小满科技——OKKI 每个外贸人的智能伙伴

1. State that Xiaoman SaaS software is a standardized software. Upon ordering Xiaoman software, the enterprise users will be deemed to have agreed the use of the standardized entrusted processing services provided by Xiaoman SaaS software at their own expense; you are fully notified that we process your personal information generated in the process of working for the enterprise users as entrusted by the enterprise users.

2. Add the personal information processing scenario in the new product functions in Xiaoman SaaS software.

3. Tell you how to protect your personal information under scenarios such as binding Xiaoman account with your personal mailbox and resignation.

4. Further inform you of the scenario, purpose, objective, necessity of sharing personal information with related parties, and your corresponding rights.

SPECIAL NOTE

Dear users, welcome to use Xiaoman SaaS software (including web client, desktop application and mobile OKKI APP) and services!

Shenzhen Xiaoman Technology Co., Ltd. (registered address: F14, Block B, Dachong Business Center, No. 9678 Shennan Avenue, Nanshan District, Shenzhen, hereinafter referred to as "Xiaoman Technology" or "we") understands that the privacy issues not only involve compliance, but also reflect people's trust, and your trust is very important to us! We will fully guarantee the security of your personal information in accordance with the requirements of laws and regulations and the best industrial practices, and hereby prepares this General Privacy Policy (hereinafter referred to as "this Privacy Policy") to enable you to understand how we collect, use, share , store, and protect your personal information in the process of providing you with products and/ or services and how you can manage your personal information.

Before you use our products and/ or services, please make sure to carefully read and fully understand this Privacy Policy, especially the terms highlighted in bold or underlined, to ensure that you fully understand and agree this Privacy Policy. If you do not agree with any content of this Privacy Policy, you should stop using our products and/ or services immediately. If you have any questions, comments or suggestions about the contents of this Privacy Policy, you can contact us according to the contact information provided in this Privacy Policy.

This Privacy Policy will help you understand the following:

1. Definition and applicable scope of this Privacy Policy

2. How do we collect and use your personal information

3. How do we use Cookies and similar technologies

4. How do we share, transfer and publicly disclose your personal information

5. How do we store your personal information

6. How do we protect your personal information

7. What rights can you exercise to dispose of your personal information collected by us

8. How do we protect the personal information of minors

9. How to upgrade this Privacy Policy

10. How do you contact us

I. Definition and applicable scope

(I) Definitions

1. Xiaoman SaaS software product and/ or service provider: refers to the legal subject developing and providing Xiaoman SaaS software and corresponding software services, namely Shenzhen Xiaoman Technology Co., Ltd., hereinafter referred to as "we" or "Xiaoman Technology".

2. Products and/ or services: refer to Xiaoman SaaS software and/ or corresponding software services provided by us to the users.

3. Enterprise users of Xiaoman SaaS software: refer to the enterprises that register Xiaoman account through their authorized administrator or directly through their legal representatives, and open, manage and use Xiaoman SaaS software products and/ or services on behalf of the enterprise as an administrator through the main account, hereinafter referred to as "enterprise users".

4. Xiaoman SaaS software end user (i.e. "you"): refer to the actual user of Xiaoman account, including the actual user of main account and sub-account, hereinafter collectively referred to as "end user". The actual user of the main account is the administrator authorized by the enterprise user, who has the management authority of the sub account, and opens, manages and uses Xiaoman SaaS software products and/ or services on behalf of the enterprise user through the operation of the master account, hereinafter referred to as "enterprise user’s administrator".

5. Personal information: refers to all information of identified or identifiable natural persons recorded electronically or otherwise, excluding anonymous information.

6. Sensitive personal information: refers to the personal information, the disclosure or illegal use of which is likely to infringe upon the human dignity of natural persons or endanger the personal and property safety. The sensitive personal information is highlighted and underlined in this Privacy Policy.

7. Basic business functions: refer to the functions set to meet the fundamental expectations and main needs of the enterprise users for our products and/ or services, including the software functions used by you and the enterprise user to meet customer cooperation management and business operation management requirements and the functions that must be set to ensure the information security of you and the enterprise user. It should be noted that Xiaoman SaaS software is a software product developed to satisfy the management needs of enterprises such as enterprise customer. Although different versions are available and the basic business functions vary with the versions, the basic business functions of each version are determined and standardized software products are developed after investigating and summarizing a large number of enterprise users’ needs. Upon ordering Xiaoman SaaS software, the enterprise users will be deemed to have accepted the standardized basic business functions provided by Xiaoman SaaS software, and the extended business functions.

8. Extended business functions: refer to the functions other than the basic business functions set to provide our more efficient or perfect products and/ or services, and to provide more comfortable use experience to you and the enterprise users.

9. Children: refer to minors under the age of 14.

10. Personal information deletion: refers to the removal of the personal information from the system involved in the realization of daily business functions so that the personal information can not be retrieved and accessed.

11. Anonymization of personal information: refers to the process in which personal information is processed not to identify the natural person. The anonymized personal information cannot be recovered.

12. Personal information controller: an organization or individual that has the right to determine personal information processing purpose and method. For the purpose of this Privacy Policy, the personal information controller refers to the enterprise users of Xiaoman SaaS software. It should be noted that although Xiaoman SaaS software is used by you and other employees or authorized personnel of the enterprise users to enter and deposit relevant information or data, including those belonging to the category of personal information, the data or information stored or deposited in Xiaoman SaaS software is actually controlled by the enterprise users. Xiaoman SaaS software is the standardized software with standard data processing functions, such as storage, analysis, etc. Therefore, upon ordering Xiaoman SaaS software, the enterprise users will be deemed to use the standardized entrusted processing services provided by Xiaoman SaaS software at their own expense.

Unless otherwise described, the terms used in this Privacy Policy have the same definitions as those used in the service contract.

