download
Update Date: August 04, 2023
Effective Date: August 31, 2023
Dear "SH MaaS" user (hereinafter referred to as "You"), in order to facilitate your use of the platform
products and services, including the "SH MaaS" application software (hereinafter referred to as "this
application"), the platform operator and the owner of this application , Shanghai Mobility Service Technology
Co.,Ltd. (hereinafter referred to as "we" or "us"), will collect, use, store, and provide your user
information (hereinafter collectively referred to as "processing") in accordance with the provisions of the
"SH MaaS" Personal Information Protection and Privacy Policy (hereinafter referred to as "this policy").
This policy applies to the products and services provided to you by the platforms legally owned and operated
by us, labeled "SH MaaS", including the APP, SH MaaS official website (https://www.shmaas.cn/), public
account, mini-programs, and other platforms. It also applies to certain functions/services within the "SH
MaaS" application integrated as a third-party service in other third-party smart hardware, software, or
services (the aforementioned product and service system is also referred to as the "platform" or "SH MaaS").
When you use our products or services, we need to process your information according to the relevant laws,
regulations, and regulatory policies to provide you with services and improve service quality. Through this
policy, we aim to explain to you: what data we collect when you use our products or services, why we collect
this data, what we will do with this data, and how we protect this data. This policy is closely related to the
products or services you use from us, and it is crucial for you to exercise user rights and protect your user
information. Please carefully read and fully understand the content of this policy
(especially the content in bold underline) before using our products or services.
Please read this policy carefully, understand our rules for processing your user information, and if we update
this policy, we will promptly notify you of the updates. If you have any questions, you can contact the
official platform hotline【$phoneStr】for consultation.
By clicking "Agree" and confirming the submission, you are deemed to agree to the content of this policy
(including updated versions) and agree that we process your user information according to this policy. If
you do not agree to any terms in this policy, you should immediately stop accessing and using our
platform.
Special Note: When you use third-party services through "SH MaaS", the third party may have its own privacy
protection policy. When viewing pages created by third parties or using services developed by third parties,
these third parties may place their own cookies or network beacons, which are not under our control. We will
make efforts to request these entities to protect your personal information. It is recommended to contact
them for detailed information about their privacy policy. If you find risks in these third-party services,
it is advisable to terminate the relevant operations to protect your legitimate rights and interests.
You can read specific sections of our privacy policy in more detail based on the following index:
I. Principles for the Collection and Processing of Your User Information by Us
II. How We Collect and Use Your User Information
III. How We Use Cookies and Similar Technologies
IV. How We Share, Transfer, Publicly Disclose, and Entrust the Processing of Your User Information
V. How We Store Your User Information
VI. How You Can Manage Your User Information
VII. Exceptions to Obtaining Authorized Consent
VIII. How We Protect Your User Information
IX. How We Protect Information of Minors
X. How Your User Information Is Transferred Globally
XI. Our Operational Organization
XII. How This Policy Is Updated
XIII. How to Contact Us
XIV. Other
I. Principles for the Collection and Processing of Your User Information by Us
Principles of Legality, Legitimacy, Necessity, and Good Faith.
Mainly refers to: 1. Obtain your or your guardian's consent, except as otherwise provided by laws and
regulations 2. Collect and process information in accordance with the purposes, methods, and types specified
in this policy. 3. Do not process information unrelated to business or handle information in an improper
manner. 4. Do not violate laws, regulations, and agreements between the parties.
II. How We Collect and Use Your User Information
(I) Responsibility Statement
This application is only responsible for collecting information necessary for your use of the
functions/services provided by this application. According to regulatory requirements, relevant regulatory
authorities will collect your relevant information and maintain it based on regulatory needs. For business
needs and necessary security certification, the third-party service system may share your user information or
perform secondary authentication. We are not responsible for any leakage of user information at regulatory
authorities or third-party service systems.
(II) How We Collect and Use Your Personal Information
We will only collect and use your personal information for the following purposes as stated in this policy:
To provide you with the basic functions of our products/services: User registration, login and authentication,
account and password management, QR code boarding, taxi and ride-hailing services, Parking Service, Road
Assistance Service, Nearby Maintenance Factory Inquiry Service, Bus Basic Information Inquiry Service, User
Activities, Security and Data Analysis Service, Public Welfare, you need to authorize us to collect and use
the necessary personal information. If you refuse to provide the necessary information, you will not be able
to use our products/services normally.
To provide you with expanded or additional functions of our products/services: Service Optimization and
Development, you can choose to authorize us to collect and use your other personal information. If you refuse
to provide the aforementioned information, you will not be able to use the related additional functions or
achieve the intended functional effects, but it will not affect your normal use of the basic functions of our
products/services.
(III) Scenarios where you need to authorize us to collect and use personal information
1. User registration, login:
For the necessary prevention of malicious programs and secure operations, when you use this application
(including the first run of this application), we will collect information about the application process. If
you do not perform any registration or login operations later, the aforementioned application process
information will not be associated with you personally.
When you only need to browse the main channel or use some services that do not require login, you do not need
to register as a user with us and do not need to provide relevant personal information. When you are not
logged in, we will not collect your personal information.
(1) Registration service:
When you need to use the user services provided by us, you need to provide your own phone number and
SMS verification code for registration and login. After completing the registration, the platform will generate a SH MaaS account
for you, and you can set your login password.
(2) Third-party account binding:
After you successfully register as a user with us, you can choose to bind a third-party account for quick
login. We will access and collect your expressly authorized personal information (such as profile photo,
nickname, region, gender, etc., subject to the public information and permissions authorized by different
third-party accounts) indirectly through third-party account interfaces (such as WeChat API, etc.). We will
bind the third-party account to your SH MaaS account and phone number. If you refuse to provide the
information that this platform needs to obtain from the third-party account interface, you will not be able to
log in quickly through the third-party account, but you can still log in through other methods.
(3) Login Service
Upon subsequent logins to this application, you can choose to verify your identity using your mobile phone: In
this method, you need to provide your
phone number and login password/sms verification code At the same time, you agree that we will verify the validity of the login information you provide.
Alternatively, you can choose to log in with a third-party account: In this method, we will collect your
third-party account information (such as profile photo, nickname, region, gender, etc.).
If you do not provide the above information, we will be unable to provide you with services that require
login, such as QR code boarding, real-person authentication, and others.
2.User Authentication
After registration, you can directly use regular user services, including viewing nearby bus and metro
information and using some basic services that do not require real-person authentication. If you need to use
real-person user services such as taxi services, ride-hailing services, Parking Service, QR code boarding,
wallet, etc., you will also need to undergo user real-person authentication.
Real-person authentication methods include face recognition and bank card authentication. If you choose face
recognition, you need to provide your name,
ID card number, and biometric information (including static and dynamic facial features).
If you choose bank card authentication, you need to provide your name,
ID card number, information for a Class I bank account or credit card account, bank's reserved mobile
number, and SMS verification code.
At the same time, we will identify your gender and age based on the ID card number you provide. The above
information is considered sensitive personal information, and you can refuse to provide it. If you refuse to
provide it, you may not be able to access real-person user services, but it will not affect the normal use of
other functions and services.
3. Account and Password Management
(1) Account Information Management
After successfully registering an account, you can complete relevant online identity information (username,
profile photo, and personal information, etc.) based on your needs and the modules opened to users by the
platform.
(2) Setting Common Addresses
You can set your common addresses yourself, so that when relevant services involve address searches, you can
conveniently fill in the starting and ending points of your trips.
