更新日期：2024年【4】月【2】日
生效日期：2024年【4】月【2】日

尊敬的“随申行”用户（以下统称“您”），为了便于您使用包括“随申行”应用软件（以下简称“本应用”）在内的平台产品和服务，平台运营方及本应用所有方上海随申行智慧交通科技有限公司（以下简称“我方”或“我们”）会按照《“随申行”用户隐私政策》（以下简称“本政策”）约定内容收集、使用、存储、对外提供（以下或统称“处理”）您的个人信息。

本政策适用于我方合法拥有并运营的、标注名称为“随申行”的APP、随申行官网（https://www.shmaas.cn/）、公众号、小程序等平台向您提供的产品与服务，以及适用于作为第三方服务集成在其他第三方智能硬件、软件或服务中的“随申行”应用中的部分功能/服务（前述产品与服务体系亦简称 “平台”或“随申行”）。

您在使用我方的产品或服务时，我方需要按照相关法律法规及监管政策的相关要求处理您的信息，以及向您提供服务及提升服务质量，我方希望通过本政策向您说明：在您使用我方的产品或服务时，我方会收集哪些数据、为什么收集这些数据、会利用这些数据做什么以及我方如何保护这些数据。本政策与您所使用的我方的产品或服务息息相关，对于您行使用户权利及保护您的个人信息至关重要，请您在使用我方的产品或服务前认真阅读并充分理解本政策所写明的内容（特别是使用黑体加粗下划线的内容）。

请您仔细阅读本政策，并确定理解我方对您个人信息的处理规则，如我方更新本政策，我方会及时通知您更新的情况。如您有任何疑问，可联系平台官方服务热线【$phoneStr】进行咨询。如您点击“同意”并确认提交，即视为您同意本政策（含更新版本）内容，并且同意我方按照本政策处理您的个人信息。如您不同意本政策中的任何条款，您应立即停止访问和使用。

特别提示：您通过“随申行”使用第三方服务时，第三方可能有自己的隐私保护政策。当您查看第三方创建的网页或使用第三方开发的服务时，这些第三方可能会放置他们自己的Cookie或网络Beacon，这些Cookie或网络Beacon不受我们的控制，我们会努力去要求这些主体对您的个人信息采取保护措施，建议您与他们取得联系以获得关于他们的隐私政策的详细情况。如您发现这些第三方服务存在风险时，建议您终止相关操作以保护您的合法权益。

您可以根据以下索引阅读相应章节，进一步详细了解我方隐私政策的具体约定：

一、我方收集和处理您的个人信息的原则

二、我方如何收集与使用您的个人信息

三、我方如何使用Cookie和同类技术

四、我方如何共享、转让、公开披露和委托处理您的个人信息

五、我方如何保存您的个人信息

六、您如何管理您的个人信息

七、征得授权同意的例外

八、我方如何保护您的个人信息

九、我方如何保护未成年人信息

十、您的个人信息如何在全球范围转移

十一、我们的运营组织

十二、本政策如何更新

十三、如何联系我方

十四、其他

一、我方收集和处理您的个人信息的原则

合法、正当、必要和诚信的原则。

主要指：1.需征得您或者您的监护人同意，但是法律、行政法规另有规定的除外；2.依照本政策规定的目的、方式和种类收集、处理信息；3.不处理与业务无关的信息或采取不正当方式处理信息；4.不违反法律、行政法规的规定和双方的约定。

二、我方如何收集与使用您的个人信息

（一）责任说明

本应用只负责收集您使用本应用的功能/服务所必需的信息。应监管要求，相关监管单位将根据监管需求收集您的相关信息并进行维护；根据业务需要和安全认证的必要，第三方服务系统会共享您的个人信息或进行二次认证。如个人信息在相关监管单位或第三方服务系统处发生泄漏，与我方无关。

（二）我方如何收集与使用您的个人信息

我们仅会出于本政策所述的以下目的，收集和使用您的个人信息：

为了向您提供我们产品/服务的基本功能：用户注册、登录及认证、账号管理、刷码乘车、出租车及网约车服务、停车服务、道路救援服务、附近维修厂查询服务、公交基础信息查询服务、景点门票服务、用户活动、安全及数据分析服务、公共利益，您需要授权我们收集、使用必要的个人信息，如您拒绝提供必要信息，您将无法正常使用我们的产品/服务。

为了向您提供我们产品/服务的拓展功能或附加功能：服务优化和开发，您可以选择授权我们收集、使用您的其他个人信息，如您拒绝提供，您将无法正常使用相关附加功能或无法实现我们拟达到的功能效果，但并不会影响您正常使用我们产品/服务的基本功能。

（三）您需要授权我们收集和使用个人信息的场景

1．用户注册、登录

为了预防恶意程序以及安全运营所必需，在您使用本应用（包括首次运行本应用）时，我们会收集本应用进程信息。若您后续不再进行任何注册登录操作，前述应用进程信息将无法关联到您本人。

当您仅需要浏览主频道，或使用一些无需登录的服务，您不需要注册成为我方的用户且无需提供相关个人信息，即您未登录时，我们将不会收集您的个人信息。

（1）注册服务

当您需要使用我方提供的用户服务时，您需要提供您本人的手机号码和短信验证码进行注册登录。完成注册后，平台将为您生成随申行账号。

（2）第三方账号绑定

您成功注册为我方用户后，您可以选择绑定第三方账号用于快捷登录，我方将通过第三方账号接口（含随申办、微信、支付宝、Apple ID）间接获得的方式访问、收集您明示授权后的个人信息（若选择绑定微信或支付宝账号，将获取昵称、头像；若选择绑定随申办账号，将获取用户名、头像、用户状态、姓名、证件号码、手机号码；若选择绑定Apple ID，将获取用户名、账户邮件地址或手机号码），并将第三方账号与您的随申行账号、手机号码进行绑定。若您拒绝提供本平台从第三方账户接口获取的登录信息，您将无法通过第三方账号进行快捷登录，但您仍可以通过其他方式登录。

（3）登录服务

后续您登录本应用时，您可以选择手机验证登录：在此方式下，您需要提供您的手机号码和短信验证码，同时同意我方对您提供的登录信息进行有效性核验；您也可以选择第三方账号（含随申办、微信、支付宝、Apple ID）授权登录：在此方式下，我们将收集您的第三方账号信息（若选择绑定微信或支付宝账号，将获取昵称、头像；若选择绑定随申办账号，将获取用户名、头像、用户协议、姓名、证件号码、手机号码；若选择绑定Apple ID，将获取用户名、账户邮件地址或手机号码）。

如您不提供上述信息，我方将无法向您提供随申码乘车、实人认证或其它需登录才可使用的服务。

2．用户认证

您注册后，可以直接使用普通用户服务，包括可以查看附近公交、地铁信息，使用一些无需实人认证的基础服务。如您需要使用出租车服务、网约车服务、自动驾驶服务、共享单车服务、一码通行服务时，您需要进行用户实人认证。

实人认证方式包括支付宝账户认证、港澳/海外用户实名认证、银行卡实名认证和手机号实名认证。

（1）若您选择支付宝账户认证，需要提供您的姓名、身份证号码验证通过后 ，使用您的面部识别特征进行人脸识别验证身份（特别说明：我方不存储用户的面部识别特征，仅调用第三方接 口进行验证）。

（2）若您选择港澳/海外用户实名认证，需要提供您的姓名、证件类型、证件号码：

• 若您是港澳居民，需要提供您的姓名、港澳居民来往内地通行证号码验证通过后，使用您的面部识别特征进行人脸识别验证身份（特别说明：我方不存储用户的面部识别特征，仅调用第三方接口进行验证）。
• 若您是华侨用户，需要提供您的姓名、护照号码验证通过后，使用您的面部识别特征进行人脸识别验证身份（特别说明：我方不存储用户的面部识别特征，仅调用第三方接口进行验证）。
• 若您是外籍用户，需要提供您的姓名、外国人永久居留证号码、国籍代码验证通过后，使用您的面部识别特征进行人脸识别验证身份（特别说明：我方不存储用户的面部识别特征，仅调用第三方接口进行验证）。

（3）若您选择银行卡实名认证，需要提供您的姓名、身份证号码、银行卡号、银行预留手机号、短信验证码验证通过后，使用您的面部识别特征进行人脸识别验证身份（特别说明：我方不存储用户的面部识别特征，仅调用第三方接口进行验证）。

（4）若您选择手机号实名认证，需要提供您的姓名、身份证号码、手机号、短信验证码验证通过后，使用您的面部识别特征进行人脸识别验证身份（特别说明：我方不存储用户的面部识别特征，仅调用第三方接口进行验证）。

同时，我们会依据您提供的身份证号码识别您的性别和年龄。上述信息包含您的个人敏感信息，您可以拒绝提供。如果您拒绝提供上述信息，则无法使用实人用户服务，但不影响您使用我方提供的其他无需实名的服务。

3．账号管理

（1）账号资料管理

您成功注册账号后，可以根据需求和平台开放给用户填写/修改的模块来完善相关的网络身份识别信息，包括昵称、头像、实名认证状态、身份信息（证件类型、姓名、证件号码）。

（2）常用地址设置

您可以自行设置您的常用地址，以便于相关服务涉及地址搜索时，可以便捷填入行程起始终点信息。

4．刷码乘车服务

如您需要开通地铁、公交、轮渡、磁悬浮场景刷码通行服务，您需要进行用户实人认证。实人认证方式和收集的个人信息见“２用户认证”，若涉及发生于第三方软件的登录和验证操作，您需要遵照第三方软件的用户协议和隐私政策，我方无法监测您在第三方软件的操作行为，因此您需要对相关操作行为自担责任。您通过实人认证后，我方将收集您的出行码状态。

您使用出行码乘坐地铁、公交、轮渡、磁悬浮后，我方还将收集您的刷码乘车订单信息。

5．出租车、网约车、自动驾驶和代驾服务

（1）叫车服务

当您使用出租车、网约车、自动驾驶和代驾服务时，您需要提供您的位置信息，以便于您无需手动输入当前位置即可获得上车点、记录轨迹、地图导航等基于地理位置的出行相关服务或功能。如果您拒绝我们获取位置信息，您需要手动定位您的位置，但并不影响您使用我们的产品及服务，您也可以随时通过设置功能取消或调整上述授权。

当您使用出租车、网约车、自动驾驶和代驾服务服务时，您在叫车前需要提供上车/下车地点，以便于我们为您安排车辆，预计到达时间，如您拒绝提供前述信息，您将无法使用出租车、网约车、自动驾驶和代驾服务服务。

当您使用出租车、网约车、自动驾驶和代驾服务的的叫车服务时，还需要提供您的设备信息（包括设备型号、操作系统版本、设备设置、MAC地址及IMEI、IDFA、OAID、Android ID、IDFV等设备标识符、SIM卡IMSI信息、SIM卡归属地、设备环境、移动应用列表等软硬件特征信息），我们会向进行提供联调客服服务的合作方传递您的设备信息，便于其在线客服可以查询到您的设备状态，及时解决纠纷。

当您使用出租车的代人叫车服务时，您除提供上车/下车地点外，您还需要提供实际乘车人的姓名、手机号码，您还应确保实际乘车人同意我们按照本政策所述目的收集使用其个人信息，如您不提供前述信息，您无法代他人叫车。

（2）行程录音

基于法律法规或地方性规范文件的要求、或基于用户发生纠纷或安全事故时，核实事实并处理投诉的要求，或出于安全保障的目的进行用户身份核实的需求，我们将对行程中车内外环境进行录音。您需同意并授权我们对您的行程进行录音，并收集行程录音信息。如您拒绝向我们提供行程录音信息，您将无法使用出租车、网约车、自动驾驶和代驾服务。

（3）紧急求助

为便于我们在紧急情况下通知您的紧急联系人，我们需要获取您的通讯录权限，如果您拒绝我们获取通讯录权限，您可以手动输入紧急联系人的姓名和手机号码。您还应确保紧急联系人同意我们按照本政策所述目的收集其个人信息；如您不提供前述信息，我们将无法进行通知。

行程过程中，如您的人身或财产安全受到威胁，您可以使用紧急求助功能。当您按照页面操作启动紧急求助，我方将立即开展求助服务，同时给您的紧急联系人发送求助通知。在此过程中，我们还将收集您的行程信息（包括上车/下车地点、时间、行驶轨迹）、位置信息、行程录音信息等相关信息。

