云闪付隐私政策

1、 本政策适用于境内注册并使用云闪付APP的用户(港澳台地区除外)。

2、 本政策仅适用于 中国银联股份有限公司(“我们”或“银联”) 运营银联云闪付APP提供相关产品和服务

更新日期:2024年8月29日

生效时间:2024年9月2日

如果您有任何疑问、意见或建议,请通过以下联系方式与我们联系:

联系电话:95516

电子邮件:privacy@unionpay.com

常用营业地址:中国上海市浦东新区国展路1899号云闪付部技术支持团队

本政策将帮助您了解以下内容:

■个人信息的收集和使用

■个人信息的安全管理方式

■用户权利的保障和响应

■敏感个人信息的特别提示

■跨境信息的特殊处理规则

■Cookie 和同类技术应用

■已故用户的个人信息保护

■政策更新方式

■附录

我们深知个人信息对您而言的重要性,并会尽全力保护您的个人信息,也感谢您对我们的信任。我们承诺将按业界成熟的安全标准,采取相应的安全保护措施来保护您的个人信息,尽力采用通俗易懂的文字表述向您进行说明和告知,并就本政策中可能与您的合法利益存在重大关系的条款,采用字体加粗的方式以提请您的注意。我们强烈建议您在使用我们的服务前,仔细阅读并完全理解本政策中的全部内容。我们将根据您的选择,为您提供云闪付APP产品及服务。本政策适用于在中华人民共和国境内 (为了本隐私政策的目的,港、澳、台地区除外) 收集、使用、存储及对外提供您的个人信息的行为。

如果您勾选“我已阅读并同意”并确认提交,即视为您同意本政策并授权我们按照本政策规定处理您的个人信息。如果我们欲将您的个人信息用于本隐私政策未说明的其它用途,或基于特定目的收集来的信息用于其它目的,我们会及时以合理的方式告知您,并获得您的授权同意。

一、个人信息的收集和使用

(一) 我们向您收集哪些信息

•基本信息 姓名、家庭地址、电话号码、职业、民族、性别、年龄、国籍。

•身份证件信息 由相关政府部门发放的身份证件,例如身份证、护照、驾驶证、军官证等,对用户进行实名制管理。

•个人金融鉴别信息 (登陆密码、查询密码、交易密码、动态口令、短信验证码、安全问题、卡片CVN2)个人金融鉴别信息属于敏感个人信息。

•生物识别信息 面部照片、面部特征、动态视频、指纹。生物识别信息属于敏感个人信息。

•银行卡信息 例如发卡银行名称、银行卡类型(借记卡、信用卡)、银联卡等级(普卡、金卡、白金卡、钻石卡)或其他银行卡信息。银行卡信息属于敏感个人信息。

•支付交易信息 经银联网络处理的交易信息,如交易金额、交易时间、交易地点、商户名称、商户编号、终端编号、受理机构等 。部分支付交易信息属于敏感个人信息。

•使用信息 有关您在产品上的活动和产品使用和浏览的日志的信息,例如服务内的APP启动信息(时间、地点),包括浏览历史记录、搜索历史记录、收藏记录、软件使用记录、产品交互、崩溃信息、性能和其他诊断信息。

•账号信息 您的云闪付账户详细信息,包括云闪付注册手机号、电子邮件地址、注册的设备、账号状态和注册时间。

•设备信息 可用于识别你设备的数据 ,如设备识别信息(设备型号、设备名称、序列号、设备MAC地址、操作系统类型、IMEI、Android ID、OAID、AAID、IDFA、IDFV、OpenID、GUID)、SIM卡信息(卡IMEI、序列号、运营商)、传感器信息(重力、加速度、陀螺仪)、传感器列表、应用列表、当前运行应用进程、读取外部存储文件、BSSID、SSID等在内的描述个人常用设备基本情况的信息。同时,请您理解,当您将应用移动切换到设备后台运行时,由于网络异常或系统原因,您此前使用应用而产生的信息收集行为可能无法立即停止,从而导致短暂的后台信息收集行为。

•位置信息 精确位置、大致位置、IP地址。精准位置信息属于敏感个人信息。

•您提供给我们的其他信息 例如您通过在线客服提交的互动内容。

•权限信息 设备里的权限信息,包括通讯录信息、位置信息、相机、手机相册、运动与健身等。如您是ios系统,点击路径为您设备中的“设置-隐私”,如您是安卓系统,点击路径为您设备中的“设置-隐私-权限管理”。此外,如果您是鸿蒙系统,在您授权后,我们将获取您选择的相册和通讯录信息。

各相关业务功能可能开启您的设备访问权限的逐项列举, 可以点击此处查询

(二) 您的个人信息使用目的

•为我们的服务提供支持 我们会收集必要的个人信息 来为我们的服务提供支持,收集的信息可能用于产品或服务的改进、用于审计或数据分析等内部目的或用于故障诊断等。

•处理您的支付交易 用于完成支付,例如我们需要收集您的身份信息、银行卡信息向付款银行发出支付指令。

•与您沟通 用于开展我们产品和服务的营销,例如通知您领取优惠、使用权益、参加抽奖等。有时,我们可能会使用个人信息发送重要通知例如收集并展示您的实时支付动态。我们可能还会出于客户服务、提升用户体验等目的向您推送通知类短信、商业性短信及服务通知类外呼、调研回访类外呼。

•安全和防欺诈 为了保障服务的稳定性,同时保护您的账户财产安全,防止损失和预防欺诈。

•处理投诉纠纷 配合您在使用过程中出现的纠纷,如司法请求、消费者权益保护部门的通知处理。

•遵守法律 旨在遵守适用法律——例如反洗钱合规义务或遵守行业监管报告要求。

•改善服务 为了向您提供更加流畅及便捷的服务。例如分析软件闪退、崩溃情形。

•优化功能 基于云闪付app各项业务涉及的数据,在对您的数据脱敏后,在合法合规的情况下,用于特定业务场景下与其他专业公司开展隐私计算、联邦学习等,以实现更丰富的业务场景及功能,如理财贷款、营销活动推荐等,提升您的使用体验、享受参与丰富各类权益活动。

(三) 基本业务功能及扩展业务功能

云闪付APP是一款集合了银行卡功能使用及管理的综合性支付应用软件,我们主要向您提供的基础业务功能围绕 账户注册、登录、支付、银行卡管理、查询银行优惠、积分管理等功能,同时您还可以根据特定需要如 购物娱乐、财富管理、云闪付小程序等使用我们的扩展业务功能。我们对于信息的收集和使用都将遵循法律法规所明示的合法性基础。

我们提供的基本业务功能,需要依赖必要信息才得以运行,必要信息是指在保障APP基本功能服务正常运行所必需的个人信息, 您选择使用云闪付APP提供的基本业务功能,则需要向我们提供或允许我们收集与使用必要个人信息,如您不同意,您将无法使用我们的基础产品服务。关于基本业务功能个人信息处理详情, 详见附件一

您选择使用云闪付APP提供的扩展业务功能,需要向我们提供或允许我们收集相应的个人信息用于扩展产品和服务的使用,如您不同意不影响使用我们的基本业务功能,关于扩展业务功能收集详情, 详见附件二

(四) 我们如何委托处理、对外提供、转让、公开您的个人信息

1、委托处理

云闪付APP中的云闪付商城服务的部分模块和功能由上海荣数信息技术有限公司(注册地址/常用办公地址:中国(上海)自由贸易试验区马吉路2号第6层08室,联系方式:【 021-60606711】)提供。我们已与其签署严格的数据处理协议,要求他们按照我们的要求、本政策以及其他任何相关的保密和安全措施来处理您的个人信息,未经您的授权及我们同意,他们将不会委托其他人处理个人信息或变更数据处理方式、目的等,我们将会采取必要的措施对其个人信息处理活动开展监督。

如果您与银行等金融机构、取得合法征信业务资质的个人征信机构或其他机构(以上主体简称“业务主体”)签署了相应授权协议、文件或通过其他方式提供了授权,基于您的前述授权同意与本隐私政策,我们会对您的必要个人信息(如个人基本资料、个人身份信息、个人财产信息、个人常用设备信息、个人上网记录以及网络身份标识信息等)进行处理(包括但不限于综合统计、分析或加工处理)并将相关处理结果提供给前述业务主体,以协助其开展营销、风控、涉征信业务或其向您提供的其他服务。

2、对外提供

除非获得您的同意 ,我们不会向银联以外的任何公司、组织和个人提供您的个人信息,在您单独同意后,我们仅会处于合法、正当、必要、明确的目的提供您的个人信息,并且只会提供服务所必要的个人信息,法律法规另有规定的除外。

对于我们向其提供个人信息的公司、组织,我们会与其签署严格的数据处理协议,要求他们按照我们的说明、本隐私政策以及其他任何相关的约定来处理个人信息,并且我们会要求该公司、组织提供数据安全能力和信息安全资质(如等级保护测评、信息安全管理体系等)说明。

我们可能会根据法律法规规定,或按政府主管部门的强制性要求,向其提供您的个人信息。

我们可能会向以下合作伙伴提供您的个人信息:

•我们的服务提供商、业务合作伙伴

我们可能会将您的个人信息提供给支持我们功能的服务提供商、业务合作伙伴。这些支持包括为我们提供基础设施技术服务、支付服务、数据处理。

•关联公司

我们可能会将您的个人信息向我们的关联公司提供,我们只会提供必要的个人信息并会单独征得您的同意,同时您在关联公司服务下及页面产生的个人信息将根据关联公司提供的隐私政策向您承诺保护。

•您授权的第三方

我们可能会按照您的指示或在您同意的情况下向您指定的他人提供您的个人信息,例如您使用云闪付的账户信息登录他人运营的平台。

上述由我们对外提供的场景、涉及信息字段、频次、接收方、目的等可 点击此处查询

3、转让

在涉及合并、分立、解散、被宣告破产等原因需要转移您个人信息的,我们会向您告知接收方的名称或者姓名和联系方式。同时要求新的持有您个人信息的公司、组织继续按照本政策处理您的个人信息,否则,我们将要求该公司、组织重新向您征求授权同意。

4、公开

我们基于法律法规要求的合法性基础,在必要的情形下对您的个人信息进行公开。如需公开,我们会告知您公开的目的、公开的个人信息类型、涉及的敏感个人信息种类,并征得您的单独同意。

5、关于第三方向您收集信息的提示

云闪付包含第三方产品和服务,该第三方产品和服务在使用前,您需要跳转到相应的云闪付小程序或第三方页面。您使用的第三方服务将受到第三方的服务条款及隐私政策(而非本政策)约束,您需要仔细阅读其条款并决定是否接受。本隐私政策仅适用于我们为您提供云闪付APP产品及服务的需要处理您的个人信息,第三方处理您的个人信息时的行为由其自行负责。

如果您对第三方使用您的个人信息有异议或发现这些第三方开发的应用程序或者页面存在风险时,我们建议您终止相关操作以保护您的合法权益,您还可以与相应的第三方协商解决,我们将尽可能提供帮助。如果银联在此过程中违反法律法规的规定,给您造成损失的,银联将承担因此引起的相应责任。 具体第三方类型与处理的个人信息类型如下:

•第三方SDK服务商

我们的产品包含第三方SDK,如您在我们的平台上使用相关服务,您知悉由其直接收集和处理您的个人信息,我们会约束该类第三方严格按照合法、正当、必要的原则进行处理,您可以通过 点击此处 查阅我们的产品包含的第三方SDK服务。

•其他第三方

云闪付APP小程序功能向第三方提供接入服务,该类第三方将在其平台内对您的个人信息承担管理职责。您可以通过 点击此处 查看我们的第三方接入名录。

二、个人信息的安全管理方式

1、存储

•存储地点 按照相关法律法规规定,我们将把中华人民共和国境内运营过程中收集和产生的您的个人信息存储在 中国境内

•存储期限 我们仅在为您提供云闪付APP产品及服务之目的所必需且合理的期限内或法律法规及监管规定的时限内留存您的个人信息,例如,根据《银行卡组织和资金清算中心反洗钱和反恐怖融资指引》的规定,您注销云闪付APP用户后,我们将根据法律法规或监管规定,对您的个人身份信息保存5年,交易信息保存5年,对银联清算核心业务系统中的您的个人身份信息及清算业务数据保存15年,上述存储期限届满后,我们将删除或对您的个人身份信息和交易信息进行匿名化处理。

2、安全资质

我们已经取得了以下认证:我们的核心业务系统通过了中华人民共和国信息系统等级保护四级认证,云闪付业务系统通过了中华人民共和国信息系统等级保护三级认证。我们的云闪付APP获得由中国网络安全审查技术与认证中心颁发的移动互联网应用程序(APP)安全认证证书。

3、内部管理措施

我们采取了内部管理制度和技术保障措施等多方面的保护方式以保护您的个人信息,具体而言包括但不限于:

•根据个人信息的敏感程度和类型的不同采取了 分类分级制度 ,并根据分类分级结果进行使用者权限、使用场景权限、使用授权权限、分级审批机制等多方面的 权限限制

•定期安全审计 ,我们通过审计机制来对隐私政策和相关规程的有效性以及数据安全进行全面核查与控制。

•机制保障上 , 我们设立了个人信息保护小组 ,针对个人信息收集、使用、提供、委托处理等开展个人信息保护影响评估 ,对内部员工培训相关法律法规及个人信息安全准则和安全意识强化宣导,并每年组织全体工作人员参加合规考试。

•当您更正、删除个人信息或注销账户后,您的个人信息涉及的备份系统均将依照法规要求进行处理。

4、技术保障

技术保障措施上,我们在存储时采取了 不可逆的加密存储、隔离存储 ,在信息展示和下载时采取了 去标识化处理 ,传输时采取了 专线传输、加密传输、密钥和数据介质隔离传输 等技术措施,以确保您的个人信息安全。