4. Vehicle QR Code Scanning Service
If you need to activate the QR code scanning service for scenarios such as metro, bus, ferry, and maglev
transportation, you need to provide your name and ID card number.
After submitting this information to the relevant partner, you will be redirected to their software page for
login and verification. These operations occur in third-party software, and you need to comply with their user
agreements and privacy policies. We cannot monitor your actions in these software, so you are responsible for
your actions. After you pass the verification with the partner, we will collect your QR code. After using the
QR code for metro, bus, ferry, and maglev transportation, we will also collect information about your QR code
boarding orders.
5.Taxi and Car Hailing Services
(1) Car Hailing
You need to provide your location information so that you can access
travel-related services or functions based on geographic location, such as getting the pick-up point,
recording the route, and map navigation, without manually entering your current location. If you refuse to
grant us access to your location information, you will need to manually specify your location, but this won't
affect your use of our products and services. You can also revoke or adjust the above authorization at any
time through the settings function.
Before requesting a ride, you need to provide
pick-up/drop-off locations for us to arrange a vehicle and estimate arrival time. If you refuse to provide this information, you will be
unable to use Taxi and Car Hailing Services.
When using Car Hailing, you also need to provide your device information. We will pass this information to our
cooperating partner in charge of customer service to facilitate real-time dispute resolution by their online
customer service.
If you call a taxi for someone else, in addition to providing pick-up/drop-off locations, you also need to
provide the actual passenger's name and phone number. You must ensure that the actual passenger agrees to our
collection and use of their personal information as per this agreement. If you do not provide this
information, you cannot call a taxi on behalf of someone else.
(2) Itinerary Recording
Based on legal requirements, local regulations, and due to the need of verifying facts and addressing
complaints in case of disputes or safety incidents involving users, or for the purpose of user identity
verification for security reasons, we will record the interior and exterior environment during the trip. You
agree and authorize us to record your itinerary and collect
Itinerary Recording information . If you refuse to provide Itinerary Recording information, you will be unable to use Taxi and Car Hailing
Services.
(3) Emergency Aid
To facilitate notifying your emergency contacts in case of an emergency, we need to access your contact list.
You can choose to set emergency contacts, and you need to provide the emergency contact's name and phone
number. You must also ensure that the emergency contact agrees to our collection of their personal information
as per this agreement. If you do not provide this information, we will be unable to send notifications.
During your trip, if your personal or property safety is threatened, you can use the Emergency Aid function.
When you initiate Emergency Aid through the app, we will immediately provide assistance services and send an
emergency notification to your emergency contacts. During this process, we will also collect relevant
information, including your
trip details (pick-up/drop-off locations, time, travel trajectory/location information, etc.), location
information, and Itinerary Recording information.
(4) Itinerary Sharing
When you choose the Itinerary Sharing service, we will collect yourtrip (itinerary) information. If you refuse to provide this information, you cannot share your trip, but it won't affect your use of our
other products and services.
(5) Payment Settlement Function
When you make transaction payments,we will collect your name, phone number, ID type, ID number, and bank card information for identity
verification and to facilitate the payment service.
After completing the payment, we will also collectpayment information such as the payment time, amount, channel, as well as order details, order payment
status, taxi coupon information, geographic location, device information, and app version. This information will be
used to verify whether you have paid according to the agreement, whether the driver has violated the charging
rules, maintain platform transaction order, and handle user disputes according to platform rules.
When you use payment services, you need to authorize the relevant regulatory authorities or provide us with
your name, phone number, ID type, ID number, and bank card information for identity verification and to
facilitate the payment service.
(6) Order Inquiry and Management
To facilitate your inquiry and management of trip information and order details, we will collectyour trip and order information, including but not limited to pick-up/drop-off locations, travel
trajectories, and detailed costs. If you refuse to provide the aforementioned information, we will be unable to provide you with Order
Inquiry and Management services.
(7) Dispute Resolution
To address the needs of dispute resolution, such as disputes between passengers and drivers, we need to
collect yourtrip information, Itinerary Recording information, payment information, order information, device
information, etc. If you refuse to provide this information, we cannot provide you with our products or services and
cannot better protect your rights.
(8) Online Car Hailing Invoice Issuance
If you need to issue an online electronic invoice for a ride-hailing trip, you can apply for it on the
platform. For individual billing, we need to collect the name of the billing entity (individual name or
company name, unified social credit code) and the email address to receive the invoice. We collect this
information based on the necessity of providing you with the invoice service. If you refuse to provide the
aforementioned information, we will be unable to provide you with an electronic invoice.
The billing entity should be the actual user of the ride-hailing service or the unit they belong to. If the
billing entity you provide is not yourself, you should ensure that the billing entity agrees to our collection
and use of their personal information as per this agreement.
6. Parking Service
(1) Recommended Parking Lot Service
To facilitate recommending nearby parking lots and navigation to you, we will collect yourlocation information. If you refuse to provide the aforementioned information, you cannot use the mentioned services, but it
won't affect your use of our other products and services.
(2) Parking Lot Payment, Off-Peak Sharing, Reservation, and Other Services
If you use relevant services provided by parking lots in cooperation with us, for ease of querying parking
fees, signing up for off-peak sharing, and parking reservations, we will collect your license plate number
andparking order information. If you refuse to provide the
aforementioned information, you cannot use the mentioned services, but it won't affect your use of our other
products and services.
7. Road Assistance Service
When you use Road Assistance Service (including one-click towing service), you need to provide the contact
person's name, phone number, license plate information, Road Assistance order information and status, and
payment information that you fill out. We will transmit your relevant information to the cooperating partner
providing rescue services. If you do not provide the aforementioned information, you cannot call Road
Assistance Service. If the contact person you provide is not yourself, you should ensure that the contact
person agrees to our collection and use of their personal information as per this agreement.
8. Nearby Maintenance Factory Inquiry Service
To facilitate your inquiry about nearby repair shops and navigation, we will collect your
location information. If you refuse to provide the aforementioned information, you cannot use the mentioned service, but it won't
affect your use of our other products and services.
9. Bus Basic Information Inquiry Service
When you use Bus Basic Information Inquiry Service, we will collect your
geographic location information and, through information sharing with our partners, provide you with basic information query services for bus
stops, bus routes, and real-time bus information.
10. User Activities
(1) Randomly Selected Mall Service
If you subscribe to the Randomly Selected Mall service to accumulate "DouDou" for redeeming user benefits, we
will collect yourtrip information. To facilitate the delivery of
redeemed items, you also need to provide the recipient's name, delivery address, and recipient's phone number.
If the recipient is not you, you should ensure that the recipient agrees to the collection of their personal
information for the purposes stated in this agreement. If you do not provide the aforementioned information,
you cannot use the service mentioned above, but it won't affect your use of our other products and services.
(2) Green Travel Carbon Inclusion
If you choose green travel methods such as buses, metro, and ferries, for calculating, summarizing, and
issuing carbon reduction and carbon points to you, facilitating your redemption of benefits on the Shanghai
Green Travel Carbon Inclusion platform, we will collect your user ID, username, name, gender, desensitized
phone number, desensitized ID number, registration device ID, city code, city name, order information, trip
information, payment information, etc., after you register on the Shanghai Green Travel Carbon Inclusion
platform.
