Last updated on: [February 17, 2022]
Foreword
Beijing Kuangshi Technology Co., Ltd. and its affiliates (hereinafter referred as “we” or “MEGVII”) highly respect and are committed to protect personal information and privacy. Therefore, we have formulated this Personal Information and Privacy Protection Policy (hereinafter referred as the “Policy”), which introduces our basic information, data protection principles and other overall conditions related to personal information processing.
This Policy serves as an overview of our efforts in the protection of personal information and privacy to declare our uniform requirements and standards in the field of personal information processing. In avoidance of ambiguity, this Policy does NOT completely cover all information when we process personal information for specific purposes in specific product or service scenarios. For specific personal information processing practices in specific product or service scenarios, PLEASE also read the applicable privacy policy or similar legal texts provided by our clients (hereinafter referred to as "Clients") or us separately to the individual end users (hereinafter referred to as "Users" or "you"). In addition, this Policy only applies to MEGVII, and is completely independent of the privacy policy or similar legal texts that our Clients or any third parties may or need to show or provide to you.
This Policy will help the Clients and the Users understand the following:
1. Our basic information
2. Our principles on personal information and privacy protection
3. How we process personal information
4. How we disclose your personal information
5. How we protect your personal information
6. How your personal information is transferred globally
7. Your rights to personal information
8. How we process personal information of minors
9. How we update this Policy
1. Our basic information
2. Our principles on personal information and privacy protection
3. How we process personal information
4. How we disclose your personal information
5. How we protect your personal information
6. How your personal information is transferred globally
7. Your rights to personal information
8. How we process personal information of minors
9. How we update this Policy
In this Policy, "personal information" refers to various information recorded electronically or in other ways that can identify a specific natural person alone or in combination with other information, and/or reflect the activities of a specific natural person. Unless otherwise stated, other relevant definitions and terms under this Policy shall have the same meanings as those in Cybersecurity Law, Information Security Technology - Personal Information Security Specifications and other laws and regulations, regulatory documents, and national standards.
1. Our basic information
Who are we: Founded in 2011,MEGVII is a global leader in AI products and solutions.Our core competency is deep learning,a key driver of the AI revolution. We focus on areas in which algorithms can create critical value: Consumer IoT, City IoT and Supply Chain IoT. We provide customers with full-stack solutions that integrate algorithms,software and hardware.
Contact address: 3rd Floor, Raycom Info Tech Tower A, No. 2 Kexueyuan South Road, Haidian District, Beijing, PRC
Tel: +86 400-6700-866
2. Our principles on personal information and privacy protection
In activities of processing personal information, we always abide by the following principles:
1) Lawfulness and Justifiability
· We guarantee to abide by Cybersecurity Law, Civil Code and other applicable laws and do not use personal information to engage in any illegal activities.
· We respect and undertake to protect the relevant rights of personal information subjects in accordance with applicable laws.
· We guarantee to abide by Cybersecurity Law, Civil Code and other applicable laws and do not use personal information to engage in any illegal activities.
· We respect and undertake to protect the relevant rights of personal information subjects in accordance with applicable laws.
2) Security and Controllability
· We will take appropriate technical and management measures to protect personal information from risks such as loss, unauthorized access, damage, alteration or public disclosure.
· We have set up a dedicated management department and personnel internally, designed and implemented a strict authority control system, strictly controlled the number and scope of personnel who have access to personal information.
· Based on the data classification system, we have taken appropriate measures to ensure the accuracy, completeness, availability and timeliness of personal information.
· We will take appropriate technical and management measures to protect personal information from risks such as loss, unauthorized access, damage, alteration or public disclosure.
· We have set up a dedicated management department and personnel internally, designed and implemented a strict authority control system, strictly controlled the number and scope of personnel who have access to personal information.
· Based on the data classification system, we have taken appropriate measures to ensure the accuracy, completeness, availability and timeliness of personal information.
3) Transparency and Necessity
· We undertake to only process data strictly necessary for specific purposes in the realization of business functions.
· We undertake to retain personal information only for the time period necessary to achieve the purpose of processing, unless it is prohibited to delete such information in accordance with mandatory laws and regulations or regulatory requirements.
