"OpenDataLab" Personal Information Protection Policy

 

Effective Date [2022/3/17]

Updated [2022/8/16]

 

Dear user

Thank you for using "OpenDataLab" (hereinafter referred to as "this platform" or "OpenDataLab")!

"OpenDataLab" is a platform operated by Shanghai Artificial Intelligence Innovation Center (hereinafter referred to as "Lab" or "We"). We are fully aware of the importance of personal information to you and will do our best to protect your personal information security. We will protect your personal information in accordance with the requirements of national laws and regulations, in accordance with the principles of consistent rights and responsibilities, clear purpose, consent of choice, minimum availability, openness and transparency, ensuring security, and subject participation.

In order to help you understand what personal information we have collected from you through OpenDataLab, and how we use, save, share and transfer this information when you use OpenDataLab, we hereby formulate the "OpenDataLab" Personal Information Protection Policy (hereinafter referred to as the "Policy"). Please read this policy carefully, especially the bold and underlined contents.

If you have any questions, comments or suggestions, you can contact us through the contact information in Section XI of this policy.

This policy will help you understand the following:

一、  Scope of application of this policy

二、  How we collect and use your personal information

三、  Exceptions to obtaining authorization

四、  How do we use cookie and other similar technologies

五、  How we store your personal information

六、  How do we share, transfer and publicly disclose your personal information

七、  How we protect your personal information

八、  Your rights

九、  How we deal with children's personal information

十、  Changes and amendments to this policy

十一、         How to contact us

十二、         Effectiveness of this policy

 

1、 Scope of application of this policy

This policy applies to the services we provide to you through OpenDataLab.

It should be noted that this policy does not apply to services provided to you by other third parties, such as third-party services or websites that you link to through OpenDataLab. You understand that these services are provided to you independently by a third party, who will be solely responsible for your personal information processing in accordance with its policies or user agreements.

The "OpenDataLab" Personal Information Protection Policy "is a general privacy clause uniformly applicable to the laboratory, and the user rights and information security measures specified therein are applicable to all platform users. In case of any inconsistency or contradiction between the "OpenDataLab" Personal Information Protection Policy "and this policy, this policy shall prevail.

2、 How we collect and use your personal information

Personal information: refers to all kinds of information recorded electronically or in other ways that can identify the identity of a specific natural person or reflect the activities of a specific natural person, either alone or in combination with other information. This policy includes mobile phone number, email address, third-party account number and password. If the collection of other information is involved, the personal information protection policy of each sub platform shall prevail.

When you use OpenDataLab, we will collect and use the personal information necessary for providing relevant services in the following ways:; If you do not use this function, we will not collect the corresponding information.

  1. Guarantee the normal provision of services

In order to ensure the normal operation of equipment and applications, as well as the security of your information, we will collect your IP address. This information is the basic information we must collect to provide services and ensure the normal operation of products. It is used to adapt equipment and applications and upgrade equipment and applications.

  1. Use our products and services

In order to register as an "OpenDataLab" user, in addition to the information collected by the "OpenDataLab" personal center, we may need to collect your mobile phone number, email address, third-party account and password to register and create an "OpenDataLab" account. The purpose of creating an account is to bind user information when collecting and downloading data sets, and to use related functions normally. If you do not provide the above information, you will not be able to use such services. If you only need to browse and understand OpenDataLab, you do not need to register an account and provide the above information.

 

3、 Exceptions to obtaining authorization

According to relevant laws and regulations, the collection and use of your personal information under the following circumstances do not require your authorization:

  1. Related to our obligations under laws and regulations;
  2. Related to national security and national defense security;
  3. Related to public safety, public health and major public interests;
  4. Those related to criminal investigation, prosecution, trial and execution of judgments;
  5. It is difficult to obtain your own consent in order to protect the life, property and other major legitimate rights and interests of the personal information subject or other individuals;
  6. The personal information collected is disclosed to the public by yourself;
  7. Collect personal information from legally disclosed information, such as legal news reports, government information disclosure and other channels;
  8. It is necessary to maintain the safe and stable operation of the products or services provided, such as finding and handling the failures of products or services;
  9. Academic research institutions are necessary to carry out statistics or academic research based on the public interest, and conduct de identification of the personal information contained in the results when providing academic research or described results;
  10. Other circumstances stipulated by laws, regulations or national standards.