•我们已制定相关的信息安全事件应急预案,定期组织内部相关人员进行应急响应培训和应急演练,使其掌握岗位职责和应急处置策略和规程。

•在不幸发生个人信息安全事件后,我们将按照法律法规的要求,及时向您告知:安全事件的基本情况和可能的影响、我们已采取或将要采取的处置措施、您可自主防范和降低风险的建议、对您的补救措施等。我们将及时将事件相关情况以APP推送通知、发送邮件/短消息、电话等方式告知您,难以逐一告知个人信息主体时,我们会采取合理、有效的方式发布公告。同时,我们还将按照监管部门要求,主动上报个人信息安全事件的处置情况。若您的合法权益受损,我们将承担相应的法律责任。

安全提示 :尽管我们已经采取了上述的安全有效措施,并积极落实法律法规要求的标准, 请您理解,由于技术的限制以及可能存在的外界各种恶意行为,我们无法保证信息百分百的安全,但我们将竭尽所能。请您知悉并理解,您接入我们服务所用的系统和通讯网络,可能存在我们可控范围外的安全问题, 因此我们强烈建议您采取积极措施保护个人信息安全,包括但不限于使用更高复杂度的密码、不将个人账号密码及个人敏感信息透露给他人等。

三、用户权利的保障和响应

我们保障您对自己的个人信息行使以下权利:

(一)查询、访问您的个人信息

您可以通过云闪付APP“我的-个人中心”访问、查阅您的姓名、身份证信息(掩码),或通过客服热线95516联系我们,法律法规规定的例外情况除外。 点击查看相关路径

(二)更正您的个人信息

当您发现我们处理的关于您的个人信息有错误时,您有权要求我们做出更正,您可以通过客服热线95516向我们提出更正个人信息的需求。 点击查看相关路径

(三)转移您的个人信息

当您对您在云闪付APP中的个人信息有转移需求且符合网信部门规定的条件时,您有权要求我们提供信息转移的途径,并可以通过拨打客服电话95516向我们提出具体的个人信息转移需求。

(四)删除您的个人信息

您可以在以下情形中,直接拨打客服电话95516向我们提出删除个人信息的需求,法律法规另行规定的除外:

(1)如果我们处理个人信息的行为,未征得您的同意或违反了与您的约定;

(2)如果我们处理个人信息的行为违反法律法规;

(3)如果您不再使用我们的产品或服务,或您注销了账号,或者个人信息保存期限已届满;

(4)我们处理您的个人信息目的已实现、无法实现或者为实现处理目的不再必要(如破产、停止运营等),并将及时告知您;

(5)您向我们撤回您的授权同意。

(五)撤回您授权同意的范围

1、您可以通过注销云闪付APP账户,撤回我们继续收集您个人信息的全部授权。

2、您可以在APP内通过以下路径改变授权同意的范围:

(1)第三方的账号管理:“我的-设置-隐私设置-账号授权管理”;

(2)系统权限管理:“我的-设置-隐私设置-系统权限管理”;

(3)信用卡账单授权管理:“我的-设置-隐私设置-银行卡信息查询授权管理-账单查询授权管理”。

(4)消息推送管理:“我的-设置-通用设置-新消息通知-营销类通知/提醒类通知”。

(5)商业性短信推送:如您不同意银联向您推送商业性短信,您可致电95516或者在云闪付APP-“我的”-“隐私设置”-“商业性短信管理”页面解除该短信推送服务,解除状态会在24小时内生效。解除该短信推送服务后,您不会再收到银联向您推送的商业性短信,但为保证您账户和交易安全,交易验证码、业务提醒等通知类短信将不受影响。

(6)外呼调研回访:如您不同意银联向您外呼调研回访类内容,您可在接到调研回访类电话的通话过程中明确表示拒绝接收此类电话,或致电95516反馈您诉求的方式解除该外呼服务,解除状态会在24小时内生效。解除该外呼服务后,您不会再收到银联向您外呼调研回访类内容,但为保证您账户和交易安全,客诉反馈、风险控制提醒等服务延续类场景外呼将不受影响。

3、请您理解,每个业务功能需要一些基本的个人信息才能得以完成,当您撤回同意或授权后,我们无法继续为您提供撤回同意或授权所对应的服务,也不再处理您相应的个人信息。但您撤回同意或授权的决定,不会影响此前基于您的授权而开展的个人信息处理。

(六)注销您的账户

当您符合约定的注销条件时,您可以随时注销此前注册的账户,具体路径为“我的→设置→安全中心→注销账户”。系统将根据您当前所处的环境进行风险识别,通过 人脸识别 ,或 短信 登录密码 进行注销操作,如果因特殊原因无法注销成功,您也可以通过拨打95516人工客服进行注销。

(七)获取您的个人信息副本

您有权获取您的个人信息类型副本。您可以通过拨打95516人工客服获取您确认的云闪付个人信息副本,以了解您在云闪付APP的个人信息使用情况。

(八)约束自动化决策的使用

1、我们为您提供的自动化决策服务指使用您允许我们处理的相关信息,利用计算机程序对您的偏好、习惯等特征进行自动化分析与决策。我们不会在仅使用算法或分析程序,且不提供人工审查机会的情况下作出任何会对您产生重大影响的决策。

2、为向您提供更便捷、更符合您个性化需求的信息展示、搜索及推送服务,我们会根据您的设备信息、服务日志信息、区域信息、浏览点击记录、交易记录等提取您的偏好特征,并基于特征标签产出间接人群画像,用于向您提供精准化信息展示、推送服务、优惠展示。

3、您可以在APP内通过以下路径关闭自动化决策功能:

(1)开启/关闭个性化展示设置:“我的-设置-隐私设置-【个性化推荐设置】“

(九)响应您的上述请求

您的任何疑问、建议、意见及投诉,可以通过拨打客服热线95516联系我们的客服提交,或通过“我的→在线客服”提交,为保障安全,我们将在必要的身份验证通过后进行处理,除法律法规另有规定外,一般情况下,我们将在15个工作日内完成处理。

在您选择95516等服务热线联系我们时,为保障服务质量,我们可能需要对客服电话内容进行录音;在录音开始前我们会向您进行必要的提示,充分保障您的知情权与选择权。

四、未成年人的个人信息保护保护

1、我们的产品、网站和服务主要面向成人。如果您是已满16周岁,未满18周岁的未成年人,在注册和使用云闪付前,建议在您的父母或其他监护人指导下共同阅知本政策内容并经其同意,我们将根据中华人民共和国作相关法律法规的规定保护未成年人的个人信息。

2、 如果您是未满14周岁的儿童,在注册成为云闪付用户前,您应当告知您的父母或其他监护人 ,事先取得您的家长或法定监护人的同意,并由您的家长或法定监护人帮助您完成产品或服务注册流程。考虑到个人金融信息的特殊性,云闪付APP的所有支付功能都不对未满16周岁的未成年人开放。此外,我们将儿童的个人信息作为敏感个人信息,并依法遵照法律法规制作了单独的 《云闪付儿童个人隐私保护指引》

3、如您为不满14周岁的未成年人(儿童)的父母或监护人,当您对您所监护的未成年人的信息处理存在疑问时,请通过本政策或者 《云闪付儿童个人隐私保护指引》 约定的联系方式联系我们。

五、敏感个人信息的特别提示

1、我们根据法律法规的合法性基础收集和使用您的敏感个人信息。我们仅在向您提供云闪付产品和服务具有特定的目的和充分的必要性下,并采取严格保护措施的情形下,处理您的敏感个人信息。

2、我们向您收集的敏感个人信息包括生物识别信息、特定身份信息、金融账户信息以及不满十四周岁儿童的个人信息。例如,在业务核身场景下,触发人脸使用的规则为根据该业务功能的必需时,我们会要求您提供 人脸信息 ,以验证您的身份,如果您拒绝同意,您将无法使用该业务功能。

3、对于敏感个人信息的特殊处理要求,如生物识别信息,在使用服务之前,我们会向您获取 单独同意 并告知您的 敏感个人信息 使用规则。在传输和存储敏感个人信息方面,我们会采用加密等安全措施,同时,我们会将您的生物识别信息与您的个人身份信息分开存储,并且原则上不会存储您原始的生物识别信息,仅存储您的生物识别信息的摘要信息。此外,我们不会留存您的个人金融鉴别信息。

请注意,涉及处理您的敏感个人信息,若一旦泄露或者被非法使用,可能存在导致您的人格尊严或者人身、财产安全受到危害的风险。

六、跨境信息的特殊处理规则

•我们在中华人民共和国境内运营中收集和产生的个人信息,存储在中国境内。

•我们的云闪付APP支持完成银联卡跨境支付服务,在此服务下,我们将把您用于支付的 手机号码、银行卡号、CVN2、银行卡有效期 向专门从事银联卡跨境交易处理的关联公司提供,该关联公司位于境内,为完成银行卡跨境交易之必要性,其需要将您的相关个人信息传输至境外合作机构,您可以 点击此处 查看详情或根据本隐私政策提供的联系方式与我们沟通。

•此外,我们的云闪付APP境外服务主要由关联公司及其合作的第三方提供,涉及向境外合作方传输信息的业务情况,您可以 点击此处 查看详情。

•如我们直接将您的个人信息向境外传输,我们会向您告知境外接收方的名称或者姓名、联系方式、处理目的、处理方式、个人信息的种类以及您向境外接收方行使相关权利的方式和程序等事项,并取得您的单独同意。我们会根据境内法律法规规定,对您的个人信息出境前开展安全评估。同时,在相关条件具备时我们将依照国家网信部门组织的安全评估、国家网信部门的规定专业机构个人信息保护认证或按照国家网信部门制定的标准合同与境外接收方订立合同开展个人信息跨境传输工作。

七、Cookie 和同类技术应用

为确保您获得更为流畅、轻松的使用体验,在您使用云闪付APP及相关服务时,我们可能会通过小型数据文件“Cookie”识别您的身份,以帮助您减少信息录入的次数和频率,或协助判断您账户的安全状况。Cookie 通常包含标识符、站点名称以及一些号码和字符,借助于 Cookie,网站能够存储您的偏好或购物篮内的商品等数据。我们也将借助Cookie,用于传输设备标识,便于您参加云闪付APP的营销活动。

除了Cookie,我们同时使用了电子图像技术(简称Web Beacon)。我们可能通过Web Beacon来统计匿名访问的数据,用于计算用户访问数量、停留时间、访问的页面地址、显示设定等,让您能享受到更多的个性化服务,且这些统计信息不包含您的个人信息。

八、已故用户的个人信息保护

云闪付用户去世后,您作为近亲属为了自身的合法、正当利益,可以通过本隐私政策的联系方式联系我们,对去世用户在云闪付APP产生的个人信息行使查阅、复制、更正、删除等权利。需要特别提示,如查询云闪付用户银行卡账户信息,请联系银行卡账户银行。

同时,为了充分保护去世用户的个人信息权益,我们将对相关材料进行核实,如去世用户的身份文件证明、死亡证明文件、申请人身份证件、申请人与去世用户的亲属关系证明。

九、政策更新方式

我们的隐私政策会根据产品的更新情况及法律法规要求进行变更。当本政策发生重大变化时,我们将采取弹窗提醒、消息推送、邮件通知或银联官方网站发布公告等方式及时通知您,构成重大变化的情况包括但不限于:

•我们提供的服务范围、模式等发生重大变化;

•我们的经营主体、组织架构、所有权结构等方面发生重大变化;

•您的个人信息对外提供、转移或公开披露的主要对象发生变化;

•您参与个人信息处理方面的权利及其行使方式发生重大变化;

•我们负责个人信息安全的责任部门及其联系方式、投诉渠道发生变化;

•其他可能对您的个人信息权益产生重大影响的变化。

您可以在云闪付APP通过“我的→设置→隐私设置→隐私政策”中查看本政策。如果您对本隐私政策或您个人信息的相关事宜有任何问题、意见或建议,请通过拨打客服热线95516、或通过“我的→在线客服”邮箱:privacy@unionpay.com与其联系等多种方式与我们联系。一般情况下,我们将在十五个工作日内完成处理。如果您对我们的响应情况不满意,可先友好协商,再次沟通,您有权利通过上海市浦东新区人民法院或监管机构寻求解决方案。

注:本《隐私政策》版本更新日期为 2024年8月29日

•本版本《隐私政策》更新内容主要如下:

1、增加未成年的个人信息保护相关描述

2、补充收集鸿蒙框架手机设备信息

我们还会将 上一版本的隐私政策 存档,供您查阅。

十、附录

本政策中涉及的专用术语和关键词有:

1、个人信息是指以电子或者其他方式记录的与已识别或者可识别的自然人有关的各种信息,不包括匿名化处理后的信息。

2、敏感个人信息是指一旦泄露或者非法使用,容易导致自然人的人格尊严受到侵害或者人身、财产安全受到危害的个人信息,包括生物识别、宗教信仰、特定身份、医疗健康、金融账户、行踪轨迹等信息,以及不满十四周岁未成年人的个人信息。

3、银联卡是指按照银联(中国银联及银联国际)的技术标准和业务规范发行,BIN号由银联分配或管理,或卡面带有“银联”标识的支付卡以及与支付卡相应对的支付账号。

4、关联公司:本隐私政策下,我们的关联公司指银联国际有限公司,地址中国上海市浦东新区国展路1899号,联系方式021-20265666 ,邮箱upidataprivacy@unionpayintl.com 。

5、合法性基础:本隐私政策下关于您的个人信息所有处理环节的合法性基础指《个人信息保护法》第十三条所列之情形。

6、必要信息:必要信息是指在保障APP基本功能服务正常运行所必需的个人信息,缺少该信息APP将无法实现基本功能服务。

7、自动化决策:指通过计算机程序自动分析、评估个人的行为习惯、兴趣爱好或者经济、健康、信用状况等,并进行决策的活动。

8、去标识化:指个人信息经过处理,使其在不借助额外信息的情况下无法识别特定自然人的过程。

9、SDK:Software Development Kit,软件工具开发包,一种嵌入式的为某个功能提供接口或采集信息的技术工具。

10、Cookies:一种记录用户ID、浏览信息、停留时长的技术工具。

11、Web Beacon:网络信标,是可以暗藏在任何网页元素或邮件内的1像素大小的图片,常用来收集目标电脑用户的上网习惯等数据,并将这些数据写入Cookie。

12、境内注册:为了本隐私政策的目的,指在境内(港、澳、台地区除外)使用通信运营商网络提供的手机号完成注册。

Privacy Policy of UnionPay App
INTRODUCTION

1. This Policy applies to users who register and use UnionPay App in China (except Hong Kong, Macao and Taiwan).

2. This Policy applies only to the products and services provided by China UnionPay Co., Ltd. ("us" or "UnionPay") through UnionPay App.

