Publication date: December 9, 2022
Effective Date: December 24th, 2023

Preface

Minivision (Jiangsu) Co., Ltd. (hereinafter referred to as "us" or "Minivision Technology") respects and is committed to protecting personal information and privacy. We adhere to the following principles to process and protect your personal information: the principle of consistent rights and responsibilities, the principle of clear purpose, the principle of consent, the principle of minimum necessity, the principle of ensuring security, the principle of subject participation, the principle of openness and transparency, etc. At the same time, Xiaoshi Technology promises that we will take corresponding security measures to protect your personal information in accordance with mature industry security standards.
Minivision Technology provides a series of services for users who use our services (hereinafter referred to as "users" or "you"), including online verification services, text recognition services, offline hardware product sales services, Mini AI algorithm experience platform services, etc. (hereinafter collectively referred to as "products/services"), Minivision Technology will strictly comply with the requirements and provisions of laws and regulations such as the Personal Information Protection Law and the Minivision Technology Privacy Policy (hereinafter referred to as the "Policy") to process relevant personal information. Please carefully read and fully understand the contents of each clause of this policy, especially the clauses exempting or limiting liability, and clauses restricting user rights. If the user does not accept the relevant terms, they should immediately stop using this product/service.

Please note that this policy aims to provide customers and users with a general explanation of the principles/rules and relevant protective measures adopted by Minivision Technology for processing/entrusted processing of your personal information during the process of providing you with products/services. It does not fully include all details of the rules for processing personal information for specific products/services. For specific online or offline services or products, our customers or we may separately provide users with specific privacy policies or similar legal texts. Please read the privacy policies or similar legal texts in these business scenarios in full to ensure that you are fully aware of the relevant personal information processing situation. This policy only applies to the products/services provided by Minivision Technology and is completely independent of any privacy policies or similar legal texts that our customers or any third party may or may need to display or provide to you.

This policy will help you understand the following:

1、 How do we collect and use your personal information
2、 How do we share, transfer, and publicly disclose your personal information
3、 How do we save and protect your personal information
4、 Global transfer of personal information
5、 Your personal information rights
6、 How do we handle children's personal information
7、 How to contact us
8、 How to update this policy

In this policy, "personal information" refers to various information recorded electronically or otherwise related to identified or identifiable natural persons, excluding information processed anonymously.

1、 How do we collect and use your personal information

（1） Xiaoshi Technology handles personal information
【 Mini AI Algorithm Experience 】 When you submit a Mini AI experience request or related consultation to us through the "Mini AI Algorithm Experience Platform" module on the official website of Minivision Technology, in order to understand your needs clearly, please provide us with your name, contact phone number, contact email, and company name, so that we can arrange professional personnel to communicate with you as soon as possible.

When you submit a business cooperation application or inquire about products and services through the "Ecological Cooperation" module on the Minivision Technology official website, please provide us with your name, contact phone number, contact email, and company name so that we can contact you for business cooperation or respond to your inquiry request.

[Online verification service] Based on the technical advantages and verification resources of Minivision Technology, we verified the user's name, ID card number, mobile phone number, bank card number, license plate number and driver's license number provided by the customer and gave feedback to the customer. Among them, the personal information fields we actually collect and use depend on the type of service purchased by the customer. Regardless of the type of service purchased by the customer, the personal information fields we collect and use will not exceed the scope of the personal information fields clearly listed above. Please understand that if you refuse to provide the personal information required for verification services, we will be unable to provide verification services to customers based on existing technology and resources.

（2） Minivision Technology is entrusted with processing personal information
Minivision Technology, as a commissioned processor, accepts customer commissions to carry out personal information processing activities in product/service scenarios such as OCR text recognition services, 1:1 facial comparison and live body detection services, and offline hardware product sales. In the aforementioned business scenario, we will act as the trustee of personal information, working with our clients, suppliers, and other partners to ensure that the collected and processed personal information meets the requirements of authorization and consent, and that the personal information used and retained is necessary for the implementation of business processes. Regarding the specific situation of personal information processing in the aforementioned business scenarios, please refer to the applicable privacy policies or similar legal texts in the specific business scenarios (including Minivision Technology's privacy policy and a separate privacy policy issued by the customer).

（3） Exceptions to authorization for collecting and using personal information
We will work with the client to ensure that the personal information collected and processed has obtained your complete and valid authorization, except for the following situations:
(1) Related to fulfilling obligations stipulated by laws and regulations;
(2) Directly related to national security and national defense security;
(3) Directly related to public safety, public health, and major public interests;
(4) Directly related to criminal investigation, prosecution, trial, and execution of judgments;
(5) For the purpose of safeguarding your or other individuals' significant legitimate rights and interests such as life and property, but it is difficult to obtain my authorized consent;
(6) The personal information involved is publicly disclosed by you to the public on your own;
(7) Necessary for signing and fulfilling the contract according to your requirements;
(8) Collecting personal information from legally disclosed information, such as legitimate news reports, government information disclosure, legally available datasets, etc;
(9) Necessary for maintaining the safe and stable operation of the provided products or services, such as detecting and handling malfunctions in the products or services;
(10) Processing personal information within a reasonable range through news reporting, public opinion supervision, and other actions in the public interest
(11) Academic research institutions conduct statistical or academic research necessary for the public interest, and when providing academic research or descriptive results to the public, de-identify the personal information contained in the results;
(12) Other situations stipulated by laws, regulations and regulatory requirements.

