Update Date: May 30, 2024
Effective Date: May 30, 2024
Dear "SH MaaS" user (hereinafter referred to as "You"), in order to facilitate your use of the platform
products and services, including the "SH MaaS" application software (hereinafter referred to as "this
application"), the platform operator and the owner of this application , Shanghai Mobility Service Technology
Co.,Ltd. (hereinafter referred to as "we" or "us"), will collect, use, store, and provide your personal information (hereinafter collectively referred to as "processing") in accordance with the provisions of the
"SH MaaS" Personal Information Protection and Privacy Policy (hereinafter referred to as "this policy").
This policy applies to the products and services provided to you by the platforms legally owned and operated
by us, labeled "SH MaaS", including the APP, SH MaaS official website (https://www.shmaas.cn/), public
account, mini-programs, and other platforms. It also applies to certain functions/services within the "SH
MaaS" application integrated as a third-party service in other third-party smart hardware, software, or
services (the aforementioned product and service system is also referred to as the "platform" or "SH MaaS").
When you use our products or services, we need to process your information according to the relevant laws,
regulations, and regulatory policies to provide you with services and improve service quality. Through this
policy, we aim to explain to you: what data we collect when you use our products or services, why we collect
this data, what we will do with this data, and how we protect this data. This policy is closely related to the
products or services you use from us, and it is crucial for you to exercise user rights and protect your personal
information. Please carefully read and fully understand the content of this policy
(especially the content in bold underline) before using our products or services.
Please read this policy carefully, understand our rules for processing your personal information, and if we update
this policy, we will promptly notify you of the updates. If you have any questions, you can contact the
official platform hotline【$phoneStr】for consultation.
By clicking "Agree" and confirming the submission, you are deemed to agree to the content of this policy
(including updated versions) and agree that we process your personal information according to this policy. If
you do not agree to any terms in this policy, you should immediately stop accessing and using our
platform.
Special Note: When you use third-party services through "SH MaaS", the third party may have its own privacy
protection policy. When viewing pages created by third parties or using services developed by third parties,
these third parties may place their own cookie or network beacons, which are not under our control. We will
make efforts to request these entities to protect your personal information. It is recommended to contact
them to get detailed information about their privacy policy. If you find risks in these third-party services,
it is advisable to terminate the relevant operations to protect your legitimate rights and interests.
You can read specific sections of our privacy policy in more detail based on the following index:
I. Principles for the Collection and Processing of Your Personal Information by Us
II. How We Collect and Use Your Personal Information
III. How We Use cookie and Similar Technologies
IV. How We Share, Transfer, Publicly Disclose, and Entrust the Processing of Your Personal Information
V. How We Store Your Personal Information
VI. How You Can Manage Your Personal Information
VII. Exceptions to Obtaining Authorized Consent
VIII. How We Protect Your Personal Information
IX. How We Protect Information of Minors
X. How Your Personal Information Is Transferred Globally
XI. Our Operational Organization
XII. How This Policy Is Updated
XIII. How to Contact Us
XIV. Other
I. Principles for the Collection and Processing of Your Personal Information by Us
Principles of Legality, Legitimacy, Necessity, and Good Faith.
Mainly refers to: 1. Obtain your or your guardian's consent, except as otherwise provided by laws and
regulations 2. Collect and process information in accordance with the purposes, methods, and types specified
in this policy. 3. Do not process information unrelated to business or handle information in an improper
manner. 4. Do not violate laws, regulations, and agreements between the parties.
II. How We Collect and Use Your Personal Information
(I) Responsibility Statement
This application is only responsible for collecting information necessary for your use of the
functions/services provided by this application. According to regulatory requirements, relevant regulatory
authorities will collect your relevant information and maintain it based on regulatory needs. For business
needs and necessary security certification, the third-party service system may share your Personal information or
perform secondary authentication. We are not responsible for any leakage of Personal information at regulatory
authorities or third-party service systems.
(II) How We Collect and Use Your Personal Information
We will only collect and use your personal information for the following purposes as stated in this policy:
To provide you with the basic functions of our products/services: User registration, login and authentication,
account management, QR code boarding, taxi and ride-hailing services, Parking Service, Road
Assistance Service, Nearby Maintenance Factory Inquiry Service, Bus Basic Information Inquiry Service, Scenic Spot Ticket Service, User
Activities, Security and Data Analysis Service, Public Welfare, you need to authorize us to collect and use
the necessary personal information. If you refuse to provide the necessary information, you will not be able
to use our products/services normally.
To provide you with expanded or additional functions of our products/services: Service Optimization and
Development, you can choose to authorize us to collect and use your other personal information. If you refuse
to provide, you will not be able to use the related additional functions or
achieve the intended functional effects, but it will not affect your normal use of the basic functions of our
products/services.
(III) Scenarios where you need to authorize us to collect and use personal information
1. User registration, login:
For the necessary prevention of malicious programs and secure operations, when you use this application
(including the first run of this application), we will collect information about the application process. If
you do not perform any registration or login operations later, the aforementioned application process
information will not be associated with you personally.
When you only need to browse the main channel or use some services that do not require login, you do not need
to register as a user with us and do not need to provide relevant personal information. When you are not
logged in, we will not collect your personal information.
(1) Registration service:
When you need to use the user services provided by us, you need to provide your own phone number and
SMS verification code for registration and login. After completing the registration, the platform will generate a SH MaaS account
for you
(2) Third-party account binding:
After successfully registering as our user, you can choose to bind a third-party account for quick login. We will access and collect your personal information (such as nickname and personal profile for WeChat or Alipay; username, personal profile, user agreement, name, ID number, and phone number for Shanghai Public Services Online) through the third-party account interface (including Shanghai Public Services Online, WeChat, Alipay) in an indirect manner with your explicit authorization. We will then link the third-party account to your SH MaaS account and phone number. If you refuse to provide login information obtained from the third-party account interface, you will not be able to log in quickly using third-party accounts, but you can still log in using other methods.
(3) Login Service
When you log in to this application later, you can choose phone verification login: in this method, you need to provide your phone number and SMS verification code and agree to our verification of the login information you provide. Alternatively, you can choose third-party account (including Shanghai Public Services Online, WeChat, Alipay) authorized login: in this method, we will collect your third-party account information (such as nickname and personal profile for WeChat or Alipay; username, personal profile, user agreement, name, ID number, and phone number for Shanghai Public Services Online).
If you do not provide the above information, we will not be able to provide you with services such as the Shanghai QR code for boarding, real-person authentication, or other services that require login.
2.User Authentication
After you register, you can directly use ordinary user services, including viewing nearby bus and subway information, and using some basic services that do not require real-person authentication. If you need to use taxi services, online car-hailing services, autonomous driving services, shared bike services, or one-code passage services, you will need to undergo user real-person authentication.
Methods of real-person authentication include Alipay account authentication, Hong Kong/Macau/overseas user real-name authentication, bank card real-name authentication, and mobile phone number real-name authentication.
(1) If you choose Alipay account authentication, you need to provide your name and ID card number for verification. After passing the verification, your face recognition features will be used for identity verification (Note: We do not store users' facial recognition features; we only call third-party interfaces for verification).
(2) If you choose Hong Kong/Macau/overseas user real-name authentication, you need to provide your name, document type, and document number:
- If you are a resident of Hong Kong/Macau, you need to provide your name and Mainland Travel Permit for Hong Kong and Macau Residents number for verification. After passing the verification, your face recognition features will be used for identity verification (Note: We do not store users' facial recognition features; we only call third-party interfaces for verification).