· We undertake to strictly process data in the manner that have the least impact on the rights of personal information subjects.
· We undertake to only process data strictly necessary for specific purposes in the realization of business functions.
· We undertake to retain personal information only for the time period necessary to achieve the purpose of processing, unless it is prohibited to delete such information in accordance with mandatory laws and regulations or regulatory requirements.
· We undertake to strictly process data in the manner that have the least impact on the rights of personal information subjects.
4) Accountability and Correctability
· We undertake to adopt appropriate and feasible technical and management measures to ensure that the processing of personal information can be checked, accountable and rectified if incorrect.
· We have set up a reasonable and effective information security rule system for employees, and set up relevant regulations on rewards and punishments relating to information security to ensure the implementation of related responsibilities.
· We undertake to adopt appropriate and feasible technical and management measures to ensure that the processing of personal information can be checked, accountable and rectified if incorrect.
· We have set up a reasonable and effective information security rule system for employees, and set up relevant regulations on rewards and punishments relating to information security to ensure the implementation of related responsibilities.
5) Powering Humanity with AI
· We are committed to using AI to create happiness and benefit humanity. We have publicly released the Artificial Intelligence Application Guidelines and undertake to strictly protect users' personal privacy and ensure data security in the development and use of AI solutions.
· We have formulated and implemented AI-related internal systems such as the Artificial Intelligence Code of Ethics, and established an AI Ethics Committee in the form of an independent external consultant, to work together with our management to ensure that decisions on issues related to AI ethics are legal, reasonable, fair and justifiable.
· For more of our initiatives on AI governance, please refer to the Proposal for the Correct Use of Artificial Intelligence Products, the Guidelines for Compliance Application of Face-Recognition Services( ONLY available in Chinese )and other reference documents.
· We are committed to using AI to create happiness and benefit humanity. We have publicly released the Artificial Intelligence Application Guidelines and undertake to strictly protect users' personal privacy and ensure data security in the development and use of AI solutions.
· We have formulated and implemented AI-related internal systems such as the Artificial Intelligence Code of Ethics, and established an AI Ethics Committee in the form of an independent external consultant, to work together with our management to ensure that decisions on issues related to AI ethics are legal, reasonable, fair and justifiable.
· For more of our initiatives on AI governance, please refer to the Proposal for the Correct Use of Artificial Intelligence Products, the Guidelines for Compliance Application of Face-Recognition Services( ONLY available in Chinese )and other reference documents.
6) Compliance by Default on Product Design
· By taking into account various factors such as product design, technical security, and legal compliance, we are committed to promoting product development and design with the concept of compliance by default in all aspects of the development of products and/or services.
· By taking into account various factors such as product design, technical security, and legal compliance, we are committed to promoting product development and design with the concept of compliance by default in all aspects of the development of products and/or services.
3. How we process personal information
1) Personal information processing in our business
Under different business scenarios, MEGVII will carry out various business cooperation with Clients. Generally speaking, as a personal information processor, we will work with our Clients, suppliers and other partners to ensure that the personal information collected and processed meets the preconditions of authorization and consent, and that the personal information used and retained is necessary for the realization of business processes.
Under different business scenarios, MEGVII will carry out various business cooperation with Clients. Generally speaking, as a personal information processor, we will work with our Clients, suppliers and other partners to ensure that the personal information collected and processed meets the preconditions of authorization and consent, and that the personal information used and retained is necessary for the realization of business processes.
2) Personal information processing on our websites
Please be aware that when you visit our website and use related functions, we will process the necessary personal information to realize these functions and business processes. If you refuse to provide relevant personal information, you may not be able to use the corresponding functions of our website. If you do not use a certain function, we will neither collect nor process the corresponding information.
Specifically, when you apply for business cooperation with us or make a consultation request to us, we will collect your contact phone number and contact email. If you provide it voluntarily, we will also collect your name, consulting questions, company name, location, and other necessary information, to contact you for business cooperation or to process your consultation request.
In addition, we may also use the above information to provide you or your organization with information about products and services you may be interested in, or to solicit feedback from you or your organization, such as surveys and questionnaires. If you or your organization do not want to learn about related products and services or provide feedback, you can refuse it at any time during the contact process.
