CHC Cloud Privacy Policy
Dear users,
CHC Navigation Europe Kft. and its affiliates (hereinafter referred to as "CHC", "we", "us" or "our") place a high priority on protecting your personal privacy. When you use the HC Cloud series products, (hereinafter referred to as "Cloud") operated by us, we will protect your personal information in accordance with the Privacy Policy (hereinafter referred to as "this policy") published on this Platform.
This Policy is designed to help you understand what personal data we collect, why we collect it, and how we protect it. This Policy describes our practices with respect to personal data we collect from or about you when you use this Cloud. We collect and process your personal data and provide services in compliance with relevant laws and regulations to protect your privacy and ensure data security.
Generally, we will collect and process your personal data only when it is necessary for the performance of a contract, the provision of services, or with your consent, unless otherwise specified for specific services we provide. In such cases, the rules for processing personal data may be elaborated in other privacy policies specifically published for that product and/or service. Please refer to the specific privacy policy. Additionally, we may explain our rules for processing your personal data through page notifications, pop-up reminders, information pushes, or other methods. The specific personal data processing rules for business functions of products or services will be subject to the information we provide to you.
This Cloud may contain links to third-party websites, third-party plugins, and other services (collectively referred to as “Third-Party Services”). This Policy does not apply to Third-Party Services integrated into our services. Your use of such Third-Party Services (including any personal data you provide to third parties) will be governed by the terms of service and privacy policies of those third parties, rather than this Policy. Please carefully read the terms of the third party for specific regulations. Besides, please protect your personal data properly and only provide it to a third party when necessary.
Before interacting with us, please carefully and thoroughly read and understand this Policy, especially the sections emphasized in old and/or underlined. Your agreement to this Privacy Policy only indicates your understanding of the functions provided by the Cloud and the necessary personal data required for the operation of those functions. It does not imply that you consent to the collection of non-essential personal data, which will be subject to explicit consent requests based on your authorization during use. Corresponding device permissions will not be enabled by default, and for important or sensitive device permissions, we will separately seek your consent through pop-ups when you access specific business functions. If you do not agree with this Policy, please do not use this Cloud or provide us with your personal data.
This Policy Will Help You Understand the Following Issues:
1. Collection and Use of Personal Data
2.Disclose Your Personal Data
3. How We Store and Protect Your Personal Data
4. Your Rights
5. How We Process Personal Data of Minors
6. Cross-Border Provision of Personal Data
7. Update of this Policy
8. How to Contact Us
9. Miscellaneous
I. Collection and Use of Personal Data
To facilitate your understanding, we have listed the business functions we provide, the purposes of processing, and the methods of collecting and using personal data as follows:
|
Business functions |
Personal data/ Information |
Purpose of Processing |
|
Registration and Log in |
Mobile number, e-mail, third parties account (google account), alias, region. |
- To set up your CHC account and facilitate your log in. The “CHC account” is the universal credential for CHC’s products and services, providing consistent user experience and security authentication. To provide unified, fast and secure account login experience when using CHC's products and services,your CHC account information may be shared and used among CHC's affiliates. We will use it only for specific, clear and legal purposes, and only provide service-necessary information. - To provide language and location customisation. |
|
Device Management |
Device name, device serial number, video serial number, and channel number (optional) |
-To device management,such as saving, managing and sharing data on your cloud. -During the provision of services, we may request your device’s system permissions to ensure proper service functions. |
|
Work Group |
Alias、mobile number |
-It is used for cooperative operation of personnel in the group and monitoring of personnel and personal risks. |
All the information mentioned above cannot reasonably be linked to an identified or identifiable natural person when used in isolation shall not constitute personal data under applicable laws. Where such information may directly or indirectly identify individuals through combination with other datasets, we will process it in compliance with applicable data protection laws.
The current use of system privacy permissions by this Cloud is as follows:
|
Permission |
Purpose |
|
Wireless network |
Ensure network connections for various functions |
|
Local pictures and videos access |
Receive pictures and videos provided by users to describe malfunctions |
|
Local files and documents access |
Read/write local files |
|
Location |
Get the current location of the device |
II. Disclose Your Personal Data
2.1 Data Sharing
2.1.1 We will not share your personal data with third parties other than CHC and its affiliates unless we obtain your prior explicit consent or as otherwise required by laws and regulations. However, exceptions apply to data that cannot identify specific individuals and cannot be restored to its original form.
2.1.2 Certain services may involve sharing specific personal data with partners to provide better customer service and user experience. We will only share personal data for legitimate, justifiable, necessary, specific, and clear purposes, and will only share the personal data that is essential for providing the services. Unless you provide additional authorization or as otherwise required by law, our partners are prohibited from using the shared personal data for other purposes.
