Privacy and Data Security Policy 4.0

Hangzhou Shuyun Information Technology Co., Ltd. (hereinafter referred to as "Shuyun") respects and protects the personal data and data security of all data subjects (hereinafter referred to as "you") who use Shuyun CRM System (hereinafter referred to as "Shuyun CRM"). Shuyun will use your personal data and other data provided by you pursuant to this Privacy and Data Security Policy (hereinafter referred to as this "Policy") in order to provide you with its customer relationship management service. Shuyun will process the data appropriately and with due care. Unless otherwise stated in this Policy, Shuyun will not disclose or provide a third party with these data without your prior consent. Shuyun may occasionally update this Policy.

Please read this Policy carefully before you use Shuyun CRM. It shall be deemed that you acknowledge and understand this Policy and the responsibility you shall assume after you check "I have read and accept the terms and conditions" and click Confirm. You shall stop using Shuyun CRM should you disagree with any of the terms and conditions of this Policy.

 

Definitions

1) Shuyun CRM System refers to the CRM system developed by Shuyun and licensed to others directly or indirectly.

 

2) Data refers to the data you provide in part or in whole to Shuyun. The following are part of the data:

• all information and content, including but not limited to documents, images, forms, and videos, which is visible, stored, or in any other way saved on physical media, electronic media, or other media; such data is either treated as confidential, or as being part of a confidential data category;
• any information, document, image, form, or video generated when processing the data above.

 

3) Personal data refers to any information or content, in electronic or any other form, solely or combined with other data, that can be used to identify an individual, including but not limited to an individual's name, date of birth, ID number, biometric information, address, and phone number.

 

4) Data subject refers to a data subject that can be identified through processed data or information, including but not limited to an individual, business partner, legally licensed third-party user, or any customer of a business partner or legally licensed third-party user.

 

Authorized Use

1) Authorization scope: the range of data you agree to license Shuyun to use is restricted to user data and business data.

 

2) Authorization purpose: You agree to authorize Shuyun to use user data to fulfill its obligations under the software license agreement pursuant to the terms and conditions agreed upon in this Policy and the software license agreement.

 

3) Authorization term: The software license agreement shall control the effective term of this Policy.

 

Scope of Application

• All data, including personal data, that you provide as required by Shuyun when you open a Shuyun CRM account will be considered applicable.

 

• The Shuyun CRM account will be opened when you sign the contract and license agreement. The contract and authorization instruments shall include the company name and other necessary business information (if applicable) and shall be affixed with a valid corporate seal for verification and recordkeeping. We may fail to open an account or provide you with our service if you cannot provide such instruments.

 

• For the sake of security and auditing, Shuyun will be permitted to receive and record information from your browser and personal computer to support your business and security when you use the Shuyun CRM service or visit Shuyun CRM. Such information includes but is not limited to your IP address, browser category, language used, the date and time you visit Shuyun CRM, software and hardware information, and webpage records relating to your business,

 

• Your customers' personal data, synchronized from you or your business partner (including but not limited to Taobao and JD), via legal channels, by Shuyun with your authorization.

 

You acknowledge and agree that this Policy shall not apply to the following data and information:

• any data and information processed due to a violation on your part of either the law or Shuyun's policies;
• data and information in public domain.

 

Data Usage

• Shuyun shall not provide, sell, lease, share, or trade your personal data to any third party without your prior consent. All third parties shall be prohibited from accessing all applicable personal data as of the end of service if the aforementioned party or parties provide service to you, solely or jointly with Shuyun.

 

• Shuyun shall not allow any third party to collect, edit, sell, or distribute free-of-charge your personal data, in any form or manner. Shuyun reserves the right to terminate the service agreement between itself and any user should Shuyun find any Shuyun CRM platform user engaged in the activities above.

 

• Shuyun will provide you with information as required for your business by using your personal data with your consent in order to provide the best possible service. Alternatively, Shuyun may share data with its business partners with your consent so that they may provide the best possible service. You shall confirm that you have obtained consent from the data subject at the time of issuing the usage order.

 

Data Sharing

According to your intention or pursuant to the law, Shuyun may share or disclose all or some of your personal data:

• With third parties with your prior consent;

 

• With third parties when necessary to provide the products and services you have requested;

 

• To any third party, administrative or judicial organs pursuant to law or as required by such organs;

 

• To third parties when necessary should you violate any applicable law or regulation, the Shuyun service agreement, or relevant policies;

 

Data Storage and Exchange

Your synchronized personal data and information are stored on Shuyun's servers. The data and information will be stored exclusively in the People's Republic of China and no international data storage, transfer, or exchange is involved. You shall request approval from the national regulatory agencies pursuant to applicable law and the Measures on Security Assessment for Cross-Border Personal Information and Important Data Transfers should you need to provide an international entity with any personal information or data collected and generated during your business operations in the People's Republic of China due to business requirements. Your completion of the request above and obtaining of approval are required for you to request that Shuyun process personal data for cross-border transfers.