（4）行程分享

当您选择行程分享服务时，我们将收集您网约车服务的行程信息。如您拒绝提供上述信息，您无法分享行程，但并不影响您使用我们的其他产品及服务。

（5）支付结算功能

您在进行交易支付时，将使用第三方支付合作机构所提供的服务进行支付。我们将获取您的支付时间、支付金额、支付渠道等支付信息，以及费用明细、订单支付状态等订单信息、优惠券信息、地理位置信息、设备信息、APP版本号。上述信息将用于核实您是否按约支付费用、司机是否违规收费，维护平台交易秩序，并按照平台规则处理用户纠纷。

（6）订单查询与管理

为便于您查询、管理您的行程信息与订单信息，我们会收集您的行程信息与订单信息（包括但不限于上车/下车地点、行驶轨迹、费用明细等），如您拒绝提供前述信息，我们将无法为您提供订单查询与管理服务。

（7）纠纷解决

出于处理用户纠纷之需要，如乘客与司机间的纠纷，我们需要收集您的行程信息、行程录音信息、支付信息、订单信息、设备信息等。如您拒绝提供前述信息，我们无法为您提供我们的产品或服务，无法更好地保护您的权益。

（8）发票开具

如果您需要开具网约车、自动驾驶、停车服务、景区门票的线上电子发票，您可以在平台内进行申请，我们需要收集开票主体的名称（个人姓名或企业名称、统一社会信用代码）和接收发票的电子邮箱。如果您拒绝提供前述信息，我们无法为您提供电子发票。

开票主体应为对应服务实际使用人或其所在单位，如您填写的开票主体不是您本人，您应保证开票主体同意我们按照本政策所述目的收集使用其个人信息。

6．停车服务

（1）推荐停车场服务

为了便于给您推荐附近停车场及导航，我们将收集您的位置信息。如您拒绝提供上述信息，您无法使用上述服务，但并不影响您使用我们的其他产品及服务。

（2）停车场缴费、错峰共享、预约等服务

如您使用与我方合作的停车场提供的相关服务，为了便于您查询停车缴费、错峰共享签约、停车预约信息，我们会收集您的车牌号码、停车订单信息。如您拒绝提供上述信息，您无法使用上述服务，但并不影响您使用我们的其他产品及服务。

7．道路救援服务

您使用道路救援服务（包括一键拖车服务）时，需要提供您所填写的联系人姓名、手机号码、车牌信息、道路救援订单信息及订单状态、支付信息 ，我们会向提供救援服务的合作方传递您的相关信息，如您不提供前述信息，您将无法使用道路救援服务。 如您填写的联系人不是您本人，您应保证联系人同意我们按照本政策所述目的收集使用其个人信息。

8．附近维修厂查询服务

为了便于给您查询附近维修厂及导航，我们将收集您的位置信息。如您拒绝提供上述信息，您无法使用上述服务，但并不影响您使用我们的其他产品及服务。

9．公交基础信息查询服务

当您使用公交基础信息查询服务，我们会收集您的地理位置信息，通过与合作方信息共享，为您提供公交站点、公交路线、实时公交信息等基础信息查询服务。

10．景点门票服务

当您使用景点门票服务购买景点门票时，我们将收集您的出发日期、门票数量、游客信息（证件类型、姓名、证件号、手机号）、订单信息等，为您提供景点购票服务。如您拒绝提供上述信息，您无法使用上述服务，但并不影响您使用我们的其他产品及服务。

11．用户活动

（1）商城服务

如您使用商城服务，为了累计兜豆后兑换用户权益，我们将收集您的行程信息。在您购买电子商品时，我们将收集您的优惠券信息、订单信息（商品信息、订单编号、下单时间、付款时间、订购数量、优惠券使用信息、兜豆抵扣信息、支付渠道等）、支付信息（支付渠道、支付时间、支付金额等）。若您购买的商品为景点门票，除了您的优惠券信息、订单信息和支付信息，我们还将收集您的出发日期、门票数量、游客信息（证件类型、姓名、证件号、手机号）等。如您不提供前述信息，您无法使用上述服务，但并不影响您使用我们的其他产品及服务。

（2）绿色出行碳普惠

如您选择公交、地铁、轮渡等出行方式，为了对您的碳减排量和碳积分进行计算、统计、发放，便于您在上海市绿色出行碳普惠平台兑换权益，我们将在您注册上海市绿色出行碳普惠平台账户后，收集您的用户 ID、用户名、姓名、性别、脱敏后的手机号码、脱敏后的身份证号、注册设备 ID、城市编码、城市名称、订单信息、行程信息、支付信息等。

（3）运营活动

当您参加我们的运营活动时，为了便于我方为您提供便捷服务，对活动结果进行公示和后续宣传，与您取得联系，我们可能收集您的姓名、联系方式、位置信息、设备信息、网络信息等。如您不提供前述信息，您无法参与上述运营活动，但并不影响您使用我们的其他产品及服务。

（4）用户评价

如您在本平台对相关服务进行评价，我们需收集您的服务评分、服务评价，如果您拒绝提供前述信息，可能无法反馈您对相关服务的体验，但并不影响您使用我们的其他产品及服务。

（5）客服服务

当您与我们的客服团队联系时，为便于我方处理纠纷、解决问题或向您反馈结果，我们会收集您的姓名、联系方式、通话信息（通话内容、通话时长、主叫及被叫的手机号码以及通过随申行平台发送的文字信息内容等）。如果您拒绝提供前述信息，可能导致我们无法接收您的意见或建议，或我们无法反馈处理结果，但并不影响您使用我们的其他产品及服务。

（6）其他

如果您需要在线上申请线下交付或进行产品测试，为履行服务所必需，您应提供联系人、联系方式、地址或其必要信息。

我们可能邀请您参与有关我们产品和服务的调查。

12．安全及数据分析服务

（1）为防控运营风险，保障您的账号安全、交易安全以及系统运行安全，满足法律法规和我们协议规则的相关要求，保护您或其他用户或公众的人身财产安全免遭侵害，更好地预防钓鱼网站、欺诈、网络漏洞、计算机病毒、网络攻击、网络侵入及其他安全风险，更准确地识别违反法律法规或本应用相关协议、规则的情况。我们将收集您的设备信息（包括设备型号、操作系统版本、设备设置、MAC地址及IEI、IDFA、OAID、Android ID、IDFV等设备标识符、SIM卡IMSI信息、SIM卡归属地、设备环境、移动应用列表等软硬件特征信息）、日志信息（包括本APP的浏览记录，检索内容，点击查看记录，交易记录，IP地址，浏览器类型，电信运营商，使用语言，访问日期和时间，运行中进程信息）、您通过我们的服务进行通讯的信息，包括曾通讯的账号。

（2）我方可能使用您的账号信息、并整合设备信息、有关网络日志以及有关政府机构、关联公司、合作伙伴分享的信息，来判断您的账号风险、进行身份验证、安全事件的检测及防范，并依法采取必要的记录、审计、分析、处置措施。

（3）为了保障向您提供的服务安全稳定运行，我们需要记录您使用“随申行”服务的类型、方式及设备型号、IP 地址、设备软件版本信息、设备识别码、设备标识符、正在运行的进程信息，应用程序的总体运行情况，所在地区、网络使用情况。如果您不同意我们记录前述信息，可能无法完成风控验证。

13．公共利益

基于维护公共利益的需要，在应对突发公共卫生事件或者紧急情况下保护自然人生命健康和财产安全时，在您使用公共利益相关的功能或服务，包括但不限于随申码，您还需要提供使用该功能或服务所必须的信息，包括姓名、身份证号、手机号、证件照头像、人脸生物信息，用于我方采取相关规制措施。

（四）您可以选择授权我们收集和使用个人信息的场景

14．服务优化和开发

在业务要求或交互设计变更时，在必要的情况下，我们会收集关于您使用产品、服务以及使用方式的信息并将这些信息进行关联，这些信息包括：

（1）日志信息：当您使用我们的网站或客户端提供的产品或服务时，我们会自动收集您对我们服务的详细使用情况，作为网络日志保存。包括：搜索查询内容、访问的服务记录、访问日期和时间、服务请求状态、网络情况。

请注意，单独的日志信息是无法识别特定自然人身份的信息。如果我们将这类非个人信息与其他信息结合用于识别特定自然人身份，或者将其与个人信息结合使用，则在结合使用期间，这类非个人信息将被视为个人信息，除取得您授权或法律法规另有规定外，我们会将该类个人信息做匿名化、去标识化处理。

（2）当您与我们联系时，我们可能会保存您的通信／通话记录和内容或您留下的联系方式，以便与您联系或帮助您解决问题，或记录相关问题的处理方案及结果。

（3）我们会将已经收集的信息用于更好地满足您的需求（若用户未登录，不存在个性化推荐服务）。包括语言设定、位置设定、更好的帮助服务和指示，或对您和其他用户做出其他方面的回应。

（4）我们会将已经收集的信息用于向您提供与您更加相关的服务，向您提供您可能感兴趣的类似功能或服务。同时，针对部分个性化服务可能对您的个人权益造成重大影响的，您有权要求我方予以说明，并有权拒绝我方仅通过自动化决策的方式作出决定。

（5）当您使用公交基础信息查询服务等服务时，为便于我们统计使用该项服务对应的人群性别比例、年龄段分布等情况，我们会使用您的性别和年龄，形成统计性数据，这些数据难以与其他信息结合识别您的个人身份。

15．其他提示

如果您需要使用部分可选的功能或服务，您还应该提供使用该功能或服务所必须的信息，可能包括性别、出生日期、出生地、户籍所在地、民族等。在您使用该部分功能或服务前，我方将向您告知并取得您的同意。其他可能需要使用收集信息的相关场景，如果使用场景与初始场景无必要的关联性，我们会在使用信息前重新征得您的同意。

经过您授权同意，或者根据法律法规规定、监管要求，我方可能将您的个人信息用于其它用途。

前述黑体加粗下划线的信息为您的敏感个人信息，我们会经您明确的单独同意后收集前述信息。如您不同意提供前述信息，将无法享受相关信息所对应的功能服务，但不会影响您使用其他服务功能。客观上，我们无法保证百分之百的安全，一旦您的敏感个人信息因不可抗力而被泄露或者非法使用，可能导致您的人格尊严受到侵害或者人身、财产安全受到危害。

在收集您的个人信息后，我方将利用技术手段对您的信息进行去标识化、加密或匿名化处理，通过去标识化、加密或匿名化的信息将无法识别您的具体信息主体身份。

（五）系统权限

在您使用服务过程中，我们可能还需要您提供以下必要的系统权限才能完成服务的提供。请知悉，您同意本政策后，相应设备权限并不会默认开启，当涉及重要或敏感的设备权限时，我们会在您使⽤到相应业务功能时，另⾏弹窗再次征得您的同意后开启。权限开启后，您还可以随时通过设备设置关闭权限。您不同意开启权限，将不会影响其他非相关业务功能的正常使⽤。可能申请调用的设备权限及涉及的场景可点击《应用权限申请授权清单》查看。

三、我方如何使用Cookie 和同类技术

（一）Cookie 和同类技术

我方可能会通过 Cookies（储存在用户本地终端上的数据）和其他相关技术收集和使用您的信息。我方使用Cookies的具体用途包括：

（1）记住您的身份。Cookies 有助于我方辨认您作为我方的注册用户的身份。

（2）分析您使用我方服务的情况，以便为您提供更加周到的个性化服务，包括定制化页面、推荐。

（3）您可以通过浏览器设置拒绝或管理Cookies。但请注意，如果停用 Cookies，您有可能无法享受最佳的服务体验，某些功能的可用性可能会受到影响。

（4）通过本应用Cookies记录的有关信息，将适用本隐私政策。

（二）SDK

为保障随申行APP相关功能的实现与应⽤的稳定运⾏，我们可能会接入由第三⽅提供的软件开发包（SDK）以实现相关⽬的。关于第三⽅如何收集、使⽤您的个⼈信息，建议您参考第三⽅SDK的相关服务协议及个⼈信息处理规则。您可以通过以下链接查看第三方的信息收集使用和保护规则，本文仅作转述。如您选择不提供所述信息则可能无法使用对应服务，但不影响您使用我们提供的其他服务。请注意，对于第三方SDK采集的信息，由第三方承担保护责任。您可点击《第三方信息共享清单》查看我们接入的SDK详情。

