Personal Information Protection and Privacy Policy

This policy applies only to Nutag Products or services.

Last updated:2024Year10moon.

If you have any questions, comments or suggestions, please contact us through the following contact information:

E-mail: Support@zkdigimax.com

This policy will help you understand the following:

■ Rules for the collection and use of personal information

■ How we protect your personal information

■ Your rights

■ How we handle personal information of minors?

■ How this Policy is Updated

■ How to Contact Us

ZKTechnology Co., Ltd.and its affiliates(hereinafter referred to as "ZKTechnology", "the Company" or "we") is fully aware of the importance of personal information to you and will do our best to protect your personal information safely and reliably. We are committed to maintaining your trust in us and abiding by the following principles to protect your personal information: the principle of consistency of rights and responsibilities, the principle of clear purpose, the principle of choice and consent, the principle of minimum necessity, the principle of ensuring security, the principle of subject participation, the principle of openness and transparency, etc. At the same time, ZKTechnology promises that we will take corresponding security protection measures to protect your personal information in accordance with the industry's mature security standards.

Before using this product (or service), please be sure to read and thoroughly understand this policy, and use the relevant products or services after confirming that you fully understand and agree to it. Once you start using this product or service, it means that you have fully understood and agreed to this policy.

I. Rules for the collection and use of personal information

(i) What personal information do we collect?

1. Your use Nutag, we will collect the following information from you:

The business functions we provide rely on some information to operate. If you choose to use this business function, you need to provide us with or allow us to collect the necessary information including:Username (name/nickname/alias/code), phone number, email address.

Depending on the software product you choose, you can optionally enter your mobile phone number/Name. You need to use your email address as your account when logging in. You must provide your real email address to use related services.

2. You may choose to provide us with or allow us to collect the following information:Personal photos, residential address, company, IP address information, MAC address information, access date and time.

This information is not necessary for the operation of the business function, but it is of great significance to improving service quality, developing new products or services, etc. We will not force you to provide this information, and your refusal will not have an adverse impact on the use of this business function.

3. When you use this business function, our software will apply to you for the following system permissions related to personal information:Get location.

If you do not authorize, we will not be able to provide the business function. In addition to the above permissions, you can choose whether to grant other system permissions to the software.

When you contact us, we may save your communication/call records and content or information such as the contact information you leave in order to contact you or help you solve the problem, or record the solution and results of the relevant problem.

(ii) How we use your personal information

1. We will use the necessary personal information to provide this business function. We will also use the following information to maintain and improve this business function, develop new business functions, etc.

2. We will use non-essential personal information for the following purposes:

(iii) How we use cookies and similar technologies

1. Cookies

Cookies and similar technologies are commonly used on the Internet. To ensure the normal operation of the website, we will store small data files called cookies on your computer or mobile device. Cookies usually contain identifiers, site names, and some numbers and characters. With the help of cookies, websites can store data such as your preferences. We will not use cookies for any purpose other than those described in this policy. You can manage or delete cookies according to your preferences. You can clear all cookies saved on your computer, and most web browsers have the function of blocking cookies. But if you do this, you need to change the user settings yourself every time you visit our website.

2. Other similar technologies

In addition to Cookies, we will also use other similar technologies such as web beacons and pixel tags on our websites to help us understand your product or service preferences and improve customer service.

(iv) Cloud PlatformSafety Responsibility

1、ZKDIGIMAX is responsible for the security management and operation of services and data interactions on the ZK cloud platform, and is responsible for the security of the cloud service platform and infrastructure provided.APIinterface,SDKFor self-developed software or hardware embedded software, customers need to ensure the security and compliance of their applications and data, including hardware equipment and software, when connected to Enbase Cloud Platform. Enbase Cloud’s main responsibility is to develop and operate various basic services, platform services and application services, while customers’ main responsibility is to customize and develop third-party clients and build third-party cloud services based on Enbase Cloud services. The following figure shows the shared responsibility model for basic cloud service providers, Enbase and customer information security responsibilities.

2、ZK Cloud's security responsibilities

a) ZKDIGIMAX Cloud selects world-renowned cloud hosting service providers such as Amazon, Tencent Cloud, Alibaba Cloud and other first-class cloud computing platforms to ensure the security of infrastructure and physical equipment for secure management and operation.

b) ZKDIGIMAX Cloud Security covers data security and cloud service security. ZK promises to use its security team and the professional attack protection technology experience of world-renowned security service providers to provide cloud platform security operation and maintenance services, effectively protect the secure operation of ZK Cloud, and ensure the privacy and data security of customers and users. Including but not limited to:

² Data Security: refers to the security management of customers' business data in the cloud business environment, including collection and identification, classification and grading, permissions and encryption, and privacy compliance.

² Access control management: management of access rights to resources and data, including user management, permission management, identity authentication, etc.;

² Cloud service security: refers to the security management of business-related application systems in a cloud computing environment, including the design, development, release, configuration and use of applications and service interfaces.

