Privacy Policy

 Last Updated: 26 May, 2026

1.0 Introduction

Welcome to UGREEN. This Privacy Policy explains how AMERICA UGREEN LIMITED ("UGREEN," "we," "us," or "our") collects, uses, shares, and otherwise processes your personal data in connection with your use of the website https://nas-eu.ugreen.com/ (the "Site") and the services, features, content, and products we offer (collectively, the "Services").

Our commitment is to protect your personal data and to be transparent about the information we process. This policy is designed to help you understand your privacy rights and how you can exercise them. It applies to all visitors, users, and others who access the Services.

This Privacy Policy is an integral part of our Terms of Service. By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

2.0 The Personal Data We Process

We process different categories of personal data depending on how you interact with our Services. "Personal data" means any information that relates to an identified or identifiable individual.

2.1 Data You Provide Directly to Us

We collect personal data that you voluntarily provide when you use our Services.

2.1.1 Account Information:When you create an account, we collect your name, email address, and password. 

2.1.2 Transaction & Billing Information:When you make a purchase, we collect information necessary to process the transaction, including your name, email address, shipping address, billing address, and phone number. Your payment card details are collected and processed directly by our third-party payment processors, such as Shopify Payments and PayPal; we do not store your full payment card information. We also maintain a history of your orders, returns, and exchanges.

2.1.3 Communications with Us:When you contact us for customer support or any other inquiry, we collect the information you provide in your communications. This may include your name, email address, phone number, the content of your message, and technical information such as your product's serial number (deviceSN), device location, and problem descriptions.

2.1.4 Subscription:When you subscribe to our newsletters and latest NASync deals and updates, we collect your email address you provide in the subscription box.

2.2 Data We Collect Automatically (Cookies and Other Technologies)

When you visit our Site, we automatically collect certain information from your device using cookies and similar tracking technologies like web pixels and scripts. This helps us operate, improve, and secure our Services. For detailed information, please see Section 6.0 "Cookies and Other Tracking Technologies."

2.2.1 Device and Connection Information:We collect your IP address, browser type and version, operating system, and unique identifiers associated with your device or browser. These identifiers may include a universally unique identifier (uuid), a browser ID (bid), a client ID (cid used by Google Analytics), or a Facebook browser ID (fbp).

2.2.2 Usage Information:We collect data about your interactions with our Site, such as the pages you visit, the links you click, your search queries (e.g., search_string), items you view or add to your cart, the referring website that led you to our Site (document.referrer), and the date and time of your visit. Some of our analytics partners, like Microsoft Clarity, may record your sessions to help us understand user behavior and identify usability issues.

2.2.3 Location Information:We may infer your general geographic location (e.g., country or city) from your IP address to provide localized content and ensure compliance with regional legal requirements.

2.3 Data We Receive from Third Parties

We may receive personal data about you from third-party sources to supplement the information we collect.

·Platform Partners:Our e-commerce platform, Shopify, provides us with analytics and reports about your interactions with our store, which helps us improve our Services.

2.3.1 Payment Processors:When you complete a transaction, our payment processors (e.g., PayPal) provide us with confirmation of your payment, transaction details, and sometimes, information related to fraud risk assessment.

3.0 Our Purposes and Legal Bases for Processing Your Data

Under the GDPR, we are required to have a valid legal basis for each of our data processing activities. We process your personal data for the purposes and on the legal bases described below.

3.1 To Provide and Manage Our Services

oPurpose:To create and maintain your account, process your orders, handle payments, arrange for shipping and returns, and provide you with the products and services you request. This also includes providing customer support and responding to your inquiries.

oLegal Basis:Performance of a Contract(GDPR Art. 6(1)(b)). Processing is necessary to fulfill our contractual obligations to you or to take steps at your request before entering into a contract.

3.2 For Marketing, Advertising, and Personalization

oPurpose:To send you promotional communications, newsletters, and special offers via email; to place cookies and use other technologies to show you personalized advertisements on our Site and other websites based on your interests and browsing history (retargeting); and to personalize your shopping experience with product recommendations.

oLegal Basis:Consent(GDPR Art. 6(1)(a)). We will only engage in these activities where you have given us your explicit, affirmative consent. You can withdraw your consent at any time.

