Sesame Credit Data Security and Privacy Protection Policy

Version 20220225

Published on: March 4, 2022

Effective date: February 25, 2022

The main contents of this policy are as follows in italics:

1. We will only collect your information if laws and regulations allow. We will handle your information in accordance with this policy and other agreements between us and you in accordance with the principle of "legality, legitimacy, necessity and integrity".

2. We have established a strict information security guarantee mechanism and passed the international authoritative ISO27001 information security management system standard certification.

3. We will provide services to you in strict accordance with relevant laws and regulations. Unless otherwise specified in laws and regulations and this policy, we will not export your information to any third party without your authorization.

This policy will help you understand the following:

1、 Information we collect and its use

2、 How we store and protect information

3、 How do we use cookies, Beacon, Proxy and other technologies

4、 How we use information

5、 External provision

6、 How do you access and manage your personal information

7、 Statement of Third Party Liability

8、 How do we protect the privacy of minors

9、 Information protection reminder

10、 Application and update of this policy

11、 Key words in this policy

Zhima Credit Management Co., Ltd. (hereinafter referred to as "we" or "Zhima Credit") knows the importance of protecting your information. We try our best to protect your personal information security and protect your personal information rights. The Sesame Credit Data Security and Privacy Protection Policy (hereinafter referred to as the "Policy") helps you understand how we collect, sort, store, use, process and provide information; Please read carefully before using our service (especially the content marked in bold). If you have any questions about this policy, please contact us at the service hotline (0571-88158055) at any time.

1、 Information we collect and its use

In any case, we will follow the principle of "legality, legitimacy, necessity and integrity" to collect your information according to law. We only collect information necessary to provide you with services. We respect your privacy. We solemnly promise you that we will not collect your religious belief, gene, fingerprint, blood type, disease and medical history information, as well as any personal information prohibited by laws and regulations.

Zhima Credit will evaluate your credit as comprehensively as possible within your needs and provide you with services. Getting more comprehensive information about you will help us serve you better. We welcome you to take the initiative to provide us with information related to your credit.

According to relevant laws, regulations and national standards, we may legally process your personal information under the following circumstances:

(1) Obtain your consent;

(2) Necessary for the conclusion and performance of the contract according to your requirements;

(3) Necessary information required by relevant laws and regulations, such as anti money laundering, anti-terrorism financing, real name management, etc., to fulfill legal obligations;

(4) Directly related to national security and national defense security;

(5) It is necessary to respond to public health emergencies or protect the life, health and property safety of natural persons in emergencies;

(6) Directly related to criminal investigation, prosecution, trial and judgment execution;

(7) The personal information collected is disclosed by you;

(8) Personal information collected from legally disclosed information, such as legal news reports, government information disclosure and other channels;

(9) It is necessary to maintain the safe and stable operation of the provided services, such as: finding and handling the failure of products or services;

(10) Other circumstances stipulated by laws and regulations.

It should be noted that when your personal information processing falls under the circumstances of (2) to (10) above, we may not need to obtain your consent according to the requirements of applicable laws and regulations.

On the premise of complying with the above principles, we need to collect your information in the following cases to provide you with services, improve our service quality, ensure your account security and comply with national laws, regulations and regulatory provisions.

1. Registration and use information

In order to confirm your identity and protect your rights, we need to collect or you may need to provide your name Valid ID information, contact information (such as mobile phone number bound to Alipay), address, Alipay user number And so on, depending on the service you choose. In order to improve the user experience, when we provide you with related services, such as sending service messages for you, you may need to use your Alipay avatar and/or nickname. We may need you to provide other personal data when you use Sesame service.

If you open and use the sesame service through our partner, we will obtain your identity information and other information you need to provide for opening the sesame service through the aforementioned partner. For example, when the current partner is an idle fish, such information will include your name and ID number.

2. Provide you with credit evaluation and credit management services

In order to provide you with credit assessment and credit management services as scientifically, comprehensively, objectively and impartially as possible and meet your multi-level and diversified service needs, we need to collect true, accurate and comprehensive information related to your credit, mainly including:

(1) Information provided to us by you or information formed during your use of our services

Personal identity information, contact information, certificate data (including driver's license, academic credentials, etc.), property information (including Property information and vehicle information ), work information, etc. (the above information may also be provided to us by a third party authorized by you). If you think there are errors, omissions or incompleteness in the information we processed about you, you can call our customer service center (contact number: 0571-88158055) to apply for correction, deletion and other processing of the relevant information.

