Privacy Policy

Last Modified: November 19, 2018

Your privacy is important to us.

Meitu (China) Limited ("Meitu", "we", "us" or "our") is dedicated to protecting the privacy of our users ("users" or "you"). This Privacy Policy (the "Policy") is meant to explain our practices regarding how we collect, store, use, manage and protect your user information (including your personal information) as a controller during your use of POMELO application including all its features (the "Services").

Please note that the scope of this Policy is limited solely to your user information (including your personal information) collected or received by Meitu when you are using the Services. In this Policy, "personal information" refers to any information or combination of information that can be used to identify, contact or locate an individual to whom the collected information pertains. Such personal information may include your name, gender, phone number, email address, date of birth, images, geo-location, personal identity number, identifiable biological information, and financial information (such as credit card or bank account number, WeChat Pay or Alipay account information).

BY USING OUR SERVICES, YOU ARE AGREEING TO THIS POLICY AND THE COLLECTION, USE, PROCESSING, RETENTION, DISCLOSURE AND SHARING OF YOUR USER INFORMATION, INCLUDING YOUR PERSONAL INFORMATION, IN THE MANNER PROVIDED IN THIS POLICY. IF YOU DO NOT AGREE WITH ANY OF THE TERMS OF THIS POLICY OR ANY SUBSEQUENT CHANGES TO THIS POLICY, PLEASE DO NOT USE OUR SERVICES.

Please note that it is mandatory for you to provide certain categories of data (as specified at the time of collection). In the event that you do not provide any or sufficient data marked as mandatory, we may not be able to complete the registration process or provide you with our Services. Also, please note that, unless we define a term in this Policy, all capitalized terms used in this Policy have the same meanings as in our Terms of Service. So, please make sure that you have read and understand our Terms of Service.

If you have any questions regarding this Policy or any privacy-related matters, please contact our Data Protection Officer via email at compliance@meitu.com, by phone at 6568127888 ,or via registered mail at 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Meitu).

The Information We Collect

In order to provide and improve the Services, Meitu will collect and process your personal information and user information in accordance with this Policy. If you do not provide this information, we may be unable to provide you with our products or Services. You should ensure that all personal information and user information submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with all or some of the Services.

The Information You Provide to Us

Mobile Device Information

When you use our Services on your mobile device, we will collect information about your device, including its International Mobile Equipment Identity ("IMEI"), Unique Device Identifier (“UDID”), Identifier for Advertising ("IDFA") and Identifier for Vendor ("IDFV"), Integrated Circuit Card Identifier ("ICCID"), Media Access Control ("MAC") address, the type of device you use, operating system version, and resolution, which will be used by us for statistical and/or analytical reasons, including without limitation to improve our technical functionality, server load-balancing, analysis of technical data relating to your mobile device so as to optimize the Services and graphics adaptation.

As stated below in the “Location Information” section, we may collect your location-based information from your mobile device if you choose to share it with us. If you subsequently wish to stop sharing Location Information, you may do so at any time by editing the relevant setting on your mobile device.

Mobile Analytics

We use mobile analytics software to allow us to better understand and improve the functionality of our Services. Such software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from.

Network Information

When you use the Services, we will collect information about the network you use, including the name of the operator and the type of network, so as to understand the distribution of operators and networks used by our users. In addition, we will collect information such as the name of the WiFi network to which you connect, the location of the WiFi network, and the duration of your WiFi connection to understand the environment under which you prefer to use our Services. We may use such information to provide customized services, for example to provide you with location-based advertising through push-notification.

Location Information

We will collect your Location Information, including the country code, latitude and longitude, network location, IP address and the system country and system time zone recorded on your device. This information will help us understand user distribution and usage scenarios and allow us to provide users with the correct version of our apps, the reappearance of the geo-location or the publishing of the real-time geo-location where you take any photos or shoot any videos, send relevant advertisements to you, and improve the Services. Except as otherwise provided in this Policy, we will not share this Location Information with any third parties. If you no longer wish to allow us to collect or use such information, you may turn off your Internet access or GPS, or disable our access to information about your network, GPS and device. Please note that we may still continue to receive some Location Information, such as your Network Information, IP address and system time zone, as a result of you using the Services.

Log Information

When you use some of the Services, including generating and browsing certain content, we will automatically collect certain relevant log information stored in POMELO ("Log Information"). Log Information may include (i) details on when and how often you use the Services, (ii) device statistics, including critical operation paths, errors, crashes, language and time zone. This Log Information is used to improve the Services and is NOT USED to identify our users individually.

Metadata

Metadata refers to technical data associated with user content. Put simply, metadata is data that describes data. For example, metadata can describe the analysis results of facial features, gender, age, race of the characters in photos and other elements contained in photos, which are generated and tagged by the computer algorithm and artificial intelligence. When you use the Services, we will use photo metadata to provide you with certain features including precise "Facial Recognition", "Key-Points Recognition", "Region Segmentation", "Content Tags" and other custom features based on a combination of these basic features. We may use your photo metadata to provide you with more suitable filters and better photo effect when our apps process your photos; we may also make use of the metadata to serve up a more contextually relevant products or services to you.

Cookies

When you are using the Services, Meitu or a third party designated by Meitu will use cookies, tags and scripts to collect information for the purposes of analyzing trends, managing the Services, tracking users activity on the POMELO and collecting demographics on the user base. Information collected may include information about your Internet Protocol (IP) address, browser type, Internet Service Provider (ISP), referring and exit pages, your operating system, dates and timestamps, and clickstream data.

