Youku Privacy Policy

                                                        Version No.:2022V1.0

                                                        May 20th,2022

Preface

 

Jet Brilliant Limited. (a company registered and existing under the law of Hong Kong with its registered and address at 26F Tower One,Times Squeare, 1 Matheon Street, Causeway, Hong Kong )and its related companies(hereinafter referred to as “we” or “Youku”) provide users (hereinafter referred to as “you”) with relevant software, website and relevant products or services contained relating to Youku international businesses (including mobile terminal,  collectively referred to as “Youku services” or “our services”). We are keenly aware that personal information is important to you and for such matter, we’re dedicated to protecting your personal information. 

This Youku Privacy Policy (hereafter also referred to as “this Policy”) is to explain to you the rules to collect, use, store, process and protect your personal information as well as how you can effectively control your personal information while using Youku services (whether you are browsing users or registered users).

 

To clearly present relevant contents of this Policy, we emphasize important terms in bold and add definition of relevant key terms. You should read this Policy carefully in full and pay special attention to the terms in bold which (might) be of great significance to you. Your consent to this Policy or continued usage of Youku services will be deemed as consent and authorization for us to collect, use, store and process your personal information as per this Policy. We will update this Policy from time to time and will notify you of such in one or several manners by push notification, announcement or pop-ups.

 

Contents

I. How do we collect and use your personal information

II. How do we share and disclose your personal information

III. How do we store and protect your personal information

IV. What are your rights to control your personal information

V. Protection of minors

VI. About the Policy

VII. Contact us

VIII. Dispute resolution

IX. Definition of key terms

 

I How do we collect and use your personal information

 

A.     Collection

 

We will collect and use some of your personal information while you are using Youku services. The type and manner of personal information that we collect and use depend on the way you use our services and we may collect your information via different ways.

 

1.     Information we automatically collected

When you use Youku services, we will automatically collect some of your information such as your equipment information and your activities with Youku services, which includes

 

(1)   Equipment information

 

When you use our video displaying/playing/download and caching, we will automatically collect your equipment information including your IP address, equipment type, model, name .Universally Unique Identifier, type and setting of browser, operating system, language setting of browser, mobile network information (including operator name and phone number), App version, storage and other IT information. We may also collect information as to how your equipment interacts with our websites, including the page you visited and links you clicked. We collect such to realize the most basic product and service functions, protect your account and system and provide continuous and stable services to you.

 

(2)   Information used in Youku services

When you use Youku services, we will automatically collect the information such as the video you’re watching, words you searched, times you browse videos and interact with them, your purchase information. We collect such to provide you with the contents you need.

 

(3)   Log information

We will automatically collect the logs when you use Youku services, which might be obtained via using Cookie, web beacon, log file, programming script, e-tag or other manners. Please read the Cookie Terms if you want to know more about how we use Cookie and other similar technologies.

 

2.     Information from a third party

 

We may obtain your personal information indirectly from a third party, which includes:

 

(1)    Third-party account information: if you use the account of a third party platform (such as Facebook/Google/Apple ID) to log in our services, we will obtain your account information from such platform, so as to create or log-in users, protect your account and prevent security risks.

(2)   Third-party payment agency information: if you purchase our VIP services or other contents, the third-party payment service providers working with us (such as Apple pay, Google pay) will provide us with your payment information or its updated information, so as to verify your payment status and proceed with your paid services; please note that we collect only the information of your purchased product, payment serial number and channel ID, nor your bank account number, payment password or other payment information.

(3)    Information obtained from public sources: such as government published data and public data on social media platform.

(4)   Information obtained from other sources.

