This policy applies to Foot Drop Rehab APP software, Hand Rehab APP software, iEase APP software, and other operating entities serviced by the client and the operating affiliates that may exist in the client service. Specifically, Shenzhen XFT Medical Limited (hereinafter referred to as "we"). Users who use the aforementioned APP software services and client services provided by us are referred to as "users" or "you" in this policy. We are fully aware of the importance of personal information to you and will do our best to protect your personal information.
1. How we collect and use your personal information and call permission statement
Personal information refers to various information recorded electronically or in other ways that can identify a specific natural person alone or in combination with other information or reflect the activities of a specific natural person. We will only collect and use your personal information for the following purposes described in these terms:
1.1. To provide you with software use services
Register as a user
To complete the account registration, you need to provide the following information: your mobile phone number, email, WeChat, or QQ authorization information.
The above information will continue to authorize us to use it during your use of this service. You can also use some of our secondary services without registering, but our main services require you to register to enjoy them.
The above information will be stored in the territory of the People's Republic of China. If cross-border transmission is required, we will obtain your authorization separately.
1.2. Permission to obtain device identification code
Usage scenario: The device identification code is used as the identification of APP push notifications. Both the third-party push service we use and we require your authorization to obtain the identification code. After the device identification code is obtained, it will be uploaded to the server for storage, and the third-party push will also be obtained and save the device identification code, through the device identification code saved by the two parties, the push message sent by the server is sent to the designated user client through the third party.
1.3. Read and write permissions for local data
Usage scenario: In order to prevent the user from logging in again every time the app is opened, the user's login information and login status will be written to the local data. The login information of the local data will be read when the app is opened next time, and the user will automatically log in when the user is on the account management page Relevant data will be deleted after logging out or uninstalling the APP.
When the user sets and changes the avatar, the relevant image file will be written into the local data, and the image file will be read when the user avatar is displayed. The above data and files will also be uploaded to the server for storage.
1.4. Permission to take photos and obtain album information
Usage scenario: When publishing posts, commenting posts, commenting articles, and giving feedback, you can publish pictures. After the user agrees to use the relevant permissions, you can choose from the album or take photos, upload the obtained picture files to the server, and the server saves the relevant files and the information is displayed in the APP. If the user does not choose to publish the picture, the APP will not call the operation of the relevant authority.
When users set and change their avatars, they need to take photos or read album permissions to obtain picture files. Then upload to the server and save to the local data for cache use.
1.5. Access to call status
Usage scenario: On the training page, in order to prevent the app from entering the background and causing the training to be abnormally interrupted and restarted when the call is connected, we need to obtain the call status of your mobile phone. When the user has a call, the app will pause the training process and wait for the call to hang up After the break, resume the training process.
1.6. Internal data analysis and research
Your use records in this APP, the personal information you actively upload, and the information obtained by you with your consent, we will use it for internal data summary statistics and analysis.
1.7. Third-party SDK statistical services
The third-party SDK statistics service we use will collect SDK/API code versions, Internet service providers, IP addresses, platforms, timestamps, application identifiers, application versions, application distribution channels, independent device identifiers, and iOS advertising identifiers. IDFA, Android advertiser identifier, network card (MAC) address, International Mobile Equipment Identity (IMEI), device model, terminal manufacturer, terminal device operating system version, session start/stop time, language location, time zone and Network status (WiFi, etc.), hard disk, CPU and battery usage information.
By agreeing to these terms, you agree to the third-party statistical services we use to obtain and use your relevant information.
1.8. Actively submit uploaded information
When we want to use information for other purposes not specified in this clause, we will seek your consent in advance.
When we want to use the information collected for a specific purpose for other purposes, we will seek your consent in advance.
2. How do we share, transfer, and publicly disclose your personal information
We will not share your personal information with any other companies, organizations or individuals, except in the following cases:
Sharing with Express Consent: With your express consent, we will share your personal information with other parties.
