Privacy Policy for Sleep Lab

Preface

Sleep Lab(hereinafter referred to as "this product") is a health & fitness software based on Android system mobile phone device (hereinafter referred to as "mobile phone"). Thank you very much for your trust in us.

This privacy policy will help you understand the followings:

1. How do we collect and use your personal information?

2. How do we store your personal information?

3. How do we share, transfer, and publicly disclose your personal information?

4. How do we protect your personal information?

5. Scope of application of the privacy policy

6. Alter and revisions to the privacy policy

7. The privacy policy taking effect

We hope that through this Privacy Policy we will explain how we collect, use, store, share and transfer your personal information when using this product, and how we protect it. Please read and understand this Privacy Policy carefully before using this product, and use our products or services after you have fully understood and agreed. By the time you start using this product, you understand and agree to this Policy and agree to the collection, use, storage and sharing of your information in accordance with this Privacy Policy. If you have any questions, comments or suggestions about the content of this policy, you can contact us through the various contact methods provided in this Privacy Policy.

 

  1. How do we collect and use your personal information?

We collect and use your personal information for the purposes set out in this Privacy Policy for the following purposes:

1.1  Improve our products and services

1.1.1 User experience improvement. We may collect International Mobile Equipment Identity (IMEI) and Network Equipment Address (MAC) encrypted by MD5 algorithm, advertising identifier IDFA, device model, system version number, operating system version number, system number, system ID number, screen resolution, type of Internet access, version number of this product, click time and frequency of one button, option values for certain key configurations, software crash log, using to count the number of users of our products, analyze product usage, version upgrade judgments, troubleshoot the causes of the crashes, and reduce crashes to continuously improve our products. This information does not involve personal information such as your personal identity and etc.

1.2 Security

To improve the security of your services provided by us and our affiliates and partners, protect the personal and property of you or other users or the public from being compromised, and better prevent phishing websites, fraud, network vulnerabilities, cyber attacks, network intrusions and other security risks, more accurately identify violations of laws and regulations or the rules of the relevant Years Technology agreements. We may use or integrate your account information, device information, software usage information, and information that our affiliates, partners obtain from you, or that are shared by law, for authentication, detection, and prevention of security incidents, and to take necessary actions in accordance with the law. Record, audit, analyze, and dispose of measures in accordance with the law.

1.3 Other uses

Subject to laws and regulations, we may post your personal information in an anonymized, aggregated, desensitized and encrypted form to form a statistical message or user portrait (but the image does not identify any individual), showing and pushing you related services, products, or features. If we use the information for other purposes not covered by this policy, or if the information collected for a specific purpose is used for other purposes, we will ask for your consent in advance.

1.4 Exception for authorization of consent

According to relevant laws and regulations, collecting your personal information in the following situations does not require your authorized consent:

1.4.1 Related to national security and national defense security;

1.4.2 Related to public safety, public health, and major public interests;

1.4.3 Relevant to criminal investigations, prosecutions, trials and execution of judgments;

1.4.4 Out of the protection of personal information or the personal lives and properties of other individuals but difficult to get your consent.

1.4.5 The personal information collected is disclosed to the public by yourself;

1.4.6 Collect personal information from legally publicly disclosed information, such as legitimate news reports, government information disclosure, etc.;

1.4.7 Required to sign a contract according to your requirements;

1.4.8 It is necessary to maintain the safe and stable operation of the products or services provided, such as discover and dispose the failure of products or services;

1.4.9 Required for legal news reporting;

1.4.10 When academic research institutions conduct statistical or academic research based on public interest and provide academic research or description results, de-identify the personal information contained in the results;

1.4.11. Other circumstances as stipulated by laws and regulations.

 

  1. How do we store your personal information?

Personal information we collect and generate within the territory of the People's Republic of China will be stored in the territory of the People's Republic of China.

