Dear Overseas Buyer User (hereinafter referred to as “you”),
Focus Technology Co., Ltd. (Made-in- China.com) (hereinafter referred to as “we”) will provide personal information of suppliers (hereinafter referred to as “personal information subjects”) from the territory of China to you, and with respect to the protection of such personal information, we, as the data transmitter, and you, as the data recipient, agree to the following terms of this agreement, which will serve as a “legal document” between us and you (hereinafter referred to as “this legal document”) and serve as the basis for the data exit security self- assessment and data exit security assessment.
Article 1 Purpose of Personal Information Exit
In order to be able to optimize your experience of visiting the Made-in-China.com and to facilitate your business transactions with the personal information subject, among other purposes, we provide personal information of the personal information subject to you from within China.
Article 2 Ways of Personal Information Exit
The way of data exit is, first, you can publicly view the name, gender, department, and position of the personal information subject without logging in. Second, the personal information of the personal information subject that you can see after logging in, before sending inquiries and generating orders and other business data, includes his or her cell phone number. Third, after you have logged in and sent inquiries, the e-mail address and IP address of the personal information subject will be provided to you by way of a page display after the personal information subject has replied to the inquiries.
Among them, the first two cases are personal information that is actively disclosed by the personal information subject, and the information of e-mail address and IP address in the third case will also be personal information that is transferred from within China to outside China after obtaining the consent of the personal information subject.
Article 3 Scope of outbound personal information
The outbound is the information of e-mail address and IP address of the personal information subject. The outbound data of Made-in- China.com are collected from the supplier client of Made-in-China.com, and the scope of outbound data does not include data of products or services other than Made-in-China.com, nor does it include internal staff data and management data of the company. The registered places of suppliers are mainly from Guangdong, Jiangsu, Zhejiang, Shandong, etc. The industries where the suppliers are located are mainly industrial manufacturing, health and hygiene, etc.
Article 4 Process of providing personal information outside of China
We will provide you with the information of e-mail address and IP address of the personal information subject as described below in accordance with the needs of our business:when you log in, send an inquiry, and receive a reply to the inquiry from the personal information subject, we will provide you with the information of e-mail address and IP address of the personal information subject after seeking the consent of the personal information subject. Before providing you with the information of e- mail address and IP address of the subject of personal information, we will display your basic information in the details of the supplier when the overseas buyer as the personal information subject browses the details, and display your name or personal name, contact information, purpose of processing, method of processing, type of personal information, and the manner and procedure for individuals to exercise their legal rights of the personal information subject in the screen of their response to your inquiry in the form of a page display, and the personal information subject must voluntarily click to confirm that he or she agrees to provide the information of e-mail address and IP address.
Article 5 Personal Information Protection Impact Assessment
In accordance with Article 55 of Personal Information Protection Law of the People’s Republic of China, a personal information protection impact assessment will be conducted prior to providing the information of e-mail address and IP address of the personal information subject outside of China. The personal information protection impact assessment report will be kept for at least 3 years.
Article 6 Processing Use by Offshore Recipients
The purpose for which you process data as an offshore recipient is to conduct business transactions.
Article 7 Handling by the overseas recipient
You as a foreign recipient can use the received personal information to send emails to personal information subject as the purposes of processing.
Article 8 Disclosure of Information of Offshore Recipients
Your basic information, including but not limited to name or personal name and contact information, will be confirmed with the personal information subject in the form of a page display before we provide the personal information to you in accordance with Article 39 of Personal Information Protection Law of the People’s Republic of China.
Article 9 Where to store personal information abroad
The information of the personal information subject is stored on our servers controlled by Germany and the United States, and we will not open any settings for you to download or export such information, and you can only check such information by browsing the page.
Article 10 Period of storage of personal information outside the country
The period of storage of personal information is the shortest time we need for the purpose of completing transactions and inquiring about historical transaction information. With comprehensive reference to Article 31 of the "Supervision and Administration of Internet Transactions in the People's Republic of China" and the "Personal Information Protection Law of the People's Republic of China", we will store the outbound personal information ofthe supplier for 3 years after the cancellation ofhis or her account.
Article 11 Outbound personal information handling measures
Our processing measures for outbound data after reaching the retention period, completing the agreed purpose or termination of legal documents is to delete the personal information of the personal information subject saved and we do not show the personal information to you.
