This policy applies only to Ambow branded products or services of Ambow Technology Co., Ltd. Date of last update: 2023/02/03

This policy will help you understand the following:

1. How we collect and use your user information

2. How do we use cookies and similar technologies

3. How do we share, transfer and publicly disclose your user information

4. How do we protect your user information

5. Your rights

6. How do we handle children's personal information

7. How your user information is stored and transferred globally

8. How to update this policy

9. How to contact us

We are well aware of the importance of user information to you, and will do our best to protect the safety and reliability of your user information. We are committed to maintaining your trust in us, adhering to the following principles to protect your user information: the principle of consistent power and responsibility, the principle of clear purpose, the principle of choice consent, the principle of least sufficient, the principle of ensuring security, the principle of subject participation, the principle of openness and transparency, etc. . At the same time, we promise that we will take corresponding security protection measures to protect your user information in accordance with mature security standards in the industry.

Please read and understand this Privacy Policy carefully before using our products (or services).

1. How we collect and use your user information

(1) Information we collect and use when you use our products or services

We will only collect and use your user information for the business functions described in this policy. The purpose of collecting user information is to provide you with products or services. You have the right to choose whether to provide this information, but in most cases, if If you do not provide it, we may not be able to provide you with the corresponding services, nor can we respond to the problems you encounter: When you use our services, allow us to collect information that you provide to us or that are necessary to provide services to you Including: mobile phone number, member name, password, name, gender, date of birth, place of residence, order transaction information, location information, device information, service log information, etc.

For the user information we collect, we will provide you with registration and account management services, show you products and services, provide you with favorites, add purchases, follow and share functions, help you complete orders and order management, and help you complete Make payments, facilitate delivery of goods or services to you, etc.

The above information you provide will continue to authorize us to use it during your use of the service. When you stop using the push service, we will stop using and delete the above information.

We promise to de-identify or anonymize the collected user information in accordance with the law. Information that cannot identify a natural person's personal identity alone or in combination with other information does not belong to personal information in the legal sense. If we combine non-personal information with other information to identify your personal identity, or use it in combination with your personal information, we will treat such information as your personal information during the combined use period in accordance with this Privacy Policy. Treat and protect.

In order to better operate and improve our technology and services, or due to changes in business strategies, when the collection, use, and processing of user information required by the products or services we provide exceed the above scope or the collected user information is used for Other purposes not specified in this Privacy Policy, or when we use the information collected for a specific purpose for other purposes,we will notify you within a reasonable period after obtaining user information or before processing user information, and obtain your authorization and consent.

(2) Exceptions to obtaining authorization and consent

Please understand that according to laws and regulations and relevant national standards, we do not need your authorization to collect and use your user information in the following situations:

1. Directly related to national security and national defense security;

2. Directly related to public security, public health, or major public interests;

3. Directly related to criminal investigation, prosecution, trial and judgment execution;

4. For the protection of your or other personal life, property and other major legitimate rights and interests, but it is difficult to obtain the consent of the person;

5. The collected user information is disclosed to the public by you;

6. Your user information collected from legally disclosed information, such as legal news reports, government information disclosure and other channels;

7. It is necessary to sign or perform a contract according to your request;

8. Necessary for maintaining the safe and stable operation of software and related services, such as discovering and handling software and related service failures;

9. The personal information controller is necessary for a news organization and it is carrying out legal news reports;

10. It is necessary for academic research institutions to carry out statistical or academic research based on public interests, and when providing academic research or description results to the outside world, de-identify the personal information contained in the results.

11. Other circumstances stipulated by laws and regulations.

2. How do we use cookies and similar technologies

(1) Cookies

To ensure the proper functioning of the website, we store small data files called cookies on your computer or mobile device. Cookies usually contain identifiers, site names and some numbers and characters. With the help of cookies, websites can store data about your visiting preferences.

We will not use cookies for any purpose other than those stated in this policy. You can manage or delete cookies according to your own preferences. You can clear all cookies saved on your computer, and most web browsers have the function of blocking cookies. But if you do this, you need to change the user settings yourself every time you visit our website.

(2) Web beacons and pixel tags

Besides Cookie, we also use the same kind of other technologies such as web beacon and pixel tag on the website. For example, emails we sent to you may include click URL linked to our web.

If you click this link, we will track down this click, help us to know your preference to products or service and improve customer service. A web beacon is usually a transparent image embedded in a website or email. With the help of pixel tags in emails, we can know whether the emails are opened. If you do not want your activities to be tracked down in this way, you can unsubscribe from our mail list at any time.

