menu
Is this helpful?

# ThinkingData Privacy Policy

Release date of this Privacy Policy: [September] [22], [2022]

Effective date of this Privacy Policy: [September] [22], [2022]

# Preface

ThinkingData Information Technology (Shanghai) Co., Ltd. (address: Rooms 501-506, Building T1, 1388 Kaixuan Road, Changning District, Shanghai; contact email: compliance@thinkingdata.cn; hereinafter referred to as “we” or “us”) always values personal information protection. When you and your end users use the products and relevant services we provide, including our official website, the ThinkingEngine big data analysis system (hereinafter referred to as “TE”), SDK, API, and other data import tools, which are collectively referred to as the “Big Data Analysis Services” hereinafter, we will collect, use, store, share, transfer, and disclose the personal information about you and your end users in accordance with relevant provisions of this ThinkingData Privacy Policy (hereinafter referred to as this “Privacy Policy”) and other relevant laws in the territory of the People’s Republic of China (for the purpose of this Privacy Policy, excluding Hong Kong Special Administrative Region, Macao Special Administrative Region, and Taiwan).

This Privacy Policy is closely related to the use of our services by you and your end users; therefore, we recommend that you carefully read and understand, and require your end users to carefully read and understand this Privacy Policy in whole, particularly ensure that you and your end users are fully aware of and sufficiently understand the meaning and corresponding legal consequences of the content in bold, and make proper choices at your own discretion on such basis. By choosing to use our services, you shall agree with, and shall ensure that your users also agree with this Privacy Policy. We will protect the personal information of you and your end users in strict compliance with the following principles: principle of lawfulness, fairness, necessity, and good faith; specific and reasonable purposes; principle of specific, reasonable, and directly relevant purposes; principle of minimum requirement; principle of openness and transparency; principle of quality guarantee; principle of responsibility for ensuring personal information security. Meanwhile, we endeavor to make the wording easy and concise to understand, and mark out in bold the provisions hereof that are critical to the rights and interests of you and your end users to draw the attention of you and your end users. In the event of any questions, comments, or suggestions about the content of this Privacy Policy, you and your end users may query us according to the contact information stated herein.

This Privacy Policy will familiarize you with:

I. How we collect and use the personal information of you and your end users;

II. How we use Cookie and similar technologies;

III. How we share, transfer, and disclose the personal information of you and your end users;

IV. How we store and protect the personal information of you and your end users;

V. The rights of you and your end users;

VI. Provisions on personal information of minors;

VII. How this Privacy Policy is updated;

VIII. How to contact us.

# I. How we collect and use the personal information of you and your end users

Personal information refers to various information recorded by electronic or other means about an identified or identifiable, excluding anonymized information.

Sensitive personal information refers to the personal information that, once divulged or used illegally, may lead to damages to the dignity, personal safety, or property safety of a natural person, including biometrics, religion and belief, specific identity, medical health, financial account, whereabouts, etc., and personal information of minors aged under 14.

When you are using the Big Data Analysis Services, we will, on the principles of lawfulness, fairness, necessity, and good faith, employ the following means to collect information that is generated because you and your end users use the services, the information actively provided by you and your end users when using the services, and the personal information collected from third parties in accordance with the provisions of laws and regulations or the consent of you and your end users, so as to provide services for you and your end users:

  • How we collect the personal information of you and your end users
  1. When you request “Experience Demo” on our official website (https://www.thinkingdata.cn/ (opens new window), same as below), we will collect your mobile number and verify your short message verification code, and collect your company name, your name, corporate email, and your position in the company to create an experience account for you to experience demo functions. If you refuse to provide such information, you may be unable to experience the DEMO function; however, you may view other contents on our official website and use other services we provided as normal.
  2. When you request “Demo Appointment” on our official website, we will collect your name, mobile number, and company name for contacting you later to schedule a demonstration. If you refuse to provide such information, you may be unable to experience the “Demo Appointment” function; however, you may view other content on our official website and use other services we provided as normal.
  3. When using the TE, we may need to collect personal information required for corresponding functions and services under the following circumstances, and you may be unable to use some functions or services if you refuse to provide the information required by such functions or services:

(1)Login

When you log in the TE, under the deployment of SaaS cloud, we will verify your account and password to help you complete login after successful verification. You may be unable to log in or use the TE as normal if you refuse to provide such information.

