transfers from the EU to China rely on Standard Contractual Clauses (SCCs) as approved by the European Commission, supplemented by transfer impact assessments where required. You may request a copy of applicable SCCs by contacting us.
US Transfers (CCPA)
For California residents, we comply with CCPA requirements. We do not "sell" or "share" personal information as defined under CCPA. We implement reasonable security measures consistent with industry standards for cross-border data handling.
China PIPL Compliance
Our data processing practices comply with China's Personal Information Protection Law (PIPL). Cross-border data transfers involving personal information of Chinese residents are subject to applicable PIPL requirements.
Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law:
| Data Type | Retention Period | Reason |
|---|---|---|
| Inquiry / Quote records | 2 years | Business relationship management |
| Order & contract documents | 7 years | Tax, customs, and legal compliance |
| Food safety & certification records | 5 years | BRC, FDA, ISO 22000 audit requirements |
| Marketing / newsletter consent | Until withdrawn | Consent-based; deleted upon opt-out request |
| Website analytics data | 26 months | Standard Google Analytics retention |
Your Privacy Rights
Depending on your location, you have the following rights regarding your personal data. We respond to all verified requests within 30 days (GDPR) or 45 days (CCPA).
Right to Access
Request a copy of the personal data we hold about you.
Right to Rectification
Correct inaccurate or incomplete information.
Right to Erasure
Request deletion of your data ("right to be forgotten").
Right to Restriction
Limit how we process your data in certain circumstances.
Right to Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or for direct marketing.
π¨π¦ California Residents (CCPA)
California residents have additional rights including the right to know about data collection, the right to opt-out of data sale (we do not sell data), and the right to non-discrimination for exercising privacy rights.
To exercise any of these rights, please contact us at yorkscandy@gmail.com. We may need to verify your identity before processing your request. You also have the right to lodge a complaint with your local data protection authority.
Cookies & Tracking Technologies
Our website uses cookies and similar technologies to enhance your browsing experience and analyze website performance. We use the following categories of cookies:
Strictly Necessary Cookies
Required for the website to function. Includes session management, security tokens, and form submission cookies. Cannot be disabled.
Analytics & Performance Cookies
Google Analytics cookies that help us understand how visitors use our site (pages visited, time on site, traffic sources). Data is anonymized where possible. Requires consent from EU visitors.
Marketing & Preference Cookies
Used to remember your preferences and, where applicable, to show relevant content. These are only set with your explicit consent.
You can manage cookie preferences through your browser settings or our cookie consent banner. Note that disabling certain cookies may affect website functionality. For more information, visit aboutcookies.org.
Data Security
We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction. Our security practices include:
SSL/TLS Encryption
All data transmitted via HTTPS with TLS 1.2+ encryption
Access Controls
Role-based access limiting data to authorized personnel only
Secure Storage
Data stored on secured servers with regular backups
Regular Audits
Security reviews aligned with BRC and ISO 22000 audit cycles
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify relevant supervisory authorities within 72 hours and affected individuals without undue delay, in accordance with GDPR Article 33-34 requirements.
Children's Privacy
yorkcandy.com is a B2B business website intended exclusively for business professionals, procurement managers, brand owners, and trade buyers. It is not directed at children under the age of 16 (or 13 in the US).
We do not knowingly collect personal information from individuals under 16 years of age. If we become aware that we have inadvertently received personal information from a minor, we will delete such information promptly. If you believe we have collected information from a child, please contact us immediately at yorkscandy@gmail.com.
Note: While our products (marshmallows) may appeal to children as end consumers, all business transactions and communications on this website are conducted exclusively with adult business representatives. Our products comply with EU and US food safety regulations for all age groups.
Contact Our Privacy Team
If you have any questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, please reach out to us through any of the following channels:
π§ Email
yorkscandy@gmail.com
For privacy requests & GDPR/CCPA inquiries
πΌ Business Inquiries
yorkscandy@gmail.com
For OEM/ODM and general business
π Website
yorkcandy.com/contact
Submit a request via contact form
EU Representative
As required by GDPR Article 27, we are in the process of appointing an EU representative for data protection purposes. Please contact us directly at yorkscandy@gmail.com for any GDPR-related matters in the interim.
Policy Updates: We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify registered clients of material changes via email. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of our website after any changes constitutes acceptance of the updated policy.
Ready to Start Your Custom Marshmallow Project?
Your data is safe with us. Let's build something sweet together.