Personal Information Protection and Privacy Policy
Updated: 18 April 2022 Effective date: 18 April 2022
Hello, you are welcome to use, experience and try the products and services of Beijing Shengxin Network Technology Company Limited (hereinafter referred to as ‘QTSEC, ‘the Company’ or ‘we’, the specific scope of which is defined in detail), thank you for your attention and support to QTSEC. This Personal Information Protection and Privacy Policy (hereinafter referred to as the ‘Privacy Policy’) applies to the products and services provided by QTSEC, including page browsing, website login, and technical services provided to you through the QTSEC website.
In line with the concept that the rights of users are paramount, and in order to provide you with better products or services, we need you to authorise us to collect, store, use, transfer, share and process your data and information for the purpose of the corresponding product trial or service. We recognise the importance of personal information to you and will do our best to keep your personal information safe and secure. We are committed to maintaining your trust in us and we promise that we will take appropriate security measures to protect your personal information in accordance with established industry security standards.
This Privacy Policy will provide you with a detailed description of our policy on the protection and use of user data and information, particularly personal information, the key points of which are set out below:
This privacy policy will explain each function of QTSEC's products and services, the types of personal information that may be collected, the purpose of collection, the method of collection, and the possible consequences of refusing to provide personal information.
We will not actively share or transfer your personal information to third parties outside of our group. If there are other cases of sharing or transferring your personal information or you need us to share or transfer your personal information to third parties outside of our group, we will directly obtain or confirm that the third party has obtained your express consent to the above actions.
You may access, correct, and delete your personal information through the means described in this Privacy Policy, as well as withdraw your consent, cancel your account, and report a complaint.
In order to collect your information under this Privacy Policy, or to provide you with services, optimise our services and safeguard the security of your account, we will need to ask you for relevant permissions; of which permissions for sensitive information will only be authorised to us with your explicit consent.
We will collect, store, use, transfer, share, and process your data and information in accordance with the terms of this Privacy Policy only if you agree to this Privacy Policy and give your authorisation to QTSEC. Please make sure that you have carefully read and fully understand and agree to this Privacy Policy before using the various products or services on the QTSEC website, and then use the products and services, especially the terms and conditions marked in bold/bold underline, which you should focus on reading. Once you start to use the Products or Services, it means that you have fully understood and agreed to this Privacy Policy and agreed that we may collect, store, use, transfer, share, and process your relevant information in accordance with this Privacy Policy. If you or your guardian do not agree with any of the contents of this Privacy Policy, you should stop using it immediately.
Please note: This Privacy Policy does not apply to products or services provided to you by other third parties, nor does it apply to products or services for which this product has a separate and independent legal notice and privacy policy at the time the service is provided. When you use a third party's products and services through the Product or Service, your information will be subject to that third party's privacy policy.
As a user of QTSEC, if you use QTSEC's products or technical services to provide services to your users, you should agree on a separate user information protection policy with your users because your business data belongs to you.
This privacy policy will help you understand the following:
1.How we collect and use your personal information
2.How we use cookies and similar technologies
3.How we share, transfer and publicly disclose your personal information
4.How we store and protect your personal information
5.Your rights
6.Protection of Minors' Personal Information
7.How your personal information is transferred globally
8.Updates to the Privacy Policy
9.Contact Us
1.How we collect and use your personal information
We are committed to providing you with better, safer and more personalised products and services. When you use the following products, services and functions, we will follow the principles of legitimacy, lawfulness and necessity, and collect and use personal information provided by you voluntarily or arising from the use of the services in the following ways:
(1) Personal information that you provide directly and that we collect on our own initiative
a) When you try QTSEC's products or services, we will collect the name of your business (legal or unincorporated organisation), its location, address, your name, mobile phone number, email address, and this information is collected in order to help you to complete the trial registration of QTSEC's products or services, and to protect the security of your account when you try the QTSEC's products or services. If you do not provide such information, you may not be able to try our products or services.
b) When you try the QTSEC's Resource Download Service, we will collect the name of your business (legal or unincorporated organisation), its location, address, your name, mobile phone number, email address, which is collected in order to help you to complete a better use of the various types of security information, brochures, resources, or information provided by QTSEC, and to enable you to obtain the foregoing information that is most relevant to you. If you do not provide such information, you may not be able to try our products or services.
c) When you want to become a partner of QTSEC, we will collect the name of your enterprise (legal or unincorporated organisations), its location, address, your name, title, mobile phone number, email address, collect this information in order to better negotiate and communicate about business cooperation, to make a preliminary assessment of you and your enterprise's qualifications and capabilities, and to provide reference information for subsequent cooperation between both parties. If you do not provide such information, the cooperation between the two sides may be slow.
