Privacy Policy for Mobile Trading Applications

Update date: December 24, 2021 Effective time: December 14, 2020 Xiniu Benben (Beijing) Technology Co., Ltd. and Xiniu Securities Co., Ltd. are related, and jointly develop and operate the "Xiniu Securities" app. Specifically, the development and maintenance of the Xiniu Securities app is in charge of Xiniu Benben (Beijing) Technology Co., Ltd., and Xiniu Securities Co., Ltd. is responsible for the operation of specific business matters within Xiniu Securities' software. The two companies promised that the content of the software is legal and compliant, does not infringe the legal rights of any third party, and does not involve any unlicensed business matters. Thank you for your trust and support to Xiniu Benben (Beijing) Technology Co., Ltd. (hereinafter referred to as "we"/"our company"). We are well aware of the importance of personal information to you. Your trust is very important to us. We Corresponding security protection measures will be taken in accordance with the requirements of laws and regulations, and committed to protecting your personal information in a safe and controllable manner. In view of this, we have formulated this "Privacy Policy" (hereinafter referred to as "this policy/this privacy policy") to help you fully understand how we collect, use, share, store and Protect your personal information and how you can manage your personal information so that you can better make appropriate choices. This policy is closely related to your use of our services. Before using our products and services, please read this policy carefully, and use related products and services after you have confirmed that you fully understand and agree to this policy. Once you start using our products or services, it means that you fully understand and agree to this policy, and agree that we collect, use, store, share and protect your relevant information in accordance with the provisions of this policy If you have any questions about this policy or related matters, please contact us via fixed line 010-57287075. Section One. How we collect and use your personal information We will follow the principles of fairness, lawfulness and necessity, based on the following functions and services, to collect and use the personal information you voluntarily provide during the use of products (or services). 1.1 Register an account way to register Information collected application Mobile phone number registration Phone number Login and locate account WeChat WeChat avatar, WeChat nickname More convenient login account, personalized display of avatar, nickname QQ QQ avatar, QQ nickname More convenient login account, personalized display of avatar, nickname Weibo Weibo avatar, Weibo nickname More convenient login account, personalized display of avatar, nickname Xiniu Benben also provides a local mode without registering an account. If you choose not to register an account, you can also view market quotations, browse information, watch videos, etc., but you cannot speak in the community or conduct transactions. 1.2.1 1.2 Application function 1.2.1 Synchronize data Once you register an account and use the account to perform operations such as deposits and transactions, in order for you to synchronize data between devices in a normal and complete manner, you need to allow us to collect: Your account opening data, including but not limited to name, email, work address and other information. Your capital account data, including but not limited to transaction amount, available balance, etc. Your position data, including stock name, stock code, cost price and other information. Your community communication data, including your speeches, replies, likes, comments, etc. The above information is only used for you to synchronize data between devices, we will not read your content. 1.2.2 Search function When you use the search function in Xiniu Securities, in order to facilitate your query of recent search history, we may collect information including: the keywords you query (the keywords you query will only be recorded locally on the client and will not be synchronized To the cloud). 1.2.3 Submit feedback When you submit feedback in Xiniu Benben, to ensure that we can accurately understand and screen the problems you encounter, we may collect information packages Including: Log files, device model, operating system version, app version information. 1.2.4 Withdraw/deposit funds When you deposit/withdraw funds to your account, according to risk control and anti-money laundering requirements, you need to provide your bank card number, bank card holder name (must be the same as the name of the opened fund account), and deposit/withdrawal The amount of funds information. 1.3 Permissions requested in the app We need to apply for some system permissions that involve personal privacy to ensure that some functions in the app can be used normally. We will ask you for authorization when you use these functions, and we will only access your personal information after obtaining your authorization. If you do not need to use these functions, you can refuse authorization; if you have never used these functions, we will not request permission from you and will not access your personal information. The permissions we will apply for and the functions corresponding to these permissions include: Permission to make calls:When users have any questions and need to communicate with the platform, click the "Customer Service Phone" button, and we will apply for this permission. After obtaining the authorization, the Xiniu Benben app will jump directly to the system dialing interface, without the user entering a phone number, you can directly press the dial button to dial the customer service number. Permission to write to external storage:We will apply for this permission when users upload their ID cards by taking photos during the account opening process or modify their avatars by taking photos. After obtaining authorization, Xiniu Benben will write the photos taken to local storage. Permission to read external storage:We will apply for this permission when the user uploads the ID card by selecting photos from the album during the account opening process, or modifies the avatar by selecting photos from the album. Allow microphone permission:When a user opens an account, video verification is required. We will apply for this permission to facilitate users to open an account smoothly. Permission to call the camera:We will apply for this permission when users upload their ID cards by taking photos or modify their avatars by taking photos during the account opening process. 1.4 Third-party SDK We collect data based on your interaction with us and the choices you make, including your privacy settings and the products and features you use. The data we collect may include SDK/API/JS code version, browser, Internet service provider, IP address, platform, timestamp, application identifier, application version, application distribution channel, independent device identifier, iOS advertising identifier IDFA, Android advertiser identifier, network card (MAC) address, International Mobile Equipment Identity (IMEI), device model, terminal manufacturer, terminal device operating system version, session start/stop time, language location, time zone and Network status (WiFi, etc.), hard disk, CPU and battery usage. The following partners and their services are carefully selected by us, and we and our partners will jointly use various security technologies and procedures to encrypt data, and implement a complete mechanism to protect your personal information from unauthorized access. Access, use or disclosure. You can learn more about it through the partner's privacy policy. SDK used in Android apps WeChat login:When you log in with WeChat, we will collect your WeChat profile picture and nickname QQ login:When you log