CarbitLink Privacy Policy
Update date: Jan 20, 2022
Effective date: Jul 27, 2020
Thank you for using the products and services of Wuhan CARBIT Information Co., Ltd. (hereinafter referred to as “we” or “CARBIT”). This Policy is meant to explain the situation about our collecting, using, storing, and sharing of your personal information, and your relevant rights and miscellaneous when you use our products and services.
If you have any questions, suggestions or advice, please contact us through:
Email: support@carbit.com.cn
Tel.: 0086-027-59586633 (China)
This Policy will help you understand the following content:
1. How do we collect and use your information
2. How do we use Cookie and similar technologies
3. How do we share, transfer, disclose your information
4. How do we protect your information
5. Your rights
6. How do we process the underage’s information
7. How do we transfer your information globally
8. How do we update this Privacy Policy
9. How to contact us
CARBIT is fully aware of the importance of personal information to you. And we are doing our best to protect your information in a reliable way. We are doing our best to maintain your trust in us. To protect your personal information, we adhere to the following principles: the principle of consistency of authority and responsibility, the principle of clear objective, the principle of acceptance and agreement, the principle of minimum sufficiency, the principle of ensuring security, the principle of subject participation, the principle of transparency, etc. Meanwhile, CARBIT promises that we will take appropriate security measures to protect your personal information under the mature security standards in the industry.
Please read and understand this Privacy Policy before using our products (or services).
If you breach the Policy, CARBIT shall have the right to unilaterally restrict, suspend or terminate providing service to you according to the detailed breach at any time, and shall have the right to investigate your responsibility.
If you are underage based on the provision of laws in your country, please read the Policy with your statutory guardian. If you breach laws and regulations, or the Policy to use CARBIT’s service, all consequence wherein shall be borne by yourself or your guardian.
I. How do we collect and use your information
(I) How do we collect your information
We collect and use your personal information only for the purposes set out in this Policy:
1. To provide you products or services
1) The information you provide to us
While using the “Navigation” function, you need to authorize us the permission of “location” and “position information”. After been permitted, we will read your accurate position information, latitude and longitude, and then provide you navigation service based on the function you required.
While using the “Add Application” function to cast the mobile-side application to the control panel of vehicle device, you need to authorize us the permission of “allow application shows on top” and “application service condition”, to use such function during screen casting.
If you need to conduct operation function to mobile-side with the control panel of vehicle device, you need to authorize us the permission of “Accessibility” function, to conduct operation with the control panel of vehicle device during screen casting.
While using the “Phone” function, you need to authorize us the permission of “Phone”, “Contacts” and “Recent call”. After been permitted, if you use the “Phone” function, we read your contact records and show them in the mobile-side application, meanwhile, we will upload them to server, and to “voice assistant”, such you can control dial with “voice assistant”. We promise not to disclose your private contacts to any third party, it will be used by yourself only.
While using the “Music” function, you need to authorize the permission of “storage and read-write” or “multimedia”, thus we can read your local music to allow you to play your local music during driving.
While using the “Voice assistant” service function, you need to authorize us the permission of “microphone”.
While using the service such as information release, instant messaging of the application, you should provide us your real identity information, otherwise we shall not provide you relevant service. While using the service, you can feedback on your experience on the product and service of “CarbitLink” to us, to help us have a better understanding of user experience and demand on the product and service, and help us to improve them.
2) The information we collect while you using the service
We collect information about the product, service, and usage mode, and associate the information to improve our service. The information includes:
Device information: we will receive and record the relevant information about the device you use (the feature information of software and hardware, such as device model, operation system version, device settings, unique device identifier), and the relevant information about the device location (such as IP address, MAC address, GPS location, and the sensor information about Wi-Fi access point, Bluetooth and base-station) according to the specific permissions granted by you during software installation and use.
Log information: while you are using the product or service provided by our website or client-side, we will collect the details of your usage mode on our service, and store them as a relevant weblog. For example, your search and query content, software list, MAC address, language, date and time of access, your access record, and the phone-call record in the application, etc.
Attention, separate device information, log information cannot identify the information of a specific natural person. If we combine such non-personal information with other information to identify specific natural person, or to use it by combining with personal information, then during the combination usage, the non-personal information shall be considered as personal information, and for this reason, we will anonymize and de-identificate such personal information, except we obtained your authorization or otherwise stipulated by laws.
While you are contacting us, we might store the message/phone-call record and content from the application, or store the contact information you gave us, so we can contact you or help you to solve problems, or we can record the solution and result of relevant problems.
When you are using “CarbitLink” service to execute some operation (such as add friends in contacts group), we might send a notification to you or others; for the third-party service you use from the open platform of “CarbitLink”, we will collect relevant information if you enable such application, and we will process the information under the Privacy Policy.