d) You can also follow QTSEC WeChat public number via QR code. If you use WeChat to follow QTSEC WeChat public number, we will collect your WeChat identity information, identification information (such as WeChat signals or login mobile phone number), avatar, nickname, and gender, which will be used to save your information and provide you with the public number service.
e) When you use QTSEC's Services, in order to protect your normal use of our services, maintain the normal operation of our services, improve and optimise our services, enhance your service experience and safeguard your account security, we will collect your device model, operating system, unique device identifier, IP address, operation logs, service logs (e.g., information you viewed within the apps,fault information,service useage information,etc.),This information is basic information that must be collected in order to provide the Services.
f) When the equipment, system, or software you use frequently reports errors to us or displays error log information, in order to check for software errors and provide you with better service, we will collect your configuration information, exception data, and other documents used to diagnose and improve our products and services.
g) When you contact QTSEC, in order to facilitate contact with you or help you solve problems, we may record your contact and identity information, and record the content of your calls in conjunction with the need.
(2) Exceptions to authorised consent
Please note: According to relevant laws and regulations and national standards, in the following cases, the collection and use of personal information does not require your authorised consent:
a) Those directly related to national security, national defence security;
b) Directly related to public security, public health, and major public interests;
c) Directly related to crime investigation, prosecution, trial and judgement execution;
d) For the purpose of safeguarding your or other individuals' lives, property and other important legitimate rights and interests but it is difficult to obtain the consent from the individual;
e) The collected personal information is disclosed to the public by yourself;
f) Personal information is collected from legitimate publicly disclosed information, such as legitimate news reports, government information disclosure and other channels;
g) Necessary to provide you with products or services at your request, or to enter into and perform a contract;
h) Necessary for maintaining the safe and stable operation of the products or services provided, such as detecting and disposing of malfunctions of the products or services;
i) Necessary for legitimate journalistic purposes;
j) For the purpose of conducting statistics or academic research in the public interest, and when providing academic research or descriptive results to the public, personal information included in the results is anonymized;
k) In other cases stipulated by laws and regulations.
(3) Circumstances in which we obtain your personal information from third parties
Please note that we do not actively obtain your personal information from third parties outside of our company and affiliated companies. If necessary for business development in the future, we may obtain account information (avatar, nickname) or other personal information that you have authorised to share from a third party and bind your third-party account with your QTSEC account after you have agreed to this Privacy Policy, so that you can log in and use our services and/or products directly through the third-party account. We will use your personal information in accordance with the agreement with the third party, after confirming the legitimacy of the source of personal information, and in compliance with relevant laws and regulations.
(4) How we use your personal information
a) We use the personal information we collect in accordance with this Privacy Policy and to fulfil the functionality of our services and/or products. We may use the information we collect through certain features for our other services. For example, we may use the information we collect when you use one of our features or services to provide you with specific content in another feature or service, such as information security type alerts for content you have read, indirect user profiling based on feature tags, to provide you with more accurate and personalised services and content, etc.
b) After collecting your personal information, we will de-identify the data by technical means, and the de-identified information will not be able to identify the subject. Please understand and agree that in this case we have the right to use the de-identified information; and under the premise of not disclosing your personal information, we have the right to analyse and commercially exploit the user database.
c) We may compile statistics on the use of our services and/or products and may share these statistics with the public or third parties to show trends in the overall use of our services and/or products. However, such statistical information does not contain any personally identifiable information about you.
d) When we use your personal information, we will de-identify your information using methods including content replacement and anonymous processing to protect the security of your information.
e) When we are going to use your personal information for purposes other than those set out in this policy, or when we are going to use the information collected for a specific purpose for other purposes, we will inform you again and ask for your consent.
(5) De-identification of personal information
After collecting your personal information, we may de-identify the data in a timely manner by technical means. Under the premise of not disclosing your personal information, our company has the right to mine, analyse and make use of the de-identified user database (including commercial use).
2.How We Use Cookies and Similar Technologies
(1) When you use QTSEC's products or services, in order to make your access experience easier, we may use various technologies to collect and store information, and may send one or more cookies or anonymous identifiers to your device in the process. This is done to understand your usage habits, to save you from having to repeatedly enter registration information, or to help determine the security of your account.
(2) When you use QTSEC‘s products or services, we may also use cookie and similar technologies to collect your information for the purpose of understanding your preferences, consulting or data analysis, improving product services and user experience, improving advertising effectiveness, timely detection and prevention of security risks, and providing better services to users and partners.
