Data security and personal information protection commitment
Updated on: August 25, 2021
This letter of commitment is jointly made by the party using TalkingData products and services (the "Buyer") and Beijing Tengyuntianxia Technology Co., Ltd. and its affiliates (the "Service Provider"), as part of the terms and conditions of cooperation between the two parties.The service provider is committed to data security and personal information protection. The premise for the service provider to provide services to the buyer is that the buyer agrees to accept and implement the requirements and practices in the privacy policy of the service provider and has good data security and protection capabilities and responsibility bearing capabilities.The Buyer shall also have certain obligations for data security and personal information protection in the process of purchasing and receiving services from the service provider, and both parties jointly make this commitment.
1. Definitions
1.1 "Data": refers to the information provided by the service provider to the buyer in any form, such as numbers, words, graphics, icons, videos, software, databases, and/or data reports or display data that the buyer can access according to the cooperation agreement, including but not limited to personalized user labels or portrait information in the service provider's database, information related to the buyer's products and brandsAnd any other data or information provided by the service provider.1.2 "Personal information" refers to various information recorded electronically or in other ways that can identify the identity of a specific natural person or reflect the activities of a specific natural person, either alone or in combination with other information.Personal information includes name, date of birth, ID card number, personal biometric information, address, communication contact information, communication records and content, account password, property information, credit information, whereabouts, accommodation information, health and physiology information, transaction information, etc.1.3 "Personal sensitive information" refers to personal information that, once disclosed, illegally provided or abused, may endanger personal and property safety, and may easily cause damage to personal reputation, physical and mental health or discriminatory treatment.Personal sensitive information includes ID card number, personal biometric information, bank account number, communication record and content, property information, credit information, track, accommodation information, health and physiological information, transaction information, personal information of children under 14 years old (including 14 years old), etc.1.4 "Privacy protection provisions": refer to the applicable laws, regulations, rules, standards and guidelines of government regulators in any jurisdiction related to the security and protection of personal information, as well as the modified, updated or re issued versions of these privacy protection provisions.1.5 "Personal information security incidents": guide the security violations that cause accidental or illegal destruction, loss, change, unauthorized disclosure or access to personal information transmitted, stored or otherwise processed.1.6 The meanings of "personal information subject", "processing", "control" and other concepts shall be consistent with those given in the GB/T 35273-2017 Information Security Technology Personal Information Security Specification.
2. Principles and contents
2.1 The Buyer and the service provider shall have good organizational security management ability, take data security protection, detection and corresponding measures to prevent data loss, damage, leakage and tampering, and ensure data security.2.2 Both the Buyer and the service provider shall have the obligation to protect the personal information they control or process, adopt personal information security protection technology and measures, avoid personal information security incidents, and effectively protect personal rights and interests.2.3 If the Buyer involves personal sensitive data in the service requirements, the Buyer is obliged to make clear disclosure and prompt to the service provider.2.4 The Buyer and the service provider promise to inform the other party of the claims received by either party from the personal information subject and the proposed treatment measures, and have the right to require the other party to take necessary measures to cooperate in accordance with the privacy protection provisions.2.5 The Buyer and the service provider must establish their own security emergency response mechanism to notify each other of the existing or potential security problems of relevant data during service performance, especially personal information security incidents, by mail, fax or other written means.2.6 At the reasonable request of the service provider, the Buyer shall take any measures to assist the service provider to comply with the privacy protection provisions or the applicable obligations of data security, data violation notification and communication, data protection impact assessment, prior negotiation, accountability or other obligations under the services in the agreement signed with other parties.
3. Liability and compensation
3.1 The Buyer and the service provider promise to be responsible for the protection of data security and personal information under their respective control.The party in fault shall be responsible for the punishment of the government supervision department, the claim of the personal information subject and other forms of cost expenditure or damage caused by the data security or personal information security event due to the intention or fault of one party.3.2 If one party (the "defaulting party") violates this commitment, the other party has the right to require the defaulting party to correct its behavior inconsistent with the legal requirements or this commitment at its own expense within a specified reasonable period.In case of serious circumstances or failure to take reasonable relief measures, the other party may terminate the cooperation.
4. Others
4.1 Both the Buyer and the service provider shall make institutional constraints and bear the main responsibility for their employees' data security and personal information protection behaviors in the performance of cooperation.4.2 This commitment has always been valid in the cooperation between the buyer and the service provider, and as an effective part of the cooperation agreement, the validity period is the same as the cooperation period.4.3 If any provision of this commitment conflicts with applicable laws and regulations and becomes invalid, it shall be deemed that this provision is separated from this commitment without affecting the effectiveness of other provisions.The Buyer and the service provider will determine their respective responsibilities and obligations within the applicable scope of laws and regulations.
On the occasion of the Spring Festival of the Year of the Rat, TalkingData expresses its greetings to users who have always given care and support.
At present, the new coronavirus epidemic is rampant in China. Our company was originally scheduled to resume work on February 3 (Monday). However, in the face of an emergency, TalkingData responded to the requirements of the national policy to resume operations at home on February 3, and will gradually transition to full resumption of work on February 24.
During this period, all products of TalkingData can be used normally. We will provide all possible ways (such as customer service hotline, enterprise QQ group, video conference, teleconference, etc.) to facilitate the cooperation and communication between the two sides and minimize the inconvenience caused by this impact.