in with QQ, we will collect your QQ profile picture and nickname Weibo login:When you log in with Weibo, we will collect your Weibo profile picture and nickname Baidu SDK:In your account opening process, when you need to perform video face authentication, we will call Baidu SDK to authenticate your face information to ensure that you can open an account smoothly and smoothly. Umeng SDK:When you use a third party to log in, share information in the app to friends, and receive app push services, we need to call the service of the Umeng SDK to better meet your needs. Information disclosure Under the following circumstances, the Xiniu Benben APP will disclose your personal information in whole or in part according to your personal wishes or legal requirements: Without your prior consent, we will not disclose to third parties; In order to provide the products and services you request, you must share your personal information with third parties; According to the relevant provisions of the law, or the requirements of the administrative or judicial institutions, disclose to a third party or the administrative or judicial institutions; If you violate relevant Chinese laws, regulations, or the Xi Niu Ben Ben APP service agreement or related rules, you need to disclose to a third party; If you are a qualified intellectual property complaint and have filed a complaint, you should disclose it to the respondent at the request of the respondent, so that both parties can deal with possible rights disputes; 2.Provide you with the functions necessary for security (1) In order to improve the safety of your use of our products and/or services, protect the personal and property safety of you or other users or the public, and better prevent phishing websites, fraud, network vulnerabilities, computer viruses, network attacks, network intrusions, etc. Security risks, to more accurately identify violations of laws and regulations, we may use or integrate your personal information, transaction information, device information, service log information, and information that our affiliates and partners have obtained your authorization or shared in accordance with the law. Comprehensively identify the risks of your account, conduct identity verification, detect and prevent security incidents, and take necessary recording, auditing, analysis, and disposal measures in accordance with the law. (2) In order to meet the basic requirements of laws and regulations and provide services, to ensure the security of your account and system operation; to analyze the collected information so that we can troubleshoot the cause when the system fails, so as to realize the development, upgrade and optimization of the product service quality. We will collect information about the services you use and how you use them and associate these information. This information includes: Device Information: We will receive and record information about the equipment you use based on the specific permissions granted by you during product installation and use. We need to record your device model, unique device identifier, operating system, IP address, resolution, mobile application download channel, current mobile application version number, and mobile application language setting information. Operation log information: When you use our products and/or services, we will automatically collect your detailed usage of our products and/or services and save them as relevant web logs. We need to collect your log information, including account status, login time, browsing history, self-selected target, trading market, transaction target information (not including transaction fund information). We will obtain the storage permission of your device to save the aforementioned log information. (2) You can choose to authorize us to collect and use personal information scenarios In order to provide you with more convenient and better quality products and/or services, and strive to improve your experience, our mobile application will apply for some necessary system permissions from the device. If you reject the content in the following table, you will not be able to use the corresponding functions, but it will not affect your use of other services of Xi Niu。 Additional services based on camera/camera You can use this function to take photos of ID cards and other documents/materials after turning on the camera/camera permissions, and you can also take photos for evaluation, sharing, and facial recognition authorized by you in specific scenarios. When you use this additional feature for face recognition, we will collect your facial features and use them strictly within the scope of your authorization. In the future, if we intend to use your facial information to provide you with other product and/or service functions , We will confirm with you again. Additional services based on photo access and upload of photo albums (picture library) You can use this function to upload your photos/pictures after enabling photo album permissions, so as to realize changing avatars, posting comments, sharing, uploading ID cards and other supporting materials. Additional services related to microphone-based voice technology You can use the microphone to implement customer service voice feedback services after turning on the microphone permission, or to communicate with the customer service. Even if you have agreed to turn on the microphone permission, we will only obtain it through the microphone when you actively click the microphone icon in the mobile app or record a video voice message。 Additional services based on address book information Address book permissions are turned off by default. If some users need to switch the clearing service provider, they can choose to open the address book permission and perform Auth authentication.。 Calendar-based additional services After you authorize the permission to read/write your calendar, we will read/write the date of the company action you follow in the system calendar according to your operation, so as to provide you with timely reminders Serve。 Additional services based on fingerprint and face recognition. Our mobile application provides fingerprint or face recognition instead of transaction passwords to ensure transaction security and additional security services for fingerprint or face recognition before entering the transaction and fund account interface, so that you can get more Safe user experience。 You understand and agree that the above additional services may require you to enable access to your camera (camera), photo album (picture library), microphone (voice), address book, calendar, fingerprint, and face recognition in your device. To achieve the collection and use of information involved in these permissions. You can view the status of the above permissions item by item in your device settings, and you can decide whether to turn on or off these permissions at any time. Please note that if you enable any permission, you authorize us to collect and use relevant personal information to provide you with corresponding services. Once you close any permission, you cancel the authorization, and we will no longer continue to collect based on the corresponding permissions. And the use of related personal information can not provide you with the services corresponding to this authority. However, your decision to close the authority will not affect the previous collection and use of information based on your authorization (3) Other Please understand that the services we provide to you are constantly updated and developed. If you choose to use other services that are not covered in the foregoing description, and we need to collect your information based on that service, we will separately explain to you the purpose and scope of the corresponding information collection by updating this policy, pop-up windows, page prompts, etc. And use