(2)Mobile number/email binding

When you use the function mobile number/email binding in the TE, we will collect your mobile number/email and verify your verification code to help you complete verification and bind your mobile number/email. You may be unable to use the mobile number/email binding function if you refuse to provide such information; however, you may use other functions or services on the TE as normal that do not require mobile number/email binding.

(3)Products feedback

When you use the product feedback function on the TE, we will collect the feedback information you submitted actively to help you solve problems or further improve our services. You may be unable to use the product feedback function if you refuse to provide such information; however, you may use other functions or services on the TE as normal.

(4)Big Data Analysis Services

After integrating the SDK, APIs, or other data import tools (hereinafter collectively referred to as “Data Tools”) of the TE into your application, your application will make use of technical means to collect and transmit relevant data of your end users, and our Big Data Analysis Services may be used to analyze such data to reveal the performance and usage of your application on various terminal devices, platforms, or application distribution channels.

The personal information of your end users collected by our Big Data Analysis Services is used to reveal the usage of your products to you, provide you with analysis services, and deliver analysis results, specifically including:

  1. iOS terminals

IP address, country, country code, province, city, operating system version, device manufacturer, operating system, device ID, device model, App version, unique application identifier, SDK type, SDK version, network state, network operator, page address, forward address, page title, page name, exception information, and event duration.

  1. Android terminals

IP address, country, country code, province, city, operating system version, device manufacturer, operating system, device ID, device model, App version, unique application identifier, SDK type, SDK version, network state, network operator, background event duration, event duration, page title, page name, page address, and forward address.

  1. Web terminals

IP address, country, country code, province, city, device ID, SDK type, SDK version, operating system, browser type, browser version, page address, page path, forward address, forward path, and page title.

  1. Applets/trivia games

IP address, country, country code, province, city, device model, device ID, device manufacturer, operating system version, operating system, network state, SDK type, SDK version, and applet platform.

You may use a switch to disable or turn off the collection of some personal information; if you perform such operations, we will no longer collect the corresponding personal information involved. In addition, under the mode of private deployment, the personal information above of the end users is collected and used by you via the Data Tools, while we have no access to such information; therefore, you shall be solely responsible for the collection, use, storage, and other processing of such information.

You shall make disclosure in the privacy policy of your application about the collection of personal information from your end users described above, and ensure that you have obtained the consent of your end users in compliance with statutory provisions; for the avoidance of doubt, such consent contains the consent of such end users for us to collect their personal information for providing you with the Big Data Analysis Services.

  • How we use the personal information of you and your end users

We will use the information of you and your end users under the following circumstances to abide by national laws and regulations and regulatory provisions, to provide you and your end users with our functions and services, and to improve the quality of such functions and services:

  1. To achieve the purposes described in “How we collect the personal information of you and your end users” in this Privacy Policy;
  2. To report to relevant authorities in accordance with the laws and regulations or regulatory requirements.
  • Exceptions for obtaining the consent

Under relevant laws and regulations, we may collect and use the personal information of you and your end users without obtaining the consent of you and your end users under the following circumstances:

  1. It’s necessary for us to perform our statutory obligations or duties;
  2. It’s necessary to conclude and perform a contract to which you and/or your end users are the party;
  3. It’s necessary to respond to sudden public health events, or to protect the life and health of natural persons and the security of properties under emergency;
  4. The personal information is processed by us within a reasonable scope in accordance with the law and has been disclosed by you and/or your end users or others in a lawful manner;
  5. Other circumstances provided in laws and administrative regulations.
  • Changing the purpose of collecting and using personal information

Our functions and services may be adjusted and changed along with the business development. In principle, when a new function or service is related to the functions or services we provide at present, the collection and use of personal information are associated with the original processing purpose. In the absence of the association with the original processing purpose, we will notify you again and obtain your consent before we collect and use the personal information of you and your end users, and you shall notify your end users and obtain their consent.