(II) Applicable scope

This Privacy Policy is applicable to Xiaoman SaaS software products and/ or services, including web clients, desktop applications and mobile OKKI APP. If Xiaoman SaaS software products and/ or services are used in the products and/ or services of our affiliated companies, without preparation of an independent privacy policy, this Privacy Policy shall be also applicable to these products and/ or services.

It should be noted that this Privacy Policy is not applicable to the services provided by third parties embedded in Xiaoman SaaS software (hereinafter referred to as "third-party services"), such as customs declaration, logistics and transportation, PayPal payment services and credit guarantee transaction services of Alibaba International Station (hereinafter referred to as "credit guarantee services"), which are provided to you by third-party service providers. The information you provide to the third-party service provider is not applicable to this Privacy Policy. Therefore, before you choose to use the third-party services, please fully understand its product functions and privacy protection policy, and then decide whether to use these third-party services.

II. How do we collect and use your personal information

Under this Privacy Policy, when you use our products and/ or services, we collect your personal information as following: (1) you provide the information directly to us; (2) relevant information is obtained by us during your use of products/ services; and (3) your personal information is obtained from a third party. We need/ may collect and process your personal information as below:

1. The information is collected and processed by us with your authorization to provide you with the basic business functions of our products and/ or services. If you refuse to provide or refuse to authorize us to collect and process these information, you will not be able to obtain the products and/ or services provided by us, and shall stop using Xiaoman SaaS software immediately;

2. The information is collected and processed by us with your authorization to provide you with the extended business functions of our products and/ or services. If you refuse to provide or refuse to authorize us to collect and process these information, you will not be able to use these extended business functions and experience their convenience and effects, but your use of basic business functions will not be affected.

You understand and agree that in order to provide you with better product and/ or service experience, we constantly make effort to improve our technology, and when we launch new or optimized functions from time to time, we may collect and process new personal information or change personal information use purpose or mode. In this regard, we will separately explain to you the collection purpose, scope and use method of corresponding personal information by updating this Privacy Policy, pop-up window, page prompt, etc., and provide you with the options, and we can collect and process your personal information only with your express consent. During this process, if you have any questions, opinions or suggestions, you can contact us according to the contact information provided in this Privacy Policy, and we will answer them for you as soon as possible.

(I) Collection and use of your personal information

We will collect and use your personal information only for the following purposes described in this Privacy Policy:

1. Collection and use of information for registering and logging in Xiaoman account and changing master account

Before using our products and/ or services, you shall register Xiaoman account. Before the registration, you shall provide us with your company name, and your name, email address and mobile phone number; Upon the login, for the sake of your account safety, we will not only perform safety verification for your login, but also collect your IP address to identify abnormal login. We will also collect the versions of your computer operating system and browser to confirm whether your system and browser are compatible with Xiaoman SaaS software; After logging in Xiaoman account, you can independently complete your personal information, such as profile photo, telephone number, fax number, contact address and other information.

If you have registered Xiaoman account and choose to bind your WeChat account on the web client, you can log in your Xiaoman account through desktop application and/ or web client after scanning with your WeChat account. If you log in to Xiaoman account by scanning with your WeChat account, we will collect your WeChat nickname and Open ID.

2. Collection of information during use of Xiaoman SaaS software

(1) Usage information

We will collect the information submitted, received or otherwise generated by you as the end user of Xiaoman SaaS software, and recorded in Xiaoman SaaS software when you use our products and/ or services, specifically including:

A. Collection of information during using email function of Xiaoman SaaS software

If you use the email function of Xiaoman SaaS software, you shall bind your work email address to the software and provide us with the work email address you need to bind, so that you can use the email function of Xiaoman SaaS software, that is, you deposit your work email in Xiaoman SaaS software and enjoy the corresponding convenient automation functions. We remind you to bind the enterprise email address as the work email address in Xiaoman SaaS software as far as possible, and we do not recommend you to bind your personal email address; If you are sure to bind your personal email address, you are recommended to delete your private email before binding, and only use the personal email address for business affairs after binding. Otherwise, you will be deemed to have agreed that the superior supervisor can manage the information in the subordinate Xiaoman account in Xiaoman SaaS software, the enterprise user’s administrator can manage the information in all sub-accounts, and your information in Xiaoman account can be managed by the superior supervisor and/ or the enterprise user’s administrator, and also, you will be deemed to have agreed that Xiaoman SaaS software can read and analyze email header, sender, etc. based on the choice of the enterprise users. If you do not agree to provide the email address to be bound, you will not be able to use the email function of Xiaoman SaaS software.

If you no longer work in your enterprise, such as resignation, you are recommended to unbind your personal email address before resignation; if your personal email address is the Xiaoman master account of your enterprise, you are recommended to unbind your personal email address after cooperating your enterprise in changing the Xiaoman master account before the resignation. Otherwise, because Xiaoman SaaS software is a standardized entrusted information processing software, you shall bear the risks and consequences caused therefrom to your enterprise and the risks and losses resulting from disclosure and infringement of your personal information.

When you send an email by Xiaoman mailbox, we will collect and store the invalid email address failing to receive the email from you. When other end users of Xiaoman SaaS software file the invalid email address as a contact email address and prepare to send email to the invalid email address, we will remind other end users that the email address may be invalid; similarly, in case of the above condition in other end users, when you send the email to the invalid email address, you will also be informed that the email address may be invalid.

If you need to use the functions such as automatic email classification, automatic email marking, filing suggestions or automatic filing, you shall authorize us to access and collect recipient and sender information, email subject and content, so that we can classify and mark the email according to the corresponding content (for example, the emails are stored in the corresponding folder according to the recipient, sender, subject or content of the emails), mark (for example, if the email is identified as inquiry or quotation email, the email is marked with inquiry or quotation respectively), or put forward filing suggestions (for example, if the email is related to business opportunity, the email will be automatically listed in the business opportunity list; if the email is related to your customer, the filing suggestions will be made to you).

