SUBFI Privacy Policy

Last Updated: March 16, 2021

Preface

SUBFI provide users (hereinafter referred to as “you”) with relevant software, website and relevant products or services contained relating to SUBFI businesses (including but not limited to PC terminal, mobile terminal, collectively referred to as “SUBFI services” or “our services”). We are keenly aware that personal information is important to you and for such matter, we’re dedicated to protecting your personal information.

This SUBFI Privacy Policy (hereinafter also referred to as “this Policy”) is to explain to you the rules to collect, use, store, process and protect your personal information as well as how you can effectively control your personal information while using SUBFI services (whether you are browsing users or registered users).

To clearly present relevant contents of this Policy, we emphasize important terms in bold and add definition of relevant key terms. You should read this Policy carefully in full and pay special attention to the terms in bold which (might) be of great significance to you. Your consent to this Policy or continued usage of SUBFI services will be deemed as consent and authorization for us to collect, use, store and process your personal information as per this Policy. We will update this Policy from time to time and will notify you of such in one or several manners by push notification, website announcement or pop-ups.

Please contact us anytime when you have any question concerning this Policy.

Contents

I. How do we collect and use your personal information

II. How do we share and disclose your personal information

III. How do we store and protect your personal information

IV. What are your rights to control your personal information

V. Protection of minors

VI. About this Policy

VII. Contact us

VIII.Dispute resolution

IX. Definition of key terms

I How do we collect and use your personal information

A. Collection

We will collect and use some of your personal information while you are using SUBFI services. The type and manner of personal information that we collect and use depend on the way you use our services and we may collect your information via different ways.

1. Information you provided

(1) During registering or logging in an account

When you register or log in, you need to provide some of your personal information, including your phone number or email, password . You should ensure the correctness of such information. We collect such information to provide account registration and log-in services and to protect your account and prevent safety risks.

(2) During using customer service

When you use customer service, we will collect your information provided, such as your name, contact and address. When you use customer service, to ensure your account and system safety, we may require some of your personal information first for verification. Upon verification, we will provide you with customer service based on  your contact (phone number/email/other contact), your communications with us (including text/picture/audio and video) and other necessary information related to your request. During this period, we will collect the personal information you provided, so as to solve your problems.

2. Information we automatically collected

When you use SUBFI services, we will automatically collect some of your information such as your equipment information and your activities with SUBFI services, which includes

(1) Equipment information

When you use our video displaying/playing/downloading and caching, we will automatically collect your equipment information including your IP address, equipment type, model, name, Universally Unique Identifier, type and setting of browser, operating system, language setting, mobile network information (including operator name and phone number), APP version, storage and other IT information. We may also collect information as to how your equipment interacts with our websites, including the page you visited and links you clicked. We collect such to realize the most basic product and service functions, protect your account and system and provide continuous and stable services to you.

(2) Information used in SUBFI services

When you use SUBFI services, we will automatically collect the information such as the video you’re watching, words (including voices) you searched, times you browse videos and advertisements and interact with them, your purchase information, information you favor/share, your age, gender, interest and hobby. We collect such to provide you with the contents you need. Meanwhile to better understand users, we will use such to analyze your appetite for videos, so as to recommend you in real time quality videos and advertisements that you might be interested in.

(3) Your location information

We will collect your location information while you use our services to enable certain practical functions, such as recommending quality videos and advertisements in your area. We will roughly infer your location based on IP address.

(4) Log information

We will automatically collect the logs when you use SUBFI services, which might be obtained via using Cookie, web beacon, log file, programming script, e-tag or other manners.

3. Information from a third party

We may obtain your personal information indirectly from a third party, which includes:

(1) Third-party account information: if you use the account of a third party platform (such as: Facebook/Google/Apple ID/.../span> ) to log in our services, we will obtain your account information from such platform ( including your name, profile photo, phone number, email specifics, subject to your authorization), so as to create or log in SUBFI account, provide services enjoyed by log-in users, protect your account and prevent security risks

(2) Information obtained from public sources: such as government published data and public data on social media platform.

(3) Information obtained from other sources.