(3) Do Not Track (do not track)

Many web browsers have a Do Not Track feature that issues a Do Not Track request to a website. Currently, the major Internet standards organizations have not established policies on how websites should respond to such requests. However, if Do Not Track is enabled in your browser, all of our sites will respect your choice.

3. How do we share, transfer and publicly disclose your user information

(1) Sharing

We will not share your user information with any other company, organization or individual, except in the following cases:

1. Sharing with explicit consent: After obtaining your explicit consent, we will share your user information with other parties.

2. We may share your user information externally in accordance with laws and regulations, or in accordance with the mandatory requirements of government authorities.

3. Sharing with our affiliates: Your user information may be shared with our affiliates. We will only share necessary user information and be bound by the purposes stated in this Privacy Policy. If the affiliated company wants to change the purpose of processing user information, it will ask for your authorization again.

4. Sharing with authorized partners: Only to achieve the purpose stated in this policy, some of our services will be provided by authorized partners. We may share some of your user information with our partners to provide better customer service and user experience. We will only share your user information for legal, legitimate, necessary, specific, and clear purposes, and will only share user information necessary to provide services. In order to better operate and improve technology and services, you agree that we and our authorized partners may use the collected information for other services and purposes in compliance with relevant laws and regulations.

The specific authorized partners are listed below, and a link to the privacy policy of the third party is provided. We recommend that you read the privacy policy of the third party: (1) Message push service provider: Push technology provided by Daily Interactive Co., Ltd. Service, we may provide your device platform, device manufacturer and brand, device model and system version, device identification code, device serial number and other device information, application list information, network information and location-related information to Daily Interactive Shares Co., Ltd. to provide you with push technology services. When we push messages to you, we may authorize Daily Interactive Co., Ltd. to perform link adjustments to mutually promote the push process of the closed SDK, so as to ensure that you can receive the messages we push to you in a timely manner. For more details, please visit the "Privacy Policy of Gotui Users".

(2) Advertising and media: We may share the collected information with advertising, media and our other authorized partners for commercial purposes including optimizing advertising and improving marketing effects.

(3) We will sign strict confidentiality agreements with companies, organizations and individuals with whom we share user information, requiring them to process user information in accordance with our instructions, this Privacy Policy and any other relevant confidentiality and security measures.

(2) Transfer

We will not transfer your user information to any company, organization or individual, except in the following cases:

1. Transfer with explicit consent: After obtaining your explicit consent, we will transfer your user information to other parties;

2. When it comes to mergers, acquisitions or bankruptcy liquidation, if it involves the transfer of user information, we will require the new company or organization that holds your user information to continue to be bound by this privacy policy, otherwise we will require the company or organization to Ask for your authorization again.

(3) Public disclosure

We will only publicly disclose your user information under the following circumstances:

1. After obtaining your explicit consent;

2. Disclosure based on law: We may publicly disclose your user information under the circumstances of laws, legal procedures, lawsuits or mandatory requirements of government authorities.

(4) Exceptions to obtaining prior authorization and consent when sharing, transferring, and publicly disclosing information

Please understand that, according to laws and regulations and relevant national standards, we do not need your authorization to share, transfer or publicly disclose your user information in the following situations:

1. Directly related to national security and national defense security;

2. Directly related to public security, public health, or major public interests;

3. Directly related to criminal investigation, prosecution, trial and judgment execution;

4. For the protection of your or other personal life, property and other major legitimate rights and interests, but it is difficult to obtain the consent of the person;

5. Information that you disclose to the public by yourself;

6. Collected from legally disclosed information, such as legal news reports, government information disclosure and other channels.

4. How do we protect your user information

(1) We have adopted industry-standard security protection measures to protect the user information you provide to prevent data from unauthorized access, public disclosure, use, modification, damage or loss. We will take all reasonable and feasible measures to protect your user information. For example, when exchanging data between your browser and the "service", it is protected by SSL encryption; we also provide https secure browsing methods for the website; we will use encryption technology to ensure the confidentiality of data; we will use trusted The protection mechanism prevents data from being maliciously attacked; we will deploy an access control mechanism to ensure that only authorized personnel can access user information; and we will hold security and privacy protection training courses to strengthen employees' awareness of the importance of protecting user information.

