Foreword

Beijing Digital Union Web Science and Technology Co., Ltd (hereinafter referred to as "Digital Union" or "we") attaches great importance to and is committed to protecting information security. When we provide relevant service will strictly in accordance with this privacy policy for information collection, use, storage, sharing, transfer and disclosure. We hope that through this privacy policy, we can clearly, accurately and completely explain to you what information we collect when providing services, how to use, store, share, transfer and disclose such information, and how we provide access, update, control and protect such information.This policy is closely related to your rights and interests, please carefully and completely read and understand the content and purpose of the information collected, and understand the compliance and qualification certification of information security protection in our service process. At the same time, this Privacy Policy is subject to the App's privacy policy, and we are committed to protecting your information security rights and interests together with the App party. In this Privacy Policy, we do our best to express the relevant professional technical terms in a concise and concise way to avoid obscurity and cryptic, and provide a detailed description of some keywords for your convenience to understand.


Definition of key words (in order of occurrence)

  • Non-open source: the SDK modules we collect information cannot be re-edited and released according to the open source agreement, which can effectively prevent malicious attacks and guarantee the security of information collection technically.
  • Terminate but no stay: the SDK module that we collect information only runs when the cooperative App is authorized and the user opens the App for the first time. After the collection is completed, it will shut down and automatically quit, which technically preclude the possibility of collecting the behavioral information of the user using the App.
  • Personal information(PI): any information that is recorded, electronically or otherwise, that can be used alone or in combination with other information to identify a natural person or reflect the activity of a natural person. Such as your name, date of birth, ID number, personal biometric information, residential address, contact information, communication records and content, username and password and property information. An individual can be identified through this information, or when know specific individuals can use this information to identify their activities.
  • Sensitive PI: PI that once leaked, illegally provided or abused, could endanger personal and property safety, or easily lead to damages to personal reputation, mental & physical health, or discriminatory treatment, etc. It is sensitive and private in personal information, such as medical confidential information, financial property information and personal biometric information, etc.
  • Anonymization: irreversible technical process that makes PI Subjects unidentifiable or unassociated. Anonymized PI is no longer deemed PI.
  • De-identification: technical process that makes PI Subjects unidentifiable or unassociated without the help of additional information


How we comply with regulatory and legal requirements

1. Strictly abide by relevant laws, regulations and standards.

We have been committed to strictly abide by the laws and regulations, strictly in accordance with Civil Code of the People's Republic of China, Network Security Law, Information Security Technology Personal Information Security Specification (GB/T35273-2020), Basic Requirements for Classified Protection of Information Security Technology Information System, and General Data Protection Regulation (GDPR) of EU and other relevant laws, norms and standards to established our information collection and use specifications and information security guarantee mechanism.

2. Certification of safety compliance standards

We collect and use information in a responsible manner when providing products and services. The safety compliance of our products and services has been certified by multiple third party certification bodies. We take the initiative to apply to a third party to review the security control measures of our products and services in accordance with relevant domestic and international standards. You can rest assured that independent third parties will review the effectiveness of these control measures at least every two years, and we will continue to improve technical, operational and management measures to ensure safety and compliance. We have passed the relevant standards certification as follows:

(1) National Information system security three-level protection evaluation and filing

It is formulated by the Information Security Classified Protection Evaluation Center of the Ministry of Public Security of China and reviewed by the National Information Security Standardization Technical Committee. Under a unified security policy, we can protect the system from malicious attacks by outside organized groups which possess a rich resource of threats , or from more serious natural disasters and other threats of equal magnitude, can find security vulnerabilities and security events, after the system damage, can quickly restore the vast majority of function, based on this, we have passed it in 2019.

(2) ISO 27001 Information Security Management Standards (ISMS)

ISO It is established by the International Organization for Standardization (ISO), it prescribes a set of best practices that include documentation requirements, divisions of responsibility, availability, access control, security, auditing, and corrective and preventive measures. Certification to ISO 27001 helps organizations comply with numerous regulatory and legal requirements that relate to the security of information.It is one of the international standards of Information security certification widely recognized in the industry. We have a sound information security management system (ISMS), which is certified to ISO 27001 in 2019, for the management of product-service related systems, applications, personnel, technologies, processes and data centers.

(3) ISO 27701 Privacy Information Management System (PIMS)

It is a certification standard jointly issued by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The standard outlines a comprehensive set of operational controls that can be mapped to various regulations, including the GDPR.Our information security and privacy management processes, system design and control protection measures meet the requirements of this standard. As one of the few enterprises in China to carry out this certification service and pass the certification, our information security protection and privacy management system passed the ISO 27701 certification in September 2020


A important description of GDPR

The European Union's General Data Protection Regulation (GDPR) came into force on May 25, 2018. According to the relevant requirements of the regulations, we constantly improve our information security protection measures. We collect the basic information of the device under the authorization of the cooperating App. We are committed to implementing sound technical, operational and management standards to collect, use, store, share and transfer the information in a compliant, independent, effective and secure manner to ensure data security. Other than the basic information of the device, there is no inflow of any other data. We output the results of security analysis through the statistical reporting mode, and do not output the collected raw device information in any way. Data users cannot associate data or identify any specific natural person through the data provided by us.