When you use the third-party SDK integrated with this software, the third party may require you to provide corresponding personal information that is a must to provide this function. Please read the Privacy Policy of the third party carefully before using this function. If you disagree, you can choose to stop using this function. At present, SDKs integrated with the software include Umeng + Statistical Analysis, mapbox.
SDK name :Umeng + Statistical Analysis SDK
SDK service type :Provide system analysis services and basic anti-cheating services for APP
Collect personal information field :Device MAC address, unique device identification code (IMEI/android ID/IDFA/OPENUDID/GUID/IMSI information of SIM card), and geographic location information for anti-cheating.
SDK privacy policy links:https://www.umeng.com/page/policy
SDK name :mapbox
SDK service type :Provide navigation function for APP
Collect personal information field :GPS location information
SDK privacy policy links :https://www.mapbox.com/legal/privacy
2. To provide you security control
To prevent, detect, investigate fraud, infringement, security hazards, illegality, or the behavior breaching our agreements, policies, or regulations, we might collect and integrate your user information, service usage information, device information, log information, and the information shared under your authorization or laws.
3. For other purposes
We will ask for your consent before we collect your information for the other purpose unspecified in the Policy.
If we discontinue operating the product or service of “CarbitLink”, we will timely stop collecting your personal information, we will send separate notification or release announcement to inform you, and we will delete or anonymize all users’ personal information.
(II) How do we use your information
We collect your information is to provide you service, and to improve service quality. Therefore, we will use your information for the following purposes:
1. To provide you the product and service of “CarbitLink”, and maintain, improve, optimize the service and user experience.
2. To prevent, detect, investigate fraud, infringement, security hazard, illegality or the behavior breaching our agreements, policies or regulations, and to protect your, other users’, the public, and our legitimate right and interest, we might collect and integrate your user information, service usage information, device information, log information, and the information shared under your authorization or laws, to comprehensively detect and prevent security incident, and to record, audit, analysis and dispose of based on laws.
3. For other purposes you permitted
II. How do we use Cookie and similar technologies
We provide the product or service of “CarbitLink” without cookies or similar technologies.
III. How do we share, transfer, disclose your information
(I) Share
We do not share your information with the company, organization or individuals beyond “CarbitLink” service provider, unless in the following situations:
1. Share under clear consent: after we obtained your clear permission, we will share your personal information with other parties.
2. Share under legal conditions: we might comply with the stipulation of law and regulations, the requirement of litigation and dispute resolution, or the request of administration and judicial authorities, to share out your personal information.
3. If you are complained by others on infringing intellectual property or other legal rights, hence it is necessary to disclose your data to the complainer to process the complaint.
4. Share with authorized partners: only for realizing the purpose set out in the Privacy Policy, some services will be provided by us together with the authorized partners. Therefore, we might share some of your personal information with the authorized partner to provide you better service and user experience. For example, while you are using the “Navigation” function, Amap can simultaneously obtain your accurate location information and track progress. We share your personal information only for legal, appropriate, necessary, specific, and clear purpose, and we only share the necessary personal information required for providing service. Our partner shall have no right to use the personal information we shared to other purposes irrelevant to the product or service.
5. Third-party software and technologies. For the normal operation of our product, we might use the software or technologies from third party. Therefore, third-party software or technologies might collect your device information (the feature information of software and hardware such as a unique device identifier). If the usage of personal information is beyond authorization scope, then such third party will ask you to choose the authorization for yourself. For the third party whom we sharing your personal information with, such third party will sign a relevant non-disclosure agreement.
(II) Transfer
We will not transfer your personal information to any company, organization, and individuals, unless in following situations:
1. Transfer under clear consent: after we obtained your clear permission, we will transfer your personal information to other parties.
2. In the case of merger, acquisition or bankruptcy liquidation of “CarbitLink” provider, or in other circumstances involved in merger, acquisition or bankruptcy liquidation, if we are involved in the transfer of personal information, we will require new company and organization that hold your personal information continue to be bound by the Policy, otherwise, we will require such company, organization, and individual to ask your authorization again.
(III) Personal information disclosure
We will disclose your information only in the following situations:
1. After we obtained your clear permission;
2. If we confirmed your illegalities or serious breaches of the relevant protocol rule of “CarbitLink”, or for protecting CARBIT or public safety and property from infringement, we might comply with legal regulation or the relevant protocol rule of “CarbitLink” to ask for your consent to disclose your personal information, including your breaches and the measure CARBIT taken on you.
