Personal Information Protection Policy
Beijing Haitian Ruisheng Science Technology Ltd.
Beijing Haitian Ruisheng Science Technology Ltd. (hereinafter referred to as “Speechocean”) is mainly engaged in the R&D, design, production and sales of training data. The data used by Speechocean during the business operations is mainly collected and acquired by Speechocean and raw data collection suppliers initiatively. Attaching great importance to the protection of personal information, Speechocean has always been trying its utmost to protect the safety and reliability of the personal information collected and used. This policy is applicable to the personal information acquired and collected by Speechocean and raw data collection suppliers initiatively. Please carefully read and understand this “Personal Information Protection Policy” before your participation.
Date of last update: August 2020.
If you have any questions, comments or suggestions, please contact us through the following methods:
Email: [dpo@speechocean.com]
Telephone: [010-62660053]
Fax: [010-62660053 ext. 8103]
You can understand the following information through this policy:
1. How do we collect and use your personal information
2. How do we protect your personal information
3. Your rights
4. How do we process children’s personal information
5. How is your personal information transferred globally
6. How is this policy updated
7. How to contact us
Speechocean understands the importance of personal information to you and will do its best to protect your personal information, to make it safe and reliable. We are committed to living up to your trust and abide by the following principles to protect your personal information: the principle of integration of right and responsibility, the purpose specification principle, the optional consent principle, the principle of least necessity, the principle of ensuring security, the principle of subject participation, the principle of openness and transparency, etc. At the same time, Speechocean promises that it will adopt corresponding security protection measures to protect your personal information in accordance with the mature security standards of the industry.
Please carefully read and understand this “Personal Information Protection Policy” before participating in the collection of personal information.
1. How do we collect and use your personal information
(1) What personal information about you do we collect
● The personal information we collect mainly includes your voice, images, videos, portraits, and text content of emails and messages, etc., which will be directly used for our AI training data business; you can choose to provide or allow us to collect the aforesaid information;
● Besides the collection of the above-mentioned personal voice, images and other data, you will be asked to voluntarily fill in personally identifiable information such as name, age, gender, ID number, contact information, etc. during the collection of specific projects, so that we can verify whether you meet our requirements as a collection object, and keep the data collection records to protect your rights to withdraw authorization and delete personal information in accordance with the law.
(2) How do we use your personal information
● We will process the non-personally identifiable information such as voice, images, videos, portraits, and text content of emails and messages in your above personal information and use it to provide data resource services to third-party customers.
● For the personally identifiable information such as your name, age, gender, ID number, contact information, etc. in your above personal information, it will be only used by us to verify your eligible subject identity and keep the data collection records to protect your personal information rights; we will not provide it to a third party or use it for other purposes unless we have clearly informed you and obtained your consent.
(3) How do we entrust the processing of, share, transfer and publicly disclose your personal information
1. Entrusted processing
For your data of the aforementioned non-personally identifiable information, we will entrust an external service provider to assist in processing such as collection and labeling.
For the companies, organizations and individuals we entrust, we will sign strict confidentiality agreements with them, requiring them to process personal information in accordance with our requirements, this personal information protection policy and any other relevant confidentiality and security measures.
2. Sharing
We will not share your personal information with any other company, organization or individual, unless we have obtained your explicit consent.
We may share your personal information externally in accordance with laws and regulations, or compulsory requirements of government authorities.
3. Transfer
We may transfer your data of the above non-personally identifiable information without involving any of your personally identifiable information to third-party customers due to the needs of providing training data services and products to third-party customers.
We will not transfer your personal information to any other companies, organizations or individuals, except in the following circumstances:
a) Transfer with your explicit consent: after obtaining your explicit consent, we may transfer your personal information to other parties;
b) When we get involved in merger, acquisition or bankruptcy &liquidation, if it involves the transfer of personal information, we will require the new company or organization that holds your personal information to continue to be bound by this personal information protection policy; otherwise, we will require the company or organization to apply for your authorization again.
4. Public disclosure
Your personal information will be publicly disclosed only under the following circumstances:
a) With your explicit consent;
b) Disclosure according to law: your personal information may be publicly disclosed when required by law, legal procedures, litigation or mandatory requirements of government authorities.
