Personal Information Protection and Privacy Policy

This Policy only applies to ZKBio Time products or services (hereinafter referred to ZKBio Time),including ZKBio Time Web Server, ZKBio Time mobile APP.

 

Lastly updated on: March 2022

If you have any question, comment or suggestion, please contact us via the following means:

Email: product.biotime@zkteco.com

 

This Policy will help you to understand the following:

         Personal information collection rules

         How we protect your personal information

         Your rights

         How we handle personal information of minors

         How this Policy is updated

         How to contact us

 

Xiamen ZKTECO CO., LTD. and its affiliates (hereinafter referred to "ZKTeco", or "Company" or "We") understands the importance of personal data and will do everything possible to protect your personal information. We are committed to preserving your trust in us by protecting your personal information based on the following principles: responsibility in accordance with authority, purpose specification, informed consent, minimal necessary, security safeguard, subject participation, openness and transparency, etc. ZKTeco also commits to protect your personal information by implementing appropriate security measures in accordance with industry accepted security standards.

Before using any products (or services), please read this Policy carefully and make sure you have fully understood and agreed to this Policy. By using any products or services, you acknowledge that you have fully understood and agreed to this Policy.

 

Definition

  1. ZKBio Time service

ZKBio Time Services refers to the services provided by the ZKBio Time team including ZKBio Time software and ZKBio Time mobile APP.

 

  1. ZKBio Time service provider

It refers to Xiamen ZKTECO CO., LTD. that develops and provides ZKBio Time products and services, and its affiliates.

  1. ZKBio Time enterprise or organization administrator

It refers to the user with ZKBio Time management platform system operation authorities to manage and utilize ZKBio Time software for and on behalf of the enterprise or organization.

  1. Personal information

It refers to personal information whose disclosure, illegal provision, or misappropriation may endanger the personal property and security, and as well as can cause injury or discrimination to their reputation, physical, or mental health. Personal sensitive information linked to ZKBio Time includes the identity number, mobile phone number, individual biological identifying information, bank account, salary, and information about minors.

  1. Personal information controller

It refers to the organization or individual that has the right to determine the purpose and mode of treatment of the personal information. The personal information controller concerning ZKBio Time service as mentioned herein refers to the enterprise or organization user of ZKBio Time.

  1. Local server

It refers to a company's or organization's computer or device that has ZKBio Time items installed on it. The firm or organization distributes and authorizes access to and use of the local server, which means that the personal information and data kept on the local server is under its control.

 

I            Personal information collection rules

(1) How we collect and use your personal information

We will provide you with ZKBio Time device or software products, interactive displays, search results, identification of account abnormalities, maintaining the normal operation of ZKBio Time, improvement and optimization of your ZKBio Time experience, and safeguarding the security of your account to better satisfy your requirements, including your use of information about ZKBio Time products and services, and connect such information to better satisfy your requirements.

 

  1. Utilization of information

Individual users' information will not be collected. The user information is submitted or generated just to support the normal use of ZKBio Time by the organization or enterprise, and all data is stored only on the user's local server and will be updated and detected with the version management server at the time of mobile activation.

 

  1. Device information

Based on the specific authority you grant during the software installation and utilization process, we will receive and record information about the device you use (such as the device model, operating system version, device configuration, unique device identifier, and other software and hardware features) and the device location (such as IP address, GPS/Beidou location, Wi-Fi access point, Bluetooth, base station, and sensors providing related information).

 

  1. Log information

When you are using the software function or mobile function, the software will record your products usage and saves it as a software log on the user’s local server, including your operation, IP address, type of browsers, date and time of access, approval log and attendance log information.

Note: That single device information and log information could not be used to identify the identity of the specific natural person.

 

(2) How we use Cookies and similar technologies

  1. Cookies

Cookies and similar technologies are widely used in the Internet. To ensure the smooth operation of our website, we will store a small data file named Cookie in your computer or mobile device. A Cookie typically contains identifiers, site names, and some numbers and characters. With the Cookie, our website can store your preference and other data. We will not use Cookies for any other purpose than that specified in this Policy. You may manage the Cookie according to your own preference or delete it. You may choose to delete all Cookies saved in your computer, and most of the web browsers have a feature to block the Cookies. But if you do this, you will need to change the user settings each time you visit our website.