(IV) Exceptions in your prior consent on sharing, transferring, disclosing your personal information
In the following situations, the sharing, transferring, disclosing of your personal information are no need to obtain your prior consent:
1. In the case of national security, national defense;
2. In the case of public safety, public health, major public interests;
3. In the case of crime investigation, prosecution, trial, and judgment execution;
4. In the case of protecting your or other individual’s major legitimate right and interest such as life and property, though it is impossible to obtain your consent;
5. The personal information you voluntarily disclose;
6. In the case of collecting the personal information from legitimate disclosure, such as news report, government information release;
7. In the case of required by the contract you asked to conclude;
8. In the case of required by maintaining safe operation of the product and service we provided, such as detecting and handling the malfunction of product and service;
9. In the case of requiring by the academic organization based on the demand for public statistics or study research (if the academic organization release its study or result description, the personal information included wherein shall be de-identified);
10. Other cases prescribed by laws.
Special attention, the sharing, transferring of de-identified personal information under laws (which assures the data receiver is not able to recover and re-identify the personal information subject) shall not fall within the behavior of public sharing, transferring, and disclosure. Therefore, the storing and processing of such data do not need prior notice to inform you to obtain your consent. If your information alone or combined with other information can identify your personal identity, or if we are unable to use your specific personal information in combination, then during the combined use, such information shall be considered as your personal information, and shall be processed and protected under the Privacy Policy.
IV. How do we protect your information
(I) Technological protection. We will take all kinds of protective measures to protect your personal information to prevent your personal information from unauthorized access, disclosure, utilization, modification, damage or lost. We will use the encryption technique to ensure data confidentiality; we will use a trusted protection mechanism to protect data from malicious attacks; we will deploy the access-control mechanisms to ensure only authorized persons can access personal information. We will consolidate the understanding of our staff on the importance of personal information protection.
(II) Security system guarantee. We have an advanced data security management system. The system is designed for the data, and developed around data life cycle. Its design includes a variety of parts such as organizational construction, system design, personal information security assessment, to comprehensively improve the whole security system. At present, we have obtained the following certifications in the country of registration (China): Certification of Intellectual Property Management System of Enterprise, Certification of Information Security Management System, Certification of Information Technological Service Management System, Certification of Quality Management System (ISO 9000), CMMI3 Certification.
(III) We will adopt rational and feasible measures to refrain from collecting irrelevant personal information as possible. We will keep your personal information only within the time limit for the purpose set out in the Policy, unless the time limit needs prolonged or allowed by laws.
(IV) The Internet environment is not absolutely safe. Please attention, though we have security measures, there is no “perfect security measure” on the Internet. However, we still do our best to protect your information security.
(V) The Internet is not absolutely safe, moreover, emails and instant messaging are non-encrypted, therefore, we strongly suggest you not send personal information through such methods. Please use complicate password to assist us to ensure your account safety.
(VI) If a personal information security incident occurs, we will comply with the requirement of laws and regulations to timely inform you: the background and the possible impact of security incident, the measures we took or we intend to take, the suggestion for your precaution and risk-reduction, and the remedies. We will timely inform the incident details to you with mail, letter, phone call, push-notification. If it is difficult to inform the personal information subject, we will take a rational and effective way to release announcements.
(VII) If you find your personal information leakage, especially the leakage of your account and password, please instantly contact our customer service, so as we can take corresponding measures. Meanwhile, we will initiate the report of disposition for personal information incident to regulatory authorities under their requirement.
Special attention, the personal information protection measures set out in the Privacy Policy are only for the software and relevant service of “CarbitLink”. Once you leave “CarbitLink” to browse or use another website, service and content source, we shall have no right and responsibility to protect your personal information you submit in the software or website beyond “CarbitLink”, no matter whether your login, browse or utilization of the above software, website is linked or guided based CARBIT.
V. Your rights
Under the laws, regulations, norms in China, and the common practices in other countries, regions, we secure you can exercise the following rights on your personal information:
(I) To access your personal information
You have the rights to access your personal information, excluding the exceptions stipulated by laws and regulations.
(II) To correct your personal information
If you find your personal information processed by us is wrong, you shall have the rights to ask us to correct it. you can inform us through phone calls or emails. We will respond to your correction request within 15 legal working days.
(III) To delete your personal information
In the following situations, you may ask us to delete your personal information:
1. If our disposing on your personal information violates the laws and regulations;
2. If we collect and use your personal information without your prior consent;
3. If our disposing on your personal information violates the agreement with you;
4. If you no longer use our product or service, or you annul your account;
5. If we no longer provide you products or services.
If we decide to respond to your delete request, we will simultaneously inform the entities obtained your personal information from us to ask them to timely delete, unless there is another stipulation of laws and regulations, or those entities obtained independent authorize from you.
If you delete your information in our service, we might not instantly delete the corresponding information in the backup system, but the information will be deleted in a backup update.
(IV) To change your authorization range
As each service function need personal information to be conducted, for additional collecting and using personal information, you can grant or cancel your authorization at any time.