Advertising

We and our third-party service providers may include advertisements within our Services, and may collect and use information about you such as your device identifier, geographic location and IP address for the purpose of delivering and tracking these advertisements. We will use this information to help us better count and track advertisements based on language, geographic location and other details. If you wish to opt out of interest-based advertising, you may opt out as your device permits. For more information, please contact us at compliance@meitu.com. Please note you will continue to receive generic ads after you opt out of interest-based advertising.

Information Collected by Third Party Services

Our Services provided to you may contain our service provider’s Application Programming Interfaces (APIs) or Software Development Kits (SDKs), which may have tracking tools of such service providers. These third parties may use cookies, APIs and SDKs on our Services and collect and analyze user information. In addition, some third party SDKs may allow advertisers to collect information in order to provide content that is more relevant to you. Third parties may access your information such as your device identifiers, region (defined as the location where a given language is used), location information and IP address under their respective privacy policies. If you want to know more about such third parties, you may send an email to compliance@meitu.com.

User Data Supplementation

We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products, services, and advertising that may be of interest to you. If you provide us with personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. Examples of the types of personal information that may be obtained from public sources or purchased from third parties and combined with information we already have about you, may include: Purchased marketing data about our customers from third parties that is combined with information we already have about you, to create more tailored advertising and products.

If you provide us any personal information of any third party, you shall obtain the consent of such third party for the collection, use and disclosure thereof by Meitu in accordance with these purposes. You further represent and warrant that in relation to any such third party personal information that you provide, you have obtained such consent for such collection, use and disclosure by Meitu.

Other Information

We may also collect other information which is not related to your identity. For example, we may collect information on the type and version number of your operating system to better understand system upgrades, we may collect information on your system language for the purpose of language adaptation, and we may collect your App list to understand user preferences. If we choose to collect such information, we will do so for the purpose of improving our Services provided to you.

How We Use Information

In addition to the uses listed above, we collect and use your user information and personal information for the following purposes:

Information Sharing and Disclosure

We will not sell any personal information to third parties. We may share your information with third parties who provide services on our behalf to help with our business activities. These services may include:

We will not share with or disclose to third parties (other than our service providers) your personal information in whole or in part except for the purposes of:

THIRD PARTY WEBSITES AND SERVICES

The Services may contain links to other websites and services. In addition, other websites and services may reference or link to our Services. These other domains and websites are not controlled by us, and Meitu does not endorse or make any representations about third party websites or services. We encourage our users to read the privacy policies of each and every website and service with which they interact. Visiting these other websites or services is at your own risk.

INFORMATION SECURITY

We will take reasonable measures to prevent the loss, improper use of, unauthorized access to or disclosure of information. For example, some of our Services will use encryption techniques (such as SSL) to protect your personal information. However, you understand and accept that (in the Internet industry) even though we take reasonable security measures, we cannot always guarantee that your information is 100% secure. You understand and accept that we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure. Further, you understand and accept that the system and communication network used by you to access our Services may fail due to factors beyond our control.

INFORMATION ACCESS AND CONTROL

We will take all reasonable and appropriate technical measures to ensure that you can access, update and correct your personal information or other personal information provided to us by you when using our Services. Before you access, update, correct or remove such personal information, we may verify your identity in order to protect the security of your account.

DATA RETENTION AND CORRECTION, UPDATE AND DELETION

Subject to applicable laws and regulations and the fulfillment of our business or legal purposes, we will retain your information (including your personal information) for such period as is required for us to continue to provide you with our Services. If you wish to withdraw your authorization to our collection, use and disclosure of your personal information, exercise your rights under GDPR or other applicable laws, or wish us to correct, update or delete your personal information, you may send an email to compliance@meitu.com or mail your request to 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Meitu). We will process your request in line with applicable laws within a reasonable period of time after receiving your email or mail, and will cease collecting, using and disclosing your personal information thereafter, subject to certain exceptions prescribed by law. Please note that if you withdraw your consent or delete your personal information, your use of some of our Services may be affected.

INFORMATION ABOUT CHILDREN

We will not knowingly collect or request personal information from children under 13 (or any other age stipulated by law applicable to your region). If you are under 13, please do not send your personal information to us, including your name, address, phone number or email address. If you believe we may have any information about children under 13, you may send an email to compliance@meitu.com or send a registered mail to 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Meitu). If we learn that we have collected personal information from children under 13 (or any other age stipulated by law applicable to your region), we will promptly take steps to delete such information and terminate the associated account.

CROSS-BORDER DATA TRANSFERS

You understand and agree that all information collected via or by Meitu may be transferred, processed, and stored anywhere in the world, including but not limited to, mainland China, the United States, the European Union, in the cloud, on our servers, on the servers of our affiliates, or the servers of our service providers, in order to provide the Services.

GOVERNING LAW

This Policy is established, comes into force, and will be enforced and interpreted under the laws of Hong Kong Special Administrative Region of the People's Republic of China, without regard to its conflict of law provisions. Any disputes arising hereunder will also be resolved in accordance with the Terms of Service. We do not represent or warrant that this Policy complies with the privacy law of any jurisdiction. Therefore, you should not interpret this Policy in accordance with such law.

AMENDMENTS TO THIS POLICY

You agree that we may update this Policy according to relevant laws and regulations or based on Meitu’s business decisions, and you agree to be bound by any such revisions hereto. We will post any significant changes to this Policy on POMELO or notify you by other means as required by law.

IF YOU ARE A RESIDENT OF CALIFORNIA

If you are a resident of California, every year we will provide you free of charge with an opportunity to obtain a list of third parties to which we have disclosed or with whom we have shared your personal information for their direct marketing purposes during the previous year. If you are a resident of California and wish to obtain this list, you may send an email with the subject "The right to privacy of a California resident" to compliance@meitu.com or send a registered mail to 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Meitu).