It should be noted that if you want to understand whether your email is read by your customers, suppliers and other partners by the email reading status tracking function, since the information belongs to the personal information or data of the email recipient, considering that personal information/ data protection laws and regulations vary with your worldwide customers, suppliers and other partners, you are recommended to obtain the consent from your customers, suppliers and other partners before using this function, or ensure that the collection and acquisition of the above information do not violate the provisions of applicable personal information/ data protection laws and regulations.

B. Collection of information during using dynamic customer and transaction follow-up functions of Xiaoman SaaS software

When you use automatic business opportunity creation, automatic business opportunity update and business opportunity and product automation functions, you shall authorize us to access and identify the subject, content and attachments of the email filed by you as "customer", collect and synchronize the transaction information (including inquiry, quotation, order, etc.) provided in the email received from or sent to the customer to the "business opportunity" and the "product". When you use the customer duplicate check function, you shall authorize us to collect the customer information created by you (including the number, name, email address, contact name, contact number, social account, creation time and recent contact time of the customer) so that other salesmen of your enterprise can inquire whether the customer has been followed up to avoid repeated follow-up; when you use the credit insurance order drafting function, we will synchronously store the credit insurance order drafted by you in your Xiaoman account.

C. Collection of information during using marketing function of Xiaoman SaaS software

If you use the email marketing function, in addition to identification and collection of the subject and content of your email so that we can evaluate and make suggestions on the marketing email, you shall authorize us to configure a random mask in the suffix of your email address to effectively improve the delivery efficiency of the marketing email.

If you download and install the extender "Xiaoman Assistant" from the Google Play, and use the Xiaoman assistant function of Xiaoman SaaS software, we will read your relevant browsing records in the browser with your authorization, and show you the relevant email address browsed by you, the source and your email address filing status, so that you can record these associated email address and identify your potential customers or business opportunities; if you use the web version of WhatsApp, we will collect, record and store the chat record of your contacts in WhatsApp bound in the customer list of Xiaoman SaaS software with your authorization, so that you can record the communication with these contacts; if you use the quick multi account switching function of Alibaba International Station, Xiaoman Assistant will quickly switch multiple bound Ali international station accounts in Xiaoman system according to your temporary cookie on Alibaba International Station (for the use of cookies, please refer to Article 3 of this Privacy Policy); if you use Xiaoman system acceleration function, we will collect your IP address information and judge whether proxy access points are connected to improve your access speed.

If you use the social marketing function and bind your personal account on other third-party social platforms, such as Facebook, LinkedIn, Twitter, etc., we will collect and store the information you intend to publish on these social platforms, with your authorization, so as to help you realize the purpose of simultaneously publishing these information on multiple social platforms.

If you use customized recommendation, customer discovery, customs data, Xiaoman advanced search and subscription functions, you can find your potential customers through keyword search, and we will keep your search content to reduce your repeated input or show you the enterprise information searched by you. Please note that your search keyword information is not your personal information as your identity cannot be identified only by your search keyword information, and we will have the right to use these keyword information for any purpose; only when your search keyword information is used in combination with your other information and your identity can be identified by these information, we will consider your search keyword information as your personal information, and process and protect your search keyword information together with your search history in accordance with this Privacy Policy.

E. Collection of information during using AI, enterprise management, message notification and usage information of OKKI Marketing functions

If you use AI customer recommendation function, AI will recommend potential customers for you according to the products sold by the existing enterprise users you manage.

The enterprise management function of Xiaoman SaaS software is mainly used to manage the sub accounts by Xiaoman master account and the supervisor account set by the master account to manage subordinate sub accounts. If you use Xiaoman sub account, the enterprise user’s administrator can view all information and contents in your account through the Xiaoman master account controlled by it, and unbind your bound email address, etc. In addition, the account with supervisor authority set by the master account can manage its subordinate accounts according to its authority range.

The message notification function of Xiaoman SaaS software will send you notification reminders on the next day or at the time set by you based on your previous work condition. If you have arranged corresponding meetings or other matters in the schedule, the message notification function will push you corresponding reminders in time.

If you use the conversation function in OKKI Marketing module, we will collect, record and store the chat information of the customers you bind in the customer list of Xiaoman SaaS software, so that you can record the communication with these contacts.

(2) Device information

We will receive and record your device information (including device model, operating system version, device settings, unique device identifier and other software and hardware characteristics information) and the device location information (including GPS/ BeiDou location information) according to the specific authorization granted by you upon installation and use of mobile OKKI APP. If you log in Xiaoman SaaS system by the web client or the desktop application, we will collect the user agent (including operating system type, operating system version and browser version) of your device, so that we can judge the system compatibility of Xiaoman SaaS software and conduct fault analysis.

(3) Login information

When you use Xiaoman SaaS software products and/ or services, we will collect and store the details on your use of our services as relevant network logs, including your search and inquiry content, IP address, browser type, access date and time, and web records; in case of failure during your use, we will collect your browsing and operation so that we can carry out fault analysis.

