CommLink Privacy Policy

I. Introduction

Welcome to use CommLink (hereinafter referred to as "we"). We fully understand the importance of personal information and shall strictly comply with the Personal Information Protection Law of the People's Republic of China, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other valid data protection and privacy laws, regulations and industry norms in force in other countries/regions. We adopt strong encryption technology to protect your privacy and security, and formulate strict management systems to regulate all data processing activities. When you access or use the relevant services of CommLink, it means that you agree to the provisions of this policy on how we collect, use, store, transmit and protect your personal information (including sensitive personal information: facial information). If you disagree with any content of this Privacy Policy, please immediately stop using or accessing our products and services.

If you are under the age of 14, you may only use our services or provide information to us after reading this policy accompanied by a legal guardian and obtaining the explicit consent of the legal guardian.

Key points of this Privacy Policy are as follows:

i. We will explain the types of personal information collected and their corresponding purposes in different functional scenarios one by one, clearly inform you of the collection purposes, scope and methods of various information, so that you can fully understand the details of information processing;
ii. When you use functions involving sensitive personal information such as facial recognition, we will obtain your explicit consent separately; unless otherwise required by laws and regulations, refusal to provide such information will only prevent you from using the relevant specific functions and will not affect your normal use of other functions of CommLink;
iii. We will not actively share or transfer your personal information to third parties outside CommLink. If it is really necessary to share or transfer such information, we will obtain your explicit consent directly or confirm that the third party has obtained your explicit consent, and conduct strict risk assessment on relevant behaviors;
iv. We will not actively obtain your personal information from third parties outside CommLink. If it is really necessary to obtain such information indirectly due to business development needs, we will clearly inform you of the source, type and scope of use of the information in advance, and obtain your explicit consent separately if it exceeds the original authorized scope;
v. In accordance with the relevant laws and regulations of various regions around the world, you may exercise the rights to access, correct and delete personal information, withdraw authorization, file complaints and reports, and we will fully protect your legitimate rights and interests.

For more detailed information, please read the corresponding chapters according to the following index:

1. Personal Information We Collect
2. How We Use Your Information
3. How We Use Cookies and Similar Technologies
4. Description of Mobile System Permission Application and Usage
5. Data Collection and Storage
6. Your Rights and Exercise Methods
7. How We Protect Your Personal Information
8. How We Process Personal Information Provided by Minors
9. How We Share, Transfer and Publicly Disclose Your Personal Information
10. Supplementary Explanation on Cross-border Transmission of Information
11. Description of FCM Push Service and Information Sharing Rules
12. Updates to This Policy
13. Scope of Application
14. How to Contact Us

II. Personal Information We Collect

When providing services, we will collect, store and use the following corresponding information according to the functional scenarios you use, and all information collection shall follow the principle of "minimum necessity":

Functional Scenarios	Types of Collected Information	Purposes of Collection	Authorization Method
Account Registration/Login	Mobile phone number/email address, verification code, username, password	Identity verification, account management, cross-border service adaptation	Explicit consent during registration
Real-name Authentication (Property/Administrator)	Name, work certificate-related information (non-sensitive information)	Compliant operation, access control of community equipment management permissions	Separate pop-up authorization
Device Binding via QR Code Scanning	Camera permission, device identification code, binding time	Complete the association between device and account, realize device management functions	Dynamic authorization of system permissions (revocable)
Door Access via Facial Recognition	Facial images/feature information (sensitive personal information), facial verification records	Realize identity verification for community access control and security admission management	Separate pop-up for explicit consent (authorization can be withdrawn through APP settings)
Call and Message Push	Device call records, message reception status, mobile phone notification permission	Realize two-way calls between devices and users, and push service messages in a timely manner	Default authorization when using the service (revocable through system settings)
Person/Owner/Device Management	Basic owner information (name, housing number), device model/serial number, device operation status data	Complete community personnel filing, device control and monitoring	Voluntarily submitted and agreed to use by you
Record Management	Device call records, operation logs, fault feedback records, facial usage records	Service traceability, troubleshooting, function optimization	Automatically collected during service use (personal related records can be deleted in the APP)
Core Service Operation	Device information (model, operating system, IMEI/IDFA), IP address, usage region	Ensure the stability of cross-border services and adapt to network environments in different regions	Default authorization when using the service (non-essential collection can be turned off through APP settings)

Supplementary explanation: We will store and process the shared information you provide to other parties through our services, as well as the information you submit, send or receive when using the services, as necessary according to the requirements of relevant functions to ensure the normal operation of the services.