How we collect information

We strictly follow the ‘principles of consistency between rights and responsibilities, principle of clear purpose, principle of optional consent, principle of minimum necessity, principle of openness and transparency, principle of security assurance, and principle of subject participation’ in the collection and use of information.

We provide third-party independent plug-ins to the App party, and embed the basic information of the device in the App with the SDK module that is not open source and does not reside. The collection scope of basic information of the device is controlled by the authorization of App Party. After the App is launched, the SDK module starts and quickly completes the collection of authorization information. After the collection is completed, it will automatically shut down and exit. There will be no background automatic startup and associated startup. The whole process lasts for a few seconds, eradicate the root of the SDK module on subsequent user behavior directly or indirectly to obtain information. (Special statement: based on the SDK module technology features, in the operation process cannot obtain any can alone or combined with other information, identify a specific natural person or reflect individual behavior of personal information and privacy information, such as your name, ID number, personal biometric information, residential address, contact information, communication records and content, username and password and account passwords. In addition, it is also impossible to obtain any user behavior information, operation log information and any communication content within the application, such as user Internet access records, SMS and call records, etc)


What kind of information we collect

We provide security technical analysis services. The information listed in the following table will be collected, stored and used based on the system differences between mobile devices. If you do not agree to provide relevant information, you will not be able to obtain the security protection services provided by us.

We will only use a separate equipment information collection, this kind of single equipment information is unable to identify a specific natural person or reflect individual behavior. For the collection of unique equipment identifier, we use technical means to convert the original unchangeable identifier into a changeable state, and we don't retaining any unchangeable identifier information.

Mobile system Application scenario description Details of the information collected Information type Purpose Encryption Necessary or not
iOS Detect equipment fraud and cheating, feedback equipment uniqueness and authenticity Information describing the general conditions of the equipment, such as equipment manufacturer, equipment type, equipment system, application version, IDFA (Kids Category apps are not included), IDFV, equipment network status information, and other physical environment information of the equipment Information of equipment Safety and risk control
Anonymize and de-identificate the content
TLS and SSL is adopted for transmission
Yes
Android Information describing the general conditions of the equipment , such as equipment manufacturer, equipment type, equipment system, application version list of software, MAC, unique equipment identifier, equipment network status information, and other physical environment information of the equipment

How we use the information we collect

The equipment basic information we collect is used to identify the authenticity and the safety of equipment, used to implement safety technical analysis services to provide, through the study of the technology of equipment basic information identification, analysis and algorithm of equipment model, manufacturer and equipment such as the status of the network information is analyzed to determine whether a device to a fraud to cheat false equipment, to assess the validity of the equipment and safety, help partners effectively identify real equipment, prevent cheating and fraud, and achieve operational security, protect the lawful rights and interests of you from the infringement, to ensure the safety of the mobile Internet.

We will collect the information in the SDK for local anonymous, through technical processing of the collected information, the subject of personal information cannot be identified or associated, and the processed information cannot be recovered. On the basis of anonymization, algorithm analysis is carried out on the data to determine whether the device is a real device, through the statistical report output the results of safety analysis, no one can be used to identify the data correlation or data provided by our to locate any specific natural person, therefore, when such statistics used for other purposes we will no longer ask for your permission again.

If you request us to cease the provision of the service, we will promptly stop the collection of information, and in accordance with the applicable laws to delete the relevant information.


How we transmit, store and protect information

We attach great importance to information security and follow strict security standards. We use industry-leading technologies and measures to protect the information you provide in accordance with widely adopted standards in the industry. We adopt various reasonable technical, operational and management security mechanisms to protect the security of the information we collect. Prevent unauthorized access, public disclosure, use, modification, damage or loss of information.

  • (1) We use secure Transport Layer Security (TLS) and Secure Sockets Layer (SSL) and other secure encryption technologies to ensure the privacy and security of information in the transmission process;
  • (2) We use highly encrypted, highly stable cloud servers to store information data and store data on third-party server platforms;
  • (3) We put in place a trusted protection mechanism and strive to take reasonable technical, operational and managerial security measures to protect the information we collect. Prevent information from being subjected to malicious attacks such as unauthorized access, public disclosure, use, modification and damage;
  • (4) We deploy the access control mechanism to ensure that only authorized personnel can access information. Any person with this authority is required to abide by the strict confidentiality obligations stipulated. If he/she violates the regulations, he/she will be punished or dismissed;
  • (5) We hold a series of training courses on information security and compliance protection to enhance employees' awareness of the importance of personal information security protection and compliance;
  • (6) We have established an information security review group to regularly review our information technology systems, operational specifications and related security management mechanisms;
  • (7) We take reasonable and feasible measures to retain information only for the period required to achieve the purpose stated in the cost policy. Unless the retention period needs to be extended or permitted by law, we will delete or anonymize the information beyond the above retention period;
  • (8) We understand and inform you that with the continuous development of Internet information technology, all security technologies, measures and mechanisms can not completely guarantee absolute security, but we will do our best to protect your information security. In case of malicious illegal access to information unfortunately, we will effectively inform you, take effective measures to remedy the situation, and report the relevant situation in accordance with relevant laws, regulations and regulatory requirements.