- If you are an overseas Chinese user, you need to provide your name and passport number for verification. After passing the verification, your face recognition features will be used for identity verification (Note: We do not store users' facial recognition features; we only call third-party interfaces for verification).
- If you are a foreign user, you need to provide your name, Foreign Permanent Resident ID number, and nationality code for verification. After passing the verification, your face recognition features will be used for identity verification (Note: We do not store users' facial recognition features; we only call third-party interfaces for verification).
(3) If you choose bank card real-name authentication, you need to provide your name, ID card number, bank card number, bank-registered mobile number, and SMS verification code for verification. After passing the verification, your face recognition features will be used for identity verification (Note: We do not store users' facial recognition features; we only call third-party interfaces for verification).
(4) If you choose mobile phone number real-name authentication, you need to provide your name, ID card number, mobile phone number, and SMS verification code for verification. After passing the verification, your face recognition features will be used for identity verification (Note: We do not store users' facial recognition features; we only call third-party interfaces for verification).
At the same time, we will identify your gender and age based on the ID card number you provide. The above information contains your personal sensitive information, and you can refuse to provide it. If you refuse to provide the above information, you will not be able to use real-person user services, but it will not affect your use of other services provided by us that do not require real-name authentication.
3. Account and Password Management
(1) Account Information Management
After successfully registering your account, you can improve relevant online identity recognition information according to your needs and the modules opened to users by the platform for filling/modification. This includes nickname, profile picture, real-name authentication status, and identity information (document type, name, document number).
(2) Setting Common Addresses
You can set your common addresses yourself, so that when relevant services involve address searches, you can
conveniently fill in the starting and ending points of your trips.
4. Vehicle QR Code Scanning Service
If you need to activate QR code passage services for scenarios such as subway, bus, ferry, and maglev, you need to undergo user real-person authentication. The real-person authentication methods and collected personal information are detailed in "2. User Authentication." If it involves logging in and verifying operations in third-party software, you need to comply with the user agreements and privacy policies of the third-party software. We cannot monitor your actions in third-party software, so you are responsible for such actions. After you pass real-person authentication, we will collect your travel code status. When you use the travel code for subway, bus, ferry, or maglev travel, we will also collect your QR code travel order information.
5.Taxi and Car Hailing Services
(1) Car Hailing
When you use taxi or car-hailing services, you need to provide your location information so that you can access travel-related services or functions based on geographic location, such as getting the pick-up point, recording the route, and map navigation, without manually entering your current location. If you refuse to grant us access to your location information, you will need to manually specify your location, but this won't affect your use of our products and services. You can also revoke or adjust the above authorization at any time through the settings function.
When you use taxi or car-hailing services, before requesting a ride, you need to provide pick-up/drop-off locations for us to arrange a vehicle and estimate arrival time. If you refuse to provide this information, you will be unable to use Taxi and Car Hailing Services.
When using the taxi or car-hailing services, you also need to provide device information (including device model, operating system version, device settings, MAC address, IMEI, IDFA, OAID, Android ID, IDFV, and other device identifiers, SIM card IMSI information, SIM card origin, device environment, mobile application list, and other hardware and software characteristic information). We will transmit your device information to the cooperating customer service partner for joint debugging services, enabling their online customer service to access your device status and promptly resolve disputes.
When using the taxi's proxy car-hailing service, in addition to providing pick-up/drop-off locations, you also need to provide the actual passenger's name and phone number. You should also ensure that the actual passenger agrees to our collection and use of their personal information for the purposes described in this policy. Failure to provide the aforementioned information will prevent you from hailing rides on behalf of others.
(2) Itinerary Recording
Based on legal requirements, local regulations, and due to the need of verifying facts and addressing
complaints in case of disputes or safety incidents involving users, or for the purpose of user identity
verification for security reasons, we will record the interior and exterior environment during the trip. You need to agree
and authorize us to record your itinerary and collect
Itinerary Recording information . If you refuse to provide Itinerary Recording information, you will be unable to use Taxi and Car Hailing
Services.
(3) Emergency Aid
To facilitate notifying your emergency contacts in case of emergencies, we need to access your contacts. If you refuse to grant us access to your contacts, you can manually enter the names and phone numbers of your emergency contacts. You should also ensure that your emergency contacts agree to our collection of their personal information for the purposes described in this policy. Failure to provide the aforementioned information will prevent us from making notifications.
During your trip, if your personal or property safety is threatened, you can use the Emergency Aid function.
When you initiate Emergency Aid through the app, we will immediately provide assistance services and send an
emergency notification to your emergency contacts. During this process, we will also collect relevant
information, including your
trip details (pick-up/drop-off locations, time, travel trajectory/location information, etc.), location
information, and Itinerary Recording information.
(4) Itinerary Sharing
When you choose the Itinerary Sharing service, we will collect yourtrip (itinerary) information. If you refuse to provide this information, you cannot share your trip, but it won't affect your use of our
other products and services.
(5) Payment Settlement Function
When you make transaction payments, we will collect your name, phone number, ID type, ID number, and bank card information for identity
verification and to facilitate the payment service.
When you make transaction payments, you will use services provided by third-party payment partners for payment processing. We will collect payment information such as payment time, payment amount, payment channel, as well as details of charges, order payment status, taxi coupon information, geographical location, device information, and app version number. This information will be used to verify whether you have made payments as agreed, whether the driver has overcharged you, maintain platform transaction order, and handle user disputes according to platform rules.
After completing the payment, we will also collectpayment information such as the payment time, amount, channel, as well as order details, order payment
status, taxi coupon information, geographic location, device information, and app version. This information will be
used to verify whether you have paid according to the agreement, whether the driver has violated the charging
rules, maintain platform transaction order, and handle user disputes according to platform rules.
When you use payment services, you need to authorize the relevant regulatory authorities or provide us with
your name, phone number, ID type, ID number, and bank card information for identity verification and to
facilitate the payment service.
(6) Order Inquiry and Management
To facilitate your inquiry and management of trip information and order details, we will collect your trip and order information, including but not limited to pick-up/drop-off locations, travel
trajectories, and detailed costs. If you refuse to provide the aforementioned information, we will be unable to provide you with Order
Inquiry and Management services.
(7) Dispute Resolution
For the sake of addressing the needs of dispute resolution, such as disputes between passengers and drivers, we need to collect your trip information, Itinerary Recording information, payment information, order information, device information, etc. If you refuse to provide abovementioned information, we cannot provide you with our products or services and cannot better protect your rights.
(8) Online Car Hailing Invoice Issuance
If you need to issue an online electronic invoice for a ride-hailing trip, you can apply for it on the platform. We need to collect the name of the billing entity (individual name or company name, unified social credit code) and the email address to receive the invoice. If you refuse to provide the aforementioned information, we will be unable to provide you with an electronic invoice.
The billing entity should be the actual user of the ride-hailing service or the unit they belong to. If the billing entity you provide is not yourself, you should ensure that the billing entity agrees to our collection and use of their personal information as per this policy.
6. Parking Service
(1) Recommended Parking Lot Service
To facilitate recommending nearby parking lots and navigation to you, we will collect yourlocation information. If you refuse to provide the aforementioned information, you cannot use the mentioned services, but it
won't affect your use of our other products and services.