# II. How we use Cookie and similar technologies

  • Cookie

To ensure the normal operation of the website, we may store a small data file named Cookie on the computers or mobile devices of you and your end users. Cookie normally contains an identifier, the website name, and some numbers and characteristics. By using the Cookie, the website can store the preferences of you and your end users, the functions or services used by you and your end users, or other data. We will not use Cookie for any purposes other than those specified in this Privacy Policy. You and your end users may manage or delete Cookie according to your preference. You and your end users may remove all cookies stored on the computer, and most web browsers have the functions of disabling Cookie. However, by so doing, you and your end users must personally change the user profile every time you access our website.

  • Do Not Track

Many web browsers have a Do Not Track feature, which issues Do Not Track requests to websites. Currently, the main Internet standards organization has no policy governing how websites should behave when they receive such requests. However, all our websites do respect the Do Not Track option if it is enabled in the browser of you and your end users.

# III. How we share, transfer, and disclose the personal information of you and your end users

  • Sharing
  1. If we need to share the personal information of you and your end users with others, we will notify you of corresponding affairs and obtain your corresponding consent in accordance with the provisions of laws, and you shall notify your end users of the corresponding affairs and obtain their corresponding consent unless otherwise provided by laws and regulations.
  2. We may share the personal information of you and your end users with others in accordance with the provisions of laws and regulations or the mandatory requirements of government authorities, regulatory authorities, or judicial authorities.
  • Transferring

Generally, we will not transfer the personal information of you and your end users to others. If we need to transfer personal information to others due to merger, division, dissolution, declared bankruptcy, etc. in accordance with the laws, regulations, and commercial practices, we will notify you of the name and contact information of the recipient, and require the recipient to be bound by this Privacy Policy, assume corresponding obligations and responsibilities; you shall notify your end users of the foregoing matters. To make changes to the original processing purpose and method, the recipient shall obtain the consent from you and your end users again in accordance with the laws and regulations.

  • Disclosing

We will not disclose the personal information of you and your end users unless we obtain the consent of you and your end users in accordance with the law.

  • Exceptions for obtaining the consent of you and your end users

Under the following circumstances, we may share, transfer, or disclose the personal information of you and your end users without obtaining the prior consent of you and your end users in accordance with relevant laws and regulations:

  1. It’s necessary for us to perform our statutory obligations or duties;
  2. It’s necessary to conclude and perform a contract to which you and/or your end users are the party;
  3. It’s necessary to respond to sudden public health events, or to protect the life and health of natural persons and the security of properties under emergency;
  4. The personal information is processed by us within a reasonable scope in accordance with the law and has been disclosed by you and/or your end users or others in a lawful manner;
  5. Other circumstances provided in laws and administrative regulations.

# IV. How we store and protect the personal information of you and your end users

  • Storage of personal information
  1. Under the provisions of laws and regulations, the personal information we generated, collected, and obtained within the territory of the People’s Republic of China will be stored in the territory of the People’s Republic of China.
  2. Under the deployment of SaaS cloud, unless otherwise provided by laws and administrative regulations, we will store the personal information of you and your end users only within the necessary minimum period required for achieving the processing purpose. We will delete or anonymize the personal information of you and your end users upon the expiration of the storage period above. Under the mode of private deployment, we will not store the personal information of you and your end users.
  • Measures for protecting personal information
  1. We have implemented industry-standard practices to safeguard the personal information of you and your end users against unauthorized access, disclosure, use, modification, damage, or loss. We take all reasonably practicable measures to protect the personal information of you and your end users. For example, we employ encryption technologies to ensure the confidentiality of data; we use a trusted protection mechanism to protect data from malicious attacks; and we deploy an access control mechanism to ensure that the personal information is accessible only to authorized persons.
  2. Our capabilities for data security: We have implemented industry-standard practices to safeguard the personal information of you and your end users against unauthorized access, disclosure, use, modification, damage, or loss as much as possible. We take all reasonably practicable measures to protect the personal information of you and your end users.
  3. The Internet environment is not secure; we will make our best to ensure the security of any information you send to us. Meanwhile, please properly retain your account, login password, and other identity elements. We will identify you according to your account, login password, and other identity elements when you are using our services. You may suffer loss and experience legal consequences unfavorable to you if you divulge such information. Please immediately contact us if you detect that your account and/or other identity elements may be or have been divulged, so that we may promptly take corresponding measures to avoid or reduce relevant losses.
  4. After you stop using our services, we will stop collecting and using the information of you and your end users unless otherwise provided by laws and regulations or regulatory authorities. If we stop operation, we will promptly stop the acts of collecting the personal information of you and your end users, notify you, on a one-to-one basis or by an announcement, of the termination of our operation, and delete or anonymize the personal information we hold of you and your end users unless otherwise provided by laws and regulations.
  5. If, unfortunately, a personal information security event occurs, we will promptly notify you of information related to such event by email, post, telephone, push notice, etc. in accordance with the requirements of laws and regulations, or take reasonable and effective measures to release an announcement; if we notify you of the information related to such event, you shall promptly notify your end users. Meanwhile, we will also report the handling of the personal information security event in accordance with the provisions of laws and regulations.

