Neocrm Privacy Statement
Update Date:March 9, 2021
Effective Date:March 9, 2021
Beijing IngageApp Internet Technology Ltd., Co. (collectively, “Neocrm”, “we”, “us”, and “our”) respects your privacy. Please read the following to learn more about how we collect, use, share, and process your personal data and your rights and choices about your personal data.
This Privacy Statement applies to the functions, products, and services provided by the Neocrm platform (The domain name of the Neocrm mobile terminal/web terminal: www.xiaoshouyi.com or www.neocrm.com) and also applies to the Neocrm products and services that are used in our affiliated companies’ products and services without a separate privacy statement.
Enterprise/organization users should obtain the explicit consent of related individual users in advance before uploading the contact information, personal information, and external business contact information of the enterprise/organization. The information must be used only for the operation and management of the enterprise/organization and the related individual user must be fully informed of the purposes, scopes and usage methods of relevant data. You need to understand and agree that the enterprise/organization users are the actual controllers of the data and we only enable the data control permissions for them on request. If you contact us, we will forward your request to the enterprise/organization users and assist them with your request within a reasonable time limit when needed.
This Privacy Statement does not apply to services provided by third parties (collectively, the “third-party service”) to you through the Neocrm platform (“this platform”), such as the third-party service that you have opened and used through the third-party application portal provided by Neocrm and the payment-related functions provided by the payment company through the Neocrm client. The information you provide to the third-party service provider is not protected by this Privacy Statement. You should fully understand the product functions and privacy policies of the third-party service before using it.
This Privacy Statement describes:
2.What Types of Personal Data We Collect
3.Cookies & Similar Technologies
4.How We Share & Transfer & Disclose Your Personal Data
5.Where We Store Your Personal Data
6.How We Protect Your Personal Data
8.Updates to This Privacy Statement
9.How to Contact Us
10.How We Process Children’s Personal Data
- Enterprise/Organization Users: Neocrm users registered by enterprises/organizations. The administrator users of the enterprise/organization upload the contact information of the employees to build the enterprise/organization structure and open, manage, and use Neocrm services on behalf of the enterprise/organization. The Neocrm enterprise/organization users include, but are not limited to, legal persons, government agencies, other organizations, partners or individual industrial and commercial households.
- Enterprise/Organization Administrators: Individual users authorized or appointed by enterprises/organizations to manage the enterprise/organization platform system and can open, manage, and use Neocrm services on behalf of the enterprise/organization.
- Individual Users: Members of the enterprise/organization without administrator permissions and external users created by enterprise/organization administrators, hereinafter referred to as “you”.
- Personal Information: All kinds of information recorded electronically or in other ways that can be used to identify a specific natural person independently or in combination with other information or reflect the activities of a specific natural person.
- Sensitive Personal Information: Personal information that, once leaked, illegally provided or abused, may endanger personal and property safety, thus leading to personal reputation damages, physical and mental health damages, or discriminatory treatment. The information includes but is not limited to the ID numbers, personal biometric information, communication records and content, property information, whereabouts, health and physiological information, and transaction information.
- Children: Minors under the age of 14 (China).
- Anonymization: Technical processing of personal information so that the subject of the personal information cannot be identified and the processed information cannot be restored.
2.What Types of Personal Data We Collect
2.1Personal Data Collected from You
We may collect your personal data directly from you in the following circumstances:
If you express interests in obtaining more information about our services, request customer support (including access to online customer services), use our “telephone consultation” or similar functions, apply for a free trial or demo, register for a webinar, subscribe to our emails, fill out questionnaires, participate in offline activities, or download product content (such as product white papers), we may ask you to provide us with your contact information, such as your name, mobile phone number, company name, job title, address, email address, or username.
When you use the Neocrm platform, we may need to collect your mobile phone number and/or email address for identity verification. After you log in to your account, you can also choose whether to upload your avatar to enhance your personalized display, and further provide basic information such as your nickname, gender, position, employee number, reporting object, and corporate email address.
If you use the products or services provided by our client or website, we will automatically collect information about your device and your use of our services through log files and other technologies and some of the information may be your personal data, such as your IP address (or proxy server information), hardware model, type and version of the operating system, device screen size, resolution, serial number of the hardware , MAC address, international mobile equipment identity (IMEI), time zone, language setting, and search content.
