OceanBase International Privacy Policy
Release date of this version: August 31, 2022
Effective date: August 31, 2022
Overview
This OceanBase International Privacy Policy (this “Policy”) will help you understand:
I. How We Collect Personal Information
II. How We Use Cookie, Beacon, Proxy and Other Technologies
III. How We Store and Protect Personal Information
IV. How We Use Personal Information
V. How We Disclose Personal Information
VI. How You Can Exercise Your Rights regarding Your Personal Information
VII. Statement on Third Party Liability
VIII. No Intention to Collect Personal Information of Minors
IX. Application and Revision of the Policy
X. Notes to Key Terms Used in the Policy
OceanBase (referred to as “we”, “our” or “us” in this Policy) respects and protects your privacy. When you use our OceanBase cloud services offered in Singapore and other global jurisdictions (collectively referred to as “relevant services” or “services”), we will collect, store, use and/or disclose your personal information in accordance with this Policy. For the avoidance of doubt, this Policy does not apply to services offered within the mainland China region, which is governed by a separate privacy policy. We will also explain to you, through this Policy, how you may access, update, manage and protect your personal information held by us.
We primarily have contractual relationships only with corporations and other legal entities (“customer organizations”) when offering the services. In this Policy, “you” refers to individual authorised representatives or end users of our customer organizations, or individuals who otherwise access and visit our OceanBase website, applications or platforms.
This Policy is closely associated with your use of the services. We suggest you carefully read and understand all terms in this Policy and make choices you deem appropriate. We try to use plain and concise language, and for provisions that are vital to your rights or interests, we use words in bold for your attention.
We will collect, store, use and/or disclose your personal information as required in order to comply with the requirements of applicable laws and regulations, to provide relevant services and to improve the quality of such services. We will process your personal information in accordance with this Policy to enable our customer organizations and you to access quality, convenient, efficient and customised services and to better protect your account.
How We Collect Personal Information
In accordance with applicable laws and regulations, we may process your personal information in the following circumstances:
(1) when we obtain your express consent or your deemed consent under applicable laws and regulations;
(2) when it is necessary for the conclusion and performance of a contract;
(3) when it is necessary to fulfill our legal obligations, such as the necessary information required by laws and regulations about anti-money laundering, anti-terrorist financing and real-name management;
(4) when it is directly related to national security or national defense security;
(5) when it is necessary to respond to public health emergencies, or to protect the life, health and/or property safety of natural persons in an emergency;
(6) when it is directly related to a criminal investigation, prosecution, trial or enforcement of judgments, or to recover a debt;
(7) when the personal information has been made publicly available by an individual voluntarily and through other legitimate means (such as legitimate news reports, government information disclosure, etc.), and the processing of such publicly available personal information is reasonable and permitted by applicable laws and regulations;
(8) when it is necessary for the improvement of, or maintenance of, secure and stable operation of the services provided, or evaluative purposes such as to discover and deal with failure in the products or services; or
(9) other circumstances provided in applicable laws and regulations.
Please note that when we process your personal information in the above circumstances (2) – (9), we may not need to obtain your consent in accordance with, and to the extent permitted by, applicable laws and regulations.
When you use the services, we may need to collect your necessary personal information in the following circumstances in order to provide our customer organizations and you with relevant services, improve the quality of our services, safeguard the security of your account, and comply with applicable laws and regulations.
1. To perform obligations under applicable laws and regulations
With respect to the services, we may need to process your personal information to perform our obligations under applicable laws and regulations (e.g., measures to manage risks, etc.).
2. To provide account services
When you register accounts for relevant services on the OceanBase website, we may collect our customer organization’s name as well as your name, email address and other contact information from you.
3. To provide relevant services
In order to provide relevant services and to facilitate your access to relevant services, we will store necessary information generated or submitted when you use the relevant services. For example, when our customer organizations purchase OceanBase cloud services either through the OceanBase website or Amazon Web Services Marketplace or request for a refund, we may collect payment information (e.g., Alipay/bankcard account number), order information and billing information. When you use OceanBase cloud services and upload personal information, such personal information will be stored, processed and analyzed within the OceanBase cloud services as per your instructions. For the avoidance of doubt, generally we will not access any personal information and other data processed therein for the purpose of providing relevant services. We may however access such personal information to carry out customer care or technical support services as per your instructions, or otherwise upon your express authorisation.
