I. Information We May Collect
II. How We Collect and Utilize Information
III. Information We May Share, Transfer and Disclose
IV. How We Retain, Store and Protect Information
V. How We Manage Your Information
VI. Third-party Services
VII. Age Limit
VIII. Notice and Amendment
IX. How to Contact Us
I. Information We May Collect(I) Information unrelated to personal identity:
When you use the Services, we may collect and summarize such information as the sources and access sequence of users. For example, we may record the source and browser software of each user of the Services.
(II) Information about personal identity:
When you use the Services, we may collect and summarize or request you to provide information about personal identity, such as those about identity (including ID card, passport, driver's license, age, gender, telephone number, etc.); property (your transaction records, balance, coupons, medical care information, bank card information, etc. in AIER Eye Hospital); health (including chief complaint, past medical history, examination results, medical images, etc.).
We collect your information so that you and other users can use the Services more easily and satisfactorily. Our goal is to provide safe and effective diagnosis and treatment services to all Internet users, and such information will help us achieve this goal.
Note that if you disclose your personal information in information uploaded to or posted in a public domain visible to other users in the Services, and in your responses to information uploaded or posted by others, such information may be collected and used by others. If you discover that your information or information of others are improperly collected or used by our users, please contact our Customer Service.
II. How We Collect and Utilize Information(I) We will collect and obtain your information through the following channels:
1. Information you provided, such as:
(1) information you provide to us when using the Services;
(2) shared information you provide to other parties through the Services, and the information you store when using the Services.
2. Your information shared by other parties, namely, shared information about you provided by other parties when using the Services.
3. Your information we obtained, namely, those we collected, summarized and recorded when you use the Services, such as name, age, telephone number.
(II) We will collect and utilize your information for the following purposes:
1. Providing you with goods or services
The information we collect and utilize are necessary for providing you with services. Without relevant information, we will not be able to provide the core content of services. For example:
(1) In some services, in order to facilitate the delivery of goods or services to you, you need to provide personal information such as the name, postal address, postal code, contact number, payment status and other information of the consignee or acceptor. Besides, according to the laws, regulations and policies related to the services for real-name authentication, we may forward such information to the third parties who are cooperating with us for real-name authentication. If you refuse to provide such information or refuse real-name authentication, we will not be able to complete the delivery of relevant services. If you order goods or services for others through the Services, you need to provide the aforementioned information of the orderer. Before providing such information of the orderer, you need to ensure that you have obtained his/her authorization/consent.
(2) In order to show the order information of your account, we will collect the order information generated during your use of the Services for the purposes of showing and facilitating your order management;
(3) When you contact us, we may keep your communication/call records and contents or your contact information, so as to contact you or help you solve problems, or record the solutions of related problems and results of handling.
(4) In order to confirm the transaction status and provide you with after-sales and dispute resolution services, we will collect your transaction, payment and logistics information related to the transaction progress through the transaction objects, payment institutions and logistics companies you selected for the transaction, or share your transaction information with the above service providers.
2. Pushing messages to you
(1) Show and push goods or services to you. We may use your information, your browsing and search records, equipment information, location information and order information in our platform, extract your browsing, search preferences, behavior habits, location information and other features, and send you marketing information by email, SMS or other means based on the feature tags to provide or promote the following goods and services of AIER Eye Hospital or third parties:
Our goods and services include but are not limited to: instant messaging services, online media services, interactive entertainment services, social networking services, payment services, application software and services, entertainment, online medical services, e-commerce, information and communication software and services (“Internet services”); and third-party goods and services, including but not limited to: Internet services, books, points and reward programs, and other goods and services that we think may be related to you.
(2) Send notices to you. We may send you service-related notices when necessary (for example, when we suspend, change, or terminate the provision of individual services due to system maintenance).
If you do not wish to continue to receive our messages, you can request a stop of pushing through our Customer Service, except as required by law or stipulated in the agreement of individual services.
