privacy policy
NOTE
Welcome to use and accept the products and services (hereinafter collectively referred to as the “Services”) provided by AIER Eye Hospital Group Co., Ltd. and its affiliates (hereinafter referred to as “AIER Eye Hospital” or “We”). When you use the Services, we may collect and utilize your relevant information. We undertake to protect the privacy of users of our products and services (hereinafter referred to as “users” or “you”).This Privacy Policy applies to all of our services. When you use any of our individual services, you agree to accept the protection provided by this Privacy Policy and particular provisions of our privacy information policy in this individual service (hereinafter referred to as “particular provisions”), in which case you are bound by the particular provisions and the provisions of this Privacy Policy. For example, users of the Services are subject to this Privacy Policy and the Policy on Privacy Protection and Utilization of Personal Information of Users of Online Medical Services (see Appendix). In the event of any discrepancy between the particular provisions and the provisions of this Privacy Policy, the former shall prevail within its scope. In case that this Privacy Policy does not apply to any of our individual services, the application of this Privacy Policy will be expressly excluded from the service in an appropriate manner.
We will check this Privacy Policy from time to time, so the relevant measures will change accordingly. We adjure you to visit this page regularly to ensure that you remain informed about the latest version of this Privacy Policy. If you have any questions about this Privacy Policy or related matters after reading it, please contact our Customer Service.
Your use or continual use of the Services indicates that you agree to our collection, utilization, storage and sharing of your information in accordance with this Privacy Policy.
Contents
I. Information We May Collect
II. How We Collect and Utilize Information
III. Information We May Share, Transfer and Disclose
IV. How We Retain, Store and Protect Information
V. How We Manage Your Information
VI. Third-party Services
VII. Age Limit
VIII. Notice and Amendment
IX. How to Contact Us
I. Information We May Collect
(I) Information unrelated to personal identity:When you use the Services, we may collect and summarize such information as the sources and access sequence of users. For example, we may record the source and browser software of each user of the Services.
(II) Information about personal identity:
When you use the Services, we may collect and summarize or request you to provide information about personal identity, such as those about identity (including ID card, passport, driver's license, age, gender, telephone number, etc.); property (your transaction records, balance, coupons, medical care information, bank card information, etc. in AIER Eye Hospital); health (including chief complaint, past medical history, examination results, medical images, etc.).
We collect your information so that you and other users can use the Services more easily and satisfactorily. Our goal is to provide safe and effective diagnosis and treatment services to all Internet users, and such information will help us achieve this goal.
Note that if you disclose your personal information in information uploaded to or posted in a public domain visible to other users in the Services, and in your responses to information uploaded or posted by others, such information may be collected and used by others. If you discover that your information or information of others are improperly collected or used by our users, please contact our Customer Service.
II. How We Collect and Utilize Information
(I) We will collect and obtain your information through the following channels:1. Information you provided, such as:
(1) information you provide to us when using the Services;
(2) shared information you provide to other parties through the Services, and the information you store when using the Services.
2. Your information shared by other parties, namely, shared information about you provided by other parties when using the Services.
3. Your information we obtained, namely, those we collected, summarized and recorded when you use the Services, such as name, age, telephone number.
(II) We will collect and utilize your information for the following purposes:
1. Providing you with goods or services
The information we collect and utilize are necessary for providing you with services. Without relevant information, we will not be able to provide the core content of services. For example:
(1) In some services, in order to facilitate the delivery of goods or services to you, you need to provide personal information such as the name, postal address, postal code, contact number, payment status and other information of the consignee or acceptor. Besides, according to the laws, regulations and policies related to the services for real-name authentication, we may forward such information to the third parties who are cooperating with us for real-name authentication. If you refuse to provide such information or refuse real-name authentication, we will not be able to complete the delivery of relevant services. If you order goods or services for others through the Services, you need to provide the aforementioned information of the orderer. Before providing such information of the orderer, you need to ensure that you have obtained his/her authorization/consent.