(3) Operation Activities
When you participate in our Operation Activities, to facilitate the public display of activity results,
subsequent promotion of the activity, contacting you, and issuing gifts or transfers to you, we will collect
your name, mailing address, and contact information. If you do not provide the aforementioned information, you
cannot participate in the mentioned Operation Activities, and you will not receive related gifts and
transfers, but it won't affect your use of our other products and services.
(4) User Evaluation
If you evaluate related services on this platform, we need to collect your service rating and service review.
If you refuse to provide the aforementioned information, it may not be possible to receive feedback on your
experience with the related service, but it won't affect your use of our other products and services.
(5) Customer Service
When you contact our customer service team, to facilitate dispute resolution, problem-solving, or feedback to
you, we will collect your name, contact information,
call details (call content call duration, calling and called phone numbers, and
text messages sent through the SH MaaS platform)). If you refuse to provide the aforementioned information, it may prevent us from receiving your opinions
or suggestions, or we may be unable to provide feedback on the results, but it won't affect your use of our
other products and services.
(6) Others
If you need to apply online for offline delivery or product testing, it is necessary for you to provide
contact information, address, or other necessary information to fulfill the service.
We may invite you to participate in surveys related to our products and services.
11. Security and Data Analysis Service
(1) To control operational risks, ensure the security of your account, transaction security, and system
operation, meet the relevant requirements of laws, regulations, and our agreement rules, protect the personal
and property safety of you, other users, or the public from infringement, better prevent phishing websites,
fraud, network vulnerabilities, computer viruses, network attacks, network intrusions, and other security
risks, and more accurately identify violations of laws, regulations, or agreements and rules related to this
application. We will collect your device information (including device model, operating system version, device
settings, MAC address and IMEI, IDFA, OAID, Android ID, IDFV, and other device identifiers, SIM card IMSI
information, SIM card location, device environment, mobile application list, etc.), log information (including
browsing history of this app, search content, click and view records, transaction records, IP address, browser
type, telecommunications operator, language used, access date and time, running process information), and
information communicated through our services, including accounts you have communicated with. We may use your
account information, integrate device information, relevant network logs, and information shared by government
agencies, affiliated companies, and partners to assess the risk of your account, perform identity
verification, detect and prevent security incidents, and take necessary recording, auditing, analysis, and
disposal measures in accordance with the law.
(2) In order to ensure the secure and stable operation of the services provided to you, we need to record
information related to your use of the "SH MaaS" service. This includes the type and method of service usage,
device model, IP address, device software version, device identification code, device identifier, running
process information, overall application operation, location, and network usage. If you do not agree to the
recording of the aforementioned information, it may hinder the completion of risk control verification.
12. Public Welfare
In response to the needs of public welfare, especially during unexpected public health events or emergencies
aimed at protecting the life, health, and property safety of individuals, when you use functions or services
related to public welfare, including but not limited to "Sui Shen Ma," you may be required to provide
necessary information. This information includes your name,
ID number, phone number, identification photo, and facial biometric information, which is essential for us to implement relevant regulatory measures.
(IV) Scenarios for Authorizing Collection and Use of Personal Information:
13.Service Optimization and Development
We collect and correlate information about your use of our products, services, and the way in which you use
them, as necessary to fulfill business requirements or interaction design changes, including:
(1) Log Information: When you use our website or client-provided products or services, we automatically
collect detailed information about your usage as part of network log preservation. This includes
search query content, accessed service records, access date and time, service request status, and network
conditions.
It's important to note that isolated log information cannot identify the specific identity of an individual.
If we combine this non-personal information with other information to identify the specific identity of an
individual, or if it is used in conjunction with personal information, during the combination period, this
non-personal information will be treated as personal information. Except as authorized by you or as otherwise
stipulated by laws and regulations, such personal information will be anonymized and de-identified.
(2) Communication Records: When you contact us, we may retain your communication/call records and content or
the contact information you provide. This helps us get in touch with you, assist in problem resolution, or
record the handling process and results of relevant issues.
(3) Better Meeting Your Needs: We use the collected information to meet your specific requirements (if the
user is not logged in, personalized recommendation services do not exist). This includes language settings,
location settings, improved help services and guidance, or other responses to you and other users.
(4) We use the collected information to provide you with more relevant services and offer features or services
you may be interested in. At the same time, for decisions that may significantly impact your personal rights
in certain personalized services, you have the right to request an explanation from us and the right to refuse
decisions made solely through automated means.
(5) Statistical Analysis: When you use services such as "Bus Basic Information Inquiry Service", we may use
your gender and age to facilitate statistical analysis of the gender ratio and age distribution of the user
population corresponding to this service. This helps us create statistical data that is difficult to identify
with other information regarding your personal identity.
14. Additional Notes:
If you wish to use certain optional features or services, you must also provide the necessary information for
the use of such features or services. This may include gender, date of birth, place of birth, household
registration location, ethnic, etc. Before you use these features or services, we will inform you and obtain
your consent. In other scenarios where information collection is necessary, if the usage scenario is not
directly related to the initial scenario, we will re-obtain your consent before using the information.
With your authorized consent or as required by laws and regulations or regulatory requirements, we may use
your personal information for other purposes.
The information bolded, underlined, and in black font above represents your sensitive personal information,
and we will collect such information only with your explicit and separate consent. If you do not agree to
provide such information, you will be unable to enjoy the corresponding functions or services, but it will not
affect your use of other service functions. Objectively, we cannot guarantee 100% security. In the event that
your sensitive personal information is leaked or unlawfully used due to force majeure, it may compromise your
dignity or endanger your personal and property security.
After collecting your user information, we will use technical means to de-identify, encrypt, or anonymize your
information. Through de-identification, encryption, or anonymization, the information will be rendered
unidentifiable regarding your specific identity.
(V) System Permissions:
1. When you use location-based services provided in this application, we need your authorization to use your
location information
(collected through the Gaode SDK, collection frequency: default 2 seconds/cycle on Android, 5 seconds/cycle
for business; on iOS, based on the system's own rules, reading when the location changes) , including:
(1) Your geographical location information collected through the use of our services on a mobile device with
location functionality, gathered through GPS or WiFi.
(2) Real-time information containing your geographical location provided by you or other users: 1) Your
regional information included in the account information you provide. 2) Shared information uploaded by you
showing your current or past geographical location.
(3) You can stop our collection of your location information by turning off the location function.
2. During the use of the service, we may also need you to provide the following necessary system permissions
to complete the service:
(1) When you receive system message notifications, you need to allow access to phone notification permissions.
(2) When viewing institution information based on location and special city positioning, you need to allow
access to phone geolocation permissions.
(3) When using voice search, you need to allow microphone permissions.
(4) When conducting online business transactions, inputting relevant information, or uploading/downloading
images, you need to allow access to device information permissions, phone storage permissions, and camera
permissions.
(5) When using the public transit function, you need to allow access to Bluetooth permissions.
(6) When logging in using fingerprint or facial ID, you need to complete information verification on the
device.
We only receive verification results and do not collect your fingerprint or facial ID information. If you prefer not to use fingerprint or facial ID verification, you can still log in through other means.
(7) When you use face recognition, you need to authorize us to use your camera permissions. You agree that we
will compare the facial portrait information you provide to us with the institution authorized by law or
government agencies, confirming whether the currently logged-in account is operated by you. If you do not use
face recognition, you are not required to provide relevant information.
(8) In addition, for the security of your personal information and sensitive data, we have implemented
anti-hijacking measures in the application. Therefore, you need to allow floating window permissions.
