Post Date: January 29, 2020
Effective Date: January 29, 2020
Welcome to Health Report (hereinafter referred to as this “Software”) and its services. This Software provides information reporting services on employees' health status, geographical location, itinerary, work city, traveling information and so forth for all kinds of companies, enterprises and other entities (hereinafter referred to as “Entity”). This Software is provided or controlled by Beijing Feishu Technology Co., Ltd. (hereinafter referred to as “We” or “Feishu Technology”).
(2) When you use your [Feishu] account to log in or use this Software and its services, we will be authorized by you to collect your public information of registering/loging in [Feishu] (including but not limited to employee name, avatar, enterprise telephone number, enterprise email address, department organizational structure and so forth ) at the time of your first login, which allows you to directly use your [Feishu] account to log in and use this Software and relevant services. For those Personal Data that we require but [Feishu] can not provide, we will also ask them from you. If you refuse to provide us with such data, you may not be able to use this Software and relevant services.
(4) In order to provide you with the service, this Software needs you to provide some Personal Data. If you choose not to provide the data required by this Software or some functions, you will be unable to use this Software or such function. Likewise, if we need to collect Personal Data according to relevant laws and you do not provide such data, then we may have to suspend or cancel your right to use. We will notify you if the aforesaid situations occur. Without forcing the provision of data, if you choose not to share Personal Data, then you will not be able to use the functions (such as personalization service) demanding such data.
(5) Geographical location will not be turned on by default, and will only be used to implement specific functions or services with your express authorization. You can also change the scope of your consent or withdraw the authorization through the device operating system. After your withdrawal of the authorization, we will no longer collect the information related to these permissions. In particular, even if we have obtained these sensitive permissions with your authorization, we will not collect your information when it is not needed by the relevant functions or services.
- The Personal Data We Collect Within This Software
- How We Use Your Personal Data
- How We Share, Transfer, and Publicly Disclose Your Personal Data
- How We Store Your Personal Data
- How We Protect the Security of Your Personal Data
- Your Rights
- Provisions on Minors
1.The Personal Data We Collect Within This Software
After obtaining authorized consent from you and your employer, we will collect your Personal Data through [Feishu] or your employer, and also collect from you directly and process the same (e.g. during your use of this Software).
(II) Personal Data related to you provided to [Feishu] by your employer. When your employer opens an account for your use of [Feishu], your employer will provide [Feishu] with certain Personal Data related to you, including your user account name, business e-mail address, working telephone number (if any), workplace information, your supervisor and so forth. Your employer may provide us with your additional Personal Data, or update your Personal Data provided to us during your use of this Software.
You agree and understand that, according to your employer’s representations and warranties, your employer has obtained your prior express authorization before providing your Personal Data to us, your Personal Data collected by your employer are limited to a scope that is necessary for achieving the purpose of this Agreement or any other agreement executed by and between your employer and us, and your employer has fully informed you of the purpose and scope of collecting your Personal Data and the intended use of your Personal Data collected by your employer. If you can not confirm the contents of the present clause, you shall stop using this service immediately and confirm with your employer the aforementioned matters. We will process your Personal Data as a data processor only as required by your employer and we may assume no legal liability for the collection or use by your employer of your Personal Data.
(III) Information we collect during your use of this Software. When you use this Software, we will automatically collect your IP address, unique identifier of device, Cookies (as defined below) and other tracking technologies, browsing records, time zone, area and language settings, model and settings of hardware, server log (including the access date and time), devices, operation system and application functions (e.g., MAC address), App crashes as well as information of other system activities.
Although the majority of web browsers automatically accept Cookies, whether or not to accept specifically is up to you. You have the choice to accept or disable Cookies via consent. However, even without your consent, we may also store absolutely necessary Cookies which are required for the operation of this Software, including the Cookies enable you to log into the safe area of this Software. Cookies stored by us will expire upon your termination of the website session or after fifteen (15) days. Storage of the aforementioned absolutely necessary Cookies is an absolutely necessary condition for providing core services by this Software. If you do not consent to the relevant authorization, you will be unable to use any service of this Software.