(3) We do not use cookies for any purpose other than those described in this policy, and you can retain or delete cookies according to your preferences; you can clear all cookies stored within the software, and when you do so manually, your information is deleted.
3.How we share, transfer, and publicly disclose your personal information
(1) We will treat your information with a high degree of diligence.
We will not voluntarily share or transfer your personal information to third parties outside of the Company and its affiliates. If there are other cases of sharing or transferring your personal information or if you need us to share or transfer your personal information to third parties outside of the Company and its affiliates, we will share your personal information with other parties only after obtaining your explicit consent.
(2) We may share or transfer your personal information in the following circumstances:
a) With your express authorisation or consent, we may share information within the scope of your authorisation with third parties designated by you;
b) As required by applicable laws or regulations, legal process, or mandatory governmental requests or judicial rulings that this product is required to provide;
c) If we or our affiliates are involved in a transaction such as a merger, demerger, liquidation, acquisition or sale of assets or business, your personal information may be transferred as part of such transaction, we will ensure the confidentiality of such information at the time of the transfer and will do our best to ensure that the new company, organisation holding your personal information will continue to be subject to this privacy policy, or we will require the company, Otherwise, we will require the company or organisation to seek new authorisation from you;
d) Sharing to Affiliated Companies: Your information may be shared within QTSEC's affiliated companies. For example, for businesses that use the same account system, we may share your account information (account, password, nickname, and other user basics) within our affiliates.
(3) Exceptions
In accordance with relevant laws and regulations and national standards, we may share, transfer, or publicly disclose personal information without obtaining the authorised consent of the subject of the personal information in the following cases:
a) With your explicit consent;
b) Directly related to national security and national defence security;
c) Directly related to public safety, public health, or significant public interest;
d) Directly related to crime investigation, prosecution, trial and judgement execution, etc;
e) For the purpose of safeguarding the life, property and other significant legal rights and interests of the subject of personal information or other individuals ,yet it is difficult to obtain the consent from the individual;
f) Personal information that the subject of personal information discloses to the public on his or her own;
g) Personal information collected from information that is lawfully disclosed publicly, such as lawful news reports, government information disclosure, and other channels.
4. How we store and protect your personal information
(1) Rreservation period
During your use of QTSEC's products and services, we will continue to store your personal information for you. If you cancel your account or voluntarily delete the above information, we will promptly take measures to delete your personal information from the business function system, so that it can not be retrieved and accessed. We will continue to store your information for evidence preservation for a period of 6 months after deletion in accordance with the Cybersecurity Law and other laws and regulations. During this period, we will not use your personal information commercially.
(2) Preservation of territory
Your personal information is stored within the territory of the People's Republic of China.
(3) Security Measures
a) We collect, use, store and transmit user information on a ‘minimalist’ basis and inform you of the purpose and scope of use of such information through our user agreement and privacy policy.
b) We take information security very seriously. We have set up a dedicated team responsible for the research and development and application of a variety of security technologies and procedures, etc. We have established a comprehensive information security management system and an internal security incident handling mechanism, etc. We will take appropriate industry standard security measures and technical means to store and protect your personal information to prevent loss, unauthorised access, public disclosure, use, destruction, loss or leakage of your information. We will take all reasonably practicable steps to protect your personal information. We will use encryption technology to ensure data confidentiality; we will use trusted protection mechanisms to prevent malicious attacks on data.
c) We will train and assess our employees on data security awareness and security capabilities to enhance their understanding of the importance of protecting personal information.
d) We remind you that the Internet is not an absolutely secure environment and we will endeavour to ensure the security of the information you store with us. If our physical, technical, or managerial protection facilities are damaged, resulting in unauthorised access to, public disclosure of, or tampering with, or damage to, your information, we will be liable in accordance with the law.
e) We also ask you to understand that in the Internet industry, due to the limitations and rapid development of technology as well as the possible existence of a variety of malicious means of attack, even if we do our best to strengthen the security measures, it is not always possible to ensure that the information is 100 per cent secure. Please understand that the systems and communication networks you use when you use our products and services may have security problems in other areas outside of our control.