后续我们将根据业务发展和功能开发情况调整SDK接入，我们会及时向您公开说明接入第三方SDK的最新情况。请注意，第三方SDK可能因为其版本升级、策略调整等原因导致信息处理存在一定变化，请以其公示的官方说明为准。

四、我方如何共享、转让、公开披露和委托处理您的个人信息

（一）共享

我方不会与我方以外的公司、组织和个人共享您的个人信息，但因很多服务由第三方系统提供，故存在与我方关联公司以及其他合作商等第三方共享您个人信息的情况。我方会遵循以下原则：

1．在获取明确同意的情况下共享：获得您的明确同意后，我方会与其他方共享您的个人信息。

2．在法定情形下的共享：我方可能会根据法律法规规定、监管要求、诉讼争议解决的需要，或按行政、司法机关依法提出的要求，对外共享您的个人信息。

3．为了促成办理服务或协助解决争议的共享：某些情况下只有共享您的个人信息，才能促成办理或处理您与他人的纠纷或争议。

4．与授权合作伙伴共享：我们可能会与合作伙伴共享您的某些个人信息，以提供更好的客户服务和优化用户体验。我们仅会出于合法、正当、必要的目的共享您的个人信息，并且只会共享提供服务所必要的个人信息。我们的合作伙伴无权将共享的个人信息用于任何其他用途。

目前，我们的授权合作伙伴包括如下类型：关联公司、供应商、服务提供商和其他合作伙伴。我们将信息发送给支持我们业务的授权合作伙伴，这些支持包括提供基础技术服务、提供咨询、分析在内的系列专业服务。对我们与之共享个人信息的公司、组织和个人，我们会与其签署严格的保密协议以及信息保护约定，要求他们按照我们的说明、本隐私政策以及其他任何相关的保密和安全措施来处理个人信息。您可点击《第三方信息共享清单》 查看第三方共享情况。

（二）转让

我方不会将您的个人信息转让给任何公司、组织机构和个人。以下情况除外：

1．事先获得您的同意。

2．根据国家政策安排或法律规定，我方以及有关政府机构有可能进行组织架构调整、资产调配、转让或类似的交易，您的信息有可能作为其中一部分而被转移。我方将遵守相关法律法规的要求，在转移前通知您并确保信息在转移时的安全性，我们会要求新的持有您个人信息的主体继续受本政策的约束，否则我们将要求该主体重新向您征求授权同意。

（三）公开披露

未经您同意，我们不会公开披露您的信息，以下情形除外：

1．事先获得您的同意。

2．如果我方确定您出现违反法律法规或严重违反我方相关协议规则的情况，或为保护我方或公众的人身财产安全免遭侵害，我方可能依据法律法规，遵守法院判决、裁定或其他法律程序的规定，遵守相关政府机关或其他有权机关的要求或我方相关协议规则公开披露您的个人信息，包括相关违规行为以及我方已对您采取的措施。

（四）委托处理

为了提升信息处理效率，降低信息处理成本，或提高信息处理准确性，在网站维护、数据分析、广告服务、审计及其他类似服务过程中，我们可能会委托有能力的第三方（包括我们的关联公司或其他专业机构）代表我们来处理信息（在您授权同意的范围内，上述第三方将仅以向我们提供服务为目的或代表我们从事某些行为的情况下获知您的个人信息）。我们会通过书面协议、现场审计等方式要求受托公司遵守严格的保密义务及采取有效的保密措施，禁止其将这些信息用于未经您授权的用途。在委托关系解除时，受托公司不再保存个人信息。我们承诺对此负责。

五、我方如何保存您的个人信息

我方在中华人民共和国境内（不包括中华人民共和国香港特别行政区、澳门特别行政区及台湾地区）收集和产生的个人信息将存储在中华人民共和国境内。

您在使用本应用服务期间，我方将持续为您保存您的个人信息。我们判断个人信息的存储期限主要参考以下标准并以其中较长者为准：

（一）为执行相关服务协议或本政策、维护社会公共利益、处理投诉／纠纷，保护我们的客户或我们的关联公司、其他用户或雇员的人身和财产安全或合法权益所必需的用途。

（二）您同意的更长的保存期间。

（三）遵守法院判決、裁定或其他法律程序的要求。

（四）存在保留期限的其他特别法律法规、监管规定。

我方对您个人信息的保存期限不少于2年。超出保存期限后，我方将对所收集的信息进行删除。如删除个人信息从技术上难以实现的，我们将停止除存储和采取必要的安全保护措施之外的处理。

六、您如何管理您的个人信息

（一）访问、复制、更正、补充您的个人信息

1．您登录本应用后，可以在“我的-个人资料”中，查看您的头像、昵称、实人认证状态与身份信息（证件类型、姓名、证件号码）；在“我的-设置-账号与安全”中，查看已绑定的手机号。

2．若您需要复制您的个人信息，您可以在“我的－设置－隐私中心－个人信息浏览与导出”中导出个人信息，或致电我方官方服务热线联系客服，在核实您的身份后，我们将向您提供您在我们应用中的个人信息副本（包括基本资料、身份信息），但法律法规另有规定或本政策另有约定的除外。

3. 您可以在“我的-个人资料”中修改头像、昵称；您可以在“我的-设置-账号与安全”中更换手机号。

4．更正、补充您的个人信息：当您发现本应用处理的关于您的信息有误或不完整，除您能自行更正、补充的个人信息之外，需致电我方官方服务热线进行更正、补充。

（二）删除您的个人信息

为保障您的个人信息在应用中的安全性，暂未开放在线删除个人信息权限，若您想删除部分或全部个人信息，可致电我方官方服务热线协助您处理。同时，个人信息因共享、转让、披露等涉及到第三方的，第三方也将无法继续获得、保存您的个人信息。

在以下情形中，您可以向我方提出删除个人信息的请求：

1.如果我方处理您个人信息的目的已实现、无法实现或者为实现处理目的不再必要。

2.如果您撤回您的同意。

3.如果我方违反法律、行政法规或者违反约定处理您的个人信息。

4.如果您不再使用我们的产品或服务。

5.如果我们不再为您提供产品或服务，或者保存期限已届满。

当您从我方的服务中删除信息后，我方可能不会立即从备份系统中删除相应的信息，但会在备份更新时删除这些信息，在此期间我方会停止除存储和采取必要的安全保护措施之外的处理。

（三）改变您授权同意的范围或撤回您的授权

您可以通过以下方式改变或撤回您授权我们收集和处理您个人信息的范围：

1、在“我的-设置-隐私中心-协议授权”中管理授权。

2、 在“我的-设置-隐私中心-权限管理”中管理APP使用的系统权限授权。

3、通过您所使用的设备系统权限管理页面管理您所使用的系统权限授权。

4、通过修改个人资料、删除个人信息、关闭功能等方式撤销授权。

当您撤回同意或授权后，可能导致我们无法继续为您提供撤回同意或授权所对应的服务。但您撤回同意或授权，不影响此前基于您的同意或授权而开展的个人信息的处理。

当您撤回同意或授权后，我们将不再处理相应的个人信息，但您在使用我方服务期间提供或产生的信息，我们仍需按照法律法规规定和监管要求的时间进行匿名化保存。在该依法保存的时间内，相应监管机关仍有权依法查询。

（四）注销用户管理

您可以在“我的-设置-账号与安全-注销账号”里注销账号或联系客服申请注销您的账户。为了保护您或他人的合法权益，我方需要在为您注销账号前验证您的身份，并结合您对“随申行”产品或服务的使用情况判断是否支持您的注销申请。例如，若您的账号内有通过随申行信息服务跳转生成的订单，或您的叫车功能中有尚未支付的订单，或您未与第三方账号解绑或关闭第三方服务，则我们不会立即支持您的请求。

在您主动注销账户之后，我方及其他方基于“随申行”平台的应用系统将停止为您提供产品或服务，并根据适用法律的要求删除或匿名化处理您的个人信息。若删除个人信息从技术上难以实现的，我们会进行匿名化处理，或停止除存储和采取必要的安全保护措施之外的处理，但法律法规另有规定的除外。

（五）个人信息处理规则的解释说明

您可以致电我方官方服务热线要求我方对个人信息处理规则进行解释说明。

（六）约束信息系统自动决策

在某些业务功能中，我们可能仅依据算法在内的非人工自动决策机制做出决定。您可以在“我的－设置－隐私中心－推荐管理”处关掉个性化内容推荐。或如果这些决定影响您的合法权益，您可以通过致电我方官方服务热线对自动决策结果进行投诉。

（七）逝者相关权利

若您身故，您的近亲属为了自身的合法、正当利益，可以对您的相关个人信息行使本条款规定的查阅、复制、更正、删除等相关权利；您生前另有安排的除外。

（八）响应您的上述请求

为保障安全，您可能需要提供书面请求，或以其他方式证明您的身份。我方可能会先要求您验证自己的身份并审核合法性，然后再处理您的请求。请您理解，由于技术所限、基于法律法规要求，您的某些请求可能无法进行响应。请您理解，对于某些无端重复、需要过多技术手段、给他人合法权益带来风险或者非常不切实际的请求，我方可能会予以拒绝，但会向您说明理由。

尽管有上述约定，但按照法律法规要求，如涉及以下情形我方将可能无法响应您的请求：

1．与国家安全、国防安全相关的。

2．与公共安全、公共卫生、重大公共利益相关的。

3．与犯罪侦查、起诉、审判和判决执行等相关的。

4．有充分证据表明您存在主观恶意或滥用权利的。

5．响应您的请求将导致您或其他个人、组织的合法权益受到严重损害的。

6．涉及商业秘密的。

7．与我方履行法律法规规定的义务相关的。

如您对上述权利实现存在疑问，可以根据“如何联系我方”中的相关联系方式与我们取得联系。对于您或可能的您的监护人、近亲属及其他有权主体向我们提出上述请求，以及中华人民共和国法律与其他适用法律规定的您的相关个人信息权利，您可以通过客服联系我们或直接向我们的个人信息保护负责人发起投诉。我们将在15个工作日内做出答复。

七、征得授权同意的例外

根据相关法律法规及监管要求，以下情形中，我们可能会处理个人信息而无需事先征得您授权同意：

（一）根据您的要求签订和履行合同所必需的。

（二）与我们履行法定职责或者法定义务所必需的。

（三）为应对突发公共卫生事件，或者紧急情况下为保护自然人的生命健康和财产安全所必需的。

（四）为公共利益实施新闻报道、舆论监督等行为，在合理的范围内处理您的个人信息。

（五）在合理的范围内处理您自行公开或者其他已经合法公开的您的个人信息。

（六）法律、行政法规规定的其他情形。

八、我方如何保护您的个人信息

我方将努力为个人信息安全提供保障，以防止信息的丢失、不当使用、未经授权访问或公开披露。

（一）为了保障您的信息安全，我方将在法律法规相关规定要求和现有技术水平下使用符合业界标准的安全保护措施保护您提供的个人信息，采取物理、技术和行政管理安全措施降低丢失、误用、非授权访问、披露和更改的风险，尽力防止数据遭到未经授权的访问、公开披露、使用、修改、损坏或丢失。

例如：通过网络安全层软件（SSL）进行加密传输、信息加密存储、严格限制数据中心的访问。传输和存储个人敏感信息（含个人生物识别信息）时，我们将采用加密、权限控制、去标识化等安全措施。

（二）我方已设立专职部门并制定应急预案，设立了个人信息保护责任部门，针对个人信息收集、使用、共享、委托处理等开展个人信息安全影响评估。同时，建立了相关管理制度，对可能接触到您的信息的工作人员采取最小够用授权原则；对工作人员处理您的信息的行为进行系统监控，不断对工作人员培训相关法律法规及隐私安全准则和安全意识强化宣导，并每年组织全体工作人员参加安全考试。另外，我方的相关网络系统通过了国家网络安全等级保护的测评。我方每年还会聘请外部独立第三方对我们的信息安全管理体系进行评估。

（三）我方已制定个人信息安全事件应急预案，定期组织内部相关人员进行应急响应培训和应急演练，使其掌握岗位职责和应急处置策略和规程。在不幸发生个人信息安全事件后，我们将按照法律法规的要求，立即采取补救措施，以有效避免信息泄露、篡改、丢失等造成危害，并向相关监管部门予以上报。若相关监管部门认为该个人信息安全事件可能对您造成危害的，我们会按照监管部门的要求，及时将事件相关情况以APP推送通知、发送邮件或短消息等方式告知您，或采取合理、有效的方式发布公告。