3. Providing you with security
In order to ensure the authenticity of your identity and provide you with better security, you can provide us with sensitive personal information such as identification, facial features and other biometric information to complete real-name authentication.
In addition to authentication, we may utilize your information for customer service, security, fraud detection, archiving and backup to ensure the security of our services to you; we may use or integrate your information we collect and the information shared by our partners with your authorization or according to law to make comprehensive judgment on your account and transaction risks, verify your identity, detect and prevent security events, and take necessary measures of recording, auditing, analysis and handling according to law.
4. Improving our services
We may use the information collected through a service for our other services. For example, your information collected when you use a service may be used to provide you with specific content or show you information (not generally pushed) related to you in another service; we may ask you to participate in the survey of related services to help us improve existing services or design new services; and we may utilize your information for software updates.
You understand and agree that after collecting your information, we will de-identify the data by technical means, and such de-identified information are not personally identifiable. In such case, we reserve the right to utilize the de-identified information to analyze the user database and use it for commercial purposes.
5. Exceptions to authorization/consent
According to relevant laws and regulations, your authorization/consent is not required for collecting your information if such information is:
(1) related to national security and national defense security;
(2) related to public safety, public health and major public interests;
(3) related to crime detection, prosecution, trial and execution of judgment;
(4) necessary for the safeguarding of major legitimate rights and interests such as the life and property of the subject of information or other individuals but it is difficult to obtain your own consent;
(5) disclosed to the public by yourself;
(6) collected from publicly disclosed legal information, such as legitimate news reports, government information disclosure and other channels;
(7) necessary for contract signing according to your requirements;
(8) necessary for maintaining the safe and stable operation of Services, such as finding and handling failures of products or services;
(9) necessary for legitimate news reports;
(10) necessary for statistical or academic research by institutions for academic research based on public interests and de-identified in the disclosed findings of academic research or description;
(11) other information stipulated by laws and regulations.
III. Information We May Share, Transfer and Disclose(I) Sharing
We will not share your information with any third party other than AIER Eye Hospital without your consent except under the following circumstances:
1. Provide you with our services. We may share your information with our partners and other third parties to realize the core functions or provide services you need, for example, we may provide corresponding order information to logistics service providers;
2. Maintain and improve our services. We may share your information with our partners and other third parties, such as communication service providers that send emails or push notifications on our behalf, to help us provide you with more targeted and perfect services;
5. Share your information with third parties such as partners that delegate the promotion to us, however, we will only provide these clients with information on the coverage and effectiveness of promotion, and will not provide your identity information, such as name, telephone number or email; or we will summarize such information so that they will not be personally identifiable. For example, we can tell clients how many people have read their promotional information or purchased their products after reading such information, or provide them with statistics that are not personally identifiable to help them understand their audience or customers.
6. We undertake not to rent out, sell or provide user information to third parties for other purposes than performing the Services. A consent will be sought from users for sharing their information with third parties.
7. Assist in resolving disputes or controversies between you and others according to your legitimate needs;
8. Provide your information upon the legal demand of your guardian;
9. Provide it according to the agreement of individual services with you (including the signed electronic agreement and corresponding platform rules) or other legal instruments;
10. Provide it for academic research;
11. Provide it for the public interests in accordance with laws and regulations.
2. After obtaining your explicit consent, we will transfer your information to other parties.
We will only disclose your information under the following circumstances and on the premise of taking security measures in line with industry standards:
1. Disclose the information you specify according to your needs in a manner that you explicitly permit;
2. If disclosure is required by laws and regulations, compulsory administrative enforcement of law or judicial requirements, we may disclose your information according to the specified type of information and way of disclosure. Subject to compliance with laws and regulations, upon receipt of a request for disclosure of information, we will request corresponding legal instruments from the recipient, such as subpoena or investigation letter. We firmly believe that the information we are required to provide should be as transparent as possible to the extent permitted by law. All requests are carefully reviewed to ensure that they are legitimate and limited to data which law enforcement agencies have legitimate right to have access to for purposes of specific investigations.
