Last Updated:31 Dec 2019

Effective date:1 Jan 2020

Suzhou GaiaWorks IT. Co. Ltd and its affiliates (collectively, “Gaia”, “we”, “us”, and “our”) fully understand the importance of personal information to you. We will protect your information and privacy under laws and regulations. Please carefully read and understand this privacy policy before using our services to make an appropriate choice.

(1)This privacy policy applies to the functions and services of the platform (including Workforce Management (WFM), Sales Performance Management, Smart Scheduling).

(2)If you use this platform as an enterprise employee, your employer will provide us with your personal information as a data controller. We, as a data processor, will comply with your employer’s instructions to collect and use your personal information for providing services to your employer. Your employer may have his/her own privacy notice, and this privacy policy is not a substitute for your employer’s privacy notice.

This privacy policy is meant to help you understand:

  • We collect, use, and store your personal data, primarily to provide products and services under our contracts with our customers.
  • We collect and use your information under this privacy policy, but we will not collect personal information in a bundled manner only because you agree to this privacy policy.
  • To achieve functions and services, we’d like you to enable the precise geo-location, camera, album, Bluetooth, microphone, and other permissions. Notably, even if we obtain these sensitive permissions with your authorization, we will not collect your information when relevant functions and services are not required.

The following sections will help you learn more about how we collect, use, store, transmit, share, transfer (if applicable), and protect personal information; help you understand how can you query, access, delete, correct, and withdraw authorized personal information. Please pay special attention to the critical terms concerning your personal information in bold form.

  1. How we collect and use personal information
  2. How we use Cookie and similar technologies
  3. How we share, transfer, or disclose personal information
  4. How we store personal information
  5. How we protect personal information
  6. Your rights
  7. Children
  8. Changes to this policy
  9. Contact us

 

1.How we collect and use personal data

1.1 From Gaia customers and customer employees

We may collect and process your personal data from your employer (for example, your employer opens an account for you.). Sometimes we may collect and process your data such as name, company name, email, or IP address directly from you when you provide contact and other information to us through Gaia platform.

(I)Personal information from your employer: To meet business needs, your employer will provide us with certain personal information(“personal information” means various information recorded electrically or otherwise that can be used alone or in combination with other information to identify a particular natural person or to reflect the activities of a specific natural person) related to you when using Gaia’s products and services. The personal information includes but not limited:

  • Basic information (e.g., name, date of birth, gender, address, phone number, profile picture, email address, ethnic, nationality, and family relationship)
  • Identification information (e.g., ID number, passport number)
  • Working Information (e.g., job, position, department, supervisor, workplace, education background, working experience, certificates, contract)
  • Economic information (e.g., bank account, salary information)
  • Biometric data (e.g., fingerprint, facial features)
  • Health information (e.g., sick leave certificates)

You understand and agree that, according to your employer’s statement and guarantee, your employer has obtained your explicit authorization before providing any of your personal information to us. The scope of collecting your personal information is limited to fulfill the purpose of this agreement or the other agreements between your employer and Gaia. Your employer has fully informed you of the purpose, scope, and use of your personal information. If you are unable to confirm the content of this paragraph, you should immediately stop using the service and confirm with your employer regarding the forgoing. We only process your personal information as a data processor at the request of your employer, and we are not liable for your employer’s collection and use of your personal information.

(II)We collect your information when you use Gaia Services. We are committed to providing you with secure products and a reliable environment. Providing reliable services and information is always our highest priority. It is necessary to collect information for security purposes.