(2) Parking Lot Payment, Off-Peak Sharing, Reservation, and Other Services
If you use relevant services provided by parking lots in cooperation with us, for ease of querying parking
fees, signing up for off-peak sharing, and parking reservations, we will collect your license plate number
andparking order information. If you refuse to provide the
aforementioned information, you cannot use the mentioned services, but it won't affect your use of our other
products and services.
7. Road Assistance Service
When you use Road Assistance Service (including one-click towing service), you need to provide the contact person's name, phone number, license plate information, Road Assistance order information and status, and payment information that you fill out. We will transmit your relevant information to the cooperating partner providing rescue services. If you do not provide the aforementioned information, you cannot use the Road Assistance Service. If the contact person you provide is not yourself, you should ensure that the contact person agrees to our collection and use of their personal information as per this policy.
8. Nearby Maintenance Factory Inquiry Service
To facilitate your inquiry about nearby repair shops and navigation, we will collect your
location information. If you refuse to provide the aforementioned information, you cannot use the mentioned service, but it won't
affect your use of our other products and services.
9. Bus Basic Information Inquiry Service
When you use Bus Basic Information Inquiry Service, we will collect your
geographic location information and, through information sharing with our partners, provide you with basic information query services for bus
stops, bus routes, and real-time bus information.
10. Scenic Spot Tickets Service
When you use the scenic tickets service to purchase tickets for attractions, we will collect your departure date, ticket quantity, visitor information (ID type, name, ID number, phone number), order information, etc., to provide you with the ticket purchase service for attractions. If you refuse to provide the aforementioned information, you will be unable to use the aforementioned service. However, this refusal will not affect your use of our other products and services.
11. User Activities
(1) Randomly Selected Mall Service
If you subscribe to the Randomly Selected Mall service to accumulate "DouDou" for redeeming user benefits, we will collect your trip information. To facilitate the delivery of redeemed items, you also need to provide the recipient's name, delivery address, and recipient's phone number. If the recipient is not you, you should ensure that the recipient agrees to the collection of their personal information for the purposes stated in this policy. If you do not provide the aforementioned information, you cannot use the service mentioned above, but it won't affect your use of our other products and services.
(2) Green Travel Carbon Inclusion
If you choose green travel methods such as buses, metro, and ferries, for calculating, summarizing, and
issuing carbon reduction and carbon points to you, facilitating your redemption of benefits on the Shanghai
Green Travel Carbon Inclusion platform, we will collect your user ID, username, name, gender, desensitized
phone number, desensitized ID number, registration device ID, city code, city name, order information, trip
information, payment information, etc., after you register on the Shanghai Green Travel Carbon Inclusion
platform.
(3) Operation Activities
When you participate in our Operation Activities, to facilitate the public display of activity results,
subsequent promotion of the activity, contacting you, and issuing gifts or transfers to you, we will collect
your name, mailing address, and contact information. If you do not provide the aforementioned information, you
cannot participate in the mentioned Operation Activities, and you will not receive related gifts and
transfers, but it won't affect your use of our other products and services.
(4) User Evaluation
If you evaluate related services on this platform, we need to collect your service rating and service review.
If you refuse to provide the aforementioned information, it may not be possible to receive feedback on your
experience with the related service, but it won't affect your use of our other products and services.
(5) Customer Service
When you contact our customer service team, to facilitate dispute resolution, problem-solving, or feedback to
you, we will collect your name, contact information,
call details (call content call duration, calling and called phone numbers, and
text messages sent through the SH MaaS platform)). If you refuse to provide the aforementioned information, it may prevent us from receiving your opinions
or suggestions, or we may be unable to provide feedback on the results, but it won't affect your use of our
other products and services.
(6) Others
If you need to apply online for offline delivery or product testing, it is necessary for you to provide
contact information, address, or other necessary information to fulfill the service.
We may invite you to participate in surveys related to our products and services.
12. Security and Data Analysis Service
(1) To control operational risks, ensure the security of your account, transaction security, and system
operation, meet the relevant requirements of laws, regulations, and our agreement rules, protect the personal
and property safety of you, other users, or the public from infringement, better prevent phishing websites,
fraud, network vulnerabilities, computer viruses, network attacks, network intrusions, and other security
risks, and more accurately identify violations of laws, regulations, or agreements and rules related to this
application. We will collect your device information (including device model, operating system version, device
settings, MAC address and IMEI, IDFA, OAID, Android ID, IDFV, and other device identifiers, SIM card IMSI
information, SIM card location, device environment, mobile application list, etc.), log information (including
browsing history of this app, search content, click and view records, transaction records, IP address, browser
type, telecommunications operator, language used, access date and time, running process information), and
information communicated through our services, including accounts you have communicated with.
(2) We may use your account information, integrate device information, relevant network logs, and information shared by government
agencies, affiliated companies, and partners to assess the risk of your account, perform identity
verification, detect and prevent security incidents, and take necessary recording, auditing, analysis, and
disposal measures in accordance with the law.
(3) In order to ensure the secure and stable operation of the services provided to you, we need to record
information related to your use of the "SH MaaS" service. This includes the type and method of service usage,
device model, IP address, device software version, device identification code, device identifier, running
process information, overall application operation, location, and network usage. If you do not agree to the
recording of the aforementioned information, it may hinder the completion of risk control verification.
13. Public Welfare
In response to the needs of public welfare, especially during unexpected public health events or emergencies
aimed at protecting the life, health, and property safety of individuals, when you use functions or services
related to public welfare, including but not limited to "Sui Shen Ma," you may be required to provide
necessary information. This information includes your name,
ID number, phone number, identification photo, and facial biometric information, which is essential for us to implement relevant regulatory measures.
(IV) Scenarios for Authorizing Collection and Use of Personal Information:
14.Service Optimization and Development
We collect and correlate information about your use of our products, services, and the way in which you use
them, as necessary to fulfill business requirements or interaction design changes, including:
(1) Log Information: When you use our website or client-provided products or services, we automatically
collect detailed information about your usage as part of network log preservation. This includes
search query content, accessed service records, access date and time, service request status, and network
conditions.
It's important to note that isolated log information cannot identify the specific identity of an individual.
If we combine this non-personal information with other information to identify the specific identity of an
individual, or if it is used in conjunction with personal information, during the combination period, this
non-personal information will be treated as personal information. Except as authorized by you or as otherwise
stipulated by laws and regulations, such personal information will be anonymized and de-identified.
(2) Communication Records: When you contact us, we may retain your communication/call records and content or
the contact information you provide. This helps us get in touch with you, assist in problem resolution, or
record the handling process and results of relevant issues.
(3) Better Meeting Your Needs: We use the collected information to meet your specific requirements (if the
user is not logged in, personalized recommendation services do not exist). This includes language settings,
location settings, improved help services and guidance, or other responses to you and other users.
(4) We use the collected information to provide you with more relevant services and offer features or services
you may be interested in. At the same time, for decisions that may significantly impact your personal rights
in certain personalized services, you have the right to request an explanation from us and the right to refuse
decisions made solely through automated means.
(5) Statistical Analysis: When you use services such as "Bus Basic Information Inquiry Service", we will use your gender and age to facilitate statistical analysis of the gender ratio and age distribution of the user population corresponding to this service. This helps us create statistical data that is difficult to identify with other information regarding your personal identity.