(9) To help developers provide information content redirection and sharing functions to end-users for
information sharing or receiving shared information, we need access to the clipboard for passwords, links, and
other content.
3. To enhance the convenience of using this application's services, in the following scenarios, you can choose
whether to authorize us to collect and use your user information:
- Microphone-Based Functions/Services: You can use voice reading services.
-
Camera-Based Functions/Services: You can use:1) Scan QR codes; 2) Identity card recognition; 3) Upload
images.4) Face recognition Authentication:
-
Camera (Photo Library) Based Functions/Services: You can use:1) Scan QR codes; 2) Identity card recognition;
3) Upload images.
- Location-Based Functions: You can enable location services for location queries.
- Storage-Based Functions/Services: You can use the bus code.
- Phone-Based Functions/Services: You can use the call function for inquiries.
-
Network Communication-Based Functions: After enabling the network communication function in this
application, you can access various services provided by our client-server system.
III. How We Use Cookies and Similar Technologies
(I) Cookies and Similar Technologies:
We may collect and use your information through cookies (data stored on the user's local device) and other
related technologies. The specific purposes for using cookies include:
(1) Remembering Your Identity: Cookies help us recognize you as a registered user.
(2) Analyzing Your Use of Our Services: This helps us provide more thoughtful personalized services, including
customized pages and recommendations.
(3) Browser Settings for Cookies: You can refuse or manage cookies through your browser settings. However,
please note that disabling cookies may affect the availability of certain features, and you may not enjoy the
optimal service experience.
(4) Information Recorded by Cookies in This App: The information recorded by cookies in this application is
subject to this privacy policy.
(II) SDK
This app has integrated various third-party SDKs. During your use of the service, we may embed third-party
SDKs based on business requirements.The information collected by third-party SDKs is explained below, effective from the agreement date of
collecting the third-party SDKs, and the content is provided by the respective third-party SDK owners. This
text is a paraphraseIf you choose not to provide the mentioned information, you may not be able to use the corresponding service,
but it will not affect your use of other services we provide.
Please note that the responsibility for protecting information collected by third-party SDKs lies with the
third parties. Refer to the privacy policies of the respective third parties for related information.
During the provision of our services, we may also collect the following information through third-party SDKs:
1. Scenario: Map
SDK Name: Gaode Maps
Third-party Name: Amap Software Co., Ltd.
Purpose: Map display, location tracking of people and vehicles, navigation, address search, voice,
recommending nearby public transportation and parking lots.
Personal Information Involved: Device information (IMEI, IDFA, Android ID, MEID, MAC address, OAID, IMSI,
hardware serial number, sensor information, Bluetooth information, etc.), network information (IP address,
WiFi status, WiFi parameters, WiFi list, base station information, etc.), location information (GNSS
information, latitude and longitude, precise location, rough location, etc.). Location information collection
frequency: Android system defaults to every 2 seconds, business is every 5 seconds; iOS system is based on the
system's own rules, reading whenever the location changes.
Privacy Policy Link:
Gaode Maps Open Platform Privacy Policy | Gaode Maps API
Contact: 4008100080
2. Scenario: One-click Login with Local Number
(1) SDK Name: Alibaba Cloud Number Authentication
Third-party Name: Aliyun Computing Co., Ltd.
Purpose: Achieve one-click login and verification with the local number.
Personal Information Involved: Network type, device information (including IP address, device manufacturer,
device model, phone operating system, IDFV, SIM card or International Mobile Subscriber Identity (IMSI)
information, location information, etc.), log information, etc.
Privacy Policy Link:
http://terms.aliyun.com/legal-agreement/terms/suit_bu1_ali_cloud/suit_bu1_ali_cloud201902141711_54837.html?spm=a2c4g.11186623.0.0.3bff1f23TVbWHI
Contact: 95187
(2) SDK Name: China Unicom One-click Login
Third-party Name: China United Network Communications Co., Ltd.
Purpose: Identify the user's China Unicom phone number for quick login.
Personal Information Involved: Local mobile number, network type, network address, carrier type, International
Mobile Subscriber Identity (IMSI), SIM card quantity, phone device type, phone operating system, hardware
manufacturer, screen size, screen resolution information, UAID generated by the phone device type, device
identification code.
Privacy Policy Link:
https://opencloud.wostore.cn/authz/resource/html/disclaimer.html?fromsdk=true
Contact: 4000096800
(3) SDK Name: China Telecom One-click Login
Third-party Name: 21cn Corporation Limited
Purpose: Identify the user's China Telecom phone number for quick login.
Personal Information Involved: Local phone number, International Mobile Subscriber Identity (IMSI),
application process information, network connection type, network status information, network address, carrier
type, phone device type, phone device manufacturer, phone operating system type and version.
Privacy Policy Link:
https://e.189.cn/sdk/agreement/content.do?type=main&appKey=E_189&hidetop=true&returnUrl=
Contact: id@189.cn
(4) SDK Name: China Mobile One-click Login
Third-party Name: China Internet Corporation
Purpose: Identify the user's China Mobile phone number for quick login.
Personal Information Involved: Network type, network address, carrier type, local phone number, phone device
type, phone operating system, hardware manufacturer, International Mobile Subscriber Identity (IMSI), and SIM
card quantity, etc.
Privacy Policy Link:
https://wap.cmpassport.com/resources/html/contract2.html
Contact: 10086
3. Scenario: Third-party Account Login
SDK Name: Sui Shen Ban Citizen Cloud
Third-party Name: Shanghai SMMAIL Info Serv Co., Ltd.
Purpose: Quickly log in by binding the user's Sui Shen Ban Citizen Cloud account.
Personal Information Involved: Username, profile photo, name, ID number, phone number, facial biometric
information, bank card number, bank card type.
Privacy Policy Link:
https://api.eshimin.com/privacyPolicy/privacyPolicy/toPrivayPolicy
Contact: 12345
4. Scenario: Third-party Account Login, Information Sharing, Third-party Payment
SDK Name: WeChat
Third-party Name: Shenzhen Tencent Computer Systems Company Limited
Purpose: Bind the user's WeChat account for quick login; provide users with the ability to share to the WeChat
platform; provide WeChat payment functionality.
Personal Information Involved: Hardware device model, terminal system type, device identification code,
software version information in use, software language settings information, IP address, region, mobile
network information, standard network log data and network usage habits, as well as operational records of
using Tencent's financial services.
Privacy Policy Link:
https://support.weixin.qq.com/cgi-bin/mmsupportacctnodeweb-bin/pages/ONwPihxKd82RAkIJ;https://www.tenpay.com/v3/helpcenter/low/privacy.shtml
Contact: weixin-open@qq.com
5. Scenario: Third-party Account Login, Third-party Payment
SDK Name: Alipay
Third-party Name: Alipay (China) Network Technology Co., Ltd.
Purpose: Bind the user's Alipay account for quick login; provide users with Alipay payment functionality.
Personal Information Involved: Common device information (including IMEI, IMSI, SIM card serial number/MAC
address, Android ID, SSID, BSSID, device basic information [model/manufacturer, etc.], network information,
system information).
Privacy Policy Link:
https://opendocs.alipay.com/open/01g6qm;https://render.alipay.com/p/c/k2cx0tg8
Contact: 95188
6. Scenario: Message Push
(1) SDK Name: Huawei Push
Third-party Name: Huawei Software Technology Co., Ltd.
Purpose: Push messages to Huawei phone users.