III. How We Use Your Information

The purpose of collecting personal information is to provide you with products or services and comply with applicable laws, regulations and other normative documents. We will use the collected information for the following purposes:

1. To provide, process, maintain, improve and develop our products and services for you, such as account management, device binding, access control verification, customer support, etc.;
2. To send service notifications, including important information such as device fault reminders, account security reminders, cross-border service policy update notifications, facial information usage reminders, etc. Such information is crucial to your service experience, and we recommend that you do not refuse to receive it;
3. Compliance risk control and security protection, such as identifying abnormal logins, preventing device theft, controlling access control security risks, executing software verification and upgrades, etc.;
4. To provide necessary information to affiliated companies, third parties or other users when providing specific services as required by you;
5. To invite you to participate in surveys on our products and services to help us optimize service quality;
6. To store and maintain information related to you for business operations (such as business statistics) or to perform legal obligations;
7. Other purposes with your consent.

Special Commitments:

1. Facial information is only used for access control identity verification and not for any other scenarios;
2. We will not display content or advertisements to you based on sensitive categories (e.g., race, religion, sexual orientation or health status);
3. We will not share information that can be used to identify your personal identity with advertisers or partners (unless authorized by you);
4. We will never sell your personal information to any third party at any time and under any circumstances, and only use your information within the scope permitted by law.

According to relevant laws, regulations and internationally accepted rules, we are not required to obtain your authorization and consent for collecting and using your personal information in the following circumstances:

1. Directly related to national interests such as national security and national defense security; directly related to major public interests such as public security, public health and public awareness;
2. Directly related to criminal investigation, prosecution, trial and judgment enforcement;
3. Necessary for safeguarding your or other individuals' major legitimate rights and interests such as life, property and reputation but it is difficult to obtain the consent of the person concerned;
4. The collected personal information is voluntarily disclosed by you to the public;
5. Collecting personal information from legally publicly disclosed information, such as legitimate news reports, government information disclosure and other channels;
6. Necessary for signing and performing contracts at your request;
7. Necessary for maintaining the safe and stable operation of the provided products or services, such as detecting and disposing of faults of products or services;
8. Necessary for carrying out legitimate news reports;
9. Necessary for carrying out statistics or academic research for public interests, and de-identifying personal information when providing research results to the outside;
10. Transferring for the completion of merger, division, acquisition or asset transfer;
11. Other circumstances stipulated by laws and regulations.

Please understand that our functions and services will be continuously updated and developed. If a new function or service needs to collect your information which is not covered in the above description, we will separately inform you of the content, scope and purpose of information collection through page prompts, interactive processes, APP announcements and other ways, and collect such information only after obtaining your consent.

IV. How We Use Cookies and Similar Technologies

A Cookie is a small file containing a string of characters that is sent to your device when you access the relevant services. When you use the services again, the Cookie enables the system to identify your device and usage preferences. You may reset or reject all Cookies through your device browser or system settings, or set a prompt when Cookies are sent, but some service functions may not work properly as a result.

When you use the relevant services of CommLink, we will use Cookies, anonymous identifiers and other similar technologies to collect and store your access and usage information. We regard the information collected through such technologies as non-personal information, but if the local law regards IP address or similar identification marks as personal information, we will protect such information in accordance with the relevant provisions on personal information. We mainly use Cookies and similar technologies to achieve the following functions:

1. Ensure the safe and efficient operation of products and services: Set Cookies or anonymous identifiers related to authentication and security to confirm whether you log in safely, prevent theft, fraud and other illegal acts; optimize service efficiency and improve login and response speed;
2. Help you get a more convenient access experience: Eliminate the need to repeatedly fill in personal information and enter search content, such as realizing one-click login and recording operation habits;
3. Log files: Collect specific information and store it in log files, including IP address, browser type, Internet Service Provider (ISP), referring/exit pages, operating system, date/time stamp and click stream data, etc. We will not associate such automatically collected log data with other personal information;
4. Mobile analysis: Use mobile analysis software to understand the operation of CommLink on your device, which may record the frequency of your use of the application, in-application events, cumulative usage time, performance data and crash location, etc. Such information will not be associated with the personal information you submit;
5. Local storage (HTML5/Flash): Use Local Storage Objects (LSO) to store content. Some cooperating third parties (such as entities providing functional support or advertising delivery) may also collect relevant information through HTML5 or Flash Cookies, and you may delete HTML5 local storage objects through the management tools of your device browser.

V. Description of Mobile System Permission Application and Usage

To provide you with more complete services related to CommLink, we will apply to your mobile phone for the corresponding system permissions according to the specific functions you use. We promise that all permission applications are necessary for realizing the corresponding services without any redundant permission applications, and we will apply for authorization from you in a friendly and clear manner. You may turn off the relevant permissions in the mobile phone system settings at any time. Turning off the permissions will only affect the use of the corresponding functions and will not affect other services. The relevant permission applications and usage instructions are as follows, all of which are standard statements for compliance review:

1. Camera permission: We request to obtain your camera usage permission only for completing the QR code scanning and binding operation of community access control devices, facial recognition enrollment and facial recognition door access verification for you. We will not take irrelevant photos and videos. Turning off this permission will prevent you from using the functions of device binding via QR code scanning and facial recognition, but will not affect other functions such as account login and message reception;
2. Video recording permission: We request to obtain your video recording permission only for dynamic facial collection and verification of the facial recognition function to ensure the accuracy and security of access control identity verification. It is only temporarily invoked when you actively trigger the facial recognition function, without background video recording, and no irrelevant video data will be retained;
3. Mobile phone photo/album reading permission: We request to obtain your mobile phone photo/album reading permission only for providing you with the service of selecting photos from the album to upload and improve personal information and upload device-related certificates. We will not arbitrarily read, download or upload any photos in your album, nor obtain additional information such as the location of photos in the album;
4. Voice/microphone permission: We request to obtain your voice/microphone usage permission only for realizing voice communication with the community access control device terminal when you use the two-way call function of access control. It is only invoked when you actively initiate or answer a call, without background recording of your voice content. The call voice data is only temporarily cached and automatically cleared after the call ends;
5. Notification permission: We request to obtain your mobile phone notification permission only for pushing important service messages to you such as device call reminders, account security notifications, device fault warnings and service updates. You may turn off this permission in the system settings at any time. Turning off this permission will prevent you from receiving relevant reminders without affecting the use of core functions.

All permissions are optional authorization. You may choose whether to enable them according to your own needs. We will not discriminate against or refuse to provide you with basic services because you refuse to grant non-core permissions. All permission invocations follow the principle of "authorization upon invocation and release after use", without any background silent invocation behavior.

VI. Data Collection and Storage

(I) Principles and Specifications for Data Collection

We always abide by the principles of "legality, legitimacy, necessity and good faith" and the principle of "minimum necessity" as required by the Personal Information Protection Law and data compliance requirements of various regions around the world to carry out data collection work. All data collection behaviors are centered on providing you with the core services and related auxiliary functions of CommLink without any meaningless information collection. The specific collection specifications are as follows:

1. All data collected by us is the information necessary for you to use the services of this application. We will not collect redundant data irrelevant to the services, nor collect your personal information through any concealed means;
2. For the collection of all personal information, we will clearly inform you of the purpose, scope, method and usage scenarios of collection in advance. For sensitive personal information (such as facial information), we will collect it only after obtaining your separate explicit consent;
3. Data collection methods are divided into three categories: "voluntarily submitted by you", "collected with system permission authorization" and "automatically collected during service operation". All collection methods are clearly traceable, and you may understand all collection details through this policy;
4. When you no longer use the corresponding functions or turn off the relevant permissions, we will immediately stop all data collection behaviors under such functions and will not continue to retain the access permissions of the relevant collection channels.