Updated: Jun 01, 2023

Effective: Jun 06, 2023

If you have any questions, comments or suggestions, please contact us at:

Custmor Service:95516

E-mail: privacy@unionpay.com

Ordinary business address: APP Data Support and Governance Team, UnionPay App Department, No.1699, Gutang Road, Pudong New Area, Shanghai, China

This Policy will help you understand the following:

■ Collection and Use of Personal Information

■ How Personal Information is Secured

■ Guarantee and Response of User Rights

■ Protection of Personal Information of Minors

■ Special Notice on Sensitive Personal Information

■ Special Processing Rules for Cross-border Information

■ Application of Cookies and Similar Technologies

■ Protection of Personal Information of Deceased Users

■ Policy Update Method

■ Appendix

We truly understand the importance of your personal information to you and will make the utmost effort to protect it, and we appreciate your trust in us. We undertake to take appropriate security measures to protect your personal information according to the mature security standards in the industry, try our best to explain and inform you in plain and easy-to-understand words of the same, and draw your attention to the terms in this Policy that may have a significant relationship with your legitimate interests in bold font. We strongly recommend you to carefully read and fully understand this Policy before using our services. We will provide you with UnionPay App products and services based on your choice. This Policy applies to the collection, use, storage and provision of your personal information within the territory of the People's Republic of China (excluding Hong Kong, Macao and Taiwan for the purposes of this Privacy Policy).

By checking "I have read and agree" and confirming your submission, you agree to this Policy and authorize us to process your personal information in accordance with this Policy. If we intend to use your personal information for purposes other than those described in this Privacy Policy, or if any information collected for a particular purpose is intended to be used for other purposes, we will promptly notify you in a reasonable manner and obtain your consent.

I. Collection and Use of Personal Information

(I) What information do we collect?

•Basic information: name, home address, telephone number, occupation, nationality, gender, age, and nationality.

•Identity document information: identity documents issued by relevant government authorities, such as ID card, passport, driver's license, military officer ID card, etc., which are subject to real-name management for users.

•Personal financial authentication information: (login password, inquiry password, transaction password, dynamic password, SMS verification code, security question, CVN 2). Personal financial authentication information is sensitive personal information.

•Biometric information: facial photos, facial features, motion video, fingerprints. Biometric information is sensitive personal information.

•Bank card information: for example, the name of the issuing bank, the type of bank card (debit card, credit card), the grade of the UnionPay card (ordinary card, gold card, platinum card, diamond card), or other bank card information. Bank card information is sensitive personal information.

•Payment transaction information: information on the transaction facilitated by UnionPay App, such as the amount, time and place of transaction, merchant name, merchant number, terminal number, accepting institution, etc. Some transaction information is sensitive personal information.

•Usage information: information about your activities on the product and logs of product usage and browsing, such as app launch information (time, location) within the service, including browsing history, search history, favorites, software usage, product interactions, crash information, performance, and other diagnostic information.

•Account information: your UnionPay App account details, including your mobile phone number used for UnionPay App registration, email address, registered device, account status and registration date.

•Device information: data that can be used to identify your device, such as device identification information (device model, device name, serial number, MAC address, operating system type, IMEI), Android ID, Android OAID, IDFA, OpenID, GUID, IMSI of SIM card, etc., which describes the basic information of your personal devices. You should understand that when you choose to let the APP run in the background, the information collection behavior caused by your previous use of the APP may not be stopped immediately due to network abnormality or system reasons, resulting in temporary background information collection behavior.

•Location information: exact location, approximate location, IP address. Exact location information is sensitive personal information.

•Other information that you provide to us, such as the interactive content that you submit through online customer service.

•Permission information: permission information in the device, including address book information, location information, camera, mobile album, sports and fitness, etc. For iOS, click "Settings-Privacy" on your device, or for Android, click "Settings-Privacy- Permissions Management".

An itemized list of the relevant business functions that may enable access to your device can be found here .

(II) Use of your personal information

•To support our services. We collect personal information necessary to support our services, such as for product or service improvements, for internal purposes such as auditing or data analysis, or for troubleshooting.

•To process your payment transactions. To complete the payment, for example, we need your identity information and bank card information to send payment instructions to the paying bank.

•To communicate with you. To market our products and services, such as notifying you to receive offers, use your rights, enter sweepstakes, etc. We may also use personal information to send important notifications, such as collecting and displaying your real-time payment dynamics.

•Security and fraud prevention. To ensure service stability while protecting your account property security to prevent losses and fraud.

•Complaints and disputes settlement. To cooperate with you in the settlement of dispute arising during your usages, such as processing judicial requests and notices from consumer protection department.

•Compliance with laws. To comply with applicable laws, such as AML compliance obligations or compliance with industry regulatory reporting requirements.

•Service improvement. To provide you with a smoother and more convenient service, such as analyzing software flashbacks and crash.

(III) Basic business functions and expanded business functions

UnionPay App is a comprehensive payment application software integrating the use and management of bank card functions. The basic business functions we mainly provide you focus on account registration, login, payment, bank card management, inquiry of bank offers, bonus point management and other functions. Meanwhile, you can also use our extended business functions based on your specific needs such as shopping, entertainment, wealth management, UnionPay applets, etc. We collect and use the information on the basis of legitimacy expressly provided by laws and regulations.

The running of basic business functions we provide requires necessary information, which refers to the personal information necessary to ensure the normal operation of the App's basic function services. If you choose to use the basic business functions provided by the UnionPay App, you should provide us with or allow us to collect and use your personal information as required, otherwise, you will not be able to use our basic products and services. Please refer to Appendix I for details of personal information processed by basic business functions.

If you choose to use the extended business functions provided by UnionPay App, you should provide us with or allow us to collect corresponding personal information for the use of such extended products and services and your disagreement will not affect your use of our basic business functions. Please refer to Appendix II for details on the information collected by extended business functions.

(IV) How we entrust to process, provide to third parties, transfer and disclose your personal information

1. Processing entrustment

Certain modules and functions of the UnionPay App Mall service in the UnionPay App are provided by Shanghai Innovation and Data Information Technology Co., Ltd. (registered address/ordinary office address: Room 08, 6/F, No.2 Maji Road, China (Shanghai) Pilot Free Trade Zone; tel.: [021-60606711]). We have concluded a strict data processing agreement with them, requiring them to process your personal information in accordance with our requirements, this Policy and any other relevant confidentiality and security measures. Without your authorization and our consent, they will not entrust others to process your personal information or change the data processing method and purpose, etc., and we will take necessary measures to supervise their personal information processing activities.

2. Providing to third parties

Unless with your consent, we will not provide your personal information to any company, organization or individual other than UnionPay. With your separate consent, we will only provide your personal information for legal, legitimate, necessary and identified purposes, and will solely provide the personal information necessary for the service, unless otherwise stipulated by laws and regulations.

For the companies and organizations to which we provide personal information, we will have strict data processing agreements with them, requiring them to process personal information in accordance with our instructions, this Privacy Policy and any other relevant agreements, and we will require such companies and organizations to provide certificates to prove their data security capabilities and information security qualifications (such as level protection assessment, information security management system, etc.).

We may provide your personal information in accordance with laws and regulations, or as required by mandatory requirements of competent government authorities.

We may provide your personal information to:

•Our service providers and business partners

We may share your personal information with our service providers and business partners who support our functions. This support includes providing us with infrastructure technical services, payment services, and data processing.

•Affiliates

We may provide your personal information to our affiliates, provided that, we will only provide personal information to the necessary extent and will obtain your consent separately. And also, your personal information generated under the services and pages of affiliates will be protected according to the privacy policy of such affiliates.

•Third parties authorized by you

We may provide your personal information to others you designate at your instructions or with your consent, such as when you log in to a third-party platform with your UnionPay App account information.

The above scenarios, information fields involved, frequency, recipients and purposes of information provided by us can be checked here .

3. Transfer

In case of transfer of your personal information due to merger, division, dissolution, bankruptcy or otherwise, we will inform you of the name and contact information of the recipient. At the same time, we will require the new company or organization holding your personal information to continue to process your personal information in accordance with this Policy, otherwise, we will require it to ask for authorization and consent from you again.

4. Disclosure

We disclose your personal information where necessary on the basis of legitimacy required by laws and regulations. If disclosure is required, we will inform you of the purpose of disclosure, the types of personal information disclosed, and the types of sensitive personal information involved, and obtain your separate consent.

5. Notice of information to be collected from you by third parties

UnionPay App includes third-party products and services, and you should jump to the corresponding UnionPay applets or third-party pages before using such third-party products and services. Your use of third-party services should be governed by such third-party's terms of service and privacy policy (rather than this Policy), which you should read carefully and decide whether to accept or not. This Privacy Policy is only applicable to the processing of your personal information necessary for us to provide you with UnionPay App products and services, and third parties are solely responsible for their actions in processing your personal information.

If you have any objection to the use of your personal information by third parties or if you find that there are risks in the applications or pages developed by these third parties, we suggest you terminate relevant operations to protect your legitimate rights and interests. You can also negotiate with the corresponding third party for settlement, and we will give assistance as much as possible. If UnionPay violates any provisions of laws and regulations in this process, causing losses to you, we will bear the corresponding responsibilities arising therefrom. Specific types of third parties and types of personal information processed are as follows:

•Third-party SDK service providers

Our products include third-party SDKs. If you use relevant services on our platform, you know that your personal information will be directly collected and processed by them. We will restrict such third parties to processing it strictly in accordance with the principles of legality, legitimacy and necessity. You can click here to view the third-party SDK services included in our products.

•Other third parties

The applet function of UnionPay App provides access services to third parties who will be responsible for managing your personal information within their platforms. You can view the list of third parties accessing to our platform by clicking here.

II. How Personal Information is Secured

1. Storage

•Storage location. In accordance with relevant laws and regulations, we will store your personal information collected and generated during our operations in the People's Republic of China within the territory of China .

•Storage period. We will only keep your personal information for a period necessary and reasonable for the purpose of providing you with UnionPay App products and services or within the time limit stipulated by laws, regulations and regulatory requirements. For example, according to the Anti-money Laundering and Anti-terrorist Financing Guidelines for Bank Card Organizations and Fund Clearing Centers, once you cancel your account with the UnionPay App, we will keep your personal identity and transaction information for 5 years, and your personal identity information and clearing business data in the clearing core business system of UnionPay for 15 years in accordance with laws, regulations or regulatory requirements. Upon the expiration of the above periods, we will delete or anonymize your personal identity information and transaction information.

2. Security qualifications

We have achieved the following certifications: our core business system has been qualified as Level 4 and our UnionPay App business system as Level 3 in the Classified Information System Protection Certification of the People's Republic of China. Our UnionPay App has obtained the Mobile Internet Application (App) Security Certification issued by China Cybersecurity Review Technology and Certification Center.

3. Internal management measures

We protect your personal information through internal management systems and technical safeguard measures, including but not limited to:

•According to the sensitivity and types of personal information, the classification and grading system is adopted, with various authority limitations in place in terms of user authority, use scenario authority, use authorization authority, hierarchical approval mechanism and otherwise based on the classification and grading results.

•Regular security audits , through which we comprehensively verify and control the effectiveness of our privacy policy and related procedures as well as data security.

•In terms of the institutional guarantee, we have set up a personal information protection team to carry out personal information protection impact assessment with respect to personal information collection, use, provision and entrusted processing. We also strengthen the training, publicity and guidance of internal staff on relevant laws and regulations, personal information security standards and safety awareness, and organize annual compliance exams for all staff.

•When you correct or delete your personal information or cancel your account, the backup system to which your personal information relates will be processed in accordance with regulatory requirements.

4. Technical support

In terms of technical guarantee measures, we have adopted irreversible encrypted storage and isolated storage of sensitive personal information for information storage, de-identification processing for information display and download, and technical measures such as dedicated line transmission, encrypted transmission, key and data medium isolation transmission for information transmission, so as to ensure the security of your personal information.

•We have formulated relevant emergency plans for information security incidents and regularly organized emergency response training and emergency drills for relevant internal personnel to enable them to understand their job responsibilities and emergency disposal strategies and procedures.

•In the event of a personal information security incident, we will inform you, in a timely manner and in accordance with the requirements of laws and regulations, of the basic situation and possible impact of such security incident, the disposal measures we have taken or will take, the suggestions on how you can independently prevent and reduce the risk, and the remedial measures for you, etc. We will timely inform you of the incident-related information by the APP's push notification, email/SMS, telephone, etc. When it is difficult to inform the personal information subject one by one, we will issue an announcement in a reasonable and effective manner. In the meantime, we will also actively report the handling of personal information security incidents in accordance with laws and regulations and regulatory requirements. If your legitimate rights and interests are damaged, we will bear the corresponding liabilities.

Security notice : Although we have taken the above effective security measures and actively implemented the standards required by laws and regulations, you should understand that it is impossible for us to guarantee the absolute security of information due to technical limitations and possible malicious acts from third parties; however, we will do every effort to safeguard your personal information. You should acknowledge and understand that the system and communication network used by you to access our services may have security issues beyond our control. Therefore, we strongly recommend that you take active measures to protect the security of your personal information, including but not limited to using more complex passwords and not disclosing your account password and personal sensitive information to others.

III. Guarantee and Response of User Rights

We guarantee that you can exercise the following rights with respect to your personal information:

(I) To check and access to your personal information

You can access and check your name, ID card information (masked) through the "My-Personal Center" of the UnionPay App, or contact us through our customer service hotline at 95516, except for exceptions stipulated by laws and regulations. Click here to view the relevant path .

(II) To correct your personal information

When you find that there is an error in your personal information processed by us, you shall be entitled to ask us to correct it. You can ask us to correct your personal information through our customer service hotline at 95516. Click here to view the relevant path .

