1、We will get these following information by email, fax, telephone negotiation, online tools, paper documents, etc.

• 2.1、When you use our services, we may collect data about you and your customers. This data includes, but is not limited to, the following information.

  1. 1）Your and your client's personal name and contact information, such as cell phone number, phone number email address, etc..
  2. 2）Your company information, such as company name, company address, company email address, company invoicing information, delivery address, etc..
  3. 3）Information about your and your customers' devices, such as, for example, device type, operating system, browser information, IP address, etc..
  4. 4）Information about your and your customers' devices, such as, for example, device type, operating system, browser information, IP address, etc..

• 2.2、We will use your personal information and that of your customers for the following purposes.

  1. 1）Provision of services: We will use your personal data and that of your customers to provide our services, such as optimizing advertising recommendations and marketing campaigns.
  2. 2）Improving our services: We will use your and your customer's personal data to improve the quality of our services and to provide you and your customers with a better experience.
  3. 3）Contacting you and your customers: We may use your and your customers' personal data to contact you and your customers, for example to provide customer support or to send notifications.
  4. 4）Legal Requirements: We may be required by law to use your and your customers' personal data, such as to comply with relevant laws and regulations or governmental requirements.

• 3.1、When interviewing or hiring employees, we will collect personal information from employees based on human resources needs, including but not limited to the following.

  1. 1）Name, age, ID number, contact information, place of origin.
  2. 2）Academic and degree certificates, vocational skills, work experience.
  3. 3）Health status, medical certificate, family situation, emergency contact, salary card number, and whether there is a criminal record.
  4. 4）We also collect payroll and records, female employees' pregnancy cycles, etc. when employees are on board.

• 3.2、We will use personal information of employees or interviewees for the following purposes.

  1. 1）Collecting employee or candidate ID information for the purpose of proving their identity and age, and ensuring that no child laborers who conceal their age enter the company.
  2. 2）Collecting employees' work experience, resume forms, certificates, etc., in order to assess employees' or candidates' professional skills, work experience, organization and coordination, communication skills, manners and poise, and stability.
  3. 3）Collecting personal physical and family information on employees, with the aim of meeting social responsibility requirements.
  4. 4）Collection of female employees' pregnancy cycle, in response to the relevant regulatory requirements for the protection and safety management needs of female employees in the third trimester.

• 4、When we work with suppliers, we collect data from them that includes, but is not limited to, the following information.

  1. 1）Information on supplier quality, delivery, service, technology, equipment capacity, capacity status, human resource status, etc..
  2. 2）Organizational information such as supplier registration certificate, relevant system certificate and expiration date, tax registration certificate and supplier list.
  3. 3）When we need to purchase equipment and make payments to suppliers, we collect: the credit or debit card numbers used to receive payments, etc.
  4. 4）Collecting the above supplier data can help us to make a comprehensive assessment and thus select a more suitable supplier.

• 5、We will retain your information for as long as necessary to fulfill the purposes of use described in this statement, except as necessary to permit or as required by law to retain it for a longer period of time.

  5.1、For customer information

  1. 1）Customer information is retained for the duration of the customer's business relationship with us. Customer property includes customer company information, customer user data, and customer product information, and is retained for a period of five years after the completion of the project.
  2. 2）When the customer explicitly informs us that the business is permanently terminated, the relevant customer information will no longer be retained and will be permanently destroyed.

  5.2、For employee information

  1. 1）Employee files/training records/employment contracts/non-disclosure agreements, etc. are retained for 1 year after separation.

  5.3、For supplier information

  1. 1）Supplier first certification information, list of qualified suppliers, agreements with suppliers, retention period of 3 years after the completion of the project.

1、Access control security

• 1）Our company's access control system will ensure that only authorized persons have access. This is achieved by authorizing employees with specific access cards and face recognition, and only those employees with these credentials will be able to enter the company's office areas.
• 2）For the interior of the company's office area, we ensure that only internal company employees and related persons (e.g. clients of the relevant project) have access; this is achieved by setting specific access rights in the company's access control system.
• 3）We will register outsiders who enter the company's office areas and properly maintain this information for at least twelve months. This is to record who has entered the company office area and who may have accessed confidential, proprietary, sensitive or critical information, which will be used for security audits and investigations.
• 4）We have designated our server rooms as segregated work areas, accessible only to relevant personnel with authority (e.g. operations and maintenance staff), in order to ensure the highest level of security for our servers and critical data.

