Last updated on: [July 30, 2020]

Foreword

Beijing Kuangshi Technology Co., Ltd. and its affiliates (hereinafter referred to as “we” or “MEGVII”) highly respect and are committed to protect personal information and privacy. As the vision intelligence platform and services provided by MEGVII for developers, Face⁺⁺ Artificial Intelligence Open Platform (hereinafter referred to as the “Platform”) and/or the services of the Face⁺⁺ Artificial Intelligence Open Platform (hereinafter referred to as the “Services”) will process personal information in strictly accordance with the requirements and standards set up in the MEGVII Personal Information and Privacy Protection Policy (hereinafter referred to as “MEGVII Policy”). In order to further clarify the personal information processing practices that may be involved in this Platform and the Services, we have formulated the Face⁺⁺ Personal Information and Privacy Protection Policy (hereinafter referred to as the "Face⁺⁺ Policy") to introduce the details of the collection, use, retention and other processing in this Platform and the Services.

PLEASE note that the Face⁺⁺ Policy does not fully cover all the measures and efforts of MEGVII in protection of personal information and privacy. We promise to strictly abide by applicable laws, regulations and regulatory requirements, and highly respect the legal rights related to your personal information. To ensure you have a full picture of our basic information, our personal information and privacy protection principles, how we transfer personal information globally, and other relevant content, please read the MEGVII Policy at the same time.

In addition, in specific scenarios that the business may be further developed and provided based on this Platform and/or the Services, our clients (hereinafter referred to as the "Clients") or we may separately provide the end users (hereinafter referred to as "Users" or "you") with specific privacy policy or similar legal texts. PLEASE also completely read the privacy policies or similar legal texts under these scenarios to ensure that you are fully aware of the complete practices related to personal information processing. The Face⁺⁺ Policy only applies to this Platform and the Services provided by MEGVII, and is completely independent of privacy policies or similar legal texts that our Clients or any third parties may or need to provide to you.

The Face⁺⁺ Policy will help the Clients and the Users understand the following:

1. How we collect and use personal information

2. How we retain and disclose your personal information

3. How we protect your personal information

4. Your rights to personal information

5. How we process personal information of minors

6. How to contact us

7. How we update the Face⁺⁺ Policy

In the Face⁺⁺ Policy, "personal information" refers to various information recorded electronically or in other ways that can identify a specific natural person alone or in combination with other information, and/or reflect the activities of a specific natural person. Unless otherwise stated, other relevant definitions and terms under this Face⁺⁺ Policy shall have the same meanings as those in Cybersecurity Law, Information Security Technology - Personal Information Security Specifications and other laws and regulations, regulatory documents, and national standards.

1. How we collect and use personal information

In different business scenarios, MEGVII will carry out various business cooperation with Clients. We will work with the Clients and suppliers to ensure that the personal information collected and processed has obtained your complete and valid authorization and consent, except in the following cases:

​ i. Where the request is related to fulfilling obligations under laws and regulations;

​ ii. Where the request is directly related to national security and national defense;

iii. Where the request is directly related to public security, public health and significant public interests;

iv. Where the request is directly related to investigations into crimes, prosecutions, court trials, execution of rulings, etc.;

​ v. Where refusing the request is to protect your or other individuals' life, property and other vital legal rights and interests, but it is difficult to obtain your or other individual’s authorization and consent;

vi. Where the involved personal information is voluntarily disclosed to public by yourself;

vii. Where it is necessary for the conclusion and performance of a contract according to your request;

viii. Where the personal information is collected from legally publicly disclosed information, such as legal news reports, government information and lawful public datasets;

ix. Where the processing is necessary to maintain the security and the stable operation of the products or services provided, such as discovering and dealing with any failures of the product or service;

​ x. Where the personal information controller is in news industry, and the processing is necessary for it to engage in lawful news reporting;

xi. Where a) the personal information controller is an institution for academic research, b) the processing is necessary to engage in academic researches or statistical activities for public interest, and c) the personal information included in the academic research or its description has been de-identified when providing any third parties with such results.

1) What personal information we collect and why

As far as this Platform and the Services are concerned, we, together with the Clients, will collect and use your personal information. To specify:

a) Sign-up and login of Face⁺⁺ account

In order to sign up a Face⁺⁺ account and complete the login process, we will collect the user name, mobile phone number (if you sign up with a mobile phone number or you voluntarily fill in after the sign-up), email address (if you sign up with an email address or you voluntarily fill in after the sign-up), and WeChat account information (if you sign up with a WeChat account). PLEASE note that the sign-up and login processes are one of the prerequisites for using this Platform and/or the Services. If you refuse to provide the aforementioned information, you will not be able to normally sign up, log in and/or use this Platform and/or the Services.