We will also record the privacy, security, message notification, device/system permissions, and other settings you have completed for a particular service or a particular client-end, as detailed in the service page. Where you agree that we may send you certain types of messages, we will obtain your personal information or service information as necessary to provide message notification services.
4. To prevent risks and ensure security
In order to improve security, prevent unauthorised access to your personal information, protect you from viruses, Trojan horse programs or other malicious programs or websites, we may need to record the type and method of services you use, the operating information when using the services such as your IP address, location, browser information, any abnormal behaviour detected from you and other log information regarding the services. You may not be able to complete the relevant risk control verification of the services you use if you do not provide such information.
5. To provide customer services and improve the quality of services
In order to improve your experience of using our services and to improve the quality of our services or to recommend even better or more suitable services to you and our customer organizations, we will collect details about your activities when you use our services, information you provide when you contact our customer service team, and information you send us when you participate in a survey. If you do not provide such information, it will not affect your use of other services provided by us.
How We Use Cookie, Beacon, Proxy and Other Technologies
For easier user experience, we may identify you through small data files when you visit our OceanBase website or use any service provided by OceanBase, which could save you the trouble of repeatedly entering login information or help to determine whether your account is safe. Such data files may include cookies, flash cookies or other local storages provided by your browser or linked applications (collectively referred to as “cookies”). Please understand that some of our services are only available through cookies. You can change the cookie acceptance level or refuse our cookies if it is allowed by your browsers or browser add-ons. The “Help” section of the toolbar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, and how to disable cookies altogether. Additionally, you can disable or delete similar data used by browser add-ons, such as flash cookies, by changing the add-on settings or by visiting the website of the developer. However, such actions may under certain circumstances affect your secure access to our OceanBase websiteor use of services provided by OceanBase.
In addition, our OceanBase website may include some electronic images (referred to as “single-pixel GIF files” or “web beacons”). Through web beacons, a website can help to calculate the number of users visiting the webpage or access some cookies. We will use web beacons to collect data regarding your webpage browsing activities, such as webpage addresses visited by you, the reference pages previously visited by you, your browser environment and your display settings.
If, where applicable, you use any service provided by any third party other than OceanBase through our OceanBase website or platform, to keep your account secure and for safer user experience, we may use a private network protocol and proxy technology (referred to as “private network channel”). With the private network channel, we can help you identify high risk sites that are already known to us and thus reduce risks associated with phishing and account breaches arising from those sites. The private network channel can also better protect the common rights and interests of you and third parties by preventing lawbreakers from tampering with the services expected by you and third parties, including advertisements injection and illegal contents tampering caused by unsecure routers and illegal base stations. Meanwhile, we may obtain and preserve information about your computer, such as IP address, hardware ID and the location of the pages you visited.
How We Store and Protect Personal Information
1. Personal information collected and generated by us about you may be transferred and/or stored outside your country/region of residence. Generally, personal information uploaded or transferred by you to the OceanBase cloud services will be stored with our service provider Amazon Web Services in Singapore or the United States, as the case may be. In carrying out such international transfers, we will follow the requirements of applicable laws and regulations, and will require such overseas recipients of your personal information to ensure that the standard of protection provided by such overseas recipients of personal information is comparable to that under applicable laws and regulations of your country/region of residence.
2. We will only retain your personal information for the period necessary for the purposes set forth in this Policy and within the timeframe required by applicable laws and regulations.
3. We maintain data protection and security. To safeguard your personal information, we are dedicated to exploiting various security technologies and supporting management systems to reduce the risks of your personal information being divulged, corrupted or lost, misused, revised, accessed or disclosed without authorisation, strictly restricting access to the data center and using private network channels and network proxies.