FOR USERS IN THE EUROPEAN ECONOMIC AREA

If you are in the European Economic Area (“EEA”), we will not collect any of your information set forth above. However, we will process certain information related to your SIM card which enables us to verify whether you are in the EEA. We use this information to verify whether you are in the EEA and to prevent the processing operations outlined above. Where we are unable to collect such information we will ask you whether you are in the EEA. The legal basis for the processing of this SIM card data or your answer to the question about your whereabouts is the performance of a contract with you (Art. 6 para. 1 lit. b) of the Regulation (EU 2016/679 of the European Parliament and of the Council (“GDPR”)). Without the provision of such data we may not be able to provide you with any Services.

As we are located in the People’s Republic of China we are required to transfer this information to the People’s Republic of China. Please be aware that the European Commission has not issued an adequacy decision in relation to the People’s Republic of China.

We will retain this information for as long as needed to provide you with our Services.

Controller

The Controller for the purposes of Art. 4 no. 7 GDPR with respect to the processing outlined in this Policy is Meitu (China) Limited, 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong. You may contact us via registered mail at the above address (attention: Legal Department, Meitu) or via e-mail at compliance@meitu.com.

Representative

Our representative in the European Union is Rivacy GmbH, you may contact our representative via e-mail at info@rivacy.eu or via registered mail at Rivacy GmbH, Hammerbrookstraße 90,20097 Hamburg.

Your rights as a Data Subject

As a data subject in the European Economic Area you have the following rights with regard to the processing of your personal data:

1. Right of access

As a data subject you have the right to obtain confirmation from us as to whether we are processing your personal data (Art. 15 para. 1 GDPR). If so, you also have the right to obtain access to the personal data and the information listed in Art. 15 para. 1 GDPR. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed.

2. Right to rectification

As a data subject, you have the right to rectification set out in Art. 16 GDPR, i.e. to have your inaccurate data processed by us rectification and incomplete personal data completed.

3. Right to erasure (“right to be forgotten”)

As a data subject, you have a right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Art. 17 para. 1 GDPR applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Art. 17 para. 1lit. a) GDPR).

If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Art. 17 para. 2 GDPR).

The right to erasure (“right to be forgotten”) does not apply if the processing is necessary for one of the reasons listed in Art. 17 para. 3 GDPR. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims (Art. 17 para. 3 lit. a) and e) GDPR).

4. Right to restriction of processing

As a data subject, you have a right to obtain from us the restriction of processing if one of the conditions provided in Art. 18 para. 1 GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (Art. 18 para. 1 lit. a) GDPR).

Restriction means that stored personal data are marked with the goal of restricting their future processing (Art. 4 para. 3 GDPR).

5. Right to data portability

As a data subject, you have a right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to point Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and the processing is carried out by automated means (Art. 20 para. 1 GDPR).

In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Art. 20 para. 2 GDPR).

6. Right to object

As a data subject, you have a right to object under the conditions provided in Art. 21 GDPR.

7. Right to withdraw consent

As a data subject, where consent is our legal basis for processing your personal data, you have the right to withdraw your consent at any time.

Right to lodge a complaint with a supervisory authority

As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in Art. 57 para. 1 lit. f GDPR.

Exercise of your rights under GDPR

As a data subject, you may exercise any of the rights listed above in accordance with the instructions and limitations set forth in “Data Retention and Correction, Update and Deletion” above.

Additional Information on Your Rights as a Data Subject

For further information on your rights as a data subject please refer to Art. 12 to 21 GDPR, which can be accessed here: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

隐私政策

最新修改日期:2019年【5】月【21】日

本隐私政策(“本政策”)旨在向您说明,在使用Pomelo APP(以下称“产品”或 “服务”)时,您应了解的内容:

一、我们如何收集和使用您的个人信息

二、我们如何使用Cookie

三、我们如何共享、转让、公开披露您的个人信息

四、我们如何保护您的个人信息

五、您的权利

六、我们如何处理未成年人的个人信息

七、您的个人信息如何在全球范围转移

八、适用法律及管辖

九、本政策如何更新

十、我们的联系方式

我们非常重视对您的个人信息的保护,我们也致力于维持您对我们的信任,我们承诺将按业界普遍适用的安全标准,采取相应的安全保护措施来保护您的个人信息。但需要特别说明的是,本政策不适用于其他第三方向您提供的产品或服务。如果您使用第三方提供的产品或服务,请关注第三方产品或服务的用户协议及隐私政策。

在使用我们的产品和服务前,请您务必仔细阅读并充分了解本政策。

一、我们如何收集和使用您的个人信息

(一)向您提供相关产品功能和/或服务

为实现以下各项产品功能和/或服务,我们可能需要向您收集相对应的个人信息,若您拒绝提供,则无法使用该等特定服务,但不影响您正常使用美图的基本产品功能及服务。

1、客户服务。当您向Pomelo提起投诉、进行咨询或申诉时,为了方便与您联系或帮助您解决问题,我们可能需要您提供姓名、手机号码、电子邮件其他有效的联系方式等个人信息。如您拒绝提供上述信息,我们可能无法向您及时反馈相关处理结果。

2、个性化推荐服务。我们会基于收集的信息,对您的性别、偏好、习惯、位置进行特征分析和用户人群画像(数据分析结果不会关联至特定用户身份),以便为您提供更适合的产品和/或定制化服务。为此,我们需要收集的信息包括您的设备识别码、语言及时区、使用本产品浏览记录