(2) In order to show the order information of your account, we will collect the order information generated during your use of the Services for the purposes of showing and facilitating your order management;
(3) When you contact us, we may keep your communication/call records and contents or your contact information, so as to contact you or help you solve problems, or record the solutions of related problems and results of handling.
(4) In order to confirm the transaction status and provide you with after-sales and dispute resolution services, we will collect your transaction, payment and logistics information related to the transaction progress through the transaction objects, payment institutions and logistics companies you selected for the transaction, or share your transaction information with the above service providers.
2. Pushing messages to you
(1) Show and push goods or services to you. We may use your information, your browsing and search records, equipment information, location information and order information in our platform, extract your browsing, search preferences, behavior habits, location information and other features, and send you marketing information by email, SMS or other means based on the feature tags to provide or promote the following goods and services of AIER Eye Hospital or third parties:
Our goods and services include but are not limited to: instant messaging services, online media services, interactive entertainment services, social networking services, payment services, application software and services, entertainment, online medical services, e-commerce, information and communication software and services (“Internet services”); and third-party goods and services, including but not limited to: Internet services, books, points and reward programs, and other goods and services that we think may be related to you.
(2) Send notices to you. We may send you service-related notices when necessary (for example, when we suspend, change, or terminate the provision of individual services due to system maintenance).
If you do not wish to continue to receive our messages, you can request a stop of pushing through our Customer Service, except as required by law or stipulated in the agreement of individual services.
3. Providing you with security
In order to ensure the authenticity of your identity and provide you with better security, you can provide us with sensitive personal information such as identification, facial features and other biometric information to complete real-name authentication.
In addition to authentication, we may utilize your information for customer service, security, fraud detection, archiving and backup to ensure the security of our services to you; we may use or integrate your information we collect and the information shared by our partners with your authorization or according to law to make comprehensive judgment on your account and transaction risks, verify your identity, detect and prevent security events, and take necessary measures of recording, auditing, analysis and handling according to law.
4. Improving our services
We may use the information collected through a service for our other services. For example, your information collected when you use a service may be used to provide you with specific content or show you information (not generally pushed) related to you in another service; we may ask you to participate in the survey of related services to help us improve existing services or design new services; and we may utilize your information for software updates.
You understand and agree that after collecting your information, we will de-identify the data by technical means, and such de-identified information are not personally identifiable. In such case, we reserve the right to utilize the de-identified information to analyze the user database and use it for commercial purposes.
Your prior consent will be sought if your information is used for purposes not specified in this Privacy Policy.
5. Exceptions to authorization/consent
According to relevant laws and regulations, your authorization/consent is not required for collecting your information if such information is:
(1) related to national security and national defense security;
(2) related to public safety, public health and major public interests;
(3) related to crime detection, prosecution, trial and execution of judgment;
(4) necessary for the safeguarding of major legitimate rights and interests such as the life and property of the subject of information or other individuals but it is difficult to obtain your own consent;
(5) disclosed to the public by yourself;
(6) collected from publicly disclosed legal information, such as legitimate news reports, government information disclosure and other channels;
(7) necessary for contract signing according to your requirements;
(8) necessary for maintaining the safe and stable operation of Services, such as finding and handling failures of products or services;
(9) necessary for legitimate news reports;
(10) necessary for statistical or academic research by institutions for academic research based on public interests and de-identified in the disclosed findings of academic research or description;
(11) other information stipulated by laws and regulations.
III. Information We May Share, Transfer and Disclose
(I) SharingWe will not share your information with any third party other than AIER Eye Hospital without your consent except under the following circumstances:
1. Provide you with our services. We may share your information with our partners and other third parties to realize the core functions or provide services you need, for example, we may provide corresponding order information to logistics service providers;
2. Maintain and improve our services. We may share your information with our partners and other third parties, such as communication service providers that send emails or push notifications on our behalf, to help us provide you with more targeted and perfect services;
3. Realize the purposes stated in Article 2 “How We Collect and Utilize Information” of this Privacy Policy;
4. Fulfill our obligations and exercise our rights in this Privacy Policy or other agreements with you;
5. Share your information with third parties such as partners that delegate the promotion to us, however, we will only provide these clients with information on the coverage and effectiveness of promotion, and will not provide your identity information, such as name, telephone number or email; or we will summarize such information so that they will not be personally identifiable. For example, we can tell clients how many people have read their promotional information or purchased their products after reading such information, or provide them with statistics that are not personally identifiable to help them understand their audience or customers.
