Dear Overseas Buyer User (hereinafter referred to as “you”),
Focus Technology Co., Ltd. (Made-in- China.com) (hereinafter referred to as “we”) will provide personal information of suppliers (hereinafter referred to as “personal information subjects”) from the territory of China to you, and with respect to the protection of such personal information, we, as the data transmitter, and you, as the data recipient, agree to the following terms of this agreement, which will serve as a “legal document” between us and you (hereinafter referred to as “this legal document”) and serve as the basis for the data exit security self- assessment and data exit security assessment.
Article 1 Purpose of Personal Information Exit
In order to be able to optimize your experience of visiting the Made-in-China.com and to facilitate your business transactions with the personal information subject, among other purposes, we provide personal information of the personal information subject to you from within China.
Article 2 Ways of Personal Information Exit
The way of data exit is, first, you can publicly view the name, gender, department, and position of the personal information subject without logging in. Second, the personal information of the personal information subject that you can see after logging in, before sending inquiries and generating orders and other business data, includes his or her cell phone number. Third, after you have logged in and sent inquiries, the e-mail address and IP address of the personal information subject will be provided to you by way of a page display after the personal information subject has replied to the inquiries.
Among them, the first two cases are personal information that is actively disclosed by the personal information subject, and the information of e-mail address and IP address in the third case will also be personal information that is transferred from within China to outside China after obtaining the consent of the personal information subject.
Article 3 Scope of outbound personal information
The outbound is the information of e-mail address and IP address of the personal information subject. The outbound data of Made-in- China.com are collected from the supplier client of Made-in-China.com, and the scope of outbound data does not include data of products or services other than Made-in-China.com, nor does it include internal staff data and management data of the company. The registered places of suppliers are mainly from Guangdong, Jiangsu, Zhejiang, Shandong, etc. The industries where the suppliers are located are mainly industrial manufacturing, health and hygiene, etc.
Article 4 Process of providing personal information outside of China
We will provide you with the information of e-mail address and IP address of the personal information subject as described below in accordance with the needs of our business:when you log in, send an inquiry, and receive a reply to the inquiry from the personal information subject, we will provide you with the information of e-mail address and IP address of the personal information subject after seeking the consent of the personal information subject. Before providing you with the information of e- mail address and IP address of the subject of personal information, we will display your basic information in the details of the supplier when the overseas buyer as the personal information subject browses the details, and display your name or personal name, contact information, purpose of processing, method of processing, type of personal information, and the manner and procedure for individuals to exercise their legal rights of the personal information subject in the screen of their response to your inquiry in the form of a page display, and the personal information subject must voluntarily click to confirm that he or she agrees to provide the information of e-mail address and IP address.
Article 5 Personal Information Protection Impact Assessment
In accordance with Article 55 of Personal Information Protection Law of the People’s Republic of China, a personal information protection impact assessment will be conducted prior to providing the information of e-mail address and IP address of the personal information subject outside of China. The personal information protection impact assessment report will be kept for at least 3 years.
Article 6 Processing Use by Offshore Recipients
The purpose for which you process data as an offshore recipient is to conduct business transactions.
Article 7 Handling by the overseas recipient
You as a foreign recipient can use the received personal information to send emails to personal information subject as the purposes of processing.
Article 8 Disclosure of Information of Offshore Recipients
Your basic information, including but not limited to name or personal name and contact information, will be confirmed with the personal information subject in the form of a page display before we provide the personal information to you in accordance with Article 39 of Personal Information Protection Law of the People’s Republic of China.
Article 9 Where to store personal information abroad
The information of the personal information subject is stored on our servers controlled by Germany and the United States, and we will not open any settings for you to download or export such information, and you can only check such information by browsing the page.
Article 10 Period of storage of personal information outside the country
The period of storage of personal information is the shortest time we need for the purpose of completing transactions and inquiring about historical transaction information. With comprehensive reference to Article 31 of the "Supervision and Administration of Internet Transactions in the People's Republic of China" and the "Personal Information Protection Law of the People's Republic of China", we will store the outbound personal information ofthe supplier for 3 years after the cancellation ofhis or her account.