（四）互联网环境并非百分之百安全，我方将尽力确保您的个人信息安全性。请您理解，由于技术水平局限以及可能存在的恶意攻击，有可能出现我们无法合理预见、防范、避免、控制的意外情况。我们强烈建议您采取积极措施保护个人信息的安全，包括但不限于使用复杂密码，定期修改密码，不将自己的账号密码和相关个人信息提供给他人等，协助我们保证您的信息安全。

（五）您在使用本应用服务时，我方会通过您的手机号码、姓名、身份证号或者其他身份验证信息来识别您的身份，请您务必妥善保管上述信息。一旦您泄露了上述信息，您的账号信息可能因此泄露，并可能使您的资金安全等个人权益遭受损失。

九、我方如何保护未成年人信息

（一）我方期望父母或其他监护人（以下统称“监护人”）指导未成年人使用我方的服务。我方将根据国家相关法律法规的规定保护未成年人的信息的保密性及安全性。

（二）如果您是已满十四周岁但未满十八周岁的未成年人，请您在仔细阅读本政策的前提下使用我方的服务或向我方提供信息，并建议您邀请监护人在仔细阅读本政策的前提下对您进行指导。如您是不满十四周岁的未成年人（以下简称“儿童”），请您的监护人仔细阅读本政策和《“随申行”儿童个人信息保护规则及监护人须知》，并在征得您的监护人同意的前提下使用我方的服务或向我方提供信息。如您的监护人不同意您按照本政策使用我方的服务或向我方提供信息，请您立即终止使用我方的服务并及时通知我方，以便我方采取相应的措施。

（三）对于经监护人同意而收集儿童个人信息的情况，我方只会在受到法律允许、监护人明确同意或者保护儿童所必要的情况下使用或公开披露此信息。如果监护人发现我方在未获父母或监护人同意的情况下收集了儿童的个人信息，请通过客服热线联系我方，我方会设法尽快删除相关数据。

（四）未成年人的实人认证信息受实人认证管理机构管理，基于管理机构风险控制的考虑，未成年人的实人认证可能存在无法通过的情况，在此情况下，我方将无法提供相应服务。

十、您的个人信息如何在全球范围转移

我方在中华人民共和国境内（不包括中华人民共和国香港特别行政区、澳门特别行政区及台湾地区）收集的个人信息，将存储在中华人民共和国境内。如果因业务需要，确需将您的个人信息转移到境外，我方将：

（一）另行获得您的授权同意，并履行法定程序，在符合届时适用法律法规的情形下使您的个人信息得到足够的保护；

（二）前述转移将在符合届时适用法律法规要求的前提下进行，即便获得您的授权但是转移方式或者目的不符合相关法律法规规定的，我方也不会进行转移。

十一、我们的运营组织

单位名称：上海随申行智慧交通科技有限公司

注册地址：上海市长宁区天山西路789号4幢7层71001室

办公地址：上海市静安区灵石路699号2号楼

个人信息保护官负责人邮箱：sec_shmaas@shmaas.cn

十二、本政策如何更新

在相关法律法规发生变化或我方服务发生变动等必要情形下，我方如需对本政策做出修改，将在修订生效前通过在主页弹窗提示的方式再次请您确认，确认后即生效，并取代此前相关内容。您如不同意新的修改内容，请及时与我方联系或立即停止使用本政策约定的服务，如您选择继续使用相关服务，则视为您完全同意并接受新的修改内容。如客观情况及经营方针变化导致我方需要中断或停止相关服务的，我方将及时进行通知，请您对此表示理解和认同。

十三、如何联系我方

如您对本政策存在任何疑问，或有任何相关的投诉、纠纷、意见，请联系我方官方服务热线（官方服务热线：【$phoneStr】）进行反馈。我方将尽快受理您的请求，并在验证您的用户身份后的15个工作日内予以回复。

十四、其它

（一）本政策的成立、生效、履行、解释及纠纷解决，适用中华人民共和国法律法规（为本政策目的，不包括中华人民共和国香港特别行政区、澳门特别行政区及台湾地区）。

（二）因本政策内容或执行发生任何争议，您可联系我方官方服务热线以协商解决；协商不成时，您还可向我方所在地即上海市长宁区有管辖权的人民法院提起诉讼解决。

Update Date: May 30, 2024
Effective Date: May 30, 2024

Dear "SH MaaS" user (hereinafter referred to as "You"), in order to facilitate your use of the platform products and services, including the "SH MaaS" application software (hereinafter referred to as "this application"), the platform operator and the owner of this application , Shanghai Mobility Service Technology Co.,Ltd. (hereinafter referred to as "we" or "us"), will collect, use, store, and provide your personal information (hereinafter collectively referred to as "processing") in accordance with the provisions of the "SH MaaS" Personal Information Protection and Privacy Policy (hereinafter referred to as "this policy").

This policy applies to the products and services provided to you by the platforms legally owned and operated by us, labeled "SH MaaS", including the APP, SH MaaS official website (https://www.shmaas.cn/), public account, mini-programs, and other platforms. It also applies to certain functions/services within the "SH MaaS" application integrated as a third-party service in other third-party smart hardware, software, or services (the aforementioned product and service system is also referred to as the "platform" or "SH MaaS").

When you use our products or services, we need to process your information according to the relevant laws, regulations, and regulatory policies to provide you with services and improve service quality. Through this policy, we aim to explain to you: what data we collect when you use our products or services, why we collect this data, what we will do with this data, and how we protect this data. This policy is closely related to the products or services you use from us, and it is crucial for you to exercise user rights and protect your personal information. Please carefully read and fully understand the content of this policy (especially the content in bold underline) before using our products or services.

Please read this policy carefully, understand our rules for processing your personal information, and if we update this policy, we will promptly notify you of the updates. If you have any questions, you can contact the official platform hotline【$phoneStr】for consultation. By clicking "Agree" and confirming the submission, you are deemed to agree to the content of this policy (including updated versions) and agree that we process your personal information according to this policy. If you do not agree to any terms in this policy, you should immediately stop accessing and using our platform.

Special Note: When you use third-party services through "SH MaaS", the third party may have its own privacy protection policy. When viewing pages created by third parties or using services developed by third parties, these third parties may place their own cookie or network beacons, which are not under our control. We will make efforts to request these entities to protect your personal information. It is recommended to contact them to get detailed information about their privacy policy. If you find risks in these third-party services, it is advisable to terminate the relevant operations to protect your legitimate rights and interests.

You can read specific sections of our privacy policy in more detail based on the following index:

I. Principles for the Collection and Processing of Your Personal Information by Us

II. How We Collect and Use Your Personal Information

III. How We Use cookie and Similar Technologies

IV. How We Share, Transfer, Publicly Disclose, and Entrust the Processing of Your Personal Information

V. How We Store Your Personal Information

VI. How You Can Manage Your Personal Information

VII. Exceptions to Obtaining Authorized Consent

VIII. How We Protect Your Personal Information

IX. How We Protect Information of Minors

X. How Your Personal Information Is Transferred Globally

XI. Our Operational Organization

XII. How This Policy Is Updated

XIII. How to Contact Us

XIV. Other

I. Principles for the Collection and Processing of Your Personal Information by Us

Principles of Legality, Legitimacy, Necessity, and Good Faith.

Mainly refers to: 1. Obtain your or your guardian's consent, except as otherwise provided by laws and regulations 2. Collect and process information in accordance with the purposes, methods, and types specified in this policy. 3. Do not process information unrelated to business or handle information in an improper manner. 4. Do not violate laws, regulations, and agreements between the parties.

II. How We Collect and Use Your Personal Information

(I) Responsibility Statement

This application is only responsible for collecting information necessary for your use of the functions/services provided by this application. According to regulatory requirements, relevant regulatory authorities will collect your relevant information and maintain it based on regulatory needs. For business needs and necessary security certification, the third-party service system may share your Personal information or perform secondary authentication. We are not responsible for any leakage of Personal information at regulatory authorities or third-party service systems.

(II) How We Collect and Use Your Personal Information

We will only collect and use your personal information for the following purposes as stated in this policy:

To provide you with the basic functions of our products/services: User registration, login and authentication, account management, QR code boarding, taxi and ride-hailing services, Parking Service, Road Assistance Service, Nearby Maintenance Factory Inquiry Service, Bus Basic Information Inquiry Service, Scenic Spot Ticket Service, User Activities, Security and Data Analysis Service, Public Welfare, you need to authorize us to collect and use the necessary personal information. If you refuse to provide the necessary information, you will not be able to use our products/services normally.

To provide you with expanded or additional functions of our products/services: Service Optimization and Development, you can choose to authorize us to collect and use your other personal information. If you refuse to provide, you will not be able to use the related additional functions or achieve the intended functional effects, but it will not affect your normal use of the basic functions of our products/services.

(III) Scenarios where you need to authorize us to collect and use personal information

1. User registration, login:

For the necessary prevention of malicious programs and secure operations, when you use this application (including the first run of this application), we will collect information about the application process. If you do not perform any registration or login operations later, the aforementioned application process information will not be associated with you personally.

When you only need to browse the main channel or use some services that do not require login, you do not need to register as a user with us and do not need to provide relevant personal information. When you are not logged in, we will not collect your personal information.

(1) Registration service:

When you need to use the user services provided by us, you need to provide your own phone number and SMS verification code for registration and login. After completing the registration, the platform will generate a SH MaaS account for you

(2) Third-party account binding:

After successfully registering as our user, you can choose to bind a third-party account for quick login. We will access and collect your personal information (such as nickname and personal profile for WeChat or Alipay; username, personal profile, user agreement, name, ID number, and phone number for Shanghai Public Services Online) through the third-party account interface (including Shanghai Public Services Online, WeChat, Alipay) in an indirect manner with your explicit authorization. We will then link the third-party account to your SH MaaS account and phone number. If you refuse to provide login information obtained from the third-party account interface, you will not be able to log in quickly using third-party accounts, but you can still log in using other methods.

(3) Login Service

When you log in to this application later, you can choose phone verification login: in this method, you need to provide your phone number and SMS verification code and agree to our verification of the login information you provide. Alternatively, you can choose third-party account (including Shanghai Public Services Online, WeChat, Alipay) authorized login: in this method, we will collect your third-party account information (such as nickname and personal profile for WeChat or Alipay; username, personal profile, user agreement, name, ID number, and phone number for Shanghai Public Services Online).

If you do not provide the above information, we will not be able to provide you with services such as the Shanghai QR code for boarding, real-person authentication, or other services that require login.

2．User Authentication

After you register, you can directly use ordinary user services, including viewing nearby bus and subway information, and using some basic services that do not require real-person authentication. If you need to use taxi services, online car-hailing services, autonomous driving services, shared bike services, or one-code passage services, you will need to undergo user real-person authentication.

Methods of real-person authentication include Alipay account authentication, Hong Kong/Macau/overseas user real-name authentication, bank card real-name authentication, and mobile phone number real-name authentication.

(1) If you choose Alipay account authentication, you need to provide your name and ID card number for verification. After passing the verification, your face recognition features will be used for identity verification (Note: We do not store users' facial recognition features; we only call third-party interfaces for verification).

(2) If you choose Hong Kong/Macau/overseas user real-name authentication, you need to provide your name, document type, and document number:

• If you are a resident of Hong Kong/Macau, you need to provide your name and Mainland Travel Permit for Hong Kong and Macau Residents number for verification. After passing the verification, your face recognition features will be used for identity verification (Note: We do not store users' facial recognition features; we only call third-party interfaces for verification).
• If you are an overseas Chinese user, you need to provide your name and passport number for verification. After passing the verification, your face recognition features will be used for identity verification (Note: We do not store users' facial recognition features; we only call third-party interfaces for verification).
• If you are a foreign user, you need to provide your name, Foreign Permanent Resident ID number, and nationality code for verification. After passing the verification, your face recognition features will be used for identity verification (Note: We do not store users' facial recognition features; we only call third-party interfaces for verification).

(3) If you choose bank card real-name authentication, you need to provide your name, ID card number, bank card number, bank-registered mobile number, and SMS verification code for verification. After passing the verification, your face recognition features will be used for identity verification (Note: We do not store users' facial recognition features; we only call third-party interfaces for verification).