6. We undertake not to rent out, sell or provide user information to third parties for other purposes than performing the Services. A consent will be sought from users for sharing their information with third parties.
7. Assist in resolving disputes or controversies between you and others according to your legitimate needs;
8. Provide your information upon the legal demand of your guardian;
9. Provide it according to the agreement of individual services with you (including the signed electronic agreement and corresponding platform rules) or other legal instruments;
10. Provide it for academic research;
11. Provide it for the public interests in accordance with laws and regulations.
We will only share your information for legitimate, just, necessary, specific and clear purposes. There will be confidentiality agreements with companies, organizations and individuals with which we share information, requiring them to process information in accordance with our instructions, this Privacy Policy and any other relevant confidentiality and security measures.
(II) Transfer
1. As our business develops, we may make mergers, acquisitions, asset transfers or similar transactions, and your information may be transferred as part of such transactions. We will require the new company or organization that possesses your information to continue to be bound by this Privacy Policy, otherwise, we will require the company or organization to seek your authorization/consent.
2. After obtaining your explicit consent, we will transfer your information to other parties.
(III) Disclosure
We will only disclose your information under the following circumstances and on the premise of taking security measures in line with industry standards:
1. Disclose the information you specify according to your needs in a manner that you explicitly permit;
2. If disclosure is required by laws and regulations, compulsory administrative enforcement of law or judicial requirements, we may disclose your information according to the specified type of information and way of disclosure. Subject to compliance with laws and regulations, upon receipt of a request for disclosure of information, we will request corresponding legal instruments from the recipient, such as subpoena or investigation letter. We firmly believe that the information we are required to provide should be as transparent as possible to the extent permitted by law. All requests are carefully reviewed to ensure that they are legitimate and limited to data which law enforcement agencies have legitimate right to have access to for purposes of specific investigations.
IV. How We Retain, Store and Protect Information
We retain your information only for the period necessary for the purposes stated in this Privacy Policy and for the period required by laws and regulations.Information collected and generated during our operations in the People's Republic of China are stored within the territory of China.
We will take the following measures to protect your information:
(I) Technical measures for data security
We will take security measures in line with industry standards, including establishing reasonable system specifications and safety technologies to prevent unauthorized access to, use, modification, corruption or loss of your information. A variety of encryption techniques are used in online services, such as SSL used in some services that protects and encrypts your information, and isolation techniques that isolate your information. When information is used for display and correlation calculation, various data mask technologies are employed to improve the security of information in use. Strict data access control and multiple identity authentication technology are adopted to protect information and avoid illegal use of data.
(II) Other security measures taken to protect information
We manage and standardize the storage and utilization of information by establishing data classification system, data security management standard and data security development standard.
We have overall control over data security through confidentiality agreements with those having access to information, and monitoring and auditing mechanisms.
Strengthen safety awareness. We will provide training courses of security and privacy protection to enhance employees' awareness of the importance of information protection.
(III) We limit access to your information to our employees and partners who need to know, and establish a strict access control and monitoring mechanism. We require all personnel who may have access to your information to fulfill the corresponding confidentiality obligations. Failure to fulfill these obligations may lead to legal liability or suspension of cooperation with AIER Eye Hospital.
(IV) We will take all reasonable and feasible measures to ensure that no irrelevant information is collected.
(V) No Internet environment is completely safe, and we are not sure about the encryption of communications with other users by e-mail, instant messaging, social software or other service software. Therefore, we recommend that you use complex passwords when using such tools, and pay attention to the security of your information.