3.3 For Analytics and Service Improvement

oPurpose:To understand how you and other users interact with our Site, to gather demographic information, to analyze trends, and to improve the functionality, design, and quality of our Services.

oLegal Basi(e)s:

§Consent(GDPR Art. 6(1)(a)) for processing data collected via non-essential analytics cookies and similar technologies.

§Legitimate Interests(GDPR Art. 6(1)(f)) for processing aggregated and anonymized data that does not rely on personal identifiers to improve our business operations. Our legitimate interest is in enhancing our Services for the benefit of our users.

3.4 For Security and Fraud Prevention

oPurpose:To protect the security and integrity of our Services, to authenticate users, to prevent and detect fraud, unauthorized activities, and other security incidents.

oLegal Basis:Legitimate Interests(GDPR Art. 6(1)(f)). Our legitimate interest is in protecting our business, our Site, and our users from harm. In some cases, this may also be aLegal Obligation(GDPR Art. 6(1)(c)).

3.5 To Comply with Legal Obligations

oPurpose:To comply with applicable laws, regulations, court orders, or other legal processes, such as maintaining records for tax, accounting, and financial auditing purposes, or responding to valid requests from law enforcement.

oLegal Basis:Legal Obligation(GDPR Art. 6(1)(c)).

4.0 Sharing and Disclosure of Personal Data

We do not sell your personal data. We may share your personal data with third parties only in the circumstances described below to help us provide our Services and for the purposes outlined in this policy.

4.1 Service Providers and Platform Partners:We engage third-party companies and individuals to perform services on our behalf.

oShopify:As our core e-commerce platform provider, Shopify processes personal data for website hosting, checkout functionality, payment processing, and fraud analysis.

oAmazon Web Services (AWS):We use AWS for secure cloud hosting and data storage infrastructure.

4.2 Payment Processors:

oPayPal:To securely process payments when you select PayPal as your payment method during checkout.

4.3 Analytics and Business Intelligence Partners:

oGoogle (Google Analytics):To analyze website traffic, user engagement, and campaign performance. We have configured Google Analytics to respect user privacy choices.

oMicrosoft (Clarity):To understand user behavior through session recordings and heatmaps, helping us to identify and fix usability issues on our Site.

4.4 Advertising and Marketing Partners:

oMeta (Facebook Pixel):To measure the effectiveness of our advertising campaigns on Meta's platforms (Facebook and Instagram) and to create custom audiences for retargeting purposes.

oGoogle (Google Ads /DoubleClick):To manage our advertising on Google's network, including conversion tracking and serving targeted ads.

oOther Marketing Platforms:We work with various partners to manage our marketing and affiliate programs, such as Advertease, Attribuly, and Scarab Research, who assist with advertising, attribution, and product recommendations.

4.5 Customer Support and Communication Partners:

oZendesk:To manage our customer support ticketing system and facilitate communications with you when you request assistance.

oQuickCEP:To provide AI-powered chat support and customer engagement services on our Site.

4.6 E-commerce Functionality and Conversion Partners: We use various Shopify applications to enhance our store's functionality, such as "Frequently Bought Together" byCode Black Belt, offer verification services fromGocertify, and lead capture pop-ups fromPop-Convert.

4.7 Security Partners: We use services like Cloudflare for content delivery and security, and hCaptcha to protect our Site from spam and abuse by distinguishing between human users and bots.

4.8 Affiliates and Corporate Group:We may share personal data with our parent company, subsidiaries, and other affiliates within the UGREEN corporate group for operational, strategic, and reporting purposes.

4.9 Legal Disclosures and Business Transfers:We may disclose your personal data if required by law or in the good-faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent fraud, or in connection with a business transaction such as a merger, sale of assets, or bankruptcy.

5.0 Cookies and Other Tracking Technologies

Our Site uses cookies and similar technologies to function, to analyze performance, and for advertising purposes. A cookie is a small text file that a website stores on your computer or mobile device when you visit the site.

In compliance withthe Europeanlaw and the ePrivacy Directive, we only place non-essential cookies on your device with your explicit and affirmative consent, which you can provide through our cookie consent banner. You have the right to withdraw your consent or change your preferences at any time. You can manage your cookie preferences through the "Cookie Settings" link available in the footer of our Site. For more information, please refer to our Cookie Notice.