(4) Security Incident Notification
a) We will formulate an emergency response plan for network security incidents, and promptly dispose of security risks such as system vulnerabilities, computer viruses, network attacks, network intrusion, etc. In the event of an incident that jeopardises network security, we will immediately activate the emergency response plan, take appropriate remedial measures, and report the incident to the relevant competent authorities in accordance with the regulations.
b) The leakage, destruction and loss of personal information belongs to the company-level mega security incident, if it unfortunately occurs, we will activate the emergency response plan in accordance with the highest priority and form an emergency response team to trace the cause and reduce the loss in the shortest possible time.
c) After the unfortunate occurrence of a personal information security incident, we will, in accordance with the requirements of laws and regulations, promptly inform you of the basic situation and possible impacts of the security incident, the processing measures we have taken or will take, the suggestions on the risks that you can independently prevent and reduce, and the remedial measures to be taken for you. We will promptly notify you of the incident by notification on the website, SMS notification, phone call, email and other contact information that you have reserved, and when it is difficult to notify you one by one, we will adopt a reasonable and effective way to make a public announcement. At the same time, we will also take the initiative to report the handling of personal information security incidents in accordance with the requirements of the regulatory authorities.
5. Your Rights
In accordance with the relevant Chinese laws, regulations and standards, as well as the common practice in other countries and regions, we guarantee you to exercise the following rights to your personal information:
(1) Right of access
In principle, you can access your personal information in the following ways:
a) Account Information: You can log in to QTSEC at any time to access or edit your profile information in your account, change your password, add security information, perform account association or identity authentication, etc.
b) Usage Information: You can access or clear your search history, navigation history and navigation track in.
(2) Right of correction
When you find that there is an error in the personal information we process about you, after verifying your identity, and the correction does not affect the objectivity and accuracy of the information, you have the right to make corrections or updates to incorrect or incomplete information, you can make corrections on your own within the QTSEC, or submit your correction application to us through feedback and error reporting.
(3) Right to Delete
You may contact us to delete your personal information. When you delete your personal information or cancel your account, we will take timely measures to delete your personal information from the business function system, so that it will remain unretrievable and inaccessible. In the following cases, you may make a request to us to delete your personal information:
a) If our handling of personal information violates laws and regulations;
b) If we collect or use your personal information without your consent;
c) If our handling of personal information violates our agreement with you;
d) If we terminate our services and operations.
When you delete information from our Services, we may not immediately delete the corresponding information in our backup system, but we may delete or anonymise such information during backup updates.
(4) Right of cancellation
You have the right to cancel the account previously registered with our company. Once you cancel your account, you will not be able to use QTSEC's products and services, so please be careful. In order to protect the legitimate rights of you or others, we need to verify your identity before cancelling your account, and determine whether to support your cancellation application in conjunction with your use of QTSEC. Unless otherwise provided by laws and regulations, we will stop providing you with products and services after cancellation of your account, and delete or anonymise your personal information at your request, so please proceed with caution.
(5) Withdrawal of agreed authorisation
During your use of QTSEC's products or services, you can withdraw the authorisation you have agreed to, to protect your right to withdraw your consent to the use of personal information and to cancel your account. In addition, we have set up a complaint reporting channel, your comments will be handled in a timely manner. When you withdraw your consent or authorisation, we will no longer be able to provide you with the services to which you have withdrawn your consent or authorisation, and will no longer process your personal information, but you will be required to return or destroy the relevant products or services you have obtained from us and ensure that no copies are retained. Your decision to withdraw your consent or authorisation will not affect the processing of personal information previously carried out on the basis of your consent or authorisation.
(6) Management Issues
a) If you are unable to access, correct, or delete your personal information through the methods described above, or if you are unable to complete an account cancellation request, or if you have any questions or issues regarding the secure collection and use of your information by QTSEC, you may contact us through the customer service channel. For security purposes, we may require you to provide a written request or otherwise prove your identity. We will respond to your request within 15 days of receiving your feedback and verifying your identity.
b) We will use commercially reasonable endeavours to comply with your requests for access, correction, management, deletion, withdrawal of agreed authorisations and account cancellation of your personal information. However, we may refuse requests that are unnecessarily repetitive, require excessive technical means, pose a risk to the legitimate rights and interests of others, or are highly impractical.
c) In principle, we do not charge you for reasonable requests, but we will charge you a certain cost for requests that are repeated more than reasonably possible.
(7) Exceptions
In the following cases, as required by laws and regulations, we will not be able to respond to your request:
a) Those related to national security, national defence security;
b) Those related to public safety, public health, and significant public interest;
c) Related to crime investigation, prosecution and trial, etc;
d) Where there is sufficient evidence of subjective malice or abuse of rights on your part;
e) Responding to your request will lead to serious damage to the legitimate rights and interests of you or other individuals or organisations.
6. Protection of minors' personal information
(1) QTSEC takes the protection of minors' personal information very seriously. If you are a minor under the age of 14, before using our services and/or products, you should read this Privacy Policy with your legal guardian and have your legal guardian's express consent to accept this Privacy Policy. QTSEC protects the personal information of minors in accordance with relevant national laws and regulations.
