Dear Overseas Buyer User (hereinafter referred to as “you”),
Focus Technology Co., Ltd. (Made-in- China.com) (hereinafter referred to as “we”) will provide personal information of suppliers (hereinafter referred to as “personal information subjects”) from the territory of China to you, and with respect to the protection of such personal information, we, as the data transmitter, and you, as the data recipient, agree to the following terms of this agreement, which will serve as a “legal document” between us and you (hereinafter referred to as “this legal document”) and serve as the basis for the data exit security self- assessment and data exit security assessment.
Article 1 Purpose of Personal Information Exit
In order to be able to optimize your experience of visiting the Made-in-China.com and to facilitate your business transactions with the personal information subject, among other purposes, we provide personal information of the personal information subject to you from within China.
Article 2 Ways of Personal Information Exit
The way of data exit is, first, you can publicly view the name, gender, department, and position of the personal information subject without logging in. Second, the personal information of the personal information subject that you can see after logging in, before sending inquiries and generating orders and other business data, includes his or her cell phone number. Third, after you have logged in and sent inquiries, the e-mail address and IP address of the personal information subject will be provided to you by way of a page display after the personal information subject has replied to the inquiries.
Among them, the first two cases are personal information that is actively disclosed by the personal information subject, and the information of e-mail address and IP address in the third case will also be personal information that is transferred from within China to outside China after obtaining the consent of the personal information subject.
Article 3 Scope of outbound personal information
The outbound is the information of e-mail address and IP address of the personal information subject. The outbound data of Made-in- China.com are collected from the supplier client of Made-in-China.com, and the scope of outbound data does not include data of products or services other than Made-in-China.com, nor does it include internal staff data and management data of the company. The registered places of suppliers are mainly from Guangdong, Jiangsu, Zhejiang, Shandong, etc. The industries where the suppliers are located are mainly industrial manufacturing, health and hygiene, etc.
Article 4 Process of providing personal information outside of China
We will provide you with the information of e-mail address and IP address of the personal information subject as described below in accordance with the needs of our business:when you log in, send an inquiry, and receive a reply to the inquiry from the personal information subject, we will provide you with the information of e-mail address and IP address of the personal information subject after seeking the consent of the personal information subject. Before providing you with the information of e- mail address and IP address of the subject of personal information, we will display your basic information in the details of the supplier when the overseas buyer as the personal information subject browses the details, and display your name or personal name, contact information, purpose of processing, method of processing, type of personal information, and the manner and procedure for individuals to exercise their legal rights of the personal information subject in the screen of their response to your inquiry in the form of a page display, and the personal information subject must voluntarily click to confirm that he or she agrees to provide the information of e-mail address and IP address.
Article 5 Personal Information Protection Impact Assessment
In accordance with Article 55 of Personal Information Protection Law of the People’s Republic of China, a personal information protection impact assessment will be conducted prior to providing the information of e-mail address and IP address of the personal information subject outside of China. The personal information protection impact assessment report will be kept for at least 3 years.
Article 6 Processing Use by Offshore Recipients
The purpose for which you process data as an offshore recipient is to conduct business transactions.
Article 7 Handling by the overseas recipient
You as a foreign recipient can use the received personal information to send emails to personal information subject as the purposes of processing.
Article 8 Disclosure of Information of Offshore Recipients
Your basic information, including but not limited to name or personal name and contact information, will be confirmed with the personal information subject in the form of a page display before we provide the personal information to you in accordance with Article 39 of Personal Information Protection Law of the People’s Republic of China.
Article 9 Where to store personal information abroad
The information of the personal information subject is stored on our servers controlled by Germany and the United States, and we will not open any settings for you to download or export such information, and you can only check such information by browsing the page.
Article 10 Period of storage of personal information outside the country
The period of storage of personal information is the shortest time we need for the purpose of completing transactions and inquiring about historical transaction information. With comprehensive reference to Article 31 of the "Supervision and Administration of Internet Transactions in the People's Republic of China" and the "Personal Information Protection Law of the People's Republic of China", we will store the outbound personal information ofthe supplier for 3 years after the cancellation ofhis or her account.
Article 11 Outbound personal information handling measures
Our processing measures for outbound data after reaching the retention period, completing the agreed purpose or termination of legal documents is to delete the personal information of the personal information subject saved and we do not show the personal information to you.