We may share your personal information in accordance with laws and regulations or mandatory requirements of government authorities.
In this case, these companies must comply with our data privacy and security requirements. We will only share your personal information for legal, legitimate, necessary, specific, and clear purposes, and will only share personal information necessary to provide services.
We will not transfer your personal information to any company, organization or individual, except in the following cases:
Transfer with explicit consent: After obtaining your explicit consent, we will transfer your personal information to other parties;
When it comes to mergers, acquisitions or bankruptcy liquidation, if it involves the transfer of personal information, we will require the new company or organization that holds your personal information to continue to be bound by this privacy clause, otherwise we will require the company or organization to re-submit to You seek authorization and consent.
2.3. Public disclosure
We will only publicly disclose your personal information under the following circumstances:
After obtaining your explicit consent;
Disclosure based on law: We may publicly disclose your personal information in the case of laws, legal procedures, litigation or mandatory requirements of government authorities.
2.4. We reserve the right to choose to use and disclose anonymous information to third parties, including the right to use for internal business analysis and to provide aggregated statistical data to our various partners.
3. How do we protect your personal information
3.1. We have used security measures that comply with industry standards to protect the personal information you provide to prevent unauthorized access, public disclosure, use, modification, damage or loss of data.
We will take all reasonable and feasible measures to protect your personal information. For example, the data exchange between your mobile phone and the server is protected by SSL encryption; We also provide https secure browsing for our services; We will use encryption technology to ensure the confidentiality of data; We will use trusted protection mechanisms to prevent malicious attacks on data; We will deploy an access control mechanism to ensure that only authorized personnel can access personal information; And we will hold security and privacy protection training courses to strengthen employees' awareness of the importance of protecting personal information.
3.2. We will take all reasonable and feasible measures to ensure that irrelevant personal information is not collected.
We will only retain your personal information for the period required to achieve the purpose stated in the clause, unless the retention period needs to be extended or is permitted by law.
3.3. The Internet is not an absolutely secure environment. We will try our best to ensure or guarantee the security of any information you send to us.
Emails, instant messaging, and communication with other our users are not encrypted. We strongly recommend that you do not send personal information through such methods. Please use a complex password to help us ensure the security of your account.
If our physical, technical, or management protection facilities are damaged, resulting in unauthorized access, public disclosure, tampering, or destruction of information, resulting in damage to your legal rights, we will bear the corresponding legal responsibility.
In the unfortunate event of a personal information security incident, we will promptly inform you in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, and what you can independently prevent and reduce risks Suggestions, remedies for you, etc.
We will promptly inform you about the incident by email, letter, telephone, push notification, etc. If it is difficult to inform the subject of personal information one by one, we will take a reasonable and effective way to issue an announcement. At the same time, we will also proactively report the handling of personal information security incidents in accordance with the requirements of the regulatory authorities.
4. Your rights
In accordance with relevant Chinese laws, regulations and standards, as well as common practices in other countries and regions, we guarantee that you exercise the following rights with respect to your personal information:
4.1. Access to your personal information
You have the right to access your personal information, except for exceptions provided by laws and regulations. If you want to exercise the right of data access, you can access it yourself through the following methods:
Account information-if you want to access or edit the personal information and payment information in your account, change your password, add security information, or close your account, you can do so through the relevant settings page in the APP or contact us such operations.
As long as we don’t need to invest too much, we will provide you with other personal information generated during your use of our products or services.
4.2. Correct your personal information
When you find that the personal information we process about you is wrong, you have the right to ask us to make corrections. You can perform such operations in the manner listed in "4.1 Access to Your Personal Information".
4.3. Delete your personal information
In the following situations, you can request us to delete personal information:
If our handling of personal information violates laws and regulations;
If we collect and use your personal information without obtaining your consent;
If our handling of personal information violates our agreement with you;
If you no longer use our products or services, or you cancel your account;
If we no longer provide you with products or services;
If we decide to respond to your deletion request, we will also notify the entities that have obtained your personal information from us and require them to delete them in a timely manner, unless laws and regulations provide otherwise, or these entities obtain your independent authorization.