3、优化产品和服务。为维护我们服务的正常运行,以及排查产品故障、改进及优化我们的服务,我们会收集您的设备型号信息及设备分辨率、网络运营商及种类、网络类型信息。这类信息是为提供服务必须收集的信息,收集后即作去标识化处理,不会用于识别任何特定的用户。

(二)美图基于其它特别情况对您的个人信息的使用

1、如果您认为您的相关权利遭受侵犯,您可在【設定】页面中的【意见反馈】、通过我们对外公布的联系方式提起投诉、举报。在此过程中,我们将要求您提供个人有效身份信息以核实投诉、举报的真实性。此为个人敏感信息,我们将采取严格的保密措施,并不会向第三方进行共享。

2、请您理解,我们向您提供的功能和服务是不断更新和发展的,如果我们要将您的个人信息用于本政策未载明的其它用途,或基于特定目的将收集的信息用于其它目的,我们将以合理的方式(例如页面提示、交互流程、网站公告等)向您告知,并在使用前再次征得您的同意。

二、我们如何使用Cookie

为保证网站正常运行,为帮助您获得更轻松的访问体验,并向您推荐您可能感兴趣的信息,我们会在您的计算机或移动设备上存储名为Cookie的小数据文件。Cookie通常包含标识符、站点名称以及一些号码及字符。借助于Cookie,网站能够存储您的偏好等数据,以此帮助您免去重复填写个人信息、输入历史搜索内容等繁琐;同时我们还可能利用上述技术为您推荐、展示、推送您感兴趣的内容。您可根据自己的偏好管理或删除Cookie,您也可以清除计算机上保存的所有 Cookie。有关详情,请参见AboutCookies.org。我们不会将 Cookie 用于本政策所述目的之外的任何用途。大部分网络浏览器都设有阻止Cookie的功能,您可以通过浏览器设置选项清除计算机上保存的所有Cookie,但如果您这么做,可能会导致您在每一次访问我们的网站时都需要亲自更改用户设置。

三、我们如何共享、转让、公开披露您的个人信息

(一)共享

我们不会与任何公司、组织、个人分享您的个人信息,但以下情况除外:

1、在获取明确同意的情况下共享:获得您的明确同意后,我们会与其他方共享您的个人信息。

2、在法定条件下共享:我们可能会根据法律法规规定、诉讼争议解决需要、按照政府主管部门或司法机关依法提出的强制要求,对外共享您的个人信息。

3、在法律要求或允许的范围内,为了保护美图及其用户或社会公众的利益、财产或安全免遭损害而有必要提供您的个人信息给第三方。

4、与我们的关联公司共享:您的个人信息可能会与我司(厦门美图网科技有限公司)的关联公司进行共享,我们只会在为实现向您提供本产品相关功能和服务的目的下共享必要的个人信息且受本隐私政策所声明目的的约束。关联公司若要改变个人信息的处理目的,将再次征求您的授权同意。我们的关联公司包括:厦门美图网科技有限公司及其分、子公司;厦门美图之家科技有限公司及其分、子公司;厦门美图移动科技有限公司及其分、子公司等。我司及我司关联公司合称“美图”。

5、授权合作伙伴共享:仅为实现本政策中声明的目的,我们的某些服务将由授权合作伙伴提供。如技术支持服务。我们可能会与合作伙伴共享您的某些个人信息,以提供更好的客户服务和用户体验。我们仅会出于合法、正当、必要、特定、明确的目的共享您的个人信息,并且只会共享提供服务所必要的个人信息;同时,对我们与之共享个人信息的公司、组织和个人,我们会与其签署严格的保密协议,要求其按照我们的隐私政策以及其他任何相关的保密和安全措施来处理个人信息。我们的合作伙伴无权将共享的个人信息用于任何其他用途。我们的合作伙伴包括:

某些为我们提供技术分析服务的合作伙伴,会向我们的用户收集基于其信息安全规则完成去标识化处理的少量个人信息,以帮助我们进行营销分析,这些信息为设备信息(IMEI/IDFA、设备型号及语言、时区)。我们仅会选择国内管理规范的主流数据供应商,如Adjust、Facebook。尽管供应商可能发生变更,但无论如何,我们会在协议中敦促合作方遵守相关信息安全法规,切实保护用户个人数据。

(二)转让

我们将不会将您的个人信息转让给任何公司、组织和个人,但以下情况除外:

1、在明确获得您的同意的前提下,我们会向其他方转让您的个人信息;

2、在涉及合并、收购或破产清算时,如涉及到个人信息转让,我们会在要求新的持有您个人信息的公司、组织等主体继续接受此隐私政策的约束,如果本政策约定的个人信息的收集、处理方式、使用目的等发生改变,我们将要求该公司、组织等主体重新向您征求授权同意。

(三)公开披露

我们仅会在以下情况下,收集或公开披露您的个人信息:

1、获得您明确的同意后;

2、于法律法规、司法机关或行政主管部门的强制性要求,我们可能会披露您的个人信息。

(四)不经授权收集、共享、转让或公开披露个人信息的例外

根据相关法律法规的规定,在以下情形中,我们可以在不征得您的授权同意的情况下收集、共享、转让或公开披露您的个人信息。

1、与国家安全、国防安全等国家利益直接相关的;

2、与公共安全、公共卫生、公众知情等重大公共利益直接相关的;

3、与犯罪侦查、起诉、审判和判决执行等直接相关的;

4、出于维护您或其他个人的生命、财产、声誉等重大合法权益但又很难得到本人同意的;

5、根据您要求签订和履行合同所必需的;

6、用于维护所提供的产品或服务的安全稳定运行所必需的,例如发现、处置产品或服务的故障;