2.How We Use Your Personal Data
We will use your information for the following purposes:
Health reporting service based on geographical location
Geographical location (including sensor information such as GPS information, WLAN access points, Bluetooth and base stations)
Provide information reporting services on health status, itinerary and so forth required by epidemic prevention
Health status, itinerary, work city and traveling information
Add a member as an administrator, verify the accuracy of information and display of information
Name, avatar, enterprise phone number, enterprise email address, department organizational structure and so forth
Provide basic functions and services of this Software and ensure the normal operation
Model of hardware, operation system and application functions (e.g., MAC address), IP address, server log and so forth
We will take reasonable and feasible measures to avoid collection of the Personal Data unrelated to the scope of purposes stated herein. To use your Personal Data beyond the scope of purposes stated herein and the directly or reasonably related scope, we will notify you and obtain your express consent in advance.
3.How We Share, Transfer, and Publicly Disclose Your Personal Data
(I) Sharing and Transfer of Personal Data
- We will not share with or transfer to any third party your Personal Data, unless we have obtained your prior authorization or consent, or the Personal Data to be shared or transferred are de-identified data and such third party is unable to re-identify the subject of such data.
- The principles of sharing
We will follow the following principles when sharing your Personal Data:
Authorized Consent Principle: We will not share your Personal Data without your consent unless such Personal Data shared is de-identified and the third party acquiring such Personal Data is unable to re-identify its natural person subject. If the third party uses the Personal Data for a purpose beyond the scope of the original authorized consent, they need to re-obtain your consent.
Legitimacy and Minimum Necessity Principle: The shared Personal Data must have a legitimate purpose and must be limited to that necessary to achieve the purpose.
Security Prudence Principle: We will carefully assess the purpose of the third parties’ use of the shared Personal Data, conduct a comprehensive assessment of the security capabilities of these partners and require them to follow the cooperation legal agreements. We will carry out strict security monitoring of the software tool development package (SDK) and application program interface (API) of the partners for obtaining information to protect data security.
- Share with authorized partners
In order to provide you with better, high-quality products and services, some of our services will be provided by authorized partners. We may share some of your Personal Data with our partners to provide better customer service and user experience. We will only share your Personal Data for legitimate, proper, necessary, specific and express purposes, and the scope of sharing will be limited to the Personal Data necessary to provide the service. At the same time, we will enter into strict confidentiality obligations with our partners and require them to process your Personal Data in accordance with our instructions, this Agreement and any other relevant confidentiality and security measures. Our partners do not have the right to use such shared Personal Data for any other purposes. If you refuse our partner to collect the Personal Data necessary to provide the service when providing the service, it may result in you being unable to use such third-party service.
- Transfer of Personal Data in the case of merger, acquisition, or asset transfer
(II) Public Disclosure of Personal Data
- We will not publicly disclose your data without your consent. However, we may, in accordance with the type of Personal Data and way of disclosure as required, disclose your Personal Data to an administrative, enforcing or judicial authority if disclosure of you Personal Data is required by requirements of relevant laws, regulations, rules, other regulatory documents or compulsory administrative enforcement or judicial requirements. When receiving the request for disclosure, we will require the presentation of corresponding legal certificate and we will only provide the data to law enforcement department or judicial organ with legal authority for special investigation on legal basis, in accordance with relevant laws and regulations. To the extent permitted by laws or regulations, the documents disclosed by us will all be protected by encryption measures.
- You understand that we may share, transfer, and publicly disclose your Personal Data according to laws, regulations, and national standards without your authorization or consent under following circumstances:
- Sharing, transfer, or public disclosure of those Personal Data directly related to national security or national defense security;
- Sharing, transfer, or public disclosure of those Personal Data directly related to public security, public health, or significant public interests;
- Sharing, transfer, or public disclosure of those Personal Data directly related to criminal investigation, prosecution, judgment, or execution of judgment and so forth;
- Sharing, transfer, or public disclosure of those Personal Data for protecting significant lawful rights and interests, such as life and property, of you or other individual but difficult to obtain principal consent on such sharing, transfer, or public disclosure;
- Those Personal Data have been made public by yourself;
- Those Personal Data have been collected from the lawfully and publicly disclosed data, such as lawful news reports, government-publicized information and other channels; or
- Other circumstances as provided by laws and regulations.
4.How We Store Your Personal Data
(I) Location of storage
Our services spread all around the People’s Republic of China (hereinafter referred to as “China”). Your Personal Data will be stored in the territory of China.
