SpaceSight Product Privacy Policy

Version 4.1

Effective date: August 30th, 2024

Overview

Thank you for following Whale's products and services! This app and its in-app services are for Whale's enterprise clients or their authorized persons (hereinafter referred to as “you”) and are not open to general consumers. If you are not an enterprise client or authorized person in a cooperative relationship with Whale, please stop using the SpaceSight app immediately.

We recommend that our clients download and install this app with a device and a mobile phone number/account number that belongs to their company and that authorized persons download and install this app with a device and a mobile phone number/account number that is dedicated for work purposes.

We understand the importance of Personal Information (PI) to our clients (and their authorized employees). To help you learn about how the app protects your PI, you can read this SpaceSight Product Privacy Policy (hereinafter referred to as “this Policy”) before using our SpaceSight products or services. We strive to be clear and concise and to use bold text to alert you to the clauses of this policy that are significantly relevant to your rights and interests.

• You can jump to relevant chapters via the index below and learn further about this Policy.

I. Definition

II. How we fulfill our responsibilities of PI protection

III. Third-party information sharing list

IV. Use of cookies

V. How we update this Policy

VI. How to contact us

VII. Dispute Jurisdiction

I. Definition

• 1. Personal Information (or "PI" in this Policy) refers to all kinds of information, recorded in electronic or other forms as specified in relevant laws, that, independently or when combined with other information, allows for personal identification or reflects activities of a specific natural person. You know and understand that any individual piece of device information, daily record, keyword search, or other information/data that cannot directly lead to identifying a specific person is not regarded as PI.

• 2. Sensitive Personal Information (or "Sensitive PI" in this Policy) refers to PI that, once leaked, illegally provides, abuses, or damages personal reputation or health or leads to discriminatory treatment.

• 3. Personal Information Handler (or "PI Handler" in this Policy) refers to an organization or person, as specified in relevant laws, capable of deciding the purposes and methods of handling PI.

• 4. Personal information Subject (or "PI Subject" in this Policy) refers to a natural person that certain PI identifies or is associated with.

• 5. Other terms and definitions related to PI in this Policy, unless otherwise specified or agreed, are in accordance with the “Information Security Technology—Personal Information Security Specification” (GB/T 35273-2020).

• 6. “Whale” in this Policy refers to legal entities that provide you with relevant services and bear corresponding liabilities. They include Whale Jiangxin Tech (Hangzhou) Co., Ltd., Hangzhou Zuotoujing Tech Co., Ltd., Shenzhen Xujing Tech Co., Ltd., and Shanghai Yuanjing Tech Co., Ltd.

II. How we fulfill our responsibilities of PI protection

1. Whale strictly abides by China's laws and regulations related to PI and firmly observes the following principles in handling PI: balancing rights with responsibilities, clear purpose, consent, minimum necessary, security, participation of PI subjects, and transparency.

2. When a client uses functions on SpaceSight products via a client front end such as a mobile phone or a computer for business purposes, relevant services only involve limited PI of the client or the authorized employees to fulfill functions such as product registration, inspection, etc. We promise that, in accordance with relevant laws and regulations and having consulted mature security standards in the industry, we will make every effort to keep PI safe and under control when our clients and their authorized employees use the app.

• (1) How we collect PI

• a. Registration, login, and authentication

  •To comply with legal requirements and to provide safer services to customers or their authorized employees, you need to provide your mobile number, password, verification code, email, and username when registering for our product or service account. If you refuse to provide this information, you will not be able to register successfully.

  •You may also log in using accounts from third-party platforms that we support. If you log in with a third-party account, we will obtain relevant information from that account (including: username, avatar, as specified by your authorization) and authentication information (mobile number, verification code match results) based on your authorization. We collect this information to provide you with account login services and to ensure the security of your account. If you refuse to authorize such information, you will not be able to log in to our platform using your third-party account, but this will not affect the normal use of other features we provide.