7、出于公共利益开展统计或学术研究所必要,且其对外提供学术研究或描述的结果时,对结果中所包含的个人信息进行去标识化处理的;

8、从合法公开披露的信息中收集到的个人信息的,如合法的新闻报道、政府信息公开等渠道;

9、法律法规规定的其他情形。

四、我们如何保护您的个人信息

我们已使用符合业界标准的安全防护措施保护您提供的个人信息,防止数据遭到未经授权访问、公开披露、使用、修改、损坏或丢失。我们会采取一切合理可行的措施,保护您的个人信息。例如,在您的浏览器与“服务”之间交换数据时受SSL加密保护;我们对产品提供的配套Web服务提供HTTPS安全访问方式;我们会使用加密技术确保数据的保密性;我们会使用受信赖的保护机制防止数据遭到恶意攻击;我们会部署访问控制机制,确保只有授权人员才可访问个人信息;以及我们会举办安全和隐私保护培训课程,加强员工对于保护个人信息重要性的认识。

我们会采取一切合理可行的措施,确保未收集无关的个人信息。我们只会在达成本政策所述目的所需的期限内保留您的个人信息,除非需要延长保留期或受到法律的允许。

互联网并非绝对安全的环境,而且电子邮件、即时通讯、及与其他用户的交流方式并未加密,我们强烈建议您不要通过此类方式发送个人信息。请使用复杂密码,协助我们保证您的账号安全。

互联网环境并非百分之百安全,我们将尽力确保或担保您发送给我们的任何信息的安全性。

在不幸发生个人信息安全事件后,我们将按照法律法规的要求,及时向您告知:安全事件的基本情况和可能的影响、我们已采取或将要采取=的处置措施、您可自主防范和降低风险的建议、对您的补救措施等。我们将及时将事件相关情况以邮件、信函、电话、推送通知等方式告知您,难以逐一告知个人信息主体时,我们会采取合理、有效的方式发布公告。同时,我们还将按照监管部门要求,主动上报个人信息安全事件的处置情况。

五、您的权利

按照中国相关的法律、法规、标准,我们保障您对自己的个人信息行使以下权利:

(一)删除您的个人信息

在以下情形中,您可以向我们提出删除个人信息的请求:

1、如果我们处理个人信息的行为违反法律法规;

2、如果我们收集、使用您的个人信息,却未征得您的同意;

3、如果我们处理个人信息的行为违反了与您的约定;

4、如果您不再使用我们的产品或服务,或者您注销了美图帐号;

5、如果我们终止服务及运营。

以上删除请求一旦被响应,我们还将同时尽可能通知从美图获得您个人信息的主体,要求其及时删除相应信息,除非法律法规另有规定,或者这些主体获得您的独立授权。当您从我们的服务中删除信息后,我们可能不会立即从备份系统中删除相应的信息,我们将会在备份更新时删除这些信息或者实现匿名化处理。

(二)撤回您的授权

如果您希望撤销同意我们收集、使用和披露您的其他个人信息或者希望我们更正、更新或删除您的个人信息,可通过本政策中的联系方式与我们联系。我们将会在收到您的电子邮件或者挂号信后的合理时间内处理您的请求并停止收集、使用和披露您的个人信息。

但请您理解并同意,当您撤回某些授权时,将导致与之相关的产品功能不可用,我们无法继续为您提供撤回同意或授权所对应的特定功能和/或服务,并且您撤回授权的决定不会影响此前基于您的授权而开展的个人信息处理。

(三)对于您的权利要求的响应

为保障安全,在您提出上述权利主张时,您可能需要提供书面请求,或以其他方式证明您的身份。我们将在验证您的身份后再处理您的请求。一般情况下,我们将在【15】天内做出答复。对于您合理的请求,我们原则上不收取费用,但对多次重复、超出合理限度的请求,我们将酌情收取一定费用。对于与您的身份不直接关联的信息、无端重复信息,或者需要过多技术手段(例如,需要开发新系统或从根本上改变现行惯例)、给他人合法权益带来风险或者不切实际的请求,我们可能会予以拒绝。

在以下情形中,按照法律法规要求,我们将无法响应您的请求:

1、与国家安全、国防安全有关的;

2、与公共安全、公共卫生、重大公共利益有关的;

3、与犯罪侦查、起诉、审判和执行判决等有关的;

4、有充分证据表明个人信息主体存在主观恶意或滥用权利的;

5、响应您的请求将导致您或其他个人、组织的合法权益受到严重损害的;

6、涉及商业秘密的。

六、我们如何处理未成年人的个人信息

我们特别重视未成年人的个人信息的保护。如果您为14周岁以下的未成年人,在使用我们的产品和/或服务前,请您务必在监护人的陪同下阅读本政策,并确保已征得您的监护人明确同意后,再使用我们的服务并向我们提供您的个人信息。

对于经监护人同意使用我们的产品或服务而收集未成年人个人信息的情况,我们只会在法律法规允许、监护人明确同意或者保护未成年人所必要的情况下使用、共享、转让或披露此信息。

如果您的监护人不同意您按照本政策使用我们的服务或向我们提供个人信息,请您立即终止使用我们的服务并及时通知我们。

如果您对您所监护的未成年人使用我们的产品/服务或其向我们提供的用户信息有任何疑问时,请您及时与我们联系。

七、您的个人信息如何在全球范围内转移

我们会按照法律法规的规定,将中华人民共和国境内(以下简称“中国”)收集的用户个人信息存储于中国境内。

我们承诺将使您的个人信息存储时间始终处于法律要求或合理必要的期限内。对于超出期限的个人信息,我们会立即删除或做匿名化处理。

由于我们通过遍布全球的资源和服务器向用户提供产品或服务,这意味着,在获得您的授权同意后,您的个人信息可能会被转移到您使用产品或服务所在国家/地区的境外管辖区,或者受到来自这些管辖区的访问。