methods, and provide you with a way to choose your consent, and collect and use it after obtaining your express consent. We will use, store, provide and protect your information in accordance with this policy and the corresponding user agreement; if you choose not to provide the foregoing information, you may not be able to use a certain service or part of the service, but it will not affect your use of the service we provide other service. During this process, if you have any questions, comments or suggestions, you can contact us in time and we will answer you as soon as possible (4) Exceptions with consent According to relevant laws, regulations and national standards, in the following situations, we may collect and use your personal information in accordance with the law without your authorization and consent: 1.Directly related to national security and national defense security; 2.Directly related to public safety, public health, and major public interests; 3.Directly related to criminal investigation, prosecution, trial and sentence execution; 4.In order to protect your or others' life, property and other major legal rights and interests, but cannot obtain your own consent in a timely manner; 5.The personal information collected is disclosed to the public by yourself; 6.Collect your personal information from legally publicly disclosed information, such as: legal news reports, government information disclosure and other channels; 7.Necessary for signing and fulfilling the contract according to your requirements; 8.Necessary for maintaining the safe and stable operation of the provided services, such as: discovering and handling service failures; 9.Necessary for legal news reporting; 10.It is necessary for academic research institutions to conduct statistical or academic research based on the public interest, and when they provide academic research or description results externally, they de-identify the personal information contained in the results; 11.Other circumstances stipulated by laws and regulations。 Please be aware that, in accordance with applicable laws, if we take technical measures and other necessary measures to process personal information, the data recipient cannot re-identify specific individuals and cannot be restored, or we may conduct de-identification research on the collected information , Statistical analysis and prediction, used to improve our content and layout, provide product or service support for business decisions, and improve our products and services (including the use of anonymous data for machine learning or model algorithm training), then such processing The use of data does not need to notify you separately and obtain your consent。 (5)Rules for the use of personal information 1.We will use the collected personal information in order to realize the functions of our products and/or services in accordance with the provisions of this privacy policy。 2.For all personal information you provide when you use our products and/or services, unless you refuse our collection through the system settings, it will be deemed to continue to authorize and agree to our use during your use of our products and/or services 3.We will make statistics on the usage of our products and/or services, and may share these statistics with the public or third parties to show the overall usage trends of our products and/or services. But these statistics do not contain any identifying information about you。 4.In order to meet your individual needs, maintain and improve the quality of our products and/or services, we will use the following information in compliance with legal requirements and in accordance with your specific authorization: We may use your device information, operation log information, account information and transaction information to perform comprehensive statistics and analysis on your preferences, habits, account status and other information to form a user portrait, which is used to recommend or show you Interested product and/or service information, or display personalized third-party promotion information to you through the system. Including push notifications on the App page to provide you with smart recommendations; through SMS, APP 、E-mails, etc. to send you promotional information or display commercial advertisements; return visits by phone, provide you with services such as information consultation, or invite you to participate in customer research related to services, products, or functions。 For example: We will show or recommend highly relevant community and information services, information flow or advertising/promotion information results to you, display community articles that you may be interested in, recent APP activities, etc.。 Another example: We will use your registration and account opening information, including registration time, account type, and work unit related information, according to the contact information you have provided (including but not limited to: mobile phone number, email address, etc.) through SMS, phone calls, etc. Send you business notifications, conduct user experience research, provide guidance and marketing promotion information, etc.。 Section two、How we use cookies and similar technologies (1)Cookie A cookie is a small text file created by a website server and saved on the user's browser. When a user visits the website server, the website can access the cookie information. In addition to being generally used to confirm user identity, cookies can also be used to store user information and track user visits。 In addition to using cookies to confirm the user’s identity and login status, we will not collect and track any user’s information and behavior through it。 You can manage and delete cookies according to your preferences, and most browsers have a feature that allows you to disable or delete cookies in the system. It should be noted that blocking cookies may cause some functions of our website or system to not work effectively or be unavailable, which may affect your experience。 (2) Cookie similar technology In addition to cookies, we will also use other similar technologies such as Authorization or "Web Beacon" on the website. Authorization is the HTTP protocol header transmitted between the Internet browser and the Internet server, which can replace Cookies. It can be calculated by using the network Beacon. Users who browse the web or visit certain cookies. We will use Authorization to record your identity and collect information about your web browsing activities through the network Beacon, such as: Internet Protocol (IP) address, browser type, Internet service provider (ISP), visited pages, operating system, date /Time stamp and click data stream, etc., so that we can understand and improve our products or services more deeply. Section three、How we share, transfer, and publicly disclose your personal information (1) shared We promise to keep your information strictly confidential and will not share your personal information with companies, organizations and individuals other than Laoxiniu, except in the following cases: 1.Sharing with your consent: After obtaining your explicit consent, we will share your personal information with other parties。 2.Sharing under statutory circumstances: We may share your personal information with external parties in accordance with laws and regulations, litigation dispute resolution needs, or requirements of administrative or judicial authorities in accordance with the law. For example: our various regulatory agencies, autonomous associations or authorized organizations (including but not limited to various exchanges and government agencies) for the purpose of supervision and inspection, may require us to provide your account information and transaction information in order to confirm us Whether the corresponding legal obligations have been fulfilled. 