15. Additional Notes:
If you wish to use certain optional features or services, you must also provide the necessary information for the use of such features or services. This may include gender, date of birth, place of birth, household registration location, ethnic, etc. Before you use these features or services, we will inform you and obtain your consent. In other scenarios where information collection is necessary, if the usage scenario is not directly related to the initial scenario, we will re-obtain your consent before using the information.
With your authorized consent or as required by laws and regulations or regulatory requirements, we may use your personal information for other purposes. The information bolded, underlined, and in black font above represents your sensitive personal information, and we will collect abovementioned information only with your explicit and separate consent. If you do not agree to provide abovementioned information, you will be unable to enjoy the corresponding functions or services, but it will not affect your use of other service functions. Objectively, we cannot guarantee 100% security. In the event that your sensitive personal information is leaked or unlawfully used due to force majeure, it may compromise your dignity or endanger your personal and property security.
After collecting your Personal Information, we will use technical means to de-identify, encrypt, or anonymize your information. Through de-identification, encryption, or anonymization, the information will be rendered unidentifiable regarding your specific identity.
(V) System Permissions:
During your use of the service, we may also need you to provide the following necessary system permissions to complete the service. Please be aware that agreeing to this policy does not automatically enable the corresponding device permissions. When it comes to important or sensitive device permissions, we will request your consent again through a separate pop-up when you use the corresponding business functions before enabling them. After the permissions are granted, you can also turn off permissions at any time through the device settings. Not agreeing to enable permissions will not affect the normal use of other unrelated business functions. The device permissions that may be requested and the scenarios involved are as follows:
1.Location Permission: Required for using location-based services in this application, such as navigation services, real-time public transportation, taxi/car-hailing location pinpointing, nearby parking recommendations, viewing institution information based on location, and locating specialty provinces and cities.
2.Notification Permission: Required to receive system message notifications.
3.Microphone Permission: Required for voice search functionality.
4.Device Reading, Storage, and Camera Permissions: Required for inputting relevant information, uploading or downloading images during online transactions.
5.Bluetooth Permission: Required for using the public transportation feature.
6.Camera (Photo/Video) Permission: Required for 1) scanning QR codes; 2) ID card recognition; 3) uploading photos; 4) facial recognition authentication.
7.Camera (Library) Permission: Required for 1) scanning QR codes; 2) ID card recognition; 3) uploading photos.
8.Phone Permission: Required for making phone calls within the app.
9.Clipboard Content Access Permission: Required to help developers provide information sharing and jump functions, allowing users to share or receive shared information.
10.Network Communication Permission: Required when accessing various services provided by our app's server system through our client.
III. How We Use Cookie and Similar Technologies
(I) Cookie and Similar Technologies:
We may collect and use your information through cookie (data stored on the user's local device) and other
related technologies. The specific purposes for using cookie include:
(1) Remembering Your Identity: Cookie help us recognize you as a registered user.
(2) Analyzing Your Use of Our Services: This helps us provide more thoughtful personalized services, including
customized pages and recommendations.
(3) Browser Settings for Cookie: You can refuse or manage cookie through your browser settings. However,
please note that disabling cookie may affect the availability of certain features, and you may not enjoy the
optimal service experience.
(4) Information Recorded by Cookie in This App: The information recorded by cookie in this application is
subject to this privacy policy.
(II) SDK
To ensure the implementation and stable operation of SH MaaSAPP's related functions and applications, we may integrate software development kits (SDKs) provided by third parties to achieve specific purposes. Regarding how third parties collect and use your personal information, we recommend that you refer to the relevant service agreements and personal information processing rules of the third-party SDK. You can access the information collection, usage, and protection rules of third parties through the following link, and this text is only a reiteration. If you choose not to provide the mentioned information, you may not be able to use the corresponding service, but it will not affect your use of other services we provide.
Please note that the responsibility for protecting information collected by third-party SDKs lies with the
third parties. Refer to the privacy policies of the respective third parties for related information.
During the provision of our services, we may also collect the following information through third-party SDKs:
1. Scenario: Map
SDK Name: Gaode Maps
Third-party Name: Amap Software Co., Ltd
Purpose: Map display, location tracking of people and vehicles, navigation, address search, voice, recommending nearby public transportation and parking lots.
Personal Information Involved: Device information (IMEI, IDFA, Android ID, MEID, MAC address, OAID, IMSI, hardware serial number, sensor information, Bluetooth information, etc.), network information (IP address, WiFi status, WiFi parameters, WiFi list, base station information, etc.), location information (GNSS information, latitude and longitude, precise location, rough location, etc.). Location information collection frequency: Android system defaults to every 2 seconds, business is every 5 seconds; iOS system is based on the system's own rules, reading whenever the location changes.
Privacy Policy Link:
Gaode Maps Open Platform Privacy Policy | Gaode Maps API
Contact: 4008100080
2. Scenario: One-click Login with Local Number
(1) SDK Name: Alibaba Cloud Number Authentication
Third-party Name: Aliyun Computing Co., Ltd.
Purpose: Achieve one-click login and verification with the local number.
Personal Information Involved: Network type, device information (including IP address, device manufacturer, device model, phone operating system, IDFV, SIM card or International Mobile Subscriber Identity (IMSI) information, location information, etc.), log information, etc.
Privacy Policy Link:
https://terms.aliyun.com/legal-agreement/terms/suit_bu1_ali_cloud/suit_bu1_ali_cloud202112211045_86198.html
Contact: dypns_aliyun@alibabacloud.com
(2) SDK Name: China United Network One-click Login
third-party Name: China United Network Communication Group Co., Ltd.
Purpose: Identify the user's China United Network Communication phone number for quick login
Personal information involved: Local mobile phone number, network type, network address, carrier type, International Mobile Subscriber Identity (IMSI), SIM card quantity, mobile device type, mobile operating system, hardware manufacturer, screen size, screen resolution information, anonymized user identifier generated based on mobile device type (UAID), device identification code.
Privacy Policy Link:
https://opencloud.wostore.cn/authz/resource/html/disclaimer.html?fromsdk=true
Contact: 4000096800
(3) SDK Name: China Telecom One-click Login
Third-party Name: Tianyi Digital Life Technology Co., Ltd.
Purpose: Identify the user's China Telecom phone number for quick login.
Personal Information Involved: Local phone number, International Mobile Subscriber Identity (IMSI),
application process information, network connection type, network status information, network address, carrier
type, phone device type, phone device manufacturer, phone operating system type and version.
Privacy Policy Link:
https://e.189.cn/sdk/agreement/content.do?type=main&appKey=E_189&hidetop=true&returnUrl=
Contact: id@189.cn
(4) SDK Name: China Mobile One-click Login
Third-party Name: China Internet Corporation
Purpose: Identify the user's China Mobile phone number for quick login.
Personal Information Involved: Network type, network address, carrier type, local phone number, phone device
type, phone operating system, hardware manufacturer, International Mobile Subscriber Identity (IMSI), and SIM
card quantity, etc.
Privacy Policy Link:
https://wap.cmpassport.com/resources/html/contract2.html
Contact: 10086
3. Scenario: Third-party Account Login
SDK Name: Sui Shen Ban Citizen Cloud
Third-party Name: Shanghai SMMAIL Info Serv Co., Ltd.
Purpose: Quickly log in by binding the user's Sui Shen Ban Citizen Cloud account.
Personal Information Involved: Username, profile photo, name, ID number, phone number, facial biometric
information, bank card number, bank card type.
