PandaX隐私政策

Update Date: February 14, 2025

Effective Date: March 10, 2024

Shanghai Huiquan Shujin Information Technology Co., Ltd. (hereinafter referred to as "we") attaches great importance to protecting the personal information and privacy of users (hereinafter referred to as "you"). We understand the importance of personal information to you and will take corresponding security protection measures to protect your personal information in accordance with the requirements of laws and regulations and the mature security standards in the industry. We hope to clearly introduce to you through this privacy policy how we process your personal information when you use our products/services, as well as the ways we provide for you to access, correct, delete, and protect this information.

This policy will help you understand the following content:

1. How we collect and use your personal information

2. How we share, transfer, and publicly disclose your personal information

3. How we store and protect your personal information

4. How you can manage your personal information

5. Protection of minors' personal information

6. Notices and revisions

7. How to contact us

8. SDK list

9. Appendix

【Special Notice】Please carefully read and fully understand this (we have bolded the key content for your special attention) and make a corresponding choice before using any of the products/services we provide. Once you use or continue to use our products/services, it means that you agree to our processing of your relevant information in accordance with this privacy policy. If you have any questions about this privacy policy, you can contact us through the methods provided in the "How to Contact Us" section of this privacy policy.

Our product is developed based on DCloud uni-app (5+ App/Wap2App). During the application's operation, we need to collect your device's unique identification code (device ID, IMEI/android ID/DEVICE_ID/IDFA, device MAC address, OAID, software list, SIM card IMSI information) to provide statistical analysis services, and improve performance and user experience through the analysis of application startup data and exception error logs, so as to provide users with better services. For detailed content, please visit the (The DCloud User Service Terms hyperlink is https://ask.dcloud.net.cn/protocol.html).

I. How we collect and use your personal information

When you use our products/services, the scenarios where you need or can choose to authorize us to collect and use your personal information include:

1. In order to provide you with the basic functions of our products/services, you need to authorize us to collect and use necessary information. If you refuse to provide the aforementioned necessary information, you will not be able to use our products/services normally.

2. In order to provide you with the extended functions of our products/services, you can choose to authorize us to collect and use information. If you refuse to provide the aforementioned information, you will not be able to use the relevant additional functions normally or achieve the intended functional effects, but it will not affect your normal use of the basic functions of our products/services.

3. Registration and Login When you register and log in to PandaX, you can create an account using your mobile phone number, and you can complete relevant online identity identification information (name, password). These information are collected to help you complete the registration.

4. Information obtained when using services When you use our services, we may automatically collect relevant information and store it as service log information. Device information: For example, device model, operating system version, IMEI, running process information, etc. Location information: When you use location-related services, such as private car for public use or other related services, we may record the location information of your device to provide you with relevant services. We may obtain your geographical location information through IP address, GPS, WLAN (such as WiFi), or base stations. The information provided by you or other users when using the services may contain your geographical location information. For example, the account information you provide may contain information about your area. Information obtained from third-party partners: We may obtain the information generated or shared by you when using third-party partner services. For example, when you use your PandaX account to log in and book air tickets and train tickets, you need to provide at least the traveler's name, document type, ID number, email, as well as the contact person's name and mobile phone number so that the merchant can provide you with ticket booking, information notification, and subsequent refund and change services; when you book a hotel, you need to provide at least the name, mobile phone number, and email of the person staying so that the merchant can provide you with hotel booking, information notification, and subsequent refund and change services. For other products or services that require you to provide additional necessary information to complete the reservation, please refer to the prompts or authorization content in the reservation process and read them carefully. We will obtain the name and login time of the third-party partner service you log in to, which is convenient for you to manage your authorization. Please carefully read the user agreement or privacy policy of the third-party partner service.

5. The product integrates the Getui+ SDK and push channel SDKs (such as those of Xiaomi, Huawei, Oppo, Vivo, Meizu, etc.). The push channel SDK needs to collect device identifiers (IMEI/MAC/Android ID/IDFA/OpenUDID/GUID/SIM card IMSI information, etc.) to uniquely identify the device so as to push messages to the user's device. It also collects geographical location to determine the push channel and improve the regional coverage of message push.

