Updated Date: January 20, 2022

Effective Date: January 20, 2022

 

Welcome to use QAX ID!

 

QI-ANXIN Technology Group Co., Ltd. and its affiliates (business address: QI-ANXIN Security Center, No. 26 Xizhimenwai South Road, Xicheng District, Beijing; Tel: 95015, referred to as “We” or “QI-ANXIN Group”) fully understand the importance of privacy and personal information to users (referred to as “you”) and we will take sufficient and appropriate measures to ensure the security of your personal information.

 

This Privacy Policy (hereinafter “Policy”) explains to you how we process (including collect, use, store and share) and protect your personal information when you use the QAX ID(hereinafter “Product”) within the territory of the People’s Republic of China (for the purpose of this Policy, not including Hong Kong, Macau and Taiwan; hereinafter “Mainland China”). In this Policy, the provisions which may be significant to your legitimate interests are drawn in bold form to draw your attention. Please read carefully and understand thoroughly before using the Product. Please use the Product only after you understand and consent to this Policy. Once you begin to use the Product or continue to use the Product after we have updated our Privacy Policy, we infer that you have fully understood and consented to this Policy and to our processing of your personal information in accordance with this Policy. If you have any questions, comments or suggestions regarding to the provisions of this Policy, you can contact us via the contact details provided in this Policy (see Section X below).

 

This Policy will help you understand the following:

 

I. How We Collect and Use Your Personal Information

II. How We Store Your Personal Information

III. How We Share, Transfer and Disclose Your Personal Information

IV. How We Protect Your Personal Information

V. Your Rights

VI. How Your Personal Information being Transferred Globally

VII. Protection of Children’s Personal Information

VIII. Application Scope of the Policy

IX. Modifications and Amendments to the Policy

X. How to Contact Us

 

I. How We Collect and Use Your Personal Information

 

 (I) Rules on the Collection of Personal Information

 

1. Main Collection Scenarios

 

1.1 Log-in

To facilitate your login to use this Product, we need to collect your user account and password, server address, mobile phone number and email information.

 

1.2 Multiple Authentication Methods

This Product supports multiple authentication methods, including Certificate Authentication (CA), AD domain authentication, LDAP authentication, RADIUS authentication, Multi-Factor Authentication, etc., and may be used in combination with hardware feature binding policies to meet the strong authentication requirements of users in specific application scenarios. To support the operation of authentication function, we will collect those dynamic passwords. With your consent to turn on the fingerprint login function, we will collect your fingerprint information.

 

1.3 Device Binding

To implement device binding, we will collect and use your Wi-Fi information, MAC address, SSID information, IMEI information, IMSI information, and your device name.

 

1.4 Security

To improve the security of your use of the Product provided by us and our affiliates, as well as our partners, to protect the personal and property security for you, other users or the public from infringement , to better prevent phishing websites, fraud, network vulnerabilities, computer viruses, network attacks, network intrusions and other security risks, and to identify violations of the laws and regulations or the relevant agreements and rules of QI-ANXIN Group more accurately, we may use or integrate your device information, task list, log information and other information shared by our affiliates and partners with your authorization or pursuant to the law for the purpose of identity verification, detection and prevention of security incidents, and then we will take necessary recording, auditing, analysis and disposal measures in accordance with the laws.

 

2. Invocation of Permissions

 

In the process of using this Product, we may request to invoke the following permissions. We will prompt you before invoking any permission, and only turn on the corresponding permission if you consent to such invocation.