(4) Enterprise user-controlled data

You acknowledge and understand that Xiaoman SaaS software is a customer management system specially developed for the enterprise users. You use our products/ services in the name of the employee identity or other authorization of the enterprise user. Therefore, the information which you provide voluntarily, are authorized to provide or generate due to the use of products/ services in the process of using Xiaoman SaaS software shall be controlled by the enterprise users (hereinafter referred to as "enterprise user-controlled data"). Upon ordering Xiaoman SaaS software, enterprise users shall be deemed to use the standardized entrusted processing services provided by Xiaoman SaaS software at their own expense. The enterprise user-controlled data may include:

a) The position, department, main industry, business email address and business telephone assigned to you by the enterprise user, the approval and access information provided or generated by you to use the approval and access functions for the daily operation and management of the enterprise user, and other personal information disclosed by you to the enterprise user as its employee, and recorded in Xiaoman SaaS software.

b) The information on customers, suppliers, order transactions, business opportunities and clue recorded by you in Xiaoman SaaS software as the end user, and the e-mail communication between you and your customers, suppliers, colleagues or other contacts.

c) If you download Xiaoman Assistant and use the web version of WhatsApp, we will collect, record and store the communication with your WhatsApp contacts bound in the customer list of Xiaoman SaaS software and relevant chat information generated during your use of OKKI Marketing session function as required by the enterprise user.

d) If the enterprise user uses standard personalized customers, transactions, business opportunities and personal performance statistics and analysis function, we will collect the corresponding information recorded by you in Xiaoman SaaS software for the enterprise user’s purpose of statistics and analysis.

e) If you register the Xiaoman master account for the enterprise user by your personal email, since the Xiaoman account you use belongs to the assets of the enterprise user, upon request, you shall cooperate with the enterprise user in unbinding your personal email and/ or changing the Xiaoman master account. Otherwise, if the enterprise use requires us to change the master account and our master account change conditions are met, we will forcibly change the Xiaoman master account according to the requirements of the enterprise user, in such case, the enterprise user may obtain the personal information stored or settled by you with the master account.

f) Other data containing your personal information submitted by enterprise user

You understand and agree that the enterprise user is the controller of enterprise controlled data, we, as the trustee of information processing, will only collect, use and process your personal information (such as your use of Xiaoman SaaS software, your communication with us as an enterprise contact, and the after-sales service information you submitted to us) provided or generated during the use of products/ services according to the management instructions (including operation and enabling or disenabling corresponding authority and function on the management background by the enterprise use with the "enterprise management" function of Xiaoman SaaS software) and the agreement between us and enterprise user. If you have any questions or comments on the purpose, scope or use of the above enterprise user-controlled data, please contact your enterprise or the enterprise user’s administrator.

You understand and agree that for enterprise user control data, after the enterprise users enter its organizational structure information in Xiaoman SaaS software based on its enterprise management requirement, your superior director can obtain all information recorded by you in Xiaoman SaaS software according to the organizational structure. In order to avoid the disclosure of your personal information irrelevant to your work, we recommend that you should not use Xiaoman SaaS software to handle your personal affairs.

We understand that before uploading enterprise communication information and other personnel information, external business contact information and other personal information submitted by you as required, your enterprise has obtained your explicit consent in advance, only collects the information necessary to achieve the purpose of enterprise operation and management, and has fully informed you of the purpose, scope and use of relevant data collection.

(5) Customer service and after-sales service

During the use of Xiaoman SaaS software and its services, you can give feedback on the experience of our products and/ or services, help us better understand your experience and needs of our products and/ or services, and improve our products or services. In the process, we may collect the following information from you:

A. In order to ensure the security of your Xiaoman account, our online customer service personnel, customer service hotline and after-sales service personnel will use your Xiaoman account information (account, mobile phone number) to verify your identity.

B. When you request us to provide help or after-sales service for your use of Xiaoman SaaS software, for example, you consult about the use method of a functional module or in case of failure during use, we will inquire your use of Xiaoman SaaS software and corresponding recorded information based on your request.

C. In case of a failure in your Xiaoman SaaS software, when you request us to log in your Xiaoman account to identify failure cause, you shall provide your Xiaoman account and the temporary string generated by your password, and authorize us to log in your Xiaoman account temporarily.

D. In order to facilitate contact with you, help you solve the problem as soon as possible or record the handling scheme, progress and results of relevant problems, we may keep the records of your communication/ call with us and relevant contents (including your name, email address, Xiaoman account information, login client ID, feedback questions or suggestions, work order information, other information provided by you to prove relevant facts or your contact information).

E. In order to provide the services and improve the reasonable product and service need, we may also collect and use your other information, including the relevant information provided by you when you contact the implementation consultant and customer service personnel, and when the implementation consultant and customer service personnel pay a return visit with you, and the information filled in by you when you participate in our questionnaire, offline and online training, salon or other activities such as your name, company name and address, position, telephone, email address, Xiaoman account, WeChat nickname and account, DingTalk nickname and account, and answer to the questionnaire.

(6) Showing you the information on new functions or service

In order to show you the information of Xiaoman SaaS software functions or services that better meets the needs of you and/ or the enterprise users, and to enable you and/ or the enterprise users know that you may have new or updated functions of Xiaoman SaaS software and corresponding services, we will collect and use the information on your use of Xiaoman SaaS software, device information or use logs to form a group feature tag, which is used to provide the online notification information of new functions or push other information to the users.

(7) Sending information related to your use of our products and/ or services

After the enterprise orders Xiaoman SaaS software, if you are the designated as the contact of the enterprise user, we may send the information related to our products and/ or services and affecting the rights and interests of you or the enterprise user to your email address and mobile, for example, reminding you of the opening of Xiaoman SaaS software, product function update and remaining the software use time, but this does not affect your right to refuse to receive the business information from us.

(8) Collection of information for your security and protection

In order to improve your security during use of Xiaoman SaaS software and its services, protect the personal and property security of you and the enterprise users from infringement, and better prevent security risks such as phishing websites, Internet fraud, network vulnerabilities, computer viruses, hacker network attacks, we will collect your personal information (login account information), service usage information, common equipment information, equipment IP address information, service log information, email content information and IP address information of receiver to comprehensively judge your account and/ or email risk, verify your identity, detect and prevent security events, and take necessary measures according to laws, such as recording, analysis and/ or disposal.