Personal Information Involved: Application basic information, in-app device identifiers, device hardware
information, system basic information, and system setting information.
Privacy Policy Link:
https://developer.huawei.com/consumer/cn/doc/development/HMSCore-Guides/sdk-data-security-0000001050042177
Contact: devConnect@huawei.com
(2) SDK Name: Xiaomi Push
Third-party Name: Beijing Xiaomi Technology Co., Ltd.
Purpose: Push messages to Xiaomi phone users.
Personal Information Involved: Device identifiers (OAID, IMEI, and encrypted Android ID), application
information using the push service such as application package name, version number, and running status,
device-related information such as device manufacturer, device model, device memory, operating system version,
Xiaomi Push SDK version, device location (country or region), SIM card carrier name, current network type.
Privacy Policy Link:
https://dev.mi.com/console/doc/detail?pId=1822
Contact: developer@xiaomi.com
(3) SDK Name: Meizu Push
Third-party Name: Meizu Telecom Equipment Co., Ltd.
Purpose: Push messages to Meizu phone users.
Personal Information Involved: Device information (including device name, device model, region and language
settings, device identification code (IMEI number, etc.), device hardware information and status, usage
habits, IP address, MAC address, operating system version, and settings information for devices accessing
services), application information (including application list, application version, application status record
[download, install, update, delete], software identification code, and application settings [such as
region/language/time zone/font]), log information (including access time, access frequency, access duration,
access IP address, search query words, and event information [such as errors, crashes, restarts, upgrades]),
location information (related to the use of location-based services, including country code, city code, mobile
network code, latitude and longitude, device location, WiFi geographic location information), etc.
Privacy Policy Link:
http://static.meizu.com/resources/term/privacy8.html
Contact: DPO@meizu.com
(4) SDK Name: OPPO Push
Third-party Name: Guangdong Huantai Technology Co., Ltd.
Purpose: Push messages to OPPO phone users.
Personal Information Involved: Device-related information (such as IMEI number, Serial Number, IMSI, User ID,
Android ID, Google Advertising ID, phone Region settings, device model, phone battery level, phone operating
system version, and language), application information of using push services (such as APP package name and
version number, running status), push SDK version number, network-related information (such as IP or domain
connection results, current network type), message sending results, notification bar status (such as
notification bar permissions, user click behavior), lock screen status (such as whether the screen is locked,
whether lock screen notifications are allowed).
Privacy Policy Link:
https://open.oppomobile.com/wiki/doc#id=10288
Contact: privacy@heytap.com
(5) SDK Name: VIVO Push
Third-party Name: Vivo Mobile Communication Co., Ltd.
Purpose: Push messages to VIVO phone users.
Personal Information Involved: Operating system version number, application program information, device
identifiers (such as IMEI number, SIM and IMSI, mobile country code, and VIVO Android device's mobile network
number, etc.), MAC address, mobile carrier, language in use, system settings, etc. system, device, and
application program data, log information, location information, Cookies, and tracking information.
Privacy Policy Link:
https://www.vivo.com.cn/about-vivo/privacy-policy
Contact: push@vivo.com
7. Scenario: Data Statistics
SDK Name: Bugly
Third-party Name: Shenzhen Tencent Computer Systems Company Limited
Purpose: Record and repair crash information.
Personal Information Involved: Log information (including third-party developer custom logs, Logcat logs, and
APP crash stack information), device information (phone model, phone brand, system version, API level,
manufacturer system version, CPU attributes, whether the device is rooted, whether it is jail broken, disk
space usage size, sd card space usage size, memory space usage size, runtime phone status), device ID
(including Android id and IDFV), SIM integrated circuit card identification code, network information, system
name, system version, and country code.
Privacy Policy Link:
https://privacy.qq.com/document/preview/fc748b3d96224fdb825ea79e132c1a56
Contact: Dataprivacy@tencent.com
8. Scenario: Operational Risk Prevention
(1) SDK Name: Tongdun
Third-party Name: Tongdun Technology Co., Ltd.
Purpose: Device recognition for risk control.
Personal Information Involved: Device information (including IMSI, IMEI, Android ID, SIM integrated circuit
card identification code (ICCID), MAC address, device type, device model, system type, login IP address,
application installation list information, previously visited pages, browser type, etc.), network information,
location information, gateway address (DHCP), WiFi subnet mask.
Privacy Policy Link:
https://www.tongdun.cn/other/privacy/id=1
Contact: service@tongdun.cn
(2) SDK Name: Geetest
Third-party Name: Wuhan Jiyi Internet Technology Co., Ltd.
Purpose: Login behavior graphic verification.
Personal Information Involved: Device information (device system information, device manufacturer information,
device model, device brand, etc.), network information (device network connection status and type, etc.),
device environment information (device screen size, device battery charging status, device battery level,
device jailbreak identification, device debugging identification, etc.), user biometric trajectory information
(user-generated sliding, clicking, mouse moving trajectories during the verification process), verification
timestamp, installation package name, etc.
Privacy Policy Link:
https://www.geetest.com/Private
Contact: service@geetest.com
(3) SDK Name: IPV4 County-level Location Query Service System V1.0
Third-party Name: Evan (Dalian) Technology Service Co., Ltd.
Purpose: Big data analysis of user access source locations.
Personal Information Involved: IP address information of user network access.
Privacy Policy Link:
https://www.ipplus360.com/privacy-policy
Contact: yangxuxian@ipplus360.com
(4) SDK Name: Volcano Engine
Third-party Name: Beijing Volcano Engine Technology Co., Ltd.
Purpose: Identify abnormal user devices and monitor the web.
Personal Information Involved: Device information (device ID, device MAC address, hardware serial number,
device brand, device model, operating system, operating system API, system time zone, screen density, screen
resolution, disk usage, memory usage, running thread count, CPU information, mobile device country code,
mobile device network code, device DPI; Android: Android ID, device brand, operating system API version, user
agent, battery level, network traffic, device ABI, ROM; iOS: Jailbreak status, IDFV), application information
(application version, application package name, process start time, log type, crash event, crash process,
build-id, crash scene, crash time, crash thread name, names of pages visited, stack of all threads in the
current process, application service log information, application file name, application file size, disk size;
Android: fd list; iOS: application language, application release channel), system and network recognition
information (user ID, IP address, session data, carrier information, network access mode).
Privacy Policy Link:
https://www.volcengine.com/docs/6431/69429
Contact: 400-850-0030
9. Scenario: Advertisement Placement
(1) SDK Name: Mobile Smart Terminal Supplementary Device Identification System One Call SDK
Third-party Name: CAICT
Purpose: Ad recommendation, ad attribution, ad landing page information collection, ad monitoring.
Personal Information Involved: Device manufacturer, device model, device brand, device network carrier name,
App package name and signature information, or corresponding APPID in the corresponding app store, OAID, VAID,
and other device identifiers.
Privacy Policy Link:
http://www.msa-alliance.cn/col.jsp?id=122
Contact: msa@caict.ac.cn /
010-62300419
(2) SDK Name: Guangdiantong Behavioral Data Reporting SDK
Third-party Name: Shenzhen Tencent Computer Systems Company Limited
Purpose: Ad recommendation, ad attribution, ad landing page information collection, ad monitoring.
Personal Information Involved: Phone model, connected Wi-Fi and other basic device information, Android ID,
OAID, MEID, and other device identifiers.