(1) Permission Name: Take Photos, Support Function: QR Code Scanning, Type of Personal Information Collected: None;

(2) Permission Name: Read External Memory, Support Function: Read the device ID generated by the App, Type of Personal Information Collected: None;

(3) Permission Name: Write External Memory, Support Function: Save the device ID generated by the App, Type of Personal Information Collected: None;

(4) Permission Name: Read Phone Status, Support Function: For the device ID generated by the App, Type of Personal Information Collected: IMEI;

(5) Permission Name: Access Network, Support Function: Support to login, Type of Personal Information Collected: None;

(6) Permission Name: Vibration Prompt, Support Function: Prompt of QR code scanning, Type of Personal Information Collected: None;

(7) Permission Name: Network Status, Support Function: For the device ID generated by the App, Type of Personal Information Collected: Network status information;

(8) Permission Name: Wi-Fi Status, Support Function: For the device ID generated by the App, Type of Personal Information Collected: Wi-Fi status information, MAC Address;

(9) Permission Name: Bluetooth Connection, Support Function: Get Device Name for to Device Binding, Type of Personal Information Collected: Device Name;

(10) Permission Name: Flashlight, Support Function: Adjust the brightness while scanning QR code, Type of Personal Information Collected: None;

(11) Permission Name: Upgrade and Install this App, Support Function: Upgrade and download the App, Type of Personal Information Collected: None;

(12) Permission Name: Fingerprint Recognition, Support Function: Fingerprint Login, Type of Personal Information Collected: Fingerprint Information, Verification Result;

(13) Permission Name: Read Hardware Device Information, Support Function: Device Binding, Type of Personal Information Collected: WIFI Information, MAC Address, SSID Information, IMEI, IMSI Information.

 

3. Exception to Obtaining Consent

 

According to the relevant laws and regulations, your consent is not required for the collection of your personal information in the following circumstances:

 

 (1) Where necessary to perform statutory duties or obligations;

 (2) Where necessary to conclude or perform a contract to you;

 (3) Where necessary to respond to sudden public health incidents, or to protect the life, health and property security for you and others under emergency;

 (4) Processing personal information that is already disclosed by yourself or otherwise lawfully disclosed, within a reasonable scope;

 (5) Otherwise provided by laws and administrative regulations.

 

(II) Rules on the Use of Personal Information

 

1. We may use the collected personal information in accordance with this Policy and for the purpose of achieving the function of the Product and/or Services.

 

2. Please note that all the personal information you provide during the use of the Product and/or Services will be authorized to our continuously using for the period that you use the Product and/or Services, unless you delete or refuse us to collect it through your system setup.

 

3. We may compile statistics on the use of the Product and/or Services in order to demonstrate the overall usage trend of the Product and/or Services. However, these statistics do not contain any identifying information about you.

 

4. If we want to use your personal information for purposes not stated in this Policy, or the information we collect for a specific purpose is used for other purposes, we will ask you for our prior consent before such use.

 

II. How We Store Your Personal Information

 

 (I) Storage Location

 

The personal information that we collect and generate through the Product in the Mainland China will be stored in the Mainland China.

 

If it is necessary to transfer the relevant user information collected in China to overseas institutions for the purpose of carrying out cross-border business, we will obtain your consent separately and comply with the laws, administrative regulations, provisions of relevant regulatory authorities and Part VI of this policy. We will ensure that your personal information is adequately protected, e.g., encrypted storage.

 

 (II) Storage Period

 

We will only retain your personal information for the period necessary to achieve the purposes stated in this Product Privacy Policy and for the time limit required by laws and regulations. We will delete or anonymize your personal information beyond the necessary time limit.

 

If we cease to operate the Product, we will promptly cease to collect personal information from users. We will notify you of the suspension of operation in an announcement or similar form, and we will delete or anonymize the personal information (if any) we store.

 

III. How We Share, Transfer and Disclose Your Personal Information

 

 (I) Sharing

 

1. We will not share your personal information with any companies, organizations or individuals, except for the following circumstances:

 

 (1) With your explicit consent, we will share your personal information with other parties.

 (2) We may share your personal information with other parties in accordance with laws or regulations or the needs of dispute resolution and upon the requirements made by administrative or judicial authorities.

 (3) To the extent permitted by laws and regulations, when necessary, we may share your personal information to protect the legitimate interests, property or safety of you or other users, the public, QI-ANXIN Group, affiliates or partners of QI-ANXIN Group, from being harmed.