(VI) No Internet environment is completely safe, and we will try our best to ensure or guarantee the security of any information you send to us. If our physical, technical, or management protection facilities are damaged, resulting in unauthorized access to, public disclosure, tampering, or destruction of such information, causing damage to your legitimate rights and interests, we will bear legal responsibilities therefor.
(VII) Handling of security events
When communicating with third parties through the Services or purchasing goods and services, it is inevitable that you will disclose your information, such as contact information or postal address, to counterparties or potential counterparties. Please protect your information properly and do not provide it to others unless absolutely necessary.
In order to deal with possible risks such as information leakage, corruption and loss, we have a number of systems to clarify the classification standards and handling procedures of security events and vulnerabilities, and we also have formed a special emergency response team for security events. According to the handling standards of security events, we have initiated security preparedness for different security events, carried out loss stop, analysis and positioning, developed remedies, and cooperated with relevant departments for traceability and fighting violations.
When a security event occurs, we will timely inform you according to the laws and regulations about the basic information and possible impact, the measures we have taken or will take, the recommendations that you prevent and reduce risks by yourself, and remedies taken for you. Moreover, we will timely inform you of the relevant information by mail, letter, telephone calls, notifications, etc. When it is difficult to inform the subjects of information one by one, we will issue an announcement in a reasonable and effective manner, and we will take the initiative to report the handling of security events according to the requirements of regulatory authorities.
Please understand that we cannot ensure absolute security of information due to the limitation of technology and risk prevention even if security measures are strengthened as much as possible. You need to understand that there may be problems in the systems and communication networks you use to access the Services under circumstances beyond our control.
V. How We Manage Your Information
(I) Access, updates and deletionWe encourage you to update and modify your information to make it more accurate and effective. You can access your information through the Services, and modify, supplement and delete it by yourself or ask us according to the management of the corresponding information. We will take appropriate technical measures to ensure that you can access, update and correct your information or other information provided when using the Services wherever possible.
For accessing, updating, correcting and deleting such information, you may be required to make authentication to ensure information security.To search, modify or delete some of your information, please follow the specific instructions for individual services.
(II) Publicity and sharing
Many of our services allow public sharing of your relevant information not only with your social network, but also with all users that use the Services, such as the information you upload or post in the Services, your responses to information uploaded or posted by others, your personal information uploaded or posted by e-mail or in a public domain of the service that is visible not to a specific user, and location data and log information related to such information. The relevant information you disclose or share may remain in the public domain as long as you do not delete it; even if you delete the shared information, the relevant information may still be independently cached, copied or stored by other users or third parties not under our control, or kept in the public domain by other users or such third parties. We do not accept responsibility for any leakage caused by your disclosure or sharing of your information through the above channels. Therefore, we remind and recommend that you carefully consider whether to disclose or share your information through the above channels.
(III) Cancellation
Your service account may be cancelled or deleted if the conditions of the agreement of our individual services and relevant national laws and regulations are satisfied. When an account is cancelled or deleted, all of service information and data related to it under the individual services will be deleted or processed according to the agreement of the individual services.
(IV) Changes to the scope of your authorization/consent
You can always choose whether to disclose information or not. Some information are necessary for use of the Services, but other information are mostly provided at your discretion. You can change the scope of your authorization for our collection of information or withdraw your authorization by deleting information, turning off device functions, etc.
When you withdraw your authorization, we cannot continue to provide you with the corresponding services, and we will no longer process your corresponding information. However, your decision to withdraw the authorization will not affect the previous processing of information based on your authorization.
(V) Tips on sensitive information
Some information may be considered sensitive because of particularity, such as your race, religion, health and medical information, as well as identity documents, personal biometric information, property information, whereabouts, minors' information.
Please note that the content and information you provide, upload or post in the Services (such as photos or details about your social activities) may reveal your sensitive information. You need to carefully consider whether to disclose your sensitive information through the Services.
You agree that your sensitive information will be processed for the purposes and in the manner as described in this Privacy Policy.
