Gaia Privacy Policy

Last Updated: 16 Nov 2021

Effective date: 16 Nov 2021

Thank you for using the services or operationally controlled products provided by [Suzhou Gaia Information Technology Co., Ltd.] and [Suzhou Gaia Cloud Computing Technology Co., Ltd.] and its affiliates and its affiliates (“We” or “Gaia”). As a workforce management cloud service provider, we understand the importance of personal information to you. We will protect your personal information and privacy security according to applicable laws and regulations. We have made this Privacy Policy, and please read and understand this Policy carefully to ensure that you fully understand and agree to it before you start using them.

If you use the platform as an employee of a company, we collect, use or store your data to meet customer contracts and implement functions and services. You understand and acknowledge that your employer has provided us with your personal information to enable you to use the Platform. Based on your employer’s representations and warranties, your employer has obtained your prior express consent and has fully informed you of your personal information’s purpose, scope, and use before providing us with such personal information. This policy is not intended as a substitute for your employer’s privacy policy. If you cannot confirm the above, we recommend that you stop accessing or using the Platform and confirm with your employer regarding the preceding. You may also contact us for more information.

We collect and use your information in accordance with the Privacy Policy. Still, we do not use mandatory bunding to collect personal information in a blanket manner simply because you agree to this Policy. To fulfill the functions and services required, we need your permission to enable precise geolocation, camera, album, Bluetooth, microphone, etc. In particular, we will not collect your information when it is not needed for the relevant functions or services, even if we have obtained your authorization.

The following section will help you understand how we collect, store, process, transfer, share and protect personal information; help you understand how to access, copy, delete, correct, or withdraw authorized personal information. Please pay special attention to the terms and conditions, which are bolded.

 

  1. Definition and scope
  2. How we collect and use your information
  3. How we use Cookies and similar technologies
  4. How we store your information
  5. How we protect your personal information
  6. How we share, transfer, or disclose your information
  7. How you manage your information
  8. Children’s policy
  9. Changes to our Privacy Policy
  10. Contact us

 

  1. Definition and scope

Personal information: all kinds of information related to identified or identifiable natural persons recorded electronically or by other means, excluding anonymized information.

Sensitive personal information: personal information that, once leaked or illegally used, may easily lead to the infringement of a natural person’s human dignity or endanger the safety of their person or property, including biometric, religious beliefs, specific identity, medical and health care, financial accounts, location information, as well as the personal information of minors under 14 years.

Employer: an organization that uses Gaia’s products and services under a contract. Employers can register business accounts on behalf of their employees by obtaining the employees’ authorization.

Enterprise users: users invited by the employer and have obtained the employer’s authorization to use the platform as members of the employer.

Individual users: refers to users who independently register and Gaia products.

De-identification: is the technical method to process personal information so that the owner of the personal data cannot be identified without the help of additional information.

Anonymization: is the technical method to make the owner of personal information unrecognizable, and the processed data cannot be recovered.

Unless otherwise agreed, the definitions used in this Policy have the same meaning as those in the Gaia User Service Agreement.

 

  1. How we collect and use your information

2.1 Information we collect

2.1.1 Depending on the business, we may collect, but are not limited to, the following information:

Basic personal information includes name, birthday, gender, address, phone number, profile picture or image, email address, ethnicity, nationality, family relationship, etc.

Identification information, such as ID number, passport, etc.

Work-related information includes occupation, position, department, supervisor, work location, education, work experience, training certificates, contract information, etc.

Financial information includes bank account numbers, salary-related information, etc.

Biometric information includes fingerprints, facial features, etc.

Health information includes sick leave slips, body temperature (only for the health reporting during the pandemic), etc.

2.1.2 To maintain the proper functioning of our software and services, optimize the experience of our services, protect the security of your account, or comply with applicable laws and regulations; we may collect the following information from you.

  1. To provide you with location-based clocking services, we need to read GPS address information and require your mobile device to activate this feature. If you refuse to provide location information, we will not be able to offer such services.
  2. To ensure the safe operation of the services, we will collect your device information, including device identifier (IMEI, IDFA, Android ID, MAC, OAID, IMSI, and other related information), application information( application crash, notification switch status, software installation list, and other related information), device parameters and system information (device type, model, operating system and hardware) and your network information including IP address, WIFI status information, base station information and other related information.
  3. To prevent malicious programs and necessary for secure operations, we collect the information on the installed app, running processes, overall function, usage and frequency, app crashes, installation and usage, performance data, and app sources.
  4. We may use your account information, device information, service log information, and information that our affiliates and partners are authorized by you or are legally allowed to share to determine account security, authenticate, detecting and prevent security incidents.