 

4、 How do we use cookie and other similar technologies

Cookies are small pieces of data (text files) that we let the browser store on your device (such as a computer or smartphone) to record your login status information or your device information, so that you do not need to log in again when you visit again. The "similar technology" related to the general term "cookies" also includes local objects (sometimes referred to as flash cookies), web beacons, pixel tags, browser fingerprint technology or any technology that stores or accesses information on a user's device. This information usually does not allow us to identify you, but it can provide a better user experience when you visit the website (including our website).

 

5、 How we store your personal information

The personal information we collect and generate in the People's Republic of China will be stored in the People's Republic of China.

We will only retain your personal information for the period required to achieve the purposes described in this policy, unless there is a mandatory retention requirement by law. We judge the storage life of personal information mainly by referring to the following standards, and the longer one shall prevail:

  1. Complete the business functions you agree to use;
  2. The longer retention period agreed by you;
  3. Whether there are other special agreements on the retention period.

After the retention period expires, we will delete your personal information or anonymize it according to the requirements of applicable laws.

If we stop operating "OpenDataLab" and related services, we will stop collecting your personal information in a timely manner and give a notice of stopping operation in the form of announcement. At the same time, delete or anonymize the personal information stored by us.

Note: Anonymization refers to the process of making the personal information subject unable to be identified or associated through the technical processing of personal information, and the processed information cannot be restored. According to relevant laws, regulations and national standards, information that has been anonymized does not belong to personal information.

 

6、 How do we share, transfer and publicly disclose your personal information

(一)     share

We will not share your personal information with any company, organization or individual, except for the following circumstances:

  1. With your express consent, we will share your personal information with other parties;
  2. We may share your personal information according to laws and regulations, litigation dispute resolution needs, or requirements of administrative and judicial authorities according to law;
  3. To the extent permitted by laws and regulations, it is necessary to share your personal information in order to protect our or the public's interests, property or security from damage.

(二)     transfer the possession of

We will not transfer your personal information to any other company, organization or individual, except for the following circumstances:

  1. Obtain your explicit consent or authorization in advance;
  2. Provide according to applicable laws and regulations, requirements of legal procedures, mandatory administrative or judicial requirements;
  3. Comply with relevant agreements signed with you (including electronic agreements signed online and corresponding platform rules) or other legal documents.

(3) Public disclosure

We will only publicly disclose your personal information under the following circumstances:

  1. With your explicit consent;
  2. Law based disclosure: We may publicly disclose your personal information under the mandatory requirements of laws, legal procedures, lawsuits or government authorities.

 

7、 How we protect your personal information

We attach great importance to the security of your personal information, and have taken security measures that comply with industry standards to protect the personal information you provide, to prevent unauthorized access, public disclosure, use, modification, damage or loss of data. We will take all reasonable and feasible measures to protect your personal information.

  1. OpenDataLab has set up a special person in charge of personal information protection, who is responsible for handling various affairs that may involve users' personal information in laboratory technology related products and services, as well as planning and formulating laboratory policies.
  2. In accordance with the requirements of information security level protection, we have formulated the overall policy and security strategy of information security, and established a security management system covering host, data, application, management and other levels.
  3. We will encrypt the transmission and storage of identifiable personal sensitive information. The encryption strength meets the security requirements to ensure the confidentiality of data. Our application system provides such functions as identity authentication, user identity uniqueness check, role-based access control, etc. It uses HTTPS security protocol for communication, sets the maximum number of concurrent session connections, and can monitor and alarm when the system service level drops to a predetermined minimum. We deploy an access control mechanism on the server side, adopt the principle of least sufficient authorization for staff who may have access to your personal information, and regularly check the list of visitors and access records.
  4. Our server systems for storing users' personal information are all security hardened operating systems. We will audit and monitor the account of the server operation.
  5. We regularly hold training on laws and regulations related to personal information protection for staff to enhance their awareness of personal privacy protection.
  6. We have formulated an emergency plan for network security incidents and allocated sufficient resources to ensure the implementation of the emergency plan. We have conducted training and emergency drills on the emergency plan every year. If our physical, technical or management protective measures are unfortunately damaged, we will launch the emergency plan in time to prevent the expansion of security incidents, report to the national competent authority according to the requirements of laws and regulations, and timely take reasonable and effective ways such as pushing and announcement to inform you of the basic situation of security incidents, possible impact, measures taken or to be taken.