3) Special Declaration on Cookie
Cookies are small files transmitted by a website, application or service and stored on your device. In order to achieve the personalized needs of your online experience and provide you with easier access experience, MEGVII’s websites, online services, interactive applications, emails and advertisements may use cookies and other similar technologies, such as pixel tags and websites Beacon. We use cookies like most websites on the Internet, and we cannot access cookies that are not set by MEGVII. The time period that cookies are stored on your hardware device depends on your device settings.
Cookies are small files transmitted by a website, application or service and stored on your device. In order to achieve the personalized needs of your online experience and provide you with easier access experience, MEGVII’s websites, online services, interactive applications, emails and advertisements may use cookies and other similar technologies, such as pixel tags and websites Beacon. We use cookies like most websites on the Internet, and we cannot access cookies that are not set by MEGVII. The time period that cookies are stored on your hardware device depends on your device settings.
If your browser has enabled Do-Not-Track and other cookie settings and preferences, all MEGVII websites will respect your choice. The management of cookies and cookie preferences need to be done in the options/preferences of your browser. For more information about cookies and instructions on how to set your browser to accept, delete or disable cookies, please refer to www.allaboutcookies.org.
4. How we disclose your personal information
We will only share and disclose your personal information for lawful, legitimate, necessary, specific and clear purposes. We will, and will also urge our partners (including Clients, suppliers, etc.) to use your personal information strictly in accordance with the relevant data processing purposes.
We may also share personal information with third parties when we are involved in the sale, transfer or merger of some businesses or assets. If there are any changes of business control, we will take effective measures to require the purchaser of the business or part of the business to continue to process and protect your personal information in accordance with the same standards described in this Policy.
We may also disclose personal information: 1) in accordance with laws and regulations, 2) in accordance with court requirements, and/or 3) in response to requests from law enforcement agencies, or 4) in other lawful and necessary situations.
5. How we protect your personal information
We have completed the recordal procedure under the Multi-Level Protection System of Network Security for business systems in accordance with Chinese laws and regulations, and have adopted industry-standard security protection measures (including but not limited to encryption, desensitization, authority control, etc.) to protect the personal information you provide. We have obtained ISO 27001 and ISO 27701 certification. Nevertheless, PLEASE note that although we have taken reasonable technical and management measures to protect your personal information, NO WEBSITE, INTERNET TRANSMISSION, COMPUTER SYSTEM OR WIRELESS CONNECTION IS ABSOLUTELY SECURE.
In the unfortunate event of a personal information security incident, we will manage it in accordance with the requirements of laws and regulations, perform relevant legal obligations, and report the incident in accordance with the requirements of relevant regulatory authorities.
6. How your personal information is transferred globally
Due to the requirements of Chinese laws and regulations, in principle, the personal information we collect and generate in China will be stored within the territorial scope of China.
If it is really necessary to transfer your personal information globally, we will transfer your personal information under the premise of complying with the mandatory rules and requirements of China and other relevant jurisdictions (including but not limited to the requirements for the security assessment of exporting personal information from China).
7. Your rights to personal information
We highly respect your rights related to personal information in accordance with the law. PLEASE note that in specific product or service scenarios, we recommend that you directly make requests to the personal information processor (usually our Clients) under such specific business scenarios since they will be able to better provide you with useful information, otherwise they may forward such requests to us as appropriate. For security reasons, we may need to verify your identity before processing your request.
If our Clients and/or we fail to respond to you rrequest in a timely manner,or if you have any disagreement to the relevant responses, you may make further complaints to our Clients and/or to us,or appeal to the relevant regulatory authorities
If needed, you may also contact us by sending an email to business@megvii.com. To ensure that your request is clear and specific, please indicate in the aforementioned email:
1) Your name (or company name) and contact information;
2) Your specific request, suggestion and/or corresponding link.
1) Your name (or company name) and contact information;
2) Your specific request, suggestion and/or corresponding link.
For your reasonable request, we do not charge fees in principle, but for repeated requests that exceed reasonable limits, we will charge a certain cost within legal limits or may reject them as appropriate.