(2) Information related to your credit assessment when you use third-party products or services

For example, your transaction information on e-commerce trading platforms (such as Tmall, Taobao, Taote, etc, It is generated by using the relevant services of the information users we cooperate with (such as online car hailing platform, power bank service provider, etc.) Compliance information and Overdue information (including Bad information ), information about your participation in ant public welfare, etc.

(3) Judicial and administrative information related to credit evaluation

Information of the person subjected to execution, case execution information or other public information disclosed by the court or other authoritative platforms according to law.

(4) Credit related information in the information legally disclosed (such as legal news reports, government information disclosure and other channels) or in the information you disclose yourself.

3. Safety management

In order to provide you with safe and stable services, we need to record the types, methods and relevant operation information of sesame services you use, such as the network environment, equipment environment information and other information related to sesame services.

4. To provide you with customer service

To protect the security of your account, our customer service will use your account information to verify your identity when providing consulting services for you. In order to answer your questions, we may need to verify or investigate with the merchants involved.

5. To provide personalized service and improve service quality

In order to improve your service experience and service quality, or recommend better or more suitable services for you, we will collect the information you provide when contacting the customer service team and the information you send to us when you participate in the questionnaire.

6. Others

Please understand that our services to you are constantly updated and developed. If you choose to use other services not covered in the above description, and we need to collect your information based on this service, we will separately explain the scope and purpose of information collection to you through page prompts, interactive processes, agreements and other ways, and obtain your consent or sign a contract with you according to the requirements of relevant laws and regulations. We will use, store, provide and protect your information in accordance with this policy and the corresponding user agreement; If you choose not to provide the above information, you may not be able to use one or some of the services, but it does not affect your use of other services provided by us.

2、 How we store and protect information

1. Personal information collected and generated by us in the People's Republic of China will be stored in the People's Republic of China. At the same time, we have taken technical measures and means that meet the legal requirements to ensure the safety of your information in the collection, sorting, use, storage, processing and other links. If cross-border business is involved and we need to transmit relevant personal information collected in China to overseas institutions, we will implement in accordance with laws and regulations and the provisions of relevant regulatory authorities, and require overseas institutions to keep your personal information confidential by signing confidentiality agreements and other measures. We will only save your personal information during the period necessary for the purpose described in this policy and within the time limit prescribed by laws, regulations and supervision.

2. We have obtained the international authoritative ISO27001 information security system standard certification, and we promise that we will make the information security protection reach the industry-leading security level. To ensure your information security, we are committed to using various security technologies and supporting management systems to minimize the risk of your information being leaked, damaged, misused, unauthorized access, unauthorized disclosure and change. For example, the network security layer software (SSL) is used for encrypted transmission, encrypted storage of information, access to the data center is strictly restricted, and private network channels and network agents are used.

3. We have set up a department responsible for personal information protection to carry out personal information security impact assessment on the processing of personal information. At the same time, we have established the relevant internal control system, and the principle of minimum and sufficient authorization is adopted for the staff who may have access to your information; Systematically monitor the staff's behavior in handling your information, constantly train the staff in relevant laws and regulations, privacy and security guidelines and strengthen the publicity of security awareness, and organize all staff to take the security exam every year. We also employ an external independent third party to evaluate our information security management system every year.

4. We have developed an emergency plan for personal information security incidents, and regularly organize relevant internal personnel to carry out emergency response training and emergency drills, so that they can master their job responsibilities, emergency response strategies and procedures. In case of an unfortunate personal information security incident, we will timely inform you of the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, the suggestions you can independently prevent and reduce risks, and the remedial measures for you in accordance with the requirements of laws and regulations. We will inform you about the event in a timely manner by means of client push notification, email, SMS, etc. If it is difficult to inform users one by one, we will inform them by means of announcement. At the same time, we will actively report the disposal of personal information security incidents according to the requirements of the regulatory authorities. If your legal rights and interests are damaged, we will bear corresponding responsibilities according to law.

5. If we stop operation, we will stop collecting your personal information in a timely manner, notify you of the notice of stopping operation in the form of delivery or announcement one by one, and delete or anonymize your personal information held.

