个人信息保护政策

最近更新时间:2022年01月
首页 关于我们

个人信息保护政策

Personal Information Protection Policy

最近更新时间:2022年01月

北京海天瑞声科技股份有限公司(以下简称“海天瑞声”)主要从事训练数据的研发设计、生产及销售业务。海天瑞声业务经营中使用的数据,主要通过海天瑞声及原料数据采集供应商主动收集获取。海天瑞声非常重视个人信息保护,并会尽全力保护所收集、使用的个人信息安全可靠。本政策适用于海天瑞声及原料数据采集供应商主动收集获取个人信息,请您具体参与前仔细阅读并了解本《个人信息保护政策》。

最近更新日期:2020年8月。

如果您有任何疑问、意见或建议,请通过以下联系方式与我们联系:

电子邮件:【dpo@speechocean.com】

电 话:【010-62660053】

传 真:【010-62660053 ext. 8103】

 

本政策将帮助您了解以下内容:

一、我们如何收集和使用您的个人信息

二、我们如何保护您的个人信息

三、您的权利

四、我们如何处理儿童的个人信息

五、您的个人信息如何在全球范围转移

六、本政策如何更新

七、如何联系我们

 

海天瑞声深知个人信息对您的重要性,并会尽全力保护您的个人信息安全可靠。我们致力于维持您对我们的信任,恪守以下原则,保护您的个人信息:权责一致原则、目的明确原则、选择同意原则、最小必要原则、确保安全原则、主体参与原则、公开透明原则等。同时,海天瑞声承诺,我们将按业界成熟的安全标准,采取相应的安全保护措施来保护您的个人信息。

 

请您在参与个人信息收集前,仔细阅读并了解本《个人信息保护政策》。

1、How We Collect Your Personel Information

(1) What personal information we collect about you
 
● The personal information we collect mainly includes your voice, image, video, portrait, email text content, etc., which are directly used as business data for us to engage in AI training data business; you can choose to provide or allow us to collect the above information;
 
● In addition to collecting the above-mentioned personal voice, image and other business data, you will be arranged to voluntarily fill in personal identity information such as name, age, gender, ID number, contact information, etc. when collecting specific items, so that we can verify that you meet our requirements for the collection . requirements, and retain data collection records to ensure that you exercise your personal information rights such as withdrawal of authorization and deletion in accordance with the law.
 
(2) How we use your personal information
 
● We will process non-personally identifiable information such as sounds, images, videos, portraits, text content of emails and text messages in your above personal information and use it to provide data resource services to third-party customers.
 
● For your name, age, gender, ID number, contact information and other personally identifiable information in your personal information above, we will only use it to verify your identity as a qualified subject and keep data collection records to protect your personal information rights; We will not provide it to third parties or use it for other purposes unless we explicitly inform you and obtain your consent.
 
(3) How we entrust processing, sharing, transfer, and public disclosure of your personal information
 
1. Entrusted processing
 
For your business data of the above-mentioned non-personally identifiable information, we will entrust external service providers to assist in collection, labeling and other processing.
 
For the companies, organizations and individuals we entrust, we will sign strict confidentiality agreements with them, requiring them to process personal information in accordance with our requirements, this personal information protection policy and any other relevant confidentiality and security measures.
 
2. Sharing
 
We will not share your personal information with any company, organization or individual other than our company, unless we obtain your explicit consent.
 
We may share your personal information externally in accordance with laws and regulations, or in accordance with the mandatory requirements of government authorities.
 
3. Transfer
 
We will transfer your business data of the above non-personally identifiable information to third-party customers due to the need to provide training data services and products to third-party customers, without involving any of your personally identifiable information.
 
We will not transfer your personal information to any other company, organization or individual, except in the following circumstances:
 
a) Transfer with explicit consent: After obtaining your explicit consent, we will transfer your personal information to other parties;
 
b) When mergers, acquisitions or bankruptcy liquidation are involved, if personal information transfer is involved, we will require the new company or organization that holds your personal information to continue to be bound by this personal information protection policy, otherwise we will require the company, The organization asks you for authorization again.
 