4. We have appointed staff responsible for personal information protection. We have also developed a relevant internal control system, and adopted the authorisation principle of minimal and sufficient use by employees who may have access to your personal information. We systematically monitor the data processing activities of our employees.
5. We have formulated emergency plans for personal information security incidents and regularly arrange relevant internal personnel to receive emergency response training and to conduct emergency exercise, so that they are able to master the responsibilities of their position and the strategies and procedures for emergency response. If, unfortunately, any personal information security incident occurs, we will act in accordance with applicable laws and regulations and, where required, inform you in a timely manner of the basic information and possible impact of the security incident, measures taken or to be taken by us, suggestions for you to take precautions on your own and to reduce risks, remedial measures taken for you, etc.
6. While we take information security measures to protect your personal information, please also ensure that you keep your account login name and other identifiers in a safe manner. When you use the services, we will identify you by your account login name and other identifiers. Once you divulge such information, you may suffer from losses and adverse legal consequences against you. If you find that your account login name and/or other identifiers may be or have been divulged, please contact us immediately so that we may take appropriate measures to avoid or mitigate the relevant losses.
7. Upon our customer organizations’ termination of using the services, we will stop collecting your personal information, except as otherwise provided by applicable laws and regulations or required by regulatory authorities. If the retention period of relevant personal information required by applicable laws and regulations has not expired or there are other circumstances under which the relevant personal information shall not or need not be deleted according to applicable laws and regulations, we will continue to retain such personal information while ceasing to process such personal information, except for storage and taking necessary security protection measures. If we cease operations, we will promptly stop collecting your personal information, and will inform our customer organizations you of the cessation, and delete or anonymize the personal information held by us.
How We Use Personal Information
1. To comply with applicable laws and regulations, to provide relevant services and to improve service quality, or to safeguard the security of your account, we will use your personal information under the following circumstances:
(1) achieving the purpose set forth in “How we collect personal information” under this Policy;
(2) sending you a service notification to update you on the status of the relevant services used by you;
(3) using your personal information for authentication, security, monitoring of fraud / account theft / suspicious transactions, prevention or prohibition of illegal activities, risk mitigation and prevention, archiving and backup purposes to ensure the stability and security of the relevant services, protect the security of your account, and fulfill legal obligations;
(4) reporting to the relevant authorities in accordance with applicable laws and regulations;
(5) inviting you to participate in customer survey and research in respect of various products or services;
(6) conducting statistical analysis and processing of your personal information, in order to provide you with more accurate, customised, smooth and convenient services, or to help assess, improve or design products, services and operational activities, etc.; and
(7) in order to improve your user experience and/or recommend better or more suitable services to you, providing you with marketing notifications, commercial electronic messages or advertisements, in accordance with applicable laws and regulations. If you do not want to receive such information, you may unsubscribe to the same or turn off the recommendation function in the settings of the relevant services using the methods provided by us.
2. When we use relevant personal information for any purpose other than those set forth in this Policy, we will inform you accordingly and obtain your consent, if required, pursuant to applicable laws and regulations.
How We Disclose Personal Information
1. Sharing of your personal information
(1) Sharing of your personal information for business
Your personal information will be shared by us with third parties. Such third parties include (a) our affiliates and other partners, (b) our third party service providers and contractors, (c) our authorised agents, (d) our professional advisers, (e) law enforcement agencies, courts, governmental bodies and regulatory authorities to whom we may be legally required to make disclosures, and (f) any individuals or entities involved in any merger, acquisition, corporate reorganisation, financing or similar transaction involving the sale of all or part of our assets.
(2) Complaints handling
To perform our legal obligations and to protect the legitimate rights and interests of you and others, we may, when you lodge a complaint about others or are complained by others, provide your name, contact information, and the relevant contents of the complaints to the relevant consumer rights protection authority and/or the regulatory authorities to resolve such complaints or disputes in a timely manner, except where expressly prohibited by applicable laws and regulations.
2. Public disclosure
We will in principle not disclose your personal information publicly. If public disclosure is required, we will inform you of the requisite information about the public disclosure, and obtain your consent, to the extent required by applicable laws and regulations.