Privacy Policy Link:
https://api.eshimin.com/privacyPolicy/privacyPolicy/toPrivayPolicy
Contact: 12345
4. Scenario: Third-party Account Login, Information Sharing, Third-party Payment
SDK Name: WeChat
Third-party Name: Shenzhen Tencent Computer Systems Company Limited
Purpose: Bind the user's WeChat account for quick login; provide users with the ability to share to the WeChat
platform; provide WeChat payment functionality.
Personal Information Involved: Hardware device model, terminal system type, device identification code,
software version information in use, software language settings information, IP address, region, mobile
network information, standard network log data and network usage habits, as well as operational records of
using Tencent's financial services.
Privacy Policy Link:
https://support.weixin.qq.com/cgi-bin/mmsupportacctnodeweb-bin/pages/ONwPihxKd82RAkIJ;https://www.tenpay.com/v3/helpcenter/low/privacy.shtml
Contact: weixin-open@qq.com
5. Scenario: Third-party Account Login, Third-party Payment
SDK Name: Alipay
Third-party Name: Alipay (China) Network Technology Co., Ltd.
Purpose: Bind the user's Alipay account for quick login; provide users with Alipay payment functionality.
Personal Information Involved: Common device information (including IMEI, IMSI, SIM card serial number/MAC
address, Android ID, SSID, BSSID, device basic information [model/manufacturer, etc.], network information,
system information).
Privacy Policy Link:
https://opendocs.alipay.com/open/01g6qm;https://render.alipay.com/p/c/k2cx0tg8
Contact: 95188
6. Scenario: Message Push
(1) SDK Name: Huawei Push
Third-party Name: Huawei Software Technology Co., Ltd.
Purpose: Push messages to Huawei phone users.
Personal Information Involved: Application basic information, in-app device identifiers, device hardware
information, system basic information, and system setting information.
Privacy Policy Link:
https://developer.huawei.com/consumer/cn/doc/development/HMSCore-Guides/sdk-data-security-0000001050042177
Contact: devConnect@huawei.com
(2) SDK Name: Xiaomi Push
Third-party Name: Beijing Xiaomi Technology Co., Ltd.
Purpose: Push messages to Xiaomi phone users.
Personal Information Involved: Device identifiers (OAID, IMEI, and encrypted Android ID), application
information using the push service such as application package name, version number, and running status,
device-related information such as device manufacturer, device model, device memory, operating system version,
Xiaomi Push SDK version, device location (country or region), SIM card carrier name, current network type.
Privacy Policy Link:
https://dev.mi.com/console/doc/detail?pId=1822
Contact: developer@xiaomi.com
(3) SDK Name: Meizu Push
Third-party Name: Meizu Telecom Equipment Co., Ltd.
Purpose: Push messages to Meizu phone users.
Personal Information Involved: Device information (including device name, device model, region and language
settings, device identification code (IMEI number, etc.), device hardware information and status, usage
habits, IP address, MAC address, operating system version, and settings information for devices accessing
services), application information (including application list, application version, application status record
[download, install, update, delete], software identification code, and application settings [such as
region/language/time zone/font]), log information (including access time, access frequency, access duration,
access IP address, search query words, and event information [such as errors, crashes, restarts, upgrades]),
location information (related to the use of location-based services, including country code, city code, mobile
network code, latitude and longitude, device location, WiFi geographic location information), etc.
Privacy Policy Link:
http://static.meizu.com/resources/term/privacy8.html
Contact: DPO@meizu.com
(4) SDK Name: OPPO Push
Third-party Name: Guangdong Huantai Technology Co., Ltd.
Purpose: Push messages to OPPO phone users.
Personal Information Involved: Device-related information (such as IMEI number, Serial Number, IMSI, User ID,
Android ID, Google Advertising ID, phone Region settings, device model, phone battery level, phone operating
system version, and language), application information of using push services (such as APP package name and
version number, running status), push SDK version number, network-related information (such as IP or domain
connection results, current network type), message sending results, notification bar status (such as
notification bar permissions, user click behavior), lock screen status (such as whether the screen is locked,
whether lock screen notifications are allowed).
Privacy Policy Link:
https://open.oppomobile.com/wiki/doc#id=10288
Contact: privacy@heytap.com
(5) SDK Name: VIVO Push
Third-party Name: Vivo Mobile Communication Co., Ltd.
Purpose: Push messages to VIVO phone users.
Personal Information Involved: Operating system version number, application program information, device
identifiers (such as IMEI number, SIM and IMSI, mobile country code, and VIVO Android device's mobile network
number, etc.), MAC address, mobile carrier, language in use, system settings, etc. system, device, and
application program data, log information, location information, Cookie, and tracking information.
Privacy Policy Link:
https://www.vivo.com.cn/about-vivo/privacy-policy
Contact: push@vivo.com
7. Scenario: Data Statistics
SDK Name: Bugly
Third-party Name: Shenzhen Tencent Computer Systems Company Limited
Purpose: Record and repair crash information.
Personal Information Involved: Log information (including third-party developer custom logs, Logcat logs, and
APP crash stack information), device information (phone model, phone brand, system version, API level,
manufacturer system version, CPU attributes, whether the device is rooted, whether it is jail broken, disk
space usage size, sd card space usage size, memory space usage size, runtime phone status), device ID
(including Android id and IDFV), SIM integrated circuit card identification code, network information, system
name, system version, and country code.
Privacy Policy Link:
https://privacy.qq.com/document/preview/fc748b3d96224fdb825ea79e132c1a56
Contact: Dataprivacy@tencent.com
8. Scenario: Operational Risk Prevention
(1) SDK Name: Tongdun
Third-party Name: Tongdun Technology Co., Ltd.
Purpose: Device recognition for risk control.
Personal Information Involved: Device information (including IMSI, IMEI, Android ID, SIM integrated circuit
card identification code (ICCID), MAC address, device type, device model, system type, login IP address,
application installation list information, previously visited pages, browser type, etc.), network information,
location information, gateway address (DHCP), WiFi subnet mask.
Privacy Policy Link:
https://www.tongdun.cn/other/privacy/id=1
Contact: service@tongdun.cn
(2) SDK Name: Geetest
Third-party Name: Wuhan Jiyi Internet Technology Co., Ltd.
Purpose: Login behavior graphic verification.
Personal Information Involved: Device information (device system information, device manufacturer information,
device model, device brand, etc.), network information (device network connection status and type, etc.),
device environment information (device screen size, device battery charging status, device battery level,
device jailbreak identification, device debugging identification, etc.), user biometric trajectory information
(user-generated sliding, clicking, mouse moving trajectories during the verification process), verification
timestamp, installation package name, etc.
Privacy Policy Link:
https://www.geetest.com/Private
Contact: service@geetest.com
(3) SDK Name: IPV4 County-level Location Query Service System V1.0
Third-party Name: Evan (Dalian) Technology Service Co., Ltd.
Purpose: Big data analysis of user access source locations.
Personal Information Involved: IP address information of user network access.
Privacy Policy Link:
https://www.ipplus360.com/privacy-policy
Contact: yangxuxian@ipplus360.com
(4) SDK Name: Volcano Engine
Third-party Name: Beijing Volcano Engine Technology Co., Ltd.
Purpose: Identify abnormal user devices and monitor the web.