2.1.3 We conduct due diligence on the data security environments of organizations and individuals with whom we share personal data. We require them to sign strict confidentiality agreements and process personal data by taking confidentiality and security measures in accordance with the law.
2.2 Data Transfer
2.2.1 We will not transfer your personal data to any organization or individual other than CHC and its affiliates except under the following circumstances:
(a) With your explicit prior authorization or consent;
(b) Comply with the requirements of laws and regulations, legal procedures, mandatory government requests, or judicial rulings;
(c) In the event that we are involved in transactions such as mergers, spin-offs, liquidations, acquisitions, or sales of assets or businesses, your personal data may be transferred as part of such transactions. We will ensure the confidentiality of such information during the transfer, inform you of the name, and contact details of the recipient, and make every effort to ensure that the new company or organization holding your personal data continues to be bound by this Privacy Policy. Otherwise, we will require the company or organization to re-seek your authorization and consent.
2.3 Public Disclosure
In principle, we will not proactively disclose your personal data. We will only disclose your personal data under the following circumstances:
(a) With your explicit consent;
(b) As required by applicable laws, regulations, legal procedures, or enforceable government requests;
(c) When issuing penalty announcements for non-compliant accounts or behaviors, we will disclose information related to the relevant account, which may inevitably include account-related authentication details and the circumstances of the violation.
2.4 Entrusted Processing
2.4.1 To provide you with better services, we may entrust third-party partners to process your personal data. Such processing will only be conducted for legitimate, justified, necessary, specific, and explicit purposes. We strictly limit the purposes for which the entrusted parties may process your information and require them to adopt adequate data security measures. If a third-party partner uses your information for purposes outside the purpose of our authorization, it will separately obtain your consent.
2.4.2 Explanation of Third-Party SDKs
To provide our services, ensure their normal operation, and fulfill other necessary purposes, we may integrate SDKs or other similar applications from authorized partners. Specific details are as follows:
|
Third-Party SDK Name |
SDK application Scenario |
Types of personal data collected and used |
Third-party company name |
Rules for processing personal data of third-party |
|
Amap Development Platform-Web Services API-Search POI |
Map display |
Address information |
Amap Software Co., Ltd. |
https://lbs.amap.com/pages/privacy/ |
|
Amap Development Platform-Web Services API-Geocoding/Inverse Geocoding |
Map display |
Address information |
Amap Software Co., Ltd. |
https://lbs.amap.com/pages/privacy/ |
|
Amap Development Platform-Map JS API-Map |
Map display |
Address information |
Amap Software Co., Ltd. |
https://lbs.amap.com/pages/privacy/ |
|
Alibaba Cloud SDK 2.0 |
Sending SMS and email |
Device information and operation behavior information |
Alibaba Cloud Computing Co. Ltd. |
https://terms.aliyun.com/legal-agreement/terms/suit_bu1_ali_cloud/suit_bu1_ali_cloud202107091605_49213.html?spm=5176.8195934.J_9220772140.29.23534378pDzn5k |
|
Huawei Cloud SDK |
user information interaction, file storage |
Device information and operation behavior information |
Huawei Cloud Computing Technology Co. Ltd. |
https://www.huaweicloud.com/declaration/sa_prp.html |
|
VK SDK |
User file storage |
Operation behavior information |
VK Cloud Platform |
https://cloud.vk.com/docs/en/additionals/start/legal/policy-privacy |
|
Google SDK |
Google Sign-in |
Google ID、Name、Image URL、Email |
Google LLC |
https://policies.google.cn/privacy?hl=zh-cn |
|
GeoServer |
Working group member position |
Device information and operation behavior information |
Creative Commons Corporation |
https://creativecommons.org/privacy/ |
2.4.3 We will not entrust third-party partners to process personal data that can directly identify you without your valid authorization. If you voluntarily provide your contact information, address, or other personal data to a specific third-party partner for direct communication, the third party will directly process your personal data, and we will neither retain nor use such information.
2.5 In the following circumstances, we are not required to obtain your prior authorization or consent for sharing, transferring, or publicly disclosing personal data:
(1) where your express consent or authorization is obtained in advance;
(2) where it is necessary to fulfill the legal obligations to which we are subject;
(3) where it is necessary to protect the vital interests of you or another person;
(4) where tasks in the field of public interest are carried out;
(5) where you disclose personal data to the public on your own;
(6) where your personal data is collected from legally disclosed information, such as legitimate news reports, government information disclosure, and other channels.