You acknowledge that we can’t and will not obtain any of your personal information from a third party without your authorization. If we need to obtain your personal information indirectly from a third party due to business cooperation and the like, we will ensure lawful collection and use of such information on multiple levels and by multiple means: (1) we will take measures including but not limited to signing contracts to ensure as much as possible that such third party has obtained your consent or is collecting your personal information within the scope permitted by relevant laws and regulations; (2) we (or the third party) will explicitly present to you the source, type, purpose and manner of use, business function and scope of authorization of relevant personal information (we will obtain your consent again if the manner and scope of use exceed the original authorization); (3) ask the third party to commit to the lawfulness of the source of personal information by an agreement or others, and if such third party violates the agreement, we will explicitly demand the bearing of relevant responsibilities; (4) our professional security team will improve the guard for personal information. We will protect the personal information indirectly obtained with the equal protection means and measures no less than the level we did with our own users.

B. Use of personal information

We will use the information collected from SUBFI services for the following purposes according to the type of relevant information:

(a) Conclusion and performance of an agreement with you and execution of the agreement there between;

(b) Provision, processing, maintenance, R&D and improvement of SUBFI services (including video content, advertisement and paid services);

(c) Provision of personalized recommendations (including video content and advertisement);

(d) Evaluation of your application (if relevant) and reply to your question/consultation/feedback/dispute;

(e) Handling of your registration and log-in request, verification and performance of your transactions related to online payment;

(f) Communication with you, including sending commercial promotion information, operation activity notice and update of agreement;

Regarding one or more contact information provided by you or collected by SUBFI in SUBFI services (such as email, phone number, e-message and address), we may contact you during operation and send you security verification information, product and service updates, activity detail, discounts, user experience survey, etc. Please be assured that if you are unwilling to accept our commercial information, you can unsubscribe via the method provided via e-message, email, etc. or directly contact us to unsubscribe.

(g) Monitoring, prevention or investigation of any fraudulent or abusing acts, security risk or technical issues damaging SUBFI, you or the public, protection of your account and system security and improvement of the security and reliability of SUBFI services;

(h) Market survey and trend analysis, and comprehensive statistics, data analysis, processing and investigation related to SUBFI services.

To apply your information for the aforesaid purposes, we may use different technologies to process the information. We will first obtain your consent if using your information for purposes not covered by this Policy.

C. Cookie Terms

Cookie is a small file containing character strings sent to or stored in your computer, mobile equipment or other devices while you log in and use websites or other network contents (usually after encryption). Similar technologies of Cookie refer to ones with similar purpose with Cookie, such as Web Beacon, Proxy and inserted script. In this Policy, we will refer to such technologies collectively as “Cookie”. Generally, we will use Cookie to collect your personal information during registration, log-in and use of our services, such as your habits of visiting websites, your browsing history and log-in information.

We use Cookie mainly for simplifying relevant operations (such as remain logged in), protecting your account and our products, recording your preferential settings, recommending contents that meet your personal needs and might interest you, improving user experience, analyzing your usage to improve our services, etc.

You can manage or delete the Cookie already stored in your computer, mobile equipment or other devices via related functions of your browser or other equipment. Part of our services can only be available with Cookie and if you refuse or delete it, you may not use relevant services or obtain optimal service experience, meanwhile it also may affect the protection of your information and account.

II How do we share and disclose your personal information

A. Sharing

1. Your sharing

You can share your personal information or other information with any third party (including unspecified objects) based on SUBFI services. For example, you can choose email, SMS, social APP (such as Facebook) or other applications to share relevant information when you using the sharing function of our services. The information you shared to any third-party applications will be controlled and processed by such third party, subject to its service terms and privacy policy. You should solely bear the responsibility for any disclosure, misuse or similar circumstances due to your sharing and we shall bear no responsibilities in this regard.

2. Our sharing

We usually don’t share your personal information with any third party, except in one or multiple of the following circumstances where we will do such as per the legal requirements of your judicial jurisdiction:

2.1 Where you make the proposal to share or prior consent of sharing has been obtained;

2.2 Internal sharing within SUBFI group companies

To successfully provide you with relevant services of SUBFI, we may share internally your information with our related companies. If our related companies change the purpose for use of your personal information or the aforesaid sharing involves cross-border data transmission, we will again obtain your authorization and perform data compliance duties required by the laws and regulations of relevant country.