3.Certain products or services may be provided by third parties or jointly provided by us and third parties. Therefore, we need to submit your identity information, contact information, Only after professional information, asset information, investment information and order information can we provide the products or services you need. 4.We will access third-party SDKs to provide you with related services. These third-party services are operated by related parties and are subject to the third party's own terms of service and information protection statement (not this "Privacy Policy"). Regarding the specific types of device permissions that the third-party SDK calls, and how to collect and use your personal information, it is recommended that you refer to the relevant service agreement and privacy policy of the third-party SDK. If you want to know more about the third-party SDK that we have connected, please read the third-party SDK description. 5.In accordance with the requirements of laws and regulations, in order to effectively identify your identity, we will provide your name, date of birth, gender, identification number information and bank card number related information to the third-party identity verification provider we cooperate with during the account opening process. We can identify you as a legal and valid customer, complete the account opening and provide follow-up services for you. 6.Sharing with our affiliated companies: Your personal information may be shared with Xiniu's affiliated companies. We will only share necessary personal information and are bound by the purpose stated in this privacy policy. If the affiliated company wants to change the purpose of processing personal information, it will ask for your authorization again。 7.Sharing with authorized partners: Only to achieve the purpose stated in this policy, some of our services will be provided by authorized partners. We may share some of your personal information with our partners to provide better customer service and user experience. For example, when you participate in the reward activities we provide, we must share your personal information with our partners in order to arrange for rewards, or arrange for partners to provide services. We will only share your personal information for legal, legitimate, necessary, specific, and clear purposes, and will only share personal information necessary to provide services. Our partners have no right to use the shared personal information for any other purpose. 8.When you have questions that we need to answer, complain to us, complain to others, or be complained by others, in order to protect the legitimate rights and interests of you and others, we may save your name, contact information, and complaint in the customer service system provided by a third-party supplier And the relevant content of the communication, and may be provided to consumer rights protection departments and supervisory authorities to resolve complaints and disputes in a timely manner, unless it is expressly prohibited by laws and regulations. 9.Exchange information with other companies and organizations in order to comply with the law, to implement or apply the terms of use of our services and other agreements, or to prevent fraud and other illegal activities and reduce credit risks。 10.Other agreements between you and us regarding information sharing。 If you need to share your information with a third party in order to provide you with services, we will evaluate the legality, legitimacy, and necessity of the third party's collection of information. We will require third parties to take protective measures for your information and strictly abide by relevant laws, regulations and regulatory requirements. In addition, we will obtain your consent in the form of confirmation agreements, copy confirmation in specific scenarios, and pop-up prompts in accordance with the requirements of laws, regulations and national standards, or confirm that a third party has obtained your consent. (2) transfer We will not transfer your personal information to any company, organization or individual, except in the following cases: 1.Obtain your explicit consent in advance; 2.According to laws and regulations or mandatory administrative or judicial requirements; 3.When it comes to asset transfer, acquisition, merger, reorganization or bankruptcy liquidation, if it involves the transfer of personal information, we will inform you of the relevant situation and require new companies and organizations that hold your personal information to continue to be bound by this policy. If the purpose of using personal information is changed, we will require the company or organization to regain your explicit consent。 (3) Public disclosure Except for desensitizing the display of the winner's mobile phone number or user nickname when announcing the list of certain prize-winning activities, in principle, we will not disclose your information publicly. If public disclosure is really necessary, we will inform you of the purpose of public disclosure, the type of information disclosed, and the sensitive information that may be involved, and we will obtain your explicit consent。 (4) According to relevant laws, regulations and policy standards, in the following situations, we may share, transfer, and publicly disclose your personal information in accordance with the law without your consent: 1.Directly related to national security and national defense security; 2.Directly related to public safety, public health, and major public interests; 3.Directly related to criminal investigation, prosecution, trial and sentence execution; 4.In order to protect your or other individuals’ life, property, and other major legal rights, but it is difficult to obtain your own consent; 5.Your personal information disclosed to the public; 6.Personal information collected from legally publicly disclosed information, such as legal news reports, government information disclosure, etc.。 Please be aware that, in accordance with applicable laws, if we take technical measures and other necessary measures to process personal information so that the data recipient cannot re-identify a specific individual and cannot be restored, there is no need to share, transfer, and publicly disclose the data after such processing. We will notify you separately and get your consent。 Section four、How we protect your personal information (1) We have adopted reasonable and feasible security protection measures that comply with industry standards to protect your information and prevent unauthorized access, public disclosure, use, modification, damage or loss of data. We will take all reasonable and feasible measures to protect your personal information. We adopt physical, technical and administrative security measures to reduce the risk of loss, misuse, unauthorized access, disclosure and modification, including but not limited to transmission layer data encryption, firewall and encrypted storage, physical access control, and information access authorization control. We have set up security procedures to protect your information from unauthorized access. For example: You and all of our network communications, we ensure that encryption technology (SSL) is used for encryption protection. We use high-strength encryption measures to encrypt and store your personal information on our servers. We will use trusted protection mechanisms to prevent malicious attacks on personal information; we deploy strict data access control and multi-identity authentication technologies to protect personal information and prevent data from being accessed and used in violation of regulations. When using personal information, such as personal information display and personal information association calculations, we will use a variety of data desensitization technologies including content replacement and SHA256 to enhance the security of personal