III. How We Store and Protect Your Personal Data
3.1. Storage Retention Period And Location
3.1.1 Depending on the context, content, and type of service, the storage duration of data may vary. We will retain your personal data for the period necessary to provide the service. However, in cases where laws or regulations specify a different retention period, you agree to a longer retention period, or retention is necessary for ensuring service quality, security, dispute resolution, or technical constraints, we may extend the retention period as required by law or agreement or within a reasonable scope after the expiration of the aforementioned retention period. Once the retention period expires, we will delete your personal data or anonymize it in accordance with legal requirements.
3.1.2 According to the country you selected when registering your account, if you live in the European Economic Area (EEA) and Switzerland, we will store your personal data in Ireland. If you live in North America, we will store your personal data in California. If you live in Asia (except Chinese mainland), we will store your personal data in Singapore. For some Asian countries or regions with specific legal requirements, we may adjust the storage location accordingly. If you live in Russia, we will only store your data in Russia. At the same time, we also support you to switch regions on the product page. If you switch, the corresponding personal data storage will also be switched.
3.2. Data Security Measures and Capabilities
3.2.1 To protect your information security, we implement all reasonable physical, electronic, and administrative security measures to prevent unauthorized access, use, alteration, public disclosure, damage, or loss of your information. We have taken all reasonable and feasible measures to protect your personal data. For example:
(a)Ensuring personal data security through security management, policies, procedures, network architecture, etc.;
(b)Using encrypted transmission protocols such as HTTPS and MQTTS to secure data transmission, and employing TLS-base certificates for mutual authentication between servers and devices, to ensure your personal data security during the transmission;
(c)Deploying access control mechanisms, establishing data classification and grading systems, and using hard-coded restrictions to limit user access, ensuring only authorized personnel can access personal data;
(d)Maintaining server-side and device-side logs for different business services to allow developers to quickly locate issues in the event of business vulnerabilities;
(e)Using various methods to anonymize and encrypt data.
3.2.2 We have established a comprehensive data security protection system for this Cloud, including:
(a)Formulating internal network security and data security management systems and operating procedures. Implementing security management measures, which include encryption storage, access control, log auditing, and data backup management, and other measures, to ensure data security and prevent unauthorized use. There are strict processing requirements for data collection, use, transmission, or anonymization, which can effectively prevent the illegal use of personal data;
(b)Managing employee permissions, establishing specialized roles responsible for user permissions, as well as building, operating, and maintaining authorization and access control systems;
(c)Conducting access reviews of information systems and implementing intrusion prevention, antivirus measures, etc., and periodic security assessments using professional vulnerability scanning and evaluation technologies to secure network devices, and repairing the system according to the results;
(d)Regularly assessing the security skills of personnel in positions responsible for information security management, inspection, and execution, as well as conducting security awareness assessments for employees in all positions.
3.2.3 You acknowledge that the internet environment and electronic data transmission are not entirely secure. We cannot guarantee that these measures will fully prevent any unauthorized access, use, or disclosure of your information.
3.2.4 We will take commercially reasonable steps to ensure that we do not collect irrelevant personal data. If non-essential personal data is unintentionally collected through automated collection technologies and your consent cannot be obtained, we will promptly delete or anonymize the information. We will retain your personal data only for the duration necessary to achieve the purposes stated in this Policy unless there are reasonable and necessary grounds or legal allowances for continued retention.
3.3 Security Incident Response and Notification
3.3.1 In the event of an information security incident (e.g., leakage, damage, or loss of personal data), we will promptly notify you as required by laws and regulations. The notification will include the nature and potential impact of the incident, the measures we have taken or will take, suggestions for your self-protection and risk mitigation, and any remedial actions we will offer.
3.3.2 We will notify you of the incident promptly via in-app notifications, email, or other methods. If it is difficult to notify each individual, we will use reasonable and effective means to issue a public announcement.
3.3.3 Please understand that, in accordance with laws and regulations, if the measures we take can effectively prevent harm from information leakage, tampering, or loss, we may choose not to notify you unless required to do so by regulatory authorities.
IV. Your Rights
In accordance with applicable laws, regulations, we strive to ensure that you enjoy the following rights during our processing of your personal data, including but not limited to:
4.1 Access, Copy, Rectify, and Transfer Your Personal data
4.1.1 Unless otherwise provided by applicable data protection laws, you have the right to access, copy, rectify, and transfer your personal data.
4.1.2 You may access to, copies of, or rectification of your personal data through "User Settings" and/or "Account Settings" under "Personal Center" .
4.2 Delete Your Personal data
4.2.1 You can contact us using the contact details in this Policy to request the deletion of personal data you voluntarily submitted after registration.
4.2.2 In the following circumstances, if we have not proactively deleted your personal data, you may request deletion through the contact details provided in this Policy:
(a) If we collect or use your personal data in a manner that violates laws or regulations;
(b) If our processing of personal data violates our agreement with you;
(c) If we cease operations or services, or the retention period has expired;
(d) Other circumstances stipulated by laws or administrative regulations.