4. Public disclosure
 
We will only publicly disclose your personal information under the following circumstances:
 
a) After obtaining your explicit consent;
 
b) Disclosure d on law: We may publicly disclose your personal information under the circumstances of laws, legal procedures, lawsuits or mandatory requirements of government authorities.

2、How We Protect Your Personal Information

(1) We have implemented industry-standard security measures to protect the personal information you provide, preventing unauthorized access, disclosure, usage, alteration, damage, or loss of data. We will take all reasonable and feasible actions to secure your personal information. For instance, physical records of your personal data are kept in securely restricted locations. Your personal identification information and business data are stored separately on our servers, which are also secured and protected by adequate data security measures. We have de-identified sensitive personal information such as your identity card number and contact details. For internet data transmission, we use encryption technology, and data access permissions are controlled by system-assigned roles and corresponding security monitoring and auditing systems. Only authorized employees (those who have received personal data handling training and are responsible for confidentiality) are allowed to access these records and servers under a "need-to-know" and "need-to-use" basis.

(2) We have obtained a Management System Certification issued by Beijing CEC Certification Co., Ltd., which verifies that our company's information security management system complies with GB/T22080-2016/ISO/IEC27001:2013 "Information Technology - Security Techniques - Information Security Management System Requirements". The coverage includes information security management activities related to the design and development of computer application software, intelligent voice, computer vision, natural language, and other artificial intelligence data resource products and services.

(3) Our data security capabilities:

We have independently developed an integrated data processing platform, collection software, tools, etc., which data security management requirements into business processes. The majority of terminal collection data is directly uploaded to servers except for specific project needs, and annotation work is mainly processed on our own platform. We store and transmit data information using security measures such as encryption. We regularly scan for vulnerabilities in our business systems and ly repair them. We deploy security devices such as IPS and IDS in the network environment.

We have established systems including the "Data Security Management System", "IT Security Management Method", "Storage Server Usage Specifications and Methods", "Network Security Specifications", "Data Backup Specifications", "Network Emergency Response Mechanism", and others. We have appointed a data protection officer to oversee the implementation of personal data protection systems. We've established the types of data containing personal information held by each department and the authorized access strategy, regularly conduct personal information security impact assessments and security audits, and have established emergency handling mechanisms for personal data leaks.

(4) We will take all reasonably practicable measures to ensure that unrelated personal information is not collected. We will retain your personal information for the period required according to the relevant agreement and management needs, unless an extension of the retention period is required or permitted by law.

(5) The internet environment is not 100% secure, but we will do our utmost to ensure or guarantee the security of any information you send to us. If our physical, technical, or administrative defenses are compromised, leading to unauthorized access, disclosure, alteration, or damage of information, and thus causing harm to your lawful rights and interests, we will bear the corresponding legal responsibilities.

(6) In the unfortunate event of a personal information security incident, we will ly inform you of the basic circumstances and possible impacts of the security incident, the actions we have taken or will take, suggestions for you to independently defend against and mitigate risks, and remedies for you, all in accordance with legal and regulatory requirements. We will ly inform you of the incident-related circumstances through email, letter, phone, etc. If it is difficult to inform each personal information subject individually, we will issue a public notice in a reasonable and effective manner. At the same time, we will proactively report the handling of the personal information security incident to regulatory authorities as required.

三、您的权利

按照中国相关的法律、法规、标准,以及其他国家、地区的通行做法,我们保障您对自己的个人信息行使以下权利:

(一)访问您的个人信息

您有权访问您的个人信息,法律法规规定的例外情况除外。如果您想行使数据访问权,您可以随时通过第七条所列方式联系我们。我们将在收到您的请求30天内回复。

(二)更正您的个人信息

当您发现我们处理的关于您的个人信息有错误时,您有权要求我们作出更正。您可以通过“(一)访问您的个人信息”中罗列的方式提出更正申请,我们将在30天内回复您的更正请求。

(三)删除您的个人信息

在以下情形中,您可以向我们提出删除个人信息的请求:

1、如果我们处理个人信息的行为违反法律法规;

2、如果我们收集、使用您的个人信息,却未征得您的同意;