If you cancel the authorization, we will no longer process the corresponding personal information. But if you cancel the authorization, which will not influence the personal information process conducted based on prior authorization.
(V) To restrain the automatic decision of the information system
In some service function, we might make non-artificial resolution merely depending on the automatic decision of the information system and algorithm. If such resolution significantly influences your legitimate right and interest, you shall have the right to ask us to explain, and we will provide appropriate remedies.
(VI) To influence your request above mentioned
For security reasons, you might need to provide a written request or other methods to prove your identity. We might require you to verify your identity first, then we will process your request. We will make a response within 15 legal working days.
In principles, we will not charge you for rational requests, unless your request is repeated, and exceed the appropriate rational limit, and we will charge you the cost expense based on the case. For the request been irrational repeated or required too much technical means (for example, it requires a new system, or fundamentally change for existing practices), and for the request may endanger other users’ legitimate right and interest, or for the impracticable request (for example, requiring storing information by tape recorder to backup), we may deny such request.
As been required by laws and regulation, we will not respond to your request in the following situations:
1. In the direct relation of national security, national defense;
2. In the direct relation of public safety, public health, major public interests;
3. In the direct relation of crime investigation, prosecution, trial, and judgment execution;
4. There is sufficient evidence to prove your subjective malicious or abuse of rights;
5. The legitimate right and interest of you, other individuals or organization may suffer if your request been responded;
6. In the case of business secrets.
VI. The protection for underage
As our product, website, and service are mainly for adults, the underage shall not use.
Although the definition on the underage varies based on local laws and conventions, we regard the person under 18 year’s old as the underage.
If we find we collected the personal information of underages without prior consent from their parents, we will delete relevant data as soon as possible.
VII. How do we transfer your information globally
In principle, the personal information we collected and generated in the territory of the People's Republic of China, which will be store in the country.
In consideration of that we provide our product and service through global source and servers, which means, if we obtained your authorization, your personal information might be transferred to the jurisdiction area beyond your country/region, or might be accessed by the visitor from such jurisdiction area.
The laws for data protection may vary from jurisdiction area, or even there are no such laws. For such situation, we will ensure your personal information will be protected based on the same protection level as in the People’s Republic of China. For example, we will ask your consent for the cross-border transferring of your personal information, or we will take some security measures such as de-identification before transferring data across borders.
VIII. How do we update this Privacy Policy
Our Privacy Policy may change and update.
We will not reduce your right and interest under the Privacy Policy without your clear consent. We will release any changes we made to the Policy on this page.
For the major change, we will provide notable notification (including the notification for service, we will notify you with sending emails to inform you of detailed changes of the Privacy Policy).
The major change referred to in the Policy, including but not limited to:
1. The major change in our service model. For example, the purpose and type of processing personal information, and the usage mode of personal information;
2. The major change of our ownership structure and organization, etc. For example, the change due to business adjustment, bankruptcy, merge, and acquisitions;
3. The change of the primary objects in the sharing, transferring or disclosure of personal information;
4. The major change of the rights and its exercise of the personal information processing you involved in;
5. The change of our responsible department, liaison and complaint channels for processing personal information;
6. If there is a high risk reported in the security influence assessment for personal information.
If you continue using our service, which means you consent to accept the modified content of the Policy. However, if the updated content requires sensitive personal information beyond the scope of this Privacy Policy, we will ask your consent again in noticeable methods.
IX. How to contact us
If you have any question, suggestion or advice for the Privacy Policy, please contact us through:
Email: support @carbit.com.cn
Tel.:0086-027-59586633 (China)
Generally, we will make a response within 15 legal working days .
Wuhan CARBIT Information Co., Ltd. owns the copyright of the Privacy Policy. We have the right of explaining and modifying within the extent permitted by laws. If you are unsatisfied with our respond, especially for your legitimate right and interest been damaged by our processing to your personal information, you can seek solutions through the following approach: to lodge a complaint to the competent court in Wuhan East Lake Hith-tech Development Zone.
CarbitLink Privacy Policy is made in Chinese and English version, if there is any disputes between the two versions, Chinese version shall prevail.