3. Customer's safety responsibilities

a) a)When using ZK Cloud solutions, customers need to strictly follow ZK's security configuration and access requirements. At the same time, customers need to ensure the security of their own cloud, client or hardware products.

b) b)ZK-basedSDK/APIFor the application software developed, ZK only provides technical support but cannot provide security guarantee for the software as a whole.

c) c)For data security compliance, privacy policy and other related information of customized products based on ZK solutions, the customer is responsible for the privacy policy statement and legal compliance. When necessary, ZK's security compliance team is willing to provide assistance and consulting services for security solutions.

(v) How we share, transfer and publicly disclose your personal information

1. Sharing

We will not share your personal information with any company, organization or individual outside of our company unless we have your explicit consent.

We may share your personal information with external parties in accordance with laws and regulations or the mandatory requirements of government authorities.

2. Transfers

We will not transfer your personal information to any company, organization or individual, except in the following circumstances:

a) a)Transfer with explicit consent: We will transfer your personal information to other parties with your explicit consent;

b) In the event of a merger, acquisition or bankruptcy liquidation, if personal information is transferred, we will require the new company or organization that holds your personal information to continue to be bound by this personal information protection policy. Otherwise, we will require the company or organization to re-solicit your authorization and consent.

3. Public disclosure

We will only disclose your personal information in the following circumstances:

c) c)With your explicit consent;

d) Disclosure based on law: We may disclose your personal information publicly when required by law, legal process, litigation or government authorities, including: including:

c) Related to the personal information controller's performance of obligations prescribed by laws and regulations;

d) Directly related to national security and national defense security;

e) Directly related to public safety, public health, and major public interests;

f) Directly related to criminal investigation, prosecution, trial and execution of judgment;

g) For the purpose of protecting the life, property and other major legitimate rights and interests of the personal information subject or other individuals, but it is difficult to obtain the authorization and consent of the individual;

h) The personal information involved is disclosed to the public by the subject of personal information on his/her own accord;

i) Necessary to maintain the safe and stable operation of the products or services provided, such as discovering and handling product or service failures;

j) The controller of personal information is a news organization, and the personal information is necessary for its legitimate news reporting;

k) The controller of personal information is an academic research institution. When it is necessary to conduct statistical or academic research for the public interest and when it provides the results of academic research or descriptions to the outside, the personal information contained in the results will be de-identified.

Please note that according to legal provisions, sharing and transferring de-identified personal information, while ensuring that the data recipient cannot restore and re-identify the personal information subject, does not constitute external sharing, transfer or public disclosure of personal information, and the storage and processing of such data will not require additional notification to you and your consent.

二、How we protect your personal information

(i) We value the security of personal data. We use appropriate physical, administrative and technical safeguards to protect your personal data from unauthorized access, disclosure, use, modification, damage or loss. For example, we use encryption technology to ensure the confidentiality of data; we use protection mechanisms to prevent data from malicious attacks; we deploy access control mechanisms to ensure that only authorized personnel can access personal data; and we hold security and privacy protection training courses to enhance employees' awareness of the importance of protecting personal data. We will do our best to protect your personal data, but please note that no security measures can be impeccable.

(ii) We will retain your personal data for the period necessary to achieve the purposes described in this policy, unless the retention period needs to be extended or is permitted by law. Because the storage period of data may vary based on different scenarios and products and services, the standards we use to determine the retention period include: the time it takes to retain personal data to complete the business purpose, including providing products and services, maintaining corresponding transaction and business records, controlling and improving product and service performance and quality, ensuring the security of systems, products and services, responding to possible user inquiries or complaints, problem location, etc.; whether the user agrees to a longer retention period; whether there are special requirements for retaining data under laws, contracts, etc. As long as your account is necessary to provide you with services, we will retain your registration information. You can also choose to cancel your account. After you cancel your account, we will stop providing products and services based on the account and delete your corresponding personal data unless there are special legal requirements.

(iii) In the unfortunate event of a personal information security incident, we will inform you in accordance with the requirements of laws and regulations (within 30 natural days at the latest): the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, suggestions for you to prevent and reduce risks on your own, and remedial measures for you, etc. We will inform you of the relevant circumstances of the incident by email, letter, phone, push notification, etc. When it is difficult to inform the subject of personal information one by one, we will take reasonable and effective means to issue an announcement. At the same time, we will also report the disposal of the personal information security incident in accordance with the requirements of the regulatory authorities.

(iv) The Internet environment is not 100% secure. Although we have these security measures, please note that there are no "perfect security measures" on the Internet. We will do our best to ensure the security of your information.