(III) To transfer your personal information

When you need to transfer your personal information in UnionPay App and such transfer meets the conditions stipulated by the Cyberspace Administration, you shall be entitled to request us to provide the means for information transfer, and you can put forward your specific personal information transfer requirements to us by calling our customer service at 95516.

(IV) To delete your personal information

Unless otherwise stipulated by laws and regulations, you can call customer service directly at 95516 to require deleting your personal information if:

(1)we process your personal information without your consent or in violation of any agreement with you;

(2)our processing of personal information violates any laws and regulations;

(3)you cease to use our products or services, or you cancel your account, or the personal information storage period has expired;

(4)we inform you in a timely manner that the purpose for which we process your personal information has been achieved, cannot be achieved, or is unnecessary anymore (e.g., in case of bankruptcy, cessation of operations, etc.);

(5)you withdraw your consent to us.

(V) To withdraw your consent and authorization

1. You can withdraw all your authorizations to us to keep collecting your personal information by cancelling your UnionPay App account.

2. You can change the scope of your authorization and consent within the APP through the following paths:

(1) Third-party account management: “My-Settings-Privacy Settings-Account Authorization Management”;

(2) System privilege management: "My-Settings-Privacy Settings-System Privilege Management";

(3) Credit card statement authorization management: "My-Settings-Privacy Settings-Bank Card Information Inquiry Authorization Management-Statement Inquiry Authorization Management."

3. You should understand that each business function may only work based on certain basic personal information. Once you withdraw your consent or authorization, we cannot continue to provide you with the services corresponding to such consent or authorization and will cease to process your relevant personal information. However, your decision to withdraw your consent or authorization will not affect the processing of personal information previously carried out based on your authorization.

(VI) To cancel your account

When you meet the agreed cancellation conditions, you can cancel the previously registered account at any time and the specific path for that is "My → Settings → Security Center → Account Cancellation." The system will perform risk identification based on your current environment, and the cancellation will be performed by face recognition or SMS with the login password . If the cancellation failed for special reasons, you can also complete the cancellation by calling our customer service staff at 95516.

(VII) To get a copy of your personal information

You shall be entitled to receive a copy of your personal information. You can obtain a copy of the personal information you confirmed in UnionPay App by calling our customer service staff at 95516 to understand your personal information usage in the APP.

(VIII) To constrain the use of automated decision making

1. The automated decision-making service we provide to you means the automated analysis and decision-making of your preferences, habits, and other characteristics with computer programs based on the relevant information you allowed us to process. We will not make any decisions that could materially affect you using only algorithms or analytical programs and without providing the opportunity for human review.

2. In order to provide you with more convenient and personalized information display, search and push services, we will extract your preference characteristics according to your device information, service log information, regional information, browsing and clicking records, etc., and generate indirect crowd portraits based on feature tags, thus providing you with a more precise information display and push service.

3. You can turn off the automated decision-making in the APP by the following paths:

(1) Enable/disable the personalized display settings: "My-Settings-Privacy Settings-[Personalized Recommendation Settings]";

(2) Turn on/off personalized ad tracking settings: "My-Settings-Privacy-Ad Permissions Management."

(IX) To respond to your requests above

Your questions, suggestions, comments and complaints can be submitted by calling our customer service hotline at 95516 or through "My → Online Customer Service", and for safety purposes, we will handle them after necessary identity verification, which, in general, will be completed with 15 working days, unless otherwise stipulated by laws and regulations.

If you choose to contact us through 95516 and other service hotlines, we may have to record the customer service phone calls to ensure service quality, provided that, we will provide you with the necessary notifications before the recording to fully protect your right to know and choose.

IV. Protection of Personal Information of Minors

1. Our products, websites and services are primarily for adults. If you are a minor over 14 and under 18, you are advised to read this Policy under the guidance of your parents or other guardians and obtain their consent before registering and using UnionPay App. We will protect the personal information of minors in accordance with the relevant laws and regulations of the People's Republic of China.

2. 2. If you are a child under 14 and wish to register and use UnionPay App, you should inform your parents or other guardians , obtain consent from and have your parents or legal guardians assist you to complete the product or service registration process. In consideration of the particularity of personal financial information, all payment functions of UnionPay App are not available for children under 14. In addition, we regard children's personal information as sensitive personal information and have prepared the Guidelines of UnionPay App for Personal Privacy Protection of Children separately in accordance with laws and regulations.

3. Where you are the parent or guardian of a minor (child) under 14 and if you have any questions about the information processing of the minor under your guardianship, please contact us through the contact information provided in this Policy or the Guidelines of UnionPay App for Personal Privacy Protection of Children .

V. Special Notice on Sensitive Personal Information

1. We collect and use your sensitive personal information on the basis of legitimacy required by laws and regulations. We will only process your sensitive personal information if it is necessary to provide you with UnionPay App products and services for a specific purpose and when strict protective measures are in place.

2. The sensitive personal information we collect from you includes biometric information, certain identity information, financial account information, and personal information of children under 14. For example, in the identity verification business scenario and where the rule that triggers the use of face recognition is necessary for the business function, we will ask you to provide facial information for identity verification purposes, and the business function will be unavailable to you if you refuse to do so.

3. In case of any special processing requirements for sensitive personal information, such as biometric information, we will obtain separate consent from you and inform you of the rules governing the use of your sensitive personal information prior to your use of such service. In terms of the transmission and storage of sensitive personal information, we will apply security measures such as encryption, and we will store your biometric information separately from your personally identifiable information. In principle, we will not store the original but only a summary of your biometric information. In addition, we will not retain your personal financial identification information.

VI. Special Processing Rules for Cross-border Information

•Personal information collected and generated by us during our operations in the People's Republic of China will be stored in China.

•Our UnionPay App supports the cross-border payment of UnionPay cards. Under this service, we will provide your mobile phone number, card number, CVN 2 and card validity period used for payment to the affiliate that specialized in UnionPay card cross-border transaction processing and that is in China. In order to complete the cross-border transaction with the card, it is required to transmit your relevant personal information to overseas cooperative institutions. You may click here for details or contact us at the contact information provided in this Privacy Policy.

•In addition, overseas services of the UnionPay App are mainly provided by our affiliates and their third-party partners, and such services involve transmitting information to overseas partners. You can click here for details.

•If we directly transfer your personal information overseas, we will inform you of the name and contact information of the overseas recipient, processing purpose, processing method, type of personal information, and the methods and procedures for you to exercise relevant rights against the overseas recipient, and obtain your separate consent. We will carry out a security assessment before transferring your personal information overseas in accordance with domestic laws and regulations. Meanwhile, when relevant conditions are met, we will enter into a contract with overseas recipients to carry out cross-border transmission of personal information in accordance with the security assessment organized by, the personal information protection certification of professional institutions stipulated by or the standard contract formulated by the Cyberspace Administration.

VII. Use of Cookies and Similar Technologies

To ensure a smoother and easier experience for you, we may identify you through a small data file "cookie" when you use the UnionPay App and related services to help you reduce the number and frequency of information entries or to help determine the security status of your account. Cookies typically contain an identifier, the name of the site, and some numbers and characters, and allow websites to store data such as your preferences or the items in your shopping basket. We will also use Cookies to transmit device identification to facilitate your participation in the marketing campaigns of UnionPay App.

In addition to Cookies, we also use electronic image technology, i.e. Web Beacon. We may collect anonymous access data through Web Beacon to calculate the number of visits, time spent, page addresses visited, display settings, etc., so that you can enjoy more personalized services, and there is no personal information contained in these statistics.

VIII. Protection of Personal Information of Deceased Users

In case of the death of a UnionPay App user, you, as a close relative and for your own legal and legitimate interests, may contact us through the contact information set forth in this Privacy Policy to exercise the rights to check, copy, correct and delete the personal information of the deceased user in the UnionPay App. It should be noted that you should contact the opening bank if you want to check the card account information of such UnionPay App user.

Furthermore, in order to fully protect the personal information rights and interests of the deceased user, we will verify relevant materials, including the identity documents of the deceased user, death certificate, applicant's documents, and the proof of kinship between the applicant and the deceased user.

IX. Policy Update Method

Our Privacy Policy may be changed from time to time based on our product updates or as required by law. In case of any significant change to this Policy, we will notify you in a timely manner by means of a pop-up reminder, message push, email notification or announcement on the official website of UnionPay. Such significant changes include but are not limited to:

•Significant changes in the scope and mode of services we provide;

•Significant changes in our business entities, organizational structure, or ownership structure;

•Changes in the main objects to which your personal information is provided, transferred, or publicly disclosed;

•Significant changes in your rights to participate in the processing of personal information and the way you exercise them;

•Changes in our responsible department for personal information security, its contact information and complaint channels;

•Other changes that may have a significant impact on your personal information rights and interests.

You can view this Policy on UnionPay App as follows: "My → Settings → Privacy Settings → Privacy Policy." If you have any questions, comments, or suggestions about this Privacy Policy or your personal information, please contact us through our customer service hotline at 95516, the "My → Online Customer Service" or email (wallet@unionpay.com). In general, we will process them within 15 working days. If you are not satisfied with our response, we can have an amicable negotiation at first for further communication and you should be entitled to seek solutions with the People's Court of Pudong New District of Shanghai or the regulatory authorities.

Note: This Privacy Policy was updated on Jun 01, 2023

•The updates in the current version of the Privacy Policy are as follows:

1、Adjust and supplement SDK descriptions for Tingyun Lens, Getui Push and Shumei, etc.

2、Add SDK descriptions for Okio and Appache

We will also keep the previous version of the Privacy Policy on file for your review.

X. Appendix

The specific terms and keywords used in this Policy are as follows:

1. Personal information refers to all kinds of identified or identifiable information related to a natural person recorded in electronic or other means, excluding anonymized information.

2. Sensitive personal information refers to personal information that, once disclosed or illegally used, may likely violate the personal dignity of natural persons or endanger personal and property safety, including information on biometric identification, religious belief, specific identity, medical health, financial accounts, whereabouts and other data, as well as personal information of minors under the age of 14.

3. UnionPay card refers to the payment card issued in accordance with the technical standards and business specifications of UnionPay (China UnionPay and UnionPay International), with the BIN assigned or managed by UnionPay, or with the "UnionPay" logo on the card surface, and the payment account corresponding to the payment card.

4. Affiliate: our affiliate under this Privacy Policy refers to UnionPay International Co., Ltd., with an address of 2 - 7/F, Building B, Poly Plaza, No.6 Dongfang Road, Pudong New District, Shanghai, China, TEL: 021 - 20265666, E-mail: upidataprivacy@unionpayintl.com.

5. Basis of legitimacy: The basis of legitimacy for all processing of your personal information under this Privacy Policy refers to the circumstances listed in Article 13 of the Personal Information Protection Law.

6. Necessary information: refers to the personal information necessary to ensure the normal operation of the APP's basic functions and services and the APP cannot achieve its basic functions and services without such information.

7. Automatic decision-making: refers to the activity of automatically analyzing and evaluating personal behaviors and habits, interests and hobbies or economic, health and credit status through computer programs, and making decisions.

8. De-identification: refers to the process by which personal information is processed to make it impossible to identify a specific natural person without the support of additional information.

9. SDK: Software Development Kit, a kind of embedded technical tool that provides an interface for a certain function or collects information.

10. Cookies: a technical tool for recording user ID, browsing information and length of stay.

11. Web Beacon: a 1×1 pixel image that can be hidden in any web page element or email, often used to collect data such as the target computer user's Internet habits and write these data into Cookies.

12. Domestic registration: for the purposes of this Privacy Policy, it refers to the completion of registration in China (excluding Hong Kong, Macao and Taiwan) by using the mobile phone number provided by the network of communication operators.

雲閃付(中國香港特別行政區)隱私政策

1、本雲閃付(中國香港特別行政區)隱私政策(“本政策”)僅適用於中國香港地區發行的銀聯卡使用者及銀聯雲閃付APP(以下或稱“雲閃付”)相關產品和服務。

2、若使用銀聯雲閃付APP提供的中國境內服務,可能需要同意雲閃付中國大陸隱私政策。

本版隱私政策發佈日期:【2023】年【10】月【31】日

本版隱私政策生效日期:【2023】年【10】月【31】日

第一條 概述

(一)本政策闡釋了當您使用雲閃付APP時,銀聯國際有限公司( “銀聯國際” “我們” )及關聯公司為何以及如何處理您的個人資料/個人數據/個人資訊 (統稱 “個人資料” )。在您開始使用 雲閃付相關產品和服務 之前,請您務必先仔細閱讀和理解本政策,特別應重點閱讀我們以 粗體/ 粗體下劃線 標識的條款,確保您充分理解和同意之後再開始使用。本政策中涉及的專業詞彙,我們盡量以簡明通俗的表述向您解釋,以便於您理解。請注意,本政策僅適用於 銀聯國際 自身通過雲閃付提供的服務模組,不適用於雲閃付中由 第三方 向您提供的服務模組。 請您謹慎選擇是否訪問第三方提供的連結、內容、產品和服務。在向第三方提交個人資料之前,請認真閱讀第三方的隱私政策及相關協定,並評估和承擔相關後果。 銀聯國際對於此等第三方連結或材料所載內容或其安全性不承擔任何責任。

若您不同意此政策的任何條款,請停止使用雲閃付相關產品或服務。

(二)若您開始使用或在我們更新本政策後(我們會及時提示您更新的情況)繼續使用我們的產品與服務,即意味著您完全理解、同意本政策(含更新版本)內容,並且同意我們按照本政策收集、存儲、使用和對外提供您的相關信息。

(三)何為個人資料?