After you delete information from our service, we may not delete the corresponding information from the backup system immediately, but we will delete the information when the backup is updated.
4.4. Change the scope of your authorization
Each business function requires some basic personal information to be completed (see "Part 1" of this clause). For the collection and use of additional personal information, we will no longer process the corresponding personal information after you withdraw your consent. However, your decision to withdraw your consent will not affect the previous processing of personal information based on your authorization.
4.5. The personal information subject cancels the account
You can cancel the previously registered account at any time. Contact us to perform such operations. After you cancel your account, we will stop providing products or services to you, and delete your personal information at your request, unless otherwise provided by laws and regulations.
4.6. The subject of personal information obtains a copy of personal information
You have the right to obtain a copy of your personal information.
Under the premise of technically feasible, such as data interface matching, we can also directly transfer a copy of your personal information to a third party designated by you according to your requirements.
4.7. Constraint information system automatic decision
In some business functions, we may only make decisions based on non-manual automatic decision-making mechanisms including information systems and algorithms. If these decisions significantly affect your legal rights, you have the right to ask us for an explanation, and we will also provide appropriate remedies
4.8. Responding to your above request
You can submit the above request through the contact information at the end of the article, and we will reply within 30 days. To ensure safety, you may need to provide a written request or prove your identity in other ways. We may ask you to verify your identity before processing your request
For your reasonable request, we do not charge fees in principle, but for repeated requests that exceed reasonable limits, we will charge a certain cost as appropriate.
For those that are unreasonably repeated, require too many technical means (for example, the need to develop new systems or fundamentally change existing practices), bring risks to the legitimate rights and interests of others, or are very impractical (for example, involving information stored on backup tapes) Request, we may refuse.
In the following situations, we will not be able to respond to your request in accordance with laws and regulations:
Related to national security and national defense security;
Related to public safety, public health, and major public interests;
Related to criminal investigation, prosecution and trial;
There is sufficient evidence to show that you have subjective malice or abuse of rights;
Responding to your request will cause serious damage to the legitimate rights and interests of you or other individuals or organizations.
5. How do we handle the personal information of minors
Our products, websites and services are all for adults. Without the consent of their parents or guardians, minors may not create their own user accounts.
In the case of collecting personal information of minors with parental consent, we will only use or publicly disclose this information when permitted by law, the parent or guardian's explicit consent, or is necessary to protect the minors. In some activities that require personal information, participation in the activities means consent to our collection of personal information.
Although local laws and customs have different definitions of minors, we treat anyone under the age of 18 as a minor.
If we find that we have collected personal information of minors without first obtaining verifiable parental consent, we will try to delete the relevant data as soon as possible.
6. How to transfer your personal information globally
In principle, the personal information we collect and generate within the territory of the People's Republic of China will be stored in the territory of the People's Republic of China.
Since we provide products or services through resources and servers all over the world, this means that after obtaining your authorization and consent, your personal information may be transferred to the overseas jurisdiction of the country/region where you use the product or service, or Receive visits from these jurisdictions.
Such jurisdictions may have different data protection laws or even no relevant laws. In such cases, we will ensure that your personal information is sufficiently and equally protected within the territory of the People's Republic of China.
For example, we will request your consent to cross-border transfer of personal information, or implement security measures such as data de-identification before cross-border data transfer.
9. How to contact us
Company name: Shenzhen XFT Medical Limited
Registered address: Room 203, No. 1, Biomedical Innovation Industrial Park, No. 14 Jinhui Road, Pingshan New District, Shenzhen, Guangdong Province
Customer service contact information: 0755 29888818
WeChat public account: XFTCHINA2000 (XFT Medical)
Under normal circumstances, we will reply within 30 days.
April 9th, 2020