You acknowledge that we can’t and will not obtain any of your personal information from a third party without your authorization. If we need to obtain your personal information indirectly from a third party due to business cooperation and the like, we will ensure lawful collection and use of such information on multiple levels and by multiple means: (1) we will take measures including but not limited to signing contracts to ensure as much as possible that such third party has obtained your consent or is collecting your personal information within the scope permitted by relevant laws and regulations; (2) we (or the third party) will explicitly present to you the source, type, purpose and manner of use, business function and scope of authorization of relevant personal information (we will obtain your consent again if the manner and scope of use exceed the original authorization); (3) ask the third party to commit to the lawfulness of the source of personal information by an agreement, we will explicitly demand the bearing of relevant responsibilities; (4) our professional security team will improve the guard for personal information. We will protect the personal information indirectly obtained with the equal protection means and measure no less than the level we did with our own users.


B.     Use of personal information

 

We will use the information collected from Youku services for the following purpose according to the type of relevant information:

 

(a)    Conclusion and performance of an agreement with you and execution of the agreement there between;

(b)   Provision, processing, maintenance, R&D and improvement of Youku services (including video content, advertisement and paid services);

(c)    Evaluation of your application (if relevant) and replay to your question/consultation/feedback/dispute;

(d)   Handling of your registration and log-in request, verification and performance of your transactions related to online payment;

(e)    Monitoring, prevention or investigation of any fraudulent or abusing acts, security risk or technical issues damaging Youku, you or the public, protection of your account and system security and improvement of the security and reliability of Youku services;

(f)     Market survey and trend analysis, and comprehensive statistics, data analysis, processing and investigation related to Youku services.

 

To apply your information for the aforesaid purposes, we may use different technologies to process the information. We will first obtain your consent if using your information for purposes not covered by this Policy.


C.     Cookie Terms

 

Cookie is a small file containing character strings sent to or stored in your computer, mobile equipment or other devices while you log in and use websites or other network contents (usually after encryption). Similar technologies of Cookie refer to ones with similar purpose with Cookie, such as Web Beacon, Proxy and inserted script. In this Policy, we will refer to such technologies collectively as “Cookie”. Generally, we will use Cookie to collect your personal information during registration, log-in and use of our services, such as your habits of visiting websites, your browsing history and log-in information.

 

We use Cookie mainly for simplifying relevant operations (such as remain logged in), protecting your account and our product, recording your preferential settings, recommending contents that meet your personal need and might interest you, improve our services, etc.

 

You can manage or delete the Cookie already stored in your computer, mobile equipment or other devices via related function of your browser or other equipment. Part of our services can only be available with Cookie and if you refuse or delete it, you many not use relevant services or obtain optimal service experience, meanwhile it also may affect the protection of your information and account.

 

II How do we share and disclose your personal information

 

A.     Sharing

 

1.     Our sharing

We usually don’t share your personal information with any third party, except in one or multiple of the following circumstances where we will do such as per the legal requirements of your judicial jurisdiction:

 

1.1  Where you make the proposal to share or prior consent of sharing has been obtained;

1.2  Internal sharing within Youku group companies

To successfully provide you with relevant services of Youku, we may share internally your information with our related companies; if our related companies change the purpose for use of your personal information, we will again obtain your authorization and perform data compliance duties required by the laws and regulations of relevant country.

 1.3  Sharing with business partners

You understand and agree that some of our services will be provided by our business partners or jointly therewith, and that you agree that we can share your necessary personal information with the following partners for the sake of this Policy:

a. Service provider, such as, payment agency, logistics provider, other partners providing services including Apple pay, Google pay.

b. Data processor (including the one providing such as online advertisement data monitoring, data statistics and data analysis), to analyze/maintain/improve our services and offer you better contents, we may share your relevant information with designated partners providing such services in a summarized manner (such as video play record. Advertisement display record, terminal model and your local city). Where the aforesaid information involves no personal information, please be assured that unless with your consent, we will never share your personal information.

c. Our product may contain third party SDK or other similar applications; if you use such service provided by third party on our platform, you agree to its direct collection and processing of your information (by such ways as insert code or widget). The collection and processing of information by such provider follow its own privacy provision, not this Policy. However, we will also do our best in examining the access qualification of such third party and impose lawful, compliant and secure requirement thereon. To protect your information security to the maximum, we strongly recommend to you to read its privacy provisions before using third party SDK. To ensure your lawful right and interests, if you discover the risks of any such SDK or similar application, we suggest you immediately cancel relevant operations and contact us in time; list of third party SDK refers to the link: https://terms.alicdn.com/legal-agreement/terms/privacy/20220524184729564/20220524184729564.html

d.     Other business partners engaging commercial cooperation with us.