Article 12 Re-transfer of outbound data
There are binding requirements for you to re-transfer outbound data to other organizations and individuals, and you promise not to provide personal information to third parties located outside the People's Republic of China unless you also meet the following requirements:
A. There is a genuine business need to provide personal information.
B. You have informed the personal information subject of the identity of the third party, contact information, the purpose of processing, the manner of processing, the type of personal information and the manner and procedure of exercising the rights of the personal information subject, and have obtained the separate consent of the personal information subject; if it is difficult to inform or obtain the separate consent of the personal information subject, you will promptly inform us and request us to assist you in informing the personal information subject or obtaining the individual consent of the personal information subject. The subject of the personal information has separately agreed.
Article 13 Outbound personal information security measures
In the event of a material change in the actual control or scope of business, or a change in the data security protection policies and regulations and network security environment of the country or region in which you are located, or other force majeure circumstances that make it difficult to safeguard data security, the security measures that we and you shall take are as follows.
13.1 Our technical security measures
After collecting information from the personal information subject, we will store his or her personal information in our own and hosted server rooms, and store it after encrypting it in accordance with the security control requirements. The data is then transmitted to foreign countries through database synchronization, and the HTTPS protocol is used during the data transmission to ensure the safety of the transmission channel.
In the process of data transmission from domestic to foreign countries, dedicated lines are used for transmission. The data is synchronized in both directions in real time through international dedicated lines from domestic and foreign server rooms. Because it is real-time synchronization at the database level, the flow is the same at all stages of the whole life cycle of data, and as long as the data at one point is updated, it will be synchronized to other points in real time.
Users of the platform can only access it through web pages (mobile clients only). Only the company's operation and maintenance colleagues can access the data stored in offshore data centers by remote means.
13.2 Our administrative security safeguards
We stipulate the data security obligations of us and the storage party in the contract with the computer room operator/owner (hereinafter referred to as the “storage party”), and have made reasonable efforts to ensure that we and the storage party can perform the corresponding obligations.
We have formulated the company’s internal "Personal Information Exit Management System" and implemented it accordingly. It includes the terms of authority control and scene control. You can only obtain the personal information of the personal information subject when you send the inquiry and the personal information subject responds.
13.3 Your technical security measures
The supplier's personal information is stored on the server we control abroad. We will not set up any settings for you to download and export the information with one click. You can only query the information by browsing the page. You should take security measures, such as regularly upgrading anti-virus software, using a secure browser, not sharing account passwords with others, etc., to ensure that the personal information you receive from suppliers is not leaked. If the information is leaked or may be leaked, we have the right to stop showing you the personal information of the personal information subject, blacklist you, stop providing services to you, etc.
13.4 Your administrative security safeguards
We and you shall provide the personal information subject with a copy of this agreement (legal document) upon request of the personal information subject, and the personal information subject may be provided the copy by contacting us according to the contact information disclosed to him.
Article 14 Right of informed consent of the personal information subject
In accordance with the provisions of Article 39 of the Personal Insurance Law, we, as a processor of personal information, fulfill the following obligations to the personal information subject.
To inform the personal information subject of your name or personal name, contact information, and personal information exit instructions before providing the e-mail address and IP address to you.
The basic information of the personal information processor (us) includes the following:
| personal information processor∶ | Focus Techno logy Co., Ltd. | Address∶ | No. 7 Lijing Road, Jiangbei New Area, Nanjing City, Jiangsu Province |
| Telephone number∶ | 400-671-7777 | E-mail address∶ | [email protected] |
Article 15 Third-party beneficiary rights of personal information subjects
We and you have agreed in this legal document that the personal information subject is the third-party beneficiary. If the personal information subject does not expressly refuse within 30 days, he or she may enjoy the rights of the third-party beneficiary in accordance with the contract.
Article 16 Other rights of personal information subjects
We have agreed with you in this legal document to ensure the method and procedure of the personal information subject exercises the right of access, the right of reproduction, the right of correction and supplementation, and the right to delete the personal information that has been out of the country. The personal information subject has the right to request us and you to explain and specify the personal information processing rules to ensure that data security and personal information rights can be fully and effectively guaranteed.
When the personal information subject requests to exercise the above rights with respect to the personal information that has already left the country, the personal information subject can request us to take appropriate measures to realize it, or make a request directly to you. If we are unable to realize it, we shall notify and ask you to assist in realizing it.
You shall, in accordance with our notice or the request of the personal information subject, fulfill the rights of the personal information subject in accordance with the relevant laws and regulations within a reasonable time limit. You should truthfully, accurately and completely inform the personal information subject of relevant information in a conspicuous manner and in clear and understandable language.
If the personal data subject makes excessive or unreasonable requests, especially repetitive requests, you may charge a reasonable fee, or refuse to act on their requests, after taking into account the implementation and operational costs of the request being granted.