(2) For the collection of minors' personal information with the consent of your legal guardian, we will only use or publicly disclose your personal information when permitted by law, with the express consent of your legal guardian, or when necessary to protect minors.
7. Revision of Privacy Policy
We will not reduce your rights under this Privacy Policy without your express consent. We will post any changes to this Privacy Policy on this page.
For significant changes, we will notify you on the main exposure page for the product or service or by sending you an email or other appropriate means of reaching you. If you do not agree with the changes, you may stop using QTSEC's products and services, and by continuing to use our products and/or services, you agree to be bound by this Privacy Policy as amended.
Significant changes referred to in this policy include, but are not limited to:
(1) Significant changes in our service model. For example, the purpose of processing personal information, the type of personal information processed, and how personal information is used;
(2) Significant changes in our ownership structure, organisational structure, etc. Such as changes in ownership caused by business restructuring, bankruptcy and mergers and acquisitions;
(3) Changes in the primary recipients of personal information shared, transferred, or publicly disclosed;
(4) Significant changes in your rights to participate in the handling of personal information and the manner in which they are exercised;
(5) Changes in the department responsible for handling personal information security, contact information and complaint channels;
(6) When the security impact assessment report of personal information indicates that there is a high risk.
8. Contact Us
If you have any questions, comments or suggestions about this Privacy Policy, or if you have any comments or suggestions regarding the collection, use, sharing, access, deletion, correction, and other matters related to your personal information when you use the QTSEC's products or services, If you encounter any problems in using the products or services, you can contact us by sending an email to market@qingteng.cn, or send your rights notices and supporting materials to the following address:
Tower C, Hongyuan-Gaoke Building,No.39, Xi'erqi Avenue,Haidian District,Beijing,China
Legal Department
Data and Privacy Protection Centre
Postal Code: 100000
We will review the issue as soon as possible and respond within fifteen days of verifying your user identity.
9. Applicable law and dispute resolution
(1) Application of Laws: The conclusion, validity, interpretation, fulfilment, modification and termination of this Privacy Policy as well as the resolution of disputes shall be governed by the laws of China (excluding Hong Kong, Macao and Taiwan laws). If there is no relevant provision in the law, we will refer to business practices and/or industry practices.
(2) Dispute Resolution: Any dispute arising from the access and use of QTSEC's products or services, the parties shall first resolve it through friendly consultation. When consultation fails, either party may file a lawsuit with the People's Court of Beijing Economic and Technological Development Area in Beijing, where this User Agreement is signed.
P.S. Terminology
Personal information refers to all kinds of information recorded electronically or by other means that can, alone or in combination with other information, identify a specific natural person or reflect the activities of a specific natural person. Personal information includes name, date of birth, identity document number, personal biometric information, address, means of communication, communication records and content, account password, property information, credit information, whereabouts, accommodation information, health and physiological information, transaction information, etc.
When you use QTSEC's products or services, QTSEC may automatically receive and record the server value of your website, including but not limited to the operation status of the product or service, network environment, abnormal logs and other basic record information that is clearly and objectively reflected in the product or service. You understand and agree that the aforementioned basic record information and other information that cannot be used to identify your personal identity or activity alone or in combination with other information is not your personal information.
User profiling is the process of collecting, aggregating, and analysing personal information to make an analysis or prediction of the personal characteristics of a particular natural person, such as his or her occupation, finances, health, education, personal preferences, credit, behaviour, etc., and to form a model of his or her personal characteristics. The direct use of a specific natural person's personal information to form a model of that person's characteristics is called direct user profiling. The process of using personal information other than that of a specific natural person, such as data from his or her group, to form a model of that natural person's characteristics is called indirect user profiling.
Anonymisation is a process whereby personal information is technically processed in such a way that the subject of the personal information cannot be identified and the processed information cannot be recovered. Information derived from the anonymisation of personal information is not personal information.
De-identification is the process by which personal information is technically processed in such a way that the subject of the personal information cannot be identified without the aid of additional information.
Affiliated company refers to our company Beijing Shengxin Network Technology Co., Ltd. and other companies with which our company has an affiliation relationship, singularly or collectively.’ Affiliated Relationship’ means, in relation to any subject (including an individual, company, partnership, organisation or any other entity), a subject which it directly or indirectly controls, or a subject which directly or indirectly controls it, or a subject which is directly or indirectly controlled by the same subject as it. The foregoing ‘control’ means the possession, directly or indirectly, of the power to give instructions or to instruct others in the management and decision-making of the subject in question, whether through the holding of voting rights, by contract or otherwise, or any other relationship that in fact constitutes de facto control.
