MachineLink+ Application Privacy Protection Guidelines

 

Issuance date: December 1, 2023

Effective date: December 1, 2023

In order to provide you with more accurate and personalized services and to protect your rights, the MachineLink+ Application Privacy Protection Guidelines (hereinafter referred to as "these Privacy Guidelines") is formulated in accordance with the Network Security Law of the People's Republic of China, the Personal Information Protection Law of the People's Republic of China and other relevant laws and regulations. These Privacy Guidelines will explain how MachineLink+ collects, uses and stores your personal information and what rights you have. Please read, understand and agree to these Privacy Guidelines and the related supplemental documents before using MachineLink+.

These privacy guidelines apply to the functions and services of MachineLink+ itself, and do not apply to products or services provided by any other third parties (hereinafter collectively referred to as "third party services"). You shall fully understand the product functions and privacy policies of the third party services before you choose to use them.

These Privacy Guidelines will help you understand the followings.

1. What types of information we collect

2. How we store this information

3. How we protect this information

4. How we use this information

5. Information sharing and information provided for the outside

6. How you access and manage personal information

7. Protection of minors

8. Changes to these Privacy Guidelines

9. Other

10. Contact us

Related definitions:

MachineLink+: MachineLink+ is an SaaS tool for construction machinery provided by ROOTCLOUD. A certain product and service, including the official website of MachineLink+ (https://rmms-sea.rootcloud.com), the MachineLink+ app clients (including multiple app versions such as iOS and Android) and so on.

MachineLink+ operator: This refers to the legal entities that provide MachineLink+ products and related services, which are ROOTCLOUD TECHNOLOGY CO.,LTD and its affiliates. In these guidelines, they are referred to as ROOTCLOUD or we/us.

Enterprise users: Enterprises that use MachineLink+ product services.

Individual users/end users: Individuals or users who use MachineLink+ product services.

Personal information: all kinds of information related to identified or identifiable natural persons recorded by electronic or other means, excluding anonymized information.

Sensitive personal information: Personal information that, if leaked or used illegally, could lead to discrimination against individuals or serious harm to personal or property safety, including race, ethnicity, religious belief, personal biometric characteristics, medical and health care, financial accounts, personal whereabouts and other information.

Anonymization: The process of making the subject of personal information unrecognizable through technical processing of personal information, and the information cannot be recovered after processing.

1. What types of information we collect

1.1 In order to provide services to you and enterprise users and to ensure the normal operation of the services and to protect the security of your account, we will need to ask you for relevant permissions which include sensitive permissions such as camera, microphone, etc.. They will not be turned on by default and will only be authorized to us with your explicit consent. The specific descriptions are as follows:

1.1.1 When you use the voice call or video call, we will provide you with the voice call or video call service after you agree to grant system permissions for the microphone or/and camera. The above permissions are necessary to use the relevant functions. Denying the permissions will only prevent you from using the voice call or video call, but will not affect your normal use of other functions of MachineLink+.

1.1.2 When you use the calendar of MachineLink+, we will display your calendar information in your WeCom and provide you with the service of viewing and modifying the calendar information after you agree to grant the system permission of the calendar. The above permissions are necessary to use the relevant functions. Denying the permissions will only prevent you from using the calendar, but will not affect your normal use of other functions of MachineLink+.

In particular, it should be noted that obtaining sensitive access is a necessary but not sufficient condition for us to collect specific information. The fact that we have been granted a specific sensitive access does not mean that we will necessarily collect information about you; even if we have been granted sensitive access, we will only collect information about you when necessary and in accordance with these guidelines.

1.2 In order to provide the services to you and enterprise users, to ensure the proper functioning of the services, to improve and optimize our services and to protect account security, MachineLink+ collects, in the following manner, information that you voluntarily provide and authorize when you are registering or using the services, or information generated as a result of your use of the services.

1.2.1 Account registration information: When you first register and log into MachineLink+, you need to provide your cell phone number or your email account. The above information is necessary for you to use MachineLink+. If you do not provide such information, you will not be able to use our services normally.

1.2.2 When you use MachineLink+ services, we will collect the following information from you in order to provide MachineLink+ products and services to you and enterprise users, to maintain the normal operation of our services, to improve and optimize our service experience and to protect the security of your account.

1.2.2.1 Device information: According to the device model and the permissions granted during the installation and use of MachineLink+ services, we will collect information about the devices using WeCom services, including device model, operating system, unique device identifier (a string of characters programmed into the device by the device manufacturer that can be used to identify the unique corresponding device, such as the phone's IMEI number, Mac address, Android ID, etc.), device location (such as login IP address, GPS location, and Wi-Fi access points that can provide relevant information), MachineLink+ application version number, and device accelerators (such as gravity sensing devices), etc.