(II) Core Rules for Data Storage

We securely store all your personal data and usage behavior-related data. The storage behavior strictly complies with the requirements of laws and regulations and industry safety standards, providing comprehensive security protection for your stored data. The core storage rules are as follows:

1. Storage medium security: All your data is stored in compliant cloud servers with level protection qualifications and local encrypted storage areas. The servers are deployed with multiple firewalls, intrusion detection and other protective measures to prevent unauthorized access;
2. Hierarchical storage management: We conduct hierarchical and classified storage of the collected data. Among them, sensitive personal information such as facial information, mobile phone numbers and real-name authentication information is stored in an independent encrypted storage module, physically isolated from other non-sensitive information, and stored with the high-strength AES-256 encryption algorithm throughout the process;
3. Local storage explanation: To improve the service experience, some non-sensitive data (such as device binding records and local operation logs) will be temporarily stored locally on your mobile phone. The locally stored data is also encrypted and can only be read by this application without being obtained by other applications. You may clear the local cached data in the APP at any time;
4. Storage access control: We strictly restrict the access permissions of data storage servers. Only authorized core technical personnel may access the data after fulfilling the approval process. All access behaviors are recorded in detailed logs to achieve full-process traceability and auditability;
5. Compliance with storage period: The storage period of all data follows the principle of "necessary shortest duration", and is only retained for the shortest period required to provide you with services. When the storage period expires, you cancel your account or no longer use the services of this application, we will completely delete all your personal data or conduct irreversible anonymization processing within 30 working days;
6. Backup and disaster recovery: We will conduct regular encrypted backup of core data, and the backup data is also stored in compliant servers. The backup is only for preventing data loss and ensuring service stability. The use and destruction of backup data follow the same rules as the original data and will not be used for other purposes.

(III) Supplementary Explanation on Data Storage

1. We will not store your personal data in any unknown storage nodes other than overseas servers. For relevant information on cross-border storage, please refer to the subsequent chapters of this policy. All cross-border storage behaviors have obtained your explicit consent and comply with local regulatory requirements;

2. If it is necessary to extend the data storage period due to legal and regulatory requirements (such as cooperating with judicial investigations and retaining transaction records), we will complete the data deletion or anonymization processing immediately after the expiration of the compliance period;

3. You may apply to inquire about the storage status, storage location and storage period of your personal data at any time through the methods listed in this policy, and we will provide you with the relevant inquiry results within the specified time limit.

VII. Your Rights and Exercise Methods

In accordance with the Personal Information Protection Law of the People's Republic of China, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and other relevant laws and regulations of various regions around the world, you are entitled to the following rights, and we provide you with convenient channels for exercising such rights:

1. Right to access and correct: You may inquire and correct your personal information (such as housing number, contact information, etc.) through "My" - "Personal Information Management"; inquire facial information and usage records through "My" - "Facial Information Management"; change your account password through "My" - "Settings" - "Password Modification";
2. Right to delete: You may delete part of your personal information through "My" - "Personal Information Management"; apply to delete facial information through "My" - "Facial Information Management" (you will not be able to use the facial recognition door access function after deletion); delete personal related records such as device call records and fault feedback records through the relevant functions in the APP;
3. Right to withdraw authorization: You may withdraw the authorization for permissions such as camera, notification and facial information usage through Mobile Phone System Settings - Privacy - Applications - Permissions or "My" - "Privacy Settings" in CommLink. Withdrawing the authorization for core functions may prevent the normal use of services such as device binding, message reception and facial recognition door access, but will not affect other functions;
4. Right to cancel account: You may apply to cancel your account through "My" - "Account Security - Cancel Account". After cancellation, we will stop processing your information and completely delete or conduct irreversible anonymization processing of your personal information (including cross-border stored data and facial information) within 30 days;
5. Other statutory rights: In accordance with the requirements of GDPR, you may apply for the right to data portability and the right to restrict processing; in accordance with the requirements of CCPA, you may opt out of data sales (if applicable); at the same time, you may exercise the right to object and other data rights in accordance with the privacy laws and regulations of the country/region where you are located;
6. Right to complain and report: If you believe that our information processing behavior infringes your rights and interests, you may file a complaint through the methods listed in "How to Contact Us" below, and we will reply with the processing results within 15 working days.

