Kapi Action personal information protection policy
Update date [February 1, 2024]
Dear users:
Thank you for using the "Kapi Action" mobile application (hereinafter referred to as " this service "). "Kapi Action" is a photography equipment mobile application operated by Shanghai Yuhuan Technology Co., Ltd. and its affiliates (hereinafter referred to as " Yuhuan " or " us "). We are well aware of the importance of personal information to you and will do our best to protect your personal information security. We will abide by the principles of consistency of rights and responsibilities, clear purpose, choice of consent, minimum sufficient, openness and transparency, ensuring safety, and subject participation in accordance with national laws and regulations to protect your personal information.
In order to help you understand what personal information we have collected from you through "Kapi Action" and how we use, store, share and transfer this information when you use "Kapi Action", we have formulated the "Kapi Action" personal information protection policy " (hereinafter referred to as" this policy "). Please read this policy carefully, especially the content displayed in bold . If you have any questions, comments or suggestions, you can contact us through the contact information in Section 11 of this policy.
Since the "Kapi Action" device and application need to collect and use the personal information of the monitored object according to your choice, please ensure that you have obtained the consent of the monitored object, agree to our collection and use of the personal information of the monitored object, or you have the right to provide us with the personal information of the monitored object. If the monitored object you choose involves children, please be sure to read the content of Part 9 of this policy .
This policy will help you understand the following:
1. Scope of this policy
2. How we collect and use your personal information
3. Exceptions with authorized consent
4. How we use cookies and other similar technologies
5. How we store your personal information
6. How we share, transfer and publicly disclose your personal information
7. How we protect your personal information
8. Your rights
9. How we handle children's personal information
10. Changes and revisions to this policy
11. How to contact us
12. The effectiveness of this policy
I. Scope of application of this policy
This policy applies to the services we provide to you through "Kapi Action".
It should be noted that this policy does not apply to services provided to you by other third parties, such as third-party services or websites linked to by "Kapi Action". You understand that these services are independently provided to you by third parties, and third parties will be solely responsible for the processing of your personal information in accordance with their policies or user agreements.
How we collect and use your personal information
Personal information : Refers to various information recorded electronically or in other ways that can identify the identity of a specific natural person or reflect the activities of a specific natural person alone or in combination with other information. This Privacy Policy includes user nickname, mobile phone number, device information, log information, IP Address.
When you use "Kapi Action", we will collect and use the personal information necessary to provide relevant services in the following ways; if you do not use this function, we will not collect the corresponding information.
1. Ensure the normal provision of services
In order to ensure the normal operation of equipment and applications, and to ensure the security of your information, we will collect the following information from you
a. Device Information : In order to ensure the safe operation, quality and efficiency of software and services, we will collect your hardware model, operating system version number, Device ID symbol (Android such as IMEI/MEID, AndroidID, OAID, IMSl, SIM card information (such as ICCID), GAID, hardware serial number (SN), iOS such as IDFV, IDFA; different identifiers will be different in terms of valid period, whether it can be reset by the user and acquisition method), network device hardware address (device MAC address), IP Address, WLAN access point (such as SSID, BSSID), Bluetooth, base station, software version number, network access method, type, status, network quality Data, operation, usage, service logs, application installation list, operator information.
b. Device sensor : When shooting, we will call the device dynamic sensor (such as Acceleration Sensor, gravity sensor) to recognize your device status (landscape/portrait), in order to provide you with better interface adaptation effect.
c. Clipboard :
A. [Authorized Login] When you log in with a third-party account, we will write and read the information necessary for login in the clipboard. This information is only used for login-related purposes and will not collect your privacy information.
B. [Sharing, Identification] When you share or receive shared information, participate in activities, etc., we need to access your clipboard, read the password, sharing code, and link contained therein, in order to achieve functions or services such as jumping, sharing, and activity linkage.
C. [Statistical Analysis] We may need to statistically analyze the application source channel information through the clipboard. During the statistical process, we will not postback the personal privacy information you write to the clipboard.
D. [Special Note] Some end point devices such as mobile phones may prompt that the application (App) is reading the clipboard, but the system prompt cannot distinguish whether clipboard information is collected or not, and false positives may not be ruled out. Therefore, if you find similar prompts, please contact us so that we can locate the problem.