In order to handle cross-border business, it is necessary to transmit relevant personal information collected in China to overseas institutions. We will implement it in accordance with laws, administrative regulations and relevant regulatory authorities. We will ensure that your personal information is adequately protected, such as anonymization, encrypted storage, and more.

If we stop operating the products or services that we love to edit, we will stop the activities of collecting your personal information in a timely manner, and notify you of the notice of suspension of operation by one-by-one delivery or announcement. And delete or anonymize the personal information we store.

 

3. How do we share, transfer, and publicly disclose your personal information?

3.1 Share

We do not share your personal information with any company, organization or individual, except in the following cases:

3.1.1 We may share your personal information in accordance with laws and regulations, litigation dispute resolution needs, or in accordance with the requirements of the administrative and judicial authorities.

3.1.2 We will share your personal information with other parties with your explicit consent.

3.1.3 We may share your personal information with our affiliates in the event that they provide services to you or us. However, we only share the necessary personal information, and the processing of your information by related parties is subject to this Privacy Policy. If the affiliate company wants to change the purpose of processing your personal information, it will ask for your authorization and consent again.

3.1.4 We will not share your personal information with third-party advertisers, application developers, open platforms or other partners unless you have expressly authorized and agreed to it. We may provide aggregated information, anonymized information, or other information that does not personally identify you. For example, we might tell the application developer how many people have installed the application they developed.

3.1.5 For the sole purpose of this Privacy Policy, we may share your personal information with our suppliers, service providers, consultants or agents to provide better customer service and user experience. These suppliers, service providers, consultants, and agents may provide us with technical infrastructure services, analyze how our services are used, measure the effectiveness of advertising and services, provide customer and payment services, conduct academic research and surveys, or provide legal, financial and technical advisory services. For example, we may occasionally invite registered users to participate in the sweepstakes. If you are lucky enough to win, we need to provide your personal information to the logistics service provider in order to send you our prizes.

3.2 Transfer

We will not transfer your personal information to any other company, organization or individual except in the following cases:

3.2.1 With the development of Years Technology business in the past years, we and our affiliates may conduct mergers, acquisitions, asset transfers or other similar transactions. If the transaction involves the transfer of your personal information, we will require that the new company, organization and individual holding your personal information continue to be bound by this policy, otherwise we will require the company, organization and individual to re-authorize your authorization.

3.2.2 By transferring with your clear consent, that is, with your clear consent, we will transfer other parties your personal information we have obtained from you.

3.3 Disclosure

We will only publicly disclose your personal information in the following circumstances:

3.3.1 Have obtained your explicit consent

3.3.2 We may disclose your personal information publicly in the event of legal, legal, litigation, or mandatory requirements of the government authorities.

3.3.3 Other circumstances as stipulated by laws and regulations.

 

4. How we protect your personal information?

We have taken industry-standard security measures to protect the personal information you provide and to protect your data from unauthorized access, public disclosure, use, modification, damage or loss. We will take all reasonable and practicable steps to protect your personal information.

4.1 We encrypt and transfer identifiable personally identifiable information to ensure the confidentiality of the data. For your mobile device identifier International Mobile Device Identity (IMEI), Network Device Address (MAC), we will use the MD5 algorithm for anonymization and encryption on your device side, and only collect and upload the anonymized and encrypted identifier.

4.2 If the user has registered our account, we may analyze the user's login time, IP, login times and other information to properly manage the risk. If there is a suspected non-login operation, we will remind the user via SMS to prevent your account from being logged in. For the data exchange between the mobile phone you use and our client, we use our custom encryption scheme and https double encryption to transmit in order to ensure the security of data transmission.

4.2.3 If our application uses WebView technology, we will perform URL verification on all file protocols used in WebView and restrict access to the application sensitive data and SDCard data, avoiding any private files of the product and sensitive information being maliciously stolen, without special permissions, causing your personal information to be compromised.