(9) Collection of information for providing you with extended business functions for you

The extended business functions are those other than he basic business functions of Xiaoman SaaS software, which are used to improve use or operation efficiency and convenience. In order that you can use the above functions and to improve your experience, we may collect, use and store your following personal information. In the extended business function, you shall choose one by one to authorize us to collect and use your personal information. If you refuse to allow us to collect or provide these information, you will not be able to experience the convenient and efficient user experience by these extended business functions, but it will not affect your use of basic product functions and services such as email, customers, transactions, business opportunities and clues. These extended business functions include:

A. Extended business function based on location information: you can enable your geographic location authority (including geographic location authority) so that you can use the location clock- in function of OKKI APP during visiting customers and suppliers.

B. Extended business function based on camera/ camera: you can use the camera function (including shooting the customer’s business cards) after enabling the camera authority.

C. Extended business function based on storage, access and upload of photo albums (picture library, video library) and files: you can use this function to upload your photos, pictures, videos or files after enabling the photo album authority, so as to change the profile photo, and upload the customer’s business cards and attachments in OKKI APP.

D. Extended business function based on calendar information: you can enable "sync to mobile calendar" to synchronize the schedule information created in Xiaoman SaaS software to the local calendar of the mobile phone.

To use the extended business functions, you may be required to give us the storage and access authority of your geographic location (location information), photo album (Picture Library), calendar and files in your device, so as to collect and use the information involved in these functions. You can check the enabling status of your above authorities one by one by "Settings - Application Authority" on your device, "My - Settings -General or Privacy" on the client, or "Settings - Privacy" on mobile terminal, and you can decide to enable or disenable these authorities. Please note that if you enable any authority, you shall be deemed to have authorized us to collect and use relevant personal information to provide you with corresponding services. If you disenable the authority, you shall be deemed to have cancelled these authorizations, and we will not continue to collect and use your personal information, nor can we provide you with the above functions corresponding to these authorizations. Your decision to disenable the authority will not affect the processing of personal information previously collected with your authorization. You understand and agree that the functions and services provided by us to you are constantly upgraded. If we do not specify the personal information to be collected from you in the above scenario, we will notice you of information collection content, scope and purpose and obtain your consent.

3. Information obtained from third parties

We may obtain your following information from a third party: if you authorize to login Xiaoman account by WeChat scanning code, we will obtain your WeChat nickname and open ID from WeChat, and bind your WeChat account with your Xiaoman account after you agree to this Privacy Policy, so that you can log in directly Xiaoman account and use our products and/ or services through WeChat scanning code. In addition, Alibaba International Station may cooperate or share your information with us with your authorization and consent (if you sign a Xiaoman SaaS software purchase contract on behalf of the enterprise users on Alibaba International Station, Alibaba International Station will provide us with your enterprise information, name, email address, mobile phone number and enterprise address as the contact person of enterprise users with your authorization; Alibaba International Station will provide us with the order information, customer information and product information of your enterprise’s store of in Alibaba International Station managed by you in Xiaoman SaaS software with your authorization). If you sign a Xiaoman SaaS software purchase contract on the Fadada e-signing platform, Fadada will provide us with your enterprise information. We may associate your information obtained from a third party with the personal information we have obtained from you. If we obtain your personal information from a third party, after confirming the legitimacy of the information source, we will use your personal information according to the agreement with the third party, and relevant laws and regulations.

(II) Collection and use of your personal information without your authorization

You fully understand that we will also collect and use your personal information without your authorization and consent, if:

(1) Your personal information is necessary for us to perform our obligations under laws and regulations;

(2) Your personal information is directly related to national security and national defense security;

(3) Your personal information is directly related to public safety, public health and major public interests;

(4) Your personal information is directly related to criminal investigation, prosecution, trial and execution of judgment;

(5) Your personal information is collected and used for the purpose of protecting your or others’ life, property and other major legitimate rights and interests, but it is difficult to obtain your consent;

(6) The collected personal information is disclosed to the public by yourself;

(7) Your personal information is collected from legally disclosed information, such as legal news reports, government information disclosure and other channels;

(8) Your personal information is necessary to sign the contract according to your requirements;

(9) Your personal information is necessary to maintain the safety and stability of the provided products and/ or services, such as identification and removal products and/ or services faults;

(10) Your personal information is necessary the medium to carry out legal news reporting;

(11) Your personal information is Your personal information is for an academic research institution to carry out statistics or academic research for the public interest, and when the description and results of the academic research is provided, the personal information provided in the results has been anonymized;

(12) Other circumstances stipulated by laws and regulations.

(III) Rules for use of your personal information

1. We will use your personal information collected to realize the functions of our products and/ or services for the objective and purposes specified in this Privacy Policy.

2. If we want to use your personal information for purposes other than those specified in this Privacy Policy, we will obtain your consent in advance.

3. When we want to use your personal information collected for specific purposes for other purposes, we will obtain your consent in advance

III. How do we use cookies and similar technologies

(I) Use of cookies

1. In order to provide you with better access experience, when you use Xiaoman SaaS software products and/ or services, we may collect and store relevant data about your use of products and/ or services through technical means. When you use or re-use Xiaoman SaaS software products and/ or services, we can identify your identity and provide you with better services by analyzing the data, including identification of your identity by small data file cookies , so that when you log your account in the computer or mobile device next time, you can recognize the computer or mobile device without need to repeatedly enter the account information or judge the security of your account. The cookies usually contain identifiers, site names and some numbers and characters. The cookies will not track personal information. The cookies on our product and/ or service websites or clients can only be read by our product and/ or service websites or clients. We can manage and improve Xiaoman SaaS software and store your data in Xiaoman SaaS software by the cookies.

2. Please understand that some of our product functions or services can only be realized by using the cookies. If allowed by your browser or additional browser services, you can modify the acceptance level of cookies or reject our cookies. However, if you reject these cookies, in some cases, you may be unable to use some product functions depending on cookies.