(2) We will take all reasonable and feasible measures to ensure that no irrelevant user information is collected. We will only retain your user information for the period necessary to achieve the purposes stated in this policy, unless an extended retention period is required or permitted by law.

(3) The Internet is not an absolutely secure environment, and e-mails, instant messaging, and communication methods with other users are not encrypted. We strongly recommend that you do not send user information through such methods.

(4) We will regularly update and disclose relevant content of reports such as security risks and user information security impact assessments. You can obtain it in the following ways: Supplementary security risk disclosure channels

(5) The Internet environment is not 100% safe, and we will do our best to ensure the security of any information you send us. Even if we make great efforts and take all reasonable and necessary measures, it may still be impossible to prevent your user information from being illegally accessed, stolen, tampered with or destroyed, resulting in damage to your legitimate rights and interests. Please understand the above risks of Newsbook and bear them voluntarily.

(6) After the unfortunate occurrence of a user information security incident, we will promptly inform you in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, and your own prevention and control measures. Advice on reducing risks, remedies for you, etc. We will promptly inform you of the event-related situation by email, letter, phone call, push notification, etc. When it is difficult to inform the user information subject one by one, we will take a reasonable and effective way to issue an announcement. At the same time, we will also actively report the handling of user information security incidents in accordance with the requirements of the regulatory authorities.

5. Your rights

In accordance with relevant Chinese laws, regulations, standards, and common practices in other countries and regions, we guarantee you to exercise the following rights to your user information:

(1) Access to your user information

You have the right to access your user information, except for exceptions provided by laws and regulations. If you want to exercise the right to access data, you can access it by yourself in the following ways: Supplementary user information access methods

If you are unable to access these User Information through the links above, you can always get in touch using our web form, or email [email protected]. We will respond to your access request within 30 days.

As for other user information generated during your use of our products or services, as long as we do not need too much investment, we will provide it to you. If you would like to exercise your data access rights, please email [email protected].

(2) Correct your user information

When you find that the user information we process about you is wrong, you have the right to ask us to make corrections. You can apply for correction through the methods listed in "(1) Accessing your user information". If you are unable to correct this User Information via the above link, you may always contact us using our web form, or email [email protected]. We will respond to your correction request within 30 days.

(3) Delete your user information

In the following situations, you can submit a request to us to delete user information:

1. If our handling of user information violates laws and regulations;

2. If we collect and use your user information without your consent;

3. If our handling of user information violates our agreement with you;

4. if you no longer use our products or services, or you cancel your account;

5. If we no longer provide you with products or services.

We will evaluate according to your deletion request, and if the corresponding regulations are met, we will take corresponding steps to deal with it. When you make a deletion request to us, we may ask you to verify your identity to protect the security of your account. When you delete information from our service, we may not immediately delete the corresponding information from the backup system due to applicable laws and security technologies, and we will safely store your information until the backup can be cleared or anonymized.

(4) Change the scope of your authorization and consent

Each business function requires some basic user information to be completed (see "Part 1" of this policy). For the collection and use of user information, you can give or withdraw your authorization and consent at any time. You can do it yourself by: Supplement Changing the access method of user information

When you withdraw your consent, we will no longer process the corresponding user information. At the same time, please note that your withdrawal of authorization consent may lead to certain consequences, for example, we may not be able to continue to provide you with corresponding services or specific functions, but your decision to withdraw your consent will not affect the previous development based on your authorization. User information processing.

(5) Cancellation of account by user information subject

You can cancel the previously registered account at any time, and you can do it by yourself in the following ways: Supplement the operation method of canceling the account

After canceling the account, we will stop providing you with products or services and delete or anonymize your information according to your request, unless otherwise stipulated by laws and regulations. This may also result in you losing access to the data in your account, please proceed with caution.

(6) The user information subject obtains a copy of the user information

You have the right to obtain a copy of your user information, and you can do it yourself in the following ways: Supplement the operation method of obtaining a copy of user information

Under the premise of technical feasibility, such as data interface matching, we can also directly transmit a copy of your user information to the third party you designate according to your request.

(7) Constraining the automatic decision-making of the information system

In some business functions, we may only make decisions based on non-manual automatic decision-making mechanisms including information systems and algorithms. If these decisions significantly affect your legal rights, you have the right to request an explanation from us, and we will also provide appropriate remedies.

(8) Respond to your above request

For security purposes, you may be required to provide a written request or otherwise prove your identity. We may ask you to verify your identity before processing your request.

