Personal Information & Privacy Policy of Uni-Ubi

Update date: 28th December, 2020
Effective date: 29h December, 2020

# Preface

Universal Ubiquitous Co., Ltd. and its associated company (hereinafter referred to as “We” or “Uni-Ubi”) respects and is committed to protecting personal information and privacy. Therefore, we have formulated this Personal Information and Privacy Policy (hereinafter referred to as "this policy"), which introduces our overall conditions related to processing of personal information such as basic information, data protection principles, etc.

This policy serves as an overview of our overall situation in personal information and privacy protection, to declare our uniform requirements and standards in the field of personal information `processing. In order to avoid ambiguity, this policy does not fully cover all the information when we process personal information for specific purposes in specific product or service scenarios. For specific personal information processing practices in specific product or service scenarios, please read applicable privacy policies or similar legal texts provided by our customers (hereinafter referred to as "customers") or separately provided by Uni-Ubi to individual end users (hereinafter referred to as "users" or "you"). In addition, this policy only applies to Uni-Ubi, and is completely independent of the privacy policy or similar legal texts that our customers or any third parties may or need to show or provide to you.

This policy intends to help customers and users understand the following content:

I. Important notice

II. Our principle of protecting personal information and privacy

III. How we handle personal information

IV. How we disclose your personal information

V. How we protect your personal information

VI. How we transfer your personal information worldwide

VII. Rights of your personal information

VIII. How we handle personal information of children

IX. How we update the policy

In this policy, "personal information" refers to various information recorded electronically or in other ways that can identify a specific natural person alone or in combination with other information, or associate and reflect the activities of a specific natural person. Unless otherwise stated, other related definitions and terms under this policy have the same meanings as those in laws and regulations, regulatory documents, and national standards such as the Cyber Security Law, the Information Security Technology - Personal Information Security Specification, and others.

# Main body

# I. Important notice

When you use any software service of Uni-Ubi (including but not limited to various application software, open platform, codes and related technical services of Uni-Ubi) or other relevant terminal devices of Uni-Ubi, you agree to the terms of this policy.

You know and agree that in order to achieve the necessary business processes, you need to provide relevant personal information, and we will also collect some necessary information. If you do not agree to provide this part of the necessary information, we will not be able to provide you with services. In order to achieve the purpose of the service, the aforementioned information (including videos, images and personal identification information that may contain personal sensitive information) may be independently stored on the server of the specific products of Uni-Ubi. You agree that we can access and analyze your information to help maintain the personal and property safety of your application scenarios, provide you with more valuable objective data analysis results for your management or business decisions, and continue to improve core functions of the service. Without your authorization, we will not disclose, modify or illegally use the above information.

You confirm that you have the right to provide us with relevant information and promise that the information provided to us is true and legal. If you are not the owner of the relevant information, you should confirm that you have obtained the explicit consent of the relevant rights holder before providing the information to us. For us, your act of providing information is deemed to have obtained the full legal authorization and explicit consent of the relevant rights holder.

If the relevant rights holder raises an objection to us in accordance with the law, we will take necessary measures such as deleting, blocking, disconnecting, interrupting or terminating the service in accordance with the law. Our aforementioned measures taken in accordance with the law do not constitute a breach of contract against you and shall not be liable for breach of contract. After we take necessary measures, we will notify you in time. You should be responsible for communicating and resolving the objection with the right holder, and bear all responsibilities. At the same time, we respect the communication solution reached between you and the relevant subject and continue to follow the solution to provide you with services.

You understand and agree that, as a neutral service and technology provider, we do not assume other responsibilities beyond the legal requirements.

# II. Our principle of protecting personal information and privacy

In the practice of personal information processing, we always abide by the following principles:

# 1. Legitimate & rightful

We guarantee to abide by the Cyber Security Law, Civil Code and other applicable laws and regulations and relevant normative documents, and do not use personal information for any illegal activities.

We respect and promise to protect the relevant rights of personal information subjects in accordance with applicable laws and regulations.

# 2. Safe & controllable

We will take appropriate technical and management measures to protect personal information from risks such as loss, unauthorized access, damage, alteration or public disclosure.

We have established a dedicated management department and management personnel, designed and implemented a strict authority control system, strictly controlled the number and scope of personnel who can access personal information, and reduced the risk of data leakage.

Based on the classification and grading system of data, we have taken appropriate measures to ensure the accuracy, completeness, availability and timeliness of personal information.

# 3. Transparent & necessary

We promise to only process personal information strictly required for specific purposes in the realization of business functions.

We promise to retain personal information only for the time period required to achieve the processing purpose; unless in accordance with mandatory laws, regulations or regulatory requirement, it shall not be deleted.

We promise to strictly use the processing methods that have the least impact on the rights of personal information subjects for data processing.

# 4. Accountability & correction

We promise to use appropriate and feasible technical and management measures to realize the auditable, accountable, and corrective behavior of personal information processing.

We have established a reasonable and effective system of employee information security rule, and set up relevant regulations on information security rewards and punishments to ensure the implementation of related responsibilities.

# 5. “Default compliance” of product design

We promise to take into account factors such as collaboration, integrated product design, technical safety, legal compliance, etc., in all aspects of product and/or service development, to promote product development and design with the concept of default compliance, and to ensure to follow the principle of “design privacy” in product designing.