• b. SpaceSight technology

  •In order to provide users and their employees with SpaceSight's technology, we require all users to enter cell phone numbers and email addresses in order to log in to access operational data, work tasks, review tasks, customer service inquiries, and operation and maintenance tasks.

• c. Security services

  •To meet legal requirements and to provide you with stable services that are protected from viruses, Trojan horses, or other malicious programs and websites,we need to record your activities in terms of service categories and methods, as well as device brands, models, names, software versions, and service-related information.

•d. Information Notification Service

In order to provide information notification service, we need to collect your device information, such as device identification information (device model, device name, serial number, device MAC address, operating system type, IMEI), Android ID, Android OAID, IDFA, OpenID, GUID, SIM card IMSI and other information describing the basic information of your common device. At the same time, please understand that when you switch the application to run in the background of the device, the information collection behavior from your previous use of the application may not be stopped immediately due to network abnormalities or system settings, resulting in a brief background information collection behavior.

• e. Device information we may need to collect

   •We will need to access your camera's permissions; if you would like:

  to scan QR codes on the devices;

  to capture and upload images, access image metadata, create and publish tasks, provide feedback, access the task center, and review tasks;

  to save images to a local album;

  to capture an image and publish it as the user avatar.

  Decline of camera access may cause failure in task publishing.

  •We will need to access your device's geolocation information if you would like:

  to send your location information;

  to pinpoint nearby stores.

  A refusal of geolocation access may cause failure in acquiring a store's location information or an abnormal display of a store's information.

  •We will collect device Android IDs in order to provide the following functions after your confirmation and agree to the privacy agreement:

  Collect device Android IDs through the SDK to obtain device unique identifiers to provide data usage analysis services;

  Collect user behavior data during the use of the product, specifically enhancing the user's product use experience.

  •We will need to access your device's microphone permission if you would like:

  to talk to people through cameras in app by phone.

  A refusal of microphone access may cause failure in talking with people in store through cameras.

   •We will need to obtain your device's SSID if you would like:
to add a Wi-Fi PTZ camera in the 'Device Management' feature. It is necessary to match and connect to Wi-Fi to complete the device network deployment. To facilitate users in completing the device network setup, the application will automatically retrieve the name of the currently connected Wi-Fi network. Therefore, it will obtain the user's SSID information.

• f. Please understand that the services we provide are constantly being developed and updated. If you use services not specified above that require the collection of your personal information, we will inform you of the collection scope and purposes via page reminders, interactive processes, or agreements to obtain your consent. We will use, store, provide, and protect your information in accordance with this Policy and the corresponding user agreement. If you choose not to provide the aforementioned information, you may not be able to use all or part of certain services, though you may still be able to use other services we provide.

• g. In order to ensure the realization of relevant functions of the Digital Intelligence Space APP and the stable operation of the application, we may access the software development kit (SDK) provided by a third party to achieve related purposes. Different versions of third-party SDKs will be different. We will conduct strict security monitoring of the software tool development kit (SDK) used by our partners to obtain information to ensure data security. To learn more about the purpose, method and scope of SDK processing of personal information, please check the third-party information sharing list.

(2) Exceptions to obtaining consent

According to relevant laws and regulations, we do not have to obtain your consent for collecting and using your PI in the following cases:

• Related to national security or national defense;

• Related to public security, public health, or major public interests;

• Related to criminal investigations, prosecutions, trials, or execution of court decisions;

• For the purpose of safeguarding the life, property, or other significant legitimate rights and interests of the PI Subjects or other individuals, and where it is hard to obtain consent from the PI Subjects;

• The PI involved is disclosed to the public by the PI Subject;

• The PI is collected from legally and publicly disclosed information, such as legal news reports and government information disclosure;

• (The collection and use of PI are) essential to the signing and performing of a contract requested by the PI Subject; or

• Other cases specified by laws and regulations.

(3) How we use your PI

• a. To fulfill the purposes specified in “How we collect PI” in this Policy; Your PI may be displayed to you when the app is in use. Please be careful not to leak any information when using the app.