  • To provide you with location-based services (Wi-Fi, Bluetooth, and GPS punch), we need to use GPS address information (that is to enable this feature of your mobile devices). If you decline to provide location information, we will not be able to provide the related services.
  • To ensure the safe operation, we will collect your hardware model, OS version, international mobile equipment identifier (IMEI), unique device identifier(UDID), network equipment hardware address, IP address, WLAN access point, Bluetooth, base station, the software version number, Internet access, type, status, network quality data, operation, usage and service log.
  • To prevent malicious programs, we collect the information about the installed application or running processes, overall application operation, usage and frequency, application crashes, total installation and usage, performance data and application sources.
  • We may use your account information, device information, service log information, and the information that our affiliates and partners are authorized by you or can be shared by law to determine account security, conduct authentication, detect and prevent security events.

1.2 Change of purpose for collecting and using personal data

Features and services provided by Gaia may change as our business grows. In principle, when new features or services are related to the features or services we currently provide, the personal information collected and used will be directly or reasonably related to the original processing purpose. If there is no direct or reasonable connection with the original processing purpose, we will inform you again and obtain your consent when we collect and use your personal information.

1.3 Personal information exempt from consent for collection and use

Please understand that in the following situations, we may collect and use your personal information without your authorization following laws, regulations, and relevant national standards.

  1. Directly related to national security and national defense security;
  2. Directly related to public safety, public health, and significant public interests;
  3. Directly related to crime investigation, prosecution, trial, and enforcement of a judgment;
  4. The principal legal rights and interests of the owner of personal information or other individuals, such as life and property, but it is difficult to obtain consent from the person concerned.
  5. The personal information collected from you is disclosed to the public by yourself;
  6. We collect your personal information from the legally public disclosure, such as legal news reports, government information disclosure, and other channels;
  7. To sign or perform the contract at your request;
  8. To maintain the safe and stable operation of software and related services, for example, detect and deal with the failures of software and related services;
  9. For legitimate news reporting;
  10. The academic research institutions carry out academic research or statistics based on public interests. When the research institution provide the research results or description to the public, it shall de-identify personal information contained in the results;
  11. Any other circumstance as provided for by a law or administrative regulation.

Please note that if the information cannot identify you alone or in combination with other information, it does not belong to your personal information in the legal sense. When the information can identify you alone or in combination with other information, or when we use the data which cannot be linked to any of particular personal information in combination with the other personal information, such information will be processed and protected as your personal information during the combined use under this privacy policy.

  1. Cookie and other similar technologies

Cookies and other similar technologies such as device information identification are widely used on the Internet. When you use Gaia products and services, we may send one or more cookies or anonymous identifiers to collect and identify your information when you visit or use our services. We promise that we will not use Cookies for any purpose other than those stated in this privacy policy. We use Cookies and similar technologies to fulfill the following features and services:

2.1 To ensure safe and efficient products and services

We may set authentication and security Cookies or anonymous identifier to enable us to confirm that you securely log into the services, or that you encounter theft, fraud, or other wrongdoing. These technologies will also help us improve service efficiency and login/respond speed.

2.2 Better access experience

Using such technologies can help you avoid repeating the steps to fill out your personal information, set your preference, and enter search content (examples: search history, form filling, multilingual selection).

2.3 Delete Cookie

Most browsers provide the function of clearing the browser’s cached data. You can clear the data in the browser settings. If you clear the data, you may not be able to use our services or corresponding features that rely on Cookies to function properly.

  1. How we share, transfer and disclose personal information

3.1 Share

3.1.1 Sharing principles

We will not share your personal information without your consent, except that the shared personal information has been de-identified, and the third party who shares the information is unable to re-identify the natural person of such information. If the third party uses the information beyond the scope of originally authorized consent, they shall obtain your consent again.

  1. Principle of legality and least necessity: the shared data shall have a legitimate purpose, and it shall be limited to fulfill the purpose.
  2. Principle of safety and prudence: we will strictly evaluate the purpose of third parties’ use of shared information, comprehensively assess their security capacities, and require them to comply with the cooperation agreements. We will conduct strict security monitoring on software development kit (SDK) and application programming interface (API) to protect data security.