Personal Information Involved: Device information (device ID, device MAC address, hardware serial number,
device brand, device model, operating system, operating system API, system time zone, screen density, screen
resolution, disk usage, memory usage, running thread count, CPU information, mobile device country code,
mobile device network code, device DPI; Android: Android ID, device brand, operating system API version, user
agent, battery level, network traffic, device ABI, ROM; iOS: Jailbreak status, IDFV), application information
(application version, application package name, process start time, log type, crash event, crash process,
build-id, crash scene, crash time, crash thread name, names of pages visited, stack of all threads in the
current process, application service log information, application file name, application file size, disk size;
Android: fd list; iOS: application language, application release channel), system and network recognition
information (user ID, IP address, session data, carrier information, network access mode).
Privacy Policy Link:
https://www.volcengine.com/docs/6431/69429
Contact: 400-850-0030
9. Scenario: Real-person Authentication
SDK Name: UniTrust Unified Identity Authentication
Third-party Name: Shanghai Electronic Certificate Authority Center Co., Ltd.
Purpose: Used for Real-person Authentication.
Personal Information Involved: Name, identity proof (ID card/passport, etc.), phone number, email address, biometric information (portrait, iris, etc.), bank card number.
Privacy Policy Link:
https://www.sheca.com/assets/wwx/laws.html
Contact:
021-962600
10. Scenario: Travel Services
(1) SDK Name: Secco Travel
Third-party Name: Shanghai Secco Travel Technology Service Co., Ltd.
Purpose: Used for travel services.
Personal Information Involved: Identity information (name, nickname, gender, age, ID card information and
other identification information, commonly used address, email address, phone number, emergency contact
information), location information, platform operation information (device information, log information),
order information and transaction status, itinerary information, payment information, audio and video
information, sensor information, address book permissions, etc.
Privacy Policy Link:
https://marketing.saicmobility.com/cms-help/driver/privacyPolicy.html#:~:text=%E6%9C%AC%E9%9A%90%E7%A7%81%E5%8D%8F%E8%AE%AE%EF%BC%88%E4%BB%A5%E4%B8%8B,%E5%85%B3%E7%9A%84%E4%BA%A7%E5%93%81%E6%88%96%E6%9C%8D%E5%8A%A1%E3%80%82
Contact: 400-856-6666
(2) SDK Name: Hello Travel
Third-party Company Name: Shenzhen Hello Mobile Technology Co., Ltd.
Purpose: Used for travel services.
Personal Information Involved: Android ID, IMEI, IMSI, MAC address, SSID, hardware serial number, Bluetooth
device address IP personal information, device location-related information (IP address, GPS location),
latitude and longitude information, camera permissions, Bluetooth permissions.
Privacy Policy Link:
https://m.hellobike.com/ebike-h5/latest/article.html?guid=caf29f866e90410e8212b689bdb9bcb5
Contact: Email to sec@hellobike.com or call Hello Platform customer service at 95175177
In the future, we will adjust SDK access based on business development and feature development. We will
promptly inform you of the latest situation of third-party SDK access. Please note that third-party SDKs may
have information processing changes due to version upgrades, policy adjustments, etc. Please refer to their
official statements for accurate information.
IV. How We Share, Transfer, Publicly Disclose, and Entrust the Processing of Your Personal Information
(I)Sharing
We will not share your personal information with companies, organizations, or individuals outside of our own organization. However, since many services are provided by third-party systems, there may be situations where your personal information is shared with affiliated companies, partners, and other third parties. We will adhere to the following principles:
1. Sharing with Explicit Consent: We will share your Personal Information with other parties only with your
explicit consent.
2. Sharing in Legal Circumstances: We may share your Personal Information externally based on legal requirements,
regulatory demands, litigation dispute resolution needs, or requests from administrative or judicial
authorities in accordance with the law.
3. Facilitating Services or Dispute Resolution: In certain situations, sharing your Personal Information is
necessary to facilitate the processing of services or assist in resolving disputes or conflicts between you
and others.
4. Sharing with Authorized Partners: We may share some of your Personal Information with partners to provide
better customer service and optimize user experience. We will only share Personal Information necessary for
providing services for legitimate, justifiable, and essential purposes. Our partners are not authorized to use
the shared Personal Information for any other purposes.
Presently, our authorized partners include the following types: affiliated companies, suppliers, service
providers, and other partners. We send information to authorized partners supporting our business, including a
range of professional services such as providing basic technical services, consulting, and analytics. For
companies, organizations, and individuals with whom we share Personal Information, we sign strict confidentiality
agreements and information protection agreements, requiring them to process Personal Information according to our
instructions, this privacy policy, and any other relevant confidentiality and security measures. Specific
sharing scenarios are as follows:
(1) When you use this service, we share your
name, ID card number, and QR code boarding order information with the
Suishen Code platform (operating entity: Shanghai SMMAIL Info Serv Co., Ltd., contact: 12345) to facilitate
your use of metro, bus, ferry, and maglev scenarios for QR code passage services.
(2) When you use taxi services, we share your desensitized phone number, location information, device
information, order information and transaction status, payment information, and certain information related to
dispute complaints with the Shencheng Travel platform (operating entity: Shanghai Secco Intelligent
Transportation Technology Co., Ltd., contact: 400-920-8282) to facilitate the provision of taxi services by
Shencheng Travel platform.
(3) When you use ride-hailing services, we share your phone number, location information, order information
and transaction status, payment information, and certain information related to dispute complaints with the
Xiangdao Travel platform (operating entity: Shanghai Secco Travel Technology Service Co., Ltd., contact:
400-821-8866) to facilitate the provision of ride-hailing services by the Xiangdao Travel platform. If you
need to obtain an invoice for ride-hailing, we will also share the billing information (billing individual's
name or business name and unified social credit code), email, and other information provided by you with the
Xiangdao Travel platform to facilitate the provision of ride-hailing billing services.
(4) When you use parking services, we share your location information, parking payment order information,
parking reservation order information, and off-peak order information with the Shanghai Municipal
Transportation Commission (contact: 962319) to provide you with parking lot inquiry, parking payment, parking
reservation, off-peak shared signing services.
(5) Road Assistance Service: When you use road assistance services, we share your order information, order
status, and payment information with Shanghai Rutting Information Technology Co., Ltd., to provide you with
road assistance services.
(6) Legal Requirements: We may share your personal information externally based on legal regulations or
mandatory requirements from government agencies, regulatory bodies, or judicial authorities.
(II) Transfer
We will not transfer your Personal Information to any company, organization, or individual. Exceptions include:
1. Prior Consent: With your prior consent.
2. Organizational Adjustments: In accordance with national policy arrangements or legal regulations, we, as
well as relevant government agencies, may undergo organizational adjustments, asset allocations, transfers, or
similar transactions, and your information may be transferred as part of such transactions. We will comply
with the requirements of relevant laws and regulations, notify you before the transfer, ensure the security of
information during the transfer, and require the new entity holding your personal information to continue to
be bound by this policy. Otherwise, we will request the entity to seek your authorization and consent again.
(III) Public Disclosure
Without your consent, we will not publicly disclose your information, except in the following cases:
1. Prior Consent: With your prior consent.
2. Legal Compliance and Safeguarding Interests: If we determine that you have violated laws and regulations or
seriously violated our relevant agreement rules, or to protect our or the public's personal and property
safety from infringement, we may, in accordance with laws and regulations, comply with court judgments,
rulings, or other legal procedures, comply with the requirements of relevant government agencies or other
competent authorities, or publicly disclose your Personal Information based on our relevant agreement rules. This
includes information about the violation and the measures we have taken against you.