In addition, if you choose to use a FaceID account or other MEGVII account to log in to this Platform, we will also collect your relevant account number, password and other necessary information to complete the identity verification of the login process.

b) Application of face and body image recognition related technology

In order to provide the capabilities of face and body image recognition related technology, we will further identify and extract facial recognition features, body regions, body features and key points, gestures and other biometric information based on the original pictures, videos and other data actively provided by the Clients. Such information would be used for specific functions such as face comparison, face detection, face search, face beautification, face fusion, etc. PLEASE note that this Platform and the Services are part of the open AI capabilities of MEGVII. If you refuse to provide original pictures, videos and other aforementioned data, it will NOT be feasible to implement the functional applications mentioned above.

PLEASE note that, the function may involve the processing of biometric information such as facial recognition features, which fall into the scope of personal sensitive information. We mainly use advanced algorithms and models such as neural network algorithms to provide our Clients with the application of technical capabilities. Regarding the rules on how to collect and use biometric information under the specific products and/or services you directly use, we recommend that you should decide whether to consent to the processing after carefully understanding the relevant rules under the specific product and/or service scenario (usually explained to you by our Clients).

c) Application of other image and character recognition technology

In order to provide the capabilities of other image and character recognition related technology, we will further identify and extract ID information (such as photos and texts on ID card, driver/driving license), bank card information (such as card number and coordinates of card frame on a photo of bank card), and other text/non-text information based on the original pictures and other data actively provided by the Clients. Such information would be used for specific functions such as certificate recognition, character recognition, car plate recognition, object recognition. PLEASE note that, the function may involve the processing of personal identify information and personal property information such as ID and bank card information, which fall into the scope of personal sensitive information. This Platform and the Services are part of the open AI capabilities of MEGVII, and if you refuse to provide original pictures and other data, it will NOT be feasible to implement the aforementioned functional applications.

2) Special Declaration on Cookie

Cookies are small files transmitted by a website, application or service and stored on your device. We use cookies like most websites on the Internet, the purposes mainly include: a) to simplify your re-login steps, b) to store your preferences, c) help you confirm the security of the account or data, d) automatically record certain information to analyze and manage our websites (such as IP address, type of browser, internet service provider, number of page views, source site, date/time stamp, click stream). For more details about our use of cookies, please refer to the MEGVII Policy.

2. How we retain and disclose your personal information

Unless expressly required by applicable laws, regulations or regulatory provisions, we will retain your personal information for the shortest time required to achieve the processing purpose.

Under this Platform and the Services, we mainly provide specific applications of technical capabilities. Therefore, after the specific implementation of certain function, we will delete or anonymize original pictures, videos and other data provided by the Clients and the service results based on such original data as soon as possible.

Specially, in certain functions such as face recognition and face fusion, we may provide the Clients with Face storage functions. When using such functions, the Clients will decide by themselves whether to store images, and how long such images will be stored. If the Clients delete or require us to delete, or if the service period expires, we will promptly delete or anonymize your personal information unless the applicable laws and regulations specifically provide otherwise.

In addition, in accordance with the Cybersecurity Law and other mandatory requirements in laws and regulations, we will keep network logs for no less than six months.

Unless the applicable laws, regulations or regulatory requirements clearly require, or there are other clear disclosure scenarios in the MEGVII Policy, we will not share or disclose personal information involved in the Platform/Services to external third parties other than our Clients in any form and for any purpose.

3. How we protect your personal information

We have taken reasonable and feasible technical measures and management measures to protect personal information being processed and to deal with personal information security incidents. For more details about our measures, please refer to MEGVII Policy. Nevertheless, PLEASE note that although we have taken reasonable measures to protect your personal information, NO WEBSITE, INTERNET TRANSMISSION, COMPUTER SYSTEM OR WIRELESS CONNECTION IS ABSOLUTELY SECURE.

To specify, for this Platform and the Services, the major protection measures to protect your personal information include but are not limited to:

1) We will de-identify your personal information in a timely manner when feasible, to reduce the risk of other organizations or individuals re-identifying you.

2) We will regularly review the methods of personal information processing (including physical security measures), and continue to strengthen the security of technical tools such as API and SDK.

3) We will continually make efforts to ensure the security of your personal information, and implement encryption and other safeguards throughout the transmission to prevent your personal information from being accessed, used or disclosed without authorization.