Article 12 Re-transfer of outbound data
There are binding requirements for you to re-transfer outbound data to other organizations and individuals, and you promise not to provide personal information to third parties located outside the People's Republic of China unless you also meet the following requirements:
A. There is a genuine business need to provide personal information.
B. You have informed the personal information subject of the identity of the third party, contact information, the purpose of processing, the manner of processing, the type of personal information and the manner and procedure of exercising the rights of the personal information subject, and have obtained the separate consent of the personal information subject; if it is difficult to inform or obtain the separate consent of the personal information subject, you will promptly inform us and request us to assist you in informing the personal information subject or obtaining the individual consent of the personal information subject. The subject of the personal information has separately agreed.
Article 13 Outbound personal information security measures
In the event of a material change in the actual control or scope of business, or a change in the data security protection policies and regulations and network security environment of the country or region in which you are located, or other force majeure circumstances that make it difficult to safeguard data security, the security measures that we and you shall take are as follows.
13.1 Our technical security measures
After collecting information from the personal information subject, we will store his or her personal information in our own and hosted server rooms, and store it after encrypting it in accordance with the security control requirements. The data is then transmitted to foreign countries through database synchronization, and the HTTPS protocol is used during the data transmission to ensure the safety of the transmission channel.
In the process of data transmission from domestic to foreign countries, dedicated lines are used for transmission. The data is synchronized in both directions in real time through international dedicated lines from domestic and foreign server rooms. Because it is real-time synchronization at the database level, the flow is the same at all stages of the whole life cycle of data, and as long as the data at one point is updated, it will be synchronized to other points in real time.
Users of the platform can only access it through web pages (mobile clients only). Only the company's operation and maintenance colleagues can access the data stored in offshore data centers by remote means.
13.2 Our administrative security safeguards
We stipulate the data security obligations of us and the storage party in the contract with the computer room operator/owner (hereinafter referred to as the “storage party”), and have made reasonable efforts to ensure that we and the storage party can perform the corresponding obligations.
We have formulated the company’s internal "Personal Information Exit Management System" and implemented it accordingly. It includes the terms of authority control and scene control. You can only obtain the personal information of the personal information subject when you send the inquiry and the personal information subject responds.
13.3 Your technical security measures
The supplier's personal information is stored on the server we control abroad. We will not set up any settings for you to download and export the information with one click. You can only query the information by browsing the page. You should take security measures, such as regularly upgrading anti-virus software, using a secure browser, not sharing account passwords with others, etc., to ensure that the personal information you receive from suppliers is not leaked. If the information is leaked or may be leaked, we have the right to stop showing you the personal information of the personal information subject, blacklist you, stop providing services to you, etc.
13.4 Your administrative security safeguards
We and you shall provide the personal information subject with a copy of this agreement (legal document) upon request of the personal information subject, and the personal information subject may be provided the copy by contacting us according to the contact information disclosed to him.
Article 14 Right of informed consent of the personal information subject
In accordance with the provisions of Article 39 of the Personal Insurance Law, we, as a processor of personal information, fulfill the following obligations to the personal information subject.
To inform the personal information subject of your name or personal name, contact information, and personal information exit instructions before providing the e-mail address and IP address to you.
The basic information of the personal information processor (us) includes the following:
| personal information processor∶ | Focus Techno logy Co., Ltd. | Address∶ | No. 7 Lijing Road, Jiangbei New Area, Nanjing City, Jiangsu Province |
| Telephone number∶ | 400-671-7777 | E-mail address∶ | [email protected] |
Article 15 Third-party beneficiary rights of personal information subjects
We and you have agreed in this legal document that the personal information subject is the third-party beneficiary. If the personal information subject does not expressly refuse within 30 days, he or she may enjoy the rights of the third-party beneficiary in accordance with the contract.
Article 16 Other rights of personal information subjects
We have agreed with you in this legal document to ensure the method and procedure of the personal information subject exercises the right of access, the right of reproduction, the right of correction and supplementation, and the right to delete the personal information that has been out of the country. The personal information subject has the right to request us and you to explain and specify the personal information processing rules to ensure that data security and personal information rights can be fully and effectively guaranteed.
When the personal information subject requests to exercise the above rights with respect to the personal information that has already left the country, the personal information subject can request us to take appropriate measures to realize it, or make a request directly to you. If we are unable to realize it, we shall notify and ask you to assist in realizing it.
You shall, in accordance with our notice or the request of the personal information subject, fulfill the rights of the personal information subject in accordance with the relevant laws and regulations within a reasonable time limit. You should truthfully, accurately and completely inform the personal information subject of relevant information in a conspicuous manner and in clear and understandable language.
If the personal data subject makes excessive or unreasonable requests, especially repetitive requests, you may charge a reasonable fee, or refuse to act on their requests, after taking into account the implementation and operational costs of the request being granted.