(I) Scenarios where you need to authorize us to collect and use your personal information

We will follow the principles of legitimacy, necessity, and propriety to collect and use your personal information for the following purposes stated in this policy.

1. Help you become our user

To comply with the requirements of laws and regulations and provide you with more convenient services, when you register as a PandaX user, you may need to provide your mobile phone number or other information to create a PandaX account and complete relevant online identity identification information (such as avatar, nickname, and login password).

2. Provide you with the sharing function

To facilitate you to share PandaX, find users with common needs, have a more relaxed access experience, and share with friends and third parties, you can share information with third parties through functional components.

3. Provide you with customer service and after-sales service

When you contact our customer service, our system may record your communication with the customer service and use your account information to verify your identity; when you need us to provide customer service related to your application form, we may query your relevant order information to provide you with appropriate assistance and handling; when you need the customer service to assist you in modifying relevant information, you may also need to provide other information in addition to the above information to complete the modification.

4. Provide you with security protection

In order to ensure the security of your account, transaction security, and system operation security, and meet the relevant requirements of laws, regulations, and our agreement rules, during your use of our products/services, with your authorization, we will obtain your device information, including the device attributes, connection, and status information you use, such as the device model, unique device identifier (such as IMEI/android ID information, etc.), device MAC address, software list, etc.

(II) Scenarios where you can choose to authorize us to collect and use personal information

To provide you with services, you can choose to use the extended functions we provide. We will collect and use the following information in accordance with the law and based on your specific authorization. This type of information will be collected in the specific functions and business scenarios you choose. If you do not provide this information, it will not affect your use of the basic functions of PandaX.

1. Extended services based on camera authorization

You can choose to enable the system's camera permission and authorize PandaX to access your camera by using functions such as taking photos and scanning codes, so that you can submit application forms by taking photos. We will collect the above information you upload and publish. You can turn off this function in the system permissions. Once turned off, you may not be able to use the scanning code function, take pictures, or perform OCR recognition, but it will not affect your enjoyment of the basic functions of the PandaX service.

2. Extended functions based on album authorization

You can choose to enable the system's album permission and authorize us to access your album by actively uploading pictures, so that you can initiate application forms by uploading photos. We will collect the above information you choose to upload and publish. You can turn off this function in the system permissions. Once turned off, you may not be able to change your avatar, initiate application forms with pictures, etc. by uploading pictures, but it will not affect your enjoyment of the basic functions of the PandaX service.

3. Extended functions based on microphone authorization

You can choose to enable the system's microphone permission and use voice technology to achieve the voice input interaction function. We will collect the voice information you enter during the use of intelligent voice technology for machine recognition, online interaction, and to meet your input needs. You can turn off this function in the system permissions. Once turned off, you may not be able to achieve the online voice interaction function, but it will not affect your enjoyment of the basic functions of the PandaX service.

4. Extended functions based on calendar authorization

You can enable the system's calendar permission and use functions such as adding calendars to record the schedules of services related to business trip applications. We will collect the above information for display or timely reminders. You can turn off this function in the system permissions. Once turned off, you may not be able to enjoy the calendar recording or reminder function, but it will not affect your enjoyment of the basic functions of the PandaX service.

5. Extended functions based on geographical location authorization

To provide you with the self-driving function and punch-in service and improve the performance, efficiency, and functions of our services, with your authorization, we will collect the relevant information generated during your use of our self-driving and punch-in services, including:

(1) Location information. When you enable the positioning function of your mobile device through system authorization and use the map service based on location, we will collect and use your location information to provide you with services (for example, when you use the self-driving function, we will collect trajectory information, calculate the mileage based on the trajectory information, and provide subsidies according to different levels). We will use relevant technologies to obtain your location information (with varying degrees of accuracy), including IP addresses, GPS, and WLAN (such as Wi-Fi) access points, Bluetooth, and base stations that can provide relevant information. You can turn off the positioning service in the mobile device system to stop our collection of your location information, but you may not be able to use the services we provide based on geographical location or achieve the expected results of relevant services.