(II) Clear/ disable cookies

Managing cookies and cookie preferences must be done by your browser options/ preferences. The following provides a guide on how to complete operation in common browser software:

ž Microsoft Internet Explorer

(III) More about cookies

For more information about cookies and instructions on how to set up your browser to accept, delete, or disable cookies, see www.allaboutcookies.org.

Please access www.allaboutcookies.org for more information about cookies and the instructions on how to accept, delete, or disable cookies by setting your browser.

IV. How do we share, transfer and publicly disclose your personal information

(I) Sharing

We share your personal information with others only in any and all of the following circumstances:

1. We share your personal information with other parties after obtaining your express consent.

2. We share your personal information with our related parties. We will share your personal information with our related parties, but these shared personal information will be subject to the purposes stated in this Privacy Policy and will be mainly used for sales records and service purposes (if you feed back questions related to software sales service to us, we will share your name, company name, company address, telephone, email address and other contact information and questions with Alibaba International Station (contact information: DataProtection@service.alibaba.com.) so that your problems can be solved more effectively). We will share your personal information with our related parties only if necessary and authorized by you (if you use the credit insurance function in Xiaoman SaaS software, we will share the corresponding order information specified by you with Alibaba International Station if authorized by you), and subject to the purposes stated in this Privacy Policy. If our related parties want to change the purpose of processing personal information, they will obtain your authorization and consent again. Our related parties refer to any company or institution controlled jointly or separately by, and jointly or separately controlling Xiaoman Technology now or in the future. The “control” refers to the ability to directly or indirectly affect the management of the mentioned company, whether through ownership, voting shares, contracts or other ways recognized by the people's court.

3. If you request for participation in various online and offline activities of Xiaoman Technology, including promoting, publicizing and introducing Xiaoman Technology’s products or popularizing the use of Xiaoman SaaS software to the enterprise users, because as the sales agent of Xiaoman technology, Alibaba International Station is responsible for selling Xiaoman SaaS software and providing necessary sales services to the enterprise users, in order to provide the enterprise users with better and more effective software sale services, we will share your request information with Alibaba International Station, including your name, position, email address, mobile phone number and enterprise industry, so that corresponding activities can be arranged according to the request.

4. We may share your relevant personal information with our marketing email partners. That is, we must disclose the content of your marketing email to the suppliers in order to evaluate and improve the probability of successful sending these marketing emails, provided that we will share your personal information only for legal, legitimate, necessary, specific and clear purposes, and will only share your personal information necessary to provide services. Our partners will not be authorized to use the shared personal information for any other purpose.

5. We may share your relevant information with the complainant. When you are complained by other third parties for the infringement of their intellectual property rights or other legal rights, we will decide whether to disclose your necessary information to the complainant according to law after careful evaluation , so as to deal with the complaint.

(II) Our cooperation with third-party software development kit (SDK) service providers

In order to ensure the stable operation and function realization of our client, and provide you with more services and functions, the SDK or other similar applications of authorized partners will be embedded in our application. You can view the SDK details of our authorized partners by Directory of Third Party SDK. We will perform more stringent security testing for the application program interface (API) and software tool development kit (SDK) used by our authorized partners to collect your personal information, and agree strict data protection measures with our authorized partners to enable them to process your personal information in accordance with this policy and any other relevant confidentiality and security measures. If you find any risk in these SDKs or other similar applications, you are recommended to immediately stop relevant operations and contact us in time.

(III) Transfer

We will not transfer your personal information to any company, organization or individual, except for the following circumstances:

1. We transfer your personal information to other parties with your explicit consent;

2. In the event of our merger, acquisition, reorganization, bankruptcy liquidation or similar circumstances, when the transfer of personal information is required, we will require the new company and organization holding your personal information to continuously follow this Privacy Policy, otherwise, we will require the new company and organization to obtain your authorization and consent again.

(IV) Public disclosure

We will only publicly disclose your personal information under the following circumstances:

1. We publicly disclose your personal information with your explicit consent;

2. If your personal information must be provided according to laws, regulations, judicature and legal procedures and mandatory administrative law enforcement requirements of competent government departments, we may publicly disclose your personal information according to the specified personal information disclosure scope and manner.

3. If we consider that you have violated laws and regulations or seriously violated the agreement and rules of Xiaoman SaaS software products and/ or services, or in order to protect the personal and property safety of the users of Xiaoman Technology and its affiliated company or the public, we may disclose your personal information, including relevant violations, and the measures taken by Xiaoman Technology against you, after obtaining your consent in accordance with laws, regulations or relevant agreements.

(IV) Sharing, transfer and public disclosure of your personal information without your authorization and consent

You fully understand that we will also share, transfer or publicly disclose your personal information without your authorization and consent, if

(1) Your personal information is necessary for us to perform our obligations under laws and regulations;

(2) Your personal information is directly related to national security and national defense security;

(3) Your personal information is directly related to public safety, public health and major public interests;

(4) Your personal information is directly related to criminal investigation, prosecution, trial and execution of judgment;

(6) The collected personal information is disclosed to the public by yourself;

(7) Your personal information is collected from legally disclosed information, such as legal news reports, government information disclosure and other channels;

Please note that according to the law, if the information receiver cannot recover the anonymized personal information and identify the person of anonymized personal information, sharing and transfer of anonymized personal information will not be deemed as illegal sharing, transfer and disclosure of personal information. The anonymized personal information may be stored and processed without giving a prior notice to you and obtaining your consent.

V. How do we store your personal information

1. We will store your personal information collected in accordance with this Privacy Policy in the People's Republic of China.

