Personal Information Protection Policy
Last update: [May 2021]
Should you have any doubt, comment or advice, contact us through any of the following methods :
Tel.: 844-626-6589 ext. 4
This Policy provides you with the following details:
■ How do we collect and use your personal information
■ How do we protect your personal information
■ Your rights
■ How do we process children’s personal information
■ How is your personal information transferred globally
■ How is this Policy updated
■ How to contact us
Nanolux understands the importance of personal information to you, and hence will ensure with all efforts that your personal information is reliably secure. We commit ourselves to maintaining your trust in us, sticking to the principles below to protect your personal information: Right-Duty Consistency, Clear Purposes, Optional Consent, Necessary Only, Ensuring Security, Involvement of Subject, Open and Transparent, etc. In the meanwhile, Nanolux promises to protect your personal information with security measures pursuant to mature industrial standards.
Please read attentively and learn this Personal Information Protection Policy before using our products or services.
How do we collect and use your personal information
1. Which personal information of yours do we collect?
⚫ Some information is required for our business function to properly run. Should you decide to use the business function, you need to provide us with, or allow us to collect, some necessary information, including: E-mail, user name, account portrait, and third-party payment method.
⚫ You may, at your discretion, select to provide us with, or allow us to collect, the following information: mobile number, working out at 1type of personal information. Such information is not a must to the business function, but is significant to improving service quality, development of new products or services, etc. You will not be forced to provide such information, and rejection to provide will not affect the use of the business function.
⚫ When you use the business function, our App will apply to you for following privileges relevant to personal information: device information, storage, location, and phone number, working out at 4 privileges in total. Without your authorization, we won’t be able to provide the business function. You may, at your discretion, decide to authorize other system privileges to the App。
2. How do we use your personal information
⚫ For personal information that is a must, we provide users with account login, including identifying user accounts and ensuring account security; and paying for renewals through third-party payment methods, and other functions to fulfill applicable laws and regulations.
We sometimes also use the information above to maintain and improve the business function or develop a new one, etc.
⚫ For personal information that is not a must, we use it to determine how many devices remain connected and working, the expiry dates of accounts, and other similar purposes.
3. How do we process, share, assign, and publicly disclose your personal information
(1) Commissioned processing
Some modules or functions of the business function are provided by external suppliers. For example, we employ service providers to help us provide customer supports. For companies, organizations and individuals we commission to process personal information, we enter into a strict confidentiality agreement with them, requiring them to process the information pursuant to our requirements, the Personal Information Protection Policy, and any other applicable confidentiality and security measures.
We don’t share your personal information with any company, organization and individual other than one of ours, unless your explicit consent is given. For now, we solicit your explicit consent on sharing personal information under following scenarios:
a) We will integrate URORA SDK for message push or other functions. You may click here to learn the companies, organizations and individuals involved so far. [https://www.jiguang.cn/license/privacy]
b) We may share your personal information externally pursuant to applicable laws and regulations or mandatory requirements by competent governmental authorities.
We don’t assign your personal information to any company, organization or individual under a circumstance other than the following:
a) Assignment with explicit consent: With your explicit consent granted, we may assign your personal information to another party;
b) In case of merging, acquirement or liquidation, if personal information assignment is involved, we will require the new company or organization receiving your personal information to remain bound by this Personal Information Protection Policy, or to resolicit authorization from you.
(4) Public disclosure
We won’t publicly disclose your personal information unless any of the following is fulfilled:
a) Your explicit consent is granted;
b) The disclosure is based on laws: We may disclose your personal information if mandatorily required so by applicable laws, legal procedures, lawsuits, or competent governmental authorities.
How do we protect your personal information
(i) We have input security measures fulfilling industrial standards to protect the personal information provided by you and prevent unauthorized data access, disclosure, use, tampering, damage or loss. We take all and every appropriate and practicable measures to protect your personal information. For example, we use encryption technology to secure data confidentiality; employ reliable protection system to prevent hostile attack against data; deploy access control system to ensure that only authorized persons have access to user information; and conduct security and privacy protection training to enhance employees’ awareness of the importance of protecting user information.