6. Convenient functions based on travel reservation

To facilitate your travel reservation, we will collect the ID card information you actively maintain and synchronize it to the third-party platform. The third-party platform depends on the travel service platform opened by your company. If you do not maintain this information, you can do so on the third-party platform, which will not affect your enjoyment of the basic functions of the PandaX service.

7. Extended functions based on direct financial payment

To enable the finance department to pay your reimbursement form more quickly, you can maintain your bank account information in your personal information. You can also authorize the company administrator to maintain the bank card information in batches. If you do not maintain this information, it will not affect your enjoyment of the basic functions of the PandaX service.

(III) Others

If we use the information for other purposes not specified in this policy, or use the information collected for a specific purpose for other purposes, we will separately seek your authorization and consent.

(IV) Exceptions to obtaining consent

Please note that in the following situations, we do not need to obtain your authorization and consent to collect and use personal information:

1. Related to national security and national defense security;

2. Related to public security, public health, and major public interests;

3. Related to criminal investigation, prosecution, trial, and execution of judgments;

4. Out of the need to safeguard the major legitimate rights and interests of the personal information subject or other individuals but it is difficult to obtain the consent of the individual;

5. The personal information collected is publicly disclosed by the personal information subject to the public;

6. The personal information collected from legally publicly disclosed information, such as legal news reports and government information disclosures.

7. Extended functions based on direct financial payment

(III) Others

(IV) Exceptions to obtaining consent

Please note that in the following situations, we do not need to obtain your authorization and consent to collect and use personal information:

1. Related to national security and national defense security;

2. Related to public security, public health, and major public interests;

3. Related to criminal investigation, prosecution, trial, and execution of judgments;

4. Out of the need to safeguard the major legitimate rights and interests of the personal information subject or other individuals but it is difficult to obtain the consent of the individual;

5. The personal information collected is publicly disclosed by the personal information subject to the public;

6. The personal information collected from legally publicly disclosed information, such as legal news reports and government information disclosures;

7. Necessary for signing a contract at your request;

8. Necessary for maintaining the safe and stable operation of the products and/or services provided, such as detecting and resolving faults in the products and/or services;

9. Necessary for legitimate news reporting;

10. Necessary for statistical or academic research carried out by academic research institutions in the public interest, and when providing the results of academic research or descriptions externally, the personal information contained in the results is de-identified;

11. Other situations stipulated by laws and regulations.

Please note that information that cannot be used to identify your identity or establish a direct connection with you, either alone or in combination with other information, does not constitute personal information. If we combine information that cannot be directly linked to any specific individual with other information to identify the identity of a natural person, or use it in combination with personal information, such information will be considered personal information during the period of combined use.

II. How we share, transfer, and publicly disclose your personal information

(I) Sharing

We will not share your personal information with any company, organization, or individual outside of PandaX, except in the following situations:

1. Sharing with your explicit consent or authorization.

2. Based on legal requirements: as required by laws and regulations, for the resolution of litigation disputes, or upon the legitimate requests of administrative, judicial, or other competent authorities.

3. Based on contractual agreements: when it is necessary to share information with third parties in accordance with relevant agreements (including online electronic agreements and platform rules) or legal documents signed between you and us.

4. For academic research purposes; for example, to support statistical or academic research conducted by scientific research institutions.

5. In the public interest in compliance with laws and regulations.

We will conduct necessary data sharing with third parties through application programming interfaces (APIs) and software development kits (SDKs). Different versions of third-party SDKs may vary, generally including sharing, map navigation, manufacturer push, and statistical types. We will conduct strict security checks on third parties and stipulate data protection measures.