2.3 Sharing with business partners

You understand and agree that some of our services will be provided by our business partners or jointly therewith, and that you agree that we can share your necessary personal information with the following partners for the sake of this Policy:

a. service provider, such as promotion agency, payment agency, logistics provider, other partners providing services including Apple pay, Google pay and Salesforce.

b. data processor (including the one providing such services as online advertisement data monitoring, data statistics and data analysis), to analyze/maintain/improve our services and offer you better contents, we may share your relevant information with designated partners(such as, Comscore) providing such services in a summarized manner (such as video play record, advertisement display record, terminal model and your local city). Where the aforesaid information involves no personal information, please be assured that unless with your consent, we will never share your personal information;

c. advertisement partners, for example during our cooperation with Google concerning advertisement putting, we will share your equipment ID, age, gender and other tag information with it, so as to help with advertisement or decision-making process, improvement of the advertisement effectiveness and further understanding of user needs. Please note that equipment ID alone is not recognizable or cannot relate to any natural person; and we promise that without your consent, we will never share any information that will identify you.

d. service partners of operation activity, or example, we will share the information of any winner in the joint promotion activity with a third party, so that such third party can send you the reward/present in a timely manner;

When sharing your information, we will take multiple measures to protect your personal information, including but not limited to (1) where necessary, we will obtain your authorization and consent upon notifying the purpose, type and receiving party of relevant information before sharing; (2) we will use an agreement to strictly ensure that the information receiving party observes the duties and bears legal responsibilities concerning protection of personal information; (3) our security team will conduct security evaluation and processing as to the manner, transfer, use, etc. of the information and try to make the personal information anonymous; (4) where the aforesaid sharing involves possible transmission of your information to other countries/regions, whether it’s to our related companies or any third party partner, we will abide by relevant applicable laws and regulations to ensure that this type of information satisfy local legal requirements for data protection.

2.4 Sharing under legal provisions or regulatory requirements

(1) Under certain circumstances, we may, as required by the law or regulators, share your personal information with a third party (such as judicial authority, law enforcement agency, government organ or other similar entity), in order to protect your and our lawful rights and social public interests or prevent relevant property or security from damaging;

(2) In certain cases where only by sharing your personal information can our services be available or the services you required available, or settlement of relevant dispute or controversy involving you be possible;

(3) Sharing your personal information as per relevant agreements signed with us (such as online agreement or platform rules) or legal documents;

(4) The information we shared is one that’s unidentifiable where the third party receiving such information can’t re-identify the owner of the information, or you make public at your discretion, or we obtained from legal and public channels;

(5) Other circumstances stipulated by other laws and regulations or required by regulators.

2.5 Any third party related to certain transactions

If we’re engaged in a merger, acquisition, reorganization, division, bankruptcy, transfer of asset or similar transaction and your personal information may be transferred as part of the deal, we will notify you in this regard and demand the new holder of the information abide by and perform any and all contents of this SUBFI Privacy Policy (including purpose and rules for use and security protection measures).

B. Disclosure of personal information

Except for necessary disclosures based on proper causes such as punishment announcement of violating account and fraudulent acts, publishing relevant information of the winner list, abiding by court decision or other legal procedures, following the requirements of relevant government organs or statutory authorized organizations or according to law, we will not disclose your personal information and where the situation requires, we will notify you of the purpose and type of disclosure and obtain your consent before disclosing your information to the public.

Please note that even if with your authorization and consent, we will only disclose your personal information in a lawful, just, necessary, specific and clear manner and try to make the disclosed information unidentifiable.

III How do we store and protect your personal information

A. Storage

a. location: presently, SUBFI sets up a data center in Japan. You understand and agree that, under the conditions and terms of this Policy, we may transmit and store your personal information to/in such data center upon compliance of applicable laws and regulations. Though the standard for protection of personal information may vary in the location of data center and the judicial jurisdiction area of your place, we will do our best to protect your personal information with stricter standard and make the biggest effort possible to prevent the disclosure of your information.

b. period: generally, we only need to store your personal information in the shortest period of time possible for provision of our services and after such period, we will delete or anonymize your personal information as per the requirements of relevant laws and regulations. If such information is shared by us to any third party, we will also require such third party to do the same. However, in the following circumstances, we may alter the period for storage of information due to relevant legal requirement:

(1) to follow relevant provisions of applicable laws and regulations;

(2) to follow court decision, ruling or other legal procedures;

(3) to follow the requirements of relevant government organs or statutory authorized organizations;

(4) we deem necessary to follow relevant provisions of laws and regulations;

(5) for proper and necessary purposes to execute relevant service agreement or this Policy, maintain social public interests, and protect the personal and property safety of us, our related companies, our partners, other users or employees, or to protect other lawful rights and interests.