1.2.2.2 Log information: When you use the MachineLink+ services, we will collect log information about your use of the services, including the way, type and status of access to the network, network quality data, operation logs, service logs, etc.

2. How we store this information

2.1 Information storage location

We will store within China the personal information collected and generated in China in accordance with the laws and regulations.

2.2 Duration of information storage

In general, we retain your personal information only when it is necessary, for example:

Cell phone number and email address: No matter whether you register by cell phone number or by email address, if you need to use MachineLink+, we need to keep your cell phone number (including the initial registered cell phone number, bound cell phone number, etc.) to ensure your normal use of the service. When you delete your MachineLink+ account, we will delete the corresponding information.

In the event that our products or services cease operation, we will notify you by notification, announcement, etc., delete your personal information or anonymize it within a reasonable period of time, and immediately stop collecting personal information, as well as close the third-party application service interfaces to avoid the collection and continued use of personal information by third-party services.

3. How we protect this information

3.1 We strive to safeguard the security of our users' information against loss, misuse, or unauthorized access or disclosure.

3.2 We will use various security protection measures within a reasonable level of security to safeguard information. For example, we may use encryption technology (e.g., SSL /TLS), anonymization, etc. to protect your personal information.

3.3 We have established special management systems, processes and organizations to safeguard the security of information. For example, we strictly limit the people who have access to information, require them to comply with confidentiality obligations, and conduct audits.

3.4 In the event of a security incident such as the leakage of personal information, we will activate the emergency plan in accordance with the laws to prevent the incident from escalating, and inform you of the security incident, the possible impact of the incident on you and the remedial measures we will take by notification and announcement. We will also report on the handling of personal information security incidents in accordance with laws and regulations and requirements of regulatory authorities.

3.5 At present, the ROOTCLOUD platform has met the requirements of international and domestic authoritative certification standards, such as ISO/IEC 9001, ISO/IEC 27001 and Network Security Level Protection (Level 3), and acquired the corresponding certifications, in the field of information security and network security.

We will try our best to protect your personal information. We also hope you can understand that no security measure can be infallible.

4. How we use this information

We strictly comply with the laws and regulations and the agreements with users, and use the information collected for the following purposes in accordance with these privacy guidelines.

4.1 We collect relevant information when you use MachineLink+ services in order to provide better services for MachineLink+ users, including enterprise users and end users. We will use the information collected for the following purposes.

4.1.1 Provide, maintain and develop MachineLink+ services: We use the information we collect to provide and optimize MachineLink+ services, for example, to track service outages or troubleshootings reported to us by MachineLink+ users.

4.1.2 Security protection: To protect your safety and the safety of all users on MachineLink+, we will use relevant information to help improve the security and reliability of MachineLink+ services, including detecting, preventing and responding to fraud, abuse, illegal acts, security risks and other problems or technical problems that may harm MachineLink+, our users or the public.

4.1.3 To comply with relevant laws and regulations, departmental regulations, and relevant requirements of government directives.

At present we do not use your personal information for personalized recommendations or advertising purposes. If we use your personal information beyond the mentioned or reasonable collection purposes, we will inform you separately and obtain your express consent through web page prompts, interactive processes, website announcements or other means before using your personal information.

4.2 In accordance with relevant laws and regulations and national standards, we may collect and use your personal information without seeking your authorization in the following circumstances:

(1) in accordance with the obligations performed by the controller of the personal information under laws and regulations.

(2) directly related to national security and national defense.

(3) directly related to public safety, public health, and significant public interest.

(4) directly related to criminal investigation, prosecution, trial, sentence enforcement etc,.

(5) to safeguard the life, property and other significant legitimate rights and interests of the subject of the personal information or other individuals but it is difficult to obtain his or her authorization.

(6) The personal information involved is disclosed to the public by the subject of the personal information himself or herself.

(7) necessary for the signing and performance of the contract in accordance with the requirements of the subject of the personal information.

(8) personal information collected from legitimate and publicly disclosed source, such as legitimate news reports, government information disclosure and other channels.

(9) necessary for maintaining the safe and stable operation of the product or service provided, such as the detection and handling of the product or service failures.

(10) The controller of the personal information is a news organization and it is necessary for it to carry out legitimate news reporting.