Information collected and generated during our operations in the People's Republic of China are stored within the territory of China.
We will take the following measures to protect your information:
(I) Technical measures for data security
We will take security measures in line with industry standards, including establishing reasonable system specifications and safety technologies to prevent unauthorized access to, use, modification, corruption or loss of your information. A variety of encryption techniques are used in online services, such as SSL used in some services that protects and encrypts your information, and isolation techniques that isolate your information. When information is used for display and correlation calculation, various data mask technologies are employed to improve the security of information in use. Strict data access control and multiple identity authentication technology are adopted to protect information and avoid illegal use of data.
(II) Other security measures taken to protect information
We manage and standardize the storage and utilization of information by establishing data classification system, data security management standard and data security development standard.
We have overall control over data security through confidentiality agreements with those having access to information, and monitoring and auditing mechanisms.
Strengthen safety awareness. We will provide training courses of security and privacy protection to enhance employees' awareness of the importance of information protection.
(III) We limit access to your information to our employees and partners who need to know, and establish a strict access control and monitoring mechanism. We require all personnel who may have access to your information to fulfill the corresponding confidentiality obligations. Failure to fulfill these obligations may lead to legal liability or suspension of cooperation with AIER Eye Hospital.
(IV) We will take all reasonable and feasible measures to ensure that no irrelevant information is collected.
(V) No Internet environment is completely safe, and we are not sure about the encryption of communications with other users by e-mail, instant messaging, social software or other service software. Therefore, we recommend that you use complex passwords when using such tools, and pay attention to the security of your information.
(VI) No Internet environment is completely safe, and we will try our best to ensure or guarantee the security of any information you send to us. If our physical, technical, or management protection facilities are damaged, resulting in unauthorized access to, public disclosure, tampering, or destruction of such information, causing damage to your legitimate rights and interests, we will bear legal responsibilities therefor.
(VII) Handling of security events
When communicating with third parties through the Services or purchasing goods and services, it is inevitable that you will disclose your information, such as contact information or postal address, to counterparties or potential counterparties. Please protect your information properly and do not provide it to others unless absolutely necessary.
In order to deal with possible risks such as information leakage, corruption and loss, we have a number of systems to clarify the classification standards and handling procedures of security events and vulnerabilities, and we also have formed a special emergency response team for security events. According to the handling standards of security events, we have initiated security preparedness for different security events, carried out loss stop, analysis and positioning, developed remedies, and cooperated with relevant departments for traceability and fighting violations.
When a security event occurs, we will timely inform you according to the laws and regulations about the basic information and possible impact, the measures we have taken or will take, the recommendations that you prevent and reduce risks by yourself, and remedies taken for you. Moreover, we will timely inform you of the relevant information by mail, letter, telephone calls, notifications, etc. When it is difficult to inform the subjects of information one by one, we will issue an announcement in a reasonable and effective manner, and we will take the initiative to report the handling of security events according to the requirements of regulatory authorities.
Please understand that we cannot ensure absolute security of information due to the limitation of technology and risk prevention even if security measures are strengthened as much as possible. You need to understand that there may be problems in the systems and communication networks you use to access the Services under circumstances beyond our control.
V. How We Manage Your Information(I) Access, updates and deletion
We encourage you to update and modify your information to make it more accurate and effective. You can access your information through the Services, and modify, supplement and delete it by yourself or ask us according to the management of the corresponding information. We will take appropriate technical measures to ensure that you can access, update and correct your information or other information provided when using the Services wherever possible.
For accessing, updating, correcting and deleting such information, you may be required to make authentication to ensure information security.To search, modify or delete some of your information, please follow the specific instructions for individual services.
(II) Publicity and sharing
Many of our services allow public sharing of your relevant information not only with your social network, but also with all users that use the Services, such as the information you upload or post in the Services, your responses to information uploaded or posted by others, your personal information uploaded or posted by e-mail or in a public domain of the service that is visible not to a specific user, and location data and log information related to such information. The relevant information you disclose or share may remain in the public domain as long as you do not delete it; even if you delete the shared information, the relevant information may still be independently cached, copied or stored by other users or third parties not under our control, or kept in the public domain by other users or such third parties. We do not accept responsibility for any leakage caused by your disclosure or sharing of your information through the above channels. Therefore, we remind and recommend that you carefully consider whether to disclose or share your information through the above channels.