# III. How we handle personal information

# 1. Processing of personal information in our businesses

Uni-Ubi will carry out various business cooperation with customers in different business scenarios. Generally speaking, as the processor of personal information, we will work with our customers, suppliers and other partners to ensure that the personal information collected and processed meets the preconditions of authorization and consent, and that the personal information used and retained is necessarily required for realization of business processes.

The Cookie are small files transmitted by a website, application or service and stored on your device. In order to achieve the personalized needs of your online experience and make your access experience easier. Uni-Ubi websites, online services, applications, emails and advertisements may all use Cookie and other similar technologies, such as pixel tags and websites beacon. We use Cookie like most websites on the Internet, and we cannot access Cookie that are not set by Uni-Ubi. The time that Cookie stored on your hardware device depends on your device settings.

If your browser has enabled Do Not Track and other Cookie settings and preferences, all Uni-Ubi websites will respect your choice. The management of Cookie and Cookie preferences must be done in the options/preferences of your browser.

# IV. How we disclose your personal information

We will only share and disclose your personal information for legal, legitimate, necessary, specific and clear purposes. We will, and will also urge our partners (including customers, suppliers, etc.) to use your personal information strictly in accordance with relevant data processing purposes.

We may also share personal information with third parties when it involves the sale, transfer or merger of certain businesses or assets. If business control has been changed, we will take effective measures to require the purchaser of the business or part of the business to continue to process and protect your personal information in accordance with the same standards described in this policy.

We may also disclose personal information in accordance with laws and regulations, judicial requirements, and/or in response to law enforcement agencies' requirements and other legal and necessary circumstances.

# V. How we protect your personal information

We have completed the registration of network security level protection for business systems in accordance with Chinese laws and regulations, and have adopted industry-standard security protection measures (including but not limited to encryption desensitization, authority control, etc.) to protect the personal information you provide. We have already obtained the ISO 27001 certification. But please note that although we have taken reasonable technical and management measures to protect your personal information, no websites, Internet transmission, computer systems or wireless connection are absolutely secure.

In the unfortunate event of a personal information security incident, we will deal with it in accordance with the requirements of laws and regulations, fulfill relevant legal obligations, and report the security incident in accordance with the requirements of relevant regulatory authorities.

# VI. How we transfer your personal information worldwide

Due to the requirements of Chinese laws and regulations, the personal information we collect and generate in China will be stored in China by principle.

If it is really necessary to transfer your personal information globally, we will transfer your personal information under the premise of complying with the mandatory rules and requirements of China and other relevant jurisdictions (including but not limited to the requirements for the security assessment of personal information outbound in China)

# VII. Your rights of personal information

We highly respect your personal information-related rights in accordance with the law. Please note that in a specific product or service scenario, we suggest that you directly make a request to the personal information controller (usually is our customer) in the specific business scenario and forward it to us as appropriate. For security reasons, we may need to verify your identity before processing your request.

If really necessary, you can also contact us by sending an email to service@uni-ubi.com. To ensure that your request is clear and distinct, please provide following content in t email:

  1. Your name and contact.

  2. Your detailed request, suggestion and/or corresponding link.

For your reasonable request, we do not charge fees in principle, but for repeated requests that exceed reasonable limits, we will charge a certain cost within legal limits or may reject them as appropriate.

Generally speaking, we will reply as soon as possible within the time limit stipulated by laws and regulations, except in the following cases:

  1. Related to fulfilling obligations under laws and regulations;

  2. Directly related to national security and national defense security;

  3. Directly related to public safety, public health, and major public interests;

  4. Directly related to criminal investigation, prosecution, trial and execution of judgments;

  5. There is sufficient evidence that you may be subjectively malicious or may abuse your rights;

  6. In order to protect your or other individuals’ life, property and other major legal rights and interests, but it is difficult to obtain the authorization of the person.

  7. Responding to your request will cause serious damage to the legitimate rights and interests of you or other individuals or organizations;

  8. Involving trade secrets.

# VIII. How we handle personal information of children

Please note that all our products, websites and services are mainly for corporate customers, and we usually do not actively collect and process children's personal information on our own. If any customer or user wants or intends to provide us with or request us to process personal information of children, please strictly follow the requirements of relevant laws and regulations to ensure that the child's guardian has obtained the express prior consent and authorization. For the collection of children's personal information with the consent of the parent or guardian, we will only use or publicly disclose this information when permitted by the law, the parent or guardian's explicit consent, or necessary to protect the child. For the avoidance of ambiguity, we treat anyone under the age of 14 as a child.

# IX. How we update the policy

We reserve the right to update or modify this policy from time to time. But without your explicit consent, we will not reduce your rights in accordance with this policy. You can view the latest version of this policy through this page.

For major changes, we will provide more noticeable notifications (including for some services, we will send notifications by e-mail, etc., explaining the specific changes). The aforementioned "major changes" include but are not limited to:

  1. Our service mode has undergone major changes. Such as the purpose of processing personal information, the type of personal information processed, the way of using personal information, etc.

  2. Significant changes have taken place in the ownership structure and organizational structure. Such as changes in owners caused by business adjustments, bankruptcy mergers, etc.

  3. Changes in the main objects of personal information sharing, transfer or public disclosure.

  4. Your right to participate in the processing of personal information and the way to exercise the right has undergone major changes.

  5. When the department responsible for handling personal information security, contact information and complaint channels has changed.

  6. When the personal information security impact assessment report shows that there is a high risk.