《CarbitLink隐私政策》
更新日期:2022年1月20日
生效日期:2020年7月27日
欢迎您选择由武汉卡比特信息有限公司(以下简称“我们”、“卡比特”)提供的产品或服务。本政策旨在向您说明您在使用我们的产品或服务时,我们收集、使用、存储和共享您的个人信息的情况,以及您所享有的相关权利等事宜。
如果您有任何疑问、意见或建议,请通过以下联系方式与我们联系:
电子邮件:support @carbit.com.cn
电 话:0086-027-59586633(China)
本政策将帮助您了解以下内容:
1.我们如何收集和使用您的个人信息
2.我们如何使用Cookie和同类技术
3.我们如何共享、转让、公开披露您的个人信息
4.我们如何保护您的个人信息
5.您的权利
6.我们如何处理未成年人的个人信息
7.您的个人信息如何在全球范围转移
8.本隐私政策如何更新
9.如何联系我们
卡比特深知个人信息对您的重要性,并会尽全力保护您的个人信息安全可靠。我们致力于维持您对我们的信任,保护您的个人信息,恪守以下原则:权责一致原则、目的明确原则、选择同意原则、最少够用原则、确保安全原则、主体参与原则、公开透明原则等。同时,卡比特承诺,我们将按业界成熟的安全标准,采取相应的安全保护措施来保护您的个人信息。
请您在使用我们的产品(或服务)前,务必仔细阅读并了解本《隐私政策》。
您有违反本政策的任何行为时,卡比特有权依照违反情况,随时单方限制、中止或终止向您提供本服务,并有权追究您的相关责任。
如果根据您所在国家规定您属于未成年人,请在法定监护人的陪同下阅读本政策。如您违反法律法规或本政策内容使用卡比特服务,造成的一切后果由您及您的监护人承担。
一、我们如何收集和使用您的个人信息
(一) 我们如何收集您的信息
我们会出于本政策所述的以下目的,收集和使用您的个人信息:
1.向您提供产品或服务
1)您向我们提供的信息
在您使用“导航”功能时,您需要向我们授权“定位”、“位置信息”权限。在您授权后,我们会读取到您的精准位置信息和经纬度,会根据您需要使用的功能提供导航服务。
当您使用“添加应用”功能,将手机其他应用投射到车机中控屏上时,您需要向我们授权开启“允许应用在上层显示”及“应用使用情况”,以便您可在投屏时使用此功能。
当您需要使用在车机中控屏上对手机应用进行操作功能时,您需要向我们授权开启“无障碍”功能,以便以便您在投屏时可以在车机中控屏进行反控操作。
在您使用“电话”功能时,您需要向我们授权“电话”、“联系人”和“通话记录”权限。在您授权后并使用“电话”功能时,我们会读取到您的通讯记录并呈现在手机应用内,同时我们会上传至服务器,提供给“语音助手”,您可通过“语音助手”进行控制拨号。我们保证不会泄露您的个人通讯录给第三方,仅作您个人使用。
在您使用“音乐”功能时,您需要向我们授权“存储与读写”或“多媒体”权限,以便我们读取本地音乐,让您在驾驶过程中可播放您的本地歌曲。
在您使用 “语音助手”服务功能时,您需要向我们授权“麦克风”功能。
您使用本软件中的信息发布、即时通讯等服务时,应当向我们提供真实身份信息,否则我们将不得为您提供相关服务。服务使用过程中,您可以对“CarbitLink”产品及服务的体验问题进行反馈,帮助我们更好地了解您使用我们产品或服务的体验和需求,改善我们的产品或服务。
2)我们在您使用服务过程中收集的信息
我们会收集关于您使用产品、服务以及使用方式的信息并将这些信息进行关联以提升我们的服务,这些信息包括:
设备信息:我们会根据您在软件安装及使用中授予的具体权限,接收并记录您所使用的设备相关信息(例如设备型号、操作系统版本、设备设置、唯一设备标识符等软硬件特征信息)、设备所在位置相关信息(例如IP地址、MAC地址、GPS位置信息以及能够提供相关信息的Wi-Fi接入点、蓝牙和基站等传感器信息)。
日志信息:当您使用我们的网站或客户端提供的产品或服务时,我们会收集您对我们服务的详细使用情况,作为有关网络日志保存。例如您的搜索查询内容、软件列表、MAC地址、使用的语言、访问日期和时间、您的访问记录、从应用内产生的通话状态等。
请注意,单独的设备信息、日志信息等是无法识别特定自然人身份的信息。如果我们将这类非个人信息与其他信息结合用于识别特定自然人身份,或者将其与个人信息结合使用,则在结合使用期间,这类非个人信息将被视为个人信息,除取得您授权或法律法规另有规定外,我们会将该类个人信息做匿名化、去标识化处理。
当您与我们联系时,我们可能会保存您在应用内产生的通信/通话记录和内容或您留下的联系方式等信息,以便与您联系或帮助您解决问题,或记录相关问题的处理方案及结果。