information in use. We use automatic code security checks and data access log analysis technologies to strengthen personal information security audits. (2) We have an industry-leading data security management system with data as the core and around the data life cycle, which improves the security of the entire system in multiple dimensions from organizational construction, system design, personnel management, product technology, etc., to protect your personal information. For example, we have established a data classification and grading system, data security management specifications, and security development specifications to regulate the storage and use of personal information. We require all employees to sign a confidentiality agreement. We will hold security and privacy protection training courses, and strengthen employees' awareness of the importance of protecting personal information through assessment, review, and adding data protection to the daily assessment of employees, and strictly follow the protection requirements. To strengthen safety certification and services, we have passed ISO27001 certification. (3) If you are an EU user, in addition to providing systematic personal data protection measures in accordance with GDPR terms, our Security Department-Personal Information Protection Officer will be responsible for your data protection as a data protection officer (DPO).。 (4) We will take all reasonable and feasible measures to try our best to avoid collecting irrelevant personal information. We will only retain your personal information for the period required to achieve the purpose stated in the policy, unless it is necessary to extend the retention period or is permitted by law. After exceeding the necessary period, we will delete or anonymize your personal information, except as otherwise provided by laws and regulations. When our products or services stop operating, we will notify you in the form of push notifications, announcements, etc.。 (5) Please be aware and understand that the Internet is not an absolutely secure environment. We strongly recommend that you use our products and services in a secure way and with complex and reliable passwords to help us ensure the security of your account. If you find that your personal information is leaked, especially your account or password, please contact us immediately according to the contact information provided in this policy so that we can take corresponding measures. (6) In the unfortunate event of a personal information security incident, we will inform you in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, suggestions that you can independently prevent and reduce risks, Remedies for you, etc. We will inform you about the incident by email, letter, telephone, push notification, etc. When it is difficult to inform each user one by one, we will adopt a reasonable and effective way to publish an announcement. At the same time, we will also report the handling of information security incidents in accordance with the requirements of the regulatory authorities. Section five、How we store your personal information (1) The personal information we collect and generate within the territory of the People's Republic of China will be stored in the territory of the People's Republic of China, and this information will be kept strictly confidential in accordance with the law. If some services involve cross-border business and we need to transfer relevant personal information collected in China to overseas institutions, we will implement it in accordance with laws, regulations and relevant regulatory authorities, and explain to you the purpose of personal information going abroad and the types of personal information involved. Obtain your consent, and through effective measures such as signing an agreement and on-site verification, require foreign institutions to keep your personal information confidential。 (2) We will retain your personal information for the period necessary to achieve the purpose described in this privacy policy, unless laws, regulations, rules or regulatory documents require or allow storage of this information for a longer period of time, such as the following situations: 1.To comply with applicable laws and regulations and other relevant regulations; 2.To comply with court judgments, rulings or other legal procedures; 3.To comply with the requirements of relevant government agencies or statutory authorized organizations。 4. After the retention period is exceeded, we will delete your personal information or anonymize it in accordance with the requirements of applicable laws。 (3) If we terminate the service or operation, we will notify you at least 30 days in advance, and delete or anonymize your personal information after terminating the service or operation。 Section six、More rights or information of individuals covered by GDPR If your personal information is established in the European Economic Area ("EEA"), for personal information protected by the "General Data Protection Regulation" ("GDPR"), you have a series of Legal rights related to personal information. Such rights include: (1) Obtain information about the processing of your personal information and access your personal information retained by our company. Please note that under certain circumstances, we have the right to refuse access to requests for copies of personal information (especially information specially protected by laws and regulations)。 (2) If your personal information is inaccurate or incomplete, you can ask us to correct it, but if we need you to provide a copy of a valid identity document to prove the authenticity of your identity information, please cooperate in providing it。 (3) In some cases you can ask us to delete your personal information. Please note that under certain circumstances (such as for public interest, public health or scientific and historical research purposes), even if you ask us to delete your personal information, we have the right to keep it。 (4) In some cases, we object to the processing of your personal information and request us to restrict the processing of your personal information. Similarly, in some cases, even if you object or request us to restrict the processing of your personal information, we have the right to refuse your request. If there are other legitimate legal reasons, we also have the right to continue using or processing without your permission。 In accordance with GDPR terms, in addition to providing systematic personal data protection measures, we will also set up a data protection officer (DPO) to be fully responsible for your data protection work。 We will evaluate all requests and complaints we receive and provide you with a prompt response. We may require you to provide a copy of a valid identity document so that we can fulfill our security obligations and prevent unauthorized data disclosure. If your request for access to data is clearly unfounded or an extraordinary request。 For personal information protected by GDPR, we may transfer your personal information to areas outside the EEA for specific permitted purposes. We will ensure that any such international transmissions will be properly protected in accordance with GDPR or other relevant laws。 