If you intend to refuse the personal information subject's request, you should inform the personal information subject of the reasons for the refusal, as well as the ways for the personal information subject to lodge a complaint with the relevant supervisory authority and seek judicial relief.
Article 17 Remedies for personal information subjects
When outbound data is at risk of being tampered with, destroyed, leaked, lost, transferred, or illegally obtained or used, we and you should properly carry out emergency response to protect individuals' personal information interests.
We and you both agree that when we or you receive a complaint from a personal information subject, we shall respond in accordance with the "Personal Information Protection Law of the People's Republic of China".If the personal information subject has any dispute with us or you regarding the legal document compliance, the parties shall notify each other of the relevant situation and cooperate to resolve disputes in a timely manner.
If the dispute cannot be resolved amicably, the personal information subject may exercise the rights of the third-party beneficiary in accordance with the above provisions, and you accept the following claims of the personal information subject:
A. Lodge a complaint with a supervisory authority;
B. Determine the jurisdiction in accordance with the "Civil Procedure Law of the People's Republic of China" and file a lawsuit with the competent court.
You agree that the resolution of disputes over this legal document related to the personal information subject shall be based on the relevant laws and regulations of the People's Republic of China.
You agree that the rights protection choices made by the personal information subject will not detract from the substantive or procedural rights of the personal information subject to seek remedies under other laws and regulations.
Article 18 Remedies
If we find that you are in breach of contract, we can stop providing you with personal information in accordance with the above safeguard measures (we have the right to stop showing you the personal information of the personal information subject, or blacklist you, stop providing services to you, etc.).
Article 19 Liability for breach of contract
Both we and you shall be liable to the other for any damages caused to the other as a result of their violation of this legal document. Liability between the parties is limited to losses suffered by the non-defaulting party. Each party infringes upon the rights of the personal information subject as a third-party beneficiary by violating this legal document shall be liable to the personal information subject; the personal information subject shall be entitled to compensation. This does not affect the responsibilities of personal information processors under relevant laws and regulations.