(4) If you choose mobile phone number real-name authentication, you need to provide your name, ID card number, mobile phone number, and SMS verification code for verification. After passing the verification, your face recognition features will be used for identity verification (Note: We do not store users' facial recognition features; we only call third-party interfaces for verification).

At the same time, we will identify your gender and age based on the ID card number you provide. The above information contains your personal sensitive information, and you can refuse to provide it. If you refuse to provide the above information, you will not be able to use real-person user services, but it will not affect your use of other services provided by us that do not require real-name authentication.

3. Account and Password Management

(1) Account Information Management

After successfully registering your account, you can improve relevant online identity recognition information according to your needs and the modules opened to users by the platform for filling/modification. This includes nickname, profile picture, real-name authentication status, and identity information (document type, name, document number).

(2) Setting Common Addresses

You can set your common addresses yourself, so that when relevant services involve address searches, you can conveniently fill in the starting and ending points of your trips.

4. Vehicle QR Code Scanning Service

If you need to activate QR code passage services for scenarios such as subway, bus, ferry, and maglev, you need to undergo user real-person authentication. The real-person authentication methods and collected personal information are detailed in "2. User Authentication." If it involves logging in and verifying operations in third-party software, you need to comply with the user agreements and privacy policies of the third-party software. We cannot monitor your actions in third-party software, so you are responsible for such actions. After you pass real-person authentication, we will collect your travel code status. When you use the travel code for subway, bus, ferry, or maglev travel, we will also collect your QR code travel order information.

5.Taxi and Car Hailing Services

(1) Car Hailing

When you use taxi or car-hailing services, you need to provide your location information so that you can access travel-related services or functions based on geographic location, such as getting the pick-up point, recording the route, and map navigation, without manually entering your current location. If you refuse to grant us access to your location information, you will need to manually specify your location, but this won't affect your use of our products and services. You can also revoke or adjust the above authorization at any time through the settings function.

When you use taxi or car-hailing services, before requesting a ride, you need to provide pick-up/drop-off locations for us to arrange a vehicle and estimate arrival time. If you refuse to provide this information, you will be unable to use Taxi and Car Hailing Services.

When using the taxi or car-hailing services, you also need to provide device information (including device model, operating system version, device settings, MAC address, IMEI, IDFA, OAID, Android ID, IDFV, and other device identifiers, SIM card IMSI information, SIM card origin, device environment, mobile application list, and other hardware and software characteristic information). We will transmit your device information to the cooperating customer service partner for joint debugging services, enabling their online customer service to access your device status and promptly resolve disputes.

When using the taxi's proxy car-hailing service, in addition to providing pick-up/drop-off locations, you also need to provide the actual passenger's name and phone number. You should also ensure that the actual passenger agrees to our collection and use of their personal information for the purposes described in this policy. Failure to provide the aforementioned information will prevent you from hailing rides on behalf of others.

(2) Itinerary Recording

Based on legal requirements, local regulations, and due to the need of verifying facts and addressing complaints in case of disputes or safety incidents involving users, or for the purpose of user identity verification for security reasons, we will record the interior and exterior environment during the trip. You need to agree and authorize us to record your itinerary and collect Itinerary Recording information . If you refuse to provide Itinerary Recording information, you will be unable to use Taxi and Car Hailing Services.

(3) Emergency Aid

To facilitate notifying your emergency contacts in case of emergencies, we need to access your contacts. If you refuse to grant us access to your contacts, you can manually enter the names and phone numbers of your emergency contacts. You should also ensure that your emergency contacts agree to our collection of their personal information for the purposes described in this policy. Failure to provide the aforementioned information will prevent us from making notifications.

During your trip, if your personal or property safety is threatened, you can use the Emergency Aid function. When you initiate Emergency Aid through the app, we will immediately provide assistance services and send an emergency notification to your emergency contacts. During this process, we will also collect relevant information, including your trip details (pick-up/drop-off locations, time, travel trajectory/location information, etc.), location information, and Itinerary Recording information.

(4) Itinerary Sharing

When you choose the Itinerary Sharing service, we will collect yourtrip (itinerary) information. If you refuse to provide this information, you cannot share your trip, but it won't affect your use of our other products and services.

(5) Payment Settlement Function

When you make transaction payments, we will collect your name, phone number, ID type, ID number, and bank card information for identity verification and to facilitate the payment service.

When you make transaction payments, you will use services provided by third-party payment partners for payment processing. We will collect payment information such as payment time, payment amount, payment channel, as well as details of charges, order payment status, taxi coupon information, geographical location, device information, and app version number. This information will be used to verify whether you have made payments as agreed, whether the driver has overcharged you, maintain platform transaction order, and handle user disputes according to platform rules.

After completing the payment, we will also collectpayment information such as the payment time, amount, channel, as well as order details, order payment status, taxi coupon information, geographic location, device information, and app version. This information will be used to verify whether you have paid according to the agreement, whether the driver has violated the charging rules, maintain platform transaction order, and handle user disputes according to platform rules.

When you use payment services, you need to authorize the relevant regulatory authorities or provide us with your name, phone number, ID type, ID number, and bank card information for identity verification and to facilitate the payment service.

(6) Order Inquiry and Management

To facilitate your inquiry and management of trip information and order details, we will collect your trip and order information, including but not limited to pick-up/drop-off locations, travel trajectories, and detailed costs. If you refuse to provide the aforementioned information, we will be unable to provide you with Order Inquiry and Management services.

(7) Dispute Resolution

For the sake of addressing the needs of dispute resolution, such as disputes between passengers and drivers, we need to collect your trip information, Itinerary Recording information, payment information, order information, device information, etc. If you refuse to provide abovementioned information, we cannot provide you with our products or services and cannot better protect your rights.

(8) Online Car Hailing Invoice Issuance

If you need to issue an online electronic invoice for a ride-hailing trip, you can apply for it on the platform. We need to collect the name of the billing entity (individual name or company name, unified social credit code) and the email address to receive the invoice. If you refuse to provide the aforementioned information, we will be unable to provide you with an electronic invoice.

The billing entity should be the actual user of the ride-hailing service or the unit they belong to. If the billing entity you provide is not yourself, you should ensure that the billing entity agrees to our collection and use of their personal information as per this policy.

6. Parking Service

(1) Recommended Parking Lot Service

To facilitate recommending nearby parking lots and navigation to you, we will collect yourlocation information. If you refuse to provide the aforementioned information, you cannot use the mentioned services, but it won't affect your use of our other products and services.

(2) Parking Lot Payment, Off-Peak Sharing, Reservation, and Other Services

If you use relevant services provided by parking lots in cooperation with us, for ease of querying parking fees, signing up for off-peak sharing, and parking reservations, we will collect your license plate number andparking order information. If you refuse to provide the aforementioned information, you cannot use the mentioned services, but it won't affect your use of our other products and services.

7. Road Assistance Service

When you use Road Assistance Service (including one-click towing service), you need to provide the contact person's name, phone number, license plate information, Road Assistance order information and status, and payment information that you fill out. We will transmit your relevant information to the cooperating partner providing rescue services. If you do not provide the aforementioned information, you cannot use the Road Assistance Service. If the contact person you provide is not yourself, you should ensure that the contact person agrees to our collection and use of their personal information as per this policy.

8. Nearby Maintenance Factory Inquiry Service

To facilitate your inquiry about nearby repair shops and navigation, we will collect your location information. If you refuse to provide the aforementioned information, you cannot use the mentioned service, but it won't affect your use of our other products and services.

9. Bus Basic Information Inquiry Service

When you use Bus Basic Information Inquiry Service, we will collect your geographic location information and, through information sharing with our partners, provide you with basic information query services for bus stops, bus routes, and real-time bus information.

10. Scenic Spot Tickets Service

When you use the scenic tickets service to purchase tickets for attractions, we will collect your departure date, ticket quantity, visitor information (ID type, name, ID number, phone number), order information, etc., to provide you with the ticket purchase service for attractions. If you refuse to provide the aforementioned information, you will be unable to use the aforementioned service. However, this refusal will not affect your use of our other products and services.

11. User Activities

(1) Randomly Selected Mall Service

If you subscribe to the Randomly Selected Mall service to accumulate "DouDou" for redeeming user benefits, we will collect your trip information. To facilitate the delivery of redeemed items, you also need to provide the recipient's name, delivery address, and recipient's phone number. If the recipient is not you, you should ensure that the recipient agrees to the collection of their personal information for the purposes stated in this policy. If you do not provide the aforementioned information, you cannot use the service mentioned above, but it won't affect your use of our other products and services.

(2) Green Travel Carbon Inclusion

If you choose green travel methods such as buses, metro, and ferries, for calculating, summarizing, and issuing carbon reduction and carbon points to you, facilitating your redemption of benefits on the Shanghai Green Travel Carbon Inclusion platform, we will collect your user ID, username, name, gender, desensitized phone number, desensitized ID number, registration device ID, city code, city name, order information, trip information, payment information, etc., after you register on the Shanghai Green Travel Carbon Inclusion platform.

(3) Operation Activities

When you participate in our Operation Activities, to facilitate the public display of activity results, subsequent promotion of the activity, contacting you, and issuing gifts or transfers to you, we will collect your name, mailing address, and contact information. If you do not provide the aforementioned information, you cannot participate in the mentioned Operation Activities, and you will not receive related gifts and transfers, but it won't affect your use of our other products and services.

(4) User Evaluation

If you evaluate related services on this platform, we need to collect your service rating and service review. If you refuse to provide the aforementioned information, it may not be possible to receive feedback on your experience with the related service, but it won't affect your use of our other products and services.

(5) Customer Service

When you contact our customer service team, to facilitate dispute resolution, problem-solving, or feedback to you, we will collect your name, contact information, call details (call content call duration, calling and called phone numbers, and text messages sent through the SH MaaS platform)）. If you refuse to provide the aforementioned information, it may prevent us from receiving your opinions or suggestions, or we may be unable to provide feedback on the results, but it won't affect your use of our other products and services.

(6) Others

If you need to apply online for offline delivery or product testing, it is necessary for you to provide contact information, address, or other necessary information to fulfill the service.

We may invite you to participate in surveys related to our products and services.

12. Security and Data Analysis Service

(1) To control operational risks, ensure the security of your account, transaction security, and system operation, meet the relevant requirements of laws, regulations, and our agreement rules, protect the personal and property safety of you, other users, or the public from infringement, better prevent phishing websites, fraud, network vulnerabilities, computer viruses, network attacks, network intrusions, and other security risks, and more accurately identify violations of laws, regulations, or agreements and rules related to this application. We will collect your device information (including device model, operating system version, device settings, MAC address and IMEI, IDFA, OAID, Android ID, IDFV, and other device identifiers, SIM card IMSI information, SIM card location, device environment, mobile application list, etc.), log information (including browsing history of this app, search content, click and view records, transaction records, IP address, browser type, telecommunications operator, language used, access date and time, running process information), and information communicated through our services, including accounts you have communicated with.

(2) We may use your account information, integrate device information, relevant network logs, and information shared by government agencies, affiliated companies, and partners to assess the risk of your account, perform identity verification, detect and prevent security incidents, and take necessary recording, auditing, analysis, and disposal measures in accordance with the law.

(3) In order to ensure the secure and stable operation of the services provided to you, we need to record information related to your use of the "SH MaaS" service. This includes the type and method of service usage, device model, IP address, device software version, device identification code, device identifier, running process information, overall application operation, location, and network usage. If you do not agree to the recording of the aforementioned information, it may hinder the completion of risk control verification.

13. Public Welfare

In response to the needs of public welfare, especially during unexpected public health events or emergencies aimed at protecting the life, health, and property safety of individuals, when you use functions or services related to public welfare, including but not limited to "Sui Shen Ma," you may be required to provide necessary information. This information includes your name, ID number, phone number, identification photo, and facial biometric information, which is essential for us to implement relevant regulatory measures.

(IV) Scenarios for Authorizing Collection and Use of Personal Information:

14.Service Optimization and Development

We collect and correlate information about your use of our products, services, and the way in which you use them, as necessary to fulfill business requirements or interaction design changes, including:

(1) Log Information: When you use our website or client-provided products or services, we automatically collect detailed information about your usage as part of network log preservation. This includes search query content, accessed service records, access date and time, service request status, and network conditions.