 (4) We may share your personal information with our affiliates in the event that our affiliated companies (including but not limit to Legendsec Information Technology (Beijing) Inc., Netentsec, Inc.) provide you or us with Products or Services. However, we will only share necessary information and the process of your personal information by affiliates shall be governed by this Policy. If our affiliated companies want to change the purpose of processing your information, we will obtain your consent again.

 (5) We will not share users’ information with third-party advertisers, application developers, open platforms, or other partners unless we have obtained your explicit authorization and consent.

 

2. Third Party SDK

 

In order to protect the user experience, we embed the following SDK (Software Development Kit) in our App. We remind you to be aware and have a clear understanding of the service provider that provides you with Services and how it collects and uses your personal information:

(1) SDK Name: Chromium, Gson; Company: Google; Use: Assisted Development; Type of Collected Personal Information: MAC Address, SSID, WIFI Information; Text Link: http://www.chromium.org/.

(2) SDK Name: Samsung Android; Company: Samsung Electronics; Use: Assisted Development; Type of Collected Personal Information: None; Text Link: https://developer.samsung.com/digital-id/overview.html#.

(3) SDK Name: OKHTTP; Company: Open Source; Use: Assisted Development; Type of Collected Personal Information: None; Text Link: Https://square.github.io/okhttp/#license.

(4) SDK Name: Butterknife; Company: Open Source; Use: Assisted Development; Type of Collected Personal Information: None; Text Link: Http://www.apache.org/licenses/LICENSE-2.0.

(5) SDK Name: Zxing; Company: Open Source; Use: Assisted Development; Type of Collected Personal Information: None; Text Link: Https://github.com/zxing/zxing/blob/master/LICENSE.

(6) SDK Name: Apache; Company: Open Source; Use: Assisted Development; Type of Collected Personal Information: None; Text Link: Https://httpd.apache.org/licenses/.

(7) SDK Name: FingerPrintIdentify; Company: Open Source; Use: Assisted Development; Type of Collected Personal Information: None; Text Link: Https://github.com/uccmawei/FingerPrintIdentify/blob/master/LICENSE.

(8) SDK Name: AndroidSwipeLayout; Company: Open Source; Use: Assisted Development; Type of Collected Personal Information: None; Text Link: Https://github.com/daimajia/AndroidSwipeLayout/blob/master/LICENSE.

(9) SDK Name: Eventbus; Company: Open Source; Use: Assisted Development; Type of Collected Personal Information: None; Text Link: https://github.com/greenrobot/EventBus/blob/master/LICENSE.

(10) SDK Name: XCrash; Company: IQIYI; Use: Assisted Development; Type of Collected Personal Information: System Task List; Text Link: https://github.com/iqiyi/xCrash/blob/master/LICENSE.

(11) SDK Name: AndPermission; Company: Open Source; Use: Assisted Development; Type of Collected Personal Information: None; Text Link: Http://www.apache.org/licenses/LICENSE-2.0.

(12) SDK Name: Timber; Company: Open Source; Use: Assisted Development; Type of Collected Personal Information: None; Text Link: Http://www.apache.org/licenses/LICENSE-2.0.

 

With respect to the companies, organizations or individuals with whom we share users’ information, we shall enter into a strict confidentiality agreement, data processing agreement or other binding documents with equivalent legal nature with them to make clear their responsibilities for the protection of personal information and require them to deal with your information in accordance with our instructions, this Policy and any other relevant security measures.

 

(II) Transfer

 

We shall not transfer users’ information to any other company, organization or individual, except for the following circumstances:

 

With the development of the business of QI-ANXIN Group, we or our affiliates may enter the merger, acquisition, assets transfer or other similar transactions. If the relevant transactions involve the transfer of users’ personal information, we shall inform the name, contact method of the new receiver, as well as request the new companies, organizations or individuals that hold the users’ personal information to continue to be bound by this Policy; otherwise we shall request such companies, organizations or individuals to obtain your consent again.