• b. To inform you of the status of the services you use, in which case we will send a service reminder or notification;

• c. To report to relevant government departments in accordance with laws and regulations; and

• d. Other purposes with your permission.

• (4) How we share, transfer, publicly disclose, and entrust others to process your PI

• a. Entrusted processing

  •To increase efficiency, reduce costs, or improve the accuracy of data processing, Whale, as a PI Controller, may, within the scope of obtained authorization, entrust a competent affiliated company or another professional organization to process the information on our behalf. The entrusted company, organization, or individual will be required to sign a strict non-disclosure agreement and process PI in accordance with our requirements and any other relevant confidentiality and security measures.

• b. Sharing

We will not share your PI with companies, organizations, or individuals outside of Whale except in the following cases:

  •With your explicit consent or authorization;

  •When requested by the authorities such as an administrative or judicial organ in accordance with relevant laws and regulations;

  •When used for core functions of relevant products and services (this includes sharing with our affiliate companies or partners); or

  •When used for social public interests in accordance with relevant laws and regulations.

•c. Transfer

We will not transfer your PI to any company, organization, or individual except in the following cases:

  •With your prior explicit consent;

  •As stipulated by laws, regulations, legal procedures, or the mandatory requirements of administrations or judiciaries;When the transfer of PI is involved in a(n) merger, acquisition, or bankruptcy liquidation, we will notify you and require the new company or organization to which your PI is transferred to continue to be bound by this Policy. We will require the new company or organization to seek your explicit consent again if their stated goals or use of personal information changes.

•d. Disclosure

  •We will not publicly disclose your PI except in the following cases:

  •After obtaining your explicit consent, we will inform you of the purpose and type of personal information that will be publicly disclosed. We will obtain your explicit consent in advance through announcements or text messages. When publicly disclosing sensitive personal information, we will inform you of the content involved in the sensitive personal information;

  •Statutory disclosure: we may publicly disclose your PI as stipulated by laws, legal procedures, prosecutions, or the mandatory requirements of government agencies.

•e. We will not illegally sell or provide your information to others. We will not provide your personal information to any third parties, nor will we use it for any other purposes, except in the following circumstances:

  •Obligations related to the fulfillment of laws and regulations by the personal information controller;

  •Directly related to national security and defense security;

  •Directly related to public safety, public health, and significant public interests;

  •Directly related to criminal investigations, prosecutions, trials, and the execution of judgments;

  •To maintain the significant legal rights and interests of the personal information subject or other individuals, but it is difficult to obtain the subject's consent;

  •Personal information that the subject has voluntarily disclosed to the public;

  •Collecting personal information from legally disclosed public information, such as legitimate news reports and government information disclosures.

• (5) How we protect your PI

• a.We have employed security protection measures according to industry standards to protect your PI and prevent unauthorized access to or disclosure, use, modification, damage, and loss of data. To ensure the security of your information, we are committed to using a variety of security technologies and supporting management systems to minimize the risk of your information being leaked, damaged, misused, altered, accessed, or disclosed without authorization. For example, we employ encrypted transmission and storage of data with SSL; we prevent any unauthorized or malicious access with Whale's service authentication and firewall; we strictly limit access to our data center by establishing a unified role permission control system; we adopt security measures including encryption, permission control, de-identification, and anonymization when transmitting and storing PI.

• b. We have obtained Class 2 Certification of Class-based Information Security Protection and certifications of ISO 27001 Information Security Management System, ISO 27701 Privacy Information Management System, and ISO 9000 Quality Management System.

• c. Our data security competency: We have established a department responsible for PI protection, which will carry out PI security impact assessments on the collection, use, sharing, and entrusted processing of PI. Meanwhile, we have established an internal control system to handle tasks, including but not limited to creating emergency response plans for personal information security incidents, organizing emergency response trainings and emergency drills on a regular basis, managing and controlling permissions and behaviors of employees with access to personal information, training on laws, regulations, and practices related to information security protection, and organizing examinations on security for all employees.