It's important to note that isolated log information cannot identify the specific identity of an individual. If we combine this non-personal information with other information to identify the specific identity of an individual, or if it is used in conjunction with personal information, during the combination period, this non-personal information will be treated as personal information. Except as authorized by you or as otherwise stipulated by laws and regulations, such personal information will be anonymized and de-identified.

(2) Communication Records: When you contact us, we may retain your communication/call records and content or the contact information you provide. This helps us get in touch with you, assist in problem resolution, or record the handling process and results of relevant issues.

(3) Better Meeting Your Needs: We use the collected information to meet your specific requirements (if the user is not logged in, personalized recommendation services do not exist). This includes language settings, location settings, improved help services and guidance, or other responses to you and other users.

(4) We use the collected information to provide you with more relevant services and offer features or services you may be interested in. At the same time, for decisions that may significantly impact your personal rights in certain personalized services, you have the right to request an explanation from us and the right to refuse decisions made solely through automated means.

(5) Statistical Analysis: When you use services such as "Bus Basic Information Inquiry Service", we will use your gender and age to facilitate statistical analysis of the gender ratio and age distribution of the user population corresponding to this service. This helps us create statistical data that is difficult to identify with other information regarding your personal identity.

15. Additional Notes:

If you wish to use certain optional features or services, you must also provide the necessary information for the use of such features or services. This may include gender, date of birth, place of birth, household registration location, ethnic, etc. Before you use these features or services, we will inform you and obtain your consent. In other scenarios where information collection is necessary, if the usage scenario is not directly related to the initial scenario, we will re-obtain your consent before using the information.

With your authorized consent or as required by laws and regulations or regulatory requirements, we may use your personal information for other purposes. The information bolded, underlined, and in black font above represents your sensitive personal information, and we will collect abovementioned information only with your explicit and separate consent. If you do not agree to provide abovementioned information, you will be unable to enjoy the corresponding functions or services, but it will not affect your use of other service functions. Objectively, we cannot guarantee 100% security. In the event that your sensitive personal information is leaked or unlawfully used due to force majeure, it may compromise your dignity or endanger your personal and property security.

After collecting your Personal Information, we will use technical means to de-identify, encrypt, or anonymize your information. Through de-identification, encryption, or anonymization, the information will be rendered unidentifiable regarding your specific identity.

(V) System Permissions:

During your use of the service, we may also need you to provide the following necessary system permissions to complete the service. Please be aware that agreeing to this policy does not automatically enable the corresponding device permissions. When it comes to important or sensitive device permissions, we will request your consent again through a separate pop-up when you use the corresponding business functions before enabling them. After the permissions are granted, you can also turn off permissions at any time through the device settings. Not agreeing to enable permissions will not affect the normal use of other unrelated business functions. The device permissions that may be requested and the scenarios involved are as follows:

1.Location Permission: Required for using location-based services in this application, such as navigation services, real-time public transportation, taxi/car-hailing location pinpointing, nearby parking recommendations, viewing institution information based on location, and locating specialty provinces and cities.

2.Notification Permission: Required to receive system message notifications.

3.Microphone Permission: Required for voice search functionality.

4.Device Reading, Storage, and Camera Permissions: Required for inputting relevant information, uploading or downloading images during online transactions.

5.Bluetooth Permission: Required for using the public transportation feature.

6.Camera (Photo/Video) Permission: Required for 1) scanning QR codes; 2) ID card recognition; 3) uploading photos; 4) facial recognition authentication.

7.Camera (Library) Permission: Required for 1) scanning QR codes; 2) ID card recognition; 3) uploading photos.

8.Phone Permission: Required for making phone calls within the app.

9.Clipboard Content Access Permission: Required to help developers provide information sharing and jump functions, allowing users to share or receive shared information.

10.Network Communication Permission: Required when accessing various services provided by our app's server system through our client.

III. How We Use Cookie and Similar Technologies

(I) Cookie and Similar Technologies:

We may collect and use your information through cookie (data stored on the user's local device) and other related technologies. The specific purposes for using cookie include:

(1) Remembering Your Identity: Cookie help us recognize you as a registered user.

(2) Analyzing Your Use of Our Services: This helps us provide more thoughtful personalized services, including customized pages and recommendations.

(3) Browser Settings for Cookie: You can refuse or manage cookie through your browser settings. However, please note that disabling cookie may affect the availability of certain features, and you may not enjoy the optimal service experience.

(4) Information Recorded by Cookie in This App: The information recorded by cookie in this application is subject to this privacy policy.

(II) SDK

To ensure the implementation and stable operation of SH MaaSAPP's related functions and applications, we may integrate software development kits (SDKs) provided by third parties to achieve specific purposes. Regarding how third parties collect and use your personal information, we recommend that you refer to the relevant service agreements and personal information processing rules of the third-party SDK. You can access the information collection, usage, and protection rules of third parties through the following link, and this text is only a reiteration. If you choose not to provide the mentioned information, you may not be able to use the corresponding service, but it will not affect your use of other services we provide. Please note that the responsibility for protecting information collected by third-party SDKs lies with the third parties. Refer to the privacy policies of the respective third parties for related information.

During the provision of our services, we may also collect the following information through third-party SDKs:

1. Scenario: Map

SDK Name: Gaode Maps

Third-party Name: Amap Software Co., Ltd

Purpose: Map display, location tracking of people and vehicles, navigation, address search, voice, recommending nearby public transportation and parking lots.

Personal Information Involved: Device information (IMEI, IDFA, Android ID, MEID, MAC address, OAID, IMSI, hardware serial number, sensor information, Bluetooth information, etc.), network information (IP address, WiFi status, WiFi parameters, WiFi list, base station information, etc.), location information (GNSS information, latitude and longitude, precise location, rough location, etc.). Location information collection frequency: Android system defaults to every 2 seconds, business is every 5 seconds; iOS system is based on the system's own rules, reading whenever the location changes.

Privacy Policy Link: Gaode Maps Open Platform Privacy Policy | Gaode Maps API

Contact: 4008100080

2. Scenario: One-click Login with Local Number

(1) SDK Name: Alibaba Cloud Number Authentication

Third-party Name: Aliyun Computing Co., Ltd.

Purpose: Achieve one-click login and verification with the local number.

Personal Information Involved: Network type, device information (including IP address, device manufacturer, device model, phone operating system, IDFV, SIM card or International Mobile Subscriber Identity (IMSI) information, location information, etc.), log information, etc.

Privacy Policy Link: https://terms.aliyun.com/legal-agreement/terms/suit_bu1_ali_cloud/suit_bu1_ali_cloud202112211045_86198.html

Contact: dypns_aliyun@alibabacloud.com

(2) SDK Name: China United Network One-click Login

third-party Name: China United Network Communication Group Co., Ltd.

Purpose: Identify the user's China United Network Communication phone number for quick login

Personal information involved: Local mobile phone number, network type, network address, carrier type, International Mobile Subscriber Identity (IMSI), SIM card quantity, mobile device type, mobile operating system, hardware manufacturer, screen size, screen resolution information, anonymized user identifier generated based on mobile device type (UAID), device identification code.

Privacy Policy Link: https://opencloud.wostore.cn/authz/resource/html/disclaimer.html?fromsdk=true

Contact: 4000096800

(3) SDK Name: China Telecom One-click Login

Third-party Name: Tianyi Digital Life Technology Co., Ltd.

Purpose: Identify the user's China Telecom phone number for quick login.

Personal Information Involved: Local phone number, International Mobile Subscriber Identity (IMSI), application process information, network connection type, network status information, network address, carrier type, phone device type, phone device manufacturer, phone operating system type and version.

Privacy Policy Link: https://e.189.cn/sdk/agreement/content.do?type=main&appKey=E_189&hidetop=true&returnUrl=

Contact: id@189.cn

(4) SDK Name: China Mobile One-click Login

Third-party Name: China Internet Corporation

Purpose: Identify the user's China Mobile phone number for quick login.

Personal Information Involved: Network type, network address, carrier type, local phone number, phone device type, phone operating system, hardware manufacturer, International Mobile Subscriber Identity (IMSI), and SIM card quantity, etc.

Privacy Policy Link: https://wap.cmpassport.com/resources/html/contract2.html

Contact: 10086

3. Scenario: Third-party Account Login

SDK Name: Sui Shen Ban Citizen Cloud

Third-party Name: Shanghai SMMAIL Info Serv Co., Ltd.

Purpose: Quickly log in by binding the user's Sui Shen Ban Citizen Cloud account.

Personal Information Involved: Username, profile photo, name, ID number, phone number, facial biometric information, bank card number, bank card type.

Privacy Policy Link: https://api.eshimin.com/privacyPolicy/privacyPolicy/toPrivayPolicy

Contact: 12345

4. Scenario: Third-party Account Login, Information Sharing, Third-party Payment

SDK Name: WeChat

Third-party Name: Shenzhen Tencent Computer Systems Company Limited

Purpose: Bind the user's WeChat account for quick login; provide users with the ability to share to the WeChat platform; provide WeChat payment functionality.

Personal Information Involved: Hardware device model, terminal system type, device identification code, software version information in use, software language settings information, IP address, region, mobile network information, standard network log data and network usage habits, as well as operational records of using Tencent's financial services.

Privacy Policy Link: https://support.weixin.qq.com/cgi-bin/mmsupportacctnodeweb-bin/pages/ONwPihxKd82RAkIJ；https://www.tenpay.com/v3/helpcenter/low/privacy.shtml

Contact: weixin-open@qq.com

5. Scenario: Third-party Account Login, Third-party Payment

SDK Name: Alipay

Third-party Name: Alipay (China) Network Technology Co., Ltd.

Purpose: Bind the user's Alipay account for quick login; provide users with Alipay payment functionality.

Personal Information Involved: Common device information (including IMEI, IMSI, SIM card serial number/MAC address, Android ID, SSID, BSSID, device basic information [model/manufacturer, etc.], network information, system information).

Privacy Policy Link: https://opendocs.alipay.com/open/01g6qm；https://render.alipay.com/p/c/k2cx0tg8

Contact: 95188

6. Scenario: Message Push

(1) SDK Name: Huawei Push

Third-party Name: Huawei Software Technology Co., Ltd.

Purpose: Push messages to Huawei phone users.

Personal Information Involved: Application basic information, in-app device identifiers, device hardware information, system basic information, and system setting information.

Privacy Policy Link: https://developer.huawei.com/consumer/cn/doc/development/HMSCore-Guides/sdk-data-security-0000001050042177

Contact: devConnect@huawei.com

(2) SDK Name: Xiaomi Push

Third-party Name: Beijing Xiaomi Technology Co., Ltd.

Purpose: Push messages to Xiaomi phone users.

Personal Information Involved: Device identifiers (OAID, IMEI, and encrypted Android ID), application information using the push service such as application package name, version number, and running status, device-related information such as device manufacturer, device model, device memory, operating system version, Xiaomi Push SDK version, device location (country or region), SIM card carrier name, current network type.

Privacy Policy Link: https://dev.mi.com/console/doc/detail?pId=1822

Contact: developer@xiaomi.com

(3) SDK Name: Meizu Push

Third-party Name: Meizu Telecom Equipment Co., Ltd.

Purpose: Push messages to Meizu phone users.

Personal Information Involved: Device information (including device name, device model, region and language settings, device identification code (IMEI number, etc.), device hardware information and status, usage habits, IP address, MAC address, operating system version, and settings information for devices accessing services), application information (including application list, application version, application status record [download, install, update, delete], software identification code, and application settings [such as region/language/time zone/font]), log information (including access time, access frequency, access duration, access IP address, search query words, and event information [such as errors, crashes, restarts, upgrades]), location information (related to the use of location-based services, including country code, city code, mobile network code, latitude and longitude, device location, WiFi geographic location information), etc.

Privacy Policy Link: http://static.meizu.com/resources/term/privacy8.html

Contact: DPO@meizu.com

(4) SDK Name: OPPO Push

Third-party Name: Guangdong Huantai Technology Co., Ltd.

Purpose: Push messages to OPPO phone users.

Personal Information Involved: Device-related information (such as IMEI number, Serial Number, IMSI, User ID, Android ID, Google Advertising ID, phone Region settings, device model, phone battery level, phone operating system version, and language), application information of using push services (such as APP package name and version number, running status), push SDK version number, network-related information (such as IP or domain connection results, current network type), message sending results, notification bar status (such as notification bar permissions, user click behavior), lock screen status (such as whether the screen is locked, whether lock screen notifications are allowed).