We will respond within thirty days. If you are not satisfied, you can also complain through the following channels: Supplement other channels of appeal

For your reasonable request, we do not charge fees in principle, but for repeated requests that exceed reasonable limits, we will charge a certain cost depending on the situation. We may deny requests that are unnecessarily repetitive, require excessive technical means (for example, requiring the development of new systems or fundamental changes to existing practices), pose a risk to the legitimate rights and interests of others, or are highly impractical. Please also understand that due to security considerations, requirements of relevant laws and regulations or technical limitations, we may not be able to respond to some of your requests, such as the following situations:

1. Related to the fulfillment of the obligations stipulated by laws and regulations by the user information controller;

2. Directly related to national security and national defense security;

3. Directly related to public security, public health, and major public interests;

4. Directly related to criminal investigation, prosecution, trial and execution of judgments;

5. The user information controller has sufficient evidence that the user information subject has subjective malice or abuse of rights;

6. In order to protect the major legal rights and interests of the user information subject or other individuals such as life and property, but it is difficult to obtain the consent of the person;

7. Responding to the request of the user information subject will cause serious damage to the legitimate rights and interests of the user information subject or other individuals or organizations;

8. Those involving commercial secrets.

6. How do we handle children's personal information

We attach great importance to the protection of children's personal information, and our products, websites and services are mainly aimed at adults. Children should not create their own user accounts without the consent of a parent or guardian. Although local laws and customs define children differently, we consider anyone under the age of 14 to be a child.

For the collection of children's user information with the consent of parents or guardians, we will only store, use or publicly disclose this information when it is permitted by law, expressly consented by parents or guardians, or necessary to protect children, otherwise we will try to delete it as soon as possible related data.

In view of the limitations of existing technologies and business models, it is difficult for us to actively identify children's personal information. If you find that we have collected children's personal information without our knowledge or without the prior consent of verifiable guardians, you You can contact us in time, and we will try to delete it in time after we find it. If we find the above situation ourselves, we will delete it in time, unless we are required by law to keep it.

7. How your user information is stored and transferred globally

In principle, the user information we collect and generate within the territory of the People's Republic of China will be stored within the territory of the People's Republic of China. We will only retain your user information within the period required for the purposes and purposes described in this policy and within the shortest period stipulated by laws and regulations. After the above retention period is exceeded, we will delete your user information in accordance with the requirements of applicable laws and regulations or Anonymization. Unless otherwise stipulated by laws and regulations, or for the purpose of public interest, scientific and historical research, etc., or your separate authorization and consent, we may need to retain relevant data for a longer period of time.

Since we provide products or services through resources and servers all over the world, this means that after obtaining your authorization and consent, your user information may be transferred to the overseas jurisdiction of the country/region where you use the product or service, or Receive visits from these jurisdictions.

Such jurisdictions may have different data protection laws, or even no laws at all. In such cases, we will ensure that your user information is adequately and equally protected within the territory of the People's Republic of China. For example, we will ask for your consent to the cross-border transfer of user information, or implement security measures such as data de-identification before cross-border data transfer.

8. How to update this policy

Our Privacy Policy is subject to change. We will not reduce your rights under this Privacy Policy without your express consent. We will post any changes to this policy on this page.

For material changes, we will also provide more prominent notices. Major changes referred to in this policy include, but are not limited to:

1. Major changes have taken place in our service model. Such as the purpose of processing user information, the type of user information processed, the method of using user information, etc.;

2. We have undergone major changes in terms of ownership structure and organizational structure. Such as changes in owners caused by business adjustments, bankruptcy mergers, etc.;

3. The main object of user information sharing, transfer or public disclosure changes;

4. There are major changes in your right to participate in user information processing and how to exercise it;

5. When our responsible department, contact information and complaint channels for handling user information security change;

6. When the user information security impact assessment report indicates that there is a high risk.

We will also archive previous versions of this Policy for your review.

9. How to contact us

If you have any questions, comments or suggestions about this Privacy Policy, please contact us in the following ways:

Email: [email protected]

Whatsapp Tel: +852 46746166

We have set up a dedicated department for user information protection, and you can contact relevant personnel through the following methods: Supplementary contact information related to user information protection

Normally, we will reply within thirty days.

If you are dissatisfied with our reply, especially if our user information processing behavior has damaged your legitimate rights and interests, you can also seek solutions through the following external channels: Supplement other external channels for obtaining solutions