Your service account may be cancelled or deleted if the conditions of the agreement of our individual services and relevant national laws and regulations are satisfied. When an account is cancelled or deleted, all of service information and data related to it under the individual services will be deleted or processed according to the agreement of the individual services.
(IV) Changes to the scope of your authorization/consent
You can always choose whether to disclose information or not. Some information are necessary for use of the Services, but other information are mostly provided at your discretion. You can change the scope of your authorization for our collection of information or withdraw your authorization by deleting information, turning off device functions, etc.
When you withdraw your authorization, we cannot continue to provide you with the corresponding services, and we will no longer process your corresponding information. However, your decision to withdraw the authorization will not affect the previous processing of information based on your authorization.
(V) Tips on sensitive information
Some information may be considered sensitive because of particularity, such as your race, religion, health and medical information, as well as identity documents, personal biometric information, property information, whereabouts, minors' information.
Please note that the content and information you provide, upload or post in the Services (such as photos or details about your social activities) may reveal your sensitive information. You need to carefully consider whether to disclose your sensitive information through the Services.
VI. Third-party ServicesServices may link to social media or other services (including websites or other forms of services) provided by third parties, including:
(1) You can share some details to the Services using the “Share” button, or log on to the Services using the third-party service. These features may collect your information;
(2) We provide you with links through advertisements or other means of our services, so that you can access third-party services or websites;
(3) Other access to third-party services.
VII. Age LimitWe recommend that minors engaged in online activities seek the prior consent of their parents or their legal guardians (hereinafter referred to as “guardians”). We will protect the relevant information of minors according to relevant national laws and regulations.
We may issue service-related announcements when necessary (for example, when we suspend a service due to system maintenance). You may not be able to cancel these service-related announcements that are not for promotion purpose.
Furthermore, you must keep your account and password confidential, and keep them properly under any circumstances.
Policy on Privacy Protection and Utilization of Personal Information of Users of Online Medical Services
According to the relevant provisions of the Interim Measures for the Administration of Online Medical Services and the Essential Provisions of Formative Agreement of Online Medical Services (hereinafter referred to as the “Essential Provisions”) promulgated by the Ministry of Culture, this policy is formulated to protect the privacy rights of users of online medical services (hereinafter referred to as “users”) and standardize the utilization of personal information of these users. Please read all of the following content carefully. If you disagree with any part of it, do not use the Services. Your access to the program indicates that you have reached an agreement with AIER Eye Hospital and voluntarily accept all content of this policy. Thereafter, you may not conduct any form of defense by not reading this policy.
Respecting the users' personal privacy is a basic policy of AIER Eye Hospital. “Privacy” refers to the personal identity information collecting by AIER Eye Hospital when you use and accept the products and services provided by AIER Eye Hospital, including but not limited to the name, valid ID, contact number, home address. We adopt reasonable measures of technology and management to ensure the security and effectiveness of user accounts, and we will utilize the collected information in good faith, take various effective and necessary measures to protect your privacy, and use commercially reasonable technical security measures to prevent unauthorized access, use or disclosure of your privacy.
For the sake of business, we need to share necessary user information with our affiliates and third parties, and we and our affiliates undertake to utilize user information in good faith. We will not disclose such personal identity information as name, valid ID card number, contact information and home address to or share the same with any other party than our affiliates unless:
(1) authorized by users or their guardians;
(2) required by relevant laws;
(3) required by judicial or administrative organs based on legal procedures;
(4) for filing a lawsuit or arbitration against users in order to safeguard our legitimate rights and interests;
(5) legally required by guardians of users;
(6) for providing the necessary information of the user and the appointed agent to the third party for the purpose of providing services to the user.