Privacy Policy Link:
https://imgcache.qq.com/qzone/biz/gdt/dmp/user-action/privacy_agreement.pdf
Contact: https://kf.qq.com/
or Dataprivacy@tencent.com
(3) SDK Name: Baidu oCPX Conversion Tracking Application SDK
Third-party Name: Beijing Baidu Netcom Science and Technology Co., Ltd.
Purpose: Ad recommendation, ad attribution, ad landing page information collection, ad monitoring.
Personal Information Involved: Hardware model, operating system version, system information (IMEI, IMSI, MAC
address), device identifiers, browser type, telecommunications carrier, language used, Wi-Fi information,
device status information. The SDK generates log information such as the end user's IP address, browser type
and language used, hardware device information, operating system version, information on the
telecommunications carrier, date, time, and duration of the end user's access to the service. Also,
information provided, formed, or retained by the end user when using products or services, including content
in the clipboard, such as passwords, links, etc.
Privacy Policy Link:
https://ocpx-devcenter.bj.bcebos.com/videoworks/console-upload/%E3%80%90%E7%99%BE%E5%BA%A6oCPX%E5%BA%94%E7%94%A8SDK%E8%BD%AC%E5%8C%96%E8%BF%BD%E8%B8%AA%E5%B7%A5%E5%85%B7%E3%80%91%E9%9A%90%E7%A7%81%E6%94%BF%E7%AD%96.pdf?authorization=bce-auth-v1/e2ea496b5e7f4e20bd0e5d1ce5533588/2022-03-02T07%3A26%3A49Z/-1/host/a457d9fc218b82a94f1a1209ed821931c1f7703ffe40bd220ba25ce5e42f8056
Contact:
https://help.baidu.com/newadd?prod_id=212
(4) SDK Name: Giant Engine Conversion SDK
Third-party Name: Beijing Juliang Engine Network Technology Co., Ltd.
Purpose: Ad recommendation, ad attribution, ad landing page information collection, ad monitoring.
Personal Information Involved: Developer application name, application package name, version number, etc.,
carrier information, device time zone (Android), device brand, model, software system version-related
information, OAID, device IMEI, Android ID, MEID, hardware serial number, system attributes, operating system,
etc. (iOS) IDFA, IDFV, device brand, model, software system version-related information, phone system restart
time, total disk space, total system memory space, number of CPUs, system attributes, operating system, etc.
Privacy Policy Link:
https://open.oceanengine.com/labels/7/docs/1708428054592516
Contact: 400-618-1518
10. Scenario: Real-person Authentication
SDK Name: UniTrust Unified Identity Authentication
Third-party Name: Shanghai Electronic Certificate Authority Center Co., Ltd.
Purpose: Used for Real-person Authentication.
Personal Information Involved: Name, identity proof (ID card/passport, etc.), phone number, email address,
biometric information (portrait, iris, etc.), bank card number.
Privacy Policy Link:
https://www.sheca.com/assets/wwx/laws.html
Contact: 021-962600
11. Scenario: Travel Services
(1) SDK Name: Secco Travel
Third-party Name: Shanghai Secco Travel Technology Service Co., Ltd.
Purpose: Used for travel services.
Personal Information Involved: Identity information (name, nickname, gender, age, ID card information and
other identification information, commonly used address, email address, phone number, emergency contact
information), location information, platform operation information (device information, log information),
order information and transaction status, itinerary information, payment information, audio and video
information, sensor information, address book permissions, etc.
Privacy Policy Link:
https://marketing.saicmobility.com/cms-help/driver/privacyPolicy.html#:~:text=%E6%9C%AC%E9%9A%90%E7%A7%81%E5%8D%8F%E8%AE%AE%EF%BC%88%E4%BB%A5%E4%B8%8B,%E5%85%B3%E7%9A%84%E4%BA%A7%E5%93%81%E6%88%96%E6%9C%8D%E5%8A%A1%E3%80%82
Contact: 400-856-6666
(2) SDK Name: Hello Travel
Third-party Company Name: Shenzhen Hello Mobile Technology Co., Ltd.
Purpose: Used for travel services.
Personal Information Involved: Android ID, IMEI, IMSI, MAC address, SSID, hardware serial number, Bluetooth
device address IP personal information, device location-related information (IP address, GPS location),
latitude and longitude information, camera permissions, Bluetooth permissions.
Privacy Policy Link:
https://m.hellobike.com/ebike-h5/latest/article.html?guid=caf29f866e90410e8212b689bdb9bcb5
Contact: Email to sec@hellobike.com or call Hello Platform customer service at 95175177
In the future, we will adjust SDK access based on business development and feature development. We will
promptly inform you of the latest situation of third-party SDK access. Please note that third-party SDKs may
have information processing changes due to version upgrades, policy adjustments, etc. Please refer to their
official statements for accurate information.
IV. How We Share, Transfer, Publicly Disclose, and Entrust the Processing of Your User Information
(I)Sharing
We will not share your user information with companies, organizations, or individuals outside our
organization. However, as many services are provided by third-party systems, and there is a need to share your
information between third-party business systems during business processing, we will adhere to the following
principles:
1. Sharing with Explicit Consent: We will share your user information with other parties only with your
explicit consent.
2. Sharing in Legal Circumstances: We may share your user information externally based on legal requirements,
regulatory demands, litigation dispute resolution needs, or requests from administrative or judicial
authorities in accordance with the law.
3. Facilitating Services or Dispute Resolution: In certain situations, sharing your user information is
necessary to facilitate the processing of services or assist in resolving disputes or conflicts between you
and others.
4. Sharing with Authorized Partners: We may share some of your user information with partners to provide
better customer service and optimize user experience. We will only share user information necessary for
providing services for legitimate, justifiable, and essential purposes. Our partners are not authorized to use
the shared user information for any other purposes.
Presently, our authorized partners include the following types: affiliated companies, suppliers, service
providers, and other partners. We send information to authorized partners supporting our business, including a
range of professional services such as providing basic technical services, consulting, and analytics. For
companies, organizations, and individuals with whom we share user information, we sign strict confidentiality
agreements and information protection agreements, requiring them to process user information according to our
instructions, this privacy policy, and any other relevant confidentiality and security measures. Specific
sharing scenarios are as follows:
(1) When you use this service, we share your
name, ID card number, and QR code boarding order information with the
Suishen Code platform (operating entity: Shanghai SMMAIL Info Serv Co., Ltd., contact: 12345) to facilitate
your use of metro, bus, ferry, and maglev scenarios for QR code passage services.
(2) When you use taxi services, we share your desensitized phone number, location information, device
information, order information and transaction status, payment information, and certain information related to
dispute complaints with the Shencheng Travel platform (operating entity: Shanghai Secco Intelligent
Transportation Technology Co., Ltd., contact: 400-920-8282) to facilitate the provision of taxi services by
Shencheng Travel platform.
(3) When you use ride-hailing services, we share your phone number, location information, order information
and transaction status, payment information, and certain information related to dispute complaints with the
Xiangdao Travel platform (operating entity: Shanghai Secco Travel Technology Service Co., Ltd., contact:
400-821-8866) to facilitate the provision of ride-hailing services by the Xiangdao Travel platform. If you
need to obtain an invoice for ride-hailing, we will also share the billing entity name (billing individual's
name or business name and unified social credit code), email, and other information provided by you with the
Xiangdao Travel platform to facilitate the provision of ride-hailing billing services.