2. How do we protect your personal information
(1) We have used safety protection measures that comply with industry standards to protect the personal information you provide, to prevent unauthorized access, public disclosure, use, modification, damage or loss of data. We will take all reasonable and feasible measures to protect your personal information. For example, the physical records of your personal information will be stored in a secure place with access restrictions; your personally identifiable information and data will be stored separately on our servers, and the servers will also be placed in safe places and protected by adequate data security measures; sensitive personal information such as your ID number and contact information has been de-identified; encryption technology will be used when data needs to be transmitted on the Internet, and data access rights are controlled according to the assigned roles of the system and corresponding safety monitoring and audit system, etc. Only employees authorized by us (persons who have received training in handling personal data and are bound by confidentiality rules) can access these records and servers when “there is a need to know” and “it is necessary to use”.
(2) We have obtained the “Management System Certification Certificate” issued by Cesi Certification Co., Ltd., which proves that our company's information security management system complies with GB/T22080-2016/ISO/IEC27001:2013 “Information Technology-Security Techniques-Information Security Management Systems-Requirements”, covering the information security management activities related to the design and development of computer application software, intelligent voice, computer vision, natural language and other AI data resource products and services.
(3) Our data security capabilities:
1. We have independently developed an integrated data processing platform, collection software, tools, etc., embedded in the data security management requirements of the business process, and have realized that, except for specific project requirements, most of the terminal collection data are directly uploaded to the servers, and the labeling work is mainly processed in our own platform; security measures such as encryption have been adopted to store and transmit data information; regular scanning for vulnerabilities in business systems and repair of business system vulnerabilities have been performed in a timely manner; IPS, IDS and other security devices have been deployed in the network environment, etc.
2. We have formulated a set of systems including “Data Security Management System”, “IT Security Management Measures”, “Storage Server Use Specifications and Methods”, “Network Security Specifications”, “Data Backup Specifications” and “Network Emergency Response Mechanism”. Meanwhile, we have also established the regulations and procedures for personal information protection and data security management. Our Data Protection Officer is assigned to be responsible for comprehensively coordinating the implementation of the personal data protection system. In addition, we have established the types and authorized access strategies of data held by various departments that contain personal information, and regularly conduct personal information security impact assessments and security audits, and establish emergency response mechanisms for personal data leakage, etc.
(4) We will take all reasonable and appropriate measures to ensure that irrelevant personal information is not collected. Your personal information will be retained within the required timeframe according to the relevant agreements and management needs, unless the retention timeframe needs to be extended or is permitted by law.
(5) The Internet environment is not 100% secure. Nevertheless, we will try our best to ensure or guarantee the security of all information you send to us. If our physical, technical, or management protection facilities are damaged and cause damages to your legal rights and interests due to unauthorized access, public disclosure, falsification, or destruction of information, we will bear the corresponding legal responsibility.
(6) In the unfortunate event of a personal information security incident, we will promptly inform you in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, and suggestions for you to independently prevent and reduce risks, remedial measures for you, etc. We will promptly inform you about the incident by email, letter, telephone, etc. If it is difficult to inform the subject of personal information one by one, we will take a reasonable and effective way to make an announcement. At the same time, we will also actively report the handling of personal information security incidents in accordance with the requirements of the regulatory authorities.
3. Your rights
You can exercise the following rights with respect to your personal information in accordance with relevant Chinese laws, regulations and standards, as well as common practices in other countries and regions:
(1) Access your personal information
You have the right to access your personal information, except for exceptions provided by laws and regulations. If you want to exercise data access right, you can contact us at any time through the methods listed in Article 7. We will reply within 30 days after receiving your request.
(2) Correct your personal information
When you find an error in the personal information that we process about you, you can request us to make corrections. You may submit a correction request through the methods listed in “(1) Access your personal information”, and we will respond to your correction request within 30 days.
