Data Security and Personal Data Protection Commitment
Last updated on: August. 25, 2021
1.1 Data: means any information provided by TalkingData in the form including numbers, texts, graphics, ICONS, video, software, database, etc., and/or the data report or presentation data you may access pursuant to Cooperation Terms, including but not limited to the personalized user labels or portrait information from TalkingData's database, information related to your products and brands, and any other data or information provided by the TalkingData.1.2 Personal Data: means any information relating to an identified or identifiable natural person ; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, date of birth，an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 1.3 Personally Sensitive Data: means any personal data directly related to personal and property safety, reputation, physical and mental health and fair treatment, etc. Such as Id Card number, biometric information, genetic data, bank account number, communication records and contents, property information, credit information, trajectory information, accommodation information, health and physiological information, transaction information, and personal data of children under/at the age of fourteen.1.4 Personal Data Security Incident: means any act of causing accidental or unlawful destruction, loss, modification, unauthorized disclosure or access to transmit, store or otherwise process personal data. 1.5 Privacy Laws: means any applicable data privacy laws, regulations, standards , government regulatory authorities' guidelines and regulations in any jurisdiction relating to the safety and protection of personal data, as well as the revised, updated or reissued version to the above Privacy Laws from time to time. 1.6 Personal Data Subject, Processing, Control and other concepts expressed the same meaning as the “GB/T 35273-2017 Information Security Technology Personal Data Security Specifications” given.
2. Principles and contents
2.1 TalkingData and You shall both have a good ability to organize and manage data security, take data security protection, detection and corresponding measures to prevent data loss, damage, disclosure and tampering, and ensure data security.2.2 TalkingData and You shall undertake the obligation to protect Personal Data being controlled or processed, adopt corresponding security protection technology and measures, avoid Personal Data Security Incidents, and effectively protect the rights and interests of Personal Data subject.2.3 If the service requirement involves Personal Sensitive Data, You shall make an explicit disclosure and presentation to TalkingData in advance.2.4 TalkingData and You shall both comply with the following commitment：If any party receives claims or requests from Personal Data Subject exercising their rights on the Personal Data, it will promptly notify the other party of such claims or requests and the measures to be taken, and it also has the right to request the other party to assist with appropriate technical and organizational measures in accordance with the Privacy Laws.2.5 TalkingData and You shall establish own security emergency response mechanisms and notify the other party by mail, fax or other written way without undue delay after becoming aware of existing or potential data safety issue under Cooperation Terms, such as Personal Data Security Incident. 2.6 At the reasonable request of TalkingData, You shall take appropriate measures to assist TalkingData to comply with Privacy Laws or other applicable obligations, including data security, notification and communication of data violations, impact assessment of data protection, prior negotiation, account abilities or other obligations.
3. Liability and compensation
3.1 TalkingData and You shall undertake the obligation to protect data security and Personal Data under its own respective control. Defaulting party shall indemnify, protect and hold the other party and its officers, directors and employees harmless from and against any and all claims, costs, damages, fines, losses, liabilities, costs, expenses and attorneys' fees (collectively "Claims"), to the extent such Claims (including from Data Subjects, data protection authorities or other regulatory bodies) are caused by, arise out of, or are connected with a violation by Default party of Privacy Laws.3.2 If either party ( "defaulting party") violates this Commitment, the other party shall have the right to demand the defaulting party to correct, at its own expense, any non-compliance with the statutory requirements or this undertaking within a specified reasonable period. If the circumstances are serious or reasonable measures above are not taken, the other party shall terminate the cooperation unilaterally.
4.1 TalkingData and You shall take all necessary steps to ensure reliability and suitability of individuals authorized to access Personal Data under Cooperation Terms, including ensuring that such personnel (employed or engaged by a party or by an authorized subcontractor) has undertaken appropriate training on their personal duties and obligations under Privacy Laws and this Commitment, and shall indemnify any and all Claims are caused by, arise out of, or are connected with such personnel.4.2 This Commitment shall remain valid during the cooperation between You and TalkingData and shall be an effective part of the Cooperation Terms.4.3 If any provision of this Commitment is invalid due to its conflict with applicable laws and regulations, it shall be deemed that other provisions are still valid. The rights and obligations between You and TalkingData will be determined in accordance with the applicable laws and regulations.