3.1.2 Shared information for fulfilling the function and service

We share some of your personal information with third parties to help us provide relevant features and services. Gaia is liable for any personal data received from you and transferred to the third parties with applicable privacy laws;

  1. Mail and SMS, notifications, electronic signature, OCR content recognition, attendance equipment, and other services: in such case, we only provide the third party with the minimum information required to perform a specific service or function;
  2. Geo-location service: when you use the geolocation service, we will share GPS information with the location service provider (Amap) through SDK or similar technologies so that we can return the location result to you. The GPS information is sensitive personal information, and refusal to provide it will affect geo-location service and time clock.
  3. Wallet: this service is provided by our affiliates and partners. When you use the wallet service, our affiliates and partners will collect the necessary information according to the service requirement.
  4. Payment: the payment function is provided to you by our third-party payment agencies. The third-party payment agencies may collect your name, bank card type and card number, expiration date, and phone number. The information such as bank card number, expiration date, and mobile phone is sensitive but is necessary for payment. The refusal to provide such information will prevent you from using the payment service.
  5. To adapt the notifications function to the terminal model you use, we may share the phone model, version, and related device information with the terminal manufacturers (Huawei, Xiaomi, OPPO, VIVO) through the technologies such as SDK.

3.1.3 Shared information for ads

  1. Ads: we may share the indirect portrait tags which do not identify you personally, the de-identified device information, and anonymized information with ad partners to help them improve the effective reach rate of advertising without identifying you personally.
  2. b. Advertising statistics: we may share and analyze the de-identified device information or statistics information with our service providers and suppliers. The shared information is difficult or impossible to be associated with your identity. But such information can help us analyze and measure the effectiveness of ads and related services.

3.1.4 Shared information for security and analysis statistics

  1. Use security: we value the security of accounts, services, and contents. To protect the accounts and property of you and other users, and to protect our legitimate rights and interest from unlawful infringement, we may share the necessary device, accounts and log information with our service providers.
  2. Analyze product usage: to analyze the usage of our services and improve user experience, we may share the statistical data of product usage (crash, flashback) with the related parties or third parties. Such data is difficult to combine with other information to identify your personal information.
  3. Academic research: to improve the scientific ability and promote the level of scientific and technological development, we may share the de-labeled or anonymized data with scientific research institutes, universities, and other institutions.

3.2 Transfer

  1. We don’t transfer your personal information to any other third party without your explicit consent.
  2. As we develop our business, we might buy or sell businesses and assets. In the event of a sale, merger, or similar event relating to all or a portion of our business, assets, your personal information may be part of the transferred assets. In the event of any of the preceding changes, we shall require the successors to protect your personal information under laws, regulations and security standards not less than those outlined in this privacy policy, or we shall require the successors to obtain your authorized consent again.

3.3 Disclosure

We will not publicly disclose your information unless required by laws and regulations or with your explicit consent. We disclose your information using security measures that comply with industry standards.

3.4 Personal information exempt from obtaining consent to share, transfer or disclose

Please understand in the following situations, we may collect and use your personal information without your authorization by laws, regulations, and relevant national standards.

 

  1. Directly related to national security and national defense security;
  2. Directly related to public safety, public health, and major public interest;
  3. Directly associated with crime investigation, trial, and enforcement of judgment;
  4. For the major legal rights and interests of the subject of personal information or other individuals, such as life and property, but it is difficult to obtain consent from the person concerned.
  5. Personal information disclosed by yourself
  6. We collect the personal data from the legally public disclosure, such as news reporting, government information disclosure, or other channels.

According to the laws and regulations, if the personal data has been de-identified and the data recipient cannot recover and re-identify the owner of personal information, we will not inform you and obtain your consent when processing such information.

  1. How we store personal information

4.1 Location

We store your personal information, which is collected and generated in China in the People’s Republic of China by default. However, to meet the needs of your employer, we may transfer the information overseas according to the requirements of the contract. If we do, we will comply with the terms of the contract and applicable regulations.