2. Use our products and services
a. Register and log in to your account
To register as a "Kapi Action" user, we need to collect your mobile phone number, password or verification code to register and create a "Kapi Action" account. You can also log in with a third-party account and use "Kapi Action". You will authorize us to obtain the public information you registered on the third-party platform (avatar, nickname, and your authorized WeChat account) for binding with the "Kapi Action" account, so that you can directly log in and use this product and related services.
b. Photo and video shooting
To provide you with services for taking pictures or videos, we need to obtain your camera permission; to provide you with services for recording video and sound, we need to obtain your microphone permission; to provide you with services for saving videos and importing local videos, we need to obtain your album permission (SD card permission).
The above permissions will not be enabled by default. They will only be used for specific functions or services with your explicit authorization, and you can also revoke the authorization. It should be noted that even if we obtain these sensitive permissions with your authorization, we will not collect your information when the relevant functions or services are not needed.
3. Personalized Ad Push
In order to provide you with free and high-quality services, we will show you advertisements that may be more interesting and relevant to you as much as possible based on your use of relevant services, and we will strive to ensure the security of your data during this process.
In order to achieve specific software functions and provide you with better services, we have embedded a third-party Software Development Kit (SDK) in the software. Please click here to view the catalog of third-party SDKs accessed in our products ("Access to Third-Party SDK Catalog" ( Third-Party SDK Catalog ) , to understand the third-party SDKs that may obtain your information, the identity of relevant service providers, the scope of your information collected or obtained through us, and the purpose of use. We will occasionally conduct technical inspections and behavioral audits on such partners or service providers, and require them to comply with cooperation legal agreements to maximize their collection and use of data in accordance with laws, regulations, and agreements. Please note that although we will require such third parties to strictly protect your personal information through contracts and technical means, such third parties will independently assume the responsibility of protecting your personal information in accordance with their personal information protection policies.
III. Exceptions with authorized consent
According to relevant laws and regulations, the collection and use of your personal information in the following situations does not require your authorization:
1. Related to our fulfillment of obligations stipulated by laws and regulations.
2. Related to national security and national defense security.
3. Related to public safety, public health, and major public interests.
4. Related to criminal investigation, prosecution, trial, and judgment enforcement.
5. For the protection of the major legitimate rights and interests of the subject of personal information or other individuals such as life and property, but it is difficult to obtain your consent;
6. The collected personal information is disclosed to the public by yourself;
7. Collecting personal information from legally disclosed information, such as legal coverage, government information disclosure, and other channels.
8. Necessary for maintaining the safe and stable operation of the products or services provided, such as discovering and handling product or service failures.
9. Academic research institutions that conduct statistical or academic research based on public interest need to de-identify the personal information contained in the results of academic research or descriptions when providing them to the public.
10. Other circumstances stipulated by laws, regulations or national standards.
IV. How we use cookies and other similar technologies
A cookie is a small piece of data (text file) that we allow our browser to store on your device (such as a computer or smartphone), recording information about your login status or device information so that you don't have to log in again when you visit again. "Similar technologies" related to the general term "cookies" also include local objects (sometimes called flash cookies), web beacons, pixel tags, browser fingerprinting technology, or any technology that stores or accesses information on a user's device. This information usually does not allow us to identify you, but can provide a better User Experience when you visit the website (including our website).
How we store your personal information
The personal information we collect and generate within the territory of the People's Republic of China will be stored within the territory of the People's Republic of China.
We will only retain your personal information for the period necessary to achieve the purposes described in this policy, unless there is a mandatory retention requirement by law. We mainly refer to the following criteria for determining the storage period of personal information, whichever is longer:
1. Complete the business functions you agree to use.
2. You agree to a longer retention period.
3. Are there any other special provisions regarding the retention period?
After the retention period, we will delete or anonymize your personal information as required by applicable law.
If we stop operating "Kapi Action" and related services, we will stop collecting your personal information in a timely manner and notify you of the cessation of operation in the form of an announcement. At the same time, we will delete or anonymize the personal information we store.
Note: Anonymization processing refers to the process of technical processing of personal information so that the subject of personal information cannot be identified or associated, and the processed information cannot be restored. According to relevant laws, regulations and national standards, information processed through anonymization does not belong to personal information.