4. Your rights to personal information

We highly respect your rights related to personal information in accordance with the law. Below we list your rights and how we will protect them. PLEASE note that for a specific request, for security reasons, we may need to verify your identity before processing your request.

1) Right to be informed: we are committed to improving the transparency of personal information processing, and will inform you how we process your personal information through the Face⁺⁺ Policy and other relevant legal documents.

2) Right to access: you have the right to access your personal information we collect.

3) Right to rectification: you have the right to ask us to make rectifications, if you find that the personal information we process about you is wrong.

4) Right to deletion: you have the right to ask us to delete your personal information, if we have no legal basis to continue to retain and process your information.

5) Account cancellation: if you use related products or services by obtaining the account we provide through sign-up or any available method, you have the right to submit an application for cancellation through the account cancellation channel provided to you in specific scenarios, and we will review and process in a timely manner.

6) The right to refuse automatic decision-making: you have the right not to be subject to fully automatic processing of decisions, including user profiling. If these decisions significantly affect your lawful rights, you have the right to ask for an explanation.

For your reasonable request, we do not charge fees in principle, but for repeated requests that exceed reasonable limits, we will charge a certain cost depending on the circumstances. We may refuse those requests that 1) are unreasonably repeated, 2) require excessive technical means (for example, where it needs to develop new systems or fundamentally change existing business practices), 3) bring risks to the legitimate rights and interests of others, or 4) are very impractical (for example, involving information stored on backup tapes).

In general, we will response as soon as possible within 30 days or the time limit stipulated by laws and regulations, except in the following cases:

​ i. Where the request is related to fulfilling obligations under laws and regulations;

​ ii. Where the request is directly related to national security and national defense;

iii. Where the request is directly related to public security, public health and significant public interests;

iv. Where the request is directly related to investigations into crimes, prosecutions, court trials, execution of rulings, etc.;

​ v. Where there is sufficient evidence that you may have subjective malice or abuse of rights;

vi. Where refusing the request is to protect your or other individuals' life, property and other vital legal rights and interests, but it is difficult to obtain your or other individual’s authorization and consent;

vii. Where responding to your request will cause serious damage to the legitimate rights and interests of you or other individuals or organizations;

viii. Where the request involves any trade secret.

5. How we process personal information of minors

Please note that all our products, websites and services are mainly for corporate Clients, and we will not actively collect and process personal information of minors. If any Client or User wants or intends to provide us with or request us to process the personal information of minors, please ensure that the prior consent and authorization of the minors’ guardians has been obtained in strict accordance with the requirements of relevant laws and regulations such as the Provisions on the Protection of Children’s Personal Information Online in China.

If we find that any Client or User has provided original data containing children's personal information without the consent of their parents or guardians, we will immediately delete such original data and will not provide any services for such data. In avoidance of ambiguity, we treat anyone under the age of 14 as a minor.

In addition, we attach great importance to the security and control of personal information of minors. We have clearly listed children's personal information as the data type with the highest security level internally, and have effectively adopted technical and management measures such as encrypted storage and strict access control to provide additional security protection on personal information of minors.

6. How to contact us

If you have any need, we recommend that you directly make requests to the personal information controller (usually our Clients) under such specific business scenarios and they may forward such requests to us as appropriate. We will respond to your request as soon as possible. If needed, you may contact us directly by sending an email to business@megvii.com. To ensure that your request is clear and specific, please indicate in the aforementioned email that:

1) Your name (or company name) and contact information;

2) Your specific request, suggestion and/or corresponding link.

7. How we update the Face⁺⁺ Policy

We reserve the right to update or modify this Face⁺⁺ Policy from time to time. Nevertheless, without your explicit consent, we will not reduce your rights in accordance with the Face⁺⁺ Policy. You can view the latest version of Face⁺⁺ Policy through this page.

For material changes, we will provide more noticeable notifications (for example, for some services, we will send notifications by e-mail or other means, explaining the specific changes).

The “material changes" mentioned in this Face⁺⁺ Policy include but are not limited to:

1) Where our service model has undergone material changes, such as the purpose of processing personal information, the type of personal information processed, the way of using personal information, etc.

2) Where our ownership structure, organizational structure or other aspects has undergone material changes, such as ownership transfer due to 1) business adjustments, 2) bankruptcy, 3) mergers, or 4) other possible reasons.

3) Where the main parties of sharing, transferring or public disclosing personal information have changed.

4) Where there is any material change on your rights to participate in personal information processing and how to exercise them.

5) Where there is any change on the department responsible for handling personal information security, our contact information or your complaint channel.

6) Where the report of personal information security impact assessment shows there is a high risk.