B. Safeguarding your personal information
We adopt certain technical, organizational, and physical measures to safeguard your personal information, including security technology conforming with market standards to support our technological infrastructure and systems, for the purposes of minimising the risks of unauthorised access and disclosure, damage, misuse or alteration of your personal information.
Our safeguards are as follows:
· Technical measures to safeguard data security
We adopt encryption technology such as transport layer security to prevent the data transmission from being tapped or intercepted; adopt security storage measures such as classified and layered disposal of data; adopt strict data access control system and identity verification technology; monitor data processing to avoid illegal access or unauthorised use of data; monitor and audit the full data lifespan to prevent unauthorised access, disclosure, use, alteration, as well as intended or unintended damage or loss of personal information.
· Data security organisation and management measures
We have a designated department specifically designed to handle personal information and data privacy matters. We also have relevant internal control management systems in place to minimise unnecessary employee access to personal information unless otherwise necessary to carry out their job duties and responsibilities, including standards regarding the secure use of business data and standard management system for data cooperatives. We arrange for our employees to participate in relevant data privacy training(s) on a regular basis and take other practicable data security organisation and management measures, such as locking the storage area for personal information and restricting employees’ access to the storage area unless otherwise necessary to carry out their job duties and responsibilities.
· Handling of security incidents
We have set up a Youku emergency response centre and put in place certain security management rules and emergency response plans, which clearly sets out the reporting procedures regarding the handling of security incidents and emergency responses in case of a data breach incident. In case of a data breach incident, we will take appropriate actions under our emergency preparedness plan (EPP) to contain such unauthorised leakage as much as possible, including reporting such incident to the authorities as required under applicable law, and notifying you as soon as reasonably practicable by way of electronic notice, push notification and/or public announcement. Depending upon where you live, you may have the legal right to receive notice of a data breach incident in writing.
Please note and understand that we cannot guarantee that the Internet is 100% secure. Notwithstanding the above measures, we cannot guarantee that your personal information will be 100% secure. If you create an account, or are otherwise provided access to our Services, you are responsible for maintaining the security of your password at all times and for any activity occurring while logged into your account. In order to assist us in protecting your account security, we strongly advise that you create a secure password and ensure that you use your account in a secure manner. If it comes to your notice that your password has been leaked, please contact us immediately for us to take relevant measures to ensure your account security.
What are your rights relating to your personal information
We would like to ensure that you are fully aware of all your personal information protection rights. Privacy and data protection laws in different places may differ from each other, so these rights listed below may apply in some jurisdictions but not others, as indicated. Please also note that by exercising some of these rights below, it may impact the ability for us to provide you (or continue to provide you) with our Services.
Generally, your rights may include:
· Right to be informed
You have the right to be informed of your personal data processing, unless otherwise provided by law.
· Right to access
You can inquire or access your relevant personal information relating to our Services, including usage information (which can be accessed at any time through the related product page, including series history, viewing history and offline downloads).
· Right to rectify
You have the right to request that we rectify your personal information if it is inaccurate or incomplete.
· Right to delete
You can delete your viewing history under “History” at any time. You may also email us at email@example.com to require us to delete your personal information. However, we may still be legally entitled to retain some of your data under other lawful grounds.
You understand and agree that when you delete your personal information from Youku Services by yourself or with our help, we may not be able to immediately delete your information from the backup system subject to applicable laws and regulations and relevant security technology. We will store your personal information in a secure manner and separate such from any further data processing until such information is deleted or anonymised during the update of our backup system.
· Right to cancel your account
Once you cancel your account, your rights and interests generated during your use of our Services will no longer apply. All contents, information, data and records relevant to your account will be deleted or anonymised (except as otherwise required by relevant laws or regulators). Your account cancellation is permanent and irreversible.
· Right to obtain a copy of your personal information
· Right to limit or object to the processing of personal information
You may limit or object to the processing of any part of your personal information if such rights are granted to you according to the laws of your jurisdiction. If so, we will handle your request based on the laws of such relevant jurisdiction.
· Right to withdraw consent
You may withdraw your consent to the continued processing of your personal information, subject to legal or contractual restrictions and reasonable notice.
· Right to complain about the processing of Personal Information
You may lodge a complaint to the relevant data protection authority regarding our processing of your Personal Information if such right is granted to you according to the laws of your jurisdiction.
You may be entitled to other rights in relation to your personal information depending on the applicable law in your jurisdiction. For details of such additional rights, please refer to the Appendix.
Exercising your Rights
You can exercise your rights by emailing us at firstname.lastname@example.org.
We must verify your identity before responding to your request. We may verify your identity by asking you to provide personal identifiers that we can match against information we may have collected from you previously. We may need to follow up with you to request more information to verify identity. We will not use personal information we collect in connection with verifying or responding to your request for any purpose other than responding to your request.