If you intend to refuse the personal information subject's request, you should inform the personal information subject of the reasons for the refusal, as well as the ways for the personal information subject to lodge a complaint with the relevant supervisory authority and seek judicial relief.
Article 17 Remedies for personal information subjects
When outbound data is at risk of being tampered with, destroyed, leaked, lost, transferred, or illegally obtained or used, we and you should properly carry out emergency response to protect individuals' personal information interests.
We and you both agree that when we or you receive a complaint from a personal information subject, we shall respond in accordance with the "Personal Information Protection Law of the People's Republic of China".If the personal information subject has any dispute with us or you regarding the legal document compliance, the parties shall notify each other of the relevant situation and cooperate to resolve disputes in a timely manner.
If the dispute cannot be resolved amicably, the personal information subject may exercise the rights of the third-party beneficiary in accordance with the above provisions, and you accept the following claims of the personal information subject:
A. Lodge a complaint with a supervisory authority;
B. Determine the jurisdiction in accordance with the "Civil Procedure Law of the People's Republic of China" and file a lawsuit with the competent court.
You agree that the resolution of disputes over this legal document related to the personal information subject shall be based on the relevant laws and regulations of the People's Republic of China.
You agree that the rights protection choices made by the personal information subject will not detract from the substantive or procedural rights of the personal information subject to seek remedies under other laws and regulations.
Article 18 Remedies
If we find that you are in breach of contract, we can stop providing you with personal information in accordance with the above safeguard measures (we have the right to stop showing you the personal information of the personal information subject, or blacklist you, stop providing services to you, etc.).
Article 19 Liability for breach of contract
Both we and you shall be liable to the other for any damages caused to the other as a result of their violation of this legal document. Liability between the parties is limited to losses suffered by the non-defaulting party. Each party infringes upon the rights of the personal information subject as a third-party beneficiary by violating this legal document shall be liable to the personal information subject; the personal information subject shall be entitled to compensation. This does not affect the responsibilities of personal information processors under relevant laws and regulations.