(11) When the controller of the personal information is an academic research institution and it is necessary for conducting statistical or academic research for the public interest. When it provides the results of academic research or descriptions to the public, the personal information contained in the results is de-identified.

5. Information sharing and information provided for the outside

We do not share or transfer your personal information to third parties, except for the following circumstances

5.1 When we have obtained your explicit consent, we may share your personal information with third parties after your prior consent.

5.2 For external processing, we may share your personal information with affiliated companies or other third party partners (third party service providers, contractors, agents, application developers, etc.) to allow them to process such information for us in accordance with our instructions, privacy policy and other relevant confidentiality and security measures, and to provide our services for you for the purposes described in the section How we use this information. If we share your information with these affiliates or third parties, we will use encryption, anonymization and other means to keep your information secure.

5.3 We do not publicly disclose the personal information we collect. If public disclosure is necessary, we will inform you of the purpose of this public disclosure, the type of information to be disclosed and the sensitive information that may be involved, and will comply with relevant laws and regulations. It should be noted that it is up to the enterprise user to decide and manage how information related to the end user is disclosed or shared on the enterprise user's platform where the end user is a member. If you have any questions or comments about this, you shall understand and agree to contact your enterprise user or enterprise user administrators to address the issues to them.

5.4 We may disclose your personal information as required by law or in response to law enforcement from relevant authorities.

6. How you access and manage personal information

When you use MachineLink+, in order to make it easier for you to access, correct and delete your personal information, and to protect your right to withdraw your consent and leave your enterprise (delete your account), we have provided you with the corresponding settings in the product to configure, which you can refer to the following guidelines.

6.1 Access the personal information

6.1.1 Use app to access basic information such as avatar, name, gender, nickname, public identity, company, cell phone number, email address, and superordinate organization.

6.2 Correct the personal information

Use app to correct basic information such as avatar, name, gender, nickname, public identity, company, cell phone number, email address, and superordinate organization.

6.3 Delete the account

When you delete your account, we will stop providing you with the services and delete or anonymize your personal information within a reasonable period of time.

7. Protection of minors

We take the protection of personal information of minors very seriously. In accordance with relevant laws and regulations, if you are a minor under the age of 14, you are required to obtain written consent from your parent or legal guardian to these Privacy Guidelines. If you are the guardian of a minor, please contact us through the contact information in section 10 of this document if you have questions regarding the personal information of a minor under your guard.

8. Changes to these Privacy Guidelines

We may revise these Privacy Guidelines from time to time. When the terms of the guidelines are changed, we will show you the changed guidelines in the form of an announcement on our website (https://rmms-sea.rootcloud.com) or by notification.

When there are significant changes to the terms of these Privacy Guidelines, we will notify you via an announcement on our website (https://rmms-sea.rootcloud.com), or by notification, or in a more prominent pop-up.

The changes referred to in this article include, but are not limited to:

(1) Significant changes in our service model, such as the purposes of processing personal information, the types of personal information processed, and the manners in which personal information is used.

(2) Significant changes in our ownership structure, organizational structure, etc., such as changes in ownership caused by business restructuring, bankruptcy mergers and acquisitions.

(3) Changes in the main subject of the sharing, transfer or public disclosure of personal information.

(4) Significant changes in your rights to participate in the processing of personal information and the manner in which they are exercised.

(5) When there is a change in the department responsible for handling the security of personal information, our contact information and complaint channels.

(6) When the personal information security impact assessment report indicates that there is a high risk.

9. Other

9.1、If you have any questions about these Privacy Guidelines or if the above-mentioned personal information you provide is intruded, you can contact us through the contact information at the bottom of the platform website, we will reply to you as soon as possible after receiving the complaint.

9.2、If you have provided personal information to the service platform or ROOTCLOUD and its affiliates before the issuance of these Privacy Guidelines, your consent to these Privacy Guidelines shall be deemed as consent to the relevant authorizations of these Privacy Guidelines.

10. Contact us

10.1、If you have any questions, comments or suggestions about these Privacy Guidelines or matters related to your personal information, please contact us by visiting the official website of the service platform, or using client online customer service or calling the platform service hotline 400-887-8318.

10.2、Usually, we will reply within fifteen working days. If you are not satisfied with our reply, especially if our processing behavior of the personal information has harmed your legitimate rights and interests, you can also make a complaint or report to the regulatory authorities of network & information, telecommunication, public security and industry and commerce.

We will review the issue as soon as possible and respond within fifteen days after verifying your user identity.

 

ROOTCLOUD TECHNOLOGY CO.,LTD