(4) When you use parking services, we share your location information, parking payment order information,
parking reservation order information, and off-peak order information with the Shanghai Municipal
Transportation Commission (contact: 962319) to provide you with parking lot inquiry, parking payment, parking
reservation, off-peak shared signing services.
(5) Road Assistance Service: When you use road assistance services, we share your order information, order
status, and payment information with Shanghai Rutting Information Technology Co., Ltd., to provide you with
road assistance services.
(6) Legal Requirements: We may share your personal information externally based on legal regulations or
mandatory requirements from government agencies, regulatory bodies, or judicial authorities.
(II) Transfer
We will not transfer your user information to any company, organization, or individual. However, exceptions
include:
1. Prior Consent: With your prior consent.
2. Organizational Adjustments: In accordance with national policy arrangements or legal regulations, we, as
well as relevant government agencies, may undergo organizational adjustments, asset allocations, transfers, or
similar transactions, and your information may be transferred as part of such transactions. We will comply
with the requirements of relevant laws and regulations, notify you before the transfer, ensure the security of
information during the transfer, and require the new entity holding your personal information to continue to
be bound by this policy. Otherwise, we will request the entity to seek your authorization and consent again.
(III) Public Disclosure
Without your consent, we will not publicly disclose your information, except in the following cases:
1. Prior Consent: With your prior consent.
2. Legal Compliance and Safeguarding Interests: If we determine that you have violated laws and regulations or
seriously violated our relevant agreement rules, or to protect our or the public's personal and property
safety from infringement, we may, in accordance with laws and regulations, comply with court judgments,
rulings, or other legal procedures, comply with the requirements of relevant government agencies or other
competent authorities, or publicly disclose your user information based on our relevant agreement rules. This
includes information about the violation and the measures we have taken against you.
(IV) Entrusted Processing
To improve information processing efficiency, reduce information processing costs, or enhance information
processing accuracy, during website maintenance, data analysis, advertising services, audits, and other
similar services, we may entrust capable third parties (including our affiliated companies or other
professional organizations) to process information on our behalf (within the scope of your authorized consent,
and these third parties will only know your personal information for the purpose of providing services to us
or representing us in certain activities). We will require the entrusted company to comply with strict
confidentiality obligations and take effective confidentiality measures through written agreements, on-site
audits, etc. Prohibiting them from using this information for purposes not authorized by you. When the
entrustment relationship is terminated, the entrusted company will no longer retain personal information. We
promise to be responsible for this.
V. How We Store Your User Information
User information collected and generated by us in the People’s Republic of China (excluding the Hong Kong
Special Administrative Region, Macao Special Administrative Region, and Taiwan region) will be stored within
the territory of the People's Republic of China.
During your use of this application service, we will continuously store your user information. We determine
the storage period of personal information mainly based on the following criteria, and the longer one will
prevail:
1. Necessary for Agreement Execution: For the purpose of executing relevant service agreements, this policy,
maintaining public welfare, handling complaints/disputes, and protecting the personal and property safety or
legal rights and interests of our customers, our affiliated companies, other users, or employees.
2. Extended Period with Your Consent: The longer period you agree to.
3. Compliance with Legal Requirements: Compliance with court judgments, rulings, or other legal procedures.
4. Special Legal Regulations and Regulatory Requirements: Other special legal regulations and regulatory
provisions with retention periods.
After the storage period expires, we will delete the collected information. If the deletion of personal
information is technically difficult, we will cease processing beyond storage and take necessary security
measures.
VI. How You Can Manage Your User Information
(I) Access, Copy, Correct, and Supplement Your Personal Information
1. After logging into this application, you can view your profile photo, account name, nickname, real-person
verification status, and identity information (credential type, name, ID number) in "My - Personal Profile".
In "My - Settings - Account and Security", you can check the bound phone number.
2. If you need to copy your personal information, you can call our official service hotline to contact
customer service. After verifying your identity, we will provide you with a copy of your personal information
in our application (including basic information and identity information). This is subject to legal
requirements or other agreements in this policy.
3. You can modify your profile photo and nickname in "My - Personal Profile". In "My - Settings - Account and
Security - Change Login Password", you can change the login password. You can also change the phone number in
"My - Settings - Account and Security".
4. Correct and Supplement Your User Information: If you find that the information about you processed by this
application is incorrect or incomplete and cannot be corrected or supplemented by yourself, please call our
official service hotline for correction or supplementation.
(II) Delete Your Personal Information
To ensure the security of your personal information in the application, online deletion of personal
information permissions has not been opened. If you want to delete some or all of your user information, you
can call our official service hotline for assistance. At the same time, if personal information involves third
parties due to sharing, transfer, disclosure, etc., the third party will also be unable to continue to obtain
or retain your personal information.
You can request the deletion of user information from us in the following situations:
(1) If the purpose of processing your personal information by us has been achieved, cannot be achieved, or is
no longer necessary for achieving the processing purpose.
(2) If you withdraw your consent.
(3) If we violate laws, regulations, or agreements in processing your personal information.
(4) If you no longer use our products or services.
(5) If we no longer provide products or services to you, or the retention period has expired.
(6) Other circumstances as provided by laws and administrative regulations.
After you delete information from our service, we may not immediately delete the corresponding information
from the backup system. However, we will delete this information when the backup is updated. During this
period, we will stop processing beyond storage and take necessary security measures.
(III) Change the Scope of Your Authorized Consent or Withdraw Your Authorization
You can change or withdraw your consent to collect and process your personal information in the following
ways:
1. Manage authorization in "Personal Center - Settings - Privacy Center - Agreement Authorization".
2. Manage the system permission authorization used by the app in "Personal Center - Settings - Privacy Center
- Permission Management".
3. Manage the system permission authorization you use through the device system permission management page.
4. Revoke authorization by modifying personal information, deleting personal information, or closing
functions.
When you withdraw consent or authorization, it may result in us no longer being able to provide services
corresponding to the withdrawn consent or authorization. However, withdrawing consent or authorization does
not affect the processing of personal information based on your prior consent or authorization.
After you withdraw consent or authorization, we will no longer process the corresponding personal information.
However, the information provided or generated by you during the use of our services still needs to be
anonymized and retained for the time required by laws, regulations, and regulatory requirements. During this
legally required retention period, the relevant regulatory authorities still have the right to query in
accordance with the law.
(IV) User Account Cancellation Management
You can cancel your account in "My - Settings - Account and Security - Account Cancellation". After canceling
the account, both we and other parties using the "SH MaaS" platform's application system will stop providing
services to you. We will also delete your user information as per your request, except as otherwise required
by laws and regulations.
(V) Explanation of Personal Information Processing Rules
You can call our official service hotline to request an explanation of the personal information processing
rules.
(VI) Rights of the Deceased
If you pass away, your close relatives, for their legitimate and lawful interests, may exercise the rights
related to your personal information as specified in this clause, unless you have made other arrangements
during your lifetime.
(VII) Responding to Your Requests Above
To ensure security, you may need to provide a written request or prove your identity in other ways. We may
request you to verify your identity and review the legitimacy before processing your request. Please
understand that due to technical limitations and legal requirements, some of your requests may not be able to
be fulfilled. For certain requests that are unreasonably repetitive, require excessive technical means, pose
risks to the legitimate rights and interests of others, or are highly impractical, we may refuse but will
explain the reasons.