3、 How do we use cookies, Beacon, Proxy and other technologies

In order to make your access experience easier, when you visit the Zhima credit website or use the services provided by Zhima, we may identify your identity through small data files. Doing so can help you save the step of repeatedly entering registration information, or help you judge the security status of your account. These data files may be cookies, Flash cookies, other local storage provided by your browser or associated applications (hereinafter referred to as "cookies"). Please understand that some of our services can only be realized by using cookies. If your browser or browser attached service allows, you can modify the acceptance of cookies or reject cookies. The Help section of most browser toolbars will tell you how to prevent your browser from accepting new cookies, how to let your browser notify you when you receive a new cookie, or how to completely close cookies. In addition, you can close or delete similar data (such as Flash Cookies) used by browser add ons by changing their settings, or by visiting the provider's web page. However, in some cases, this action may affect your safe access to the sesame credit website and the services provided by sesame credit. Our website may also contain some electronic images (hereinafter referred to as "Web Beacon"). Using Web Beacon can help the website calculate the users browsing the web or visit some cookies. We will collect information about your browsing activities through Web Beacon, For example, the address of the page you visited, the location of the reference page you previously visited, your browsing environment, and display settings.

If you use services provided by a third party other than Zhima Credit through our website or "Alipay client - Zhima Credit", we cannot guarantee that these third parties will take protective measures according to our requirements, but we will make reasonable commercial efforts to ask these subjects to take protective measures for your personal information. In order to try our best to ensure the security of your account and enable you to obtain a more secure access experience, we may use special network protocols and proxy technology (hereinafter referred to as "Proxy Technology"). The use of proxy technology can help you identify high-risk sites we know, reduce the risks of phishing, account leakage, etc., while more conducive to protecting the common interests of you and the third party, and prevent criminals from tampering with the normal service content between you and the third party you want to access, such as advertising injection caused by unsafe routers, illegal base stations, etc Illegal content tampering, etc. In this process, we may also obtain and save relevant information about your computer, such as IP address, hardware ID and the page location you visit.

four How we use information

1. We will use your information under the following circumstances in strict accordance with laws and regulations, regulatory provisions and your authorization:

(1) Achieve the purpose described in "How we collect information and use it" in this policy.

(2) In order to provide better services for you, know the status of your use of sesame service, and keep you informed of the changes in the credit evaluation results, we need to show you the service information and send reminders through Alipay client related pages, information channels and SMS messages.

(3) In order to ensure the stability and security of the service, protect your account and fund security, and fulfill legal obligations, we will use your information for identity verification, security prevention, fraud/embezzlement/suspicious transaction monitoring, prevention or prohibition of illegal activities, risk reduction and prevention of risk transmission, information verification, archiving, and backup purposes.
(4) Report to relevant departments according to laws and regulations or regulatory requirements.
(5) We invite you to participate in customer research related to our products or services.
(6) We will take desensitization, de identification/anonymization and other methods to conduct comprehensive statistics on your information, so as to provide you with more accurate, personalized, smooth and convenient services, or help us evaluate, improve or design products, services and operational activities.

(7) In order to improve the user service experience and recommend better or suitable services for users, we may provide you with marketing activity notices, commercial electronic information or advertisements you may be interested in according to the above information. If you do not want to receive such information, you can choose to unsubscribe according to the method we suggest, if you can enter "Personalized recommendation service" Set the page for operation.

(8) According to applicable laws, we may anonymize your personal information through technical measures and other necessary measures, use the processed data for research, statistical analysis and prediction, provide product or service support for business decisions, and improve our products and services (such as machine learning or model algorithm training), We do not need to notify you and obtain your consent about the use of such processed data.

(9) We may need to use your personal information according to the requirements of laws and regulations, or in order to maintain public safety, public health, major public interests, or to protect your or other personal life, property and other major interests.

2. Unless otherwise specified by laws and regulations, when your information is used for other purposes not specified in this policy, we will ask for your consent again in the form of confirmation agreement, copy confirmation action under specific scenarios, etc.

5、 External provision

(1) Share

We promise to keep your information confidential. Unless otherwise stipulated by laws, regulations and regulatory authorities or otherwise agreed in this policy, you can only share your necessary information with information users, including our affiliated companies and other partners, under the following circumstances. If you need to share your information to the information user in order to provide services to you, we will evaluate the legitimacy, legitimacy and necessity of the information collected by the information user. At the same time, we will make reasonable commercial efforts to urge information users to comply with laws and regulations, fulfill confidentiality obligations and take necessary security measures when using your personal information:

1. In order for you to enjoy more services, preferential policies and convenient process experience provided by information users to you in a timely, convenient and fast manner, we will strictly Provide your information to information users according to your authorization. You have the right to view the specific situation of information users and manage authorization through "Alipay client - sesame credit - credit management - authorization management"; Unless otherwise agreed, you can also close the authorization through this way. However, if you cancel the authorization without terminating the contractual relationship with the information user, the information user may terminate the provision of services to you.