(ii) Our capability on data security: We use AES to ensure transmission security and MD5 to ensure storage security of sensitive data.
(iii) We take all and every appropriate and practicable measure to prevent collection of unnecessary information of yours. We only retain your personal information for the purposes contained herein, unless an extension of retention period is necessary or it is permitted by applicable laws.
(iv) We update and disclose periodically relevant details in respect of security risk, personal information security impact assessment and other reports. You may have access to them by: visiting http://www.nccstech.com or logging in to NCCS app.
(v) Internet is not 100% secure, but we will ensure or guarantee with all efforts that any information you send us is secure. However, if our physical, technological or management & protection facilities were sabotaged, giving rise to unauthorized access, disclosure, tampering, or destruction of information, damaging your legitimate interests, we would undertake all legal responsibilities arising therefrom.
(vi) If, unfortunately, a personal information security accident did occur, we would follow applicable laws and regulations and promptly inform you of: its basic conditions and possible impacts, actions and measures we have taken or will take, recommendations on active prevention and mitigation of risks for you, remedial actions for you, etc. We would notice you of the details of the accident via emails, letters, phone calls, push notifications, etc. in a timely manner. Where notifying the subjects of personal information one by one was impracticable, we would issue a public notice in an appropriate, effective way.
Meanwhile, we would actively report the handling progress as per the requirements of regulatory authorities.
According to applicable laws, regulations and standards of the United States and common practices in other countries and regions, we guarantee that you are entitled to the following for your personal information:
(i) Access to your personal information
You have access to your personal information except for the extent specified by applicable laws and regulations. You may access your personal information through: visiting http://www.nccstech.com or logging in to NCCS app.
Should you have trouble accessing your personal information via the link above or the app, you can always send an email to email@example.com at any time, and a reply will be given within 30 days.
For other personal information created during your use of our products or services, you may have access as long as it doesn’t require us unreasonable efforts. You may execute your data access rights through the following: Sending an email to firstname.lastname@example.org.
(ii) Correcting your personal information
If you find an error in your personal information processed by us, you are entitled to request a correction. You may apply in one of the methods provided in “(i) Access to your personal information”, and we’ll reply you within 30 days.
(iii) Deleting your personal information
You may request us to delete personal information in any of the following cases:
1. Our processing of personal information is against applicable laws and regulations;
2. We collect and use your personal information without your permission;
3. Our processing of personal information is against the agreement with you;
4. You don’t use our products or services anymore, or you’ve closed your account;
5. We don’t provide you with products or services anymore.
Should we decide to respond to your deletion request, we will inform all entities who have acquired your personal information from us to delete the same promptly, unless otherwise provided by applicable laws and regulation, or these entities have gained your separate authorization.
When you delete information from our services, we may not delete the same in our backup system immediately until a backup update.
(iv) Modifying the extent of your authorization
Each business function requires some basic personal information to fulfill its intended purpose. For additional collection and use of personal information, you may, at any time, grant or revoke your authorization or consent.
You may change your authorization or consent in one of the following: visiting http://www.nccstech.com/, or logging in to NCCS app.
After you revoke the consent, we will no longer process corresponding personal information. However, such revoking will not affect the processing of personal information carried out based on your previous authorization.
(v) Account closed by personal information subject
You may close accounts registered previously at any time by yourself in the method below: Sending an email to email@example.com requesting closing.
Upon closing your account, we will cease to provide you with any product or service, and will delete your personal information unless otherwise provided by application laws and regulations.
(vi) Personal information subject acquiring an information copy
You may request a copy of your personal information by yourself in the method below: Sending an email to firstname.lastname@example.org.