If you contact us by phones, the call content may be recorded.
If you visit our office, you may need to register as a visitor and provide your name, phone number, company name, and date and time of arrival. In addition, you may need to provide information about your health condition due to COVID-19, including your body temperature, COVID-19-related symptoms, history of close contact with people infected with COVID-19, and recent travel history.
If you need to use functions related to work orders, you need to authorize us to obtain your location information through your SIM card, IP address, and GPS (longitude, latitude) (if GPS of your mobile device is enabled) and we use the location information to provide you with location-based services. If you refuse to provide the location information, we will not provide you with location-related services, but the normal use of other functions and services of the platform will not be affected.
We will receive and record your device-related information (such as the device model, operating system version, device settings, and other software and hardware characteristics information), location-related information of your device (such as the IP address, call records, address book list, read-write calendar, GPS location information [longitude, latitude]), and sensor information such as Wi-Fi access points and base stations that provide related information with permissions obtained from you during software installation and usage.
We will collect your WeCom account (WeChat Union ID, avatars), QQ/MSN account, Weibo account and may associate the information with your personal data in some cases to provide you with more intelligent marketing services (marketing through phones, SMS or emails).
We will collect your e-mail address, position, phone number, user behavior data, and IP address to conduct targeted advertising, to provide relevant email content, event promotion and analysis, to determine eligibility, and to verify contact information.
If you provide us or our service providers with any personal data related to other individuals, you have the right to do so; and if necessary, you have obtained the necessary consent and confirmed that you can use the data in accordance with this Privacy Statement. If you believe that the personal data has been provided improperly, or if you want to exercise your rights related to your personal data, please contact us with the information in “How to Contact Us”.
2.2Personal Data Collected from Other Sources
We also collect your personal data from other sources, including the public channel. We may associate the data with that you provide, helping us update, expand, and analyze our records, identify new customers, and create more targeted advertisements to provide services that may be of interest to you. The personal data we collect from other sources includes identifiers, major- or employment-related information, educational information, business information, visual information, Internet activity information, and inferences about your preferences and behaviors. In particular, we collect such personal data from the following sources:
To complete the registration of your Neocrm account, you agree that the operator sends a SMS message containing a verification code to your personal mobile phone number.
In order to complete the payment on the Neocrm client, we need your payment account information (including your nickname and account name) from the payment company to bind the Neocrm client to your payment account. In order to protect your legitimate rights and interests, to prevent risks such as frauds and gambling, and to maintain safe and stable operation of Neocrm services and payment-related functions, we need to obtain the user identification information of the payment account you actually use from a third-party payment institution.
3.Cookies & Similar Technologies
Most web browsers automatically accept cookies and you can decide whether to accept cookies through settings. You understand and agree that we may store absolutely necessary cookies that are needed for the operation of this platform, including the cookies that allow you to log in to the secure area of this platform.
4.How We Share & Transfer & Disclose Your Personal Data
4.1How We Share Your Personal Data
- (1)We will not share or transfer your personal data to any third party without your prior authorization or consent, or the personal data shared or transferred has been de-identified and the shared third party cannot re-identify the subject of the personal data.
- We will follow the rules below to share your personal data:
Authorization Rule: We will not share your personal data without your consent, unless the shared data is de-identified and the shared third party cannot re-identify the natural person subject of the data. If the usage purpose of the third party is beyond the scope of the original authorization, the third party will need to obtain your consent again.
Legality & Minimum Necessary Rule: The shared data must be used with a legitimate purpose and be limited to what is necessary to achieve the purpose.
Security & Prudence Rule: We will carefully evaluate the third party’s purpose of using the shared data, conduct a comprehensive assessment of the security capabilities of these partners, and require them to comply with cooperative legal agreements. We will conduct strict security monitoring on the application programming interface (API) through which our partners obtain data to ensure data security.
- Shared Data of Realizing Functions or Services
If you use the services provided by third-party service providers on this platform, they may share some of your data with us. You can check their privacy policies to learn about the data that may be shared with us.
- Verification Services: You agree that the operator will provide us with a SMS verification code based on your personal mobile phone number, otherwise your Neocrm account cannot be registered successfully.