当您使用“CarbitLink”服务执行某些操作时(例如向您的分组添加好友),我们可能会向您或其他人发送通知;对于您在“CarbitLink”开放平台开通使用的第三方应用服务,我们将在您启动该应用时收集相关信息,并按照本隐私权政策进行处理。
当您在使用本软件集成的第三方SDK时,第三方可能依据提供该功能所必须要求您提供相应的个人信息。在使用该功能之前,请您务必仔细阅读该第三方的《隐私政策》。如果您不同意,可以选择停止使用该功能。目前,本软件集成的SDK有友盟+统计分析、mapbox。
SDK名称:友盟+统计分析SDK
SDK服务类型 :为APP提供系统分析服务及基础反作弊服务
收集个人信息字段 :设备MAC地址、唯一设备识别码(IMEI/android ID/IDFA/OPENUDID/GUID\SIM卡IMSI信息)、用于反作弊的地理位置信息
SDK隐私政策链接 :https://www.umeng.com/page/policy
SDK名称:mapbox
SDK服务类型 :为APP提供导航功能
收集个人信息字段 :GPS位置信息
SDK隐私政策链接 :https://www.mapbox.com/legal/privacy
2.为您提供安全保障
为预防、发现、调查欺诈、侵权、危害安全、非法或违反我们的协议、政策或规则的行为,我们可能收集或整合您的用户信息、服务使用信息、设备信息、日志信息以及取得您授权或依据法律共享的信息。
3.其他用途
我们将基于本政策未载明的其他特定目的收集您的信息时,会事先征求您的同意。
如我们停止运营“CarbitLink“产品或服务,我们将及时停止继续收集您个人信息的活动,并将停止运营的通知以逐一送达或公告的形式通知您,对所持有的用户个人信息进行删除或匿名化处理。
(二) 我们如何使用您的信息
收集您的信息是为了向您提供服务及提升服务质量,为了实现这一目的,我们会把您的信息用于下列用途:
1.向您提供您使用的“CarbitLink”产品或服务,并维护、改进、优化这些服务及服务体验。
2.为预防、发现、调查欺诈、侵权、危害安全、非法或违反我们的协议、政策或规则的行为,保护您、其他用户或公众、我们的合法权益,我们可能使用或整合您的用户信息、服务使用信息、设备信息、日志信息以及我们取得您授权或依据法律共享的信息,来综合检测及防范安全事件,并依法采取必要的记录、审计、分析、处置措施。
3.经您许可的其他用途。
二、我们如何使用 Cookie 和同类技术
我们提供“CarbitLink”产品或服务,没有使用Cookie和同类技术。
三、我们如何共享、转让、公开披露您的信息
(一) 共享
我们不会与“CarbitLink”服务提供者以外的公司、组织和个人共享您的个人信息,但以下情况除外:
1.在获取明确同意的情况下共享:获得您的明确同意后,我们会与其他方共享您的个人信息。
2.在法定情形下的共享:我们可能会根据法律法规规定、诉讼争议解决需要,或按行政、司法机关依法提出的要求,对外共享您的个人信息。
3.在您被他人投诉侵犯知识产权或其他合法权利时,需要向投诉人披露您的必要资料,以便进行投诉处理的。
4.与授权合作伙伴共享:仅为实现本隐私政策中声明的目的,我们的某些服务将由我们和授权合作伙伴共同提供。我们可能会与合作伙伴共享您的某些个人信息,以提供更好的客户服务和用户体验。例如,在您使用“导航”功能时,高德地图可能同时获取到您的精准定位信息、行踪轨迹。我们仅会出于合法、正当、必要、特定、明确的目的共享您的个人信息,并且只会共享提供服务所必要的个人信息。我们的合作伙伴无权将共享的个人信息用于与产品或服务无关的其他用途。
5.第三方软件与技术。为了使您正常使用我们产品,我们可能会使用第三方的软件或技术,第三方软件或技术可能会收集您的设备信息(唯一设备标识符的软硬件特征信息)。如超出授权范围内使用个人信息的,该第三方需再次征求您的自主选择意愿。对我们与之共享您个人信息的第三方,该第三方会与我们签订相关保密协议。
(二) 转让
我们不会将您的个人信息转让给任何公司、组织和个人,但以下情况除外:
1.在获取明确同意的情况下转让:获得您的明确同意后,我们会向其他方转让您的个人信息。
2.在“CarbitLink”提供者发生合并、收购或破产清算情形,或其他涉及合并、收购或破产清算情形时,如涉及到个人信息转让,我们会要求新的持有您个人信息的公司、组织继续受本政策的约束,否则我们将要求该公司、组织和个人重新向您征求授权同意。
(三) 个人信息的公开披露
我们仅会在以下情况下,公开披露您的个人信息:
1.获得您明确同意后;