2. When you complain or are complained by others, in order to protect your and others' legitimate rights and interests and maintain a clear network environment, we may Name, valid ID number, contact information, complaint related content It shall be provided to the consumer protection department and regulatory authority for timely settlement of complaints and disputes, except for those expressly prohibited by laws and regulations.

3. If you participate in our lottery, contest or similar marketing activities, we will use the information you provide to manage such activities. If the activity is jointly promoted with a third party, we may share personal information generated in the process of the activity and necessary for the completion of the activity, such as the number of users participating in the activity, the winning list, and the winning person's contact information, so that the third party can timely distribute prizes to you or provide you with products and services.

4. Some products or services may be provided by a third party or jointly provided by us and a third party. Therefore, only by sharing your information can you provide the products or services you need.

(2) Public disclosure

In principle, we will not publicly disclose your information, except that we will desensitize and display the mobile phone number or other contact information of the winner when the list of winning activities needs to be published in the market operation activities. If public disclosure is really necessary, we will inform you of the purpose of public disclosure, the type of information disclosed and the sensitive information that may be involved, and obtain your explicit consent.

(3) Delegated processing

In order to improve the efficiency of information processing, reduce the cost of information processing, or improve the accuracy of information processing, we may entrust competent affiliated companies to process user information on our behalf, but we will require the entrusted companies to comply with strict confidentiality obligations and take effective confidentiality measures through written agreements, on-site audits, etc, It is prohibited to use this information for purposes not authorized by you. When the entrustment relationship is dissolved, the entrusted company will no longer save your personal information.

(4) Information verification

In order to protect the security of your personal information, we may verify your identity and the information you submit through a third party with verification capability. However, we will require such third parties to abide by strict confidentiality obligations and take effective confidentiality measures through written agreements, on-site audits and other means, and prohibit them from using such information for purposes not authorized by you.

(5) Assignment

We will not transfer your personal information to any company, organization or individual, except for the following circumstances:

(1) Obtain your explicit consent in advance;

(2) According to laws and regulations or mandatory administrative or judicial requirements;

(3) In case of asset transfer, acquisition, merger, reorganization or bankruptcy liquidation, if personal information transfer is involved, we will inform you of the situation and require new companies and organizations holding your personal information to continue to be bound by this policy. If the purpose of personal information use is changed, we will ask the company and organization to obtain your explicit consent again.

6、 How do you access and manage your personal information

During your use of Sesame service, in order to manage your personal information more conveniently and protect your right to close your account, we have provided you with corresponding operation settings in the product design. You can refer to the following guidelines for operation. In the process of using our service, if you encounter problems, you can call 0571-88158055 Or contact us through online customer service.

1. Access your account information

You can view your Zhima points, personal information and your performance information through "Alipay client - Zhima Credit".

2. Manage your authorization

You can view information users and manage authorization through "Alipay client - sesame credit - credit management - authorization management". Unless otherwise agreed between you and us, or between you and the information user, you can close the authorization through this way.

3. Update or improve your profile

You can update or improve your personal data through "Alipay client - sesame credit - credit management".

4. View personal information

You can learn about your performance and whether there is a need for timely performance through "Alipay client - sesame credit - credit record", so as to maintain your credit. Unless otherwise agreed in the Sesame Service Agreement and this policy, we will not disclose your breach record to any third party without your authorization. The default record comes from the cooperative institution, and we only truthfully display it in your sesame credit account according to the information provided by the institution, and conduct credit evaluation accordingly. If you think that the record of default displayed by us is wrong, you can feed it back to us, and we will assist you to verify with the agency; At the same time, you can also contact the agency for verification.

5. Close Sesame Credit

(1) You can apply to close sesame credit by calling the customer service phone, or click the display page after "My Customer Service" (icon at the top right corner of the page) through "Alipay Client sesame credit credit credit management", click the "Online Service" button at the bottom of the page to enter the relevant page, search for "How to close personal sesame credit (clear personal information)", Apply for closing sesame credit according to the prompts on the page. If you meet the relevant conditions, you can continue to close your sesame credit.

(2) To maintain the stability of the transaction , if you want to close sesame credit, you need to settle the outstanding orders under the credit records generated by your use of sesame service first (if any).

(3) When you close this service, we will stop collecting and using your relevant information, and your information in Sesame Credit will be cleared But please understand that in order to objectively record your information and maintain a secure online trading environment, We will continue to save your bad information until it is deleted, anonymized or otherwise disposed in accordance with the relevant provisions of the "bad information" clause of the Sesame Service Agreement

6. If you find that your personal information collected and used by us is incorrect, you can contact online customer service or customer service telephone to contact us and ask for correction of information.