Article 11 Outbound personal information handling measures
Our processing measures for outbound data after reaching the retention period, completing the agreed purpose or termination of legal documents is to delete the personal information of the personal information subject saved and we do not show the personal information to you.
Article 12 Re-transfer of outbound data
There are binding requirements for you to re-transfer outbound data to other organizations and individuals, and you promise not to provide personal information to third parties located outside the People's Republic of China unless you also meet the following requirements:
A. There is a genuine business need to provide personal information.
B. You have informed the personal information subject of the identity of the third party, contact information, the purpose of processing, the manner of processing, the type of personal information and the manner and procedure of exercising the rights of the personal information subject, and have obtained the separate consent of the personal information subject; if it is difficult to inform or obtain the separate consent of the personal information subject, you will promptly inform us and request us to assist you in informing the personal information subject or obtaining the individual consent of the personal information subject. The subject of the personal information has separately agreed.
Article 13 Outbound personal information security measures
In the event of a material change in the actual control or scope of business, or a change in the data security protection policies and regulations and network security environment of the country or region in which you are located, or other force majeure circumstances that make it difficult to safeguard data security, the security measures that we and you shall take are as follows.
13.1 Our technical security measures
After collecting information from the personal information subject, we will store his or her personal information in our own and hosted server rooms, and store it after encrypting it in accordance with the security control requirements. The data is then transmitted to foreign countries through database synchronization, and the HTTPS protocol is used during the data transmission to ensure the safety of the transmission channel.
In the process of data transmission from domestic to foreign countries, dedicated lines are used for transmission. The data is synchronized in both directions in real time through international dedicated lines from domestic and foreign server rooms. Because it is real-time synchronization at the database level, the flow is the same at all stages of the whole life cycle of data, and as long as the data at one point is updated, it will be synchronized to other points in real time.
Users of the platform can only access it through web pages (mobile clients only). Only the company's operation and maintenance colleagues can access the data stored in offshore data centers by remote means.
13.2 Our administrative security safeguards
We stipulate the data security obligations of us and the storage party in the contract with the computer room operator/owner (hereinafter referred to as the “storage party”), and have made reasonable efforts to ensure that we and the storage party can perform the corresponding obligations.
We have formulated the company’s internal "Personal Information Exit Management System" and implemented it accordingly. It includes the terms of authority control and scene control. You can only obtain the personal information of the personal information subject when you send the inquiry and the personal information subject responds.
13.3 Your technical security measures
The supplier's personal information is stored on the server we control abroad. We will not set up any settings for you to download and export the information with one click. You can only query the information by browsing the page. You should take security measures, such as regularly upgrading anti-virus software, using a secure browser, not sharing account passwords with others, etc., to ensure that the personal information you receive from suppliers is not leaked. If the information is leaked or may be leaked, we have the right to stop showing you the personal information of the personal information subject, blacklist you, stop providing services to you, etc.
13.4 Your administrative security safeguards
We and you shall provide the personal information subject with a copy of this agreement (legal document) upon request of the personal information subject, and the personal information subject may be provided the copy by contacting us according to the contact information disclosed to him.
Article 14 Right of informed consent of the personal information subject
In accordance with the provisions of Article 39 of the Personal Insurance Law, we, as a processor of personal information, fulfill the following obligations to the personal information subject.
To inform the personal information subject of your name or personal name, contact information, and personal information exit instructions before providing the e-mail address and IP address to you.
The basic information of the personal information processor (us) includes the following：
|personal information processor∶||Focus Techno logy Co., Ltd.||Address∶||No. 7 Lijing Road, Jiangbei New District, Nanjing City, Jiangsu Province|
|Telephone number∶||400-671-7777||E-mail address∶||[email protected]|
Article 15 Third-party beneficiary rights of personal information subjects
We and you have agreed in this legal document that the personal information subject is the third-party beneficiary. If the personal information subject does not expressly refuse within 30 days, he or she may enjoy the rights of the third-party beneficiary in accordance with the contract.