Warm reminder: You shall ensure that the personal information provided by you is true, legal, valid and complete, and update and maintain it in a timely manner. You shall bear the responsibility for any service abnormality or damage to rights and interests caused by untrue or incomplete information.

VIII. How We Protect Your Personal Information

We are committed to providing comprehensive protection for the security of your personal information, and adopt various measures such as technical protection, institutional control and security system construction to prevent risks such as information leakage, loss, improper use, unauthorized access and disclosure, so as to ensure that your personal information is at a reasonable security level:

1. Technical security measures: Adopt industry-leading security technologies including but not limited to AES-256 encryption, HTTPS encrypted transmission, TLS encryption, de-identification or anonymization processing, network firewalls, intrusion detection, access control measures, host network isolation, etc.; among them, facial information is stored with separate encryption, managed separately from other personal information, and end-to-end encryption is implemented during transmission; part of the information encryption work is completed locally on your device to further consolidate transmission security;
2. Institutional guarantee: Establish a data classification and grading system, data security management specifications and data security development specifications, and clarify the security requirements for each link of information processing; sign strict confidentiality agreements and data processing agreements with all employees, contractors and agents who must access personal information for providing services, clarify confidentiality obligations, and those who violate the obligations will be punished or terminated in accordance with laws and regulations;
3. Security system and audit: Establish a complete information security guarantee system, conduct regular security audits and risk assessments, review the practices of each link of information collection, storage and processing (including physical security measures), and prevent unauthorized personnel from accessing our systems; strictly restrict the scope of personnel accessing information and conduct full-process audit of access behaviors;
4. Emergency response mechanism: Formulate an early warning mechanism and emergency plan for personal information security incidents. In case of data leakage (especially facial information leakage), we will timely inform you through APP push, email, phone call and other ways in accordance with the regulatory requirements of various regions around the world (issue an announcement if it is difficult to inform each one individually), and actively report to the regulatory authorities and closely cooperate with the investigation and handling;
5. Account security guarantee: Provide multiple security protection functions for your account, store user passwords in an encrypted manner, regularly back up data, and prevent the loss, abuse and alteration of account information.

Please understand that although we have taken the above reasonable and effective measures, due to technical limitations and possible malicious means, the Internet industry cannot guarantee 100% information security. The system and communication network you use to access the services may have problems due to factors beyond our control. Therefore, we strongly recommend that you take active measures to protect the security of your personal information, including but not limited to setting complex passwords, changing passwords regularly, not disclosing account passwords and verification codes to others, and logging out in a timely manner after using public terminals. If you find abnormal account login or security vulnerabilities, you shall immediately notify us.

Your assistance will help us better protect the security of your personal information.

IX. How We Process Personal Information Provided by Minors

We strictly abide by the relevant laws and regulations of various regions around the world on the protection of minors' information, regard anyone under the age of 14 as a minor, and attach great importance to the protection of minors' information.

1. If you are a minor, you need to read this Privacy Policy accompanied by a legal guardian and use our services or provide information to us only with the explicit consent of the legal guardian;
2. For the personal information of minors collected with the consent of legal guardians, we will only use or disclose such information within the scope permitted by law or necessary for protecting the rights and interests of minors;
3. The legal guardians of minors may contact us through the methods listed in "How to Contact Us" to inquire, correct or delete the personal information of minors, and we will actively cooperate with the processing.

X. How We Share, Transfer and Publicly Disclose Your Personal Information

(I) Sharing

We will not sell any personal information to third parties. If it is really necessary to share your personal information, it is only for legitimate, legal, necessary, specific and clear purposes, and we strictly abide by the following requirements:

1. Voluntary sharing by you: Share the information within the scope authorized/requested by you with the third party designated by you with your explicit consent or voluntary choice;
2. Sharing with third-party service providers and business partners: To ensure the normal operation of services, we will share necessary personal information with third parties such as cross-border server providers, facial recognition technology support providers and payment institutions (if applicable). We will conduct due diligence on third parties, sign Data Processing Agreements (DPA) and confidentiality agreements, clarify the scope, obligations and responsibilities of their information processing, require them to strictly abide by the data protection laws and regulations of various regions around the world, and only use such information to assist us in providing services; if a third party needs to entrust its subprocessors, it shall obtain our consent in advance and ensure that the subprocessors comply with the relevant requirements;
3. Sharing under other statutory circumstances: In accordance with the provisions of laws and regulations, legal procedures, litigation requirements, or the lawful requirements of public institutions and government departments, we may disclose your personal information; if it is determined to be necessary for safeguarding national security, public interests, our or users' legitimate rights and interests, or detecting, preventing and resolving harmful acts such as fraud and violations, we may also disclose your information within the scope permitted by law;
4. Sharing with professional consultants: To obtain professional services (such as audit and legal advice), we may share necessary information with our accountants, auditors, lawyers and other consultants, who shall abide by strict confidentiality obligations.

(II) Transfer

Except for the following circumstances, we will not transfer your personal information to any subject:

1. Obtaining your explicit consent;
2. In the event of company transactions such as merger, division, acquisition and asset transfer, transfer your personal information only on the premise that the transferee undertakes to abide by this policy and the data protection laws and regulations of various regions around the world and only use it for the original service purposes, and notify you in advance through APP announcements, emails and other ways, informing you of the changes in the ownership and use of information and your relevant rights.

(III) Public Disclosure

We will only publicly disclose your personal information under the following circumstances:

1. Obtaining your explicit consent;
2. Public disclosure based on legal or reasonable grounds, including the requirements of laws and regulations, legal procedures, litigation or government competent departments;
3. When announcing the list of winners of prize activities, the mobile phone numbers, CommLink account numbers and other information of the winners will be disclosed after desensitization processing.

XI. Supplementary Explanation on Cross-border Transmission of Information

(I) Storage Location

Your personal information (including facial information) will be mainly stored on servers in mainland China. To provide cross-border services, some data will be transmitted to compliant servers in [specific cross-border storage regions, e.g., Singapore, Ireland of the EU]. The transmission process strictly complies with the Personal Information Protection Law of the People's Republic of China and the data protection laws and regulations of various regions around the world (such as the cross-border data transmission requirements of GDPR and the cross-border data flow compliance rules of various countries/regions), and we will separately inform you of the purpose of data outbound and the recipient through in-site messages or emails and obtain your authorized consent.

(II) Supplementary Explanation on Storage Period

The cross-border stored data shall simultaneously implement the storage period rules listed in the chapter of "Data Collection and Storage" of this policy. After account cancellation or service termination, all personal data stored overseas will be completely deleted or anonymized synchronously with the domestic data without any delayed retention behavior.

In the event of the suspension of operation of our products or services, we will inform you in advance in the form of APP push notifications, announcements, etc., and delete your personal information within a reasonable time limit or explain the transfer method of the information to you.

XII. Description of FCM Push Service and Information Sharing Rules

To ensure that you can receive the service notifications of CommLink in a timely manner (such as device call reminders, account security notifications, function update prompts, etc.), we currently only use Google Firebase Cloud Messaging (FCM) push service. The FCM service is provided by Google LLC, and its information processing behavior complies with Google's Privacy Policy and relevant service terms.

The information we collect through the FCM service only includes: device identifiers (e.g., IMEI, Android ID), network type and device operating system version. The above information is only used to adapt to the push needs of different devices and ensure the stability of the push service, and will not be associated with your personal identity information. We will require Google to strictly abide by the data confidentiality and security requirements.

Supplementary explanation on information sharing:

1. Active sharing function: You may share device-related information (such as device binding QR code, call record summary, etc.) to designated third parties (such as community property, family members) through the sharing function in CommLink. Such sharing is initiated by you voluntarily, and we only provide technical support without actively collecting or retaining the shared content;
2. Sharing permission control: You may enable or disable the sharing function permission in "My" - "Privacy Settings". Turning it off will prevent you from using the active sharing function without affecting the normal use of other core services;
3. Scope of shared information: The scope of information you share is selected by yourself. We recommend that you only share necessary information with trusted third parties to avoid the leakage of personal sensitive information;
4. Third-party liability: Any risks caused by your active sharing of information (such as improper use of information) shall be borne by you and the recipient, and we shall not bear relevant liabilities.