Please note that we will only share your personal information for legitimate, proper, necessary, specific, and clear purposes. For companies, organizations, and individuals with whom we share personal information solely to achieve the purposes stated in this policy, we will sign strict information protection and confidentiality agreements with them, requiring them to comply with the agreements and take relevant security measures to protect your personal information.

(II) Transfer

As our business develops, our company and our affiliated parties may engage in mergers, acquisitions, asset transfers, or similar transactions. If such transactions involve the transfer of your personal information, we will require the company or organization receiving your personal information to continue to be bound by this privacy policy. Otherwise, we will require the company or organization to seek your authorization and consent again.

(III) Public disclosure

We may only publicly disclose your personal information in the following situations and on the premise of taking security protection measures in line with industry standards:

1. At your request, and in the manner of disclosure you explicitly consent to, disclose the personal information you specify.

2. In accordance with the requirements of laws and regulations, mandatory administrative law enforcement, or judicial requirements, we may be required to publicly disclose your personal information. On the premise of compliance with laws and regulations, when we receive such requests for information disclosure, we will require the relevant legal documents, such as subpoenas or investigation letters, to be provided.

Please note that information you voluntarily post when using our services may involve your or others' personal information, and even personal sensitive information, such as your transaction information, and information in various forms such as text, pictures, or videos containing personal information that you choose to upload in your reviews. Please consider more carefully when using our services whether you want to post or even publicly share relevant information.

(IV) Exceptions to prior authorization and consent for sharing, transferring, and publicly disclosing personal information

In the following situations, prior authorization and consent are not required for sharing, transferring, or publicly disclosing your personal information:

1. Related to national security and national defense security;

2. Related to public security, public health, and major public interests;

3. Related to criminal investigation, prosecution, trial, and execution of judgments;

4. Out of the need to safeguard your or other individuals' major legitimate rights and interests, such as life and property, but it is difficult to obtain your consent;

5. Other situations in the public interest, such as the need to publicly share your credit evaluation information;

6. Personal information you have publicly disclosed to the public;

7. Personal information collected from legally publicly disclosed information, such as legal news reports and government information disclosures.

According to legal regulations, for the sharing, transfer, and public disclosure of de-identified personal information, and ensuring that the data recipient cannot restore and re-identify the personal information subject, our processing of such data will not require further notice to you and your consent.

III. How We Store and Protect Your Personal Information

(1) Storage of Personal Information

1. Retention Period: We will only retain your relevant personal information for the minimum period necessary to achieve our purposes unless required by laws/regulations or mutual agreement. When you actively cancel your account, we will delete or anonymize your personal information as soon as possible in accordance with legal requirements. For account cancellation rules and procedures, please refer to the "User Cancellation Agreement" in the attachments.

2. Storage Location: Personal information collected and generated within China will be stored domestically, except for:

• Explicitly required by laws and regulations;

• Obtained through your separate authorization;

In these cases, we will require data recipients to handle personal information according to this policy and security measures.

3. Service Termination: If service termination occurs, we will notify you 30 days in advance and delete/anonymize your information afterward.

(2) Protection Measures for Personal Information

1. Data Security Measures

We implement industry-standard physical, electronic, and managerial security measures to protect your information, including: SSL encryption for data transmission; HTTPS secure browsing; encryption technologies; access controls; security training; and monitoring mechanisms. We establish data classification systems and security protocols to prevent unauthorized access, disclosure, alteration, or destruction of information.

2. Security Certifications

We collaborate with regulators and third-party institutions to establish security mechanisms against information threats.

3. While we implement robust protections, internet transmission carries inherent risks. We recommend using strong passwords and secure methods. If you suspect any information leakage, especially account/password compromise, contact us immediately.

4. Security Incidents

In case of security incidents, we will promptly establish emergency response teams, mitigate impacts, and notify you via email/phone/push notifications within legal requirements. We will report incidents to regulators as required.

IV. How You Manage Your Personal Information

You have the following rights regarding your personal information:

(1) You have the right to access, correct, and delete your personal information (subject to legal exceptions). Management methods include:

Account Information - Manage profile, password, and security settings via webpage/App settings. Contact us if issues arise. We will respond within 15 days.