此类管辖区可能设有不同的数据保护法,甚至未设立相关法律。在此类情况下,我们会确保您的个人信息得到在中华人民共和国境内足够同等的保护。例如,我们会请求您对跨境转移个人信息的同意,或者在跨境数据转移之前实施数据去标识化等安全举措。

八、适用法律及管辖

本隐私政策适用中华人民共和国大陆地区法律。本隐私政策项下争议,由被告住所地法院管辖。

九、本政策如何更新

我们的隐私政策可能会根据业务的调整、法律法规或政策的变化而适时变更。未经您明确同意,我们不会削减您按照本隐私政策所应享有的权利。我们会在专门页面上发布对本政策所作的任何变更。对于重大变更,我们会在产品或服务内通过弹窗、推送等方式向您提示。

若您不同意修改后的隐私政策,您有权并应立即停止使用我们的产品和/或服务。如果您继续使用我们的产品和/或服务,则视为您接受我们对本政策相关条款所做的修改。

本政策所指的重大变更包括但不限于:

1、我们处理个人信息的目的、处理个人信息的类型、个人信息的使用方式等发生变化;

2、您参与个人信息处理方面的权利及其行使方式发生变化;

3、个人信息安全影响评估报告表明存在风险时。

十、我们的联系方式

我公司为在中华人民共和国境内成立的【厦门美图网科技有限公司】,注册地址: 厦门市软件园二期望海路6号楼302单元。

如果您对本政策内容有任何疑问、意见、建议或进行申诉,您可通过以下方式联系我们:请发送电子邮件至个人信息保护专员:legal@meitu.com,也可以挂号信方式寄送至:中华人民共和国厦门市思明区软件园二期望海路6号楼2单元1-3层(收件人:美图公司-法务部)。

Privacy Policy

Last Modified: November 19, 2018

Your privacy is important to us.

Meitu (China) Limited ("Meitu", "we", "us" or "our") is dedicated to protecting the privacy of our users ("users" or "you"). This Privacy Policy (the "Policy") is meant to explain our practices regarding how we collect, store, use, manage and protect your user information (including your personal information) as a controller during your use of POMELO application including all its features (the "Services").

Please note that the scope of this Policy is limited solely to your user information (including your personal information) collected or received by Meitu when you are using the Services. In this Policy, "personal information" refers to any information or combination of information that can be used to identify, contact or locate an individual to whom the collected information pertains. Such personal information may include your name, gender, phone number, email address, date of birth, images, geo-location, personal identity number, identifiable biological information, and financial information (such as credit card or bank account number, WeChat Pay or Alipay account information).

BY USING OUR SERVICES, YOU ARE AGREEING TO THIS POLICY AND THE COLLECTION, USE, PROCESSING, RETENTION, DISCLOSURE AND SHARING OF YOUR USER INFORMATION, INCLUDING YOUR PERSONAL INFORMATION, IN THE MANNER PROVIDED IN THIS POLICY. IF YOU DO NOT AGREE WITH ANY OF THE TERMS OF THIS POLICY OR ANY SUBSEQUENT CHANGES TO THIS POLICY, PLEASE DO NOT USE OUR SERVICES.

Please note that it is mandatory for you to provide certain categories of data (as specified at the time of collection). In the event that you do not provide any or sufficient data marked as mandatory, we may not be able to complete the registration process or provide you with our Services. Also, please note that, unless we define a term in this Policy, all capitalized terms used in this Policy have the same meanings as in our Terms of Service. So, please make sure that you have read and understand our Terms of Service.

If you have any questions regarding this Policy or any privacy-related matters, please contact our Data Protection Officer via email at compliance@meitu.com, by phone at 6568127888 ,or via registered mail at 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Meitu).

The Information We Collect

In order to provide and improve the Services, Meitu will collect and process your personal information and user information in accordance with this Policy. If you do not provide this information, we may be unable to provide you with our products or Services. You should ensure that all personal information and user information submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with all or some of the Services.

The Information You Provide to Us

Mobile Device Information

When you use our Services on your mobile device, we will collect information about your device, including its International Mobile Equipment Identity ("IMEI"), Unique Device Identifier (“UDID”), Identifier for Advertising ("IDFA") and Identifier for Vendor ("IDFV"), Integrated Circuit Card Identifier ("ICCID"), Media Access Control ("MAC") address, the type of device you use, operating system version, and resolution, which will be used by us for statistical and/or analytical reasons, including without limitation to improve our technical functionality, server load-balancing, analysis of technical data relating to your mobile device so as to optimize the Services and graphics adaptation.

As stated below in the “Location Information” section, we may collect your location-based information from your mobile device if you choose to share it with us. If you subsequently wish to stop sharing Location Information, you may do so at any time by editing the relevant setting on your mobile device.

Mobile Analytics

We use mobile analytics software to allow us to better understand and improve the functionality of our Services. Such software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from.

Network Information

When you use the Services, we will collect information about the network you use, including the name of the operator and the type of network, so as to understand the distribution of operators and networks used by our users. In addition, we will collect information such as the name of the WiFi network to which you connect, the location of the WiFi network, and the duration of your WiFi connection to understand the environment under which you prefer to use our Services. We may use such information to provide customized services, for example to provide you with location-based advertising through push-notification.