Our relevant safety measures and compliance guarantee mechanism have passed the audit of relevant third-party institutions and obtained a number of professional certifications. You can trust us to handle the equipment information. Relevant certifications are as follows:

  • (1) National Information system security three-level protection evaluation and
  • (2) ISO 27001 Information Security Management Standards (ISMS)
  • (3) ISO 27701 Privacy Information Management System (PIMS)

How we share, transfer and publicly disclose of the information we collect

1. Sharing

We will not share your PI with any company, organization or individual other than our Company except under the following circumstances:

We might provide the information we collect as stipulated by laws, regulations or the mandatory requirements of government agencies.

2. Transferring

We will not transfer the information collected to any company, organization or individual, except as follows: When the transfer of information is involved in a(n) merger, acquisition or bankruptcy liquidation, we will require the new company or organization to which information is transferred to continue to be bound by this Private Policy, otherwise we will require the new company or organization to seek your consent again.

3. Publicly disclosure

We will only publicly disclose the information we collect under the following circumstances:

  • (1) After we obtain your explicit consent or based on your active choices;
  • (2) To protect the personal and property safety of the public, we may disclose the information we collect in accordance with applicable laws and rules
4. Exceptions to prior authorization for sharing, transferring, or publicly disclosing information

In accordance with applicable laws and regulations, no prior authorization is required to share, transfer, or publicly disclose your information under the following circumstances:

  • (1) Related to national security or national defense;
  • (2) Related to public security, public health or major public interests;
  • (3) Related to criminal investigations, prosecutions, trials or execution of court decisions;
  • (4) The information is collected from legally and publicly disclosed information, such as legal news reports and government information disclosure;
  • (5) Essential to maintaining safe and stable operation of the product or service provided, such as the discovery and handling of product or service failures;
  • (6) Other circumstances prescribed by applicable laws and regulations.

How the information we collect is transferred worldwide

As a provider of third-party security technical analysis services, in the process of providing products and services, if cross-border service business is involved, based on the compliance requirements of data storage layout and data localization of App products, the information collected by us may be transferred across borders. After the transfer, the information is stored in the country/region where the App development or operating enterprise and its affiliates, service providers/subcontractors are located. In such cases, we will cooperate with the App party to take effective measures, review the information security protection capability of overseas institutions in accordance with the target laws and regulations and the App's own privacy policy, and ensure the transfer in a proper, safe and compliant manner with your consent.


Your rights

According to the relevant laws, regulations and standards, as well as the common practices of other countries and regions, we guarantee you to exercise the following rights on your own information:

  • (1) Access: You have the right to access your PI, unless laws and regulations specify otherwise.
  • (2) rectify: When you find a mistake in your information that we are processing, you have the right to ask us to rectify it.
  • (3) Delete: If we deal with your information in violation of laws and regulations, without your consent, in violation of the agreement with you, or you no longer use our products and services, you have the right to ask us to delete your information collected by us;
  • (4) Deny or restrict access: for additional information collection use, you can refuse or restrict our use at any time.

Please note that decisions to modify, delete, and limit use do not affect previous information processing activities based on valid authorization, but do affect subsequent information processing activities.

To ensure information safety you may need to make a written request, or make a request in other ways that can prove the user's identity, we may verify your user's identity before processing your request. Please contact us through the "How to Contact us" section of this policy and we will respond to your request through the valid contact information provided by you within 15 days of receipt of the request.


How this Policy will be updated

Based on the development of our business, product features, contact information or the requirements of relevant laws, regulations and regulations, we may modify this Policy as appropriate, and such modification forms part of this Privacy Policy. We will post an updated privacy policy on the company's website, and we recommend that you check it regularly for updates. You can view the updated Privacy Policy on the website of Beijing Digital Union Web Science and Technology Co., Ltd. https://www.shuzilm.cn/privacy_en.html


How to contact us

If you have any doubt, comments or suggestions regarding this Privacy Policy and your information, please contact us via:

  • (1) TEL: 400-671-8228
  • (2) Online customer service

We have set up a dedicated department for information protection that you can contact via:

E-mail: szlmprivacy@shuzilm.cn

Generally, we will accept and handle within 15 working days.

If you are not satisfied with our reply, or if you believe that our information processing has harmed your legitimate rights and interests, you can seek a solution by taking a lawsuit to a court with jurisdiction.