(IV) Entrusted Processing
To improve information processing efficiency, reduce information processing costs, or enhance information
processing accuracy, during website maintenance, data analysis, advertising services, audits, and other
similar services, we may entrust capable third parties (including our affiliated companies or other
professional organizations) to process information on our behalf (within the scope of your authorized consent,
and these third parties will only know your personal information for the purpose of providing services to us
or representing us in certain activities). We will require the entrusted company to comply with strict
confidentiality obligations and take effective confidentiality measures through written agreements, on-site
audits, etc. Prohibiting them from using this information for purposes not authorized by you. When the
entrustment relationship is terminated, the entrusted company will no longer retain personal information. We
promise to be responsible for this.
V. How We Store Your Personal Information
Personal Information collected and generated by us in the People’s Republic of China (excluding the Hong Kong
Special Administrative Region, Macao Special Administrative Region, and Taiwan region) will be stored within
the territory of the People's Republic of China.
During your use of this application service, we will continuously store your Personal Information. We determine
the storage period of personal information mainly based on the following criteria, and the longer one will
prevail:
1. Necessary for Agreement Execution: For the purpose of executing relevant service agreements, this policy,
maintaining public welfare, handling complaints/disputes, and protecting the personal and property safety or
legal rights and interests of our customers, our affiliated companies, other users, or employees.
2. Extended Period with Your Consent: The longer period you agree to.
3. Compliance with Legal Requirements: Compliance with court judgments, rulings, or other legal procedures.
4. Special Legal Regulations and Regulatory Requirements: Other special legal regulations and regulatory
provisions with retention periods.
Our retention period for your personal information is no less than 2 years. After the retention period expires, we will delete the collected information. If it is technically difficult to delete personal information, we will cease processing it beyond storage and implement necessary security measures.
VI. How You Can Manage Your Personal Information
(I) Access, Copy, Correct, and Supplement Your Personal Information
1. After logging into this application, you can view your profile photo, account name, nickname, real-person
verification status, and identity information (credential type, name, ID number) in "My - Personal Profile".
In "My - Settings - Account and Security", you can check the bound phone number.
2. If you need to copy your personal information, you can export it in "My - Settings - Privacy Center - Personal Information Viewing and Export" section within our application, or contact our official service hotline to reach customer service. After verifying your identity, we will provide you with a copy of your personal information in our application (including basic profile and identity information), except where prohibited by laws and regulations or specified otherwise in this policy.
3. You can modify your profile photo and nickname in "My - Personal Profile". In "My - Settings - Account and
Security - Change Login Password", you can change the login password. You can also change the phone number in
"My - Settings - Account and Security".
4. Correct and Supplement Your Personal Information: If you find that the information about you processed by this application is incorrect or incomplete and cannot be corrected or supplemented by yourself, please call our official service hotline for correction or supplementation.
(II) Delete Your Personal Information
To ensure the security of your personal information in the application, online deletion of personal
information permissions has not been opened. If you want to delete some or all of your Personal Information, you
can call our official service hotline for assistance. At the same time, if personal information involves third
parties due to sharing, transfer, disclosure, etc., the third party will also be unable to continue to obtain
or retain your personal information.
You can request the deletion of Personal Information from us in the following situations:
(1) If the purpose of processing your personal information by us has been achieved, cannot be achieved, or is
no longer necessary for achieving the processing purpose.
(2) If you withdraw your consent.
(3) If we violate laws, regulations, or agreements in processing your personal information.
(4) If you no longer use our products or services.
(5) If we no longer provide products or services to you, or the retention period has expired.
(6) Other circumstances as provided by laws and administrative regulations.
After you delete information from our service, we may not immediately delete the corresponding information
from the backup system. However, we will delete this information when the backup is updated. During this
period, we will stop processing beyond storage and take necessary security measures.
(III) Change the Scope of Your Authorized Consent or Withdraw Your Authorization
You can change or withdraw your consent to collect and process your personal information in the following
ways:
1. Manage authorization in "My- Settings - Privacy Center - Agreement Authorization".
2. Manage the system permission authorization used by the app in "My - Settings - Privacy Center - Permission Management".
3. Manage the system permission authorization you use through the device system permission management page.
4. Revoke authorization by modifying personal information, deleting personal information, or closing
functions.
When you withdraw consent or authorization, it may result in us no longer being able to provide services
corresponding to the withdrawn consent or authorization. However, withdrawing consent or authorization does
not affect the processing of personal information based on your prior consent or authorization.
After you withdraw consent or authorization, we will no longer process the corresponding personal information.
However, the information provided or generated by you during the use of our services still needs to be
anonymized and retained for the time required by laws, regulations, and regulatory requirements. During this
legally required retention period, the relevant regulatory authorities still have the right to query in
accordance with the law.
(IV) User Account Cancellation Management
You can deactivate your account in "Me - Settings - Account & Security - Deactivate Account" or contact customer service to request the deactivation of your account. To protect your legitimate rights and interests, we need to verify your identity before deactivating your account and evaluate whether to support your deactivation request based on your usage of the "SH MaaS" product or service. For example, if there are orders generated through SH MaaS information services in your account, unpaid orders in your ride-hailing function, or if you have not unbound third-party accounts or closed third-party services, we may not immediately support your request.
After you voluntarily deactivate your account, our application systems based on the "SH MaaS" platform will cease to provide products or services to you, and we will delete or anonymize your personal information in accordance with applicable laws. If deleting personal information is technically difficult, we will anonymize it or stop processing it except for storage and necessary security measures, unless otherwise required by laws and regulations.
(V) Explanation of Personal Information Processing Rules
You can call our official service hotline to request an explanation of the personal information processing
rules.
(VI) Constraints on Information System Automated Decision-Making
In certain business functions, we may rely solely on algorithm-based non-human automatic decision-making mechanisms to make decisions. You can turn off personalized content recommendations in "My - Settings - Privacy Center - Recommendation Management". If these decisions affect your legitimate rights and interests, you can file a complaint about the automated decision-making results by calling our official service hotline.
(VII) Rights Related to Deceased Individuals
In the event of your passing, your immediate family members may, for their legitimate and lawful interests, exercise the rights related to your personal information as stipulated in this clause, including but not limited to the rights to access, copy, correct, and delete such information; unless you have made other arrangements during your lifetime.
(VIII) Responding to Your Requests Above
To ensure security, you may need to provide a written request or prove your identity in other ways. We may request you to verify your identity and review the legitimacy before processing your request. Please understand that due to technical limitations and legal requirements, some of your requests may not be able to be fulfilled. For certain requests that are unreasonably repetitive, require excessive technical means, pose risks to the legitimate rights and interests of others, or are highly impractical, we may refuse but will explain the reasons.
Despite the above agreements, according to legal requirements, we may not be able to respond to your request in the following situations:
1. Concerning national security and defense.
2. Relating to public safety, public health, and significant public welfare.
3. Relevant to criminal investigation, prosecution, trial, and execution of judgments.
4. There is sufficient evidence to show your subjective malice or abuse of rights.
5. Responding to your request would cause serious harm to your or other individuals, organizations' legitimate rights and interests.
6. Involving trade secrets.
7. Associated with our fulfillment of legal obligations stipulated by laws and regulations.
If you have any questions about the realization of the above rights, you can contact us using the relevant contact information in "How to Contact Us."