2.如果我们确定您出现违反法律法规或严重违反“CarbitLink”相关协议规则的情况,或为保护卡比特或公众的人身财产安全免遭侵害,我们可能依据法律法规或“CarbitLink”相关协议规则征得您同意的情况下披露关于您的个人信息,包括相关违规行为以及卡比特已对您采取的措施。
(四) 共享、转让、公开披露个人信息时事先征得授权同意的例外
以下情形中,共享、转让、公开披露您的个人信息无需事先征得您的授权同意:
1.与国家安全、国防安全有关的;
2.与公共安全、公共卫生、重大公共利益有关的;
3.与犯罪侦查、起诉、审判和判决执行等有关的;
4.出于维护您或其他个人的生命、财产等重大合法权益但又很难得到本人同意的;
5.您自行向社会公众公开的个人信息;
6.从合法公开披露的信息中收集个人信息的,如合法的新闻报道、政府信息公开等渠道;
7.根据您的要求签订合同所必需的;
8.用于维护所提供的产品和服务的安全稳定运行所必须的,例如发现、处置产品或服务的故障;
9.学术研究机构基于公共利益开展统计或学术研究所必要,且对外提供学术研究或描述的结果时,对结果中所包含的个人信息进行去表示处理的;
10.法律法规规定的其他情形。
特别提醒您注意,根据法律规定,共享、转让经去标识化处理的个人信息,且确保数据接收方无法复原并重新识别个人信息主体的,不属于个人信息的对外共享、转让及公开披露行为,对此类数据的保存及处理将无需另行向您通知并征得您的同意。当您的信息可以单独或结合其他信息识别到您的个人身份时或我们将无法与您任何特定个人信息结合使用时,则在结合使用期间,这些信息将作为您的个人信息按照本隐私政策处理与保护。
四、我们如何保护您的信息
(一)技术保护。我们会采取各种预防措施来保护您的个人信息,防止您的个人信息遭到未经授权访问、公开披露、使用、修改、损坏或丢失。我们会使用加密技术确保数据的保密性;我们会使用受信赖的保护机制防止数据遭到恶意攻击;我们会部署访问控制机制,确保只有授权人员才可访问个人信息。我们会加强员工对于保护个人信息重要性的认识。
(二)安全体系保证。我们有行业先进的以数据为核心,围绕数据生命周期进行的数据安全管理体系,从组织建设、制度设计、人员管理、产品技术、个人信息安全影响评估等方面多维度提升整个安全体系。目前,我们已经在注册地中国取得了以下认证:企业知识产权管理体系认证、信息安全管理体系认证、信息技术服务管理体系认证、质量管理体系认证(ISO9000)、CMMI3认证。
(三)我们会采取合理可行的措施,尽力避免收集无关的个人信息。我们只会在达成本政策所述目的所需的期限内保留您的个人信息,除非需要延长保留期限或受到法律的允许。
(四)互联网环境并非百分之百安全,尽管我们有这些安全措施,但请注意在互联网上不存在“完善的安全措施”,我们将尽力确保您的信息的安全性。
(五)互联网并非绝对安全的环境,而且电子邮件、即时通讯并未加密,我们强烈建议您不要通过此类方式发送个人信息。请使用复杂密码,协助我们保证您的账号安全。
(六)在不幸发生个人信息安全事件后,我们将按照法律法规的要求,及时向您告知:安全事件的基本情况和可能的影响、我们已采取或将要采取的处置措施、您可自主防范和降低风险的建议、对您的补救措施等。我们将及时将事件相关情况以邮件、信函、电话、推送通知等方式告知您,难以逐一告知个人信息主体时,我们会采取合理、有效的方式发布公告。
(七)如您发现自己的个人信息泄露,尤其是您的账户及密码发生泄露,请您立即联络我方客服,以便我方采取相应措施。同时,我们还将按照监管部门要求,主动上报个人信息安全事件的处置情况。
特别提醒您,本隐私政策提供的个人信息保护措施仅适用于“CarbitLink”软件及相关服务。一旦您离开“CarbitLink及相关服务”,浏览或使用其他网站、服务及内容资源,我们即无任何权利和义务保护您在“CarbitLink及相关服务”以外的软件或网站上提交的任何个人信息,无论您登陆、浏览或使用前述软件、网站是否基于卡比特的链接或引导。
五、您的权利
按照中国相关的法律、法规、标准,以及其他国家、地区的通行做法,我们保障您对自己的个人信息行使以下权利:
(一)访问您的个人信息
您有权访问您的个人信息,法律法规规定的例外情况除外。
(二)更正您的个人信息
当您发现我们处理的关于您的个人信息有错误时,您有权要求我们做出更正。您可以通过电话或电子邮件的方式通知我们。我们将在15个工作日内回复您的更正请求。
(三)删除您的个人信息
在以下情形中,您可以向我们提出删除个人信息的请求:
1、如果我们处理个人信息的行为违反法律法规;
2、如果我们收集、使用您的个人信息,却未征得您的同意;