2.2 Purpose changes to data collection and usage

Please be aware that we may adjust and change our products’ features and services as our business grows. In principle, we will not inform you further and obtain your consent when new features or services are related to those we currently provide. The collected information will be directly or reasonably associated with the original purpose of processing. If the collected data is not directly or reasonably related to the original purpose, we will again inform you and obtain your consent when we collect such information.

2.3 Personal information exempt from consent for collection and use

Please understand that we may collect and use your personal information without your authorization according to the laws, regulations, and relevant national standards in the following situations.

  1. directly related to national security and national defense security;
  2. directly related to public safety, public health, and significant public interests;
  3. directly related to crime investigation, prosecution, trial, and enforcement of a judgment;
  4. The principal legal rights and interests of the owner of personal information or other individuals, such as life and property, but it is difficult to obtain consent from the person concerned.
  5. the personal information collected from you is disclosed to the public by yourself;
  6. We collect your personal information from the legally public disclosure, such as legal news reports, government information disclosure, and other channels;
  7. to sign or perform the contract at your request;
  8. to maintain the safe and stable operation of software and related services, for example, detect and deal with the failures of software and related services;
  9. for legitimate news reporting;
  10. The academic research institutions carry out academic research or statistics based on public interests. When the research institution provides the research results or description to the public, it shall de-identify personal information contained in the results;
  11. Any other circumstance as provided for by a law or administrative regulation.

 

Please be aware that if the information cannot identify you alone or in combination with other information, it does not belong to your personal information in the legal sense. When the information can identify you alone or in combination with other information, or when we use the data which cannot be linked to any particular personal information in combination with your other personal information, such information will be treated and protected as your personal information during the combined use under this Privacy Policy.

 

  1. Cookie & similar technologies

Similar technologies such as cookies and device information identification are widely used on the Internet. When you use Gaia products and services, we may send one or more Cookies or anonymous identifiers to collect and identify your information when you visit or use our services. We promise that we will not use Cookies for any purpose other than those stated in this Privacy Policy. We use Cookies and similar technologies to fulfill the following features and services:

3.1 To ensure safe and efficient products and services

We may set authenticated and secure Cookies or anonymous identifiers to enable us to confirm that you securely log into the services or that you encounter theft, fraud, or other wrongdoing. These technologies will also help us improve service efficiency and login/response speed.

3.2 Better access experience

Using such technologies can help you avoid repeating the steps to fill out your personal information, set your preference, and enter search content (examples: search history, form filling, multilingual selection).

3.3 How to clear Cookie

Most browsers support clearing the browser’s cached data. You can remove the data in the browser settings. If you clear the data, you may not use our services or corresponding features that rely on Cookies to function properly.

 

  1. How we store your personal information

4.1 Location

We store your personal information in the People’s Republic of China, which is collected in China in accordance with laws and regulations. However, to meet your employer’s needs, we may be required by contract to transfer the information overseas after your employer has expressly informed you of this. If we do so, we will comply with the terms of the contract and applicable regulations.

4.2 Retention period

For enterprise users, we will keep your personal information during your use of our Platform under the terms of your employer’s contract. When you terminate the use of the Platform, we will delete or anonymize your information as required by the terms and conditions of the contract, unless otherwise required by laws and regulations for the retention period of specific information. If we stop the Platform service, we will delete or anonymize your personal information within a reasonable period according to the applicable laws and contract terms.

 

  1. How we protect your information

5.1 We take the security of your personal information as our highest priority. We will endeavor to take reasonable measures (both technical and administrative) to protect your personal information from improper use or unauthorized access, disclose, use, modification, damage, loss, or leakage.

5.2 We will use encryption technologies, anonymization, and other reasonable means to protect your personal information and use a mechanism to prevent malicious attacks on your personal information.

5.3 We set up a special security department, security management system, data security process to ensure your information security. We adopt a strict approach to data use and access to ensure that only authorized personnel access your personal information. We conduct security audits of data and technology from time to time.

5.4 Gaia has met the requirements of authoritative standards such as ISO/IEC 20000, ISO/IEC 27001, and Network Security Level Protection (Level III) and has obtained the corresponding certificates. We also have obtained the SOC 2 TYPE II authentication report.

5.5 The standards required by the relevant laws and regulations have been complied with; please understand that due to technical limitations and the possibility of various malicious means, it is not always possible to guarantee 100% security of information, even with all efforts to strengthen security measures. However, reasonable and effective steps have been taken as described above. We will try our best to ensure your information security.

5.6 You acknowledge and understand that when you access our services, the systems and communications networks may be compromised by factors beyond our control. Therefore, we strongly recommend that you take active measures to protect the security of your personal information, including but not limited to using complex passwords, regularly changing passwords, and not disclosing your account password and relevant personal information to others.