2. We will take reasonable and feasible measures to store your personal information and try our best to avoid collecting irrelevant personal information. We will only store your personal information for the period required to achieve the purpose stated in this Privacy Policy and for the period required by applicable laws and regulations. After the enterprise user terminates cooperation with us and stops using Xiaoman SaaS software, we will store relevant network logs generated during your use of Xiaoman SaaS software products and/ or services for not less than six months in accordance with the requirements of the Network Security Law of the People's Republic of China. After the specified storage period of your personal information, we will delete or anonymize your personal information according to the requirements of applicable laws. If it is technically difficult to delete your personal information, we will stop processing except for storing and taking necessary security measures, unless we have a clear agreement with you or mandatory storage requirements are provided in law. After your Xiaoman account is disabled or deactivated by the enterprise user, if you want to delete or anonymize your personal information in Xiaoman SaaS software, please contact the enterprise user or the enterprise user’s administrator. We determine the storage period of your personal information mainly according to the following standards, whichever is longer:

(1) Completion of the service for you, maintenance of corresponding service and business records, and respond to your possible inquiries or complaints;

(2) Requirements for financial accounting records;

(3) Guarantee of safety and quality of services provided by us to you;

(4) Your agreement about longer storage period;

(5) Other special provisions or agreements on the retention period.

3. If we stop the operation of our products and/ or services, we will notify you at least 30 days in advance by email, system notice, official website on Xiaoman Technology or online/ offline media notice, and delete or anonymize your personal information after operation of our products and/ or services.

VI. How do we protect your personal information

1. Technical safety protection

In order to protect your information security, we have used reasonable and feasible security protection technical measures in line with industry standards to protect your personal information from unauthorized access, public disclosure, use, modification, damage or loss. For example, we will use encryption technology to encrypt and save the user’s personal information, and isolate it through isolation technology; we will use trusted protection mechanism to prevent malicious attacks on data; We will deploy an access control mechanism to ensure that only authorized personnel can access personal information (strict data access restriction/ multiple identity authentication technology, etc.); We will use automatic code security check and data access log analysis technology for personal information security audit; We will provide security and privacy protection training course to enhance employees' awareness of the importance of personal information security protection.

2. Safety system certification

We have an industry-advanced data security management system with data as the core based on the data life cycle to improve the security of the whole system, including the organizational construction, system design, personnel management and product technology. At present, our important information system has been provided with ISO27001:2013 information security management system standard certification and GB/T19001-2016/ ISO 9001:2015 quality management system certification.

3. Personnel safety management

We also make strict management on employees or outsourcing personnel (if any) who may have access to your information, including but not limited to conducting different authority controls according to different positions, signing confidentiality agreement and monitoring their operation. We will take corresponding security measures based on the existing technology to protect your information, provide reasonable security guarantee, and try our best to prevent your information from being disclosed, damaged or lost. We will have security and privacy protection training course to enhance employee's awareness of the importance of personal information protection.

4. Password and your self-protection

The Internet is not an absolutely secure environment. We strongly recommend that you set a complicated password when using Xiaoman SaaS software. Please don’t tell anyone your password, and we won't actively call or email you for your password. We will use reasonable commercial effort to ensure or guarantee the security of any information that you send to us. If our physical, technical or management protection measure is damaged, which causes unauthorized access, public disclosure, tampering or destruction of information, resulting in damage to your legitimate rights and interests; we will bear corresponding legal liabilities.

5. Handling of personal information security incidents

In case of personal information security incident, we will inform you of the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, the suggestions you can independently prevent and reduce risks, and the remedial measures for you in accordance with the requirements of laws and regulations (no later than 30 calendar days). At the same time, we will timely inform you of the relevant information of the event by email, letter, telephone, push notice, etc. when it is difficult to inform the personal information subject one by one, we will take a reasonable and effective way to make an announcement. At the same time, we will actively report the disposal of personal information security incidents in accordance with the requirements of regulatory authorities.

VII. What rights can you exercise to dispose your personal information collected by us

You can access and manage your personal information in the following ways:

1. Inquiry, correction or supplement of your personal information

(1) Inquiry, correction or supplement of enterprise user information

If you are the administrator of enterprise users, you have the right to inquire, correct or supplement the information on users of your enterprise. The steps are detailed as follows: access crm.xiaoman.cn and log in your Xiaoman account to inquire and correct enterprise user control information, including enterprise organization structure information, permission granting information, AI automation configuration information and other function setting information.

(2) Inquiry, correction or supplement of end-user information

If you are the end user of Xiaoman SaaS software, you can visit crm.xiaoman.cn and login your Xiaoman account, click the image in the upper right corner and select "personal center" to view the personal information that you provide in Xiaoman SaaS software, or update other personal information here except email, department and position. After logging in Xiaoman account, you can also correspondingly adjust the information that you entered and obtained.

2. Deletion of your personal information

(1) You can delete some of your information by the means abovementioned in "1. Inquiry, correction or supplement of your information".

(2) You can request us to delete your personal information , if:

A. Our disposal of your any personal information violates laws and regulations;

B. We collect and use your personal information without your consent;

C. Our disposal of your any personal information violates the agreement with you;

D. You no longer use our product or service, or you voluntarily cancel your Xiaoman account;

E. We terminate operation and service.

If we determine to respond to your deletion request, we will also notify the entities that obtain your personal information from us, and ask them to delete it in time, unless otherwise stipulated by laws and regulations, or unless such entities have been independently authorized by you. After you delete our personal information from our service, we may not immediately delete the corresponding information from the backup system, but we will safely store your personal information and isolate it for further processing till the backup is cleared or anonymous.

Since the enterprise user is the controller of the enterprise controlled data, we make corresponding restriction on the correction or deletion of your personal information according to the management requirements of the master account/enterprise user (such as restriction on the deletion time, scope and content). If you have any question or advice on such restriction, please contact the related enterprise users or enterprise user administrator. For the above restrictions, we understand that the enterprise user have obtained your explicit consent in advance.