- Payment Service Providers (WeChat Pay): In order to protect your legitimate rights and interests, to prevent frauds, gambling and other risks, and to maintain safe and stable operation of this platform and payment-related functions, we need to obtain the information of the payment account you actually use from third-party service providers.
- Location Service Providers (Amap): We will send your de-identified location information to the location service provider (Amap) to provide you with more accurate location-based services in visits and work orders.
- Subsidiaries and Affiliates: We disclose your personal data to our subsidiaries and affiliates for purposes described in this Privacy Statement. Neocrm is the party responsible for managing the personal data used in common.
- Other Auxiliary Processing Program Supporters: You understand and agree that in order to realize the functions of this platform and the safe and stable operation of applications, we may access the software development kit (SDK) provided by third parties for related purposes.
- Third-Party Business Partners: Neocrm cooperates closely with various business partners to promote or sell products or services. These partners provide their services on our website in some cases. For the above-mentioned purposes, we may disclose your personal data to our partners. Some of our third-party business partners co-sponsor events and other products with us, so when you register for an event or product, we may share your personal data with these co-sponsors to allow our partners to send you marketing information that may be of interest to you as permitted by applicable laws.
- Agents and Service Providers: We sign contracts with other companies and personnel so that they perform tasks on our behalf. We share your personal data with some of them so that they provide you with products or services, or communicate with you in other ways, such as conducting promotions on our behalf. Examples include removing duplicate information from customer lists, analyzing data, providing marketing assistance, conducting billing, processing credit card payments, providing technical supports for our services, providing customer services, and performing analysis related to our products or services. We also provide your personal data to agents and service providers to verify or aggregate the usage data we provide to our partners. When we share your personal data in this way, we require agents or service providers to ensure the privacy, confidentiality, and security of your personal data.
- Neocrm Blog and Social Media Pages: You can also disclose your personal data through websites, message boards, chats, profile pages, blogs, and other services where you can post information and materials. The data can be displayed in a public way, such as through search engines or other publicly available platforms, and can be “captured” or searched by third parties. Please do not post any information you do not want to disclose to the public.
We will only share the data necessary to achieve the purpose with third parties, and you understand and authorize our data sharing behaviors in this case. If a third party really needs to use your personal data for business needs beyond the aforementioned purposes, the third party will need to seek your consent again.
Before cooperating with a third party, we will make commercially reasonable efforts to test its security capabilities, evaluate the legitimate necessity of sharing relevant data with it, sign a confidentiality agreement with it, conduct technical monitoring on its data inquiry and make commercially reasonable efforts to urge it to comply with the confidentiality and security provisions stipulated in laws, regulations, and agreements when using your personal data.
4.2How We Transfer Your Personal Data
With the continuous development of our business, we may carry out mergers, acquisitions, and asset transfers, and your personal data may be transferred in these circumstances. In the event of the aforementioned changes, we will continue to protect or require the successor of the personal data to protect your personal data in accordance with laws, regulations, and security standards not lower than the requirements in this Privacy Statement, otherwise we will require the successor to re-acquire your authorization.
4.3 How We Disclose Your Personal Data
We will not publicly disclose your personal data without your consent. However, in cases where we must provide your personal data, we may disclose it to administrative law enforcement or judicial agencies in accordance with laws, regulations, rules, other normative documents, mandatory administrative law enforcement or judicial requirements based on the type of the personal data requested and the method of disclosure. When we receive a disclosure request, we will require the agencies to provide corresponding legal certification documents under the premise of compliance with laws and regulations. We only provide the data that is used for specific investigation and can be obtained with legitimate rights by the law enforcement or judicial agencies. As permitted by laws and regulations, the documents we disclose are protected by encryption measures.
Please understand that in the following circumstances, according to laws, regulations, and national standards, we do not need your authorization to share, transfer, and publicly disclose your personal data:
- When your personal data is directly related to national security and national defense security;
- When your personal data is directly related to public safety, public health, and major public interests;
- When your personal data is directly related to criminal investigation, prosecution, trial, and execution of judgments;
- In order to protect your or other individuals’ lives, property, and other major legitimate rights and interests, but it is difficult to obtain your consent, except for situations that are expressly prohibited by laws and regulations;
- When your personal data is disclosed to the public on your own;
- When your personal data is collected from legally publicly disclosed information, such as legal news reports, government information, and other channels.