Especially, if you’re a Canadian user and we made decisions that directly affect you upon using your personal information, we will keep such information for at least one year after such use, so that you may access such at the appropriate time. Even if you change or cancel the consent for our collection, use, sharing or disclosure of your personal information, we can still keep such information if having proper legal grounds.

When our product or service stops operating, we will notify you by, among others, push notification or announcement and will delete or anonymize your personal information within proper period.

B. Protection

We adopt multi-dimensional protection measures to protect your personal information including security technology conforming to industrial standard and supporting organizational structure and management system, so as to reduce the risks to the minimum of disclosure, damage, misuse, unauthorized access, unauthorized disclosure and alternation of your information. SUBFI’s security management system of relevant information has passed the certification of ISO/IEC 27001, ISO/IEC29151 and ISO/IEC 27701. Specific protective measures include:

1. Technical measure for data security

We adopt encryption technology such as security agreement on the transmission layer to prevent the transmission from being sniffed, bugged or intercepted; adopt security storage measures such as classified and layered disposal of data; adopt strict data access control system, adopt multiple identity certification technology, monitor data processing to avoid illegal access and unauthorized use of data; monitor and audit the entire lifetime of data to prevent unauthorized access, disclosure, use, alternation, man-made or accidental damage or loss of personal information.

2. Data security organization and management measure

We establish special department for personal information protection and formulated relevant internal control management system to minimize employee authorization such as the standard for secure use of business data and standard management system of data cooperation; organize employees to participate in relevant security protection training on a regular basis and take other practicable security organization and management measures, such as locking the storage area of personal information and restricting employees’ access to the storage area.

3. Handling of security incidents

We set up an SUBFI emergency response center and formulated several security management rules and emergency response plans, clarifying the reporting procedure of security incidents and handling procedures of emergency response. In case of personal information security incident, we will activate the emergency preparedness plan to prevent it from expanding and notify you by notice, push notification, public announcement and email.

Please note and understand that the Internet cannot be absolutely secure. Despite the aforesaid protection measures taken, we still can’t guarantee or promise with 100% certainty the security of our services or of any information provided by you. If your personal information is leaked, your personal or property security may be affected. Therefore, we strongly advise you to assist us in protecting your account security by secure manner or using complicated password. Upon discovering the leakage of your personal information, please contact us immediately so that we can take relevant measures to protect your information security.

IV What are your rights to control your personal information

You have multiple ways to control your personal information when using SUBFI services. This Section describes your main rights to control your personal information in using SUBFI services. Your rights include but not limited to:

(1) Right to access

You can inquire or access your relevant personal information in SUBFI services, including:

Account information: You can log in to your personal account at any time through related product page to access the personal information in your account including profile photo, nickname, birthday and gender;

Usage information: You can inquire part of your usage information at any time through the related product page, including collection history, viewing history and offline downloads;

(2) Right to rectify/alter

You may rectify/alter part of your personal information by following the operation guide and settings on relevant product pages in SUBFI services and you can also contact us to directly modify or alter your data.

(3) Right to delete

You can delete your relevant personal information in SUBFI services. You can delete part of your personal information online via the operation guide and settings of relevant product, or via application for deletion to us; for example, you can delete your viewing history by clicking “Me-Viewing history” in the product.

You can directly demand of us to delete your personal information or notify the receiving third party to delete such if we collect, use or share your personal information in violation with relevant laws and regulations, except where such data has been anonymized or otherwise stipulated by relevant laws and regulations.

You understand and agree that once you delete your personal information from SUBFI services by yourself or with our help, we may not immediately delete your information from the backup system subject to applicable laws and regulations and relevant security technology, in which case, we will store your personal information in a secure manner and separate such from any further data processing, till such information is deleted or anonymized during the update of our backup system.