4.2.4 We deploy access control mechanisms on the server side, adopt a minimum authorization principle for staff who may be exposed to your personal information, and regularly check the list of visitors and access records.

4.2.5 The server system we store user personal information is a security hardened operating system. We perform account auditing and monitoring of server operations. If we find an externally announced server operating system with security issues, we will perform a server security upgrade in the first place to ensure the security of all our server systems and applications.

4.2.6 We have established a Personal Information Protection Responsibility Team to conduct personal information security impact assessments for the collection, use, sharing, and processing of personal information. At the same time, we have established relevant internal control system, adopting the principle of minimum sufficient authorization for the staff who may come into contact with your information; systematically monitoring the behavior of the staff to process your information, and we regularly organize personal information protection laws for staff members. Regulatory training to enhance staff awareness of personal privacy protection.

4.2.7 In the event of unfortunate incidents in which our physical, technical or management protective measures have been destroyed, we will promptly launch emergency plans to prevent the expansion of security incidents, report them to the competent national authorities in accordance with the requirements of laws and regulations, and promptly adopt pushes, announcements or otherĀ  reasonable and effective ways, in order to inform you about the basic situation of the security incident, the possible impact, the measures that have been taken or the measures to be take

4.2.8 After you terminate the use of the service, we will stop the collection and use of your information, except as otherwise provided by laws and regulations or regulatory authorities. If we stop operating, we will stop the collection of your personal information in a timely manner, notify you of the notice of suspension of operation or an announcement one by one, and delete or anonymize your personal information that we hold.

4.2.9 How do we protect the information of minors?

4.2.9.1 We expect parents or guardians to guide minors in using our services. We will protect the confidentiality and security of information of minors in accordance with the relevant laws and regulations of the country.

4.2.9.2 If you are a minor, it is recommended that your parent or guardian read this policy and use our services or provide us with your information with the consent of your parent or guardian. For the collection of your information with the consent of the parent or guardian, we will only use or publicly disclose this information if it is necessary by law, if the parent or guardian expressly agrees or protects your rights. If your guardian does not agree that you use our services or provide information to us in accordance with this policy, please terminate your use of our services immediately and notify us in time so that we can take appropriate action.

4.2.9.3 If you are a parent or guardian of a minor, please contact us through the contact details below when you have questions about the processing of the minors you are monitoring.

 

  1. Scope of the privacy policy

This privacy policy applies only to Sleep Lab. Other products and services of the company will use the privacy policy of the relevant products or services. In particular, this Privacy Policy does not apply to the followings:

5.1  Embedding Sleep Lab products (or services) into third-party products (or services), information collected by third-party products (or services).

5.2  Information collected by third-party services, advertisements, or other companies, organizations, or individuals that are connected to Sleep Lab products (or services).

 

6. Changes and revisions to the privacy policy

Our privacy policy may change. We will not limit your rights under this Privacy Policy without your clear consent.

We also provide noticeable notices of major changes to this Privacy Policy (for example, in the event of a software revision or upgrade, or when you log back in, you will be notified in a pop-up window)

Significant changes referred to in this policy include but are not limited to:

6.1 Our service model has undergone major changes. Such as the purpose of processing personal information, the type of personal information processed, the way in which personal information is used, etc.;

6.2 We have made major changes in terms of control and etc., such as ownership changes caused by mergers and acquisitions, etc.;

6.3 The main objects of personal information sharing, transfer or public disclosure have changed;

6.4 Significant changes in your rights to participate in the processing of personal information and how it is exercised;

6.5 When the responsible department, contact method and complaint channel responsible for handling personal information security change;

6.6 The personal information security impact assessment report indicates that there is a high risk.

 

7. Effectiveness of the privacy policy

This Privacy Policy will come into effect on Dec 19, 2019. You have any questions or comments about this Agreement and the content of the policy, or you have any questions or comments about the practice and operation of the Privacy Policy. You can contact us by Customer Service Hotline(or Email).