Toppan (Shanghai) Management Co., Ltd. (hereinafter “the Company” or “we”) obtains and uses the personal information of customers in order to improve the value of the customer experience and contribute to the sustainable growth of society through business activities that include the provision of various services and products. In doing so, the Company recognizes the importance of personal information and has established this privacy policy to ensure comprehensive protection of such information by clarifying a basic philosophy and setting out guidelines for our actions.
1. Declaration
We acknowledge that proper handling and protection of personal information is an important responsibility of the Company, fully recognize the importance of personal information, and will make every effort to protect personal information so that it is secure and reliable.
2. Scope of Application
This privacy policy is applicable when personal information is provided to the Company and when customers use our services.
3. Purpose of Collection and Use of Personal Information
We use customers’ personal information for the scope necessary to achieve the purpose of use and will not be used for any other purpose without the consent of customers.
4. Third-party Processing, Transfer, and Public Disclosure of Personal Information
If we entrust the processing of personal information to a third party, we will take specific measures to ensure that it is handled by fair and legal means in consideration of the Company’s business and scale.
(1) Third-party processing
We conclude stringent non-disclosure agreements with companies, organizations, and individuals (collectively referred to as "third parties”) to which we entrust the handling of personal information and require them to handle personal information in accordance with our requirements, privacy policy, and any and all other related confidentiality and security measures.
(2) Transfer
We will not transfer customers’ personal information to third parties except in the following cases.
1) Transfer based on explicit consent. We may transfer customers’ personal information to a third party after obtaining the explicit consent of the relevant customers.
2) When transfer of personal information is related to mergers, acquisitions, or liquidation due to bankruptcy, the company or organization that will from that point onwards retain customers’ personal information will be required to undertake the obligations of this privacy policy, and if they do not do so, we will request such company or organization to obtain new authorization and consent from customers.
(3) Public disclosure
We will not publicly disclose customers’ personal information to third parties except in the following cases.
1) When explicit consent has been obtained.
2) Disclosure based on law: We may publicly disclose personal information if we are compelled to do so by law, legal procedures, legal proceedings, or a relevant branch of government.
(4) Other exceptions
In the following circumstances, we may share, transfer, or disclose personal information without prior authorization or consent from customers.
1) When related to obligations stipulated by laws or regulations that the Company must comply with.
2) When directly related to national security or national defense.
3) When directly related to public security, public health, or important public interests.
4) When directly related to the execution of criminal investigations, prosecutions, trials, or court rulings.
5) When the purpose of sharing, transfer, or disclosure is to protect the lives, property, or other material and legitimate interests of customers or other individuals and it is difficult to obtain authorization and consent from customers.
6) When the personal information has been publicly disclosed by the customer or customers themselves.
7) When the personal information has been obtained from information that has been lawfully and publicly disclosed by legitimate news reporting, government disclosure channels, or other legal means.
5. Cross-border Provision of Personal Information
As a general rule, we gather information within the People’s Republic of China, and the personal information obtained is stored within the People’s Republic of China.
However, if it is absolutely necessary to provide personal information to entities in a foreign country due to business or other needs, we will take measures based on the laws and regulations of the People’s Republic of China and ask for individual consent to transmit personal information across national borders.
6. Personal Information Protection and Information Security
We protect personal information as follows:
1) We employ safeguarding measures compliant with industry standards to protect personal information provided to us and to prevent fraudulent access, disclosure, use, loss, damage, manipulation, or leakage of data. We have obtained ISO 27001 certification.
2) We encrypt data using SSL for transmission and use encryption technologies, de-identification, anonymization, and other appropriate means to protect personal information, including prevention of theft.
3) We have established an internet information security department and a data management system and employ a stringent data usage and access system to ensure that access to customers’ personal information is limited only to employees within the Company who have the proper authorization.
4) We take all reasonable and practicable measures to firmly ensure that we do not collect any unrelated personal information. We only store personal information for the period of time required to achieve the purpose as stated in this policy. However, this excludes cases in which the storage period needs to be extended or in which we are permitted by law. After the expiry of the storage period stipulated by law, the Company erases or anonymizes customers’ personal information.
7. Responsibility to Protect Personal Information
There are no internet network environments that are 100% secure. We make our best efforts to secure and ensure the safety of any and all information provided by customers. We will bear commensurate legal responsibility if the legitimate interests of customers are damaged as a consequence of the Company’s physical, technological, or managed protective facilities being damaged and information being accessed, publicly disclosed, manipulated, or damaged without authorization.