3. Change of your authorization scope

Please understand that some basic personal information (see "II. How do we collect and use your personal information" in this Privacy Policy) is necessary for each service function. You can change the scope authorized by you. For example, as an administrator of enterprise users, you can access crm.xiaoman.cn, log in your Xiaoman account, select "AI-AI automatic configuration" or "enterprise management - Settings - role permissions", and then change your authorization by adjusting the configuration; As the end user of Xiaoman SaaS software, you can set it through "Setting - Application permission" on your device, "My - Setting - Privacy" on the client or "Setting - Privacy" on the mobile terminal.

When you cancel your consent or authorization, we neither continue to provide you with the services corresponding to such cancelation of your consent or authorization, nor will we process your corresponding personal information. However, your decision of cancelling your consent or authorization will not affect the previous personal information processing based on your authorization.

4. Cancel of your Xiaoman account

If any your enterprise user requests to cancel the master account of Xiaoman account, we will cancel the Xiaoman account used by you, and delete your personal information or anonymize it according to the requirements of the law, unless otherwise stipulated by laws and regulations.

If the Xiaoman SaaS software of your enterprise user expires and is not be reordered for more than 6 months, we have the right to cancel all Xiaoman accounts under the enterprise user name; If your enterprise is a free user in the trial stage, we will recover and cancel the corresponding Xiaoman account after the free period expires.

If you need to cancel your Xiaoman account, please contact your enterprise user or enterprise user administrator.

5. Automatic decision-making of constraint information system

In some service functions, we may only make decision based on non manual automatic decision-making mechanism such as information systems and algorithms. If these decisions significantly affect your legitimate rights and interests, you have the right to contact us and ask us for explanation by the methods mentioned in this Privacy Policy, and we will also provide appropriate remedies.

6. Respond to your above requests

For the purpose of security, you may need to provide a written request or otherwise prove your identity. We will reply within 15 days after receiving your feedback on authentication and completing authentication. If you are not satisfied with our reply, you can appeal or complain according to the following Section X.

In principle, we will not charge for your reasonable request, but we will appropriately charge a certain fee for repeated requests exceeding the reasonable limit. We may refuse requests that are unreasonably repeated and require too many technical means (including needing to develop new systems or fundamentally change existing practices), resulting in risk in the legitimate rights and interests of others, or that are very impractical.

We will not be able to respond to your request in accordance with laws and regulations in the following cases:

(1) Your personal information is necessary for us to perform our obligations under laws and regulations;

(2) Your personal information is directly related to national security and national defense security;

(3) Your personal information is directly related to public safety, public health and major public interests;

(4) Your personal information is directly related to criminal investigation, prosecution, trial and execution of judgment;

(5) Sufficient evidence shows your subjective malice or abuse of power;

(6) Your personal information is collected and used for the purpose of protecting your or others’ life, property and other major legitimate rights and interests, but it is difficult to obtain your consent;

(7) Response to your request will cause serious damage to the legitimate rights and interests of you or other individuals or organizations;

(8) Related to trade secrets.

VIII. Personal information protection of minors

1. Our Xiaoman SaaS software is a customer management system specially designed for users of foreign trade enterprises. As enterprise staff, we infer that you have corresponding civil capacity. If you are a minor under the age of 18, we require you to ask your parents or other guardians to carefully read this Privacy Policy and use our products and/ or services with the consent of your parents or other guardians; If you are a child under the age of 14, please stop using our products and/ or services.

2. If we find that we have collected the personal information of children or minors without the prior consent of verifiable parents or legal guardians, we will manage to delete the relevant data as soon as possible. If you think we may have collected information on your children under the age of 14 or minor person under guardianship without your consent, please contact us in accordance with section X of this Privacy Policy.

IX. How to upgrade this Privacy Policy

1. This privacy policy will be updated based on the development of products and/ or services that we provide to you as well as the change in actual condition.

2. Without your express consent, we will not reduce your rights under this Privacy Policy. We will publish an updated version of this Privacy Policy at the official website of Xiaoman Technology.

3. For major changes, we will also give more significant notification (including special tips and give notification at our product and/ or service website or relevant prominent pages on the client). Major changes referred to in this Privacy Policy include but are not limited to:

(1) Significant change in our service mode, such as the purpose of processing personal information, the type of personal information processed and the use of personal information;

(2) Significant changes in ownership structure and organizational structure, etc, such as owner change caused by business adjustment or bankruptcy or mergers and acquisition;

(3) Change of the main objects that the personal information is shared with, transferred to or publicly disclosed to;

(4) Significant change in your right to participate in personal information processing and the way in which you exercise such right;

(5) Change in our responsible department, contact information or complaint channels about the personal information security;

(6) High risk indicated in the personal information security impact assessment report.

4. We will also archive older versions of this Privacy Policy for your reference. If you have any comment or suggestion on the change in our privacy policy, please contact us according to the following Section X.

X. How do you contact us

1. If you have any comment, question, suggestion or complaint about this Privacy Policy or your personal information, please contact us by online customer service in the upper right corner of Xiaoman SaaS software or the "national customer service hotline 400-0666-517" (9:00-19:00, Monday to Friday and Saturday 9:00-17:30). Our mailing contact information is as follows:

Attention: Data and Privacy Protection Team of Shenzhen Xiaoman Technology Co., Ltd

Address: 14/F, Block B, Dachong business center, No. 9678 Shennan Avenue, Nanshan District, Shenzhen

Email address: Dataprivacy@xiaoman.cn

2. Generally, we will make reply within 15 working days after receiving your information and verifying your identity. If you are not satisfied with our reply, especially our disposal of your personal information has damaged your legitimate rights and interests, you can also seek solution through the following method: complaining or reporting to net message service, telecommunication, public security or industry and commerce supervision department, or filing a lawsuit to the people’s court with jurisdiction in Nanshan District, Shenzhen.

(End of text)