Section seven、How do you manage your personal information In accordance with relevant Chinese laws, regulations and standards, as well as the common practices of other countries and regions, we guarantee that you exercise the following rights with respect to your personal information (1) Access your personal information 1.You have the right to access your personal information, except for exceptions provided by laws and regulations; 2.You can log in to our mobile application homepage to enter "My" page, click "Settings" in the upper right corner to enter "Account Management" and "Security Settings" to access and change the bound mobile phone and email information, manage the binding and unbinding of social accounts; "-"Personal Homepage"-"Edit" to modify personal information, including avatar, nickname, profile; "My"-"Settings"-"Security Settings" to modify the login password and transaction password, etc. 3.You can enter the "Personal Center" page by logging in to our website homepage to modify your personal information, including mobile phone number, email address, login password, etc.; 4.You can log in to our PC homepage and click "Settings" to enter the "Personal Settings" page to modify your personal information, including nickname, profile, mobile phone number, email address, login password, etc.; 5.You can view your transaction history on our website and mobile app; 6.If you cannot access the above information, you can get in touch with customer service, we will respond to your access request within 15 working days; 7.If you are an EU user, according to GDPR terms, you have the right to request us to retrieve your personal data and transfer it to another data controller。 (2) Correct your personal information You can correct or supplement your personal information by the methods listed in "Access to Your Personal Information"。 If you are unable to manage this personal information through the above methods, you can contact our customer service at any time. We will respond to your access request within 15 working days。 (3) Delete your personal information In the following situations, you can request us to delete personal information: 1.If our handling of your personal information violates the law; 2.If we collect and use your personal information without your explicit consent; 3.If our handling of personal information seriously violates the agreed terms with you; 4.If you no longer use our products or services, or you have voluntarily cancelled your account; 5.If we no longer provide you with products or services; 6.If you are an EU user, you have the right to request us to delete your personal data in accordance with the GDPR。 If we decide to respond to your deletion request, we will also notify the entities that have obtained your personal information from us and require them to delete them in a timely manner, unless laws and regulations provide otherwise, or these entities obtain your independent authorization. When you delete information from our service, we may not delete the corresponding information in the backup system immediately, but we will delete the information when the backup is updated. (4) Protect your personal information You can protect your personal information by using complex passwords and not revealing your login password or account information to anyone. Once you leak your account number and password, it may have unfavorable consequences for you. If you find that your account number and password have been or will be leaked for any reason, please contact our customer service immediately so that we can take corresponding measures. However, until we become aware of this situation and take action within a reasonable time, we are not responsible for it. When you log in to our website or mobile application, especially when you log in on a public device, you should click "My"-"Settings"-"Logout" to log out immediately after the session is over。 We are not responsible for the loss of your personal information being accessed by a third party due to your failure to protect the privacy of your personal information. If you find any unauthorized use of your account or other security breaches, you must notify us immediately. Your assistance will help us better protect your personal information。 (5) Change the scope of your authorization or withdraw your authorization You can change the scope of your authorization to continue to collect personal information or withdraw your authorization by deleting information, turning off device functions, etc. You can also withdraw all our authorization to continue to collect your personal information by canceling your account。 Please understand that each business function requires some basic personal information to be completed. After you withdraw your consent or authorization, we cannot continue to provide you with services corresponding to the withdrawal of your consent or authorization, and will no longer process your corresponding personal information . However, your decision to withdraw your consent or authorization will not affect the previous processing of personal information based on your authorization. (6) Independent management and control of marketing information and targeted push Our application provides you with news bulletins, hot posts, reminders and notifications of related content, so that you can get the latest information about the content you are concerned about in a timely manner。 If you do not want to use our information push service, you can click "Settings"-"Notification Management" on the "My" page to turn off APP push, SMS email notification, WeChat service account notification and other information push services。 If you don’t want to receive our promotional text messages or call back visits, you can also unsubscribe through the corresponding unsubscribe function in the message, or express your refusal in the call back visits。 (7) Log out of your account You can apply for cancellation of your account in the following ways: 1. You can directly apply to cancel your account on the "My" page and click "Settings"-"Account Management"-"Account Cancellation"; 2. Contact our customer service for help and assist you in applying to cancel your account。 After you actively cancel your account, we will stop providing you with products or services, delete your personal information in accordance with the requirements of applicable laws, or make it anonymized。 (8) Respond to your above request To ensure safety, you may need to provide a written request or prove your identity in other ways. We may ask you to verify your identity before processing your request. We will reply within 15 working days. If you are not satisfied, you can also initiate a complaint through our customer service. For your reasonable request, we do not charge fees in principle, but for repeated requests that exceed reasonable limits, we may refuse or charge a certain cost depending on the circumstances. Especially for information that is not directly related to your identity, unreasonably repeated information, or requires too many technical means (for example, the need to develop a new system or fundamentally change the current practice), bring risks to the legitimate rights and interests of others, or are irrelevant We have the right to refuse the actual request. In the following situations, we will have the right to reject your request in accordance with the requirements of laws and regulations: 1. Related to national security and national defense security; 2. Related to public safety, public health, and major public interests; 3. Related to criminal investigation, prosecution, trial and execution of judgments, etc.; 4. There is sufficient evidence that the subject of personal information has subjective malice or abuse of rights; 5. Responding to your request will cause serious damage to the legitimate rights and interests of you or other individuals or organizations; 6. Involving trade secrets。 Section eight、How do we protect the information of minors (1) We attach great importance to the protection of personal information of minors. If you are a minor under the age of 18, you should obtain the written consent of your parent or guardian before using our products and/or services. We protect the personal information of minors in accordance with relevant national laws and regulations. If you are a minor, according to the requirements of relevant laws and regulations, we may refuse to open certain services to you; (2) In the case of collecting personal information of minors with the consent of their parents or guardians, we will only use or disclose this information when permitted by laws and regulations, the parents or guardians have expressly agreed, or are necessary to protect the minors; Section nine、How to update this policy In order to provide you with better services, our business will change from time to time, and our privacy policy may be updated and adjusted from time to time。 