（4） The use of cookies and similar technologies
You understand and agree that Minivision Technology uses cookies or similar technologies to make the Xiaoshi Technology website more user-friendly and convenient. Cookie files are small data files that are stored on your computer or mobile device, saving you the need to repeatedly enter registration information and track the status of your browser to use our services. If your browser allows settings, you can refuse Minivision Technology's' Cookies'.

2、 How do we share, transfer, and publicly disclose your personal information

1. Sharing
Unless we obtain your separate consent, we will not share your personal information with any company, organization, or individual other than Minivision Technology. We may share personal information in accordance with legal regulations or mandatory requirements from government authorities.
2. Transfer
Without your explicit consent, we will not transfer your user information to any company, organization, or individual. However, in the event of a company division or merger involving the transfer of user personal information, we will require the new company or organization holding your personal information to continue to be bound by this policy. Otherwise, we will require the company or organization to seek authorization and consent from you again.
3. Public disclosure
We will only publicly disclose your personal information in the following circumstances:
(1) After obtaining your separate consent;
(2) According to the disclosure of laws and regulations: In cases where the law, legal proceedings, litigation, or government regulatory authorities require it, we may publicly disclose your personal information based on the type and disclosure method required.

3、 How do we protect and save your personal information

1. Protection of personal information
We have used security measures that comply with industry standards to protect your personal information from unauthorized access, public disclosure, use, modification, damage, or loss. We will take all reasonable and feasible measures to protect your personal information. Specifically, the main security measures we use to protect personal information include but are not limited to:
(1) We have obtained certification and data security capabilities: We have obtained ISO-27001 information security management system certification, and our AIOT platform has completed network security registration and protection evaluation (Level 3), and has been filed.
(2) We will regularly review the way personal information is processed (including physical security measures) and continuously strengthen the security of technical tools such as APIs and SDKs.
(3) We will strive to ensure the security of your personal information and implement full transmission security encryption and other security measures to prevent unauthorized access, use, or disclosure of your personal information.
(4) We have adopted SHA256 technology to encrypt the collected personal information, and in addition, we will regularly carry out disaster recovery backup work on account data.
The internet environment is not 100% secure, and we will do our best to ensure the security of any information you provide us. If our physical, technical, or management protective facilities are damaged, resulting in unauthorized access, public disclosure, alteration, or destruction of information, resulting in damage to your legitimate rights and interests, we will bear corresponding legal responsibilities.
After an unfortunate personal information security incident occurs, we will promptly inform you in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, suggestions for you to independently prevent and reduce risks, and remedial measures for you. We will promptly inform you of the relevant situation of the event through email, letter, phone call, push notifications, and other means. When it is difficult to inform the personal information subject one by one, we will take reasonable and effective measures to publish the announcement. At the same time, we will also proactively report the handling of personal information security incidents in accordance with regulatory requirements.
2. Storage of personal information
In terms of storage location, personal information will be stored within the territory of the People's Republic of China.
In terms of storage period, we will only store your personal information during the necessary period for the purpose of this policy and within the time limit required by laws and regulations.
We may need to retain the user's personal information for a longer period of time in the following situations, and only for the purpose related to the following situations:
(1) Comply with applicable laws and regulations regarding information retention (such as the Cybersecurity Law, which stipulates that technical measures should be taken to monitor and record network operation status and network security events, and relevant network logs should be retained for no less than six months in accordance with regulations).
(2) Comply with the requirements of court judgments, rulings, or other legal proceedings.
(3) Comply with the requirements of relevant government agencies or other competent authorities.
(4) The requirement for a reasonable extension of the deadline for financial, auditing, and other purposes.
(5) The use is reasonably necessary for the execution of relevant service agreements or this privacy policy, the maintenance of social and public interests, the handling of complaints/disputes, and the protection of the personal and property safety or legitimate rights and interests of our unit users or our affiliated companies, other users or employees.
In terms of storage methods, the aforementioned personal information is desensitized and encrypted and stored on Alibaba Cloud servers, and access rights management settings have been implemented.

4、 Global transfer of personal information

In principle, personal information collected and generated within China will be uniformly processed on servers within China. For our business conducted outside of China, we will only provide algorithms and other technologies to overseas customers and will not transmit any personal information to them.