Privacy Policy Link: https://open.oppomobile.com/wiki/doc#id=10288

Contact: privacy@heytap.com

(5) SDK Name: VIVO Push

Third-party Name: Vivo Mobile Communication Co., Ltd.

Purpose: Push messages to VIVO phone users.

Personal Information Involved: Operating system version number, application program information, device identifiers (such as IMEI number, SIM and IMSI, mobile country code, and VIVO Android device's mobile network number, etc.), MAC address, mobile carrier, language in use, system settings, etc. system, device, and application program data, log information, location information, Cookie, and tracking information.

Privacy Policy Link: https://www.vivo.com.cn/about-vivo/privacy-policy

Contact: push@vivo.com

7. Scenario: Data Statistics

SDK Name: Bugly

Third-party Name: Shenzhen Tencent Computer Systems Company Limited

Purpose: Record and repair crash information.

Personal Information Involved: Log information (including third-party developer custom logs, Logcat logs, and APP crash stack information), device information (phone model, phone brand, system version, API level, manufacturer system version, CPU attributes, whether the device is rooted, whether it is jail broken, disk space usage size, sd card space usage size, memory space usage size, runtime phone status), device ID (including Android id and IDFV), SIM integrated circuit card identification code, network information, system name, system version, and country code.

Privacy Policy Link: https://privacy.qq.com/document/preview/fc748b3d96224fdb825ea79e132c1a56

Contact: Dataprivacy@tencent.com

8. Scenario: Operational Risk Prevention

(1) SDK Name: Tongdun

Third-party Name: Tongdun Technology Co., Ltd.

Purpose: Device recognition for risk control.

Personal Information Involved: Device information (including IMSI, IMEI, Android ID, SIM integrated circuit card identification code (ICCID), MAC address, device type, device model, system type, login IP address, application installation list information, previously visited pages, browser type, etc.), network information, location information, gateway address (DHCP), WiFi subnet mask.

Privacy Policy Link: https://www.tongdun.cn/other/privacy/id=1

Contact: service@tongdun.cn

(2) SDK Name: Geetest

Third-party Name: Wuhan Jiyi Internet Technology Co., Ltd.

Purpose: Login behavior graphic verification.

Personal Information Involved: Device information (device system information, device manufacturer information, device model, device brand, etc.), network information (device network connection status and type, etc.), device environment information (device screen size, device battery charging status, device battery level, device jailbreak identification, device debugging identification, etc.), user biometric trajectory information (user-generated sliding, clicking, mouse moving trajectories during the verification process), verification timestamp, installation package name, etc.

Privacy Policy Link: https://www.geetest.com/Private

Contact: service@geetest.com

(3) SDK Name: IPV4 County-level Location Query Service System V1.0

Third-party Name: Evan (Dalian) Technology Service Co., Ltd.

Purpose: Big data analysis of user access source locations.

Personal Information Involved: IP address information of user network access.

Privacy Policy Link: https://www.ipplus360.com/privacy-policy

Contact: yangxuxian@ipplus360.com

(4) SDK Name: Volcano Engine

Third-party Name: Beijing Volcano Engine Technology Co., Ltd.

Purpose: Identify abnormal user devices and monitor the web.

Personal Information Involved: Device information (device ID, device MAC address, hardware serial number, device brand, device model, operating system, operating system API, system time zone, screen density, screen resolution, disk usage, memory usage, running thread count, CPU information, mobile device country code, mobile device network code, device DPI; Android: Android ID, device brand, operating system API version, user agent, battery level, network traffic, device ABI, ROM; iOS: Jailbreak status, IDFV), application information (application version, application package name, process start time, log type, crash event, crash process, build-id, crash scene, crash time, crash thread name, names of pages visited, stack of all threads in the current process, application service log information, application file name, application file size, disk size; Android: fd list; iOS: application language, application release channel), system and network recognition information (user ID, IP address, session data, carrier information, network access mode).

Privacy Policy Link: https://www.volcengine.com/docs/6431/69429

Contact: 400-850-0030

9. Scenario: Real-person Authentication

SDK Name: UniTrust Unified Identity Authentication

Third-party Name: Shanghai Electronic Certificate Authority Center Co., Ltd.

Purpose: Used for Real-person Authentication.

Personal Information Involved: Name, identity proof (ID card/passport, etc.), phone number, email address, biometric information (portrait, iris, etc.), bank card number.

Privacy Policy Link: https://www.sheca.com/assets/wwx/laws.html

Contact: 021-962600

10. Scenario: Travel Services

(1) SDK Name: Secco Travel

Third-party Name: Shanghai Secco Travel Technology Service Co., Ltd.

Purpose: Used for travel services.

Personal Information Involved: Identity information (name, nickname, gender, age, ID card information and other identification information, commonly used address, email address, phone number, emergency contact information), location information, platform operation information (device information, log information), order information and transaction status, itinerary information, payment information, audio and video information, sensor information, address book permissions, etc.

Privacy Policy Link: https://marketing.saicmobility.com/cms-help/driver/privacyPolicy.html#:~:text=%E6%9C%AC%E9%9A%90%E7%A7%81%E5%8D%8F%E8%AE%AE%EF%BC%88%E4%BB%A5%E4%B8%8B,%E5%85%B3%E7%9A%84%E4%BA%A7%E5%93%81%E6%88%96%E6%9C%8D%E5%8A%A1%E3%80%82

Contact: 400-856-6666

(2) SDK Name: Hello Travel

Third-party Company Name: Shenzhen Hello Mobile Technology Co., Ltd.

Purpose: Used for travel services.

Personal Information Involved: Android ID, IMEI, IMSI, MAC address, SSID, hardware serial number, Bluetooth device address IP personal information, device location-related information (IP address, GPS location), latitude and longitude information, camera permissions, Bluetooth permissions.

Privacy Policy Link: https://m.hellobike.com/ebike-h5/latest/article.html?guid=caf29f866e90410e8212b689bdb9bcb5

Contact: Email to sec@hellobike.com or call Hello Platform customer service at 95175177

In the future, we will adjust SDK access based on business development and feature development. We will promptly inform you of the latest situation of third-party SDK access. Please note that third-party SDKs may have information processing changes due to version upgrades, policy adjustments, etc. Please refer to their official statements for accurate information.

IV. How We Share, Transfer, Publicly Disclose, and Entrust the Processing of Your Personal Information

（I）Sharing

We will not share your personal information with companies, organizations, or individuals outside of our own organization. However, since many services are provided by third-party systems, there may be situations where your personal information is shared with affiliated companies, partners, and other third parties. We will adhere to the following principles:

1. Sharing with Explicit Consent: We will share your Personal Information with other parties only with your explicit consent.

2. Sharing in Legal Circumstances: We may share your Personal Information externally based on legal requirements, regulatory demands, litigation dispute resolution needs, or requests from administrative or judicial authorities in accordance with the law.

3. Facilitating Services or Dispute Resolution: In certain situations, sharing your Personal Information is necessary to facilitate the processing of services or assist in resolving disputes or conflicts between you and others.

4. Sharing with Authorized Partners: We may share some of your Personal Information with partners to provide better customer service and optimize user experience. We will only share Personal Information necessary for providing services for legitimate, justifiable, and essential purposes. Our partners are not authorized to use the shared Personal Information for any other purposes.

Presently, our authorized partners include the following types: affiliated companies, suppliers, service providers, and other partners. We send information to authorized partners supporting our business, including a range of professional services such as providing basic technical services, consulting, and analytics. For companies, organizations, and individuals with whom we share Personal Information, we sign strict confidentiality agreements and information protection agreements, requiring them to process Personal Information according to our instructions, this privacy policy, and any other relevant confidentiality and security measures. Specific sharing scenarios are as follows:

(1) When you use this service, we share your name, ID card number, and QR code boarding order information with the Suishen Code platform (operating entity: Shanghai SMMAIL Info Serv Co., Ltd., contact: 12345) to facilitate your use of metro, bus, ferry, and maglev scenarios for QR code passage services.

(2) When you use taxi services, we share your desensitized phone number, location information, device information, order information and transaction status, payment information, and certain information related to dispute complaints with the Shencheng Travel platform (operating entity: Shanghai Secco Intelligent Transportation Technology Co., Ltd., contact: 400-920-8282) to facilitate the provision of taxi services by Shencheng Travel platform.

(3) When you use ride-hailing services, we share your phone number, location information, order information and transaction status, payment information, and certain information related to dispute complaints with the Xiangdao Travel platform (operating entity: Shanghai Secco Travel Technology Service Co., Ltd., contact: 400-821-8866) to facilitate the provision of ride-hailing services by the Xiangdao Travel platform. If you need to obtain an invoice for ride-hailing, we will also share the billing information (billing individual's name or business name and unified social credit code), email, and other information provided by you with the Xiangdao Travel platform to facilitate the provision of ride-hailing billing services.

(4) When you use parking services, we share your location information, parking payment order information, parking reservation order information, and off-peak order information with the Shanghai Municipal Transportation Commission (contact: 962319) to provide you with parking lot inquiry, parking payment, parking reservation, off-peak shared signing services.

(5) Road Assistance Service: When you use road assistance services, we share your order information, order status, and payment information with Shanghai Rutting Information Technology Co., Ltd., to provide you with road assistance services.

(6) Legal Requirements: We may share your personal information externally based on legal regulations or mandatory requirements from government agencies, regulatory bodies, or judicial authorities.

(II) Transfer

We will not transfer your Personal Information to any company, organization, or individual. Exceptions include:

1. Prior Consent: With your prior consent.

2. Organizational Adjustments: In accordance with national policy arrangements or legal regulations, we, as well as relevant government agencies, may undergo organizational adjustments, asset allocations, transfers, or similar transactions, and your information may be transferred as part of such transactions. We will comply with the requirements of relevant laws and regulations, notify you before the transfer, ensure the security of information during the transfer, and require the new entity holding your personal information to continue to be bound by this policy. Otherwise, we will request the entity to seek your authorization and consent again.

(III) Public Disclosure

Without your consent, we will not publicly disclose your information, except in the following cases:

1. Prior Consent: With your prior consent.

2. Legal Compliance and Safeguarding Interests: If we determine that you have violated laws and regulations or seriously violated our relevant agreement rules, or to protect our or the public's personal and property safety from infringement, we may, in accordance with laws and regulations, comply with court judgments, rulings, or other legal procedures, comply with the requirements of relevant government agencies or other competent authorities, or publicly disclose your Personal Information based on our relevant agreement rules. This includes information about the violation and the measures we have taken against you.

(IV) Entrusted Processing

To improve information processing efficiency, reduce information processing costs, or enhance information processing accuracy, during website maintenance, data analysis, advertising services, audits, and other similar services, we may entrust capable third parties (including our affiliated companies or other professional organizations) to process information on our behalf (within the scope of your authorized consent, and these third parties will only know your personal information for the purpose of providing services to us or representing us in certain activities). We will require the entrusted company to comply with strict confidentiality obligations and take effective confidentiality measures through written agreements, on-site audits, etc. Prohibiting them from using this information for purposes not authorized by you. When the entrustment relationship is terminated, the entrusted company will no longer retain personal information. We promise to be responsible for this.

V. How We Store Your Personal Information

Personal Information collected and generated by us in the People’s Republic of China (excluding the Hong Kong Special Administrative Region, Macao Special Administrative Region, and Taiwan region) will be stored within the territory of the People's Republic of China.

During your use of this application service, we will continuously store your Personal Information. We determine the storage period of personal information mainly based on the following criteria, and the longer one will prevail:

1. Necessary for Agreement Execution: For the purpose of executing relevant service agreements, this policy, maintaining public welfare, handling complaints/disputes, and protecting the personal and property safety or legal rights and interests of our customers, our affiliated companies, other users, or employees.

2. Extended Period with Your Consent: The longer period you agree to.

3. Compliance with Legal Requirements: Compliance with court judgments, rulings, or other legal procedures.

4. Special Legal Regulations and Regulatory Requirements: Other special legal regulations and regulatory provisions with retention periods.

Our retention period for your personal information is no less than 2 years. After the retention period expires, we will delete the collected information. If it is technically difficult to delete personal information, we will cease processing it beyond storage and implement necessary security measures.

VI. How You Can Manage Your Personal Information

(I) Access, Copy, Correct, and Supplement Your Personal Information

1. After logging into this application, you can view your profile photo, account name, nickname, real-person verification status, and identity information (credential type, name, ID number) in "My - Personal Profile". In "My - Settings - Account and Security", you can check the bound phone number.