(II) Period of retention
During the period when you use this Software, we will continuously preserve your Personal Data for a period as necessary for providing you with this Software and our services. After you terminate the use of this Software, we will delete or anonymize your Personal Data, unless the retention of specific information is otherwise stipulated by laws or regulations.
5.How We Protect the Security of Your Personal Data
(I) We attach great importance to the security of your Personal Data. We have set up data security rules and regulations and implemented safety technical measures, so as to prevent your Personal Data from being accessed or modified without authorization, avoiding damage or loss of data. We adopt encryption techniques, such as Transport Layer Security Protocol and the like, for our network services, so as to ensure the security of your data in the process of network transmission.
(II) We adopt strict control over the data processing authority to avoid illegal use of data; we strengthen the security of Personal Data in the process of use by data desensitization means such as de-identification with mosaics and so forth; we store your Personal Data in an encrypted manner using the encryption techniques adopted widely in the industry, and isolate your Personal Data by data isolation techniques. For example, we have encrypted all data and information stored in our servers or on your terminal devices. We have been adopting and implementing such technical measures and organization and management methods all the while, and we may modify and improve the same from time to time so as to improve the overall security of the system.
(III) Although we have taken the abovementioned reasonable measures, and have abided by the standards required by relevant laws and regulations, you understand that, due to technical limitation and various potential malicious methods, it is impossible to maintain completely secure all the time in the internet industry even though one's ability is exhausted to enhance security measures. We will try our best to ensure the security of your Personal Data provided by you to us. You know and understand that any problem may occur in the system or communications network used by your access to our services due to any factor beyond our control. Therefore, we strongly suggest you take active measures, including but not limited to using complicated password, regularly changing the password, and avoiding disclosure of your Personal Data such as your account password and so forth to any other person, so as to protect the security of your Personal Data.
(IV) In case of any incident endangering network security, we will take corresponding remedial measures according to emergency response plan for internet security incident. If our physical facilities or technical safeguard measures are damaged, thus your Personal Data are disclosed, provided illegally, or misused, causing damage to your lawful rights and interests, we will bear corresponding liabilities in strict accordance with provisions of laws.
(V) After we know or are informed of any security incident of Personal Data in which your Personal Data is disclosed, provided illegally, or misused, we will notify you of the following within [ten (10)] days as required by laws and regulations: basic information about the security incident, possible influence of the security incident, the measures we have taken or will take, our suggestions on your possible preventive measures and risk reduction, and the remedial measures we may take for you and so forth. Relevant situations about the security incident will be sent to you by push notification at this Software. If it is difficult to notify each subject of Personal Data of relevant situations about the security incident, we will publish an announcement in reasonable and effective manner. In addition, we will report our treatment of the security incident of Personal Data to the competent regulatory authorities as required thereby.
Inform You of Your Rights When we Stop Operating
If we stop operating the services of this Software, we will promptly stop collecting your Personal Data and notify you of such cessation personally or by announcement. We will also delete or anonymize your Personal Data possessed by us according to applicable laws.
7.Provisions on Minors
We will protect minors’ Personal Data according to relevant laws and regulations of the State, and will collect, use, store, share, transfer, or disclose a minor’s Personal Data only to the extent permitted by law or agreed expressly by a parent or any other guardian of such minor or where it is necessary to protect such minor. If we find that we have collected a minor’s Personal Data without the verifiable prior consent of such minor’s parent, we will try to delete relevant data as soon as possible.
In the event that you wish to object to, or make a complaint about, how we process your Personal Data, please contact us in first time at [firstname.lastname@example.org] and we will endeavour to deal with your request within  business day(s).
(I) The headings herein are inserted for convenience and ease of reading only, and shall in no way affect the meaning or interpretation of any provision hereof.
(II) Definitions of following terms used herein
- “Affiliate”: means an entity that is controlled by, controls, or is under common control with Feishu Technology. As used herein, “control” means the power of an entity to direct major business acts or activities of another entity, the formation of the power may be based on stock, voting right, or any other relationship generally deemed as having directing power or significant influence.
- “De-identification” or “de-identified”: means that the Personal Data are technically processed so that their subject cannot be identified without using additional information.
- “Anonymization”, “Anonymized”, or “Anonymize”: means the process in which the Personal Data are technically processed so that their subject cannot be identified, and the Anonymized Personal Data cannot be restored.