2、Network security

• 1）The company's internal network can only be accessed by authorized employees. This is achieved by setting access rights and encrypting network communications so that only employees with specific credentials can connect to the company's internal network.
• 2）Company enabled routed network firewalls and activated local firewalls on all devices that have local firewalls, this is to ensure that our network is protected to the highest level and can detect and block attacks and malware from the network.
• 3）Prohibit employees from using company networks and devices to access websites that may contain Trojan horses, malicious files or compromise national security; this is to ensure that our network is protected from attacks and malware infections from dangerous websites.
• 4）Prohibiting employees from opening email attachments from unknown sources, which is intended to prevent the spread of malware and viruses from unknown sources via email.
• 5）Prohibit the connection of company computers to any unauthorized network, this is to ensure that our equipment and data are protected from attacks and intrusions from unauthorized networks.
• 6）Prohibit the use of private storage devices, such as USB sticks, hard drives, memory cards, CD-ROMs, etc., on company computers; this is to prevent the spread of malware and viruses from unknown sources via storage devices.
• 7）Prohibit the storage of company and customer data on any private computer or storage device, this is to ensure that our data is not stolen or compromised.
• 8）Use of strong passwords and PIN double encryption for computers involving customer data, which is to ensure the highest level of protection for our customers' data.
• 9）Installation of software from unknown sources on company computers is prohibited. If there is a need to install special software, an installation request must be submitted and handled by the IT department. This is to prevent malware and viruses from unknown sources from spreading through software installations.

3、Separated employees

• 1）We remove access to the access control system for departing employees, this is to ensure that departing employees no longer have access to the company's office areas.
• 2）We will remove the departing employee from all dingtalk, WeChat, Fishu, QQ and other instant messaging software group chats and friend relationships related to the company's internal projects while ensuring that a new person in charge has been docked, this is to ensure that the departing employee no longer has access to confidential company information and confidential communications.
• 3）We remove access to company related servers, information management backend, Git, database, VPN, ERP, email, cloud drive, etc. This is to ensure that departing employees no longer have access to confidential company or customer hosted information and systems.

4、Data sharing

• 1）We do not sell or rent your and your customers' personal data to third parties in order to protect your and your customers' privacy.
• 2）We may share your and your customers' personal data with our partners, suppliers and contractors for our business purposes, such as processing orders, providing technical support, etc. These partners, suppliers and contractors are required to comply with our privacy policy and sign confidentiality agreements to ensure that the ultimate purpose of this information is to support and strengthen our relationship with you and not to allow them to use your and your customer's personal data for any other purpose.
• 3）In certain circumstances (such as when you or your customers fail to comply with legal requirements or for preservation purposes), we may be required by law, regulation or judicial process to share your and your customers' personal data, for example, to investigate criminal activity or to satisfy a court subpoena. In such cases, we will use our best efforts to protect the privacy and security of your and your customer's personal data and will only share data when necessary.
• 4）We may share personal data about you and your customers with other companies or individuals based on your consent or authorization, such as when you authorize us to interact with your social media accounts. In such cases, we will comply with your authorization requirements and ensure the privacy and security of your and your customers' personal data.

5、Establish a safety training program

• 1）Providing basic security training: one basic security training for all employees, including password security, email security, social media security, mobile device security, etc..
• 2）Job-specific security training: provide specific security training for employees in each position, such as administrative staff, developers, system operations and maintenance administrators, etc., and provide targeted security training based on their job responsibilities.
• 3）Occasional simulation drills: Regular safety drills are conducted to test the emergency response capability of employees in the event of a safety incident.

6、Conduct regular vulnerability scans and security audits

• 1）Security Vulnerability Scanning: Regular scanning of the system using security vulnerability scanning tools to find vulnerabilities and fix them in a timely manner.
• 2）Security audit: at least one security audit is conducted annually, including system security audit, network security audit, application security audit, etc., to ensure that the security of the system reaches the best state.
• 3）Assess the security of third-party service providers: Conduct security assessments of the third-party service providers used to ensure they meet the company's security standards.

7、Continuous detection and response to security events

• 1）Real-time monitoring: real-time monitoring of system logs and network traffic, and timely response to abnormal conditions.
• 2）Establishing security incident response plan: Establishing a comprehensive security incident response plan, including defining incident levels, designating responsible persons, and determining emergency response processes.
• 3）Incident follow-up tracking and summary: track and summarize all security incidents, analyze the causes and take corresponding measures to avoid the recurrence of similar incidents.