Location Information

We will collect your Location Information, including the country code, latitude and longitude, network location, IP address and the system country and system time zone recorded on your device. This information will help us understand user distribution and usage scenarios and allow us to provide users with the correct version of our apps, the reappearance of the geo-location or the publishing of the real-time geo-location where you take any photos or shoot any videos, send relevant advertisements to you, and improve the Services. Except as otherwise provided in this Policy, we will not share this Location Information with any third parties. If you no longer wish to allow us to collect or use such information, you may turn off your Internet access or GPS, or disable our access to information about your network, GPS and device. Please note that we may still continue to receive some Location Information, such as your Network Information, IP address and system time zone, as a result of you using the Services.

Log Information

When you use some of the Services, including generating and browsing certain content, we will automatically collect certain relevant log information stored in POMELO ("Log Information"). Log Information may include (i) details on when and how often you use the Services, (ii) device statistics, including critical operation paths, errors, crashes, language and time zone. This Log Information is used to improve the Services and is NOT USED to identify our users individually.

Metadata

Metadata refers to technical data associated with user content. Put simply, metadata is data that describes data. For example, metadata can describe the analysis results of facial features, gender, age, race of the characters in photos and other elements contained in photos, which are generated and tagged by the computer algorithm and artificial intelligence. When you use the Services, we will use photo metadata to provide you with certain features including precise "Facial Recognition", "Key-Points Recognition", "Region Segmentation", "Content Tags" and other custom features based on a combination of these basic features. We may use your photo metadata to provide you with more suitable filters and better photo effect when our apps process your photos; we may also make use of the metadata to serve up a more contextually relevant products or services to you.

Cookies

When you are using the Services, Meitu or a third party designated by Meitu will use cookies, tags and scripts to collect information for the purposes of analyzing trends, managing the Services, tracking users activity on the POMELO and collecting demographics on the user base. Information collected may include information about your Internet Protocol (IP) address, browser type, Internet Service Provider (ISP), referring and exit pages, your operating system, dates and timestamps, and clickstream data.

Advertising

We and our third-party service providers may include advertisements within our Services, and may collect and use information about you such as your device identifier, geographic location and IP address for the purpose of delivering and tracking these advertisements. We will use this information to help us better count and track advertisements based on language, geographic location and other details. If you wish to opt out of interest-based advertising, you may opt out as your device permits. For more information, please contact us at compliance@meitu.com. Please note you will continue to receive generic ads after you opt out of interest-based advertising.

Information Collected by Third Party Services

Our Services provided to you may contain our service provider’s Application Programming Interfaces (APIs) or Software Development Kits (SDKs), which may have tracking tools of such service providers. These third parties may use cookies, APIs and SDKs on our Services and collect and analyze user information. In addition, some third party SDKs may allow advertisers to collect information in order to provide content that is more relevant to you. Third parties may access your information such as your device identifiers, region (defined as the location where a given language is used), location information and IP address under their respective privacy policies. If you want to know more about such third parties, you may send an email to compliance@meitu.com.

User Data Supplementation

We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products, services, and advertising that may be of interest to you. If you provide us with personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. Examples of the types of personal information that may be obtained from public sources or purchased from third parties and combined with information we already have about you, may include: Purchased marketing data about our customers from third parties that is combined with information we already have about you, to create more tailored advertising and products.

If you provide us any personal information of any third party, you shall obtain the consent of such third party for the collection, use and disclosure thereof by Meitu in accordance with these purposes. You further represent and warrant that in relation to any such third party personal information that you provide, you have obtained such consent for such collection, use and disclosure by Meitu.

Other Information

We may also collect other information which is not related to your identity. For example, we may collect information on the type and version number of your operating system to better understand system upgrades, we may collect information on your system language for the purpose of language adaptation, and we may collect your App list to understand user preferences. If we choose to collect such information, we will do so for the purpose of improving our Services provided to you.

How We Use Information

In addition to the uses listed above, we collect and use your user information and personal information for the following purposes:

Information Sharing and Disclosure

We will not sell any personal information to third parties. We may share your information with third parties who provide services on our behalf to help with our business activities. These services may include:

We will not share with or disclose to third parties (other than our service providers) your personal information in whole or in part except for the purposes of:

THIRD PARTY WEBSITES AND SERVICES

The Services may contain links to other websites and services. In addition, other websites and services may reference or link to our Services. These other domains and websites are not controlled by us, and Meitu does not endorse or make any representations about third party websites or services. We encourage our users to read the privacy policies of each and every website and service with which they interact. Visiting these other websites or services is at your own risk.

INFORMATION SECURITY

We will take reasonable measures to prevent the loss, improper use of, unauthorized access to or disclosure of information. For example, some of our Services will use encryption techniques (such as SSL) to protect your personal information. However, you understand and accept that (in the Internet industry) even though we take reasonable security measures, we cannot always guarantee that your information is 100% secure. You understand and accept that we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure. Further, you understand and accept that the system and communication network used by you to access our Services may fail due to factors beyond our control.

INFORMATION ACCESS AND CONTROL

We will take all reasonable and appropriate technical measures to ensure that you can access, update and correct your personal information or other personal information provided to us by you when using our Services. Before you access, update, correct or remove such personal information, we may verify your identity in order to protect the security of your account.

DATA RETENTION AND CORRECTION, UPDATE AND DELETION

Subject to applicable laws and regulations and the fulfillment of our business or legal purposes, we will retain your information (including your personal information) for such period as is required for us to continue to provide you with our Services. If you wish to withdraw your authorization to our collection, use and disclosure of your personal information, exercise your rights under GDPR or other applicable laws, or wish us to correct, update or delete your personal information, you may send an email to compliance@meitu.com or mail your request to 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Meitu). We will process your request in line with applicable laws within a reasonable period of time after receiving your email or mail, and will cease collecting, using and disclosing your personal information thereafter, subject to certain exceptions prescribed by law. Please note that if you withdraw your consent or delete your personal information, your use of some of our Services may be affected.