(2) Adjust Authorization Scope or Withdraw Consent

Modify permissions via app settings or device permission controls. Withdrawing consent may affect related services but won't impact previous processing.

(3) Account Cancellation

Cancel your account via Settings > Account Security > Cancel Account. Upon cancellation, we will delete/anonymize your information per legal requirements. See attached "User Cancellation Agreement" for details.

For requests or complaints regarding personal information handling, contact us via provided channels. We may require identity verification and will respond within 15 days. Reasonable requests are free, but repetitive/excessive requests may incur fees. We may reject unreasonable or technically impractical requests.

V. Protection of Minors' Personal Information

PandaX prioritizes minors' privacy protection. Our services primarily target enterprise employees. Minors should use our services with parental/guardian consent. We only use minors' information when legally permitted, expressly consented, or necessary for protection. If we discover collecting minors' information without verifiable consent, we will promptly delete it.

VI. Notifications and Revisions

We may update this policy as services evolve. We will notify changes through website/App updates. Continued use after updates constitutes acceptance of revised terms.

VII. Contact Us

Contact methods (response within 15 days):

1. Online contact via PandaX website/App;

2. Customer service hotline: 400-021-5799

3. Data Protection Team: service@galaxysoftware.com.cn or mail to: Room 202, Building 46, 555 Guiping Road, Xuhui District, Shanghai (240000).

VIII. Application Permission List

1. Android System

PandaX APP接入第三方SDK目录
SDK名称	包名信息	使用目的	涉及个人信息	隐私政策链接
uni-app为保障运行，默认集成以下三方SDK：
uni- app(5+、 web2app)	io. dcloud	基础模块	存储的个人文件，设备信息（IMEI、MAC、ANDROID_ID、DEVICE_ID、IMSI），网络信息	https://ask.dcloud.net.cn/article/36937
阿里 weexSDK	com. tao bao	uni-app基础模块默认集成，用于渲染uniapp的nvue页面引擎	存储的个人文件	http://doc.weex.io/zh
Fresco图库	com. face book. fresco	用于页面加载	存储的个人文件	https://www.fresco-cn.org/
fastjson	com.alibaba.fastjson	JSON解析	无	https://github.com/alibaba/fastjson
移动安全联盟 OAID	com.bun.miitmdid、com.zui.opendeviceidlibrary、com.netease.nis、com.samsung.android、com.huawei.hms	获取oaid	设备信息	http://www.msa-alliance.cn/col.jsp?id=122
本应用为保障运行，集成以下三方SDK：
媒体	media-release.aar	用于播放视频
支付宝支付	com. ali pay. sdk	用于支付宝支付	读取手机状态和身份、网络信息	支付宝隐私协议
微信登录与微信支付	com. ten cent. mm	微信登录、微信支付	需要读取手机状态和身份、网络信息、读取外置存储器、写入外置存储器	微信隐私协议
个推(com.igexin.push)SDK	com.igexin.push	用于工作单据的审批提醒	读取手机状态和身份、网络信息	个推隐私协议
个数SDK		用于一键登录、数据分析和应用内推送	收集个人信息类型：①. 获取网络状态②. 向本地写文件③. 蓝牙④. 获取手机状态	个数SDK隐私协议
个像SDK	com.getui.gis	用于一键登录、数据分析和应用内推送	收集个人信息类型：由每日互动股份有限公司提供一键登录、数据分析和应用内推送服务，我们可能会将您的设备平台、设备厂商、设备品牌、设备识别码IMEI设备信息、获取WIFI的MAC地址、扫描WIFI列表、监听传感器数据、网络信息以及位置相关信息。推送服务可以在我的界面-设置中关闭。	个数SDK隐私协议
个验SDK	com.g.gysdk	用于一键登录、数据分析和应用内推送	收集个人信息类型：由每日互动股份有限公司提供一键登录、数据分析和应用内推送服务，我们可能会将您的设备平台、设备厂商、设备品牌、设备识别码IMEI设备信息、获取WIFI的MAC地址、扫描WIFI列表、监听传感器数据、网络信息以及位置相关信息。推送服务可以在我的界面-设置中关闭。	个验SDK隐私协议
Map & Geolocation模块集成的高德定位、高德导航、高德猎鹰SDK	map-amap-release.aar weex_amap-release.aar	用于获取用户用车的GPS 坐标、GPS 轨迹、GPS 位置、周围 Wi-Fi 设备的 MAC 地址、IP 地址等网络位置	收集设备信息（ANDROID_ID、DEVICE_ID、MAC）、应用已安装列表、存储的个人文件、位置信息、读取手机状态和身份、网络信息。调用的设备权限：获取设备序列号、获取经纬度信息、获取定位信息、获取网络状态、访问Wi-Fi状态、读取手机状态、读取外置存储器、写入外置存储器、访问额外的定位提供者指令	SDK隐私协议
华为 HMS push	com.huawei.hms	华为手机厂商推送(unipush集成的)
小米 MiPush	xmp-3.2.1.aar	小米手机厂商推送(unipush集成的)
OPPO MiPush	oppo-3.1.2.aar oppo-push-3.1.0.aar	OPPO手机厂商推送(unipush集成的)
vivo MiPush	vivo-3.1.0.aar	vivo手机厂商推送(unipush集成的)
com.tencent.smtt		腾讯x5内核浏览器，用于增强本地webview功能
uni-createRequestPermissionListener-release		监听权限申请	APP在调用终端权限时，应同步告知用户申请该权限的目的
uni-createRequestPermissionListener-release		监听权限申请	APP在调用终端权限时，应同步告知用户申请该权限的目的
YQPayAndroidX_6.9.0、YQPayAndroidX_6.9.0_runtime		平安银行sdk
com.pab.sdk.facedetectionbase3.42.0.1		平安银行面部识别sdk
httpdns-1.0.7.1-SNAPSHOT		平安银行httpdns
networkMonitor-1.10.0		平安银行网络监控sdk
com.huawei.hms.feature		Dynamic Ability sdk
com.huawei.hms.scankit		华为统一扫码SDK
com.bun.miitmdid		移动智能终端补充设备标识体系统一调用SDK
com.huawei.hms.ads		鲸鸿动能SDK