3、如果我们处理个人信息的行为违反了与您的约定;
4、如果您不再使用我们的产品或服务,或您注销了账号;
5、如果我们不再为您提供产品或服务。
若我们决定响应您的删除请求,我们还将同时通知从我们获得您的个人信息的实体,要求其及时删除,除非法律法规另有规定,或这些实体获得您的独立授权。
当您从我们的服务中删除信息后,我们可能不会立即在备份系统中删除相应的信息,但会在备份更新时删除这些信息。
(四)改变您授权同意的范围
每个业务功能需要一些基本的个人信息才能得以完成。对于额外个人信息的收集和使用,您可以随时给予或收回您的授权同意。
当您收回同意后,我们将不再处理相应的个人信息。但您收回同意的决定,不会影响此前基于您的授权而开展的个人信息处理。
(五)约束信息系统自动决策
在某些业务功能中,我们可能仅依据信息系统、算法等在内的非人工自动决策机制做出决定。如果这些决定显著影响您的合法权益,您有权要求我们做出解释,我们也将提供适当的救济方式。
(六)响应您的上述请求
为保障安全,您可能需要提供书面请求,或以其他方式证明您的身份。我们可能会先要求您验证自己的身份,然后再处理您的请求。我们将在15个工作日内做出答复。
对于您合理的请求,我们原则上不收取费用,但对多次重复、超出合理限度的请求,我们将视情收取一定成本费用。对于那些无端重复、需要过多技术手段(例如,需要开发新系统或从根本上改变现行惯例)、给他人合法权益带来风险或者非常不切实际(例如,涉及备份磁带上存放的信息)的请求,我们可能会予以拒绝。
在以下情形中,按照法律法规要求,我们将无法响应您的请求:
1、与国家安全、国防安全直接相关的;
2、与公共安全、公共卫生、重大公共利益直接相关的;
3、与犯罪侦查、起诉、审判和判决执行等直接相关的;
4、有充分证据表明您存在主观恶意或滥用权利的;
5、响应您的请求将导致您或其他个人、组织的合法权益受到严重损害的;
6、涉及商业秘密的。
六、未成年人保护
我们的产品、网站和服务主要面向成人,未成年人不得使用。
尽管当地法律和习俗对未成年人的定义不同,但我们将不满 18 周岁的任何人均视为未成年人。
如果我们发现自己在未事先获得可证实的父母同意的情况下收集了未成年人的个人信息,则会设法尽快删除相关数据。
七、您的个人信息如何在全球范围转移
原则上,我们在中华人民共和国境内收集和产生的个人信息,将存储在中华人民共和国境内。
由于我们通过遍布全球的资源和服务器提供产品或服务,这意味着,在获得您的授权同意后,您的个人信息可能会被转移到您使用产品或服务所在国家/地区的境外管辖区,或者受到来自这些管辖区的访问。
此类管辖区可能设有不同的数据保护法,甚至未设立相关法律。在此类情况下,我们会确保您的个人信息得到在中华人民共和国境内足够同等的保护。例如,我们会请求您对跨境转移个人信息的同意,或者在跨境数据转移之前实施数据去标识化等安全举措。
八、本政策如何更新
我们的隐私政策可能变更。
未经您明确同意,我们不会削减您按照本隐私政策所应享有的权利。我们会在本页面上发布对本政策所做的任何变更。
对于重大变更,我们还会提供更为显著的通知(包括对于某些服务,我们会通过电子邮件发送通知,说明隐私政策的具体变更内容)。
本政策所指的重大变更包括但不限于:
1、我们的服务模式发生重大变化。如处理个人信息的目的、处理的个人信息类型、个人信息的使用方式等;
2、我们在所有权结构、组织架构等方面发生重大变化。如业务调整、破产并购等引起的所有者变更等;
3、个人信息共享、转让或公开披露的主要对象发生变化;
4、您参与个人信息处理方面的权利及其行使方式发生重大变化;
5、我们负责处理个人信息安全的责任部门、联络方式及投诉渠道发生变化时;
6、个人信息安全影响评估报告表明存在高风险时。
如您继续使用我们的服务,表示您同意接受修订后的本政策内容,但是如果更新的内容需要超过本隐私政策范围的个人敏感信息,仍会再次以显著方式征求您的同意。
九、如何联系我们
如果您对本隐私政策有任何疑问、意见或建议,通过以下方式与我们联系:
电子邮件:support @carbit.com.cn
电 话:0086-027-59586633(China)
一般情况下,我们将在15个工作日内回复。
本隐私政策的版权为武汉卡比特信息公司所有,在法律允许的范围内,我们拥有解释和修改的权利。如果您对我们的回复不满意,特别是我们的个人信息处理行为损害了您的合法权益,您还可以通过以下外部途径寻求解决方案:向武汉市东湖新技术开发区有管辖权的法院提起诉讼来寻求解决方案。
本公司CarbitLink隐私政策有中、英文两种版本,如两种版本文字发生歧义,则以中文版为准。