VI. Third-party Services
Services may link to social media or other services (including websites or other forms of services) provided by third parties, including:(1) You can share some details to the Services using the “Share” button, or log on to the Services using the third-party service. These features may collect your information;
(2) We provide you with links through advertisements or other means of our services, so that you can access third-party services or websites;
(3) Other access to third-party services.
Such third-party social media or other services are operated by relevant third parties. Your use of such social media services or other services (including any information you provide to such third parties) are subject to the terms of service and statement of information protection of third parties (instead of this Privacy Policy), and you need to read these terms carefully. This Privacy Policy only applies to any information we collect, and does not apply to any services provided by or the rules on use of information of any third party, and we do not assume responsibility for any third party's use of information provided by you.
VII. Age Limit
We recommend that minors engaged in online activities seek the prior consent of their parents or their legal guardians (hereinafter referred to as “guardians”). We will protect the relevant information of minors according to relevant national laws and regulations.We encourage parents or guardians to guide minors to use the Services. We recommend that minors encourage their parents or guardians to read this Privacy Policy and that minors seek the consent and guidance of their parents or guardians before submitting information.
VIII. Notice and Amendment
We may amend the terms of this Privacy Policy as and when appropriate, and such amendment forms part of this Privacy Policy. For major changes, we will issue a more significant notice, and you can choose to stop using the Services; in such case, your continued use of the Services indicates that you agree to be bound by the amended Privacy Policy.We will put your satisfaction first when making any amendment. We encourage you to consult the Privacy Policy every time you use the Services.
We may issue service-related announcements when necessary (for example, when we suspend a service due to system maintenance). You may not be able to cancel these service-related announcements that are not for promotion purpose.
Furthermore, you must keep your account and password confidential, and keep them properly under any circumstances.
IX. How to Contact Us
If you have complaints and reports about network information security, or any questions, opinions or suggestions about this Privacy Policy, the related matters to your information, and questions about this statement or our privacy policy, be free to contact us through our Customer Service.Appendix:
Policy on Privacy Protection and Utilization of Personal Information of Users of Online Medical Services
[NOTE]
According to the relevant provisions of the Interim Measures for the Administration of Online Medical Services and the Essential Provisions of Formative Agreement of Online Medical Services (hereinafter referred to as the “Essential Provisions”) promulgated by the Ministry of Culture, this policy is formulated to protect the privacy rights of users of online medical services (hereinafter referred to as “users”) and standardize the utilization of personal information of these users. Please read all of the following content carefully. If you disagree with any part of it, do not use the Services. Your access to the program indicates that you have reached an agreement with AIER Eye Hospital and voluntarily accept all content of this policy. Thereafter, you may not conduct any form of defense by not reading this policy.
Respecting the users' personal privacy is a basic policy of AIER Eye Hospital. “Privacy” refers to the personal identity information collecting by AIER Eye Hospital when you use and accept the products and services provided by AIER Eye Hospital, including but not limited to the name, valid ID, contact number, home address. We adopt reasonable measures of technology and management to ensure the security and effectiveness of user accounts, and we will utilize the collected information in good faith, take various effective and necessary measures to protect your privacy, and use commercially reasonable technical security measures to prevent unauthorized access, use or disclosure of your privacy.
For the sake of business, we need to share necessary user information with our affiliates and third parties, and we and our affiliates undertake to utilize user information in good faith. We will not disclose such personal identity information as name, valid ID card number, contact information and home address to or share the same with any other party than our affiliates unless:
(1) authorized by users or their guardians;
(2) required by relevant laws;
(3) required by judicial or administrative organs based on legal procedures;
(4) for filing a lawsuit or arbitration against users in order to safeguard our legitimate rights and interests;
(5) legally required by guardians of users;
(6) for providing the necessary information of the user and the appointed agent to the third party for the purpose of providing services to the user.
IMPORTANT: This policy only applies to users of AIER’s medical services. In case of any inconsistency with similar terms of the Privacy Policy of AIER Eye Hospital, this policy shall prevail.