個人資料指與在世人士有關及可確定個人身份的資料(不論用任何方式儲存),亦必須以可供查閱及處理的方式記錄下來的資料。

當您 (i) 創建雲閃付APP帳戶的時候或 (ii) 使用我們的任何服務時,我們可能會收集、使用、存儲和傳輸有關您的個人資料,其中可能包括以下內容:-

1. 技術數據: 可能包括互聯網協定 (IP) 位址、您的登錄數據、瀏覽器類型和版本、時區設置和位置、瀏覽器外掛程式類型和版本、操作系統和平臺以及您使用的設備上的其他技術訪問我們的雲閃付APP;

2. 個人資料數據: 可能包括您的使用者名和密碼、您的購買、您的興趣、偏好、愛好、反饋和調查回復;

3. 使用數據: 其中可能包括有關您如何使用雲閃付APP的資訊;

4. 營銷和通訊數據: 其中可能包括您在接收我們和我們的第三方營銷資訊時的偏好以及您的通訊偏好;

5. 交互數據: 其中可能包括您可能提供給雲閃付APP上任何討論論壇的任何資訊;

6. Cookies;

7. 我們從其他來源收到的有關您的第三方資訊; 和

8. 分析結果: 包括第三方分析服務,用於評估您對我們的產品及服務的使用、分析績效指標,以及收集和評估與我們的產品及服務的其他資訊。

(四)銀聯國際是誰?

銀聯國際是一家根據中華人民共和國(“中國”)法律設立的公司,其註冊地址為中國上海市浦東新區東方路6號2-7樓。

銀聯國際是一家在全球多個國家及地區設立分支機構的跨國公司。

如果您對數據保護事宜有任何疑問,您可來信至上述位址,或致電銀聯官方(中國香港)熱線800-967-222或006-800-800-95516(僅支持手機撥打)。

(五)中國銀聯是誰?

指中國銀聯股份有限公司,註冊位址/常用辦公位址:中國(上海)自由貿易試驗區郭守敬路498號。

(六)雲閃付/雲閃付APP是什麼?

指中國銀聯開發、為中國銀聯及銀聯國際使用者直接提供服務的平臺/手機應用程式。

(七)雲閃付賬戶是什麼?

指通過雲閃付APP註冊成功後系統生成的相關電子帳戶,用於儲存使用者的相關個人資料、被連結的銀聯卡資料以及使用銀聯國際服務的所需資料等。

(八)銀聯國際賬戶是什麼?

指通過進入雲閃付APP權益U賞模組以及 使用銀聯國際用戶入口網站 ,服務系統生成的相關電子帳戶,用於儲存使用者的相關個人資料、 被連結的銀聯卡資料以及使用銀聯國際服務的所需資料等。

(九)銀聯國際為何需要收集及處理個人資料?

1. 處理您作為雲閃付APP用戶的註冊資訊;

2. 當您將銀聯卡綁定到雲閃付APP時驗證您的個人身份;

3. 銀聯國際通過雲閃付APP為使用者提供付款及其他服務;

4. 處理支付交易;

5. 向您提供個人化的服務和推薦。 例如,我們將基於位置資訊的來判斷您所處的地點,為您推薦附近的商戶門店等;

6. 如果您已經明確同意或在適用法律允許的情況下,就市場營銷活動與您聯繫;

7. 通過技術手段對資訊進行脫敏、去標識化處理,去標識化處理的資訊將無法識別主體。 在此情況下我們可以對您的資訊進行綜合統計、分析加工,以便為您提供更加準確、個性、流暢及便捷的服務,或幫助我們評估、改善或設計服務及運營活動;

8. 對我們的產品或服務使用方式進行統計,並可能會與公眾或第三方共用這些統計資訊,以展示我們的產品或服務的整體使用趨勢。 但這些統計資訊不包含您的任何身份識別資訊;

9. 為防止任何損害或損失、舉報任何涉嫌非法的活動或處理針對我們提出的任何索賠或潛在索賠作出的相關資料披露;

10. 遵守適用的法律、法規及執法部門要求; 如對適用於我們的法律或法規、或我們負有合約或監管義務的官方人員或其他第三方要求的數據作出的披露; 同時,亦可根據適用於我們的法庭傳票、令狀、命令、裁定或其它法律程式或要求作出的資料披露; 以及

11. 任何其他合法的商業目的。

(十)銀聯國際在您的個人資料處理過程中扮演什麼角色?

銀聯國際決定收集及處理您的個人資料的目的及方式,本政策旨在說明如何使用該等個人資料。

在您使用雲閃付APP進行支付時,為完成銀聯卡交易之目的,我們將按照銀聯合作夥伴(如銀聯卡收單機構、發卡機構等)發起的指示,處理(如進行轉接、授權等)相關交易資訊。

(十一)本政策中包含的關鍵信息是什麼?

您將了解我們收集及處理的有關您個人資料的相關信息,我們收集及處理該等資訊的目的以及您的權利。

第二條 我們持有的個人資料及如何收集、使用您的個人資料

為了遵守相關法律法規及監管規定(例如履行反洗錢職責、採取安全管理),也為了向您提供服務及提升服務品質(例如支援我們開發新產品或完善已有產品功能),我們需要收集、使用及對外提供您的資訊。

(一)您需授權我們收集和使用您的個人資料的情形

在您使用 雲閃付相關服務 時,您理解並同意,我們將根據下列不同場景下的相應目的收集、使用您特定種類的個人資料,用以向您提供服務、提升我們的服務品質、保障您的帳戶和資金安全,以及符合相關法律法規的監管要求。

A 基礎模組

1. 您在登陸註冊和使用雲閃付APP時,您需要提供 手機號碼 登錄和支付密碼;

2. 您在綁定銀聯卡時,您需要視屆時頁面提示提供相應的銀聯卡資訊,如 銀聯卡號、銀聯卡有效期、安全碼(CVN2)等;

3. 您在使用雲閃付的支付服務時,我們將獲得您的 交易數據 ,包括: 銀聯卡號、交易的日期/時點/金額、商戶名稱;

4. 我們會收集您使用雲閃付APP 服務的相關操作資訊,包括 硬體設備型號、螢幕寬度和高度、您所使用的軟體版本資訊、您的操作系統及版本、您的IP位址、您所在的位置、移動網路資訊、您的設備ID、設備製造商、設備型號、運營商、IMEI/android ID/IDFA/OPENUDID/GUID、SIM卡IMSI資訊、標準網路日誌數據 。

B 增值服務模組

您可以按需要選擇使用雲閃付APP上的增值服務。如您使用該些增值服務,我們會收集額外關於您的個人資料:

銀聯國際賬戶創建:當您進入權益U賞模組時,您知曉並同意授權我們使用從雲閃付獲取您註冊雲閃付使用的手機號碼為您創建銀聯國際帳戶。 為方便我們提供相應的帳戶服務,我們可能需要收取您的個人資料,包括您的銀聯卡號。您可以使用雲閃付帳戶的註冊手機號碼以及動態驗證碼登錄 銀聯國際用戶入口網站 ,查看與解綁您銀聯國際帳戶中的銀聯卡。

1. 權益U賞模組; 優計劃/優計劃禮券模組

(1) 權益U賞模組

我們會收集的個人資料: 雲閃付中綁定的銀聯卡號。

用途: 為了匹配您在權益U賞模組下可適用權益。

(2) 優計劃

我們會收集的個人資料: ①使用者ID、訂單資訊及優惠券資訊; 您可以在優計劃中參加銀聯卡行銷/促銷/權益等優惠活動;②您的姓名、銀聯卡卡號、手機號、操作日誌。 當您在優惠券對應的商戶購買商品並使用領取或購買的優計劃優惠券(即核銷優惠券); ③您的交易記錄(卡號、交易金額、交易時間、商戶資訊); ④電子郵箱或手機號。

用途: ①向您展示優計劃服務資訊並提供優惠服務:您可以在優計劃平臺瀏覽我們提供的優惠服務資訊並免費領取或有償購買優計劃優惠券,為記錄您的優惠資格;②為處理您的報名申請和確保您成功參與優惠活動;③為了計算您可獲取的營銷優惠金額以及清算相關發卡機構和收單機構等的費用支付目的,以及為核實您的身份以防止欺詐風險;④在得到您的明確同意後,為了向您提供與合作夥伴共同/獨立開展的持卡人營銷活動。 如您不願接受這些資訊,您可以通過手機簡訊或電子郵件中提供的退訂方式進行退訂,也可以直接與我們聯繫隨時拒絕或請求終止該項服務。

2. 乘車碼

我們會收集的個人資料: 雲閃付使用者ID、交易金額和乘車資訊(根據公交或地鐵公司的不同,可能包括您的進站網站、進站時間、出站網站、出站時間、交通線路、商戶名稱、訂單號等)。

用途: 為實現您進站乘車及扣費的目的。

( 當您使用乘車碼功能時,為實現您進站乘車及扣費的目的,並將上述資訊傳輸給對應的公交進行乘車費用的計算 )。

3. 港鐵乘車碼

我們會收集的個人資料: 使用者ID、交易金額、交易卡號和乘車資訊。

用途: 為實現您進站乘車及扣費的目的。 我們會將上述資訊傳輸給[香港鐵路有限公司]進行乘車費用的計算。

( 您可以在「港鐵乘車碼→交易記錄」中查詢您的出行記錄,包括您的進站資訊、進站時間以及乘車管道 )。

4. 香港繳費服務

我們會收集的個人資料: 根據繳費專案的不同,我們可能會收集您的繳費商戶名稱、帳類、賬戶號碼、帳單編號、申請號碼、繳費編號、學生證號碼/學生編號, 以及交易的日期、時點、金額。

用途: 為協助您完成繳費操作,我們會將上述個人資料傳輸給對應的商戶或收單機構進行交易處理和費用扣除。

5. 全球退稅模組

(1) 機場即時退

我們會收集的個人資料: 姓氏,名字,性別,生日,護照資訊(如護照號/護照有效期限/護照簽發國家、護照照片),並需要出示您的退稅碼(您的退稅碼預設為您授權從雲閃付收集的支援PCT交易的第一張銀行卡而生成的; 您也可以在綁定卡片時選擇您在退稅時需要綁定的銀行卡)。

用途: 辦理您申請的退稅服務。

(2) 離境退稅服務

我們會收集的個人資料: 姓名英文拼音,性別,出生日期,證件資訊(如證件號碼、證件有效期),簽證資訊(如簽發地點和簽發次數)。

用途: 辦理您申請的退稅服務。

6. ATM掃碼取款

我們會收集的個人資料: 我們將把經您選中的且支援ATM取現功能匹配成功的銀聯卡作為後續ATM掃碼取款的支付卡片。

用途: 向您展示支援ATM掃碼取款的銀行卡。

我們會不時更新用戶可於雲閃付APP中可享有的增值服務並更新此政策下的條款。使用者應不時查閱我們的更新條款。部分增值服務受相關的協議約束。該些增值服務條款而在有關服務的頁面仲展示。 使用者需仔細閱讀此政策及該些協定。

第三條 我們處理您個人資料的規則

(一)我們會根據本政策的約定併為實現我們的服務功能對所收集的個人資料進行使用; 因我們向您提供的服務種類眾多,且不同用戶選擇使用的具體服務範圍存在差異,我們所收集、使用的個人資料類型、範圍等會相應有所區別,請以具體服務功能為準。

(二)請知悉,根據適用的法律, 當我們要將您的個人資料用於本政策未載明的其它用途時,或基於特定目的收集而來的資訊用於其他目的時,會按照法律法規及相關標準的要求以確認協定、具體場景下的文案確認動作等形式再次徵求您的同意。

第四條 我們如何共享、轉讓或披露您的個人資料

在以下情況下,我們可能會與其他公司、組織和個人共用、轉讓或披露您的個人資料:

(一) 在法定情形下的共用

我們可能會根據法律法規規定、訴訟、爭議解決需要,或按行政、司法機關依法提出的要求,對外共用您的個人資料。在符合法律法規的前提下,當我們收到上述披露資訊的請求時,我們會要求必須出具與之相應的法律檔,如傳票或調查函。 我們堅信,對於要求我們提供的資訊,應該在法律允許的範圍內盡可能保持透明。 我們對所有的請求都進行了慎重的審查,以確保其具備合法依據,且僅限於執法部門因特定調查目的且有合法權利獲取的數據。在法律法規許可的前提下,我們披露的檔均在加密密鑰的保護之下;

(二) 在獲取明確同意的情況下共用

獲得您的明確同意後,我們會與其他方共用您的個人資料(如在獲得您授權後,將您的個人資料授權給接入雲閃付的提供服務模組的第三方);

(三) 與附屬機構/關聯公司間共用

為便於我們基於雲閃付帳戶向您提供產品和服務,推薦您可能感興趣的信息,識別帳戶異常,保護我們及關聯公司或其他使用者或公眾的人身財產安全免遭侵害,您的個人資料可能會與我們的關聯公司和/或其指定的服務提供者共用。 我們只會共用必要的個人資料,且受本政策中所聲明目的的約束,如果我們改變個人資料的使用及處理目的,將再次徵求您的授權同意;

(四) 協助您完成支付/交易

在完成銀聯卡支付交易過程中,與銀聯國際合作機構(如發卡機構、收單機構等)共用完成支付交易所需的必要資訊;

(五) 與授權合作夥伴共用

我們可能委託授權合作夥伴為您提供某些服務或代表我們履行職能, 我們僅會出於本政策聲明的合法、正當、必要、特定、明確的目的共用您的資訊,授權合作夥伴只能接觸到其履行職責所需資訊,且我們將會通過協定要求其不得將此資訊用於其他任何目的。

(六) 在涉及合併、收購或破產清算

在涉及合併、收購或破產清算情形時,如涉及到個人資料轉讓,您瞭解並同意我們可將個人資料轉讓給新的公司、組織或個人,並要求新的持有您個人資料的公司、組織或個人繼續受本政策的約束,或我們將要求該公司、 組織或個人重新向您徵求授權同意。

對我們與之共用個人資料的公司、組織和個人,我們會與其簽署嚴格的協定,要求他們按照我們的說明、本政策以及其他任何相關的保密和安全措施來處理個人資料。

(七) 共用、轉讓、公開披露個人資料時事先徵得授權同意的例外

根據以下情形中,共享、轉讓、公開披露您的個人資料無需事先徵得您的授權同意:

1. 履行根據相關法律法規規定、訴訟、爭議解決需要或按照行政或執法機關提出的合法要求的義務相關的;

2. 出於維護您或其他個人的生命等重大合法權益但又很難得到本人授權同意的;

3. 您自行向社會公眾公開的個人資料;