5、 Your personal information rights

1. Access and Reproduction Rights
You have the right to access or copy your personal information, except for exceptions specified by laws and regulations. You can exercise the right to access or copy personal information through customers or directly contact us through the contact information disclosed in Part 7 of this policy.
2. Correction rights
When you discover that there is an error in the personal information we process about you, you have the right to contact us directly through the contact information disclosed in Part 7 of this policy to make changes, or to request correction from customers and request them to provide us with the corrected personal information.
3. Deletion rights
If one of the following situations occurs, we will proactively delete your personal information or according to your request:
(1) The processing purpose has been achieved, cannot be achieved, or is no longer necessary to achieve the processing purpose;
(2) The personal information processor stops providing products or services, or the storage period has expired;
(3) Individual withdrawal of consent;
(4) Personal information processors violate laws, administrative regulations, or agreements to process personal information;
(5) Other situations stipulated by laws and administrative regulations.
You also have the right to contact us directly through the contact information disclosed in Part 7 of this policy to delete your personal information, or to exercise the right to delete personal information through customers. If the retention period stipulated by laws and administrative regulations has not expired, or if it is technically difficult to delete personal information, we will not handle it except for storage and taking necessary security measures.
4. Change the scope of authorization consent or withdraw authorization
You have the right to change or withdraw your authorized personal information under this policy directly through the contact information disclosed in Part 7 of this policy or through clients. After you withdraw your consent, we will no longer process the corresponding personal information. Your decision to withdraw your consent will not affect the personal information processing previously carried out based on your authorization.
5. Respond to your above request
To ensure security, you may need to provide a written request or otherwise prove your identity. We may require you to verify your identity before processing your request. We usually respond to your request within 15 working days after receiving it.
We will not be able to respond to your request in the following situations:
(1) Related to the fulfillment of obligations stipulated by laws and regulations by personal information controllers;
(2) Directly related to national security and national defense security;
(3) Directly related to public safety, public health, and major public interests;
(4) Directly related to criminal investigation, prosecution, trial, and execution of judgments;
(5) The personal information controller has sufficient evidence to indicate that the personal information subject has subjective malice or abuse of rights;
(6) For the purpose of safeguarding the significant legitimate rights and interests of personal information subjects or other individuals, such as life and property, but it is difficult to obtain personal consent;
(7) Responding to the request of a personal information subject will cause serious damage to the legitimate rights and interests of the personal information subject or other individuals or organizations;
(8) Involving trade secrets.
If we fail to respond to your request in a timely manner, or if you have any objections to our response, you can file a complaint with us or appeal to the relevant regulatory authorities through the contact information provided in this policy.

6、 How do we handle children's personal information

Please note that all of our products, websites, and services are primarily aimed at corporate customers. If we indirectly collect personal information about children from corporate customers, we will take necessary review measures within a reasonable range to ensure that customers have obtained authorization from their parents or other guardians for the external provision of children's personal information.
If we discover that any customer or user provides raw data containing personal information of a child without the consent of their parents or guardians, we will immediately delete such raw data and will not provide any services regarding such data. For the avoidance of ambiguity, we treat anyone under the age of 14 as a child.

7、 How to contact us

If you have any related issues, complaints or requests regarding this policy and your personal information, or if you need any assistance regarding personal information rights, you can call customer service at [025-58801024] or contact us at【 nicetomeetyou@minivision.cn 】Send an email to contact us. To ensure that your request is clear and clear, please provide us with:
(1) Your name and contact information;
(2) Your detailed request, comments, and/or corresponding links.
In the business scenarios where we indirectly collect your personal information or where we act as entrusted processors, in order to meet your request in a timely manner, we suggest that you make a request to the direct personal information processor (usually our client) in the specific business scenario and have them transfer it to us as appropriate. We will respond as soon as we receive the forwarded request.
We do not charge any fees for your reasonable requests in principle, but for requests that are repeated multiple times and exceed reasonable limits, we will charge a certain cost according to the situation. We may refuse requests that are unfounded, require excessive technical means (such as developing new systems or fundamentally changing existing practices), pose risks to the legitimate rights and interests of others, or are highly impractical (such as involving information stored on backup tapes).
Generally speaking, we will respond as soon as possible within 15 working days or within the time limit specified by laws and regulations. If we are unable to respond within the aforementioned time limit due to special circumstances, we will also inform you of the specific reasons and expected response time.

8、 How to update this policy

Our personal information protection policy may be updated from time to time. Without your explicit consent, we will not reduce your rights under this policy. We will publish any changes made to this policy on the Minivision Technology website. For significant changes, we will also provide more significant notifications (including for certain services, we will send notifications via email explaining specific changes to personal information protection policies).
The significant changes referred to in this policy include but are not limited to:
1. Our service model has undergone significant changes;
2. We have undergone significant changes in ownership structure, organizational structure, and other aspects;
3. Changes in the main objects of personal information sharing, transfer, or public disclosure;
4. Your right to participate in personal information processing and the way you exercise it have undergone significant changes;
5. When there are changes in the responsible department, contact information, and complaint channels for handling personal information security;
6. When the personal information security impact assessment report indicates a high risk.
We will also archive the old version of this policy for your reference.