(3) Delete your personal information
You may request us to delete your personal information in the following situations:
1. Our handling of personal information violates laws and regulations;
2. We collect and use your personal information without obtaining your consent;
3. Our handling of personal information breaches our agreement with you.
If we decide to respond to your deletion request, we will also notify the entities that have obtained your personal information from us and require them to delete your personal information in a timely manner, unless otherwise stipulated by laws and regulations, or those entities have obtained your independent authorization.
When you delete information from our service, we may not delete the corresponding information in the backup system immediately; nevertheless, we will delete the information when the backup is updated.
(4) Change the scope of your authorization
For our collection and use of your personal information, you can contact us through the methods listed in Article 7 to grant or withdraw your authorization and consent.
After you withdraw your consent, we will no longer process your corresponding personal information. However, your decision to withdraw your consent will not affect the previous processing of personal information based on your authorization.
(5) Account cancellation by the personal information subject
You may contact us through the methods listed in Article 7 to cancel the account you registered previously at any time.
After you cancel your account, you will not be able to provide us with data collection service through the system, and we will delete your personal account information based on your request, unless otherwise provided by laws and regulations.
(6) In response to your above request
To ensure safety, you may need to provide a written request or prove your identity in other ways. We may ask you to prove your identity before processing your request. A corresponding reply will be given within 30 days. If you are not satisfied, you can also initiate a complaint to us through the methods listed in Article 7.
We may reject requests that are unreasonably repeated, require excessive technical means, cause risks to the legitimate rights and interests of others, or are very unrealistic and unfeasible.
We will not be able to respond to your request in the following situations:
1. It is related to personal information controllers fulfilling their obligations stipulated by laws and regulations;
2. It is directly related to national security and national defense security;
3. It is directly related to public safety, public health, and major public interests;
4. It is directly related to criminal investigation, prosecution, trial and execution of judgments;
5. The personal information controller has sufficient evidence to show that the personal information subject has subjective malice or abuse of rights;
6. It is out of protection of the significant legal rights such as life or property of the personal information subject or other individuals, but it is difficult to obtain the consent of the person;
7. Responding to the request of the personal information subject will cause serious damage to the legal rights of the personal information subject or other individuals or organizations;
8. It involves business secrets.
4. How do we process children's personal information
We will not collect children’s personal information without the consent of the guardian.
For the children's personal information collected with the consent of the guardian, we will only use it when it is permitted by law, or we have obtained the guardian's explicit consent, or it is a necessity for protecting the child.
Though local laws and customs define children differently, anyone under the age of 14 will be treated by us as a child.
5. How is your personal information transferred globally
In principle, the personal information we collect and use within the territory of the People's Republic of China will be stored in the territory of the People's Republic of China.
However, since we provide products or services to customers all over the world, it will mean that after obtaining your authorization and consent, your personal information may be transferred to overseas jurisdictions in other countries/regions, or may be accessed by those jurisdictions.
Such jurisdictions may have different data protection laws or even no relevant laws. In such cases, we can only ensure that your personal information will be sufficiently and equally protected within the territory of the People's Republic of China.
6. How is this policy updated
Our personal information protection policy may be changed. Without your explicit consent, we will not reduce your rights in accordance with this personal information protection policy. We will post all changes made to this policy on this page.
For major changes, we will also provide more noticeable notifications.
The major changes referred to in this policy include but are not limited to:
1. Our service model has undergone major changes, such as the purpose of processing personal information, the type of personal information processed, the way of using personal information, etc.;
2. Significant changes have taken place in our ownership structure and organizational structure, such as changes in owners caused by business adjustments, bankruptcy & acquisition, etc.;
3. The main objects of personal information sharing, transfer or public disclosure have changed;
4. Your right to participate in the processing of personal information and the way to exercise it has undergone major changes;
5. Our responsible department, contact method and complaint channel for handling personal information security have been changed.
We will also archive the old version of this policy for your review.
7. How to contact us
If you have any questions, comments or suggestions about this personal information protection policy, or if you want to exercise your rights to your own personal information in accordance with this privacy policy, please feel free to contact us by email (dpo@speechocean.com).Generally, we will reply within 30 days after receiving your request.
If you are not satisfied with our response, especially if our personal information processing behavior has damaged your legal rights and interests, you can also turn to other channels such as court litigation or other administrative supervision departments for solutions.