• d. In the case of an unfortunate PI security incident, we will, in a timely manner and in accordance with laws and regulations, inform you of the basic conditions and possible impacts of the security incident, response measures that are already taken or to be taken by us, and suggestions for remedial measures you can take regarding self-preservation and risk mitigation. We will inform you of such information by email, letter, telephone, and/or push notification, and when it becomes difficult to notify each personal information subject individually, we will properly and effectively issue a public notice.

• The internet is not 100% secure.We will do our utmost to ensure or guarantee the security of any information you send to us. If your legal rights and interests are adversely affected due to unauthorized access to, disclosure, tampering, or damage of your PI resulting from damage of our physical, technical, or management protection facilities, we will assume legal liabilities accordingly. At the same time, we will also take the initiative to report the handling of personal information security incidents in accordance with the requirements of the regulatory authorities.

• f. Please keep your login name and other identity factors properly protected. When you use our services, we will identify you with your login name and other identity factors. Once you leak the above information, you may suffer from losses and other adverse impacts. If you find that your login name and/or other identity factors may have been leaked, please contact us immediately, so that we can take appropriate measures to avoid or reduce related losses.

• g. If we undergo a merger or division, your information will be protected by the surviving business entity at that time, and we will notify you through announcements, text messages, or other written means. If our products or services cease operations, we will promptly stop collecting your information and notify you via announcements or text messages. At that time, we will delete or anonymize your information.

• (6) How we store PI

• a. PI collected and generated within the territory of the People’s Republic of China will be stored in China in accordance with laws and regulations.

• b. We will only retain your PI for the period necessary to provide Whale products and to fulfill their purposes, and will strictly abide by the requirements of laws and regulations during the storage period.

(7) Your rights to manage your PI

According to relevant laws, regulations, and standards in China, we ensure the following rights to your personal information:

  a. Access and editing of PI

  You have the right to access your PI by logging into the platform. If you have trouble accessing or editing your PI, you can contact us at any time by the means we provide in this Policy for assistance.

  b. Delete PI

  Under the following circumstances, you can request deletion of your personal information:

    • If our treatment of your PI violates any law or regulation;

    • If we collect and use your PI without your consent;

    • If our treatment of your PI breaks our agreement with you;

    • If you delete your account; or

    • If we terminate our services and operation.

c. Change scope of consent

Every business function requires some PI to work. When it comes to the collection and use of additional personal information, you can give or revoke your consent at any time. After you revoke your consent, we will stop processing the relevant personal information. However, your revocation does not affect any previous personal information handling under your authorization.

d. To de-register an account

You can de-register an account at any time. We will stop providing the products and services to you and delete your personal information as you request unless otherwise specified by laws and regulations.

Currently, you cannot de-register your account by yourself on the client side. You can contact us at any time bythe meanswe provide in this Policy and we will de-register your account for you within 7 days.

e. Responding to Your Requests

If you are unable to access, correct, or delete your personal information through the above methods, or if you need to access, correct, or delete other personal information generated during your use of our products and services, you can contact our customer service.

To ensure security, we may require you to provide a written request or other means to verify your identity. We will respond to your request within 15 days or within the time frame prescribed by law. If you are not satisfied, you can file a complaint by sending an email to hello@whale.im.

For your reasonable requests, we generally do not charge a fee. However, for repeated requests that exceed reasonable limits, we may charge a certain cost. We may refuse requests that are frivolous, require excessive technical means, pose risks to others' legitimate rights and interests, or are impractical, and we will inform you of the reasons for refusal via announcements or text messages. In the following situations, we will not be able to respond to your requests as required by laws and regulations:

  • Related to our obligations under laws and regulations;

  • Directly related to national security and defense security;

  • Directly related to public safety, public health, and significant public interests;

  • Directly related to criminal investigations, prosecutions, trials, and execution of judgments;

  • When the personal information controller has sufficient evidence to indicate that the data subject has subjective malice or abuses rights;

  • For the protection of the life and property of the data subject or other individuals' significant legitimate rights and interests when it is difficult to obtain consent;

  • Responding to the request would severely damage the legitimate rights and interests of the data subject or other individuals or organizations;

  • Involving trade secrets;

  • Other situations prescribed by laws and administrative regulations.