(4) Right to withdraw your consent

If you want to change the scope of your prior authorization/consent, you can change the settings through your hardware device, or the setting interface in SUBFI services. For example, you can withdraw the authorization to use “camera” by clicking “Me-Setting-Privacy-Privacy setting”. You can also permanently withdraw all authorizations of our collecting your personal information continuously by canceling your account. When you cancel the authorization, we will no longer collect such information and will stop providing you with relevant services.

(5) Right to cancel your account

You can cancel your account. You may email to [email protected] to cancel your account, except as otherwise provided by applicable laws and regulations in your judicial jurisdiction area or as otherwise agreed upon in this Policy. Once you cancel your account, all the rights and interests generated during use of SUBFI services but not consumed, together with expected interests, etc. will be cleared; all contents, information, data and records relevant to your account will be deleted or anonymized (except as otherwise required by relevant laws or regulators); meanwhile, once you cancel your SUBFI account, you can’t undo it.

(6) Right to unsubscribe/cancel notifications

You can exercise the right to opt-out of marketing communications by clicking on the “unsubscribe” link or operation guide in the marketing e-mails or SMS we send to you. If you wish to opt out other forms of marketing information, please contact us via the contact information provided in this Policy. If you wish to cancel the notification of product, you can turn it off by clicking “Me-Setting-Privacy-Privacy setting”. Please note that once you turned it off, you might miss some important information, such as service announcement and update of legal agreement.

(7) Right to obtain the copy of personal information

If you need to obtain the copy of your personal information, you can contact us via the contact information in this Policy and upon verifying your identity, we will provide the copy of such information in our services for you within the period prescribed and in accordance with the law, unless otherwise stipulated by the applicable laws and regulations or as otherwise agreed upon in this Policy.

(8) Right to limit or refuse processing of personal information

You may limit or refuse the processing of part of your personal information if such rights are granted to you according to the law of your judicial jurisdiction area and we will handle your request based on such law while considering your actual conditions.

If you encounter any trouble in exercising such right, you may contact us via the contact information provided herein and we shall help you solve the issue upon verification of your identity within proper period or the period prescribed by the law of your judicial jurisdiction area, unless otherwise stipulated by the applicable laws and regulations or as otherwise agreed upon in this Policy. Other than the rights mentioned above, if the law of your judicial jurisdiction area grant you any other rights concerning personal information, we will do our best to ensure the exercising of such. Especially, if you’re residents of California, USA and we are subject to the jurisdiction of CCPA, we will protect and realize your rights as a consumer as per the provisions of CCPA.

V Protection of minors

We value the protection of personal information of minors very much. The age classifying minors and relevant rules for minor privacy protection vary in different judicial jurisdictions.  If you achieve the age of 13 but still be a minor under local law, you shall read this Policy under the guardianship and guidance of guardians and submit relevant personal information after the consent of guardians to this Policy and submission. Please note that, considering the features of the Internet and online anonymity of user, we find it hard to verify each and every consent of guardian. For such matter, please first obtain the consent of your guardian voluntarily if you fit in the aforesaid circumstances.

Where guardians think that we collected personal information of minors without obtaining their consent, we will immediately investigate and delete relevant information (if any) in a timely manner upon receipt of such notification from the guardians.

VI About this Policy

1. Applicable scope

This Policy applies to the websites, APP and/or services provided in accordance with the businesses of SUBFI, whether you are browsing users (visitors) or registered users. However, please note that this Policy does not apply to the following:

2. Update

With the business mode and technology of SUBFI continue to innovate and develop, we may update the terms of this SUBFI Privacy Policy from time to time and the updated version will form part of the Policy and inure immediately after updating. If these updates make substantial reduction or significant alteration in your rights hereunder, we will notify you in one or more manners including announcement, push notification, pop-ups, email or any other means before the updated Policy takes effect. If such updates involve collection of more personal information, or changes in the purpose or manner in using/sharing personal information or the receiving third party, we will again obtain your authorization and consent. If you still choose to use SUBFI services, it shall be deemed that you have fully read, acknowledged and agreed to be bound by the updated Policy. We advise you to look up this Policy every time you use our services.

3. Miscellaneous

The headings of this Policy are only provided for convenience and readability and shall not affect the meanings or interpretations of any clause herein.