For you, your potential guardian, immediate family members, and other authorized parties who wish to make the aforementioned requests, as well as for the personal information rights as provided by the laws of the People's Republic of China and other applicable laws, you can contact our customer service or directly initiate a complaint with our personal information protection officer. We will respond within 15 days.
VII. Exceptions to Obtaining Authorized Consent
According to relevant laws, regulations, and regulatory requirements, we may process Personal Information without
obtaining your prior authorized consent in the following situations:
1. Necessary for signing and fulfilling contracts at your request.
2. Necessary for us to fulfill legal duties or statutory obligations.
3. Necessary to respond to sudden public health events or emergencies to protect the life, health, and
property safety of natural persons.
4. Necessary for implementing news reporting and public opinion supervision within a reasonable scope,
processing your personal information.
5. Process your personal information within a reasonable scope that you have voluntarily disclosed or has been
lawfully disclosed by others.
6. Other situations as stipulated by laws and administrative regulations.
VIII. How We Protect Your Personal Information
We will make efforts to ensure the security of Personal Information to prevent the loss, improper use,
unauthorized access, or public disclosure of information.
(I) To ensure the security of your information, we will use security protection measures that comply with
industry standards, as required by relevant laws and regulations and the current level of technology. These
measures aim to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration of your
provided Personal Information. We will employ physical, technical, and administrative security measures to prevent
unauthorized access, public disclosure, use, modification, damage, or loss of data.
For example, we use Secure Sockets Layer (SSL) for encrypted transmission over the internet, encrypt stored
information, and strictly limit access to data centers. When transmitting and storing sensitive personal
information (including personal biometric information), we employ security measures such as encryption, access
control, and de-identification.
(II) We have established dedicated departments and formulated emergency plans, including a department
responsible for personal information protection. We conduct security impact assessments for personal
information collection, usage, sharing, and entrusted processing. Additionally, we have established relevant
management systems, applying the principle of least privilege to staff who may access your information. We
monitor the actions of staff handling your information systematically and continuously train them on relevant
laws, regulations, privacy security guidelines, and enhance security awareness through regular testing. Our
network systems undergo evaluation for compliance with national network security level protection. We also
annually engage external independent third parties to assess our information security management system.
(III) We have developed an emergency response plan for personal information security incidents. We regularly
organize internal personnel for emergency response training and drills to ensure they understand their duties
and emergency response strategies and procedures. In the event of a personal information security incident, we
will promptly take remedial measures in accordance with legal requirements to effectively prevent information
leakage, tampering, loss, and other hazards. We will report the incident to relevant regulatory authorities.
If the regulatory authorities believe that the personal information security incident may harm you, we will
promptly inform you of the relevant details through app push notifications, emails, or text messages, or
release an announcement through reasonable and effective means.
(IV) Internet Environment and User Cooperation: The internet environment is not entirely secure, and we will
do our best to ensure the security of your Personal Information. Please understand that due to technical
limitations and potential malicious attacks, unforeseen, preventable, controllable accidents may occur. We
strongly recommend that you take active measures to protect the security of personal information, including
but not limited to using complex passwords, regularly changing passwords, not providing your account password
and related personal information to others, etc., to help us ensure the security of your information.
(V) Protection of User Identity Information: When using our services, we will identify you through your phone
number, name, ID number, or other identity verification information. Please ensure the proper safeguarding of
this information. If you disclose this information, your account information may be compromised, potentially
resulting in the loss of your financial security and other personal rights and interests.
IX. How We Protect Information of Minors
(I). We expect parents or other guardians (hereinafter collectively referred to as "guardians") to guide minors
in using our services. We will protect the confidentiality and security of information regarding minors in
accordance with relevant national laws and regulations.
(II). If you are over fourteen but under eighteen years old, please use our services or provide information to us
under the premise of carefully reading this policy and consider inviting your guardian to guide you in doing
so.
If you are under fourteen years old (hereinafter referred to as "children"), please have your guardian
carefully read this policy and the
"SH MaaS" Children's Personal Information Protection Rules and Guardian Instructions, and use our services or provide information to us only with your guardian's consent.
If your guardian does not agree to your use of our services or providing information to us according to this
policy, please stop using our services immediately and promptly inform us so that we can take appropriate
measures.
(III). In cases where we collect information from child users with the guardian's consent, we will only use or
disclose this information when permitted by law, explicitly agreed upon by the guardian, or when necessary to
protect the child. If a guardian discovers that we have collected a child's Personal Information without parental
or guardian consent, please contact our customer service hotline. We will make efforts to promptly delete the
relevant data.
(IV). The Real-person authentication information of minors is managed by the real-person authentication
management organization. Due to considerations of risk control by the management organization, there may be
situations where real-person authentication for minors cannot be completed. In such cases, we will be unable
to provide the corresponding services.
X. How Your Personal Information Is Transferred Globally
Personal Information collected by us within the People's Republic of China (excluding the Hong Kong Special Administrative Region, Macao Special Administrative Region, and Taiwan) will be stored within the territory of the People's Republic of China. If, due to business needs, it is necessary to transfer your Personal Information overseas, we will:
(I). Obtain your separate authorization and consent and go through the legal procedures to ensure that your Personal Information is sufficiently protected in compliance with applicable laws and regulations at that time.
(II). Abovementioned transfers will be conducted in compliance with the applicable laws and regulations at that time. Even if we obtain your authorization, if the transfer method or purpose does not comply with relevant laws and regulations, we will not proceed with the transfer.
XI. Our Operational Organization
Company Name: Shanghai Mobility Service Technology Co.,Ltd.
Registered Address: Room 71001, 7th Floor, Building 4, No. 789 Tianshan West Road, Changning District,
Shanghai
Office Address: Building 2, No. 699 Lingshi Road, Jing'an District, Shanghai
Email of the Person in Charge of Personal Information Protection: sec_shmaas@shmaas.cn
XII. How This Policy Is Updated
In the event of changes to relevant laws and regulations or necessary changes to our services, if we need to
modify this policy, we will prompt you again through a pop-up window on the homepage before the revision takes
effect. Once confirmed, it will take effect and replace the previous content. If you do not agree with the new
modifications, please contact us promptly or stop using the services specified in this policy. If you choose
to continue using the relevant services, it will be considered that you fully agree to and accept the new
modifications. If objective circumstances and changes in business policies require us to interrupt or cease
related services, we will promptly notify you. Please understand and agree to this.
XIII. How to Contact Us
If you have any questions about this policy or any related complaints, disputes, or opinions, please contact
our official service hotline (Official Service Hotline: 【$phoneStr】)for
feedback. We will handle your request as soon as possible and respond within 15 working days after verifying
your user identity.
XV. Other
(I) Establishment, Effectiveness, Fulfillment, Interpretation, and Dispute Resolution of This Policy: This
policy is governed by the laws and regulations of the People's Republic of China (excluding the Hong Kong
Special Administrative Region, Macao Special Administrative Region, and Taiwan) for the purposes of
establishment, effectiveness, fulfillment, interpretation, and dispute resolution.
(II) Dispute Resolution: In case of any disputes over the content or implementation of this policy, you can
contact our official service hotline for negotiation. If negotiation fails, you can also file a lawsuit with
the competent People's Court in the jurisdiction of Changning District, Shanghai, where we are located.
Special reminder: This English version is translated from the Chinese version. In case of any conflict, the Chinese version shall prevail.