(8) How we handle PI of minors

a. We attach great importance to the protection of minors' personal information

We presume that you have the appropriate capacity for civil conduct. If you are a minor under the age of 14 or under the age of 18 or do not have full capacity for civil conduct due to intellectual or mental health conditions, please read and agree to this Privacy Policy under the guidance and accompanied by your legal guardian; If you are a minor under the age of 14, please ask your parent or legal guardian to read and agree to this Privacy Policy for you. You and your legal guardian are requested to pay special attention to the protection of minors.

If you are the parent or other guardian of a minor, please pay attention to whether the minor has obtained your authorization to use our services.

b. Remedial measures

1、If you fail to obtain the consent of your guardian or you do not consent to your guardian to use our services and provide information to us, please stop using our services immediately and contact us in time.

2、Upon receiving your written notice and knowing that our company has collected minors' personal information without the prior consent of the guardian, our company will immediately stop the collection and use of relevant information.

III、Third-party information sharing list

When you use services provided by a third party, we will share the corresponding information after obtaining or ensuring that the third party obtains your authorization and consent, and in other circumstances that comply with laws and regulations. You can learn how the third party will handle your personal information through the relevant information listed in this list. We will also strictly restrict the third party's acquisition of personal information to protect the security of your personal information.

In order to ensure the stable operation of the Digital Intelligence Space or to achieve related functions, we may also access software development kits (SDKs) provided by third parties to achieve the above purposes. We also list the relevant third-party SDKs that we have accessed in the following list. You can view the data usage and protection rules of third parties through the links or paths provided in the directory. Please note that the type of personal information processing of third-party SDKs may change due to version upgrades, policy adjustments, etc. Please refer to their public official instructions.