6.0 Data Security and Retention

6.1 Data Security

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal data we process. These measures are intended to prevent unauthorized access, use, alteration, or disclosure of your data. Our security framework includes:

1) Encryption:We use Transport Layer Security (TLS) to encrypt personal data in transit between your browser and our servers. Data at rest is also stored in an encrypted format.

2) Access Control:Access to personal data is strictly limited to authorized personnel on a need-to-know basis, following the principle of least privilege.

3) Regular Testing and Audits:We conduct regular vulnerability scans and security assessments of our systems to identify and remediate potential threats.

4) Incident Response:We have an incident response plan in place to promptly address any data breaches and to notify affected individuals and supervisory authorities as required by law.

However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

6.2 Data Retention

We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, including as described in this Privacy Policy, or as required or permitted by law. The criteria used to determine our retention periods include:

1) The length of time we have an ongoing relationship with you and provide the Services to you(for example, for as long as you have an account with us or keep using our Services).

2) Whether there is a legal obligation to which we are subject(for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them).

3) Whether retention is advisable in light of our legal position(such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

4) When we no longer need to retain your personal data for these purposes, we will either delete or anonymize it.   

7.0 Your Privacy Rights under GDPR

We value the privacy of all our users. If you are a user of our site, you may have certain data protection rights under the applicable laws of your region. We are committed to facilitating the exercise of these rights.

7.1 Right of Access:You have the right to request copies of your personal data.

7.2 Right to Rectification:You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

7.3 Right to Erasure ('Right to be Forgotten'):You have the right to request that we erase your personal data, under certain conditions.

7.4 Right to Restrict Processing:You have the right to request that we restrict the processing of your personal data, under certain conditions.

7.5 Right to Object to Processing:You have the right to object to our processing of your personal data, under certain conditions, particularly where we are relying on legitimate interests as our legal basis.

7.6 Right to Data Portability:You have the right to request that we transfer the data that we have collected to another organization, or directly to you, in a structured, commonly used, and machine-readable format.

7,7 Right to Withdraw Consent:Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.

7.8 Right to Lodge a Complaint:You have the right to lodge a complaint with a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.

To exercise any of these rights, please contact us or our Data Protection Officer using the contact details provided in this policy. We may need to verify your identity before processing your request.

8.0 International Data Transfers

Your personal data may be transferred to, stored, and processed in countries other than the country in which you reside, including the United States, where our corporate affiliates and many of our third-party service providers are based.

Data protection laws in these countries may differ from the laws in your country. However, we take appropriate safeguards to ensure that your personal data remains protected in accordance with this Privacy Policy and applicable law. These safeguards include:

1) Transferring data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

2) Relying on the EU-U.S. Data Privacy Framework for transfers to certified companies in the United States.

3) Implementing the European Commission's Standard Contractual Clauses (SCCs) with our third-party service providers and partners, which require them to protect personal data they process from the EEA to the same standard as required under GDPR.

9.0 Other Important Information

9.1 Children's Data

Our Services are not intended for or directed at children under the age of 16, and we do not knowingly collect personal data from children. If you are a parent or guardian and believe we have collected information about your child, please contact our DPO to request that it be deleted.

9.2 Automated Decision-Making and Profiling

We do not use automated decision-making that has legal or similarly significant effects on you. We do, however, engage in profiling for the purposes of personalization and targeted advertising. For example, we use your browsing history and purchase data to recommend products and to show you advertisements that we believe will be relevant to your interests. You have the right to object to this type of profiling, which you can exercise by managing your cookie preferences and by opting out of marketing communications.

9.3 Third-Party Websites and Links

Our Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated with or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites.

9.4Changes to This Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will post the revised Privacy Policy on this Site and update the "Last Updated" date at the top of this policy.

9.5Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data protection practices, please do not hesitate to contact us.

Data Controller: AMERICA UGREEN LIMITED

108 WEST 13TH ST WILMINGTON, DE 19801, USA, County of Delaware

General Inquiries:nas.eu@ugreen.com

Data Protection Officer:DPO@ugreen.com

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Please note that the dispute resolution process shall be conducted in English.