You may even have your personal information copy transmitted directly to a specified third party as required if it is technically practicable, e.g. the data interfaces are matched.
(vii) Constraining automatic decision-making of information system
In some business functions, we might make a decision depending only on non-artificial mechanisms including information system and algorithms. If a decision so made significantly affects your legitimate interests, you’re entitled to request an explanation by us, and we will provide appropriate remedies.
(viii) Response to your abovementioned requests
In an effort to ensure security, you may be required to provide a written application, or a proof of other kind to identify yourself. We may require authenticating your identity before processing your request. A reply will be given within 30 days. You may make a complaint in the method below should you feel unsatisfied: Sending an email to email@example.com.
In principle, we don’t charge you for a reasonable request. However, we do charge for requests that reoccur a lot or are out of a reasonable range. Also, we may reject a request should it be a repetition without a reason, require too many technical measures (e.g. requiring development of a new system or a fundamental change of current convention), may risk another’s legitimate interests, or be completely impractical (e.g. involving information stored in the backup tape).
We won’t be able to respond to your request in any of the following:
1. It involves the obligations specified by laws and regulations for the personal information controller;
2. The personal information is directly related to national security and national defense security;
3. The personal information is directly related to public safety, public health and major public interests;
4. It’s directly related to criminal investigation, lawsuits, judgements and execution thereof, etc.;
5. The personal information controller has sufficient evidence to prove the personal information subject’s intended malice or abuse of rights;
6. It is intended to maintain major legitimate interests such as life and property of the personal information subject or other individuals, however, consent of that person is hard to acquire; or
7. Responding to personal information subject’s request will result in severe damage to the legitimate interests of that subject or other individuals or organizations; or a trade secret is involved.
How do we process children’s personal information
Our products, websites and services are intended mainly for adults. A child should not create his/her own personal information subject account without prior consent of his/her parents or guardian(s).
Where a child’s parents agree to have his/her personal information collected, we will use or disclose the information only to the extent of laws, explicit consent of the parents or guardian(s), or that is necessary to protect the child.
Though local laws and conventions may have a different definition on children, anyone who is younger than 14 years old will be considered as a child here.
If we found ourselves accidentally collecting a child’s personal information without verifiable prior consent of his/her parents, we would take measures to delete relevant data as soon as possible.
How is your personal information transferred globally
In principle, all personal information we collect and create in the US will be stored in the US. However, we supply products or services through our globally-distributed resources and servers, which might, with your authorization, cause your personal information transferred to, or you to receive a visit from, an oversea jurisdiction other than the nation/region in which you use the product or service.
Such jurisdiction may have a different, or even a lack of, data protection laws. For a case like this, we’ll ensure that your personal information is under protection equivalent to that in the US. For example, we will request for your consent on cross-border transfer of personal information, or de-identify data before cross-border transfer of it.
How is this Policy updated
For a major change, we will additionally provide a more noticeable notice (including emails for some services to indicate the details of the change).
A major change referred herein includes but not limited to:
1. A major change to our service mode. For example, the purpose, type processed or method of use of personal information;
2. A major change to the structure of our ownership, organizational structure, etc. Fox example, a change of the owner due to business adjustments, bankruptcy & merging, etc.;
3. A major change to primary subjects of sharing, assignment or disclosure of personal information;
4. A major change to your rights and exercising method of them for participation in personal information processing;
5. Our responsible department of personal information security, contact methods and complaints
6. A high risk is indicated by personal information security impact assessment report.
We will also keep a copy of the old versions for your access.
How to contact us
We’ve established a dedicated department (or officer) for personal information protection, to which you may contact in the following method:
Sending an email to firstname.lastname@example.org.
Generally, a reply will be given within 30 days.
This Policy shall be interpreted and governed by American laws. Any conflict in any kind between you and us shall be resolved via friendly consultations. If a conflict cannot be solved so, any party is entitled to file the conflict with a people’s court with jurisdiction in Nanolux’s region.