In general, we will response as soon as possible within the time limit stipulated by laws and regulations, except in the following cases:
1) Where the request is related to fulfilling obligations under laws and regulations;
2) Where the request is directly related to national security and national defense;
3) Where the request is directly related to public security, public health and significant public interests;
4) Where the request is directly related to investigations into crimes, prosecutions, court trials, execution of rulings, etc.;
5) Where there is sufficient evidence that you may have subjective malice or abuse of rights;
6) Where refusing the request is to protect your or other individuals' life, property and other vital legal rights and interests, but it is difficult to obtain your or other individual’s authorization and consent;
7) Where responding to your request will cause serious damage to the legitimate rights and interests of you or other individuals or organizations;
8) Where the request involves any trade secret.
1) Where the request is related to fulfilling obligations under laws and regulations;
2) Where the request is directly related to national security and national defense;
3) Where the request is directly related to public security, public health and significant public interests;
4) Where the request is directly related to investigations into crimes, prosecutions, court trials, execution of rulings, etc.;
5) Where there is sufficient evidence that you may have subjective malice or abuse of rights;
6) Where refusing the request is to protect your or other individuals' life, property and other vital legal rights and interests, but it is difficult to obtain your or other individual’s authorization and consent;
7) Where responding to your request will cause serious damage to the legitimate rights and interests of you or other individuals or organizations;
8) Where the request involves any trade secret.
8. How we process personal information of minors
PLEASE note that all our products, websites and services are mainly for corporate clients, and we usually do not actively collect or process personal information of minors for our own purposes. If any Clients or Users want or intend to provide us with or request us to process the personal information of minors, PLEASE strictly follow the requirements of relevant laws and regulations to ensure that the guardian's prior consent has been authorized. For the collection of personal information of minors with the consent from the parent or guardian, we will only use or publicly disclose this information where permitted by law, the parent or guardian's explicit consents, or necessary to protect the minors. For the avoidance of ambiguity, we treat anyone under the age of 14 as a minor.
9. How we update this Policy
We reserve the right to update or modify this Policy from time to time. Nevertheless, without your explicit consent, we will not reduce your rights under this Policy. You can view the latest version of this Policy through this page.
For material changes, we will provide more noticeable notifications (for example, for some services, we will send notifications by e-mail or other means, explaining the specific changes). The aforementioned "material changes" include but are not limited to:
1) Where our service model has undergone material changes, such as the purpose of processing personal information, the type of personal information processed, the way of using personal information, etc.
2) Where our ownership structure, organizational structure or other aspects has undergone material changes, such as ownership transfer due to 1) business adjustments, 2) bankruptcy, 3) mergers, or 4) other possible reasons.
3) Where the main parties of sharing, transferring or public disclosing personal information have changed.
4) Where there is any material change on your rights to participate in personal information processing and how to exercise them.
5) Where there is any change on the department responsible for handling personal information security, our contact information or your complaint channel.
6) Where the report of personal information security impact assessment shows there is a high risk.
1) Where our service model has undergone material changes, such as the purpose of processing personal information, the type of personal information processed, the way of using personal information, etc.
2) Where our ownership structure, organizational structure or other aspects has undergone material changes, such as ownership transfer due to 1) business adjustments, 2) bankruptcy, 3) mergers, or 4) other possible reasons.
3) Where the main parties of sharing, transferring or public disclosing personal information have changed.
4) Where there is any material change on your rights to participate in personal information processing and how to exercise them.
5) Where there is any change on the department responsible for handling personal information security, our contact information or your complaint channel.
6) Where the report of personal information security impact assessment shows there is a high risk.
Update history:
1) February 17, 2022 version:
a) updated relevant definitions according to the development of law;
b) updated our basic information and our principles on personal information and privacy protection;
c) supplemented your rights to personal information;
2) December 24, 2020 version:
a) updated our basic information;
b) supplemented and detailed the third part "How we process personal information".
3) July 30, 2020 version:
a) Added the relevant principles of personal information and privacy protection;
b) Added relevant measures for protecting personal information;
c) According to the requirements of laws and regulations, the global transfer of personal information and subject rights have been updated.