When sharing your information, we will take multiple measure to protect your personal information, including but not limited to (1) where necessary, we will obtain your authorization and consent upon notifying the purpose, type and receiving party of relevant information before sharing; (2) we will use an agreement to strictly ensure that the information receiving party observes the duties and bears legal responsibilities concerning protection of personal information; (3) our security team will conduct security evaluation and processing as to the manner, transfer, use, etc. of the information and try to make the personal information anonymous; (4) where the aforesaid sharing involves possible transmission of your information to other countries/regions, whether it’s to our related companies or any third party partner, we will abide by relevant applicable laws and regulations to ensure that this type of information satisfy local legal requirements of data protection.

1.4  Sharing under legal provisions or regulatory requirements

(1) Under certain circumstances, we may, as required by the law or regulators, share your personal information with a third party (such as judicial authority, law enforcement agency, government organ or other similar entity), in order to protect your and your lawful rights and social public interests or prevent relevant property or security from damaging;

(2)In certain cases where only by sharing your personal information can our services be available or the services you required available, or settlement of relevant dispute or controversy involving you be possible;

(3) Sharing your personal information as per relevant agreements signed with us (such as online agreement or platform rules) or legal documents;

(4) The information we shared is one that’s unidentifiable where the third party receiving such information can’t reidentify the owner of the information, or you make public at your discretion, or we obtained from legal and public channels;

(5)    Other cricumstances stipulated by other laws and regulations or required by regulators.

 1.5  Any third party related to certain transactions

If we’re engaged in a merger, acquisition, reorganization, division, bankruptcy, transfer of asset or similar transaction and your personal information may be transferred as part of the deal, we will notify you in this regard and demand the new holder of the information abide by and perform any and all contents of Youku Privacy Policy (including purpose and rules for use and security protection measures).

 

B.     Disclosure of personal information

Except for necessary disclosures based on proper causes such as punishment announcement of violating account and fraudulent acts, publishing relevant information of the winner list, abiding by court decision or other legal procedures, following the requirements of relevant government organs or statutory authorized organizations or according to law, we will not disclose your personal information and where the situation requires, we will notify you of the purpose and type of disclosure and obtain your consent before disclosing your information to the public.

 

Please note that even if with your authorization and consent, we will only disclose your personal information in a lawful, just necessary, specific and clear manner and try to make the disclosed information unidentifiable.

 

III How do we store and protect your personal information

 

A.     Storage

 

a. Location: presently, Youku sets up a data center in China. You understand and agree that, under the conditions and terms of this Policy, we may transmit and store your personal information to/in such data center upon compliance of applicable laws and regulations. Though the standard for protection personal information may vary in the location of data center and the judicial jurisdiction area of your place, we will do our best to protect your personal information with stricter standard and make the biggest effort possible to prevent the disclosure of your information.

b. Period: generally, we only need to store your personal information in the shortest period of time possible for provision of our services and after such period, we will delete or anonymize your personal information as per the requirements of relevant laws and regulations. If such information is shared by us to any third party, we will also require such third party to do the same. However, in the following circumstances, we may after the period for storage of information due to relevant legal requirement:

(1)    To follow relevant provisions of applicable laws and regulations;

(2)    To follow court decision, ruling or other legal procedures;

(3)    To follow the requirements of relevant government organs or statutory authorized organizations;

(4)    We deem necessary to follow relevant provisions of laws and regulations;

(5)    For proper and necessary purposes to execute relevant service agreement or this Policy, maintain social public interests, and protect the personal and property safety of us, our related companies, our partners, other users or employee, or to protect other lawful rights and interests.

 

When our product or service stops operating, we will notify you by, among others, push notification or announcement and will delete or anonymize your personal information within proper period.