(v) To ensure a smooth browsing experience, you may receive content or web links from third parties outside of us and our partners (hereinafter referred to as "third parties"). We have no control over such third parties. You can choose whether to access the links, content, products and services provided by third parties. We cannot control the privacy and data protection policies of third parties, and such third parties are not bound by this Policy. Before submitting personal information to a third party, please refer to the privacy protection policy of the third party.

3. Your rights

According to China's relevantlaw, regulations, standards, and common practices in other countries and regions, we guarantee that you can exercise the following rights over your personal information:

(i) Access to your personal information

You have the right to access your personal information, except for exceptions provided by laws and regulations. If you want to exercise your right to access data, you can access it yourself in the following ways:Log in to the software platform to view personal information.

If you are unable to access this personal information through the above link, you can always send an email toSupport@zkdigimax.com 发送电子邮件至Support@zkdigimax.com

We will provide you with other personal information generated during your use of our products or services as long as it does not require us to make excessive efforts. If you want to exercise your data access rights, , please send an email toSupport@zkdigimax.com

Correcting your personal information

If you find that the personal information we process about you is wrong, you have the right to ask us to make corrections. You can make a correction request through the methods listed in "(I) Accessing Your Personal Information".

If you are unable to correct your personal information through the above link you can always send an email toSupport@zkdigimax.comm

(ii) Delete your personal information

In the following circumstances, you may submit a written request to us to delete your personal information:

1. If our handling of personal information violates laws and regulations;

2. If we collect or use your personal information without your consent;

3. If you no longer use our products or services, or if you cancel your account;

4. If we no longer provide products or services to you.

Where required by applicable law, you also have the right to withdraw your consent at any time when we process your personal data based on your consent. However, the withdrawal of consent will not affect the lawfulness and validity of our processing of your personal data based on your consent before the withdrawal, nor will it affect our processing of your personal data based on other appropriate legitimate bases.

(iii) Responding to your request above

For security reasons, you may need to provide a written request or otherwise prove your identity. We may ask you to verify your identity before processing your request.

We will respond within 7 days. If you are not satisfied, you can also file a complaint at Support@zkdigimax.com

In principle, we do not charge fees for your reasonable requests, but we will charge a certain cost for repeated requests that exceed reasonable limits. We may reject requests that are unreasonably repeated, require too many technical means (for example, require the development of new systems or fundamentally change existing practices), pose risks to the legitimate rights and interests of others, or are extremely impractical (for example, involving information stored on backup tapes). We will be unable to respond to your request in the following circumstances:

We will not be able to respond to your request in the following circumstances:

1. Related to the fulfillment of the obligations of the controller of personal information under laws and regulations;

2. Directly related to national security and defense security;

3. Directly related to public safety, public health, and major public interests;

4. 4、Directly related to criminal investigation, prosecution, trial and execution of judgment;

5. 5、The personal information controller has sufficient evidence to show that the personal information subject has subjective malice or abuses his rights;

6. 6、For the purpose of protecting the life, property and other major legitimate rights and interests of the personal information subject or other individuals, but it is difficult to obtain the consent of the individual;

7. 7、Responding to the request of the Personal Information Subject will cause serious damage to the legitimate rights and interests of the Personal Information Subject or other individuals or organizations;

8. 8、Involving trade secrets.

4. 四、How do we handle personal information of minors?

Our products, websites and services are primarily intended for adults. Minors should not create their own personal information subject accounts without the consent of their parents or guardians. If you are a minor, we recommend that you ask your parents or guardians to read this policy carefully and use our services or provide us with information only with the consent of your parents or guardians.

In the case of collecting personal information of minors with parental consent, we will only use or disclose this information when permitted by law, with the explicit consent of parents or guardians, or when necessary to protect minors.

If we find ourselves collecting personal information of minors without prior verifiable parental consent, we will try to delete the relevant data as quickly as possible.

4.How this Policy is Updated

Our personal information protection and privacy policies may change.

Without your explicit consent, we will not reduce your rights under this policy. We will post any changes to this policy on this page.

For major changes, we will also provide more prominent notices (including for certain services, we will send notices via email to explain the specific changes to the personal information protection policy).

Major changes referred to in this policy include but are not limited to:

1. 1、Our service model has undergone major changes, such as the purpose of processing personal information, the type of personal information processed, and the way personal information is used;

2. 2、We have major changes in ownership structure, organizational structure, etc., such as changes in ownership caused by business adjustments, bankruptcy and mergers and acquisitions, etc.;

3. 3、The main objects of sharing, transfer or public disclosure of personal information have changed;

4. There are significant changes in your rights to participate in the processing of personal information and how to exercise them;

5. 5、When our responsible department for handling personal information security, contact information and complaint channels change;

We will also archive previous versions of this policy for your reference.

6. How to contact us

If you have any questions, comments or suggestions about this Personal Information Protection and Privacy Policy, 请通过以下方式将您的问题发送至Support@zkdigimax.com一般情况下 will respond within 7 days. More contact information will be announced on our official website (http://www.zkteco.com).