 

Use of Cookies

• If you do accept cookies, Shuyun may save or read cookies on your computer to allow you to log in or use the Shuyun CRM platform's services or features that rely on cookies. Shuyun uses cookies to provide an easier login experience.

 

• You have the option of accepting or declining cookies. You can decline cookies by changing your browser's settings. If you choose to decline cookies, you might not be able to log in or use the Shuyun CRM services or features that rely on cookies.

 

• Any information obtained through cookies saved by Shuyun is subject to this policy.

 

Data Security

• Shuyun has implemented an industry-standard security policy to guard against unauthorized access, disclosure, use, modification, damage, or loss of your personal information. We will take all reasonably necessary action to protect your personal information. For example, SSL encryption is used to protect data exchange between the browser and the service; https is used to ensure the security of the CRM system's websites; we use encryption technology to ensure the confidentiality of personal information; we employ a dependable protection system to safeguard data against malicious attacks; we employ a visitor management system to ensure that only authorized employees have access to personal information; and we will organize training sessions on security and privacy to raise awareness among employees about the importance of safeguarding personal information;

 

• Shuyun has obtained the following certifications (but Party B may replaceor upgrade the following certifications, and the specific certifications obtained shall be subject to the actual situation):

- National network security level protection for the record (classified as level 3);

- ISO/IEC 27001:2022 information security management system certification;

- ISO/IEC 27701:2019 privacy information management system certification.

 

3) All Shuyun accounts are secured. Please ensure that your username and password are kept secure. Shuyun will protect your information from loss, abuse, and forgery by implementing security measures such as password encryption. Regardless of the security measures outlined above, please keep in mind that there are no "perfect security measures" online.

 

4) Shuyun will classify and protect personal information according to its significance. Additionally, we will report on how we process user data security incidents in accordance with regulatory agency requirements. Shuyun will delete the data without keeping any backups at the end of the service term and data retention period specified in the software license agreement (except for security log data required by security audit).

 

• You acknowledge that all data and associated rights are obtained legally (by authorization or other ways that do not need to obtain authorization permitted by the Personal Information Protection Law). Without your authorization, Shuyun will not process any of this data.

 

Force Majeure

• Neither party shall be liable for any policy violation caused by force majeure events such as wars, fires, floods, typhoons, earthquakes, civil unrest, terrorist acts, riots, embargoes, or any other official or military control, or other disasters.

 

• When a force majeure event occurs, the affected party must notify the other party promptly.

 

• The other party may terminate this policy in writing if force majeure events result in a failure of obligation performance lasting more than 4 weeks. Neither party shall be liable to the other in the event that this policy is terminated as a result of force majeure events.

 

• Force majeure events include failures to implement the policy as a result of a government agency's coercive interference or the fact that any performance of obligation will result in a significant increase in the cost, which is significantly greater than the expected cost at the time of signing, except when such events are manipulated or contrived by any party.

 

Response to Your Service Request

• You may be asked to submit the request in writing or confirm your identity in other ways for security considerations. Before processing your request, we may contact you to verify your identity. We will then respond within 3 days. This is the channel for filing a complaint: 400-629-8558 (customer service).

 

• Reasonable requests that fall within the scope of the service agreement will be handled without charge, but we reserve the right to charge a fee for requests that do not fall within the scope of the agreement. We may reject requests that are repeated without cause, require multiple technical approaches (such as developing new systems or radically changing existing practices), impair others' legally protected rights, or are highly impractical (such as requests involving data stored on backup tapes).

 

We are unable to process your requests that will:

- help you evade your legal obligations and responsibilities;

- directly jeopardize national security and defense;

- directly threaten public security, public health, or any other significant public interests;

- directly influence or interfere with criminal investigations, prosecutions, trials, or the execution of court judgments;

- jeopardize the personal data subject's or another individual's life, property, or other substantial legal interests;

- involve trade secret offenses.

 

Contact Us

If you have any questions, comments, or suggestions, please contact us at 400-629-8558 (customer service).

 

We have a dedicated department for the protection of personal data (or a dedicated personal data protection expert) that you can contact in the following ways: please call customer service at 400-629-8558 or send email to privacy@shuyun.com.

 

Generally, we respond within 15 days.

 

If you are dissatisfied with our response, particularly if our data processing practices have harmed your or your customer's legal rights, you may also seek resolution through the following external channels: report to a consumer protection or regulatory agency, or file suit in a court with jurisdiction over Changning District, Shanghai.