How we share, transfer and publicly disclose your personal information
1. Share
We will not share your personal information with any company, organization or individual, except in the following circumstances:
1. With your express consent, we will share your personal information with other parties.
2. We may share your personal information externally in accordance with laws and regulations, litigation dispute resolution needs, or as required by administrative and judicial authorities.
3. Within the scope permitted by laws and regulations, it is necessary to share your personal information to protect the interests, property or safety of us, our affiliates or partners, you or other Yu Huan Technology users or the public from harm.
4. Sharing with our affiliates. In order to facilitate our provision of services to you, we may share your personal information with our affiliates. However, we will only share necessary personal information, and the use of your personal information by affiliates is subject to this policy or the policies of affiliates that provide substantially the same level of protection for your personal information as this policy with your authorization and consent. Both we and our affiliates will strictly comply with the personal information and data security protection system and policies of Yu Huan Technology.
2. Transfer
We will not transfer your personal information to any other company, organization or individual, except in the following circumstances:
1. Obtain your explicit consent or authorization in advance.
2. Provide as required by applicable laws and regulations, legal procedures, and mandatory administrative or judicial requirements.
3. Provide in accordance with the relevant agreements signed with you (including online signed electronic agreements and corresponding platform rules) or other legal documents.
4. With the development of our business, we and our affiliates may engage in mergers, acquisitions, asset transfers or other similar transactions. If the relevant transactions involve the transfer of your personal information, we will require the companies, organizations and individuals who hold your personal information to continue to be bound by this policy, otherwise we will require the companies, organizations and individuals to obtain your authorization again.
(3) Public disclosure
We will only publicly disclose your personal information in the following circumstances:
1. After obtaining your affirmative consent;
2, based on legal disclosure: in the case of law, legal proceedings, litigation or mandatory requirements of government authorities, we may publicly disclose your personal information.
How we protect your personal information
We attach great importance to the security of your personal information and have taken industry-standard security measures to protect the personal information you provide to prevent unauthorized access, public disclosure, use, modification, damage or loss of data. We will take all reasonable and feasible measures to protect your personal information.
1. Yuhuan Technology has set up a dedicated person in charge of personal information protection, responsible for handling various affairs related to Yuhuan Technology's products and services that may involve user personal information, as well as planning and formulating company policies, reviewing user usage agreements for each product, supervising the working principles and information processing mechanisms of each product, etc.
2. We have conducted ISO 27001 information security management system certification, ISO27701 privacy information management system certification, and grading evaluation of cyber security level protection for key products. We have formulated the overall policy and security strategy for information security work in accordance with the requirements of information security level protection, established a security management system covering the host, data, application, management and other levels, established an information security management committee and an information security executive committee, established the system platform department as the functional area of business for product security management work, clarified the responsibilities, division of labor and skill requirements of various departments and positions within the security management organization, and formulated clear personnel recruitment and resignation management standards.
3. We will encrypt the transmission and storage of identifiable personal sensitive information, and the encryption strength meets the security requirements to ensure the confidentiality of data. Our application system provides functions such as identity authentication, uniqueness check of user identification, role-based access control, etc. It uses HTTPS security protocol for communication, sets the maximum number of concurrent session connections, and can monitor and alarm when the system service level drops to the minimum value specified in advance. We deploy access control mechanisms at the server level, adopt the minimum sufficient authorization principle for staff who may come into contact with your personal information, and regularly check the list of visiting personnel and access records. Our server operating system and Database System passwords have complexity requirements. We use the SSH security protocol for remote management, strictly limit the access permissions of default accounts, and modify the default passwords. The audit records are comprehensive and cover all users.
4. Our server systems that store users' personal information are all security-hardened operating systems. We will conduct account audits and monitoring of server operations. If we find a server operating system with security issues announced externally, we will upgrade the server security as soon as possible to ensure the security of all server systems and applications.
5. We regularly hold training on personal information protection laws and regulations for staff to strengthen their awareness of user privacy protection.