4. 從合法公開披露的資訊中收集個人資料的,如合法的新聞報導、政府資訊公開等管道;

5. 當個人資料用於建議商業交易的盡職審查;

請知悉,根據適用的法律, 若我們對個人資料採取技術措施和其他必要措施進行處理,使得數據接收方無法重新識別特定個人且不能復原,則此類處理後數據的共用、轉讓、公開披露無需另行向您通知並徵得您的同意;

第五條 直接促銷

(一)銀聯國際可能為向您進行直接促銷而使用您的個人資料(可能包括您的聯繫電話、地理位置、設備資訊)。在得到您的明確同意後,我們可能會向您發送與銀聯國際或銀聯國際的代理人或銀聯國際的附屬機構具有聯合市場促銷安排的其他公司的商品、服務或活動的更新、最新優惠和促銷相關的市場營銷資訊。 除非已徵得您的明確同意,銀聯國際不會為此使用或提供您的個人資料。

(二)根據適用的法律規定,該等通訊資訊將可能通過信件、簡訊、推送/彈出消息、傳真及電子郵件等方式向您發送。 您可以通過以下方式隨時選擇拒絕接收銀聯國際向您發送的市場營銷資訊:(1)通過首頁右下角“我的”,點擊“右上角設置圖示→通用設置→新消息通知”,選擇開啟或關閉“促銷類通知”或致電銀聯官方熱線800-967-222/006-800-800-95516(僅支援手機撥打) ,或使用市場促銷通信中提供的退出選項設置。 此後,銀聯國際將採取一切合理措施從發送名單中刪除您的個人資料,並不會就此向您收費。

第六條 我們如何保護您的個人資料

我們使用一切商業上合理可行符合業界標準的安全防護措施保護您提供的個人資料,防止數據遭到未經授權訪問、公開披露、使用、修改、損壞或丟失。我們已採取的技術和內部管理措施包括但不限於:

(一)內部管理制度上,我們根據數據的敏感程度和類型的不同採取了數據分類分級制度,並根據分類分級結果進行使用者許可權、使用場景許可權、使用授權許可權、分級審批機制等多方面的許可權限制。

(二)技術保障措施上,我們在存儲時採取了不可逆的加密存儲、隔離存儲,在資訊展示和下載時採取了脫敏處理,傳輸時採取了專線傳輸、加密傳輸、密鑰和數據介質隔離傳輸等技術措施,以確保您的個人資料安全。

(三)萬一發生個人資料安全事件後,我們可能按照適用法律的要求向您告知:安全事件的基本情況和可能的影響、我們已採取或將要採取的處置措施、您可自主防範和降低風險的建議、對您的補救措施等。同時,我們還將按照適用的法律或監管部門要求,上報個人資料安全事件的處置情況。

雖然我們會採取一切商業上合理的保護措施來保護您的個人資料,鑑於互聯網的開放性,我們無法保證所有通過互聯網、網站、移動應用程序或通過電子郵件或其他消息服務進行的數據傳輸是安全的。您須自行承擔傳輸您的個人資料的風險,我們假定您已經使用適當的安全措施來保護您的個人資料。對於任何個人資料的盜竊、丟失、損壞或未經授權的使用,我們不承擔任何責任。通過使用我們的網站,您承認您理解並同意承擔這些風險。

如果我們懷疑或發現任何違反個人資料安全的行為,我們可能會暫停您使用我們的部分服務,恕不另行通知。

第七條 Cookie與電子圖像技術

(一)為確保您獲得更為流暢、輕鬆的使用體驗,在您使用雲閃付APP及相關服務時,我們可能會通過小型數據檔“Cookie”識別您的身份,以説明您減少資訊錄入的次數和頻率,或協助判斷您帳戶的安全狀況。 Cookie通常包含標識碼、網站名稱以及一些號碼和字元,藉助於Cookie,我們能夠 存儲您的偏好等數據。 我們也將藉助Cookie,用於傳輸設備標識,便於您參加雲閃付APP的營銷活動。

(二)我們不會將Cookie用於本政策所述目的之外的任何用途,存儲您數據的Cookie是唯一的,大部分網路瀏覽器都設有阻止Cookie的功能,它只能被將Cookie發佈給您的域中的web伺服器讀取。 您可根據自己的偏好管理或刪除Cookie,並可隨時清除設備上保存的所有Cookie,但如果您選擇清除,則需要在每一次使用設備訪問相關網站過程中重新進行使用者設置,您之前所記錄的相應資訊也均會被刪除。

(三)除了Cookie,我們同時使用了電子圖像技術(簡稱Web Beacon)。 我們可能通過Web Beacon來統計匿名訪問的數據,用於計算使用者訪問數量、停留時間、訪問的頁面位址、顯示設定等,讓您能享受到更多的個人化服務,且這些統計資訊不包含您的個人資料。

第八條 第三方SDK

(一)為保障雲閃付相關功能的實現和應用的安全穩定運行,我們會接入由第三方提供的軟體開發包(SDK)實現該目的。

(二)我們會對第三方SDK進行嚴格的安全檢測,並要求合作夥伴採取嚴格的措施來保護您的個人數據。 在滿足新的服務需求及業務功能變更時,我們可能會調整我們接入的第三方SDK,並及時在本說明中向您公開說明接入第三方SDK的最新情況。請注意,第三方SDK可能因為版本升級、策略調整等原因導致數據類型存在一些變化,附其官方網站連結或相關隱私保護說明連結供參考,具體請以其公示的官方說明為準。 您可以通過點擊查閱我們產品包含的第三方SDK服務。

第九條 國際數據轉移

(一)根據不同服務或功能模組,您的個人資料可能存儲在香港境外。以下情形中,我們會在履行了法律規定的義務後,向香港地區以外的實體提供您的個人資料:

1. 適用的法律有明確規定;

2. 獲得您的明確授權;

3. 您通過互聯網進行跨境交易等個人主動行為。

4. 針對以上情形,我們會確保您的個人資料得到在中華人民共和國大陸地區及香港特別行政區足夠同等的保護。 銀聯國際是一家在全球多個國家及地區設立分支機構的跨國公司,因此可能會將您的個人資料傳輸到中國大陸其他地區和其他國家/地區,這種跨境傳輸對於銀聯國際提供相關服務是必需的。 當您的個人資料被傳輸到其他國家/地區(或從其他國家/地區訪問)時,需要遵守額外的法律要求。 銀聯國際不會或不會允許在未採取必要措施保障傳輸符合相關適用法律規定的情況下跨境傳輸您的個人資料。

第十條 數據儲存

(一)我們將採取所有一切商業上合理可行的步驟以確保個人資料的存儲時間不超過為達到收集個人資料的原來目的所需的時間。 為確定我們儲存您個人資料的期限,我們會綜合考慮個人資料的作用與功能、產品及服務的類型以及適用的法律法規所規定的儲存期限要求。 我們會採取合理可行的措施,盡力避免收集和處理無關的個人資料。 我們只會在達成本政策所述目的所需的期限內保留您的個人資料,除非法律法規或其他規定有強制的留存要求。 我們判斷個人資料的存儲期限主要參考以下標準並以其中較長者為準:

1. 完成與您相關的交易目的、維護相應交易及業務記錄,以應對您可能的查詢或投訴;

2.保證我們為您提供服務的安全和品質;

3.您是否同意更長的留存期間;

4.是否存在保留期限的其他特別約定。

在超出保留期間後,我們會根據適用法律法規或其他規定的要求刪除您的個人資料,或對其進行匿名化處理。

第十一條 未成年人保護

(一)您在使用我們的服務或參與相關報名活動中我們推定您具有相應的民事行為能力。 如您為未滿18周歲(或在您所屬之法律管轄權的法定成人歲數)的未成年人,我們要求您請您的父母或其他監護人(統稱為 “監護人“ )仔細閱讀本隱私政策,並在徵得您的監護人同意的前提下使用我們的服務或向我們提供資訊。 我們不向未滿14周歲的兒童提供服務,如您為兒童,請您立即停止使用我們的服務並通知您的監護人。

(二)如果有事實證明未成年人在未取得監護人同意的情況下註冊使用了我們的產品與/或服務,我們會與相關監護人協商,並設法儘快刪除相關個人資料。

(三)若您是未成年人的監護人,發現我們在不知情的情況下誤收集了未成年人的個人資料,或者您對您所監護的未成年人的個人資料有疑問,請通過本政策中提到的聯繫方式與我們聯繫。

第十二條 與第三方網站的連結

(一)您可能會在雲閃付APP中發現訪問第三方網站或App的連結。 鑒於本政策不適用於其他網站或App對您個人資料的處理,並且銀聯國際不對外部網站對您個人資料的處理負責,我們建議您閱讀該等網站或App的隱私政策。 如果您流覽任何不是由我們擁有或管制的鏈接網站,我們將不負責其內容、其有關隱私方面的做法和其服務的品質。

(二)請您注意,您的交易相對方、您訪問的第三方網站經營者、通過雲閃付境外服務接入的第三方服務和通過我們接收您的個人資料的第三方會根據自己的隱私政策或其他協定收集、存儲、使用、對外提供您的相關數據或資訊; 當您查看第三方創建的網頁或使用第三方開發的應用程式時,這些第三方可能會放置他們自己的Cookie或像素標籤,這些Cookie或像素標籤不受我們的控制,且它們的使用不受本政策的約束。 我們會努力去要求這些主體對您的個人資料採取保護措施,建議您在接受或使用第三方產品前充分瞭解其服務條款及隱私政策。 如您發現這些第三方創建的網頁或第三方開發的應用程式存在風險時,建議您終止相關操作以保護您的合法權益。

第十三條 您的權利

(一) 查詢、索取、更正和補充您的個人資料

您有權訪問您的個人資料,法律法規規定的例外情況除外。 您可以通過雲閃付APP登錄雲閃付帳戶,並通過如下渠道訪問、查閱、索取、更正和補充您的個人資料:

A 基礎模組

1. 在「我的→帳單」中查閱 訂單頁面;

2. 在「我的→獎勵→我的紅包→全部明細」中查閱 您已獲取和使用的紅包金額;

3. 在「我的→設置→支付設置」中查閱 支付排序(扣款順序/卡片順序)、無感支付、指紋支付、付款碼小額免密支付、紅包使用設置、向他人展示姓名選項等資訊。

B 增值服務模組

1. 在「權益U賞→我的→我的卡包」中查閱您已綁定的銀聯卡; 在「權益U賞→我的→權益券包」中查詢您已領取/報名或購買的權益憑證; 在權益U賞→我的→使用記錄「中查詢權益憑證的使用方式(包括未使用、未達標、未支付、已支付、已使用、已過期、已退訂、已失效)。

2. 在「優計劃→我的→優惠憑證」中查閱您已獲取的 優惠券 報名憑證 ; 在「優計劃→我的→我的訂單」中查詢您的 訂單資訊 ; 在「優計劃→我的→優惠明細」中查詢 優惠說明 優惠金額累計

3. 在「乘車碼」功能中查詢您的 待繳費帳單資訊 (根據公交不同,可能包括進站網站、進站時間、出站網站、扣款時間、乘車方式、交易狀態、失效訂單號); 乘車記錄 (根據公共交通公司或鐵路公司的不同,可能包括乘車日期、進站資訊、乘車管道、行程單號); 訂單詳情 (根據公共交通公司或鐵路公司的不同,可能包括實付金額、優惠資訊、訂單金額、支付方式、商戶名稱、交易狀態、乘車資訊、交易時間、交易流水號、商戶訂單號)。

4. 在「港鐵乘車碼→交易記錄」中查詢您的出行記錄,包括您的進站資訊、進站時間以及乘車管道。

5. 在「香港繳費→我的訂單→已連結帳單」中查詢您的 已連結帳單 ; 在「香港繳費→我的訂單→繳費記錄」 中查詢您的 已繳費資訊

有關查詢、索取、更正和補充其他個人資料,您亦可以通過撥打客服電話 800-967-222/006-800-800-95516(僅支持手機撥打)聯絡我們, 銀聯國際將根據您的具體需求保障您數據更正的權利。

(二)改變或撤回您授權同意的範圍

您可以通過關閉設備功能等方式改變您授權我們繼續收集個人資料的範圍或撤回您的授權或部分項目的授權。 您也可以通過註銷帳戶的方式,撤回我們繼續收集您個人資料的全部授權。 您亦可以通過關閉定位功能隨時停止我們對您的地理位置資訊的收集。除此之外,對於我們額外收集的個人資料,就其收集和使用,您可以隨時給予或者收回您的授權同意。 若在此過程中,您需要任何説明,可根據本政策「如何聯繫我們」部分提供的聯繫方式與我們聯繫。

請理解,每個業務功能需要一些基本的個人資料才能得以完成。 當您撤銷同意後,我們將不再收集、使用相應的個人資料。 這可能意味著我們將無法執行必要的操作,以達到上文所述的為您處理數據的目的,且您可能無法使用我們的服務。 但您撤銷同意的決定,不會影響我們此前基於您的授權而開展的個人資料處理。在您選擇撤銷同意後,銀聯國際仍有權在法律要求或法律允許的範圍內繼續處理您的個人資料。

(三)刪除您的個人資料

A 基礎模組

如果您需要刪除儲存在您設備終端本地緩存的您設置的手勢及指紋密碼、最後一次定位信息,您可通過“我的→通用設置→清理緩存”進行刪除,並退出登錄。

B 增值服務模組

1. 您可以通過本協定及相關增值服務協定中的提供的聯繫方式與我們聯繫,刪除相關增值服務的個人資料。

2. 您可通過「香港繳費→我的訂單→已連結帳單→帳單設定」進行解除,解除後,此連結帳單不會再出現在已連結帳單清單中。 解除連結後,您再次繳費需重新選擇繳費商戶及輸入繳費賬戶號碼。