Article 16 Other rights of personal information subjects
We have agreed with you in this legal document to ensure the method and procedure of the personal information subject exercises the right of access, the right of reproduction, the right of correction and supplementation, and the right to delete the personal information that has been out of the country. The personal information subject has the right to request us and you to explain and specify the personal information processing rules to ensure that data security and personal information rights can be fully and effectively guaranteed.
When the personal information subject requests to exercise the above rights with respect to the personal information that has already left the country, the personal information subject can request us to take appropriate measures to realize it, or make a request directly to you. If we are unable to realize it, we shall notify and ask you to assist in realizing it.
You shall, in accordance with our notice or the request of the personal information subject, fulfill the rights of the personal information subject in accordance with the relevant laws and regulations within a reasonable time limit. You should truthfully, accurately and completely inform the personal information subject of relevant information in a conspicuous manner and in clear and understandable language.
If the personal data subject makes excessive or unreasonable requests, especially repetitive requests, you may charge a reasonable fee, or refuse to act on their requests, after taking into account the implementation and operational costs of the request being granted.
If you intend to refuse the personal information subject's request, you should inform the personal information subject of the reasons for the refusal, as well as the ways for the personal information subject to lodge a complaint with the relevant supervisory authority and seek judicial relief.
Article 17 Remedies for personal information subjects
When outbound data is at risk of being tampered with, destroyed, leaked, lost, transferred, or illegally obtained or used, we and you should properly carry out emergency response to protect individuals' personal information interests.
We and you both agree that when we or you receive a complaint from a personal information subject, we shall respond in accordance with the "Personal Information Protection Law of the People's Republic of China".If the personal information subject has any dispute with us or you regarding the legal document compliance, the parties shall notify each other of the relevant situation and cooperate to resolve disputes in a timely manner.
If the dispute cannot be resolved amicably, the personal information subject may exercise the rights of the third-party beneficiary in accordance with the above provisions, and you accept the following claims of the personal information subject:
A. Lodge a complaint with a supervisory authority;
B. Determine the jurisdiction in accordance with the "Civil Procedure Law of the People's Republic of China" and file a lawsuit with the competent court.
You agree that the resolution of disputes over this legal document related to the personal information subject shall be based on the relevant laws and regulations of the People's Republic of China.
You agree that the rights protection choices made by the personal information subject will not detract from the substantive or procedural rights of the personal information subject to seek remedies under other laws and regulations.
Article 18 Remedies
If we find that you are in breach of contract, we can stop providing you with personal information in accordance with the above safeguard measures (we have the right to stop showing you the personal information of the personal information subject, or blacklist you, stop providing services to you, etc.).
Article 19 Liability for breach of contract
Both we and you shall be liable to the other for any damages caused to the other as a result of their violation of this legal document. Liability between the parties is limited to losses suffered by the non-defaulting party. Each party infringes upon the rights of the personal information subject as a third-party beneficiary by violating this legal document shall be liable to the personal information subject; the personal information subject shall be entitled to compensation. This does not affect the responsibilities of personal information processors under relevant laws and regulations.
Article 20 Settlement of Disputes
Where there is any dispute arising from the contract, or a party has compensated personal information subjects and recover from the other party, two parties shall resolve the issue through consultation. If the consultation fails, proceedings or lawsuits should be brought to the People's Court of the location of the Focus Tech. This agreement is bilingual. In case of any inconsistency between Chinese and English version, the Chinese version shall prevail.
Article 21 Term
This legal document shall come into force on the date of issuing.
After the purpose stipulated in this legal document is achieved or the validity of this legal document is terminated, this legal document is automatically invalid.
Date of issue of this legal document is October 28,2022.
焦点科技股份有限公司（业务名称：中国制造网） （以下称“我们”） 会将供应商（以下称“个人信息主体”） 的个人信息从中国境内提供到您， 就保护该个人信息， 我们作为数据传输方和作为数据接收方的您约定本协议以下条款， 这些条款将作为我们与您的“法律文件”（以下称“本法律文件“） ，作为数据出境安全自评估、数据出境安全评估的依据。
|个人信息处理者：||焦点科技股份有限公司||地址：||江苏省南京市江北 新区丽景路 7 号|