How You Can Exercise Your Rights regarding Your Personal Information
1. We will take appropriate technical measures to ensure that you can access, update and correct your personal information and exercise your other rights to personal information provided under applicable laws and regulations. You may carry out the relevant operations by yourself based on the functions provided on our webpages or contact us.
2. If you become aware that any collection or use of your personal information by us is in violation of applicable laws and regulations or has breached any agreement with you, you can contact us to request the deletion of the corresponding information.
3. Notwithstanding the foregoing, we may not be able to respond to your request under certain circumstances to the extent permitted by applicable laws and regulations, for example, if there is sufficient evidence that the request is manifestly unfounded or vexatious.
4. When we cooperate with a third party organization (such as Amazon Web Services) to provide services, to the extent required by applicable laws and regulations, your use of such third party organization’s services will be subject to its published privacy policy or other terms and conditions (if any). Please read the relevant policies and terms carefully; if you have any questions, you may consult the third party organization which provides the services you use.
5. If you have any questions about this Policy or have any complaints or comments on the processing of your personal information, please contact us via the following channels:
Email address: DPO_OceanBase@service.oceanbase.com
We will respond to you within the timeframe required by applicable laws and regulations. We need to verify your identity and credentials to protect your information security. Depending on your country/region of residence, you may have the right to lodge a complaint with the supervisory authority or initiate legal proceedings in a court of competent jurisdiction.
Statement on Third Party Liability
Please note that the platform on which this Policy is published may contain links to third party websites. These third parties may place their own cookies or pixel tags or otherwise collect and process your personal information that are beyond our control and which may not be subject to this Policy. While we will use commercially reasonable efforts to require these entities to take measures to protect your personal information, we cannot guarantee that these entities will take all the protective measures as requested by us. You are therefore kindly asked to contact these entities directly to understand the details of their privacy policies. If you find that there exists any risk in webpages created by, or applications developed by, these third parties, you are recommended to cease the use of such webpages or applications to protect your legal rights and interests.
No Intention to Collect Personal Information of Minors
Our website is not intended for, and we will not knowingly collect personal information from, minors under the age of majority in your country/region of residence.
Application and Revision of the Policy
Unless there is a separate privacy policy for relevant services or there are any special provisions in the relevant users’ service agreement, this Policy is applicable to all the services of OceanBase.
We may update this Policy in due course upon any significant changes as follows:
(1) changes in our corporate particulars, such as: changes in ownership arising out of any mergers, acquisitions and restructuring;
(2) changes in the scope, purpose, rules and method of collecting, storing and using personal information;
(3) changes in the recipients that may receive personal information, scope, purpose and/or method of disclosing personal information;
(4) changes in the way you access to and manage your personal information;
(5) changes in data security capabilities and information security risks;
(6) changes in the channels and mechanisms for user inquiries and complaints, and in external dispute resolution agencies and the contacts; or
(7) other changes that may have a material effect on your rights and interests in respect of your personal information.
If this Policy is updated, we may notify you by ways of emails/SMS, portal, platform or website message or announcements on our OceanBase website. In order for you to receive such notifications in a timely manner, it is advisable that you notify us promptly upon any update to your contact information. If you continue to use relevant services after the Policy updates become effective, you are deemed to have fully read, understood and accepted the updated Policy and that you are willing to be bound by such updated Policy.
You may view this Policy on the homepage of our OceanBase website.
Notes to Key Terms Used in the Policy
1. For the purpose of this Policy, “OceanBase” or “we”, “our” “us” means OceanBase Singapore Pte. Ltd. or OceanBase Hong Kong Limited, as the case may be.
2. For the purpose of this Policy, “personal information” has the meaning ascribed to the term “personal information”, “personal data”, “personal identifiable information” or other equivalent term under applicable laws and applications.
3. For the purpose of this Policy, “identifiers” means the information used by us to verify your identity, such as your account login name, password, SMS verification code, telephone number, and mobile number, in each case to the extent necessary and narrowly restricted to achieve the purpose of processing.