6. We have developed emergency plans for cyber security incidents and allocated sufficient resources to ensure their implementation. We have conducted training and emergency drills on emergency plans every year. If our physical, technical, or management protection measures are unfortunately compromised, we will promptly activate the emergency plan to prevent the expansion of security incidents, report to the competent national authorities in accordance with laws and regulations, and timely adopt reasonable and effective methods such as push notifications and announcements to inform you of the basic situation, possible impact, measures already taken or to be taken, etc. of security incidents.
VIII. Your rights
During your use of Kapi Action, you can access and manage your personal information in the following ways:
Access and correction of your personal information
You have the right to inquire, correct or supplement your information. If you wish to access and correct other personal information, you can contact us through the contact information in Section 11 of this policy to access and correct it.
Delete your personal information
You may request us to delete your personal information if:
1. We collected your personal information without your consent.
2. We process your personal information in violation of legal requirements.
3. We use and process your personal information in breach of our agreement with you.
4. You are no longer using our products or services.
5. We will stop providing services to you.
You can contact us through the methods provided in Section 11 of this policy to request the deletion of your personal information, and we will respond within 15 working days. When we delete your personal information from the server, we may not immediately delete the corresponding data from the backup system, but we will delete this information when the backup is updated. Please note that if deleting your personal information is technically difficult, we will also stop processing your personal information in a timely manner.
(3) Withdraw your authorization and consent
Each business function requires some basic personal information to be completed. For other personal information you voluntarily provide, you can give or withdraw your authorization consent at any time. Withdrawing your consent does not affect our previous processing activities of your personal information, but we will not continue to process your personal information. You can contact us through the contact information in Section 11 below to change the scope of your authorization consent.
(4) Cancellation of account
You can contact us at any time to cancel your account through the contact information in Section 11 below.
(5) Obtain a copy of your personal information
You can obtain a copy of your personal information by contacting us using the contact details in Section 11 below.
If the relevant technology is feasible, if the data interface has been matched, we can also directly transfer a copy of your personal information to the third party you specify according to your request.
How we handle children's personal information
Our products and services are mainly for adults. Children under the age of 14 are not allowed to use our products or services without the consent of their parents or guardians.
In the case of collecting children's personal information with parental consent, we will only use or publicly disclose this information when permitted by law, affirmative consent of parents or guardians, or necessary to protect children.
If we find that we have collected a child's personal information without prior verifiable parental consent, we will try to delete the data as soon as possible.
Changes and revisions to this policy
Our personal information protection policy is subject to change. We will not limit your rights under this policy without your affirmative consent.
We will provide significant notice of major changes to this policy. You can also browse "Kapi Action" at any time to view the latest policy.
The significant changes referred to in this policy include but are not limited to:
1. Our service model has undergone significant changes. Such as the purpose of processing personal information, the type of processing personal information, the way of using personal information, etc.
2. We have undergone significant changes in control, such as changes in ownership caused by mergers and acquisitions.
3. Changes in the main objects of personal information sharing, transfer or public disclosure;
4. Significant changes in your rights to participate in the processing of personal information and how you exercise them;
5. When the department responsible for handling personal information security, contact information and complaint channels change;
6. When the personal information security impact assessment report indicates that there is a high risk.
Your continued use of our products and services after such changes and revisions will be deemed to be your agreement to the changes and revisions to this policy.
How to contact us
Shanghai Yuhuan Technology Development Co., Ltd. is the operator of "Kapi Action" and the controller of your personal information. Its registered and contact address is Unit 6-54, 6th Floor, No. 1900 Hongmei Road, Xuhui District, Shanghai. If you have any questions, comments, suggestions or complaints about our policies and the handling of your personal information, please send an email to kaipai.action@sensetime.com. In general, we will respond to your request within 15 working days.
Please understand that due to reasons such as material review, business verification, and operation procedures, the processing time for user requests may be longer than the above time limit. If you are not satisfied with our response, especially if our personal information processing behavior has harmed the legitimate rights and interests of users, you can also complain or report to regulatory departments such as the Internet Information, Telecommunications, Public Security, and Industry and Commerce in our location; or file a lawsuit with the court with jurisdiction in our location. We hope that users can have friendly negotiations with us before complaining or suing to the government or court, and welcome and thank users for their supervision and suggestions.
The effectiveness of this policy
The update date of this policy version is January 19, 2024, and it will officially take effect on January 20, 2024.