According to the law, it does not belong to data sharing, transfer, or public disclosure behaviors to share and transfer personal data that has been de-identified and to ensure that the data recipient cannot restore and re-identify the subject of the personal data. Therefore, we will not notify you or obtain your consent in these circumstances.
5. Where We Store Your Personal Data
5.1 Storage Location
In accordance with the provisions of laws and regulations, we store your personal data collected and generated in the course of operations in China in the territory of the People’s Republic of China. At present, we will not transfer the above-mentioned data outside of China. If we do, we will follow relevant national regulations or ask for your consent.
5.2 Storage Period
During your use of this platform, we will continue to save your personal data and the retention period will not exceed the period necessary to provide you with services. After you terminate the use of this platform or the corresponding authorization, we will delete or anonymize your personal data after 60 days unless laws and regulations provide otherwise for the retention period of the specific data. If we stop providing the services of this platform, we will delete or anonymize your personal data we hold in accordance with applicable laws within a reasonable period of time.
6. How We Protect Your Personal Data
- We take the security of your personal data very seriously. At present, Neocrm has passed the ISO 27001 information security management system certification. We have established data security system specifications and implemented security technical measures to prevent unauthorized access and modification of your personal data, and to avoid data damage or loss. Our network service adopts encryption technologies such as the transport layer security protocol to ensure the security of your data during transmission in the network.
- We provide strict data processing permission control capabilities to prevent data from being used in violation of regulations, multiple data desensitization capabilities with de-identification technologies such as coding and blocking to enhance the security of your personal data, encryption technologies that are widely used in the industry and we isolate tenants through the data isolation technology.
- Although the reasonable and effective measures above have been taken and the relevant laws and regulations have been complied with, please understand that it is impossible to ensure the absolute data security due to technical limitations and various malicious methods that may exist in the Internet industry even if we do our best. We will try our best to ensure the security of the personal data you provide to us. Please be aware and understand that the system and the communication network you use to access our services may have problems due to factors beyond our control. Therefore, we strongly recommend that you take active measures to protect the security of your personal data, including but not limited to using complex passwords, regularly changing passwords, and not disclosing personal data such as your account or password to others.
- In the event of an incident that endangers network security, we will take corresponding remedial measures in a timely manner in accordance with the emergency plan for network security incidents. If our physical facilities or technical protection measures are damaged, causing your personal data to be leaked, illegally provided or abused and damages to your legitimate rights and interests, we will assume corresponding responsibilities in strict accordance with the provisions of the law.
- When we learn of a personal data security incident in which your personal data has unfortunately been leaked, illegally provided or abused, we will inform you without undue delay in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, our measures taken or to be taken, suggestions that you can prevent and reduce risks on your own, and remedial measures for you, etc. We will inform you of the incident-related situation by means of push notifications on the platform. When it is difficult to inform the subject of the personal data one by one, we will publish an announcement in a reasonable and effective way. At the same time, we will also report the handling of the personal data security incident in accordance with the requirements of the regulatory authorities.
7. Your Rights
7.1 How You Access & Modify Your Personal Data
- The administrator of a company has the right to access, correct, or supplement the information of the company. This can be done in the following way:
Log in to the web terminal of Neocrm and select the basic settings on the system settings page to query and correct the company information, including the company name and other information.
- The individual user of Neocrm has the right to access, correct, or supplement his or her own information. This can be done in the following ways:
- Log in to the web terminal of Neocrm and click Settings > Preferences to query and correct the personal and account-related information such as the name, avatar, mobile phone number, gender, email, WeChat account, QQ account, and Weibo account.
- Log in to the mobile terminal of Neocrm and click Me to query and correct the personal information such as the name, profile picture, and mobile phone number.
- Log in to the mobile terminal of Neocrm and click Me > Online Consultation to obtain the online customer service (8:00-23:00) or click Me > Settings > Contact Us to call the customer service hotline (4000-122-980) or send an email to email@example.com for help to assist you in querying, correcting, or supplementing your information.
7.2 How You Delete Your Personal Data
You can delete part of your information by the methods listed in “How You Access & Modify Your Personal Data”.
In the following situations, you can require us to delete your personal data by contacting our online customer service, calling our customer service hotline (4000-122-980) or sending an email to firstname.lastname@example.org.