Article 20 Settlement of Disputes
Where there is any dispute arising from the contract, or a party has compensated personal information subjects and recover from the other party, two parties shall resolve the issue through consultation. If the consultation fails, proceedings or lawsuits should be brought to the People's Court of the location of the Focus Tech. This agreement is bilingual. In case of any inconsistency between Chinese and English version, the Chinese version shall prevail.
Article 21 Term
This legal document shall come into force on the date of issuing.
After the purpose stipulated in this legal document is achieved or the validity of this legal document is terminated, this legal document is automatically invalid.
Date of issue of this legal document is October 28,2022.
尊敬的境外买家用户(以下称“您”),
焦点科技股份有限公司(业务名称:中国制造网) (以下称“我们”) 会将供应商(以下称“个人信息主体”) 的个人信息从中国境内提供到您, 就保护该个人信息, 我们作为数据传输方和作为数据接收方的您约定本协议以下条款, 这些条款将作为我们与您的“法律文件”(以下称“本法律文件“) ,作为数据出境安全自评估、数据出境安全评估的依据。
第一条 个人信息出境目的
为了能够优化您访问中国制造网的体验,促进您与个人信息主体达成商业交易等目的,我们将个人信息主体的个人信息从中国境内提供给您。
第二条 个人信息出境方式
数据出境的方式是,其一,您在未登录情况下可以公开查看个人信息主体的个人姓名、性别、工作单位、职务。其二,您登录后,未发送询盘、未产生订单等业务数据之前,可以看到的个人信息主体的个人信息包括其个人电话号码;其三,您登录后、发送询盘,在个人信息主体回复询盘后,将个人信息主体的电子邮件地址、IP地址通过页面展示的方式提供给您。
其中,前两种情形为个人信息主体主动公开的个人信息,第三种情形中的电子邮件地址、IP 地址信息也会在征得个人信息主体同意之后是从中国境内向境外传输的个人信息。
第三条 出境个人信息范围
出境的是个人信息主体的个人姓名、性别、工作单位、职务、个人电话号码、电子邮件地址、IP地址信息。中国制造网的出境数据均采集自中国制造网供应商客户端,出境数据范围不包含除中国制造网以外的其他产品或服务的数据,也不包含公司内部员工数据以及经营管理数据。供应商的注册地主要来自广东、江苏、浙江、山东等地,供应商所在行业主要为工业制造业、健康卫生等行业。
第四条 向境外提供个人信息的流程
我们将根据业务的需要,按照以下描述向您提供个人信息主体的电子邮件地址、IP地址信息:在您登录、发送询盘,并得到个人信息主体对询盘的回复时,我们将在征求个人信息主体的同意之后,向您提供个人信息主体的电子邮件地址、IP地址信息。在向您提供个人信息主体的电子邮件地址、IP地址信息之前,我们将在作为个人信息主体的供应商浏览境外买家详细信息时,展示您的基本信息,并在其回复您的询盘界面以页面展示的形式为个人信息主体展现您的名称或者姓名、联系方式、处理目的、处理方式、个人信息的种类以及个人向您行使法定权利的方式和程序等事项,并需要个人信息主体主动点击确认代表其同意提供电子邮件地址、IP地址信息。
第五条 个人信息保护影响评估
根据《中华人民共和国个人信息保护法》55 条的规定,在向境外提供个人信息主体的电子邮件地址、IP地址信息之前,进行个人信息保护影响评估。将保存个人信息保护影响评估报告至少3年。
第六条 境外接收方处理用途
您作为境外接收方处理数据的用途是进行商业交易。
第七条 境外接收方处理方式
您作为境外接收方可以利用接收到的个人信息向个人信息主体发送邮件实现处理目的。
第八条 境外接收方信息披露
根据《中华人民共和国个人信息保护法》39条的规定,您的基本信息包括但不限于名称或者姓名、联系方式,在我们提供给您前以页面展示的形式与个人信息主体确认。
第九条 境外个人信息存储地点
个人信息主体的信息在我们德国、美国控制的服务器上存储,我们不会为您开设下载、导出该信息的任何设置,您只能通过页面浏览的方式查询该信息。
第十条 境外个人信息存储期限
个人信息的保存期限为我们完成交易和查询历史交易信息的目的所需最短时间,综合参考《中华人民共和国网络交易监督管理办法》第三十一条和《中华人民共和国个人信息保护法》,我们将在供应商注销账户后保存3年其出境个人信息。
第十一条 境外个人信息处理措施
我们在达到保存期限、完成约定目的或者法律文件终止后出境数据的处理措施是,删除保存的个人信息主体的个人信息,且我们不向您展示该个人信息。
第十二条 境外数据再转移
对于您将出境数据再转移给其他组织、个人存在约束性要求,您承诺,不将个人信息提供给位于中华人民共和国境外的第三方,除非同时符合以下要求:
A.确有业务需要提供个人信息;
B.已告知个人信息主体该第三方身份、联系方式、处理目的、处理方式、个人信息种类以及行使个人信息主体权利的方式和程序等事项,并已取得个人信息主体单独同意;在难以告知或者难以取得个人信息主体单独同意时,及时告知我们,并请求我们协助您告知个人信息主体或者取得个人信息主体单独同意。
第十三条 出境个人信息安全保障措施
在实际控制权或者经营范围发生实质性变化,或者所在国家、地区数据安全保护政策法规和网络安全环境发生变化以及发生其他不可抗力情形导致难以保障数据安全时,我们和您应当采取的安全措施如下:
13.1 我们的技术性安全保障措施
我们在向个人信息主体收集信息之后会将其个人信息存储在自建和托管的机房,且按照安全管控要求对其进行加密后存储。再通过数据库同步方式传输至境外,数据传输过程中使用HTTPS协议,保障传输通道安全。
在数据从国内传输到国外的过程中,使用专线传输。国内外机房通过国际专线,实现数据实时双向同步。因为是数据库层面的实时同步,在数据整个生命周期各阶段流转是一样的,只要某一个点的数据发生更新,就会实时同步到其他点。
平台的用户只能通过网页和移动客户端访问。仅公司运维同事能通过远程方式访问存储在境外数据中心的数据。
13.2 我们的管理性安全保障措施
我们在与机房运营者/所有者(以下称“存储方”)的合同中规定了我们和存储方的相关数据安全义务,并已合理的努力确保我们和存储方能够履行相应义务。
我们制定了公司内部的《个人信息出境管理制度》,并相应落实。其中包括权限控制、场景控制的条款,仅在您发送询盘且个人信息主体回复后您才能获取个人信息主体的出境个人信息。
13.3 您的技术性安全保障措施
供应商的个人信息在我们在国外控制的服务器上存储,我们不会为您开设一键下载、导出该信息的任何设置,您只能通过页面浏览的方式查询该信息。您应采取安全措施,如定期升级杀毒软件、使用安全浏览器、不与他人共享账号密码等方式,确保您接收到的供应商个人信息不被泄露,若您不按照本协议约定造成个人信息主体的信息泄露或可能泄露,我们有权停止向您展示个人信息主体的个人信息,或将您拉入黑名单,停止向您提供服务等方式。
13.4 您的管理性安全保障措施
我方与您应根据个人信息主体的要求向个人信息主体提供本协议(法律文件)的副本,个人信息主体可以按我们披露给其的 联系方式联系我们提供该副本。
第十四条 个人信息主体的知情同意权
根据《中华人民共和国个人信息保护法》39条的规定,我们作为个人信息处理者向个人信息主体履行以下义务:
在把电子邮件地址、IP 地址向您提供之前,向个人信息主体告知您的名称或姓名、联系方式,以及个人信息出境说明。
个人信息处理者(我们)基本信息包括以下内容:
| 个人信息处理者: | 焦点科技股份有限公司 | 地址: | 江苏省南京市江北 新区丽景路 7 号 |
| 电话: | 400-671-7777 | 邮箱: | [email protected] |
第十五条 个人信息主体的第三方受益权
我方与您在本法律文件中约定将个人信息主体作为第三方受益人,如果个人信息主体未在三十天内明确拒绝,则可以依据该合同享有第三方受益人的权利。
第十六条 个人信息主体的其他权利
我们与您本法律文件中约定,确保个人信息主体对已经出境的个人信息行使查阅权、复制权、更正与补充的权利、删除权的方式和程序等,个人信息主体有权要求我方以及您对个人信息处理规则进行解释与说明,确保数据安全和个人信息权益能够得到充分有效保障。
当个人信息主体要求对已经出境的个人信息行使上述权利时,个人信息主体可以请求我方采取适当措施实现,或直接向您提出请求。我方无法实现的,应当通知并要求您协助实现。
您应当按照我方的通知,或根据个人信息主体的请求,在合理时限内实现个人信息主体依照相关法律法规行使的权利。您应当以显著方式、清晰易懂的语言真实、准确、完整地告知个人信息主体相关信息。
如个人信息主体提出过多或不合理要求,尤其是具有重复性的要求,您可在考虑到要求获准的执行和操作成本后,可以收取合理的费用,或拒绝按其要求行事。
如您拟拒绝个人信息主体的请求,应告知个人信息主体其拒绝的原因,以及个人信息主体向相关监管机构提出投诉、寻求司法救济的途径。
第十七条 个人信息主体的救济
当出境数据遭到篡改、破坏、泄露、丢失、转移或者被非法获取、非法利用等风险时,我们和您应妥善开展应急处置,保障个人维护其个人信息权益。
我们与您均同意,当我们或您接收到个人信息主体的投诉联系时,应根据《中华人民共和国个人信息保护法》应对,如个人信息主体与我方或者您其中一方在遵守法律文件发生争议,应互相通知对方有关情况,并合作以及时解决争议。
如争议未能友好解决,个人信息主体可根据上述规定行使第三方受益人的权利,您接受个人信息主体的下列维权主张:
A.向监管机构提出投诉;
B.根据《中华人民共和国民事诉讼法》的规定确定管辖,并向管辖法院提起诉讼。
您同意和个人信息主体有关的、就本法律文件争议的解决依据为中华人民共和国相关法律法规。
您同意个人信息主体所作的维权选择不会减损个人信息主体根据其他法律法规寻求救济的实体性或程序性权利。
第十八条 补救措施
如果我们发现您有违约行为,我们可以按照上述保障性措施(我们有权停止向您展示个人信息主体的个人信息,或将您拉入黑名单,停止向您提供服务等方式)向您停止提供个人信息。
第十九条 违约责任
我们与您双方应就其因违反本法律文件而给对方造成的任何损害向另一方承担责任。双方之间的责任限于非违约方所遭受的损失。每一方因违反本法律文件而侵害个人信息主体作为第三方受益人而享有的权利,应当对个人信息主体承担责任;个人信息主体有权获得赔偿。这不影响个人信息处理者在相关法律法规项下应承担的责任。
第二十条 争议解决
我们作为个人信息处理者和您作为境外接收方对于双方因合同产生的纠纷以及任何一方因先行赔偿个人信息主体损害赔偿责任而向另一方的追偿,应由双方协商解决;协商解决不成的,应提交焦点科技所在地方法院诉讼解决。本协议为双语协议,中英文不一致的,以中文为准。
第二十一条 有效期
本法律文件自发布之日起生效,本法律文件约定目的实现后或本法律文件效力终止后,本法律文件自动失效。
本法律文件发布日期为2022年10月28日。