Without your explicit consent, we will not restrict your rights in accordance with this policy. We will display the latest version of the privacy policy on a dedicated page (such as "My→Settings→Privacy Policy" in the mobile application). For major changes, we will also provide more noticeable notifications (including we will notify you through publicity and even provide you with pop-up prompts). The major changes referred to in this policy include but are not limited to: (1) Our service model has undergone major changes. Such as the purpose of processing personal information, the type of personal information processed, the way of using personal information, etc.; (2) Major changes in our control rights, such as changes in information controllers caused by mergers and acquisitions, etc.; (3) Changes in the main objects of personal information sharing, transfer or public disclosure; (4) Your right to participate in the processing of personal information and how to exercise it has undergone major changes; (5) Changes in our responsible department, contact information and complaint channels for handling personal information security; (6) When the personal information security impact assessment report shows that there is a high risk。 Our product integrates Youmeng+SDK, Youmeng+SDK needs to collect your device Mac address, unique device identification code (IMEI/android ID/IDFA/OPENUDID/GUID, SIM card IMSI Information) in order to provide statistical analysis services, and calibrate the accuracy of report data through geographic location, and provide basic anti-cheating capabilities。


更新日期:2020年12月24日 生效时间:2020年12月14日 西牛奔奔(北京)科技有限公司与西牛证券有限公司为关联关系,共同合作开发运营“西牛证券”app。具体为:西牛证券app的开发、维护等由西牛奔奔(北京)科技有限公司负责,西牛证券软件内的具体业务事项由西牛证券有限公司负责运营。两公司承诺,该软件内容合法、合规不侵犯任何第三方合法权益且不涉及任何无证经营事项。 感谢您对西牛奔奔(北京)科技有限公司(以下简称“我们”/“我司”)的信赖和支持,我们深知个人信息对您的重要性,您的信任对我们非常重要,我们将按法律法规要求采取相应安全保护措施,致力于保护您的个人信息安全可控。有鉴于此,我们制定本《隐私政策》(以下简称“本政策 /本隐私政策”),帮助您充分了解在您使用我们产品和服务的过程中,我们会如何收集、使用、共享、存储和保护您的个人信息以及您可以如何管理您的个人信息,以便您更好地作出适当的选择。 本政策与您使用我们的服务关系紧密,在使用我司产品和服务前,请您务必仔细阅读本政策,在您确认充分理解并同意本政策后使用相关产品和服务。一旦您开始使用我们的各项产品或服务,即表示您已充分理解并同意本政策,并同意我们按照本政策的约定收集、使用、储存、分享和保护您的相关信息 如对本政策或相关事宜有任何问题,请通过固话010-57287075与我们联系。 1、我们如何收集和使用您的个人信息 我们会遵循正当、合法、必要的原则,基于以下功能和服务,收集和使用您在使用产品(或服务)过程中自愿提供的个人信息。 1.1 注册账户 注册方式 收集到的信息 用途 手机号注册 手机号 登录及定位账户 微信 微信头像、微信昵称 更方便的登录账户,个性化的展示头像、昵称 QQ QQ头像、QQ昵称 更方便的登录账户,个性化的展示头像、昵称 微博 微博头像、微博昵称 更方便的登录账户,个性化的展示头像、昵称 西牛奔奔也提供无需注册账户的本地模式,如果您选择不注册账户,也可以查看行情、浏览资讯、观看视频等,但是不能在社区发言,也不能进行交易。1.2.1 1.2 应用功能 1.2.1同步数据 一旦您注册账户并使用账户进行了入金、交易等操作,为使您正常、完整地在各设备间同步数据,您需要允许我们收集: 您的开户数据,包括但不限于姓名、邮箱、工作地址等信息。 您的资金账户数据,包括但不限于交易金额、可用余额等。 您的持仓数据,包括股票名称、股票代码、成本价等信息。 您的社区交流数据,包括您的发言、回复、点赞、评论等。 以上信息仅用于您在各设备间同步日记数据,我们不会读取您的日记内容。 1.2.2 搜索功能 您在西牛证券内使用搜索功能时,为方便您查询近期搜索历史,我们可能会收集的信息包括:您查询的关键字(您查询的关键字仅会记录在客户端本地,不会被同步到云端)。 1.2.3 提交反馈 您在西牛奔奔内提交反馈时,为确保我们能准确理解并筛查您遇到的问题,我们可能会收集的信息包 括: Log files、设备型号、操作系统版本、app版本信息。 1.2.4 提取/存入资金 当您向您的账户存入/提取资金时,根据风控和反洗钱要求,您需要提供您的银行卡号码、银行卡持有人姓名(须与开通资金账户姓名一致)及存入/提取的资金金额信息。 1.3 应用内申请的权限 我们需要申请部分涉及个人隐私的系统权限,确保应用内某些功能可以正常使用。我们会在您使用这些功能时,向您申请授权,明确获得您的授权后,我们才会访问您的个人信息。若您不需要使用这些功能,可以拒绝授权;若您从未使用过这些功能,我们不会向您申请权限、也不会访问您的个人信息。我们会申请的权限及这些权限对应的功能包括: 允许拨打电话的权限:当用户有任何问题需要与平台进行沟通时,点击“客服电话”按钮,我们会申请此权限。获得授权后,西牛奔奔app会直接跳转到系统拨打电话界面,不需要用户输入电话号码,可以直接按拨打键,拨打客服电话。 允许写入外部存储的权限:当用户在开户过程当中以拍照的方式上传身份证、或以拍照的方式修改头像时,我们会申请此权限。获得授权后,西牛奔奔会将拍摄的照片写入到本地存储。 允许读取外部存储的权限:当用户在开户过程当中以从相册选择照片的方式上传身份证、或以从相册选择照片的方式修改头像时,我们会申请此权限。 允许使用麦克风权限:当用户在开户时,需要进行视频验证。我们会申请此权限,方便用户顺利开户。 允许调用相机的权限:当用户在开户过程当中以从拍照的方式上传身份证、或以拍照的方式修改头像时,我们会申请此权限。 1.4 第三方SDK 我们收集数据是根据您与我们的互动和您所做出的选择,包括您的隐私设置以及您使用的产品和功能。我们收集的数据可能包括SDK/ API/JS代码版本、浏览器、互联网服务提供商、IP地址、平台、时间戳、应用标识符、应用程序版本、应用分发渠道、独立设备标识符、iOS广告标识符(IDFA)、安卓广告主标识符、网卡(MAC)地址、国际移动设备识别码(IMEI)、设备型号、终端制造厂商、终端设备操作系统版本、会话启动/停止时间、语言所在地、时区和网络状态(WiFi等)、硬盘、CPU和电池使用情況。以下合作方及其服务由我们审慎地选择,且我们和合作方将共同运用各种安全技术和程序对数据进行加密处理,实施完善的机制来保护您的个人信息安全,以免遭受未经授权的访问、使用或披露。您可以通过合作方隐私政策进一步了解。 Android应用内使用的SDK 微信登录:在您使用微信登录的时候,我们会收集您的微信头像及昵称 QQ登录:在您使用QQ登录的时候,我们会收集您的QQ头像及昵称 微博登录:在您使用微博登录的时候,我们会收集您的微博头像及昵称 百度SDK:在您开户进行视频人脸认证的时候,我们会调取百度SDK对您的人脸信息进行认证,以保证您能顺利、顺畅的开户。 友盟SDK:当在您使用第三方登录、分享app内信息给好友、接收app的推送服务时,均需要我们调用友盟SDK的服务,以更好满足您的需求。 信息披露 在如下情况下,西牛奔奔APP将依据您的个人意愿或法律的规定全部或部分的披露您的个人信息: 未经您事先同意,我们不会向第三方披露; 为提供您所要求的产品和服务,而必须和第三方分享您的个人信息; 根据法律的有关规定,或者行政或司法机构的要求,向第三方或者行政、司法机构披露; 如您出现违反中国有关法律、法规或者西牛奔奔APP服务协议或相关规则的情况,需要向第三方披露; 如您是适格的知识产权投诉人并已提起投诉,应被投诉人要求,向被投诉人披露,以便双方处理可能的权利纠纷; 2.为您提供安全保障所必须的功能 (1) 为提高您使用我们产品及/或服务的安全性,保护您或其他用户或公众的人身财产安全免遭侵害,更好地预防钓鱼网站、欺诈、网络漏洞、计算机病毒、网络攻击、网络侵入等安全风险,更准确地识别违反法律法规的情况,我们可能使用或整合您的个人信息、交易信息、设备信息、服务日志信息以及我们关联公司、合作伙伴取得您授权或依据法律共享的信息,来综合识别您账户的风险、进行身份验证、检测及防范安全事件,并依法采取必要的记录、审计、分析、处置措施。 (2) 为满足法律法规及提供服务的基本要求,保障您的账号安全与系统运行安全;为通过对收集的信息进行分析,便于我们在系统发生故障时排查原因,以实现对产品的开发与升级,优化服务质量。我们会收集关于您使用的服务及使用方式的信息并将这些信息进行关联,这些信息包括: 设备信息: 我们会根据您在产品安装及使用中授予的具体权限,接收并记录您所使用的设备相关信息。我们需要记录您的设备型号、唯一设备标识符、操作系统、IP地址、分辨率、移动应用下载渠道、当前移动应用版本号、移动应用语言设置信息。 操作日志信息: 当您使用我们的产品及/或服务时,我们会自动收集您对我们产品及/或服务的详细使用情况,作为有关网络日志保存。我们需要收集您的日志信息,包括账户状态、登陆时间、浏览记录、自选标的、交易市场、交易标的信息(不包含交易资金信息)我们会获取您设备的存储权限,用于保存前述日志信息。 (二) 您可以选择授权我们收集和使用个人信息的场景 为向您提供更便捷、更优质的产品及/或服务,努力提升您的体验,我们的移动应用会向设备申请一些必要的系统权限。如果拒绝下表内容,您将无法使用对应功能,但不影响您使用西牛的其他服务。 基于相机/摄像头的附加服务 可在开启相机/摄像头权限后使用该功能进行身份证及其他证件/材料拍摄、也可拍摄照片用于评价、分享,以及特定场景下经您授权的人脸识别等功能。当您使用该附加功能进行人脸识别时我们会收集您的面部特征,且严格在经您授权同意的范围内使用,未来如果我们拟使用您的面部信息为您提供其他产品及/或服务功能,我们会再次与您确认。 基于相册(图片库)的图片访问及上传的附加服务 您在开启相册权限后可使用该功能上传您的照片/图片,以实现更换头像、发表评论、分享、上传身份证等证明材料。 基于麦克风的语音技术相关附加服务 您可在开启麦克风权限后使用麦克风实现客服语音反馈服务,或与客服进行语音沟通,即使您已同意开启麦克风权限,我们也仅会在您主动点击移动应用内麦克风图标或录制视频时通过麦克风获取语音信息。 基于通讯录信息的附加服务 通讯录权限默认关闭。部分用户如果需要切换清算服务商,可自行选择开启通讯录权限,进行Auth认证。 基于日历的附加服务 在您授权开启可读取/写入您日历的权限后,我们将根据您的操作将您关注的公司行动的日期读取/记入系统日历中,以便及时为您提供提醒服务。 基于指纹、人脸识别的附加服务 我们的移动应用提供了指纹或人脸识别代替交易密码保障交易安全以及进入交易、资金账户界面前进行指纹或人脸识别的安全附加服务,使您可以获得更加安全的使用体验。 您理解并同意,上述附加服务可能需要您在您的设备中开启您的摄像头(相机)、相册(图片库)、麦克风(语音)、通讯录、日历、指纹、人脸识别的访问权限,以实现这些权限所涉及信息的收集和使用。您可在您的设备设置中逐项查看上述权限的状态,并可自行决定这些权限随时的开启或关闭。请您注意,您开启任一权限即代表您授权我们可以收集和使用相关个人信息来为您提供对应服务,您一旦关闭任一权限即代表您取消了授权,我们将不再基于对应权限继续收集和使用相关个人信息,也无法为您提供该权限所对应的服务。但是,您关闭权限的决定不会影响此前基于您的授权所进行的信息收集及使用 (三) 其他 请您理解,我们向您提供的服务是不断更新和发展的。如您选择使用了前述说明当中尚未涵盖的其他服务,基于该服务我们需要收集您的信息的,我们将通过更新本政策、弹窗、页面提示等方式另行向您说明对应信息的收集目的、范围及使用方式,并为您提供自主选择同意的方式,且在征得您明示同意后收集、使用。我们会按照本政策以及相应的用户协议约定使用、存储、对外提供及保护您的信息;如您选择不提供前述信息,您可能无法使用某项或某部分服务,但不影响您使用我们提供的其他服务。在此过程中,如果您有任何疑问、意见或建议的,您可及时与我们联系,我们会尽快为您作出解答 (四) 征得同意的例外 根据相关法律法规及国家标准,在以下情形中,我们可能会依法收集并使用您的个人信息无需征得您的授权同意: 1.与国家安全、国防安全直接相关的; 2.与公共安全、公共卫生、重大公共利益直接相关的; 3.与犯罪侦查、起诉、审判和判决执行等直接相关的; 4.出于维护您或他人的生命、财产等重大合法权益但又无法及时得到您本人同意的; 5.所收集的个人信息是您自行向社会公众公开的; 6.从合法公开披露的信息中收集您的个人信息,例如:合法的新闻报道、政府信息公开等渠道; 7.根据您的要求签订和履行合同所必需的; 8.用于维护所提供的服务的安全稳定运行所必需的,例如:发现、处置服务的故障; 9.为合法的新闻报道所必需的; 10.学术研究机构基于公共利益开展统计或学术研究所必要,且对外提供学术研究或描述的结果时,对结果中所包含的个人信息进行去标识化处理的; 11.法律法规规定的其他情形。 请知悉,根据适用的法律,若我们对个人信息采取技术措施和其他必要措施进行处理,使得数据接收方无法重新识别特定个人且不能复原,或我们可能会对收集的信息进行去标识化后研究、统计分析和预测,用于改善我们的内容和布局,为商业决策提供产品或服务支撑,以及改进我们的产品和服务(包括使用匿名数据进行机器学习或模型算法训练),则此类处理后数据的使用无需另行向您通知并征得您的同意。 (五)个人信息的使用规则 1.我们会根据本隐私政策的约定,为实现我们的产品及/或服务功能而对所收集的个人信息进行使用。 2.对于您在使用我们的产品及/或服务时所提供的所有个人信息,除非您通过系统设置拒绝我们收集,否则将被视为在您使用我们的产品及/或服务期间持续授权同意我们使用 3.我们会对我们的产品及/或服务使用情况进行统计,并可能会与公众或第三方共享这些统计信息,以展示我们的产品及/或服务的整体使用趋势。但这些统计信息不包含您的任何身份识别信息。 4.为满足您的个性化需求,维护、改进我们的产品及/或服务质量,我们会在符合法律规定并根据您具体授权的情况下使用如下信息: 我们可能会通过您的设备信息、操作日志信息、账户信息及交易信息等,对您的偏好、习惯、账户状态等信息进行综合统计、分析以形成用户画像,用来向您推荐或展示您可能感兴趣的产品及/或服务信息,或通过系统向您展示个性化的第三方推广信息。包括在App页面向您推送消息通知,为您提供智能推荐;通过短信、APP 、电子邮件等给您发送推广信息或展示商业广告;通过电话进行回访、向您提供信息咨询等服务或邀请您参与服务、产品或功能有关的客户调研。 例如:我们会向您展现或推荐相关程度高的社区和资讯服务、信息流或者广告/推广信息结果,展示您可能感兴趣的社区文章、APP近期活动等。 再如:我们会使用您的注册开户信息,包括注册时间、账户类型、工作单位相关信息,根据您已提供的联系方式(包括但不限于:手机号、电子邮箱等)通过短信、电话等方式向您发送业务通知、进行用户使用体验调研、提供指引及营销推广信息等。 二、我们如何使用cookie和同类技术 (一) Cookie Cookie是由网站服务器创建并保存在用户浏览器上的小文本文件,当用户访问网站服务器时,网站可以访问Cookie信息。