B.     Protection

 

We adopt multi-dimensional protection measures to protect your personal information including security technology conforming to industrial standard and supporting organizational structure and management system, so as to reduce  the risks to the minimum of disclosure, damage, misuse, unauthorized access, unauthorized disclosure and alternation of your information. Youku’s security management system of relevant information has passed the certification of ISO ISO27001. Specific protective measure include:

 

1.     Technical measure for data security

 

We adopt encryption technology such as security agreement on the transmission layer to prevent the transmission from being sniffed, bugged or intercepted; adopt security storage measures such as classified and layered disposal of data; adopt strict data access control system, adopt multiple identity certification technology, monitor data processing to avoid illegal access and monitor data processing to avoid illegal access and unauthorized use of data; monitor and audit the entire life time of data to prevent unauthorized access, disclosure, use, alternation, man-made or accidental damage or loss of personal information.

2.     Data security organization and management measures

We establish special department for personal information protection and formulated relevant internal control management system to minimize employee authorization such as the standard for secure use of business data and standard management system of data cooperation; organize employees to participate in relevant security protection training on a regular basis and take other practicable security organization and management measures, such as locking the storage area of personal information and restricting employee’s access to the storage area.

 

3.     Handling of security incidents

We set us a Youku emergency response center and formulated several security management rules and emergency response plans, clarifying the reporting procedure of security incidents and handling procedures of emergency response.in case of personal information security incident, we will activate the emergency preparedness plan(EPP) 同prevent it from expanding and notify you by notice, push notification, public announcement.

 

Please note and understand that the Internet cannot be absolutely secure. Despite the aforesaid protection measures taken, we still can’t guarantee or promise with any information provided by you. If your personal information is leaked, your personal or property security may be affected. Therefore, we strongly advise you to assist us in protecting your account security by secure manner or using complicated password. Upon discovering the leakage of your personal information, please contact us immediately so that we can take relevant measures to protect your information security.


IV What are your right to control your personal information

 

You have multiple ways to control your personal information when using Youku services. This Section describes your main rights to control your personal information in using Youku services. Your right include but not limited to:

 

(1)   Right to access

You can inquire or access your relevant personal information in Youku services, including:

 

Usage information: You can inquire part of your usage information at any time through the related product page, including collection history, viewing history and offline downloads;

 

(2)   Right to delete

You can delete your relevant personal information in “my-history”. You may email to privacy_youku@service.alibaba.com to require us to delete your personal information. (If you have any questions about the use of APP or VIP Member Services (including Q&A and complaints), please contact us by email youkuchinaservice@alibaba-inc.com.)


 

You understand and agree that once you delete your personal information from Youku services by yourself or with our help, we may not immediately delete your information from the backup system subject to applicable laws and regulations and relevant security technology, in which case, we will store your personal information in a secure manner and separate such from any further data processing, till such information is deleted or anonymized during the update of our backup system.

 

(3)   Right to cancel your account

You can cancel your account. You may email to privacy_youku@service.alibaba.com to cancel your account, except as otherwise provided ty applicable laws and regulations in your judicial jurisdiction area or as otherwise agreed upon in this Policy.(If you have any questions about the use of APP or VIP Member Services (including Q&A and complaints), please contact us by email youkuchinaservice@alibaba-inc.com.)

Once you cancel our account, all the right and interests generated during use of Youku service but not consumed, together with expected interests, etc. will be cleared; all contents, information, data and records relevant to your account will be deleted or anonymized (except as otherwise required by relevant laws or regulators); meanwhile, once you cancel your Youku account, you can’t undo it.

 

(4)   Right to obtain the copy of personal information

If you need to obtain the copy of your personal information, you can contact us via the contact information in this Policy and upon verifying your identity, we will provide the copy of such information in our services for you within the period prescribed and in accordance with the law, unless otherwise stipulated by the applicable laws and regulations or as otherwise agreed upon in this Policy.

 

(5)   Right to limit or refuse processing of personal information

You may limited or refuse the processing of part of your personal information if such rights are granted to you according to the law of your judicial jurisdiction area and we will handle your request based on such law while considering your actual conditions.