# V. The rights of you and your end users

There is a direct contractual relationship between you, as our customer, and us, which relationship is different from the indirect relationship between us and your end users. You shall promise that you will provide your end users with an easy-to-use mechanism for exercising their user rights, and instruct your users on how to exercise the statutory rights in personal information. We try our best to protect the rights of you and your end users in information management by taking various measures depending on different relationships in accordance with the relevant laws and regulations of China, which measures are specifically described as follows:

  • Customers directly use our products or services
  1. Accessing your personal information

You have the right to access your personal information save for exceptional circumstances provided in laws and regulations. For example, you may access your account information and the mobile number and email bound with your account under “Personal Center”.

To access other personal information generated when you are using our functions and services, please contact us according to the contact information provided in this Privacy Policy, and we will provide you with such personal information to a reasonable extent as long as there are no additional costs to us unless otherwise provided by laws and regulations.

  1. Correcting and updating your personal information

You may make correction or update if you detect an error in your personal information we processed or you need to update your personal information. You may correct and update your personal information by the following means:

(1)Display name of account: Personal Center - Account Settings - Basic Information - Change Display Name;

(2)Password: Personal Center - Account Settings - Account Security - Change Password.

If the correction or update fails, you may contact us according to the contact information provided in this Privacy Policy.

  1. Deleting your personal information

You have the right to require us to delete your personal information under the following circumstances:

(1)The processing purpose has been achieved or cannot be achieved, or your personal information is no longer required for achieving the process purpose;

(2)We stop providing products or services, or the storage period expires;

(3)You withdraw your consent;

(4)We process your personal information in violation of the laws, administrative regulations, or agreements;

(5)Other circumstances provided by laws and administrative regulations.

Prior to the expiration of the storage period provided in laws and administrative regulations, or if it is technically impractical to delete personal information, we will stop processing except for storage and necessary security protection measures.

  1. Changing the scope of your authorization and canceling your authorization

Every business function needs certain basic personal information for completion thereof. You may contact us at any time according to the contact information provided in this Privacy Policy to withdraw your authorization and consent for your personal information collected and used by us. Once your authorization is canceled, we will no longer collect, process, and use your corresponding personal information, and we will be unable to provide you with some functions and services.

However, your decision to cancel your authorization does not affect the processing we made to your personal information before your authorization is canceled. We will delete or anonymize your personal information after the storage period described above.

  1. Deregistering your account

You may contact us according to the contact information provided in this Privacy Policy to deregister your TE account. The deregistration of your account is irreversible. Once your TE account is deregistered, we will no longer collect your personal information correspondingly, and will delete your personal information at your request unless there are other provisions of laws, regulations, or regulatory authorities on the storage period of personal information.

  • End users of applications using our products or services

Since your end users are not our direct customers, we recommend that your end users shall submit a relevant request directly to you in accordance with your privacy policy, so that you may help your end users handle their requests.

If, despite the foregoing, your end user still submits a relevant request directly to us, to protect the legitimate rights and interests of you, other customers of us, and others, we will require such user to verify his/her identity by promptly providing a certificate document related to his/her rights. After verification with you, we will process the relevant request of such user in accordance with the provisions of laws, regulations, and this Privacy Policy.

  • Ensuring to respond to the request of you and your end users about the rights in personal information

To exercise other statutory rights in personal information, you and your end users shall contact us according to the contact information provided in this Privacy Policy.