Despite the above agreements, according to legal requirements, we may not be able to respond to your request
in the following situations:
1. Concerning national security and defense.
2. Relating to public safety, public health, and significant public welfare.
3. Relevant to criminal investigation, prosecution, trial, and execution of judgments.
4. There is sufficient evidence to show your subjective malice or abuse of rights.
5. Responding to your request would cause serious harm to your or other individuals, organizations' legitimate
rights and interests.
6. Involving trade secrets.
7. Associated with our fulfillment of legal obligations stipulated by laws and regulations.
If you have any questions about the realization of the above rights, you can contact us using the relevant
contact information in "How to Contact Us."
VII. Exceptions to Obtaining Authorized Consent
According to relevant laws, regulations, and regulatory requirements, we may process user information without
obtaining your prior authorized consent in the following situations:
1. Necessary for signing and fulfilling contracts at your request.
2. Necessary for us to fulfill legal duties or statutory obligations.
3. Necessary to respond to sudden public health events or emergencies to protect the life, health, and
property safety of natural persons.
4. Necessary for implementing news reporting and public opinion supervision within a reasonable scope,
processing your personal information.
5. Process your personal information within a reasonable scope that you have voluntarily disclosed or has been
lawfully disclosed by others.
6. Other situations as stipulated by laws and administrative regulations.
VIII. How We Protect Your User Information
We will make efforts to ensure the security of user information to prevent the loss, improper use,
unauthorized access, or public disclosure of information.
(I) To ensure the security of your information, we will use security protection measures that comply with
industry standards, as required by relevant laws and regulations and the current level of technology. These
measures aim to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration of your
provided user information. We will employ physical, technical, and administrative security measures to prevent
unauthorized access, public disclosure, use, modification, damage, or loss of data.
For example, we use Secure Sockets Layer (SSL) for encrypted transmission over the internet, encrypt stored
information, and strictly limit access to data centers. When transmitting and storing sensitive personal
information (including personal biometric information), we employ security measures such as encryption, access
control, and de-identification.
(II) We have established dedicated departments and formulated emergency plans, including a department
responsible for personal information protection. We conduct security impact assessments for personal
information collection, usage, sharing, and entrusted processing. Additionally, we have established relevant
management systems, applying the principle of least privilege to staff who may access your information. We
monitor the actions of staff handling your information systematically and continuously train them on relevant
laws, regulations, privacy security guidelines, and enhance security awareness through regular testing. Our
network systems undergo evaluation for compliance with national network security level protection. We also
annually engage external independent third parties to assess our information security management system.
(III) We have developed an emergency response plan for personal information security incidents. We regularly
organize internal personnel for emergency response training and drills to ensure they understand their duties
and emergency response strategies and procedures. In the event of a personal information security incident, we
will promptly take remedial measures in accordance with legal requirements to effectively prevent information
leakage, tampering, loss, and other hazards. We will report the incident to relevant regulatory authorities.
If the regulatory authorities believe that the personal information security incident may harm you, we will
promptly inform you of the relevant details through app push notifications, emails, or text messages, or
release an announcement through reasonable and effective means.
(IV) Internet Environment and User Cooperation: The internet environment is not entirely secure, and we will
do our best to ensure the security of your user information. Please understand that due to technical
limitations and potential malicious attacks, unforeseen, preventable, controllable accidents may occur. We
strongly recommend that you take active measures to protect the security of personal information, including
but not limited to using complex passwords, regularly changing passwords, not providing your account password
and related personal information to others, etc., to help us ensure the security of your information.
(V) Protection of User Identity Information: When using our services, we will identify you through your phone
number, name, ID number, or other identity verification information. Please ensure the proper safeguarding of
this information. If you disclose this information, your account information may be compromised, potentially
resulting in the loss of your financial security and other personal rights and interests.
IX. How We Protect Information of Minors
1. We expect parents or other guardians (hereinafter collectively referred to as "guardians") to guide minors
in using our services. We will protect the confidentiality and security of information regarding minors in
accordance with relevant national laws and regulations.
2. If you are over fourteen but under eighteen years old, please use our services or provide information to us
under the premise of carefully reading this policy and consider inviting your guardian to guide you in doing
so.
If you are under fourteen years old (hereinafter referred to as "children"), please have your guardian
carefully read this policy and the
"SH MaaS" Children's Personal Information Protection Rules and Guardian Instructions, and use our services or provide information to us only with your guardian's consent.
If your guardian does not agree to your use of our services or providing information to us according to this
policy, please stop using our services immediately and promptly inform us so that we can take appropriate
measures.
3. In cases where we collect information from child users with the guardian's consent, we will only use or
disclose this information when permitted by law, explicitly agreed upon by the guardian, or when necessary to
protect the child. If a guardian discovers that we have collected a child's user information without parental
or guardian consent, please contact our customer service hotline. We will make efforts to promptly delete the
relevant data.
4. The Real-person authentication information of minors is managed by the real-person authentication
management organization. Due to considerations of risk control by the management organization, there may be
situations where real-person authentication for minors cannot be completed. In such cases, we will be unable
to provide the corresponding services.
X. How Your User Information Is Transferred Globally
User information collected by us within the People's Republic of China (excluding the Hong Kong Special
Administrative Region, Macao Special Administrative Region, and Taiwan) will be stored within the territory of
the People's Republic of China. If, due to business needs, it is necessary to transfer your user information
overseas, we will:
1. Obtain your separate authorization and consent and go through the legal procedures to ensure that your user
information is sufficiently protected in compliance with applicable laws and regulations at that time.
2. Such transfers will be conducted in compliance with the applicable laws and regulations at that time. Even
if we obtain your authorization, if the transfer method or purpose does not comply with relevant laws and
regulations, we will not proceed with the transfer.
XI. Our Operational Organization
Company Name: Shanghai Mobility Service Technology Co.,Ltd.
Registered Address: Room 71001, 7th Floor, Building 4, No. 789 Tianshan West Road, Changning District,
Shanghai
Office Address: Building 2, No. 699 Lingshi Road, Jing'an District, Shanghai
Email of the Person in Charge of Personal Information Protection: sec_shmaas@shmaas.cn
XII. How This Policy Is Updated
In the event of changes to relevant laws and regulations or necessary changes to our services, if we need to
modify this policy, we will prompt you again through a pop-up window on the homepage before the revision takes
effect. Once confirmed, it will take effect and replace the previous content. If you do not agree with the new
modifications, please contact us promptly or stop using the services specified in this policy. If you choose
to continue using the relevant services, it will be considered that you fully agree to and accept the new
modifications. If objective circumstances and changes in business policies require us to interrupt or cease
related services, we will promptly notify you. Please understand and agree to this.
XIII. How to Contact Us
If you have any questions about this policy or any related complaints, disputes, or opinions, please contact
our official service hotline (Official Service Hotline: 【$phoneStr】)for
feedback. We will handle your request as soon as possible and respond within 15 working days after verifying
your user identity.
XV. Other
(I) Establishment, Effectiveness, Fulfillment, Interpretation, and Dispute Resolution of This Policy: This
policy is governed by the laws and regulations of the People's Republic of China (excluding the Hong Kong
Special Administrative Region, Macao Special Administrative Region, and Taiwan) for the purposes of
establishment, effectiveness, fulfillment, interpretation, and dispute resolution.
(II) Dispute Resolution: In case of any disputes over the content or implementation of this policy, you can
contact our official service hotline for negotiation. If negotiation fails, you can also file a lawsuit with
the competent People's Court in the jurisdiction of Changning District, Shanghai, where we are located.