 

If you encounter any trouble in exercising such right, you may contact us via the contact information provided herein and we shall help you solve the issue upon verification of your identity within proper period or the period prescribed by the law of your judicial jurisdiction area, unless otherwise stipulated by the applicable laws and regulations or ase otherwise agreed upon in this Policy. Other than the rights mentioned above, if the law of your judicial jurisdiction area grant you any other rights concerning personal information, we will do our best to ensure the exercising of such.


V Protection of minors


You must be 18 years or above to become a member of the Youku services.

 

We value the protection of personal information of minors very much. The age classifying minors and relevant rules for minor privacy protection vary in different judicial jurisdictions. If you achieve the age of 13 but still be a minor under local law, you shall read this Policy under the guardianship and guidance of guardians and submit relevant personal information after the consent of guardians to this Policy and submission. Please note that, considering the features of the Internet and online anonymity of user, we find it hard to verity each and every consent of guardian. For such matter, please first obtain the consent of your guardian voluntarily if you fit in the aforesaid circumstances.

 

Where guardians think that we collected personal information of minors without obtaining their consent, we will immediately investigate and delete relevant information (if any) in a timely manner upon receipt of such notification from the guardians.


VI  About this Policy


1.     Applicable scope

 

This Policy applies to the APP and/or services provided in accordance with the international businesses of Youku, whether you are browsing user (visitors) or registered users. However, please note that this Policy does not apply to the following:

 

The products and/or services provide by third parties, which may be contained in or linked from Youku services. We will inform you when such circumstances occur or mark those products and/or services “third party products” or “third-party services” or similar expressions;

Other products and/or services not provided by us.


2.     Update


With the business mode and technology of Youku continue to innovate and develop, we may update the terms of this Youku Privacy Policy from time to time and the updated version will form part of the Policy and inure immediately after updating. If these updates make substantial reduction or significant alteration in your rights hereunder, we will notify you in one or more manners including announcement, push notification or any other means before the updated Policy takes effect. If such updates involve collection of more personal information, or changes in the purpose or manner in using/sharing personal information or the receiving third party, we will again obtain your authorization and consent. If you still choose to use Youku services, it shall be deemed that you have fully read, acknowledged and agreed to be bound by the updated Policy. We advise you to look up the Policy every time you use our services.


3.     Miscellaneous


The heading of this Policy are only provided for convenience and readability and shall not affect the meanings or interpretations of any clause herein.


VII Contact Us


(1)    If you encounter any issue related to privacy protection or this Policy (including problem consultancy, complaint and advice) during use of our services, you can submit online feedback or contact our data protection officer via: Email: privacy_youku@service.alibaba.com. (If you have any questions about the use of APP or VIP Member Services (including Q&A and complaints), please contact us by email youkuchinaservice@alibaba-inc.com.)


(2)   Upon receiving your issue, we will, upon verification of your identity, reply to you within the period prescribed by the law of your judicial jurisdiction area on response and generally, we will not charge any service fee in this regard. However, in the following circumstances, we may not be able to response to your request, unless otherwise stipulated by the law of certain counties/regions:

l  Related to national security or national defense security;

l  Related to public safety, public sanitation or major public interests;

l  Related to criminal investigation, litigation and trial;

l  Substantial evidence suggesting your subjective malignity or abuse of rights;

l  Response to your request will severely damage the lawful rights and interests of you or other individual or organizations;

l  Other circumstances provided by relevant laws and regulations.

 

In which circumstances, you will receive our notice explaining the reason why we can’t respond to your request.

 

VIII Dispute resolution

 

If any court of law, having the jurisdiction to decide on this matter, rules that any provision of this Policy is invalid, then that provision will be removed from this Policy without affecting the rest of the Policy. The remaining provisions of this Policy will continue to be valid and enforceable.

 

Both parties agree that this Agreement, as well as the execution and the interpretation of this Agreement, shall be subject to the laws of Hong Kong to the maximum extent permitted by applicable law.