2、鸿蒙操作系统

名称	使用目的
ohos.permission.CAMERA	拍摄照片或视频
ohos.permission.INTERNET	允许应用访问网络
ohos.permission.MICROPHONE	允许应用使用麦克风
ohos.permission.LOCATION ohos.permission.APPROXIMATELY_LOCATION	通过全球定位系统（GPS）或网络位置信息（例如基站和WLAN）获取精准地理位置信息；获取 (基于网络的) 大概位置
ohos.permission.READ_MEDIA ohos.permission.WRITE_MEDIA	提供读取手机储存空间内数据的功能
ohos.permission.GET_WIFI_INFO ohos.permission.GET_NETWORK_INFO	获取WLAN网络信息权限和获取Wi-Fi信息

Appendix:

1. Personal Information: Electronic or other records that can identify or reflect specific individual activities, including but not limited to: basic info (name, phone, gender, address, birthday); identity info (ID cards, passports); network identifiers (accounts, IP, email); financial info (bank accounts, transaction records); health info; device info; location data.

2. Sensitive Personal Information: If leaked, could endanger safety or cause discrimination, including: identity documents; financial info; precise location data.

Attachment 1:

User Cancellation Agreement

Before cancellation, please acknowledge:

Cancellation will terminate services and delete/anonymize your information. Note: Relevant records must be retained for 1+ years per law.

1. During cancellation, if disputes exist, PandaX may terminate cancellation process.

2. Cancellation is irreversible - backup all data beforehand. You will lose access to:

(1) Your PandaX account

(2) Profile data and historical information

3. Cancellation does not exempt you from pre-cancellation account responsibilities.