 

  1. Other similar technologies

In addition to Cookies, we will also use other similar technologies such as website beacons and pixel tags on our website to help us understand your preference for products or services and improve our customer service.


(3) How we share, transfer and disclose your personal information

1. Share

Without your explicit consent, we will not share your personal information with any other company, organization or individual.

Your enterprise/organization may share your personal information with an external institution if required by laws and regulations or government authorities.

2. Transfer

We will not transfer your personal information to any other company, organization or individual, except under the following circumstances:

We will transfer with your explicit consent: Your enterprise or organization may transfer your personal information to others with your approval in the event of a merger, acquisition, or dissolution of your business.

3. Public disclosure

We will not disclose your personal information, except for those disclosed by your enterprise or organization under the following circumstances:

a)         With your explicit consent.

b)        Law-based disclosure: We may disclose your personal information in cases where such disclosure is required by laws, legal proceedings, litigation, or government authorities, including in cases:

        Related to personal information controller’s performance of obligations prescribed by laws and regulations;

        Directly related to national security or national defense security;

        Directly related to public safety, public health or vital public interests;

        Directly related to crime investigation, prosecution, trial, and judgment execution;

        Where such disclosure is necessary for protecting the vital legitimate interests such as life and property of the subject of personal information or any other individual while it is difficult to obtain the consent therefrom;

        Where the personal information involved is disclosed to the public by the subject itself;

        Where such disclosure is necessary for signing and performing the contract concerned according to the requirements of the subject of personal information;

        Where the personal information is collected from legally and publicly disclosed information, such as legal news reports and publicized government information;

        Where such disclosure is necessary for maintaining safe and stable operation of the products/services provided, such as identification or disposal of failures of products/services;

        Where the personal information controller is a news agency and such disclosure is necessary for legal news reporting;

        Where the personal information controller is an academic research institute, and such disclosure is necessary for statistics or academic research in the public interest, and the personal information contained in the results of academic research or description provided externally is de-identified.

Note: According to the law, sharing, transferring, or disclosing personal information does not include the scenario in which personal information is de-identified in such a way that the recipient of such information cannot restore the information or re-identify the subject of personal information before it is shared, transferred, or disclosed. As a result, we may store or process such information without notifying you or obtaining your consent.

 

II         How we protect your personal information

Where you select to use ZKBio Time as a ZKBio Time enterprise or organization administrator, we will not collect the information about ZKBio Time function available to the individual users under your ZKBio Time enterprise or organization user. In case of any disclosure of the personal information, please click “Your enterprise”. Related data is collected by your enterprise or organization and stored in the software database. Date controlled by the enterprise may include: 

(1)    Job title, department, office email account and telephone assigned by your enterprise to organization to you as well as the fingerprint features, face features, check-in person's face photo, geographical location, and other personal information that are required for or generated from the attendance, approval, check-in, and log function opened by you to complete the daily activity of the enterprise or organization, as well as the attendance punch information, approval records, log release, agenda and documents.

 

(2)    Other data containing your personal information as submitted by the enterprise or organization users (including job, contact methods and individual identity of the enterprise or organization user)

You understand and agree that the enterprise or organization is the aforesaid enterprise data controller; the enterprise or organization’s opening, management and utilization of the aforesaid services and treatment of your personal information and data are irrelevant to the ZKBio Time team; and the enterprise or organization ensures that they have already obtained prior and express consent of ZKBio Time individual users and only collects the end user information necessarily required for the enterprise business and management and has already fully informed the end user of the data collection purpose and scope and the mode of utilization.

 

(3)    You may provide feedback about ZKBio Time products and services experience during the process of using the products by using the information you gave to us. This will help us better understand your experience and demand for using our products or services and enhance our products or services. For this, you may take the initiative to provide your contact information, questions, or recommendations when submitting product proposals and demands, and we will record your contact information, questions, or suggestions so that we can contact you further to inform our treatment opinions.

 

(4)    When you use the personalized custom-made services, we will collect information in order to provide you with better and more personalized products and services, such as more personalized services with the same experiences on different servers or devices, input recommendation, customer service reception or information release to better satisfy your requirements, understanding about product compatibility, and identification of account abnormality status. We will also collect information about your use of the services based on the function demand, including, but not limited to, information about device, log, and service usage. For instance, when you are implementing certain operation in the process of utilization of ZKBio Time services, we may send a notice to you.