You may have the right to designate an authorized agent to make a request on your behalf. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.
We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response. You have the right to appeal a denial of their request by contacting us as described in the notice of denial.
Protection of minors
You must be 18 years or above to become a member under our Services.
Please note that, considering the features of the Internet and the online anonymity of users, it is difficult for us to identify minors and verify each and every one of these guardian consents. If you are aged below 18, please first obtain the consent of your guardians before proceeding to use our Services.
Where guardians believe that we have collected personal information of minors without first obtaining their consent, we will immediately investigate and as appropriate, delete all relevant information (if any) in a timely manner upon receipt of such notification from the guardians.
For any questions regarding the use of the Youku app or VIP Member Services, please contact us by email at email@example.com.
Upon receiving your query or request and except as described above, we will, upon verification of your identity, reply to you within the period of time as prescribed by local laws of your jurisdiction. Generally, this would be done without any service fee or charges. However, please note that we may not be able to respond to your request if it involves any issues relating to the following (depending on applicable local laws):
· national security or national defence security;
· public health and safety or other significant public interests;
· criminal investigation, litigation or trial;
· where there is reasonable evidence suggesting your malice or abuse of rights;
· where a response to your request would severely interfere your legal rights or the rights of other individuals or organisations; and
· any other circumstances as provided by relevant laws and regulations.
To the extent permitted under law, we will provide to you with a notice with an explanation as to why we are unable to respond and act accordingly based on your request.
Appendix: Jurisdictional Specific Notices
For Users in the United States:
In addition to the general rights listed above, residents of California, Colorado, Connecticut, Utah, and Virginia of the United States are entitled to the below privacy rights
· Right to know and right to request access to your personal information
Residents of California, Colorado, Connecticut, Utah, or Virginia may request information about the categories and specific pieces of personal information we have collected about you, as well as the categories of sources from which such information is collected, the purpose for collecting such information and the sale, sharing, or disclosure for business purposes of your personal information to third parties.
· Right to data portability
If you are a resident of California, Colorado, Connecticut, Utah, or Virginia, you may have the right to receive the personal data that you have given us in a structured, commonly used, and machine-readable format.
· Right to opt out of a sale or sharing and targeted advertising
If you are a resident of California, Colorado, Connecticut, Utah, or Virginia, you may have the right to opt-out of the sale or sharing of your personal information to third parties.
· Right to limit the use and disclosure of your sensitive personal information
Residents of California have the right to limit the use and disclosure of their sensitive personal information if we use such information to infer characteristics about you.
· Right to opt in to the collection and use of sensitive personal information
If you are a resident of Colorado, Connecticut, or Virginia, you may have the right to opt-in to the processing of your sensitive personal information.
· Right to opt-out of profiling using automated decision-making technology
If you are a resident of California, Colorado, Connecticut, or Virginia, you may have the right not to be subject to a decision solely based on profiling, except under certain exceptions under local law.
· Right to not be discriminated against for exercising any of these rights.
California’s “Shine the Light” Law. Additionally, California permits users who are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please contact us using the contact information provided below and put “Shine the Light” in the subject line of your request.
Nevada Residents. Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to third parties.
We do not sell your personal information under the definition of the California Consumer Privacy Act.
Do Not Track and Opt-Out Preference Signals
The “Do Not Track” (“DNT”) privacy preference is an option that may be made available in some web browsers allowing you to opt-out of tracking by websites and online services. At this time, global standard DNT technology is not yet finalized and not all browsers support DNT. We therefore do not recognize DNT signals and do not respond to them. We currently do not recognize opt-out preference signals, such as the Global Privacy Control (available here), as a request to opt-out of the sale or sharing of your personal information.
For Users in Thailand:
If you are a user in Thailand, please contact our representative and Data Protection Officer via the contact information provided below:
Representative& Data Protection Officer
Contact person/department: Huilong Cai/ Data Security
Address: Room 1901, 19/F, Lee Garden One, 33 Hysan Avenue, Causeway Bay
For Users in the Philippines:
In addition to the general rights listed above, citizens or residents of Philippines are entitled to the below privacy rights.
· Right to compensation
You may claim compensation if you believe you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data or for violations of your rights as a data subject.
For Users in Vietnam:
In addition to the general rights listed above, users in Vietnam are entitled to the below privacy rights.
· Right to claim damage
You have the right to claim damage when there are violations against regulations on protection of your personal data, unless otherwise agreed by the parties or unless otherwise provided by law.
· Right to self-protection
You have the right to self-protect or request competent agencies and organizations to implement civil right protection methods according to regulations in the local law.