Cookie除了通常用于确认用户身份外,还可以用来存储用户信息和跟踪用户的访问行为。 我们除了使用Cookie确认用户的身份和登录状态外,不会通过其采集和跟踪用户的任何信息和行为。 您可以根据自己的偏好管理和删除Cookie,大部分浏览器均有允许您禁用或删除系统中Cookie的功能。需要注意的是,阻止Cookie可能导致我们网站或系统中的某些功能无法有效工作或无法使用,这可能会影响您的使用体验。 (二) Cookie同类技术 除Cookie外,我们还会在网站上使用Authorization或“网络Beacon”等其他同类技术,Authorization是在互联网浏览器与互联网服务器之间背后传送的HTTP协议标头,可代替Cookie,使用网络Beacon可以计算浏览网页的用户或访问某些Cookie。我们会使用Authorization记录您的身份,通过网络Beacon收集您浏览网页活动的信息,例如:Internet协议(IP)地址,浏览器类型,Internet服务提供商(ISP),访问过的页面,操作系统,日期/时间戳以及点击数据流等,以便我们可以更深入地了解和改善我们的产品或服务。 三、我们如何共享、转让、公开披露您的个人信息 (一) 共享 我们承诺对您的信息进行严格保密,不会与老西牛以外的公司、组织和个人共享您的个人信息,但以下情况除外: 1.在获取您同意的情况下共享:获得您的明确同意后,我们会与其他方共享您的个人信息。 2.在法定情形下的共享:我们可能会根据法律法规规定、诉讼争议解决需要,或按行政、司法机关依法提出的要求,对外共享您的个人信息。例如:我们的各监管机构、自治协会或有权组织(包括但不限于各交易所及政府机关)出于监督及检查的目的,可能会要求我们提供您的账户信息及交易信息,以便确认我们是否履行了相应的法律义务。 3.某些产品或服务可能由第三方提供或由我们与第三方共同提供,因此,我们需要向我们合作的第三方(包括但不限于:清算机构、交易所)提交您的身份信息、联系信息、职业信息、资产信息、投资信息及订单信息后,才能提供您需要的产品或服务。 4.我们会接入第三方SDK为您提供相关服务,这些接入的第三方服务由相关方负责运营,须受第三方自己的服务条款及信息保护声明(而非本《隐私政策》)约束。关于第三方SDK具体调用的设备权限类型,以及如何收集、使用您的个人信息,建议您参考第三方SDK的相关服务协议及隐私政策。如果您希望进一步了解我们所接入的第三方SDK情况,请您阅读第三方SDK情况说明。 5.依照法律法规的要求,为了有效识别您的身份,我们会在账户开立过程中向合作的第三方身份验证供应商提供您的姓名、出生日期、性别、证件号码信息及银行卡号相关信息,以便我们能够识别您为合法、有效的客户,为您完成账户开立并提供后续服务。 6.与我们的关联公司共享:您的个人信息可能会与西牛的关联公司共享。我们只会共享必要的个人信息,且受本隐私政策中所声明目的的约束。关联公司如要改变个人信息的处理目的,将再次征求您的授权同意。 7.与授权合作伙伴共享:仅为实现本政策中声明的目的,我们的某些服务将由授权合作伙伴提供。我们可能会与合作伙伴共享您的某些个人信息,以提供更好的客户服务和用户体验。例如,在您参与我们提供的奖励活动时,我们必须与合作伙伴共享您的个人信息才能安排发放奖励,或者安排合作伙伴提供服务。我们仅会出于合法、正当、必要、特定、明确的目的共享您的个人信息,并且只会共享提供服务所必要的个人信息。我们的合作伙伴无权将共享的个人信息用于任何其他用途。 8.当您有疑问需要我们解答、投诉我们、投诉他人或被他人投诉时,为了保护您及他人的合法权益,我们可能会在第三方供应商提供的客服系统中保存您的姓名及联系方式、投诉及沟通的相关内容,并有可能会提供给消费者权益保护部门及监管机关,以便及时解决投诉纠纷,但法律法规明确禁止提供的除外。 9.为了遵守法律、执行或适用我们服务的使用条件和其他协议,或者为防止欺诈等违法活动和减少信用风险,而与其他公司和组织交换信息。 10.您与我们关于信息共享的其他约定。 如果为了向您提供服务而需要将您的信息共享至第三方,我们将评估该第三方收集信息的合法性、正当性、必要性。我们将要求第三方对您的信息采取保护措施,并且严格遵守相关法律法规与监管要求。另外,我们会按照法律法规及国家标准的要求以确认协议、具体场景下的文案确认、弹窗提示等形式征得您的同意,或确认第三方已经征得您的同意。 (二) 转让 我们不会将您的个人信息转让给任何公司、组织和个人,但以下情况除外: 1.事先获得您的明确同意; 2.根据法律法规或强制性的行政或司法要求; 3.在涉及资产转让、收购、兼并、重组或破产清算时,如涉及到个人信息转让,我们会向您告知有关情况,并要求新的持有您个人信息的公司、组织继续受本政策的约束。如变更个人信息使用目的时,我们将要求该公司、组织重新取得您的明确同意。 (三) 公开披露 除在公布某些中奖活动名单时会脱敏展示中奖者手机号或用户昵称外,原则上我们不会将您的信息进行公开披露。如确需公开披露时,我们会向您告知公开披露的目的、披露信息的类型及可能涉及的敏感信息,并征得您的明确同意。 (四) 根据相关法律法规及政策标准,在以下情形中,我们可能会依法共享、转让、公开披露您的个人信息无需征得您的同意: 1.与国家安全、国防安全直接相关的; 2.与公共安全、公共卫生、重大公共利益直接相关的; 3.与犯罪侦查、起诉、审判和判决执行等直接相关的; 4.出于维护您或其他个人的生命、财产等重大合法权益但又很难得到您本人同意的; 5.您自行向社会公众公开的个人信息; 6.从合法公开披露的信息中收集的个人信息,例如:合法的新闻报道、政府信息公开等渠道。 请知悉,根据适用的法律,若我们对个人信息采取技术措施和其他必要措施进行处理,使得数据接收方无法重新识别特定个人且不能复原,则此类处理后数据的共享、转让、公开披露无需另行向您通知并征得您的同意。 四、我们如何保护您的个人信息 (一) 我们已采取符合业界标准、合理可行的安全防护措施保护您的信息,防止数据遭到未经授权访问、公开披露、使用、修改、损坏或丢失。我们会采取一切合理可行的措施,保护您的个人信息。我们采取物理、技术和行政管理安全措施来降低丢失、误用、非授权访问、披露和更改的风险,包括但不限于传输层数据加密、防火墙和加密存储、物理访问控制以及信息访问授权控制。我们设置了安全程序保护您的信息不会被未经授权的访问所窃取。例如:您与我们所有的网络通信我们确保使用加密技术(SSL)进行加密保护。您的个人信息我们均采用高强度加密措施加密保存在我们的服务器上。我们会使用受信赖的保护机制防止个人信息遭到恶意攻击;我们部署严格的数据访问权限控制和多重身份认证技术保护个人信息,避免数据被违规访问和使用。在个人信息使用时,例如个人信息展示、个人信息关联计算,我们会采用包括内容替换、SHA256在内多种数据脱敏技术增强个人信息在使用中安全性。我们采用代码安全自动检查、数据访问日志分析技术等加强个人信息安全审计。 (二) 我们有行业先进的以数据为核心,围绕数据生命周期进行的数据安全管理体系,从组织建设、制度设计、人员管理、产品技术等方面多维度提升整个系统的安全性,保障您的个人信息。例如:我们建立数据分类分级制度、数据安全管理规范、安全开发规范等来规范个人信息的存储和使用。我们要求全体员工签署保密协议。我们会举办安全和隐私保护培训课程,通过考核、审查及将数据保护加入员工日常考核等手段,加强员工对于保护个人信息重要性的认识并严格按保护要求操作。加强安全认证和服务,我们已经通过ISO27001认证。 (三) 若您是欧盟用户,根据GDPR条款,我们除了提供系统性的个人数据保护办法外,我们的安全部-个人信息保护专员将会作为数据保护官(DPO)全面负责您的数据保护工作。 (四) 我们会采取一切合理可行的措施,尽力避免收集无关的个人信息,我们只会在达成本政策所述目的所需的期限内保留您的个人信息,除非需要延长保留期或受到法律的允许。超出必要期限后,我们将对您的个人信息进行删除或匿名化处理,但法律法规另有规定的除外。当我们的产品或服务发生停止运营的情形时,我们将以推送通知、公告等形式通知您。 (五) 请您知悉并理解,互联网并非绝对安全的环境,我们强烈建议您通过安全方式、复杂可靠的密码使用我们的产品及服务,协助我们保证您的账号安全。如您发现自己的个人信息泄密,尤其是您的账户或密码发生泄露,请您立即根据本政策中提供的联系方式联络我们,以便我们采取相应措施。 (六) 在不幸发生个人信息安全事件后,我们将按照法律法规的要求向您告知:安全事件的基本情况和可能的影响、我们已采取或将要采取的处置措施、您可自主防范和降低风险的建议、对您的补救措施等。事件相关情况我们将以邮件、信函、电话、推送通知等方式告知您,难以逐一告知每位用户时,我们会采取合理、有效的方式发布公告。同时,我们还将按照监管部门要求,上报信息安全事件的处置情况。 五、我们如何储存您的个人信息 (一) 我们在中华人民共和国境内收集和产生的个人信息,将存储在中华人民共和国境内,并依法对这些信息进行严格保密。如部分服务涉及跨境业务,我们需要向境外机构传输境内收集的相关个人信息的,我们会按照法律法规和相关监管部门的规定执行,向您说明个人信息出境的目的以及涉及的个人信息类型,征得您的同意,并通过签订协议、现场核查等有效措施,要求境外机构为所获得的您的个人信息保密。 (二) 我们将在实现本隐私政策中所述目的所必需的期限内保留你的个人信息,除非法律、法规、规章或规范性文件要求或允许在更长的期间内存储这些信息,例如以下情形: 1.为遵守适用的法律法规等有关规定; 2.为遵守法院判决、裁定或其他法律程序的规定; 3.为遵守相关政府机关或法定授权组织的要求。 4.在超出保存期限后,我们会根据适用法律的要求删除您的个人信息,或进行匿名化处理。 (三) 如果我们终止服务或运营,我们会至少提前三十日向您通知,并在终止服务或运营后对您的个人信息进行删除或匿名化处理。 六、GDPR所覆盖之个人的更多权利或信息 如果您的个人信息被设立于欧洲经济区(简称“EEA”),对于受《通用数据保护条例》(简称“GDPR”)保护的个人信息而言,您享有一系列与您在我司留存之个人信息相关的法律权利。该等权利包括: (一) 获取有关您个人信息处理的信息并访问您在我司留存的个人信息。请注意,某些情况下,我们有权拒绝访问个人信息(特别是受法律法规特别保护的信息)副本的请求。 (二) 如果您的个人信息不准确或不完整,可要求我们进行更正,但如果我们需要您提供有效身份证明文件副本,以证明您的身份信息之真实性,请您配合提供。 (三) 在某些情况下您可要求我们删除您的个人信息。请注意,某些情况(如基于公共利益、公共健康或科学及历史研究等目的)下即使您要求我们删除您的个人信息,我们也有权将其保留。 (四) 在某些情况下就我们对您个人信息的处理提出反对,并要求我们对您个人信息的处理进行限制。同样,在某些情况下,即使您提出反对或者要求我们限制您个人信息的处理,我们也有权拒绝您的请求。如果有其他正当法定理由,我们也有权不经过您的许可继续使用或处理。 根据GDPR条款,我们除了提供系统性的个人数据保护办法外,还会设置数据保护官(DPO)全面负责您的数据保护工作。 我们会评估我们收到的所有请求及投诉并及时向您提供回复。我们可能要求您提供有效的身份证明文件副本,以便我们履行安全义务并防止未授权的数据披露。若您要求访问数据的请求显然无根据或为超常请求。 对于受GDPR保护的个人信息而言,我们可能会为了特定许可用途将您的个人信息传到EEA以外地区。我们将会确保任何该等国际传递都会根据GDPR或其他相关法律受到适当保护。 七、您如何管理您的个人信息 按照中国相关的法律、法规、标准,以及其他国家、地区的通行做法,我们保障您对自己的个人信息行使以下权利 (一) 访问您的个人信息 1.您有权访问您的个人信息,法律法规规定的例外情况除外; 2.您可以通过登录我们的移动应用主页进入 “我的”页面,点击右上角的“设置”进入“账号管理”与“安全设置”中访问及更改绑定手机和邮箱等信息,管理社交账号的绑定和解除绑定;在“我的”-“个人主页”-“编辑”中修改个人资料,包括头像、昵称、简介;在“我的”-“设置”-“安全设置”下修改登录密码和交易密码等。 3.您可以通过登录我们的网站主页进入“个人中心”页面,修改个人资料,包括手机号、邮箱、登录密码等; 4.您可以通过登录我们的PC端主页,点击“设置”进入“个人设置”页面,修改个人资料,包括昵称、简介、手机号、邮箱、登录密码等; 5.您可以在我们的网站和移动应用中查看您的交易记录; 6.如果您无法访问上述信息,可以与客服取得联系,我们将在15个工作日内回复您的访问请求; 7.如果您是欧盟用户,根据GDPR条款,您将有权要求我们调取您的个人数据并将其转移到其他数据控制者。 (二) 更正您的个人信息 您可以通过“访问您的个人信息”中列明的方式更正或补充个人信息。 如果您无法通过上述方式管理这些个人信息,您可以随时联系我们的客服。我们将在15个工作日内回复您的访问请求。 (三) 删除您的个人信息 在以下情形中,您可以向我们提出删除个人信息的请求: 1.如果我们处理您的个人信息行为违反法律规定; 2.如果我们收集和使用您的个人信息,却未征得您的明确同意; 3.如果我们处理个人信息的行为严重违反了与您的约定条款; 4.如果您不再使用我们的产品或服务,或您已主动注销账号; 5.如果我们不再为您提供产品或服务; 6.如果您是欧盟用户,根据GDPR条款您有权要求我们删除您的个人数据。 若我们决定响应您的删除请求,我们还将同时通知从我们获得您的个人信息的实体,要求其及时删除,除非法律法规另有规定,或这些实体获得您的独立授权。当您从我们的服务中删除信息后,我们可能不会立即在备份系统中删除相应的信息,但会在备份更新时删除这些信息。 (四) 保护您的个人信息 您可以通过使用复杂密码且不向任何人透露您的登录密码或账户信息,以保护您的个人信息。一旦您泄漏了您的账号及其密码,可能产生对您不利的后果。如您发现您的账号及其密码因任何原因已经或将遭受泄泄露时,请您立即联络我们的客服,以便我们采取相应措施。但在我们知悉此种情况和在合理时间内采取行动前,我们对此不负任何责任。 当您登录我们的网站或移动应用,尤其是在公共设备上登录时,会话结束后应立即点击“我的”-“设置”-“退出登录”进行登出。 我们不对因您未能保护个人信息的私密性而导致您的个人信息被第三方访问造成的损失承担责任。若发现任何未经授权使用您的账号的情况或其他安全漏洞,必须立即通知我们。您的协助将有助于我们更好的保护您的个人信息。 (五) 改变您授权同意的范围或撤回您的授权 您可以通过删除信息、关闭设备功能等方式改变您授权我们继续收集个人信息的范围或撤回您的授权。您也可以通过注销账户的方式,撤回我们继续收集您个人信息的全部授权。 请您理解,每个业务功能需要一些基本的个人信息才能得以完成,当您撤回同意或授权后,我们无法继续为您提供撤回同意或授权所对应的服务,也不再处理您相应的个人信息。但您撤回同意或授权的决定,不会影响此前基于您的授权而开展的个人信息处理。 (六) 自主管理控制营销信息及定向推送 我们的应用为您提供了新闻公告、热帖、相关内容的提醒及通知,使您及时获知您所关注内容的最新信息。 如果您不希望使用我们的信息推送服务,您可以自行在“我的”页面,点击“设置”-“通知管理”,关闭APP推送、短信邮件通知、微信服务号通知等信息推送服务。 如果您不希望接收我们的推广短信或电话回访,您还可通过信息中相应的退订功能进行退订,或者在电话回访中明确表示拒绝。 (七) 注销您的账号 您可以通过以下方式申请注销您的账号: 1. 您可以自行在“我的”页面,点击“设置”-“账号管理”-“账号注销”直接申请注销账号; 2. 联系我们的客服寻求帮助,协助您申请注销您的账号。 在您主动注销账号之后,我们将停止为您提供产品或服务,根据适用法律的要求删除您的个人信息,或使其匿名化处理。 (八) 响应您的上述请求 为保障安全,您可能需要提供书面请求,或以其他方式证明您的身份。我们可能会先要求您验证自己的身份,然后再处理您的请求。我们将在15个工作日内做出答复。如您不满意,还可以通过我们的客服发起投诉。对于您合理的请求,我们原则上不收取费用,但对多次重复、超出合理限度的请求,我们将可能拒绝或者视情收取一定成本费用。尤其是对于与您的身份不直接关联的信息、无端重复的信息,或者需要过多技术手段(例如,需要开发新系统或从根本上改变现行惯例)、给他人合法权益带来风险或者不切实际的请求,我们有权予以拒绝。 在以下情形中,按照法律法规要求,我们将有权拒绝您的请求: 1. 与国家安全、国防安全有关的; 2. 与公共安全、公共卫生、重大公共利益有关的; 3. 与犯罪侦查、起诉、审判和执行判决等有关的; 4. 有充分证据表明个人信息主体存在主观恶意或滥用权利的; 5. 响应您的请求将导致您或其他个人、组织的合法权益受到严重损害的; 6. 涉及商业秘密的。 八、我们如何保护未成年人的信息 (一) 我们非常重视对未成年人个人信息的保护,如果您是18周岁以下的未成年人,在使用我们的产品与/或服务前,应事先取得您父母或监护人的书面同意。我们根据国家相关法律法规的规定保护未成年人的个人信息。如果您是未成年人,根据相关法律法规的要求,我们可能会拒绝向您开通某些服务; (二) 对于经父母或监护人同意而收集未成年人个人信息的情况,我们只会在法律法规允许、父母或监护人明确同意或者保护未成年人所必要的情况下使用或披露此信息; 九、本政策如何更新 为给您提供更好的服务,我们的业务将不时变化,我们的隐私政策可能不定期更新和调整。 未经您明确同意,我们不会限制您按照本政策所应享有的权利。我们会在专门页面(如移动应用中“我的→设置→隐私政策”)上展示最新版的隐私政策。对于重大变更,我们还会提供更为显著的通知(包括我们会通过公示的方式进行通知甚至向您提供弹窗提示)。 本政策所指的重大变更包括但不限于: (一) 我们的服务模式发生重大变化。如处理个人信息的目的、处理的个人信息类型、个人信息的使用方式等; (二) 我们在控制权等方面发生重大变化,如并购重组等引起的信息控制者变更等; (三) 个人信息共享、转让或公开披露的主要对象发生变化; (四) 您参与个人信息处理方面的权利及其行使方式发生重大变化; (五) 我们负责处理个人信息安全的责任部门、联络方式及投诉渠道发生变化; (六) 个人信息安全影响评估报告表明存在高风险时。 我们的产品集成友盟+SDK,友盟+SDK需要收集您的设备Mac地址、唯一设备识别码(IMEI/android ID/IDFA/OPENUDID/GUID、SIM 卡 IMSI 信息)以提供统计分析服务,并通过地理位置校准报表数据准确性,提供基础反作弊能力。