 

(5)    A third party other than us or our partners (hereinafter referred to as the "third party") may send contents or website links to you. We have no control over the third party. You may choose whether to access the links, contents, products, and services provided by the third party. We have no control over the third-party privacy or data protection policies as the third party is not bound by this Policy. Before you submit personal information to the third party, please read its privacy protection policies.


III      Your rights

In accordance with Chinese laws, regulations, standards, and established practices of other countries and jurisdictions, we will protect your rights to:

(1)    Access your personal information

You have the right to access your personal information, unless otherwise provided by laws and regulations. You may access your personal information by: Contact your enterprise/organization administrator.

(2)    Correct your personal information

Upon noticing any of your personal information your enterprise/organization processed is wrong, you have the right to request your enterprise/organization to make corrections. You may submit the request via means listed in Item "(1) Access your personal information".

(3)    Delete your personal information

In the following cases, you may request your enterprise/organization in writing to delete your personal information:

  1. Your enterprise/organization process your personal information in violation of laws and regulations;
  2. Your enterprise/organization collect or use your personal information without your consent;
  3. Your enterprise/organization process personal information in violation of the agreement with you;
  4. You can no longer use our products or services, or you have canceled your account; or
  5. We are no longer providing you with products or services.

In circumstances prescribed by applicable laws, you have the right to revoke your consent to your enterprise/organization’s processing of your personal data at any time. However, the cancellation will have no bearing on the legality and effectiveness of your personal data that your enterprise/organization previously processed with your consent, or other appropriate legitimacy.

(4)    Respond to your request

To safeguard security, you may need to provide a request in writing or otherwise prove your identity. Your enterprise/organization may ask you to provide proof of your identity before processing your request.

Your enterprise/organization may not respond to your request in the following circumstances:

  1. The request is related to personal information controller’s performance of obligations prescribed by laws and regulations;
  2. The request is directly related to national security or national defense security;
  3. The request is directly related to public safety, public health or vital public interests;
  4. The request is directly related to crime investigation, prosecution, trial, and judgment execution;
  5. The personal information controller has sufficient evidence that the subject of personal information is subjectively malicious or abusing his/her rights;
  6. Not responding to the request is for protecting the vital legitimate interests such as life and property of the subject of personal information or any other individual, while it is difficult to obtain the consent therefrom;
  7. Responding to request of the subject of personal information will bring serious damage to the legitimate rights and interests of the subject or any other individual or organization; or
  8. The request involves trade secrets.

 

IV      How we handle personal information of minors

Our products, website and services are mainly designed for adults. Without consent of parents or guardians, minors shall not create their own account. If you are a minor, it is recommended that you ask your parents or guardian to read this Policy carefully, and only use our services or information provided by us with consent of your parents or guardian.

We will only use or disclose personal information of minors collected with their parents' or guardians' consent if and to the extent that such use or disclosure is permitted by law or we have obtained their parents' or guardians' explicit consent, and such use or disclosure is for the purpose of protecting minors.

Upon noticing that we have collected personal information of minors without the prior consent from verifiable parents, we will delete such information as soon as possible.

 

V         How this Policy is updated

Our personal information protection and privacy policy is subject to change from time to time.

Without your explicit consent, we will not cut your rights you are entitled to under this Policy. We will post any change to this Policy on our website.

For major changes, we will also provide a more prominent notification.

Major changes referred to in this Policy include, but are not limited to:

  1. Major changes of our service model, such as change of purpose, type or way of use of personal information;
  2. Major changes in ownership structure or organizational structure, such as changes caused by business adjustment, bankruptcy, merger and acquisition;
  3. Change of the party with which we share user information or to which we transfer or disclose user information;
  4. Major changes in your rights of participating in the handling of personal information or the way you exercise such rights;
  5. Changes of the department responsible for personal information security, or of the contact information or of the channel for filing a complaint;
  6. The user information and safety impact assessment report show the existence of high risks.

We will also archive the previous versions of this Policy for your reference.

 

VI      How to contact us

If you have any question, comment or suggestion about this Policy, please send an email to product.biotime@zkteco.com. Normally, we will reply within 3 days. More contact information is available on our website (http://www.zkteco.com/en/).