VII Contact Us

(1) If you encounter any issue related to privacy protection or this Policy (including problem consultancy, complaint and advice) during use of our services, you can submit online feedback or contact our data protection officer via:

Email: [email protected]

(2) Upon receiving your issue, we will, upon verification of your identity, reply to you within the period prescribed by the law of your judicial jurisdiction area on response and generally, we will not charge any service fee in this regard. However, in the following circumstances, we may not be able to response to your request, unless otherwise stipulated by the law of certain countries/regions:

In which circumstances, you will receive our notice explaining the reason why we can’t respond to your request.

VIII Dispute resolution

If any court of law, having the jurisdiction to decide on this matter, rules that any provision of this Policy is invalid, then that provision will be removed from this Policy without affecting the rest of this Policy. The remaining provisions of this Policy will continue to be valid and enforceable.

Both parties agree that this Agreement, as well as the execution and the interpretation of this Agreement, shall be subject to the laws of Hong Kong to the maximum extent permitted by applicable law.

Any disputes that raised out of or related to this Agreement, including but not limited to carrying out the provisions of this Agreement, shall be negotiated by both parties through amicable settlement. In addition, both parties may also submit the dispute to the Hong Kong International Arbitration Centre (HKIAC) for arbitration under the HKIAC Administered Arbitration Rules in force when the Notice of Arbitration is submitted. For the avoidance of doubt, settlement via amicable negotiation is not the prerequisite condition of the arbitration mentioned above. The arbitration award shall be final and binding on both parties. The seat of arbitration shall be Hong Kong. The arbitration proceedings shall be conducted in Chinese.

IX Definition of key terms

l SUBFI services/services of SUBFI

SUBFI services/services of SUBFI refer to relevant products, services and/or functions of SUBFI, including but not limited to software, websites and services (including off-site services, such as the advertising services and plug-ins “applied or shared through our service”), through user terminals including but not limited to PC, mobile device and TV.

l Personal information

Personal information refers to all kinds of information recorded via electronic means or otherwise that can be used to directly or indirectly identify a particular natural person or to reflect the particular natural person’s activities, whether on its own or combined with other information.

l Location information

Location information refers to the information SUBFI collects about user location, which is roughly inferred based on the device accessing SUBFI services or the IP address of Internet services.

l Log information

Log information refers to the technical information automatically collected during your use of SUBFI services via Cookie, web beacon, log file, programming script, e-tag or other manners.

l Cookie and similar technologies

Cookie is a small file containing character strings sent to or stored in your computer, mobile equipment or other devices while you log in and use websites or other network contents (usually after encryption). When you visit the same website again, the website will identify your browser by Cookie. Similar technologies of Cookie refer to other technologies with similar purpose with Cookie, such as Web Beacon, Proxy and inserted script.

l Equipment

Equipment refers to the device used to access SUBFI services, such as a desktop, laptop, tablet or smart phone.

l Universally unique identifier (UUID)

UUID is a series of characters used to identify the one and only browser, application or equipment. Different UUIDs vary in terms of validity, availability for user resetting and obtaining methods. UUID can be used for multiple purposes, including test of security risks and fraudulent acts, synchronization of services, recording of your appetite and provision of customized advertisements.

l IP address

Internet protocol (IP) address is the serial number designated for each equipment surfing the Internet. The number is usually designated based on geographic areas. IP address is generally used for identifying the location of equipment when such equipment is connected to the Internet.

l Anonymization

Anonymization refers to the technical processing of personal information so that the personal information subject cannot be identified, and the processed information cannot be restored.

l De-identification

De-identification refers to the technical processing of personal information so that the personal information subject cannot be identified without the aid of any additional information.

l Deletion

Deletion refers to the process of removing personal information from our server/background records.

l Sharing of personal information

Sharing of personal information refers to the act of sharing with or transferring information to third-party companies, organizations or individuals.

l Disclosure of personal information

Disclosure of personal information refers to the act of publicizing or publishing information to the public or non-specific group of people.

l Significant alternation

Significant alternation in SUBFI Privacy Policy includes but not limited to:

Note: where the aforesaid definition and interpretation conflict with the law of your local country/region, the latter shall prevail