SDK Name Third Party Name Purpose Collect Personal Information Third Party Privacy Policy
Mobile Push SDK Tencent Computer System Co., Ltd. Message push on mobile devices (1) Device information (e.g., phone model, system type, system version) used for tag-based push and to identify whether it is a real device; network information (network type) used for different types of push based on network type; application data (e.g., delivery, click, exposure data generated during push) used for push business data statistics.
(2) (Optional information, depending on developer settings) Account binding information (e.g., QQ number, WeChat Union ID, phone number, email) used for account-based information.
Mobile Push SDK Privacy Policy
Bugly SDK Tencent Computer System Co., Ltd. Diagnose crash issues, help improve app stability (1) Device information (e.g., phone model, system type, system version) to identify whether crash issues are related to phone signal; network information (network type) to identify whether crash issues are related to network type. Bugly SDK Privacy Policy
Huawei Unified Scanning SDK (Android Version) Huawei Software Technologies Co., Ltd. Provide code generation or scanning capabilities for the application Data you actively submit (e.g., images, text), sensor information (e.g., accelerometer, light sensor), network information, application information, device information, operator information (operator's name), system information (system settings, system attributes, device model, operating system), and Wi-Fi information (Wi-Fi status) Huawei Unified Scanning SDK Privacy Policy
MobTech ShareSDK Shanghai Zhangzhi Tao Information Technology Co., Ltd. Social sharing, third-party login System operation information, network status information, iOS advertising identifier (IDFA), International Mobile Equipment Identifier (IMEI), Anonymous Device Identifier (OAID), International Mobile Subscriber Identity (IMSI), application list information, base station information, geographic location MobTech ShareSDK Privacy Policy
AMap Open Platform Location SDK AMap Software Co., Ltd. Business requirement for geographical location-based mobile check-in Latitude and longitude, device information (e.g., IP address, GNSS information, network type, Wi-Fi status, Wi-Fi parameters, Wi-Fi list, SSID, BSSID, base station information, Wi-Fi signal strength, sensor information such as vector, acceleration, pressure, direction, geomagnetic, gyroscope, temperature, light, NEMA signals), device identification information (IDFA, OAID), current application information (application name, application version), device parameters and system information (device brand and model, operating system, operator information, screen resolution) AMap Open Platform Location SDK Privacy Policy
AMap Open Platform Map SDK (Bundled) AMap Software Co., Ltd. Business requirement for geographical location-based mobile check-in Latitude and longitude, device information (e.g., IP address, GNSS information, network type, Wi-Fi status, Wi-Fi parameters, Wi-Fi list, SSID, BSSID, base station information, Wi-Fi signal strength, sensor information such as vector, acceleration, pressure, direction, geomagnetic), device identification information (IDFA, OAID), current application information (application name, application version), device parameters and system information (device brand and model, operating system, operator information, screen resolution) AMap Open Platform Map SDK (Bundled) Privacy Policy
Object Storage OSS Android SDK Alibaba Cloud Computing Co., Ltd. Used for uploading business files to Alibaba Cloud OSS server Network information, device identification information (IMEI/IMSI/Android_ID, SIM card serial number, MAC address) Object Storage OSS Privacy Policy
Log Service SLS Alibaba Cloud Computing Co., Ltd. Mobile business exception data, behavior operation data, used for troubleshooting device stability and business processes. Device information (e.g., phone model, system type, system version) used for tag-based identification of real devices; network information (network type) used for different network types; application data used for business data statistics. Log Service SLS Privacy Policy
DingTalk Login SDK (Android) DingTalk Technology Co., Ltd. Support user quick login with DingTalk account None DingTalk Login SDK (Android) Privacy Policy
Tencent Browser Service X5 Web Engine SDK (Android) Tencent Computer System Co., Ltd. Provide a better WebView core and better web browsing service Device information (e.g., device model, operating system, CPU type), application information (host application package name, version), Wi-Fi status and parameters (excluding Wi-Fi MAC), location information (optional), nearby Wi-Fi (optional), CellID (optional)
Permissions required for SDK product functionality: Network permission, storage permission, clipboard (optional), geographic location (optional), sensor permission (optional), camera permission (optional), microphone permission (optional)
Tencent Browser Service X5 Web Engine SDK Privacy Policy
COS V5 Android SDK Tencent Cloud Computing (Beijing) Co., Ltd. Used for uploading business files to Tencent Cloud OSS server Network permission, network status, IP address, system properties, multimedia files, AndroidID COS V5 SDK Privacy Policy
Conversational Intelligence Platform SDK iFLYTEK Co., Ltd. Provide badge management, voice management, and push information Bluetooth (connect to work badge), storage permissions, phone status (recording management), message notification (push message), clipboard (copy, paste, share) Conversational Intelligence Platform Privacy Statement

IV. Use of cookies

(1) To ensure normal functioning of our app and services, we may use your cookies to allow you convenient login or use of services/functions dependent on cookies.

(2) You have the right to accept or decline cookies. You can decline cookies by changing your browser settings. However, if you decline cookies, you may not be able to log in or use services/functions dependent on cookies.

V. How we update this Policy

We may revise or change this Policy from time to time. We will not reduce your rights under this Policy without your explicit consent.  We will post any changes to this policy on this page. If changes are significant, we will provide a more prominent notice (including, for certain services, email notification of change details).

IV. How to contact us

If you have any questions, comments or suggestions regarding this Policy, you can contact us by phone: 400-655-1213 or email: hello@whale.im We have designated personal information protection specialists, and you can get in touch with them through email or mail. Our address is: Building A7, Zhejiang University Alumni enterprise headquarters economic park, No. 397 Cang Xing Street, Cangqian Subdistirct, Yuhang, Hangzhou, Zhejiang.

VII. Dispute Jurisdiction

(1) The signing, effectiveness, performance, and dispute resolution of this privacy policy shall be governed by the laws of the People's Republic of China.

(2) Any disputes related to this agreement shall be resolved through friendly consultation. If consultation fails, the dispute shall be submitted to the competent court in the jurisdiction where Hangzhou Zhaotou Whale Technology Co., Ltd. is located for litigation.