(四) 限制自動化決策權或約束資訊系統自動決策

在某些業務功能或場景中(例如當某筆交易符合營銷活動規則時,此筆交易可能經我們相關防控系統進行校驗,如您以任何利用系統漏洞、外掛軟體、外掛件、偽造權益/優惠券/碼/憑證等違反活動規則或通過其他不正當管道、手段或工具套取權益或優惠,我們有權取消您參與活動的資格,並有權不另行通知而直接或通過發卡行或商戶取消或收回已經發放的權益或優惠, 並拒絕您今後參與我們的優惠活動),我們可能僅依據資訊系統、演算法等在內的非人工自動決策機制作出決定。 如果這些決定顯著影響您的合法權益,您有權要求我們作出解釋,我們也將提供適當的救濟方式。

(五) 向監管機構進行投訴的權利

如您對於我們處理您的個人資料的行為有任何不滿,您有權利按照香港私隱專員的指引向專員作出投訴。

(六)註銷帳戶

A 基礎模組

您可以通過客服電話800-967-222/006-800-800-95516(僅支持手機撥打)或通過“我的→設置→安全中心→註銷帳戶”進行註銷雲閃付帳戶的操作。

B 增值服務模組

1. 您可以通過本協定及相關增值服務協定中的提供的聯繫方式與我們聯繫,註銷相關增值服務的帳戶。

2. 您可以在「權益U賞」中「我的」介面選擇「註銷帳戶」(註銷銀聯國際帳戶但不影響註銷雲閃付帳戶),當您閱讀註銷相關事項後,點擊「確認」進行銀聯國際帳戶註銷; 或登錄 銀聯國際用戶入口網站 ,點擊右上角“選項”下拉功能表,選擇“註銷帳戶”並確認。

3. 您可以在「優計劃」介面中打開「我的」——“註銷帳戶”,閱讀註銷相關事項後點擊註銷。 您可以通過「香港公共交通乘車碼→關閉服務」來關閉乘車碼的服務。

4. 您可以通過「港鐵乘車碼→更多設置→關閉港鐵乘車碼服務」進行關閉港鐵乘車碼服務的操作。

為保障您的帳戶安全,您向我們提出註銷帳戶的請求時, 我們可能會先要求您驗證自己的身份 (如要求您提供書面請求或其他方式),然後再處理您的請求。

對於您合理的請求,我們原則上不收取費用,但對超出合理限度的請求,我們可能將酌情收取不超乎適度的費用,並盡快在 40 日內清楚告知查閱資料要求者需收取多少費用。在以下情況,我們有可能會拒絕依從查閱資料要求:

a) 未獲提供足夠資訊以識辨查閱資料要求者的身份;

b) 不披露第三者的個人資料便無法依從該要求;或

c) 依從該要求在當其時是受條例或其他法例所禁止。

我們會在接獲查閱資料要求後 40 日內以書面回覆查閱資料要求者,述明拒絕依從的理由,並將相關紀錄備存四年。

第十四條 隱私政策的變更

(一)因為我們的服務以及技術是一直隨著您以及其他的使用者的需求更新和優化,因此在新的服務及業務流程變更,以及法律、監管部門的指引或銀聯國際的內部政策發生變化的情形下,我們可能會更新我們的隱私政策以告知您具體的變化。 您同意您有義務不時查看相關更新與變更。您繼續使用我們的服務將視為您對本政策相關調整的同意。 但未經您明確同意,我們不會限制您按照本政策所應享有的權利。 我們如要變更或擴展個人資料的處理目的,我們將及時向您提供更新後的隱私政策。 如對本政策進行重大變更,我們將提供更為顯著的通知(包括通過公示的方式進行通知或向您提供彈窗提示),且在特定情形下我們可能會徵詢您的同意。

(二) 構成重大變更的情況包括但不限於:

1. 我們提供的服務範圍、模式等發生重大變化,如收集、使用個人資料的目的、處理個人資料的類型、個人資料的使用方式等發生重大改變;

2. 我們的經營主體、組織架構、擁有權結構等方面發生重大變化,如業務調整、兼併收購重組等引起的所有者變更;

3. 您參與個人資料處理方面的權利及其行使方式發生重大變化;

4. 個人資料共享、轉讓或公開披露的方式、主要對象等發生變化;

5. 我們負責個人資料安全的責任部門及其聯繫方式、投訴渠道發生變化;

6. 其他可能對您的個人資料權益產生重大影響的變化。

7. 我們還會將本政策的舊版本存檔,供您查閱。 請參考 上一版本的隱私政策

第十五條 如何聯繫我們

(一)如果您對數據保護事宜有任何疑問,您可以致電銀聯官方(中國香港)熱線800-967-222或006-800-800-95516(僅支持手機撥打)。 我們將及時回復您的請求。

(二)如果您對我們的回復不滿意,特別是我們的個人資料處理行為損害了您的合法權益,您還可以進行投訴或舉報。

銀聯國際有限公司
隱私政策(澳門特別行政區)
1.概述

本隱私政策( “隱私政策” “政策” )闡釋了當您使用銀聯手機應用程式時, 銀聯國際有限公司( “銀聯國際” “我們” )為何以及如何處理您的個人數據。

為使用銀聯手機應用程式, 您需要同意本隱私政策。

● 何為“個人數據”?

個人數據是指與已識別或可識別的個人身份直接或間接相關聯的任何信息。

● “銀聯國際”是誰?

銀聯國際是一家根據中華人民共和國( “中國” )法律設立的公司, 其註冊地址為中國上海市浦東新區東方路6號2-7樓。

銀聯國際是一家在全球多個國家及地區設立分支機構的跨國公司。

如果您對數據保護事宜有任何疑問, 您可來信至上述位址或發送電子郵件至legalteam@unionpayintl.com。

● 銀聯國際為何需要處理個人數據?

銀聯國際通過運營銀聯手機應用程式為用戶提供付款及其他相關服務。

● 銀聯國際在您的個人數據中扮演什麼角色?

銀聯國際決定處理您的個人數據的目的及方式, 且本隱私政策旨在說明如何使用該等個人數據。

● 本隱私政策中包含的關鍵信息是什麼?

您將瞭解我們處理的有關您個人數據的相關信息, 我們處理該等數據的目的、法律依據以及您的權利。

2.您的個人數據處理目的

您將發現銀聯國際為以下目的處理您的個人數據:

● 處理您作為銀聯手機應用程式用戶的註冊信息;

● 當您將銀行卡綁定到銀聯手機應用程式時驗證您的個人身份;

● 向您提供銀聯手機應用程式中的相關服務;

● 市場營銷活動;

● 提升我們的服務以及開發新功能;

● 開展內部研究、報告及分析;

● 遵守適用的法律、法規及執法部門要求;

● 任何其他合法的商業目的。

3.我們處理的有關您個人資料及個人數據的類別

我們處理的個人數據類型包括:

● 註冊信息(即手機號碼、密碼)

● 綁定的銀行卡信息(即銀行卡號碼)

● 交易數據(即個人帳號, 交易的日期/時點/金額, 商戶名稱及位置)

4.我們處理您個人數據的法律依據

以下為銀聯國際處理您個人數據的法律依據:

● 在您同意的情況下, 為一個或多個特定目的處理您的個人數據(例如: 在直接營銷過程中使用);

● 履行我們與您或您與第三方(特別是銀聯國際會員)之間的合同, 或者在簽署合同之前根據您的要求採取措施(例如: 使用由銀聯國際會員簽發的信用卡);

● 遵守在全球範圍內對我們適用的法律; 及/或

● 我們就處理您的個人數據享有合法權益, 除非您的權益或基本權利和自由(例如:遵守外國的法定義務, 內部研究、報告及分析)優先于該等權益。

5.您的權利

訪問您的個人信息

我們理解您可能想瞭解我們保存您的何種個人數據。我們很樂意為您提供幫助。然而, 為保護您的個人數據, 我們要求您在提出請求時向我們證明您的身份信息: 您可以以書面形式通過含有您的簽名及政府簽發的身份證明文件的經簽字的副本的電子郵件或信函與我們聯繫。

銀聯國際保留在法律允許的特定情況下拒絕您訪問個人信息的要求。如果未向您披露您的個人數據, 我們將向您說明不披露的原因。

其他權利

您也有權:

̵拒絕我們處理您的個人數據;

̵拒絕我們將您的個人信息用於直接營銷的目的;

̵要求限制處理您的個人數據;

̵要求更正及/或刪除您的個人數據;

̵撤銷您對我們處理您個人數據的同意(在銀聯國際根據您的同意處理您個人信息的情形下);

̵要求以機器可讀的形式向其他機構傳輸或由該等機構接收您可能已提供給銀聯國際的個人信息;

̵向監管機構投訴; 以及

當您可以選擇是否與銀聯國際共享個人信息時, 您可以隨時做出不共享個人數據的決定。

如果您不希望收到銀聯國際的營銷信息,您可以電銀聯客服熱線0800-801。您始終有權接受或拒絕來自銀聯國際的任何形式的通信。您可以通過選擇此類通信中包含的“取消訂閱”鏈接隨時取消訂閱電子營銷通信。

如果您拒絕我們處理您的個人信息, 或者您已經同意我們處理您的個人數據,但您隨後決定撤銷該項同意, 我們將尊重您的決定。

這可能意味著我們將無法執行必要的操作, 以達到上文所述的為您處理數據的目的(請參見第2條), 且您可能無法使用我們的服務。

在您選擇撤銷同意後, 銀聯國際仍有權在法律要求或法律允許的範圍內繼續處理您的個人信息。

如果您在任何時候希望行使上述任何權利,您可以電銀聯客服熱線0800-801。

6.將數據傳輸到澳門以外的區域

您同意並確認您的個人信息可能會被共享、披露或傳輸給第7條所述的接收方, 該等接收方可能位於澳門特別行政區以外的區域, 即香港和中國大陸。

7.您的個人數據接收方及跨境傳輸

您的個人數據接收方包括:

● 銀聯國際的員工、機構和附屬機構;

● 銀聯國際的信息處理商和其他承包商、供應商和服務提供者;

● 銀聯國際會員: 該等會員主要位於香港和澳門; 參與銀行卡交易的銀聯國際會員為收單銀行(即您提取現金的銀行, 或您為購買商品或服務而向其支付費用的商戶的開戶銀行)和發卡銀行(即發行您持有的銀行卡的銀行): 這將幫助您就每一筆交易確定銀聯國際可以傳輸您數據的區域;

● 為確保網絡有效運作及促進創新而必要的任何其他各方。

該等接收方應採取一切必要措施以保護您的個人信息。

當您的個人數據被傳輸到其他國家/地區(或從其他國家/地區訪問)時, 需要遵守額外的要求。銀聯國際僅會在該等傳輸符合數據保護法律的情形下將個人數據傳輸到另一國家/地區。

8.安全

銀聯國際已經安裝了嚴密的安全系統, 以防止任何未經授權的人士(包括銀聯國際的工作人員)訪問您的個人數據。我們已將授權訪問範圍縮減至最低限度並已培訓員工如何處理個人數據。因此, 銀聯國際有權訪問您個人數據的所有員工和有權訪問您個人數據的任何第三方將被要求嚴格遵守保密義務。

我們已採取適當的技術和組織措施, 以防止未經授權或非法地處理您的個人數據並應對有關已傳輸、存儲或以其他方式處理的個人數據的意外或非法的破壞、丟失、更改、未經授權地披露或訪問。

9.Cookies

如您想瞭解詳細信息, 請參閱銀聯國際的Cookie政策。

10.數據儲存

我們將在適用法律要求的期限內儲存您的個人數據。這可能涉及您交易完成後的信息儲存。一旦上文提及的信息處理之目的均已達成, 我們將刪除您的個人數據。

為確定我們儲存您個人數據的期限, 我們會綜合考慮信息的作用與功能、產品及服務的類型、您和我們之間的關係屬性以及適用的法律法規所規定的儲存期限要求。

11.與其他網站的鏈接

您可能會在銀聯手機應用程式中發現訪問其他公司網站或應用程式的鏈接。鑒於本隱私政策不適用於其他網站或應用程式對您個人數據的處理, 並且銀聯國際不對外部網站對您個人數據的處理負責, 我們建議您閱讀該等網站或應用程式的隱私政策。

12.隱私政策的變更

我們將不時更新本隱私政策, 尤其是在法律、監管部門的指引或銀聯國際的內部政策發生變化的情形下。在該等情形下, 我們將會通過我們的手機應用程式向您推送更新後的隱私政策, 且在特定情形下我們可能會徵詢您的同意。

COOKIE政策

繼續訪問我們的網站, 即表示您同意Cookies的使用(尤其是為市場營銷之目的)。瞭解更多信息, 請閱讀我們的Cookie政策。

1.何為Cookie?

Cookie是儲存在您設備(如手機)中的由字母和數位組成的並由銀聯手機應用程式用於向您的流覽器(該流覽器應被允許向銀聯手機應用程式反饋信息)發送信息的一個小數據文件。

Cookie分為不同類型:

● 臨時會話Cookie將在用戶關閉網站時消失;

● 永久性Cookie將保留在用戶的設備上, 直至其失效或用戶在流覽器設置中刪除該等Cookie。

2.銀聯國際的網站使用何種Cookies?

銀聯手機應用程式使用三種類型的Cookie。

2.1使用銀聯手機應用程式所需的Cookies

該等Cookies是不可或缺的, 其將保證您充分體驗銀聯手機應用程式提供的所有服務,例如訪問您的個人賬戶。

禁用此類Cookies, 您將無法使用基本產品和功能, 從而導致用戶體驗變差且效率降低。

通過該等Cookies收集的信息僅用於此目的, 且不會共享或出售給第三方。

2.2改善銀聯手機應用程式所需的Cookies

銀聯國際使用Cookies收集的匿名信息以瞭解訪問者如何使用銀聯手機應用程式, 並且監控用戶在使用銀聯手機應用程式時可能遇到的任何故障。該等Cookies是改善銀聯手機應用程式並提升用戶體驗所必需的。

通過該等Cookies收集的信息僅用於此目的, 且不會共享或出售給第三方。

2.3目標定位的Cookies

該等Cookies將由銀聯國際用於管理、提升其廣告活動的投放效果, 精准定位廣告投放的目標, 從而確保銀聯國際可以向每一用戶推送與其最相關的內容。通過該等Cookies收集的數據均為匿名的。

3.如何管理銀聯手機應用程式上Cookies的使用?