To safeguard the personal information security for you and your end users, you and your end users may have to provide a written request, or prove the identity of you and your end users by other means. We have the right not to handle the request of you and your end users unless we verify the identity of you and your end users. In the absence of special circumstances, we will accept and handle the request of you and your end users within 15 working days.

In principle, we do not charge fees for reasonable requests made by you and your end users. However, we may charge certain expenses at our cost for multiple repeated requests beyond a reasonable limit. We have the right to reject requests which are submitted repeatedly for no reason, require too many technical efforts, cause risks to the legitimate rights and interests of others, or are extremely impractical.

Notwithstanding the foregoing, please understand that we may not respond to the requests of you and your end users under the following circumstances in accordance with the requirements of laws and regulations:

  1. In direct connection with national security and security of national defense;
  2. In direct connection with public security, public health, and material public interests;
  3. In direct connection with criminal investigation, prosecution, trial, and enforcement of judgement;
  4. There is sufficient evidence to prove the malicious intent of or abuse of rights by you and/or your end users;
  5. Responding to the request of you and/or your end users may cause serious damage to the legitimate rights and interests of you and/or your end users, or other individuals and organizations;
  6. Trade secret is involved;
  7. In connection with our obligations provided under the laws and regulations;
  8. Required for maintaining material legitimate rights and interests, including the lives and properties, of you and/or your end users or other individuals while it is hard to obtain the consent of the individuals.

If you and your end users are dissatisfied with or detect a problem in our measures for personal information protection, you and your end users may complain or report such case according to the contact information provided in this Privacy Policy. In the absence of special circumstances, we will accept and handle the complaint and report of you and your end users within 15 working days.

# VI. Provisions on personal information of minors

Our products and services are provided for people aged 18 and more; minors should not use our products and services. If a relevant account is registered due to incorrect operation or other reasons, we request you (or with the help of your parents or guardian) to promptly contact us for handing such case (including deregistering the account, deleting the personal information, etc.) according to the contact information provided in this Privacy Policy.

If your application is intended to provide services for minors aged under 14 (hereinafter referred to as “Children”), you should notify the parents or guardian of the Children that you will process the personal information of such Children in accordance with the provisions of laws and regulations, and obtain the consent from the parents or guardian.

Where Children’s personal information is processed with the consent of their parents or other guardians, we will process such information only to the extent permitted by the laws and regulations, specifically permitted by the parents or other guardians, or as necessary for protection of Children; otherwise, we will endeavor to delete relevant data as soon as possible.

If you detect that we, unknowingly or without the prior consent of verifiable parents or other guardians, processed personal information of Children, you may promptly contact us, and we will endeavor to promptly delete such personal information upon detection. We will also promptly delete such personal information if we detect such case on our own unless otherwise provided by the laws and regulations.

# VII. How this Privacy Policy is updated

  1. We may modify this Privacy Policy in part or in whole in accordance with national laws and regulations as necessary for the provision of functions and services and for business operation. However, without your explicit consent, we will not reduce the rights of you and your end users granted under this Privacy Policy. You will be notified of the modified content by a push notice, pop-up window, announcement on the official website, or other proper means.
  2. We will notify you by proper means of changes to the following:(1)Our name and contact information;

(2)The purpose and method of personal information processing, and the type and storage period of the personal information processed;

(3)The method and procedure for you to exercise statutory rights;

(4)Other matters that should be notified in accordance with the provisions of laws and administrative regulations.

  1. You are entitled to choose whether to continue to authorize us to collect, process, and use your personal information. Please make a proper choice at your own discretion based on sufficient understanding of our modified Privacy Policy. If you do not agree with the modified Privacy Policy, you have the right to immediately stop using our services.

# VIII. How to contact us

In the event of any questions, comments, or suggestions about this Privacy Policy, you may contact us according to the following contact information:

Contact address: Rooms 501-506, Building T1, 1388 Kaixuan Road, Changning District, Shanghai

Contact email: compliance@thinkingdata.cn

Generally, we will accept and process your questions, comments, or suggestions within 15 working days.

If you are dissatisfied with our reply, especially when your legitimate rights and interests are damaged due to our act of personal information processing, you may report to relevant government authorities.

User Identification Rules