4.2.3 We will endeavor to respond to your request for deletion within 15 working days of receipt.
4.2.4 If the legally mandated retention period has not expired or if deletion is technically infeasible, we will cease processing your personal data except for storage and the implementation of necessary security measures.
4.3 Restrict our processing of your personal data
If you are located in the EEA, you may also have the right to restrict our processing where one of the following applies:
(a) The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
(b) The processing is unlawful and you oppose the erasure of the personal data and instead, request the restriction of their use;
(c) We no longer need the personal data for the purposes of the processing, but we are required by you for the establishment, exercise, or defense of legal claims;
4.4 Your right to data portability
If you are located in the EEA, you may request us to send the personal data concerning you back to you, which you have provided to us, in a structured, commonly used, and machine-readable format and you may request us to transmit those data to another controller without hindrance from us to which the personal data has been provided, where the processing has legal basis and is carried out by automated means. Please kindly note that, however, if you exercise your right to object, restrict, or delete, we may not be able to provide to you some, or any, of the features and functionality of this Cloud.
4.5 Responding to Your Requests
4.5.1 We will strive to respond to your request within 15 working days. If you are dissatisfied with our response, you may file a complaint using the contact details provided in this Policy.
4.5.2 In the following circumstances, we may be unable to respond to your request in accordance with laws and regulations:
(a) Where we are not capable of identifying what is your personal data based on the information we control separately;
(b) Where it is directly related to national security or defense security;
(c) Where it is directly related to public safety, public health, or significant public interests;
(d) Where it is directly related to criminal investigations, prosecutions, trials, or the enforcement of judgments;
(e) Where the personal data controller has sufficient evidence to show that the personal data subject has malicious intent or is abusing his/her rights;
(f) Where it is necessary to safeguard the significant legitimate rights and interests of the individual or other individuals, such as life and property, but obtaining the individual’s consent is difficult;
(g) Where responding to your request would result in serious harm to the legitimate rights and interests of you, others, or organizations;
(h) Where the request involves trade secrets.
If our response does not meet your satisfaction, particularly if our processing of personal information has adversely affected your legitimate rights and interests, you have the right to lodge a complaint to the supervisory authority in your jurisdiction.
V. How We Process Personal Data of Minors
5.1 CHC places great importance on the protection of minors’ information. Please be aware that our website, products, and services are intended solely for adults with full civil capacity.
5.2 If we discover that we have collected personal data from minors without authorization from their parents or guardians, we will take reasonable steps to promptly delete it. If you discover that we have collected personal data from a minor under your guardianship without your consent, you may contact us using the contact information provided in this Policy, and we will delete the information in question.
VI. Cross-Border Provision of Personal Data
In compliance with applicable laws and regulations, personal data collected and generated by us within a jurisdiction will be stored either within its territorial boundaries or in cloud servers located in designated regions that adhere to the applicable legal requirements. If we need to transfer your personal data outside the region mentioned above, we will take necessary compliance measures to ensure the security and legality of the data transfer. We also take necessary technology and organization measures to ensure cross-border data transfer security and fulfill the mandatory obligations stipulated in applicable laws. For international transfer, we also require the overseas recipient(s) of your personal information to provide at least the adequate protection level set forth in this Privacy Policy and other separate agreements between us.
VII. Updates to This Policy
We reserve the right to update or modify this Policy from time to time. If our Privacy Policy changes, the latest version will be promptly updated on the homepage of this Cloud. For significant changes to the Privacy Policy, we may also notify you through various channels. If you disagree with the effective revisions, you may notify us through the contact information in this Policy. By continuing to use this Cloud, you indicate your acceptance of the revised Privacy Policy.
VIII. How to Contact Us
8.1 If you wish to exercise your data subject rights or have any questions, complaints, or suggestions about this Policy or any of the above content, please contact us through Email: datacompliance@huacenav.com
8.2 Generally, we will review and respond to your inquiry within 15 working days after receiving your contact information.
8.3 Requests that are not directly related to your identity, repetitive requests without reasonableness, or requests requiring disproportionate technical effort (e.g., development of new systems or fundamental changes to existing practices), those that pose risks to others’ legitimate rights and interests, or that are impractical may be declined by us.
8.4 If you are dissatisfied with our response, particularly if our personal information processing activities have infringed upon your legitimate rights and interests, you may also file a complaint or report to the regulatory authorities.
IX. Miscellaneous
9.1 This Policy may exist in multiple language versions. In the event of any inconsistencies or conflicts between versions, the English version of this Privacy Policy shall prevail.
9.2 The headings in this Policy are provided for convenience and readability only and do not affect the meaning or interpretation of any provisions in this Policy.