 

8、 Your rights

During your use of OpenDataLab, you can access and manage your personal information in the following ways:

(1) Access and correct your personal information

You have the right to query, correct or supplement your information. You can do it yourself in the following ways:

Log in to "OpenDataLab", and you can query your personal registration information by operating the "Personal Center";

Log in to "OpenDataLab" and correct your mobile phone number, email address, third-party account and password by operating the "Personal Center";

You can also contact us through the contact information in Section XI of this policy for access and correction.

(2) Delete your personal information

You can request us to delete your personal information when:

  1. We collected your personal information illegally without asking for your consent;
  2. Our handling of your personal information violates the requirements of laws and regulations;
  3. We violated the agreement with you to use and process your personal information;
  4. You no longer use our products or services;
  5. We stop serving you.

You can contact us to delete your personal information in the way provided in Section XI of this policy, and we will reply within 15 working days. When we delete your personal information from the server, we may not delete the corresponding data from the backup system immediately, but we will delete the information when the backup is updated. Please note that if it is technically difficult to delete your personal information, we will also stop processing your personal information in a timely manner.

(3) Withdraw your authorization consent

Each business function requires some basic personal information to complete. For other personal information that you actively provide, you can give or withdraw your authorization consent at any time. Your withdrawal of consent will not affect our previous processing of your personal information, but we will not continue to process your personal information. You can contact us through the contact information in Section XI below to change the scope of your authorization.

(4) Account cancellation

You can contact us to cancel your account at any time through the contact information in Section XI below.

(5) Get a copy of your personal information

You can contact us to obtain a copy of your personal information through the contact information in Section XI below.

 

9、 How we deal with children's personal information

We attach great importance to the protection of minors' personal information.

According to relevant laws and regulations, if you are a minor under the age of 18, you should obtain the consent of your parent or legal guardian before using OpenDataLab's services.

According to relevant laws and regulations, if you are a child under the age of 14, you should obtain the consent of your parents or legal guardians in advance according to the registration and use procedures before using the relevant products or services, and your parents or legal guardians should help you complete the product or service registration process, so that you can use the products or services provided by us.

In the case of collecting children's personal information with the consent of parents, we will only use or publicly disclose this information when it is permitted by law, explicitly agreed by parents or guardians, or necessary to protect children.

If we find that we have collected children's personal information without the prior consent of verifiable parents, we will try to delete relevant data as soon as possible.

 

10、 Changes and amendments to this policy

Our personal information protection policy may change. Without your explicit consent, we will not limit your rights under this policy.

For major changes to this policy, we will provide significant notice. You can also browse "OpenDataLab" at any time to view the latest policies.

Major changes referred to in this policy include but are not limited to:

  1. Our service model has undergone significant changes. For example, the purpose of processing personal information, the type of processing personal information, and the use mode of personal information;
  2. Significant changes have taken place in our control rights and other aspects. For example, changes in owners caused by mergers and acquisitions;
  3. The main objects of personal information sharing, transfer or public disclosure have changed;
  4. Your right to participate in personal information processing and the way you exercise it have changed significantly;
  5. When the responsible department, contact information and complaint channel for handling personal information security change;
  6. When the personal information security impact assessment report indicates that there is a high risk.

If you continue to use our products and services after such changes and revisions, it will be deemed that you agree to the changes and revisions of this policy.

 

11、 How to contact us

Shanghai Artificial Intelligence Innovation Center is the operator of "OpenDataLab" and the controller of your personal information. Its registered and contact address is 37/F and 38/F, No. 701 Yunjin Road, Xuhui District, Shanghai. If you have any questions, comments, suggestions or complaints about our policies and the handling of your personal information, please send an email to OpenDataLab@pjlab.org.cn Contact us. In general, we will reply to your request within 15 working days.

Please understand that the processing time for user requests may be longer than the above time limit due to reasons such as material review, business verification and operation process. If you are not satisfied with our reply, especially our personal information processing has damaged the legitimate rights and interests of users, you can also complain or report to the relevant regulatory authorities where we are located; Or file a lawsuit to the court with jurisdiction where we are located. We hope that users can have friendly consultations with us before filing complaints or prosecutions with the government or the court, and welcome and thank users for their supervision and suggestions.

 

12、 Effectiveness of this policy

This policy version is updated on March 11, 2022 and will take effect on March 17, 2022.

1 / 2