- If our handling of your personal data violates laws and regulations;
- If we collect and use your personal data without obtaining your explicit consent;
- If our handling of your personal data seriously violates our agreement with you;
- If you no longer use our products or services, or you voluntarily cancel your account;
- If we no longer provide you with our products or services forever.
If we decide to respond to your deletion request, we will also notify the subjects who have obtained your personal data from us as much as possible at the same time and require them to delete your personal data in a timely manner (unless laws and regulations provide otherwise, or these subjects have independently obtained your authorization).
When you delete or we assist you in deleting your data, we may not be able to delete the corresponding data from the backup system immediately due to applicable laws and security technologies. We will safely store your personal data and not process it any further until it is cleared or anonymized.
7.3 How You Revoke Authorization
You can change the scope of your data authorization except for the data necessary for the normal operation of the platform.
- As a Neocrm customer, you can refuse to receive such emails by selecting “Click Here to Unsubscribe” in the lower right corner of the email.
- You can log in to the mobile terminal of Neocrm and click Me > Settings > Contact Us to contact our customer service representatives to revoke your authorization or change the settings of your smart mobile device to withdraw your authorization on your own.
- The administrators of enterprises/organizations can visit the official homepage of Neocrm (www.xiaoshouyi.com) and log in to Neocrm by entering their accounts and passwords. After successful login, they can click Settings > System Settings to enter the Neocrm background to enable/disable the permission of the enterprise/organization users to use basic applications, third-party applications or manually-created applications of Neocrm.
After you withdraw your authorization, we will no longer process the corresponding personal data and the previous processing of the personal data based on your authorization will not be affected.
7.4 How to Cancel Your Account
When your enterprise/organization cancels the enterprise/organization account, we will cancel your related personal user account and delete or anonymize your personal data in accordance with the requirements of applicable laws.
- If your enterprise/organization is a paying user and the purchased Neocrm products/services expire and have been unavailable for 60 days without any renewal application, we have the right to cancel the enterprise/organization account; if your enterprise/organization is a free user, Neocrm will cancel the account after taking it back in accordance with the “Neocrm Service Agreement”; your enterprise/organization can also call our customer service hotline (4000-122-980, 7*15 hours [8:00-23:00]) or send an email to email@example.com to apply for account cancellation, and we will assist in cancellation of the account.
- You can apply to your organization administrator to cancel your personal account or to cancel your personal account when the account of your organization is canceled.
7.5 How We Respond to Your Requests
To ensure safety, you may need to provide a written request or prove your identity in other ways. Under normal circumstances, we reply to your request within 7 days after receiving and verifying your contact information.
For your reasonable request, we do not charge any fee in principle, but for repeated requests that exceed a reasonable limit, we will charge a certain fee as appropriate. For requests that are unrealistic, not directly related to your identity, unreasonably duplicate, need excessive technical means (for example, developing a new system or fundamentally changing the existing practice), or bring risks to the legitimate rights and interests of others, we may refuse.
8. Updates to This Privacy Statement
In the event of any major change to this Privacy Statement, we will provide a noticeable notice, for example, by posting a notice on this platform. You should check this Privacy Statement regularly to review the changes. We will also update the “Update Date” and “Effective Date” at the top of this Privacy Statement. If you continue to access or use this platform after this Privacy Statement is updated, you are deemed to accept the updated Privacy Statement. If you do not accept the updated Privacy Statement, please stop accessing or using this platform.
9. How to Contact Us
For any questions, comments, or suggestions related to this Privacy Statement, you can call the customer service hotline (4000-122-980, 7*15 hours [8:00-23:00]) or send an email to firstname.lastname@example.org to contact us.
Contact Address: 8th Floor, SK Tower, 6A, Jianguomenwai Street, Chaoyang District, Beijing
Contact Email of the Data Protection Officer/Organization: email@example.com
10. How We Process Children’s Personal Data
Our website is not geared towards children and we do not intend to collect the personal data of children under the age of 14 unless (a) we have obtained the consent of the children’s parents or guardians; (b) an agreement about the collection of the children’s data has been signed; (c) children under the age of 14 come to visit spontaneously or accidentally. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us through the contact information disclosed in this Privacy Statement and we will take measures to remove his or her personal data from our system.
This Privacy Statement may exist in multiple languages. If the terms of different language versions are inconsistent or conflict, the Chinese version shall prevail.