7. Despite the above agreement, according to relevant laws, regulations and national standards, we may not be able to respond to your request under the following circumstances:

(1) Related to our performance of our obligations under laws and regulations;

(2) Directly related to national security and national defense security;

(3) Directly related to public safety, public health and major public interests;

(4) Directly related to criminal investigation, prosecution, trial and execution of judgments;

(5) There is sufficient evidence to show that you have subjective malice or abuse of rights;

(6) Responding to your request will cause serious damage to the legitimate rights and interests of other individuals and organizations;

(7) Involving trade secrets.

8. We have a special person in charge of personal information protection. If you have any questions about this policy, or have any complaints or opinions about your personal information processing, please contact us through the following channels:

(1) Customer service hotline: 0571-88158055

(2) E-mail: privacy-protection-officer@service.alipay.com

(3) Mailing address: Ant A Space Privacy Protection Office, No. 569, Xixi Road, Xihu District, Hangzhou

The customer service department will reply to you in time with the privacy protection office. To ensure your information security, we need to verify your identity and credentials first. We have established a customer complaint management mechanism, including tracking process. We will accept and deal with it within 15 working days or within the period specified by laws and regulations. If you are not satisfied with our reply, you can also complain to the consumer protection department or file a lawsuit to the court with jurisdiction.

7、 Statement of Third Party Liability

Please note that the other party of your transaction, the third party website operator you visit and other third parties may have their own privacy protection policies; When you view a webpage created by a third party or use a third-party application, these third parties may place their own cookies or network beacons. These cookies or network beacons are not under our control, and their use is not subject to this policy. We will make reasonable commercial efforts to require these subjects to take protective measures for your personal information, but we cannot guarantee that these subjects will take protective measures according to our requirements. Please contact them directly to obtain details about their privacy policy. If you find that these third party created pages or third-party applications are at risk, we recommend that you terminate relevant operations to protect your legitimate rights and interests.

8、 How do we protect the privacy of minors

1. We attach great importance to the protection of minors' personal information. We expect parents or guardians to guide minors to use our services. We will protect the confidentiality and security of minors' personal information in accordance with relevant national laws and regulations.

2. If you are a minor, it is recommended that your parents or guardians read this policy and use our services or provide us with your information with the consent of your parents or guardians. In the case of collecting your information with the consent of your parents or guardians, we will only use or publicly disclose this information if it is permitted by law, agreed by your parents or guardians or necessary to protect your rights and interests. If your guardian does not agree that you use our services or provide us with information in accordance with this policy, please immediately stop using our services and notify us in time so that we can take appropriate measures.

3. If you are a parent or guardian of a minor, please contact us through the above contact information when you have questions about the personal information processing of the minor under your guardianship.

9、 Information protection reminder

Information protection requires the joint efforts of you and us. To ensure information security, we will use equipment environment analysis, SMS verification code and other methods to verify according to the type and scope of information, combined with our risk identification and cognition of the corresponding environment.

It is also recommended that you take reasonable measures to avoid the risk of information disclosure or improper use when providing information to others, do not provide passwords to others, and pay attention to personal information security.

10、 Application and update of this policy

1. Unless otherwise agreed, this policy applies to all services of Zhima Credit. You can visit the official website of Zhima Credit( https://www.zmxy.com.cn )To view this policy on the home page, you can also enter the "Alipay Client - Sesame Credit" page and click the "Related Agreements" on the upper right corner to view this policy. We encourage you to read this policy when using sesame services.

2. We will update this policy in due course when the following major changes occur:
(1) Changes in our basic situation, such as changes in owners caused by mergers, acquisitions and restructurings;

(2) The scope, purpose, rules and methods of collecting, storing and using personal information have changed;
(3) The object, scope, purpose and method of providing personal information to the public have changed;
(4) Significant changes have taken place in the way you access and manage personal information;
(5) Significant changes in data security capabilities and information security risks;
(6) Significant changes have taken place in the channels and mechanisms for user inquiries and complaints, as well as external dispute resolution agencies and contact methods;
(7) Other changes that may have a significant impact on your personal information rights and interests.

3、 In order to meet your professional and diversified needs, our services may be upgraded. At the same time, if laws and regulations change or the channel, scope or purpose of our information collection changes, we need to revise this policy. We will publish an announcement or notify you in other ways through the official website of Sesame Credit, and you are welcome to learn about this policy through our official website. If you continue to use our services after the policy update takes effect, it means that you have fully read, understood and accepted the updated policy and are willing to be bound by the updated policy.

11、 Key words in this policy

Unless otherwise specified, the terms in this policy shall be subject to the Sesame Service Agreement.