8. Recovery Measures in the Event of a Personal Information Leak
If an incident related to the security of personal information does occur, we will inform the relevant customer or customers of the following without delay in accordance with legal requirements. This will include the basic circumstances of the security-related incident and its potential impacts, measures that the Company has already taken or is attempting to implement, recommendations for action customers can take to guard against and lower risk themselves, and remedy for customers. We will inform customers of circumstances related to the incident without delay via methods including email, letter, and telephone. If it is difficult to inform each individual subject of the personal information, the Company will employ reasonable and effective methods to issue public notices.
At the same time, the Company will also voluntarily report the status of the handling of the personal information security incident to a high-level authority in accordance with the instructions of the relevant supervisory body.
9. Customers’ Rights
Based on the relevant laws, regulations, and standards of the People’s Republic of China and on other national and regional practices, the Company guarantees that customers can exercise the following rights with respect to their own personal information.
(1) Right to access and update personal information and to obtain a duplicate thereof
Customers have the right to access, update, or obtain a duplicate of personal information that is related to them. However, this excludes exceptional circumstances stipulated by laws or regulations.
If customers wish to access, update, or obtain a duplicate of their personal information, they can contact the Company in accordance with article 12 of this policy. The Company will respond within 30 days.
(2) Response to aforementioned request
To ensure the safety of customers’ personal information, we may request verification of the identity of customers before processing their requests. In such cases, we may require proof of identity of customers via the submission of written documents or by other means.
In principle, we will not charge any fees for responding to reasonable requests from customers. However, in the case of repeated requests or requests that exceed the scope of what is considered reasonable, we may charge certain fees to cover costs in accordance with circumstances. In addition, the Company may deny repeated requests that are not supported by a legitimate reason, requests that require excessive technical measures (for example, technical measures that require new system development or drastic changes of existing practices), requests that present a risk to the legitimate interests of other parties, or requests that are unrealistic in the extreme.
In the following circumstances, the Company cannot respond to the requests of customers.
1) When related to obligations stipulated by laws or regulations that the Company must comply with.
2) When directly related to national security or national defense.
3) When directly related to public security, public health, or important public interests.
4) When directly related to the execution of criminal investigations, prosecutions, trials, or court rulings.
5) When the Company has evidence that makes it possible to sufficiently state that a customer has subjective malice or is abusing their rights.
6) When the purpose of not responding to a request is to protect the lives, property, or other material and legitimate interests of customers or other individuals and it is difficult to obtain authorization and consent from customers.
7) When responding to the customer’s request will significantly damage the legitimate interests of the customer or another individual or organization.
8) When trade secrets are involved.
10. Revision of the Privacy Policy
The Company’s privacy policy may be changed.
Except when there are separate stipulations in related laws or standards, the Company will not diminish the rights that customers should be entitled to in accordance with this privacy policy. All changes made to this privacy policy will be announced on this web page.
In the case of major revisions, we will provide explicit and obvious notice. This includes sending notification via email to provide explanation of specific changes to the privacy policy.
“Major revisions” to this policy include, but are not limited to, the following.
1) Major changes to the Company’s service model. For example, purpose of handling personal information, types of personal information handled, and method of use of personal information.
2) Major changes to the structure of ownership or organizations, etc., at the Company. For example, changes in ownership, etc., associated with dissolution of a business, bankruptcy, or mergers and acquisitions.
3) Changes to the principal parties with which personal information is shared or to which it is transferred or publicly disclosed.
4) Major changes pertaining to customers’ rights and the method for exercising such rights in relation to participation in the handling of personal information.
5) Changes to the department of the Company responsible for personal information security, the method for contacting the company, or the channel for filing grievances.
6) When a high risk issue has been identified in a personal information security impact assessment report.
11. Settlement of Disputes
If a dispute arises between a customer or customers and the Company due to the implementation of this privacy policy, it will be resolved in good faith by discussion between the customer or customers and the Company. However, if such discussions fail to resolve the dispute, both the customer or customers and the Company have the right to launch legal action at a people’s court with jurisdiction over the Company's location.
12. Contact
Please contact us via the following method if you have any questions, feedback, or suggestions regarding this privacy policy.
沪公网安备 31010702007625号