INFORMATION ABOUT CHILDREN

We will not knowingly collect or request personal information from children under 13 (or any other age stipulated by law applicable to your region). If you are under 13, please do not send your personal information to us, including your name, address, phone number or email address. If you believe we may have any information about children under 13, you may send an email to compliance@meitu.com or send a registered mail to 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Meitu). If we learn that we have collected personal information from children under 13 (or any other age stipulated by law applicable to your region), we will promptly take steps to delete such information and terminate the associated account.

CROSS-BORDER DATA TRANSFERS

You understand and agree that all information collected via or by Meitu may be transferred, processed, and stored anywhere in the world, including but not limited to, mainland China, the United States, the European Union, in the cloud, on our servers, on the servers of our affiliates, or the servers of our service providers, in order to provide the Services.

GOVERNING LAW

This Policy is established, comes into force, and will be enforced and interpreted under the laws of Hong Kong Special Administrative Region of the People's Republic of China, without regard to its conflict of law provisions. Any disputes arising hereunder will also be resolved in accordance with the Terms of Service. We do not represent or warrant that this Policy complies with the privacy law of any jurisdiction. Therefore, you should not interpret this Policy in accordance with such law.

AMENDMENTS TO THIS POLICY

You agree that we may update this Policy according to relevant laws and regulations or based on Meitu’s business decisions, and you agree to be bound by any such revisions hereto. We will post any significant changes to this Policy on POMELO or notify you by other means as required by law.

IF YOU ARE A RESIDENT OF CALIFORNIA

If you are a resident of California, every year we will provide you free of charge with an opportunity to obtain a list of third parties to which we have disclosed or with whom we have shared your personal information for their direct marketing purposes during the previous year. If you are a resident of California and wish to obtain this list, you may send an email with the subject "The right to privacy of a California resident" to compliance@meitu.com or send a registered mail to 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong (attention: Legal Department, Meitu).

FOR USERS IN THE EUROPEAN ECONOMIC AREA

If you are in the European Economic Area (“EEA”), we will not collect any of your information set forth above. However, we will process certain information related to your SIM card which enables us to verify whether you are in the EEA. We use this information to verify whether you are in the EEA and to prevent the processing operations outlined above. Where we are unable to collect such information we will ask you whether you are in the EEA. The legal basis for the processing of this SIM card data or your answer to the question about your whereabouts is the performance of a contract with you (Art. 6 para. 1 lit. b) of the Regulation (EU 2016/679 of the European Parliament and of the Council (“GDPR”)). Without the provision of such data we may not be able to provide you with any Services.

As we are located in the People’s Republic of China we are required to transfer this information to the People’s Republic of China. Please be aware that the European Commission has not issued an adequacy decision in relation to the People’s Republic of China.

We will retain this information for as long as needed to provide you with our Services.

Controller

The Controller for the purposes of Art. 4 no. 7 GDPR with respect to the processing outlined in this Policy is Meitu (China) Limited, 8106B, Level 81, International Commerce Centre, 1 Austin Road West, Kowloon, Hong Kong. You may contact us via registered mail at the above address (attention: Legal Department, Meitu) or via e-mail at compliance@meitu.com.

Representative

Our representative in the European Union is Rivacy GmbH, you may contact our representative via e-mail at info@rivacy.eu or via registered mail at Rivacy GmbH, Hammerbrookstraße 90,20097 Hamburg.

Your rights as a Data Subject

As a data subject in the European Economic Area you have the following rights with regard to the processing of your personal data:

1. Right of access

As a data subject you have the right to obtain confirmation from us as to whether we are processing your personal data (Art. 15 para. 1 GDPR). If so, you also have the right to obtain access to the personal data and the information listed in Art. 15 para. 1 GDPR. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed.

2. Right to rectification

As a data subject, you have the right to rectification set out in Art. 16 GDPR, i.e. to have your inaccurate data processed by us rectification and incomplete personal data completed.

3. Right to erasure (“right to be forgotten”)

As a data subject, you have a right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Art. 17 para. 1 GDPR applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Art. 17 para. 1lit. a) GDPR).

If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Art. 17 para. 2 GDPR).

The right to erasure (“right to be forgotten”) does not apply if the processing is necessary for one of the reasons listed in Art. 17 para. 3 GDPR. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims (Art. 17 para. 3 lit. a) and e) GDPR).

4. Right to restriction of processing

As a data subject, you have a right to obtain from us the restriction of processing if one of the conditions provided in Art. 18 para. 1 GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (Art. 18 para. 1 lit. a) GDPR).

Restriction means that stored personal data are marked with the goal of restricting their future processing (Art. 4 para. 3 GDPR).

5. Right to data portability

As a data subject, you have a right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to point Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and the processing is carried out by automated means (Art. 20 para. 1 GDPR).

In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Art. 20 para. 2 GDPR).

6. Right to object

As a data subject, you have a right to object under the conditions provided in Art. 21 GDPR.

7. Right to withdraw consent

As a data subject, where consent is our legal basis for processing your personal data, you have the right to withdraw your consent at any time.

Right to lodge a complaint with a supervisory authority

As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in Art. 57 para. 1 lit. f GDPR.

Exercise of your rights under GDPR

As a data subject, you may exercise any of the rights listed above in accordance with the instructions and limitations set forth in “Data Retention and Correction, Update and Deletion” above.

Additional Information on Your Rights as a Data Subject

For further information on your rights as a data subject please refer to Art. 12 to 21 GDPR, which can be accessed here: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.