 

5.7 We have established emergency response plans. When a security incident occurs, we will immediately launch emergency response plans and strive to prevent the impact and consequences of these security incidents from expanding. Once the security incident (leakage, loss) occurs, we will comply with the laws and regulations and data processing standards stated in the contract, and timely inform you (or your employer) of the basic situation, possible impact, the measures we have taken or will take, the advice of preventing or reducing risks, and remedies for you. We will inform you of the incident by notifications, email, letter, SMS, or other channels. If it is difficult to inform one by one, we will make an announcement properly. Moreover, we will report the security incident as required by relevant regulatory authorities.

5.8 When you leave Gaia and relevant services and browse or use other sites, services, or content, we will not be able to or obligated to protect your software, personal information submitted to other sites, regardless of whether the above software or sites you login, browse or use is linked to Gaia or directed by Gaia.

 

  1. How we share, transfer, or disclose your information

6.1 Share

6.1.1 Sharing principles

We do not share your personal information with companies, organizations, and individuals outside of Gaia and its affiliates, except for the following:

  1. Sharing with your consent: we may share your information with other parties after obtaining your explicit consent.
  2. The personal information shared is de-identified and processed, and the owner of such information cannot be re-identified by the sharing third party.
  3. Sharing under legal circumstances: we may share your information with the public in accordance with laws and regulations, litigation, dispute resolution needs, or as requested by administrative or judicial authorities according to the relevant law.
  4. Sharing by yourself: only by sharing your personal information, sensitive information can you use the third-party products and services you have requested, such as
  5. Services such as email and SMS sending, notifications, e-signatures, OCR content recognition, time and attendance devices: in such case, we only provide the third party with the minimum information required to perform a specific service or function;
  6. Geo-location service: when you use the geolocation service, we will share GPS information with the location service provider through SDK or similar technologies to return the location result to you. The GPS information is sensitive personal information, and refusal to provide it will affect geo-location service and time clock.
  7. Wallet: this service is provided by our affiliates and partners. Our affiliates and partners will collect the necessary information according to the service required when you use the wallet service.
  8. Payment: the payment function is provided to you by third-party payment agencies. The third-party payment agencies may collect your name, bank card type and card number, expiration date, and phone number. The information such as bank card number, expiration date, and mobile phone is sensitive but necessary for payment. The refusal to provide such information will prevent you from using the payment service.
  9. To adapt the notifications function to the terminal model you use, we may share the phone model, version, and related device information with the terminal manufacturers (Huawei, Xiaomi, OPPO, VIVO) through the technologies such as SDK.

We will carefully evaluate the purpose of third parties’ use of shared information, conduct a comprehensive assessment of the security capabilities of these partners, and require them to follow legal agreements. We will conduct strict security monitoring of the software development kits (SDK) and application program interfaces (API) used by the partners to protect data security. For details of the relevant SDKs, please see the list below. Please note that the third-party SDKs may have certain changes in the type of data processing due to the version upgrades, policy adjustments, etc. Please refer to their published instructions.

Google Service Framework SDK

Purpose of use: overseas users using Google Push

Type of data collected: device identification information

Website: https://firebase.google.com/

 

Esurfing Account SDK

Purpose of use: to help push message reach

Type of data collected: device identification information, phone number

Website: http://open.189.cn/

 

 JPush SDK

Purpose of use: To help push message reach and ensure stable system operation

Type of data collected: device identification information

Website: https://docs.jiguang.cn/jpush/guideline/intro/

 

 Baidu Positioning SDK

Purpose of use: to achieve positioning

Data type: device identification information, geographic location information

Website link: https://lbsyun.baidu.com/

 

Umeng SDK

Purpose of use: App crash log collection

Data type: Device identification information

Website link: https://www.umeng.com/push

6.1.2 Shared information for ads

  1. Ads: we may share the indirect portrait tags which do not identify you personally, the de-identified device information, and anonymized information with ad partners to help them improve the effective reach rate of advertising without identifying you personally.
  2. Advertising statistics: we may share and analyze the de-identified device information or statistics information with our service providers and suppliers. The shared information is difficult or impossible to be associated with your identity. But such information can help us analyze and measure the effectiveness of ads and related services.

6.1.3 Shared information for security and analysis statistics

  1. Use security: we value the security of accounts, services, and contents. To protect the accounts and property of you and other users and protect our legitimate rights and interest from unlawful infringement, we may share the necessary device, accounts, and log information with our service providers.
  2. Analyze product usage: to analyze the usage of our services and improve user experience, we may share the statistical data of product usage (crash, flashback) with the related parties or third parties. Such data is difficult to combine with other information to identify your personal information.
  3. Academic research: to improve the scientific ability and promote scientific and technological development, we may share the de-labeled or anonymized data with scientific research institutes, universities, and other institutions.