 

 (III) Public Disclosure

 

We may not publicly disclose your personal information only when your separate consent has been obtained, or it is required by related laws and regulations.

 

 (IV) Exceptions

 

In accordance with relevant laws and regulations and national standards, we may lawfully share, transfer or publicly disclose your personal information without your consent in the following circumstances:

 

 (1) Where necessary to conclude or perform a contract to which the individual concerned is a party, or to implement human resources management according to lawfully formulated labor rules and lawfully concluded collective contracts;

 (2) Where necessary to perform statutory duties or obligations;

 (3) Where necessary to respond to sudden public health incidents, or to protect the life, health and property safety of natural persons under emergency;

 (4) Lawfully processing personal information that is already disclosed by natural persons themselves or otherwise lawfully disclosed, within a reasonable scope;

 

IV. How We Protect Your Personal Information

 

We have taken industry-standard security measures to protect the personal information you provide against unauthorized access, public disclosure, use, modification, damage or loss.

 

1. We announce the Privacy Policy, achieve transparency in the processing of user information, and establish feedback channels for users’ comments, subject to public scrutiny.

2. We encrypt, transmit and store identifiable personally identifiable information to ensure the confidentiality of data.

3. We deploy access control mechanisms on the server side, apply the principle of minimum sufficient authorization to staff members who may have access to users’ personal information, and regularly verify the access list and access records.

4. Our server systems that store users’ personal information are all operating systems that have been hardened by security. We conduct account audit and monitoring on server operations. If we find that there are server operating systems that have security problems according to the outside announcement, QI-ANXIN Group will upgrade the server security as soon as possible to ensure the security of all our server systems and applications.

5. We regularly provide trainings to our staff about privacy protection laws and regulations, in order to enhance their privacy awareness.

6. If, unfortunately, any of our physical, technical or administrative protection measures are damaged, we will initiate an emergency plan in a timely manner to prevent the expansion of the incident. We will report the incident to the state competent authorities as required by laws and regulations, and inform you of the basic situation, possible impact, measures already taken or to be taken of the security incident by reasonable and effective ways such as pushing and announcement.

 

Please note that the Internet is not an absolute secure environment, so you are kindly advised to use complex passwords and to keep your account number and password properly. If you find that your personal information has been disclosed, in particular your account number and password, please contact us through the contact information provided in this policy immediately so that we can take appropriate measures.

 

V. Your Rights

 

You may access and manage your personal information in the following ways while using this Product:

 

1. Access and Correction of Personal Information

 

Please notify the user administrator of your company/organization to achieve the access and correction of your personal information.

 

2. Deletion of Personal Information

 

You have the right to request the deletion of your personal information by notifying the user administrator of your company/organization in the following circumstances. When the user of your company/organization closes the account of QAX ID, we will anonymize or delete your relevant personal information in that organization:

 

(1) The purpose of the processing has been achieved, cannot be achieved or is no longer necessary to achieve the purpose of the processing.

(2) Our processing of your user information violates this Policy and the laws and regulations.

(3) You deregister, uninstall, no longer use this Product and/or Services, or you withdraw your consent.

(4) We stop providing Services to you.

 

3.  Account Cancellation

 

Please notify the user administrator of your company/organization to cancel your user account.

 

4. Change or Withdrawal of User’s Authorization

 

You may turn off the relevant system permissions that you have previously granted us to use in the operating system of the device, in order to change the scope of consent or withdraw your authorization. After you close the authorization, we will no longer collect the information in connection with such permission(s). Here is a guide to close permissions on Android platform as below:

 

Android: open “Settings” - > “Applications”, slide down and find “QAX ID”, and then you can turn off the permissions.

 

Please understand that each business function needs some basic information to be performed. After you withdraw your consent or authorization, we cannot provide the corresponding Services to you anymore, and we will not process your corresponding information anymore. However, your decision to withdraw your consent or authorization will not affect the processing of information previously carried out based on your consent or authorization.