Article 20 Settlement of Disputes
Where there is any dispute arising from the contract, or a party has compensated personal information subjects and recover from the other party, two parties shall resolve the issue through consultation. If the consultation fails, proceedings or lawsuits should be brought to the People's Court of the location of the Focus Tech. This agreement is bilingual. In case of any inconsistency between Chinese and English version, the Chinese version shall prevail.
Article 21 Term
This legal document shall come into force on the date of issuing.
After the purpose stipulated in this legal document is achieved or the validity of this legal document is terminated, this legal document is automatically invalid.
Date of issue of this legal document is October 28,2022.
尊敬的境外買家用戶(以下稱“您”),
焦點科技股份有限公司(業務名稱:中國制造網) (以下稱“我們”) 會將供應商(以下稱“個人信息主體”) 的個人信息從中國境內提供到您, 就保護該個人信息, 我們作為數據傳輸方和作為數據接收方的您約定本協議以下條款, 這些條款將作為我們與您的“法律文件”(以下稱“本法律文件“) ,作為數據出境安全自評估、數據出境安全評估的依據。
第一條 個人信息出境目的
為了能夠優化您訪問中國制造網的體驗,促進您與個人信息主體達成商業交易等目的,我們將個人信息主體的個人信息從中國境內提供給您。
第二條 個人信息出境方式
數據出境的方式是,其一,您在未登錄情況下可以公開查看個人信息主體的個人姓名、性別、工作單位、職務。其二,您登錄后,未發送詢盤、未產生訂單等業務數據之前,可以看到的個人信息主體的個人信息包括其個人電話號碼;其三,您登錄后、發送詢盤,在個人信息主體回復詢盤后,將個人信息主體的電子郵件地址、IP地址通過頁面展示的方式提供給您。
其中,前兩種情形為個人信息主體主動公開的個人信息,第三種情形中的電子郵件地址、IP 地址信息也會在征得個人信息主體同意之后是從中國境內向境外傳輸的個人信息。
第三條 出境個人信息范圍
出境的是個人信息主體的個人姓名、性別、工作單位、職務、個人電話號碼、電子郵件地址、IP地址信息。中國制造網的出境數據均采集自中國制造網供應商客戶端,出境數據范圍不包含除中國制造網以外的其他產品或服務的數據,也不包含公司內部員工數據以及經營管理數據。供應商的注冊地主要來自廣東、江蘇、浙江、山東等地,供應商所在行業主要為工業制造業、健康衛生等行業。
第四條 向境外提供個人信息的流程
我們將根據業務的需要,按照以下描述向您提供個人信息主體的電子郵件地址、IP地址信息:在您登錄、發送詢盤,并得到個人信息主體對詢盤的回復時,我們將在征求個人信息主體的同意之后,向您提供個人信息主體的電子郵件地址、IP地址信息。在向您提供個人信息主體的電子郵件地址、IP地址信息之前,我們將在作為個人信息主體的供應商瀏覽境外買家詳細信息時,展示您的基本信息,并在其回復您的詢盤界面以頁面展示的形式為個人信息主體展現您的名稱或者姓名、聯系方式、處理目的、處理方式、個人信息的種類以及個人向您行使法定權利的方式和程序等事項,并需要個人信息主體主動點擊確認代表其同意提供電子郵件地址、IP地址信息。
第五條 個人信息保護影響評估
根據《中華人民共和國個人信息保護法》55 條的規定,在向境外提供個人信息主體的電子郵件地址、IP地址信息之前,進行個人信息保護影響評估。將保存個人信息保護影響評估報告至少3年。
第六條 境外接收方處理用途
您作為境外接收方處理數據的用途是進行商業交易。
第七條 境外接收方處理方式
您作為境外接收方可以利用接收到的個人信息向個人信息主體發送郵件實現處理目的。
第八條 境外接收方信息披露
根據《中華人民共和國個人信息保護法》39條的規定,您的基本信息包括但不限于名稱或者姓名、聯系方式,在我們提供給您前以頁面展示的形式與個人信息主體確認。
第九條 境外個人信息存儲地點
個人信息主體的信息在我們德國、美國控制的服務器上存儲,我們不會為您開設下載、導出該信息的任何設置,您只能通過頁面瀏覽的方式查詢該信息。
第十條 境外個人信息存儲期限
個人信息的保存期限為我們完成交易和查詢歷史交易信息的目的所需最短時間,綜合參考《中華人民共和國網絡交易監督管理辦法》第三十一條和《中華人民共和國個人信息保護法》,我們將在供應商注銷賬戶后保存3年其出境個人信息。
第十一條 境外個人信息處理措施
我們在達到保存期限、完成約定目的或者法律文件終止后出境數據的處理措施是,刪除保存的個人信息主體的個人信息,且我們不向您展示該個人信息。
第十二條 境外數據再轉移
對于您將出境數據再轉移給其他組織、個人存在約束性要求,您承諾,不將個人信息提供給位于中華人民共和國境外的第三方,除非同時符合以下要求:
A.確有業務需要提供個人信息;
B.已告知個人信息主體該第三方身份、聯系方式、處理目的、處理方式、個人信息種類以及行使個人信息主體權利的方式和程序等事項,并已取得個人信息主體單獨同意;在難以告知或者難以取得個人信息主體單獨同意時,及時告知我們,并請求我們協助您告知個人信息主體或者取得個人信息主體單獨同意。
第十三條 出境個人信息安全保障措施
在實際控制權或者經營范圍發生實質性變化,或者所在國家、地區數據安全保護政策法規和網絡安全環境發生變化以及發生其他不可抗力情形導致難以保障數據安全時,我們和您應當采取的安全措施如下:
13.1 我們的技術性安全保障措施
我們在向個人信息主體收集信息之后會將其個人信息存儲在自建和托管的機房,且按照安全管控要求對其進行加密后存儲。再通過數據庫同步方式傳輸至境外,數據傳輸過程中使用HTTPS協議,保障傳輸通道安全。
在數據從國內傳輸到國外的過程中,使用專線傳輸。國內外機房通過國際專線,實現數據實時雙向同步。因為是數據庫層面的實時同步,在數據整個生命周期各階段流轉是一樣的,只要某一個點的數據發生更新,就會實時同步到其他點。
平臺的用戶只能通過網頁和移動客戶端訪問。僅公司運維同事能通過遠程方式訪問存儲在境外數據中心的數據。
13.2 我們的管理性安全保障措施
我們在與機房運營者/所有者(以下稱“存儲方”)的合同中規定了我們和存儲方的相關數據安全義務,并已合理的努力確保我們和存儲方能夠履行相應義務。
我們制定了公司內部的《個人信息出境管理制度》,并相應落實。其中包括權限控制、場景控制的條款,僅在您發送詢盤且個人信息主體回復后您才能獲取個人信息主體的出境個人信息。
13.3 您的技術性安全保障措施
供應商的個人信息在我們在國外控制的服務器上存儲,我們不會為您開設一鍵下載、導出該信息的任何設置,您只能通過頁面瀏覽的方式查詢該信息。您應采取安全措施,如定期升級殺毒軟件、使用安全瀏覽器、不與他人共享賬號密碼等方式,確保您接收到的供應商個人信息不被泄露,若您不按照本協議約定造成個人信息主體的信息泄露或可能泄露,我們有權停止向您展示個人信息主體的個人信息,或將您拉入黑名單,停止向您提供服務等方式。
13.4 您的管理性安全保障措施
我方與您應根據個人信息主體的要求向個人信息主體提供本協議(法律文件)的副本,個人信息主體可以按我們披露給其的 聯系方式聯系我們提供該副本。
第十四條 個人信息主體的知情同意權
根據《中華人民共和國個人信息保護法》39條的規定,我們作為個人信息處理者向個人信息主體履行以下義務:
在把電子郵件地址、IP 地址向您提供之前,向個人信息主體告知您的名稱或姓名、聯系方式,以及個人信息出境說明。
個人信息處理者(我們)基本信息包括以下內容:
| 個人信息處理者: | 焦點科技股份有限公司 | 地址: | 江蘇省南京市江北 新區麗景路 7 號 |
| 電話: | 400-671-7777 | 郵箱: | [email protected] |
第十五條 個人信息主體的第三方受益權
我方與您在本法律文件中約定將個人信息主體作為第三方受益人,如果個人信息主體未在三十天內明確拒絕,則可以依據該合同享有第三方受益人的權利。
第十六條 個人信息主體的其他權利
我們與您本法律文件中約定,確保個人信息主體對已經出境的個人信息行使查閱權、復制權、更正與補充的權利、刪除權的方式和程序等,個人信息主體有權要求我方以及您對個人信息處理規則進行解釋與說明,確保數據安全和個人信息權益能夠得到充分有效保障。
當個人信息主體要求對已經出境的個人信息行使上述權利時,個人信息主體可以請求我方采取適當措施實現,或直接向您提出請求。我方無法實現的,應當通知并要求您協助實現。
您應當按照我方的通知,或根據個人信息主體的請求,在合理時限內實現個人信息主體依照相關法律法規行使的權利。您應當以顯著方式、清晰易懂的語言真實、準確、完整地告知個人信息主體相關信息。
如個人信息主體提出過多或不合理要求,尤其是具有重復性的要求,您可在考慮到要求獲準的執行和操作成本后,可以收取合理的費用,或拒絕按其要求行事。
如您擬拒絕個人信息主體的請求,應告知個人信息主體其拒絕的原因,以及個人信息主體向相關監管機構提出投訴、尋求司法救濟的途徑。
第十七條 個人信息主體的救濟
當出境數據遭到篡改、破壞、泄露、丟失、轉移或者被非法獲取、非法利用等風險時,我們和您應妥善開展應急處置,保障個人維護其個人信息權益。
我們與您均同意,當我們或您接收到個人信息主體的投訴聯系時,應根據《中華人民共和國個人信息保護法》應對,如個人信息主體與我方或者您其中一方在遵守法律文件發生爭議,應互相通知對方有關情況,并合作以及時解決爭議。
如爭議未能友好解決,個人信息主體可根據上述規定行使第三方受益人的權利,您接受個人信息主體的下列維權主張:
A.向監管機構提出投訴;
B.根據《中華人民共和國民事訴訟法》的規定確定管轄,并向管轄法院提起訴訟。
您同意和個人信息主體有關的、就本法律文件爭議的解決依據為中華人民共和國相關法律法規。
您同意個人信息主體所作的維權選擇不會減損個人信息主體根據其他法律法規尋求救濟的實體性或程序性權利。
第十八條 補救措施
如果我們發現您有違約行為,我們可以按照上述保障性措施(我們有權停止向您展示個人信息主體的個人信息,或將您拉入黑名單,停止向您提供服務等方式)向您停止提供個人信息。
第十九條 違約責任
我們與您雙方應就其因違反本法律文件而給對方造成的任何損害向另一方承擔責任。雙方之間的責任限于非違約方所遭受的損失。每一方因違反本法律文件而侵害個人信息主體作為第三方受益人而享有的權利,應當對個人信息主體承擔責任;個人信息主體有權獲得賠償。這不影響個人信息處理者在相關法律法規項下應承擔的責任。
第二十條 爭議解決
我們作為個人信息處理者和您作為境外接收方對于雙方因合同產生的糾紛以及任何一方因先行賠償個人信息主體損害賠償責任而向另一方的追償,應由雙方協商解決;協商解決不成的,應提交焦點科技所在地方法院訴訟解決。本協議為雙語協議,中英文不一致的,以中文為準。
第二十一條 有效期
本法律文件自發布之日起生效,本法律文件約定目的實現后或本法律文件效力終止后,本法律文件自動失效。
本法律文件發布日期為2022年10月28日。