6.2 Transfer

6.2.1 We don’t transfer your personal information to any other third party without your explicit consent.

6.2.2 In the event of any preceding changes, we shall require the successors to protect your personal information according to the laws, regulations, and security standards not less than those outlined in this Privacy Policy, or we shall require the successors to obtain your authorized consent again. As we develop our business, we might buy or sell businesses and assets. In the event of a sale, merger, or similar event relating to all or a portion of our business assets, your personal information may be part of the transferred assets.

6.3 Disclosure

We will not publicly disclose your information unless required by laws and regulations or with your explicit consent. When we disclose your information, we will take security measures that comply with industry standards.

6.4 Personal information exempt from obtaining consent to share, transfer or disclose

Please understand that we may share, transfer, or disclose your personal information without your authorization by laws, regulations, and relevant national standards in the following situations:

  1. directly related to national security and national defense security;
  2. directly related to public safety, public health, and major public interest;
  3. directly associated with crime investigation, trial, and enforcement of judgment;
  4. for the major legal rights and interests of the subject of personal information or other individuals, such as life and property, but it is difficult to obtain consent from the person concerned.
  5. personal information disclosed by yourself;
  6. We collect the personal data from the legally public disclosure, such as news reporting, government information disclosure, or other channels.

 

According to the laws and regulations, if the personal data has been de-identified and the data recipient cannot recover and re-identify the owner of personal information, we will not inform you and obtain your consent when processing such information.

 

  1. How you manage your information

7.1 how to access and copy your information

You can view your information, such as profile picture, name, department, birthday, phone number, etc., through the function module [My] on the mobile Gaia system, or log in to the website of Gaia system and view your information in [Personnel Information].

If you need to copy your personal information out of Gaia’s platform, you can use the [Personnel Information] export function or request your employer, and Gaia will cooperate in responding to your request.

7.2 How to correct and add your personal information

You can upload or change your profile picture in [My]. To correct or supplement other personal information, you need to submit a request to your employer to correct or supplement the information that the administrator will handle.

7.3 How to delete your personal information

You can cancel your account in [My] – [Settings] – [Account & Security]. Since we are the data processor, if you are an enterprise user, we will simultaneously notify your employer after you make a request to cancel your account. After verifying your user identity, we will process your request and cancel your account within fifteen working days. After account cancellation, your personal information in the Platform will be deleted or anonymized, except as otherwise provided by laws and regulations.

After you decide to terminate your use of the Platform, you need to apply to your employer simultaneously, and the enterprise user administrator will process your account for deletion.

7.4 How to withdraw your authorization consent

To protect your right to withdraw your consent, after you have clicked to agree to the Privacy Policy, you can contact us or make a request to your employer to withdraw your consent, and we will delete your personal information in the Platform according to the scope of your withdrawal of consent after receiving your withdrawal request.

7.5 Your next of kin’s right to search, copy, correct and delete

According to Article 49 of the Personal Information Protection Law, if a natural person dies, their next of kin may exercise the right to inquire, copy, correct, and delete the deceased’s personal information for their own legal and legitimate interests. If your next of kin wish to inquire, copy, correct or delete your personal information, including profile picture, name, real name, gender, and other information, your next of kin may contact us, and we will provide the appropriate service to your next of kin after verifying their identity, however, except as otherwise agreed in the laws and regulations and this Privacy Policy.

7.6 Contact information

You can see more details of this Privacy Policy on the login or registration page or Gaia’s website at https://www.gaiaworks.cn/privacy-policy.html.

7.7 Notice

If we cease operations, we will promptly terminate the activities of collecting your personal information, notify you of the cessation of operations by individual delivery or announcement, and delete or anonymize the personal information about you.

  1. Children’s policy

8.1 General

  1. Our websites, products, and services are not intended for children.
  2. We do not knowingly collect personal data from children without parental/ guardian consent. If a child’s data is collected with prior parental consent, we will only use or disclose the data as permitted by law, with the explicit consent of the child’s parents or guardians, or when necessary for the protection of the child. If we accidentally collect a child’s data without verified prior consent from the child’s parents, we will endeavor to delete the data as soon as possible.
  3. If you have any concerns about your children’s data, please contact us via privacy@gaiaworks.cn.

 

  1. Changes to our Privacy Policy
  2. We change this Policy from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent.
  3. We publish an updated version on Gaia Platform and notify you via our website (http://www.gaiaworks.cn/) or other means before the changes become effective.

 

  1. Contact us

If you have any concerns or complaints, please contact us by using the email address privacy@gaiaworks.cn or by postal mail sent to

Information Security Department

3rd floor, Building 1, No 209 Zhuyuan Road, New District, Suzhou.

We will review the issue as soon as possible and respond within fifteen (15) working days after verifying your user identity.