 

5. Obtain a Copy of Your Personal Information

 

Please notify the user administrator of your company/organization to apply for a copy of your personal information.

 

6. Address Your Concerns

 

If you have any questions, comments, suggestions or complaints regarding this Policy and the processing of user information, you can contact us by the contact information provided in Section X of this Policy. We will try to address your concerns. We will respond to your request within 15 business days. If the situation is complicated and thus, we need to extend the time limit for solution, we will also explain to you within 15 business days.

 

In accordance with relevant laws, regulations and national standards, we may not respond to your request under the following circumstances:

 

 (1) Those directly related to national security or national defense security;

 (2) Those related to public security, public health and material public interests;

 (3) Those related to crime investigation, prosecution, trial and enforcement of judgments;

 (4) There is sufficient evidence to prove that you have acted with malicious intent or abused your rights;

 (5) Responding to your request will cause severe damages to the legitimate rights and interests of other personal information subjects or other individuals or organizations;

 (6) Those involving trade secrets.

 

The contact information provided by you when you send your feedback will be used only for communication and feedback by our user hotline. Unless explicitly agreed by the user and/or expressly provided by law, we will not provide such information to any third party.

 

VI. How Your Personal Information being Transferred Globally

 

In principle, the personal information that is collected and generated during our operation within Mainland China will be stored within Mainland China. Only when required by laws and regulations, necessary for business development, etc., will we carry out the corresponding cross-border data transfer.

 

We ensure that all cross-border transfer of your personal information will be conducted with full notification to you and with your separate consent, and that we will take technical measures such as encryption before transfer and during storage to protect data security. In addition, we will take appropriate measures to ensure compliance with this Policy and applicable local laws, such as conducting necessary security assessment on cross-border data transfer, reviewing data recipient’s capabilities to protect data, signing data protection agreement or data transfer agreement, etc.

 

VII. Protection of Children’s Personal Information

 

1. This Product is mainly aimed at adults. Without the consent of the guardian, a child (i.e., a minor under the age of 14) shall not create his/her own user account.

 

2. With respect to the collection of a child’s personal information with the consent of the guardian, we will only process a child’s personal information where it is permitted by law, explicitly agreed by the guardian, or necessary for the protection of the child.

 

3. If we find that we have collected a child’s personal information without first obtaining verifiable parental consent, we will try to delete such data as soon as possible.

 

VIII. Application Scope of the Policy

 

This Policy applies to this Product only, and will not apply to the following circumstances:

 

1. The information collected by any third-party Product (or Service), into which this Product is embedded.

 

2. The information collected by any third-party Service, advertising or other company, organization or individual, which can be accessed in this Product.

 

IX. Modifications and Amendments to the Policy

 

This Policy is subject to modifications. We will not limit your rights under this Policy without your explicit consent.

 

We will also provide prominent notification of material changes to this Policy (for example, you will be notified in a timely manner in the form of a pop-up window when the software installed in this Product is revised or upgraded or when you log in again).

 

Material changes as referred to in the Policy include but are not limited to:

 

1. Our Product model has changed substantially. For example, the purposes of processing personal information, the types of processed personal information, the methods of using personal information, etc.

2. Our right of control and the like have changed substantially. For example, change of owner resulting from merger, acquisition or reorganization;

3. The main parties to whom the personal information is shared, transferred or publicly disclosed have changed;

4. Your rights to participate in the processing of personal information and the methods of exercising the same have significantly changed;

5. Our department in charge of the security of personal information, the contact information and the channels for complaints have changed; and

6. The report of the impact assessment on personal information security indicates that there are high risks.

 

X. How to Contact Us

 

If you have any questions, comments, suggestions or complaints about this Policy and our processing of users’ personal information, please contact us by the following:

 

Customer Service Hotline: 95015

E-mail Address kefu@qianxin.com