For your convenient access and enriched experience, CommLink may contain links to products or services provided by third parties (such as third-party SDKs, cooperative service entrances, etc.). You may choose whether to access such content or use third-party services. We have no control over the products or services provided by third parties and cannot interfere with their information processing behaviors.

The information generated during your use of third-party products or services is independently collected and processed by third parties, and the relevant risks are borne by third parties. Such information processing behaviors are not applicable to this policy. We recommend that you carefully read their privacy policies and service terms before using third-party services to protect your legitimate rights and interests.

Warm reminder: If there are links to products or services provided by third parties in CommLink (such as cooperative service entrances), you may independently choose whether to access or use them. We have no control over third-party services, and their information processing behaviors are regulated by their own privacy policies. The relevant risks are borne by third parties. We recommend that you carefully read their privacy policies and service terms before use.

XIII. Updates to This Policy

We may modify and update this Privacy Policy irregularly according to changes in the laws and regulations of various regions around the world (such as adjustments to cross-border data protection policies, updates to facial information protection-related laws and regulations, changes in privacy compliance requirements of different countries/regions) or business adjustments:

1. After the update of the policy, we will notify you 7 days in advance through CommLink pop-ups, announcements and other ways, and you may query the latest version of the Privacy Policy through the APP;
2. For major changes (such as adding cross-border storage regions, expanding the scope of information sharing, changing the usage scenarios of facial information, modifying the information storage period, etc.), we will inform you in a more prominent way (such as separate pop-ups, email notifications, etc.), re-obtain your explicit consent, and synchronously update the data protection adaptation clauses of various regions around the world;
3. Your continued use of our services means that you agree to the updated Privacy Policy; if you disagree, you shall immediately stop using the services.

XIV. Scope of Application

1. This Privacy Policy applies to all CommLink services provided by us, including but not limited to various functions in the APP and related supporting services;
2. This policy does not apply to services with independent privacy policies, such as products and services provided by third parties in CommLink, and other websites or applications linked in our services. The information processing of such services is regulated by their own privacy policies, and we recommend that you check them separately;
3. This policy does not cover the information processing policies of other companies and organizations that may use our Cookies or other log information to deliver and use advertisements for the promotion of our services.

XV. How to Contact Us

If you have any questions, opinions or suggestions about the content of this policy, or need to exercise the rights related to personal information and file complaints and reports, you may contact us through the following ways:

1. Customer Service Email: app@uniwin-global.com

2. Business Cooperation Email: violet.liu@uniwin-global.com

3. Business Cooperation Phone: +86 15820426972

4. Overseas Service Consultation: rana@uniwin-global.com

5. Address: Room 388, Building A7, Yintian Industrial Zone, Building A, Yongqi Business Building, Yantian Community, Xixiang Street, Bao'an District, Shenzhen City

Under normal circumstances, we will reply to your consultation or process your application within 15 working days; if you are not satisfied with the reply result, you may further file a complaint with the relevant regulatory authorities of the country/region where you are located.

All users around the world are entitled to the following rights and protections:

1. Comply with the core principles of the General Data Protection Regulation (GDPR): including data minimization, purpose limitation, integrity and confidentiality, lawfulness, fairness and transparency, accountability, etc., protect your data subject rights (right to access, right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object, etc.), and perform legal obligations such as data breach notification;
2. Enjoy the core rights stipulated by the California Consumer Privacy Act (CCPA): including accessing personal information, requesting the deletion of personal information, opting out of data sales (if applicable), non-discriminatory treatment, etc.;
3. Simultaneously adapt to the relevant compliance requirements of information confidentiality and application use in other countries/regions: including but not limited to the Personal Data Protection Act (PDPA) of Singapore, the Personal Information Protection Act of Japan, the Privacy Act of Australia, etc., to ensure compliance with the mandatory provisions of the local laws and regulations on the collection, use, storage and transmission of personal information in different jurisdictions and protect your privacy rights and interests from infringement.