4.2 Retention period

For Gaia customer employees, we will keep your personal information during your use of our services under the terms of the contract. When you terminate the use of our services, we will delete or anonymize your information as required by the terms of the contract unless otherwise required by laws and regulations for the retention period of specific information. If we stop the service, we will delete or anonymize your personal information within a reasonable period according to the applicable laws and contract terms.

  1. How we protect personal information
  2. We take your information security as our highest priority and will endeavor to take reasonable measures to protect your personal information from improper use or unauthorized access, disclosure, modification, damage, loss, or leakage. Gaia has passed ISO20000-1 and ISO27001 certifications and obtained SOC2 authentication report.
  3. We will use encryption technologies, anonymization, and other reasonable means to protect your personal information and use a mechanism to prevent malicious attacks on your personal information.
  4. We set up a special security department, security management system, data security process to ensure your information security. We adopt a strict system of data use and access to ensure that only authorized personnel have access to your personal information and conduct security audits of data and technology.
  5. Due to technical limitations and possible malicious means, even if we try our best to strengthen security measures, it is not always possible to guarantee 100% security of information. We will do our best to guarantee the security of the personal information you provide to us.
  6. You acknowledge and understand that when you access our services, the systems and communications networks may be compromised by factors beyond our control. Therefore, we strongly recommend that you take active measures to protect the security of your personal information, including but not limited to using complex passwords, regularly changing passwords, and not disclosing your account password and relevant personal information to others.
  7. We have established emergency response plans. When a security incident occurs, we will immediately launch emergency response plans and strive to prevent the impact and consequences of these security incidents from expanding. Once the security incident (leakage, loss) occurs, we will comply with the laws and regulations and data processing standards stated in the contract, and timely inform you (or your employer) the basic situation, possible impact, the measures we have taken or will take, the advice of preventing or reducing risks, and remedies for you. We will timely inform you of the incident by notifications, email, letter, SMS, or other channels. If it is difficult to inform one by one, we will make an announcement properly. Moreover, we will report the security incident as required by relevant regulatory authorities.
  8. When you leave Gaia and relevant services and browse or use other sites, services or content, we will not be able to or obligated to protect your software, personal information submitted to others sites, regardless whether the above software or sites you login, browse or use is linked to Gaia or directed by Gaia.
  9. Your rights

6.1 Access & correction

  1. You can access your personal information such as profile picture, name, department, email, phone number;
  2. You can submit a request for correction, and the administrator will handle the correction.

6.2 Erasure

After you stop using the platform, you can apply to your employer to delete your account, which will be handled by the enterprise user administrator.

6.3 Contact us

If you have any privacy complaints, please send an email to 【privacy@gaiaworks.cn】. We will feedback within 30 days after we check and review the complaints.

6.4 Archived version for this privacy policy

Please visit http://www.gaiaworks.cn/ for more information.

6.5 Closing notice

If we stop running, we will stop collecting your personal information, anonymize your personal information, and inform you by notifications or notice.

  1. Children

7.1 General

  1. Our websites, products, and services are not intended for children.
  2. We do not knowingly collect personal data from children without parental/ guardian consent. If a child’s data is collected with prior parental consent, we will only use or disclose the data as permitted by law, with the explicit consent of the child’s parents or guardians, or when necessary for the protection of the child. If we accidentally collect a child’s data without verified prior consent from the child’s parents, we will endeavor to delete the data as soon as possible.
  3. If you have any concerns about the personal data of your children, please contact us via privacy@gaiaworks.cn.
  4. Changes to this policy
  5. We change this policy from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent.
  6. We publish an updated version on Gaia official website and notify you via our website (http://www.gaiaworks.cn/) or other means before the changes become effective.
  7. Contact us

If you have any concerns or complaints, please contact us at privacy@gaiaworks.cn or by postal mail sent to

Information Security Department

3rd floor, Building 1, No 209 Zhuyuan Road, New District, Suzhou.