3、如果我们处理个人信息的行为违反了与您的约定。

若我们决定响应您的删除请求,我们还将同时通知从我们获得您的个人信息的实体,要求其及时删除,除非法律法规另有规定,或这些实体获得您的独立授权。

当您从我们的服务中删除信息后,我们可能不会立即在备份系统中删除相应的信息,但会在备份更新时删除这些信息。

(四)改变您授权同意的范围

对于个人信息的收集和使用,您可以通过第七条所列方式联系我们以给予或收回您的授权同意。

当您收回同意后,我们将不再处理相应的个人信息。但您收回同意的决定,不会影响此前基于您的授权而开展的个人信息处理。

(五)个人信息主体注销账户

您随时可注销此前注册的账户,您可以通过第七条所列方式联系我们。

在注销账户之后,您将无法通过系统为我们提供数据收集服务,我们将依据您的要求,删除您的个人账户信息,法律法规另有规定的除外。

(六)响应您的上述请求

为保障安全,您可能需要提供书面请求,或以其他方式证明您的身份。我们可能会先要求您验证自己的身份,然后再处理您的请求。我们将在30天内作出答复。如您不满意,还可以通过第七条所列方式向我们发起投诉。

对于那些无端重复、需要过多技术手段、给他人合法权益带来风险或者非常不切实际、不可行的请求,我们可能会予以拒绝。

在以下情形中,我们将无法响应您的请求:

1、与个人信息控制者履行法律法规规定的义务相关的;

2、与国家安全、国防安全直接相关的;

3、与公共安全、公共卫生、重大公共利益直接相关的;

4、与刑事侦查、起诉、审判和执行判决等直接相关的;

5、个人信息控制者有充分证据表明个人信息主体存在主观恶意或滥用权利的;

6、出于维护个人信息主体或其他个人的生命、财产等重大合法权益但又很难得到本人同意的;

7、响应个人信息主体的请求将导致个人信息主体或其他个人、组织的合法权益受到严重损害的;

8、涉及商业秘密的。

四、我们如何处理儿童的个人信息

如果没有监护人的同意,我们不会收集儿童的个人信息。

对于经监护人同意而收集儿童个人信息的情况,我们只会在受到法律允许、监护人明确同意或者保护儿童所必要的情况下使用此信息。

尽管当地法律和习俗对儿童的定义不同,但我们将不满 14 周岁的任何人均视为儿童。

五、您的个人信息如何在全球范围转移

原则上,我们在中华人民共和国境内收集和使用的个人信息,将存储在中华人民共和国境内。

由于我们通过向遍布全球的客户提供产品或服务,这意味着,在获得您的授权同意后,您的个人信息可能会被转移到其它国家/地区的境外管辖区,或者受到来自这些管辖区的访问。

此类管辖区可能设有不同的数据保护法,甚至未设立相关法律。在此类情况下,我们会确保您的个人信息得到在中华人民共和国境内足够同等的保护。

六、本政策如何更新

我们的个人信息保护政策可能变更。未经您明确同意,我们不会削减您按照本个人信息保护政策所应享有的权利。我们会在本页面上发布对本政策所做的任何变更。

对于重大变更,我们还会提供更为显著的通知。

本政策所指的重大变更包括但不限于:

1、我们的服务模式发生重大变化。如处理个人信息的目的、处理的个人信息类型、个人信息的使用方式等;

2、我们在所有权结构、组织架构等方面发生重大变化。如业务调整、破产并购等引起的所有者变更等;

3、个人信息共享、转让或公开披露的主要对象发生变化;

4、您参与个人信息处理方面的权利及其行使方式发生重大变化;

5、我们负责处理个人信息安全的责任部门、联络方式及投诉渠道发生变化时。

我们还会将本政策的旧版本存档,供您查阅。

七、如何联系我们

如果您对本个人信息保护政策有任何疑问、意见或建议,或欲根据本隐私政策行使您对自己的个人信息的权利,欢迎与我们联络,联络方式为电邮至dpo@speechocean.com,一般情况下,我们将在收到您的请求30天内回复。

如果您对我们的回复不满意,特别是我们的个人信息处理行为损害了您的合法权益,您还可以通过其它途径如法院诉讼或向其他行政监管部门寻求解决方案。

contact@dataoceanai.com