您可以通過激活流覽器(該流覽器應允許您通過以下步驟拒絕所有或部分Cookies的設置)上的設置來禁用Cookies。

● 選擇“我的”;

● 選擇“更多”;

● 選擇“清除隐私數據”;

● 在手機應用程式顯示通知後, 點擊“繼續”;

● 數據將被刪除且您將退出登陸該賬戶。

Effective date: May 6,2019

UNIONPAY INTERNATIONAL
Privacy Notice (United States)
1.In a nutshell

This privacy notice (the “Privacy Notice” or “Notice” ) explains why and how UnionPay International Co. Ltd (“UPI” or “we”) may process your personal information when you use the UnionPay mobile wallet application (the “UnionPay App” )

● What does “personal information” mean?

Personal information means any information that can be linked directly or indirectly to identified or identifiable individuals.

● Who is UPI?

UPI is a company incorporated under the laws of the People’s Republic of China ( “PRC” ) with its registered office at Floor 2-7, No.6 Dongfang Road, Pudong New District, Shanghai, PRC.

If you have any questions in relation to data protection matters, you can contact us by email at apphelp@unionpayintl.com or call the UnionPay official hotline at 866-567-5516.

● Why does UPI process personal information

UPI operates the UnionPay App for providing payment and other related services to users.

● Do you have a UPI account? View our Gramm-Leach-Bliley Consumer Notice below.

If you have created an account with us, our Gramm-Leach-Bliley Consumer Privacy Notice (the “GLB Notice” ) applies to you. The GLB Notice contains important information about your choices regarding how we share non-public information for marketing purposes, and how you can limit such sharing. Please consult the GLB Notice below, right at the end of this Privacy Notice.

● What information is contained in this Privacy Notice?

You will find relevant information on the personal data we process about you, the purposes and legal bases for the processing of this data and your rights.

2.The purposes for which we Collect your personal information

You will find below the purposes for which UPI collects personal information:

● Processing your registration with us as a user of UnionPay App and creating and maintaining your account with us;

● Verifying your identity when binding cards to UnionPay App;

● Providing you with relevant products or services in UnionPay App;

● Marketing activities, including marketing by us, our affiliates, and our partners in the UnionPay App, online, via email or SMS, or otherwise;

● Providing you with location-specific options, functionalities, or offers;

● Communicating with you and responding to your requests, including by providing customer support and enabling you to interact with UPI through social media;

● Operating, evaluating, and improving our business, including improving our services and developing new functions;

● Doing internal research, reporting and analysis;

● Protecting against, identifying and preventing fraud and other prohibited or illegal activity, claims and other liabilities;

● Establishing, exercising, and defending legal claims;

● Monitoring compliance issues and ensure compliance with our policies, terms, and obligations, including conducting internal investigations and audits

● Compliance with our obligations, applicable laws and regulations, and/or subpoenas, court orders or other legal process or requirements applicable to us.

3.The categories of personal Information we process about you

The types of personal information we process are the following:

● Registration and account information (including name, phone number, email address, machine or mobile ID, password);

● Card Information for binding cards (including card number, expiration date, card verification code (CVC), and tokenized versions of the foregoing);

● Transaction data and/or commercial information collected when you make payments with the UnionPay App or purchase items within the UnionPay App (i.e., personal account number, date/time/amount of the transaction, name and location of merchant, items purchased, and shipping and billing addresses);

● Information about your interaction with the UnionPay App collected automatically by the UnionPay App when you use the App (including geolocation data, device type, device identification number, time zone, language setting, browser type, and IP address);

● Information about your use of participation in coupons or promotional offers available in the UnionPay App; Information collected in connection with verifying your identity and/or preventing suspicious activities or fraud;

● Any information you provide to us when you communicate with us, including audio recordings when you call us as permitted by law;

● Social networking information and information from your social media profiles, if you interact with us through social media.

● Inferences drawn from any of the information identified above about you, your activity, or your preferences.

4.sources of personal information

We collect personal information about you from the following categories of sources:

● Directly from you, for example when you provide personal information to us (such as a credit card number) or use the UnionPay App.

● From our service providers, such as providers who assist us with tokenizing your payment information.

● From persons who help you make payments through the UnionPay App, such as financial institutions, credit or debit card brands, payment processors, or merchants.

● From partners who help us provide advertising or promotions to you.

● From social media platforms, if you interact with us through social media.

5.Your rights

Accessing your personal data

We understand that you may like to know what personal data we hold about you. We are happy to assist you with your request. To protect your personal data, however, we require that you prove your identity to us at the time your request is made: you can contact us in writing via email at apphelp@unionpayintl.com or letter including your signature and a copy of a signed government issued identification document.

UPI reserves the right to decline access to your personal data under certain circumstances as permitted by law. If your personal data is not disclosed to you, you will be provided with the reasons for this non-disclosure.

Other rights

You may also be entitled to:

̵ object to the processing of your personal data;

̵ request the restriction of the processing of your personal data;

̵ request the correction and/or deletion of your personal data;

̵ withdraw your consent to the processing of your personal data (where UPI is processing your personal information based on your consent);

̵ lodge a complaint with a supervisory authority; and

Where you are given the option to share personal data with UPI, you can always choose not to do so.

If you object to the processing of your personal data, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice.

This could mean that we will be unable to perform the actions necessary to achieve the purposes of processing data for you as described above (see article 2) and that you may be unable to use our services.

After you have chosen to withdraw your consent, UPI may be able to continue to process your personal data to the extent required or otherwise permitted by law.

If at any time you wish to exercise any of these rights, you can contact us by email at apphelp@unionpayintl.com or call the UnionPay official hotline at 866-567-5516.

6.The recipients of your personal Information

The recipients of your personal information may include:

● UPI’s establishments and affiliates;

● UPI’s processors and other contractors, suppliers and service providers;

● Companies that may assist us in analyzing personal information, improving the UnionPay App or your experience on it, marketing products or services, or providing promotions to you;

● Other financial institutions we have partnered with to jointly create and offer products or services;

● Companies involved in helping you make payments with the UnionPay App, including acquiring banks (such as the bank you are withdrawing cash from, or the bank of the merchant you are paying in exchange for goods or services), the issuing banks (such as the bank that issued your card), credit card brands, payment processors, and merchants;

● Law enforcement authorities or other public or governmental agencies, bodies, or officials, or other third parties pursuant to a subpoena, a court order or other legal process or requirement applicable to UPI or UPI’s affiliates;

● With other third parties for our business purposes or as permitted or required by law.

We make efforts designed to ensure that such recipients undertake measures to keep your personal data confidential.

7.Direct Marketing

UPI may use your personal information (including your contact numbers) for direct marketing to you, as permitted by applicable law. This includes sending you marketing communications about updates, and the latest offers and promotions about UPI’s goods, services, or activities or, as appropriate, those of UPI affiliates or other companies with whom UPI has partnered. UnionPay may not so use or provide your personal data except as permitted by applicable law.

These communications may be sent by app, in accordance with applicable laws. If you create an account with UPI, you have the option to stop us from sharing your personal information with affiliates and non-affiliates for marketing purposes. Please see our GLB Notice below to find out what sharing you can stop, and how to exercise your right to stop such sharing.

8.Security

UPI has installed security measures designed to prevent access to your personal information by unauthorized persons. We have authorised and trained staff for processing personal information. As such, staff of UPI and third parties who are authorized to have access to your personal information are required to comply with non-disclosure obligations.

Technical and organisational measures have been implemented that are designed to prevent from unauthorised or unlawful processing of personal information and against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal information.

9.Cookies, Tracking Technology, and online behavioral advertising

The UnionPay App may use cookies and tracking technologies to operate the App and to target advertising that may be of interest to you. For further information, please refer to UPI’s cookie policy.

10.Data retention

Your personal information will be stored for the period of time required or permitted by applicable law. This may involve retaining information following your transaction. We make efforts to delete your personal information once it is no longer required for any of the purposes described above.

In order to determine the amount of time we will store your personal information we take into consideration the role and function of the information, type of products and services, nature of the relationship between you and us, and statutory requirements of retention period made by applicable laws and regulations.

11.Links to other websites

You may find links to access the websites of other companies or app on UnionPay App. We recommend that you read the privacy policies of these other websites or app, as this Privacy Notice does not apply to the processing of your personal information by them and UPI is not responsible for the processing of your personal information on external websites.

12.do not track disclosure

The UPI Mobile App is not designed to respond to “Do Not Track” requests.

13.Changes in Privacy Notice

We may update this Privacy Notice from time to time – in particular in case of changes to our business or practices, changes of law, in response to guidance from competent authorities or as required by UPI’s internal policies. The updated Privacy Statement will be effective as of the published effective date. We may also share with you the updated Privacy Notice through the UnionPay App.

Effective date: May 6,2019

GRAMM-LEACH-BLILEY CONSUMER PRIVACY NOTICE
FOR UPI ACCOUNT-HOLDERS
WHAT DOES UNIONPAY INTERNATIONAL DO WITH YOUR PERSONAL INFORMATION?
● Why?

Financial companies like UnionPay International, Ltd. (“UPI”) can choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

● What?

The types of personal information we collect and share depend on the product or service you have with us. This information can include payment history or transaction history.

● How?

All financial companies need to share personal information to run their everyday business. In the section below, we list the reasons we share personal information; the reasons UPI chooses to share; and whether you can limit this sharing.

Reasons we can share your personal information

■ For our everyday business purposes — such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus

Does UPI share? Yes

Can you limit this sharing? No

■ For our marketing purposes— to offer our products and services to you

Does UPI share? Yes

Can you limit this sharing? No

■ For joint marketing with other financial companies

Does UPI share? Yes

Can you limit this sharing? No

■ For our affiliates’ everyday business purposes— information about your transactions and experiences

Does UPI share? Yes

Can you limit this sharing? No

■ For our affiliates’ everyday business purposes— information about your creditworthiness

Does UPI share? No

Can you limit this sharing? N/A

■ For our affiliates to market to you

Does UPI share? No

Can you limit this sharing? Yes

■ For nonaffiliates to market to you

Does UPI share? No

Can you limit this sharing? N/A

● To limit our sharing

Contact us by email at apphelp@unionpayintl.com or call the UnionPay official hotline at 866-567-5516.

Please note:

If you are a new customer, we can begin sharing your information from the date we sent this Notice. When you are no longer our customer, we continue to share your information as described in this notice.

However, you can contact us at any time to limit our sharing.

Please note:
● Questions

Contact us by email at apphelp@unionpayintl.com or call the UnionPay official hotline at 866-567-5516.

● Who is providing this notice?

This Privacy Notice is provided by UnionPay International Co. Ltd. (UPI) in connection with its provision of the mobile wallet and related services of the UnionPay App, and is applicable to your personal UPI account.

● How does UPI protect my personal information?

To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.

● How does UPI collect my personal information?

We collect your personal information, for example, when you

■ Open an account or provide account information

■ Link a credit or debit card to your UPI account or give us your contact information

■ Use your UPI account to make payments

● Why can’t I limit all sharing?

Federal law gives you the right to limit only

■ sharing for affiliates’ everyday business purposes—information about your creditworthiness

■ affiliates from using your information to market to you

■ sharing for nonaffiliates to market to you

State laws and individual companies may give you additional rights to limit sharing. See below for more information on your rights under state law.

● What happens when I limit sharing for an account I hold jointly with someone else?

Your choices will apply to everyone on your account.

● Definition

■ Affiliates : Companies related by common ownership or control. They can be financial and nonfinancial companies. Our affiliates include China UnionPay USA, LLC.

■ Nonaffiliates: Companies not related by common ownership or control. They can be financial and nonfinancial companies. Nonaffiliates with which we share personal information include service providers that perform services or functions on our behalf.

■ Joint marketing: A formal agreement between nonaffiliated financial companies that together market financial products or services to you. Our joint marketing partners may include financial companies.

● Other important information

We may transfer personal information to other countries, for example, for customer service or to process transactions.

California and Vermont Residents Only: We will not share your information except for our everyday business purposes, for marketing our products and services to you, or as required or permitted by law or with your consent.

Nevada Residents Only: This notice is provided to you pursuant to state law. To stop marketing calls from us follow the directions in the section "To limit our sharing" to be placed on the UPI do not call list. Nevada law requires that we also provide you with the following contact information: Nevada Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington Ave., Ste 3900, Las Vegas, NV 89101; telephone: 702-486-3132; email: aginfo@ag.nv.gov.

Cookie Policy

By using the UnionPay App, you consent to the use of cookies and tracking technologies, in particular for marketing purposes. To learn more, read this Cookie Policy.

1.What is a cookie?

A cookie is a small file of letters and numbers that is stored on your device (e.g. phone), and used by the UnionPay App to return information to UPI or other parties.

There are different types of cookies:

● Session cookies which disappear as soon as the user leaves the website or the App;

● Permanent cookies which remain on the user's device until they expire or until the user deletes the cookies.

2.What cookies are used on UPI's website?

The UnionPay App uses 3 types of cookies.

2.1Cookies necessary to use UnionPay App

These cookies are essential as they enable you to fully experience the possibilities offered by UnionPay App, such as accessing to your personal account.

By disabling the use of such cookies, you will no longer be able to use the basic features and functionalities resulting in a slower and less efficient user experience.

2.2Cookies necessary to improve UnionPay App

These cookies are used to collect anonymous information and enable UPI to understand how visitors use UnionPay APP and monitor any errors that users may be experiencing. These cookies are necessary to improve UnionPay APP and provide a better user experience.

2.3Targeting cookies

These cookies are used to enable UPI to manage and improve the effectiveness of the delivery of advertising campaigns and to refine the targeting of these campaigns so that UPI can display the most relevant content for each user.

3.How to manage the use of cookies on UnionPay App?

You can block cookies by activating the settings on your browser that enable you to refuse the all or some cookies. You can delete personal information collected via cookies or similar tracking technologies by the following steps.

● Choosing “My Account”;

● Selecting “More Settings”;

● Selecting “Delete Personal Data”;

● After the UnionPay App displays the notification asking if you want to delete your personal information, click “Confirm”;

● The data would be deleted and you will logged out of the account.