 

Any disputes that raised out of or related to this Agreement, including but not limited to carrying out the provisions of this Agreement, shall be negotiate by both parties through amicable settlement. In addition, both parties may also submit the dispute to Hong Kong International Arbitration Centre (HKIAC) for arbitration under the HKIAC Administered Arbitration Rules in force when the Notice of Arbitration is submitted. For the avoidance of doubt, settlement via amicable negotiation is not the prerequisite condition of the arbitration mentioned above. The arbitration award shall be final and binding on both parties. The seat of arbitration shall be Hong Kong. The arbitration proceedings shall be conducted in Chinese.


IX Definition of key terms

 

I Youku services/services of Youku

 

Youku services/services of Youku refer to relevant products, services and/or functions of Youku international, including but not limited to software, websites and services (including off-site services, such as the advertising services and plug-ins “applied or shared through our service”), through user terminals including but not limited to PC, mobile device and TV.

 

I  Related companies

 

Related companies refer to the operational entities affiliate to Youku Group, including the companies and institutions controlling, controlled by or subject to the same control with Jet Brilliant Limited. both presently and in the future. Control means the ability to directly or indirectly affect the management/operation of the controlled party via ownership, shares with voting rights, contract, connection in actual operation or other legally determined manners.

 

I Personal information

Personal information refers to all kinds of information recorded via electronic means or otherwise that can be used to directly or indirectly identify a particular natural person or to reflect the particular natural person’s activities, whether on its own or combined with other information.

 

I Location information

Location information refers to the information Youku collects about user location, which is roughly inferred based on the device accessing Youku services or the IP address of Internet services.

 

I Log information

Log information refers to the technical information automatically collected during your use of Youku services via Cookie, web beacon, log file, programming script, e-tag or other manners.

 

I Cookie and similar technologies

Cookie is a small file containing character strings sent to or stored in your computer, mobile equipment or other devices while you log in and use website or other network contents (usually after encryption). When you visit the same website again, the website will identity your browser by Cookie. Similar technologies of Cookie refer to other technologies with similar purpose with Cookie, such as Web Beacon, Proxy and inserted script.

 

I Equipment

Equipment refers to the device used to access Youku services, such as a desktop, laptop, table or smart phone.

 

I Universally unique identifier (UUID)

UUID is a series of characters used to identify the one and only browser, application or equipment. Different UUIDs vary in terms of validity, availability for user resetting and obtaining methods. UUID can be used for multiple purpose, including test of security risks and fraudulent acts, synchronization of services.

 

I IP address

Internet protaocol (IP) address id the serial number designated for each equipment surfing the Internet. The number is usually designated based on geographic areas. IP address is generally used for identifying the location of equipment when such equipment is connected the Internet.

 

I Anonymization

Anonymization refers to the technical processing of personal information so that the personal information subject cannot be identified, and the processed information cannot be restored.

 

I De-identification

De-identification refers to the technical processing of personal information so that the personal information subject cannot be identified without the aid of any additional information.

 

I Deletion

Deletion refers to the process of removing personal information from our server/background records.

 

I Sharing of personal information

Sharing of personal information refers to the act of sharing with or transferring information to third-party companies, organization or individuals.

 

I Disclosure of personal information

Sharing of personal information refers to the act of sharing with or transferring information to third-party companies, organization or individuals.

 

I Disclosure of personal information

Disclosure of personal information refers to the act of publicizing or publishing information to the public or non-specific group of people.

 

I Significant alternation

Significant alternation in Youku Privacy Policy includes but not limited to :

 

Major changes in the way Youku collects and uses personal information. Such as the purpose for processing personal information, the type of personal information to be processed and the manner of the use of personal information;

Major changes in rights and exercising manners of user in participating in the processing of personal information;

Changes of the department, contact and complaint channel for handling security incidents of personal information;

Where security influence evaluation report of personal information suggests high risks;

Other important circumstances or circumstances that may severely damage your personal rights and interests.

 

Note: where the aforesaid definition and interpretation conflict with the law fo your local country/region, the latter shall prevail.