2. If you need to copy your personal information, you can export it in "My - Settings - Privacy Center - Personal Information Viewing and Export" section within our application, or contact our official service hotline to reach customer service. After verifying your identity, we will provide you with a copy of your personal information in our application (including basic profile and identity information), except where prohibited by laws and regulations or specified otherwise in this policy.

3. You can modify your profile photo and nickname in "My - Personal Profile". In "My - Settings - Account and Security - Change Login Password", you can change the login password. You can also change the phone number in "My - Settings - Account and Security".

4. Correct and Supplement Your Personal Information: If you find that the information about you processed by this application is incorrect or incomplete and cannot be corrected or supplemented by yourself, please call our official service hotline for correction or supplementation.

(II) Delete Your Personal Information

To ensure the security of your personal information in the application, online deletion of personal information permissions has not been opened. If you want to delete some or all of your Personal Information, you can call our official service hotline for assistance. At the same time, if personal information involves third parties due to sharing, transfer, disclosure, etc., the third party will also be unable to continue to obtain or retain your personal information.

You can request the deletion of Personal Information from us in the following situations:

(1) If the purpose of processing your personal information by us has been achieved, cannot be achieved, or is no longer necessary for achieving the processing purpose.

(2) If you withdraw your consent.

(3) If we violate laws, regulations, or agreements in processing your personal information.

(4) If you no longer use our products or services.

(5) If we no longer provide products or services to you, or the retention period has expired.

(6) Other circumstances as provided by laws and administrative regulations.

After you delete information from our service, we may not immediately delete the corresponding information from the backup system. However, we will delete this information when the backup is updated. During this period, we will stop processing beyond storage and take necessary security measures.

(III) Change the Scope of Your Authorized Consent or Withdraw Your Authorization

You can change or withdraw your consent to collect and process your personal information in the following ways:

1. Manage authorization in "My- Settings - Privacy Center - Agreement Authorization".

2. Manage the system permission authorization used by the app in "My - Settings - Privacy Center - Permission Management".

3. Manage the system permission authorization you use through the device system permission management page.

4. Revoke authorization by modifying personal information, deleting personal information, or closing functions.

When you withdraw consent or authorization, it may result in us no longer being able to provide services corresponding to the withdrawn consent or authorization. However, withdrawing consent or authorization does not affect the processing of personal information based on your prior consent or authorization.

After you withdraw consent or authorization, we will no longer process the corresponding personal information. However, the information provided or generated by you during the use of our services still needs to be anonymized and retained for the time required by laws, regulations, and regulatory requirements. During this legally required retention period, the relevant regulatory authorities still have the right to query in accordance with the law.

(IV) User Account Cancellation Management

You can deactivate your account in "Me - Settings - Account & Security - Deactivate Account" or contact customer service to request the deactivation of your account. To protect your legitimate rights and interests, we need to verify your identity before deactivating your account and evaluate whether to support your deactivation request based on your usage of the "SH MaaS" product or service. For example, if there are orders generated through SH MaaS information services in your account, unpaid orders in your ride-hailing function, or if you have not unbound third-party accounts or closed third-party services, we may not immediately support your request.

After you voluntarily deactivate your account, our application systems based on the "SH MaaS" platform will cease to provide products or services to you, and we will delete or anonymize your personal information in accordance with applicable laws. If deleting personal information is technically difficult, we will anonymize it or stop processing it except for storage and necessary security measures, unless otherwise required by laws and regulations.

(V) Explanation of Personal Information Processing Rules

You can call our official service hotline to request an explanation of the personal information processing rules.

(VI) Constraints on Information System Automated Decision-Making

In certain business functions, we may rely solely on algorithm-based non-human automatic decision-making mechanisms to make decisions. You can turn off personalized content recommendations in "My - Settings - Privacy Center - Recommendation Management". If these decisions affect your legitimate rights and interests, you can file a complaint about the automated decision-making results by calling our official service hotline.

(VII) Rights Related to Deceased Individuals

In the event of your passing, your immediate family members may, for their legitimate and lawful interests, exercise the rights related to your personal information as stipulated in this clause, including but not limited to the rights to access, copy, correct, and delete such information; unless you have made other arrangements during your lifetime.

(VIII) Responding to Your Requests Above

To ensure security, you may need to provide a written request or prove your identity in other ways. We may request you to verify your identity and review the legitimacy before processing your request. Please understand that due to technical limitations and legal requirements, some of your requests may not be able to be fulfilled. For certain requests that are unreasonably repetitive, require excessive technical means, pose risks to the legitimate rights and interests of others, or are highly impractical, we may refuse but will explain the reasons. Despite the above agreements, according to legal requirements, we may not be able to respond to your request in the following situations:

1. Concerning national security and defense.

2. Relating to public safety, public health, and significant public welfare.

3. Relevant to criminal investigation, prosecution, trial, and execution of judgments.

4. There is sufficient evidence to show your subjective malice or abuse of rights.

5. Responding to your request would cause serious harm to your or other individuals, organizations' legitimate rights and interests.

6. Involving trade secrets.

7. Associated with our fulfillment of legal obligations stipulated by laws and regulations.

If you have any questions about the realization of the above rights, you can contact us using the relevant contact information in "How to Contact Us."

For you, your potential guardian, immediate family members, and other authorized parties who wish to make the aforementioned requests, as well as for the personal information rights as provided by the laws of the People's Republic of China and other applicable laws, you can contact our customer service or directly initiate a complaint with our personal information protection officer. We will respond within 15 days.

VII. Exceptions to Obtaining Authorized Consent

According to relevant laws, regulations, and regulatory requirements, we may process Personal Information without obtaining your prior authorized consent in the following situations:

1. Necessary for signing and fulfilling contracts at your request.

2. Necessary for us to fulfill legal duties or statutory obligations.

3. Necessary to respond to sudden public health events or emergencies to protect the life, health, and property safety of natural persons.

4. Necessary for implementing news reporting and public opinion supervision within a reasonable scope, processing your personal information.

5. Process your personal information within a reasonable scope that you have voluntarily disclosed or has been lawfully disclosed by others.

6. Other situations as stipulated by laws and administrative regulations.

VIII. How We Protect Your Personal Information

We will make efforts to ensure the security of Personal Information to prevent the loss, improper use, unauthorized access, or public disclosure of information.

(I) To ensure the security of your information, we will use security protection measures that comply with industry standards, as required by relevant laws and regulations and the current level of technology. These measures aim to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration of your provided Personal Information. We will employ physical, technical, and administrative security measures to prevent unauthorized access, public disclosure, use, modification, damage, or loss of data.

For example, we use Secure Sockets Layer (SSL) for encrypted transmission over the internet, encrypt stored information, and strictly limit access to data centers. When transmitting and storing sensitive personal information (including personal biometric information), we employ security measures such as encryption, access control, and de-identification.

(II) We have established dedicated departments and formulated emergency plans, including a department responsible for personal information protection. We conduct security impact assessments for personal information collection, usage, sharing, and entrusted processing. Additionally, we have established relevant management systems, applying the principle of least privilege to staff who may access your information. We monitor the actions of staff handling your information systematically and continuously train them on relevant laws, regulations, privacy security guidelines, and enhance security awareness through regular testing. Our network systems undergo evaluation for compliance with national network security level protection. We also annually engage external independent third parties to assess our information security management system.

(III) We have developed an emergency response plan for personal information security incidents. We regularly organize internal personnel for emergency response training and drills to ensure they understand their duties and emergency response strategies and procedures. In the event of a personal information security incident, we will promptly take remedial measures in accordance with legal requirements to effectively prevent information leakage, tampering, loss, and other hazards. We will report the incident to relevant regulatory authorities. If the regulatory authorities believe that the personal information security incident may harm you, we will promptly inform you of the relevant details through app push notifications, emails, or text messages, or release an announcement through reasonable and effective means.

(IV) Internet Environment and User Cooperation: The internet environment is not entirely secure, and we will do our best to ensure the security of your Personal Information. Please understand that due to technical limitations and potential malicious attacks, unforeseen, preventable, controllable accidents may occur. We strongly recommend that you take active measures to protect the security of personal information, including but not limited to using complex passwords, regularly changing passwords, not providing your account password and related personal information to others, etc., to help us ensure the security of your information.

(V) Protection of User Identity Information: When using our services, we will identify you through your phone number, name, ID number, or other identity verification information. Please ensure the proper safeguarding of this information. If you disclose this information, your account information may be compromised, potentially resulting in the loss of your financial security and other personal rights and interests.

IX. How We Protect Information of Minors

(I). We expect parents or other guardians (hereinafter collectively referred to as "guardians") to guide minors in using our services. We will protect the confidentiality and security of information regarding minors in accordance with relevant national laws and regulations.

(II). If you are over fourteen but under eighteen years old, please use our services or provide information to us under the premise of carefully reading this policy and consider inviting your guardian to guide you in doing so. If you are under fourteen years old (hereinafter referred to as "children"), please have your guardian carefully read this policy and the "SH MaaS" Children's Personal Information Protection Rules and Guardian Instructions, and use our services or provide information to us only with your guardian's consent. If your guardian does not agree to your use of our services or providing information to us according to this policy, please stop using our services immediately and promptly inform us so that we can take appropriate measures.

(III). In cases where we collect information from child users with the guardian's consent, we will only use or disclose this information when permitted by law, explicitly agreed upon by the guardian, or when necessary to protect the child. If a guardian discovers that we have collected a child's Personal Information without parental or guardian consent, please contact our customer service hotline. We will make efforts to promptly delete the relevant data.

(IV). The Real-person authentication information of minors is managed by the real-person authentication management organization. Due to considerations of risk control by the management organization, there may be situations where real-person authentication for minors cannot be completed. In such cases, we will be unable to provide the corresponding services.

X. How Your Personal Information Is Transferred Globally

Personal Information collected by us within the People's Republic of China (excluding the Hong Kong Special Administrative Region, Macao Special Administrative Region, and Taiwan) will be stored within the territory of the People's Republic of China. If, due to business needs, it is necessary to transfer your Personal Information overseas, we will:

(I). Obtain your separate authorization and consent and go through the legal procedures to ensure that your Personal Information is sufficiently protected in compliance with applicable laws and regulations at that time.

(II). Abovementioned transfers will be conducted in compliance with the applicable laws and regulations at that time. Even if we obtain your authorization, if the transfer method or purpose does not comply with relevant laws and regulations, we will not proceed with the transfer.

XI. Our Operational Organization

Company Name: Shanghai Mobility Service Technology Co.,Ltd.

Registered Address: Room 71001, 7th Floor, Building 4, No. 789 Tianshan West Road, Changning District, Shanghai

Office Address: Building 2, No. 699 Lingshi Road, Jing'an District, Shanghai

Email of the Person in Charge of Personal Information Protection: sec_shmaas@shmaas.cn

XII. How This Policy Is Updated

In the event of changes to relevant laws and regulations or necessary changes to our services, if we need to modify this policy, we will prompt you again through a pop-up window on the homepage before the revision takes effect. Once confirmed, it will take effect and replace the previous content. If you do not agree with the new modifications, please contact us promptly or stop using the services specified in this policy. If you choose to continue using the relevant services, it will be considered that you fully agree to and accept the new modifications. If objective circumstances and changes in business policies require us to interrupt or cease related services, we will promptly notify you. Please understand and agree to this.

XIII. How to Contact Us

If you have any questions about this policy or any related complaints, disputes, or opinions, please contact our official service hotline (Official Service Hotline: 【$phoneStr】）for feedback. We will handle your request as soon as possible and respond within 15 working days after verifying your user identity.

XV. Other

(I) Establishment, Effectiveness, Fulfillment, Interpretation, and Dispute Resolution of This Policy: This policy is governed by the laws and regulations of the People's Republic of China (excluding the Hong Kong Special Administrative Region, Macao Special Administrative Region, and Taiwan) for the purposes of establishment, effectiveness, fulfillment, interpretation, and dispute resolution.

(II) Dispute Resolution: In case of any disputes over the content or implementation of this policy, you can contact our official service hotline for negotiation. If negotiation fails, you can also file a lawsuit with the competent People's Court in the jurisdiction of Changning District, Shanghai, where we are located.

Special reminder: This English version is translated from the Chinese version. In case of any conflict, the Chinese version shall prevail.