1.IN A NUTSHELL
This privacy notice (the 'Privacy Notice' or 'Notice') explains why and how UnionPay International Developer Portal ('UPI' or 'the Portal') may process your personal data.
• What does 'personal data' mean?
Personal data means any information that can be linked directly or indirectly to identified or identifiable individuals.
• Who is UPI?
UPI is a company incorporated under the laws of the People's Republic of China ('PRC') with its registered office at Floor 2-7, No.6 Dongfang Road, Pudong New District, Shanghai, PRC.
UPI is an international company established in numerous countries/regions across the world.
If you have any questions in relation to data protection matters, you can write to us at the abovementioned address or call the UnionPay service hotline. Please refer to UnionPay global service hotline directory(outside Chinese Mainland), if you are in China Mainland, please dial 95516.
• What is the key information contained in this Privacy Notice?
You will find relevant information on the personal data we process about you, the purposes and your rights.
2.THE CATEGORIES OF DATA SUBJECTS AND OF PERSONAL DATA WE PROCESS ABOUT YOU
The main types of personal data we process are the following:
• Your name, your email address, your organization, your department, your job title and your country or region.
3.THE PURPOSES OF THE PROCESSING OF YOUR PERSONAL DATA
You will find below the main purposes for which UPI processes personal data:
• Creating and managing your account in this Portal;
• Verifying your identity;
• Contacting you through the information provided by you;
• Internal research, reporting and analysis;
• Compliance with applicable laws, regulations and law enforcement requests.
Depending on where you are located, you may have the right to:
Accessing your personal data
We understand that you may like to know what personal data we retain about you. We are happy to assist you with your request as soon as we can. To protect your personal data, however, we will probably require that you prove your identity to us at the time your request is made.
UPI reserves the right to decline access to your personal data under certain circumstances as permitted by law. If your personal data is not disclosed to you, you will be provided with the reasons for this non-disclosure.
You may also be entitled to:
• object to the processing of your personal data;
• opt out from processing of your personal data for direct marketing purposes;
• request the restriction of the processing of your personal data;
• request the correction and/or deletion of your personal data;
• withdraw your consent to the processing of your personal data (where UPI is processing your personal information based on your consent);
• request the receipt or transmission to another organisation, in machine-readable form, of the personal data you may have provided to UPI;
• object to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you;
• lodge a complaint with a supervisory authority.
Where you are given the option to share personal data with UPI, you can always choose not to do so.
If you do not wish to receive marketing information from UPI, you may call the UnionPay service hotline. Please refer to UnionPay global service hotline directory(outside Chinese Mainland), if you are in China Mainland, please dial 95516. You will always have the ability to accept or decline any form of communication from UPI. You may unsubscribe from electronic marketing communications at any time by selecting the 'unsubscribe' link included in such communications.
If you object to the processing of your personal data, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice.
This could mean that we will be unable to perform the actions necessary to achieve the purposes of processing data for you as described above (see article 3) and that you may be unable to use our services.
After you have chosen to withdraw your consent, UPI may be able to continue to process your personal data to the extent required or otherwise permitted by law.
Those rights may be limited in some circumstances by local law requirements. If at any time you wish to exercise any of these rights, you can do so by calling the UnionPay service hotline. Please refer to UnionPay global service hotline directory(outside Chinese Mainland), if you are in China Mainland, please dial 95516.
5.THE RECIPIENTS OF YOUR PERSONAL DATA AND CROSS-BORDER TRANSFERS
The recipients of your personal data are:
• UPI's staff, establishments and affiliates;
• UPI's processors and other contractors, suppliers and service providers;
• UPI Members and TPSP;
Such recipients shall undertake all necessary measures to keep your personal data confidential.
Additional requirements apply when your personal data is transferred to (or accessed from) another country/region. UPI only transfers personal data to another country/region where that transfer complies with data protection law.
The data are stored in Hong Kong and we will protect it in accordance with this Privacy Notice and applicable law.
UPI may use your personal data (including your contact numbers) for direct marketing to you. This includes sending you marketing communications about updates, latest offers and promotions in relation to the goods, services or activities of UPI (or by an agent on behalf of UPI) or, as appropriate, its affiliates and those other companies with whom UPI has joint-marketing arrangements, whether they are available through it or otherwise. UnionPay may not so use or provide your personal data except permitted by applicable law or it has received your consent.
These communications may be sent by mail, SMS and email, in accordance with applicable laws. You may opt-out of receiving marketing communications from UPI at any time by:
• calling the UnionPay service hotline. Please refer to UnionPay global service hotline directory(outside Chinese Mainland), if you are in China Mainland, please dial 95516.
• using opt-out facilities provided in marketing communications.
UPI will then take all reasonable steps to remove your name from the mailing list.
Appropriate technical and organisational measures have been implemented to prevent from unauthorised or unlawful processing of your personal data and against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed, including but not limited to:
1. In terms of internal policy, we have adopted a data classification and grading system, based on which we have imposed limitations on user permissions, usage scenario permissions and approval mechanisms.
2. In terms of techniques, we adopted irreversible encrypted storage and isolated storage, adopted de-identification technique during information display, and dedicated line transmission, encrypted transmission, isolated transmission as well as other techniques to ensure the security of your personal data.
3. If a data breach occurs, we may communicate the data breach to you and notify it to the supervisory authorities in accordance with the requirements of applicable laws.
In order to ensure that you have a smoother and more relaxed experience, when you use the service provided by UPI, we may identify you through a small data file 'Cookie' to help you reduce the number and frequency of information entry, or assist determining the security status of your account. Cookies usually contain identifiers, site names, and some numbers and characters. With the help of cookies, websites can store data such as your preferences.
In addition to cookies, we may use Web Beacon to collect statistics about anonymous visits to calculate the number of user visits, stay time, page addresses visited, display settings, etc., so that you can enjoy more personalized services, and these statistics do not include your personal data.
Your personal data will be stored for the period of time required by applicable law. This may involve retaining data following your transaction. For example, UPI will, in accordance with the requirements of the Anti-Money Laundering Law of the People's Republic of China, require customer transaction information to be kept for at least five years after the transaction ends. UPI will keep relevant web logs for your use of the service for no less than six months in accordance with the requirements of the Cybersecurity Law of the People's Republic of China. We will delete your personal data once it is no longer required for any of the purposes described above.
In order to determine the amount of time we will store your personal data we take into consideration the role and function of the information, type of products and services, nature of the relationship between you and us and statutory requirement of retention period made by applicable laws and regulations.
The UPI service is not directed to individuals under the legal age of majority in their respective countries/territories. If you are children, the consent of the holders of parental responsibility over children is to be obtained.
11.LINKS TO OTHER WEBSITES
You may find links to access the websites of other companies on UPI website. We recommend that you read the privacy policies of these other websites, as this Privacy Notice does not apply to their processing of your personal data and UPI is not responsible for the processing of your personal data on external websites.
12.CHANGES IN PRIVACY NOTICE
If you have any questions about data protection, this Privacy Notice or your right, you can call UnionPay service hotline. Please refer to UnionPay global service hotline directory(outside Chinese Mainland), if you are in China Mainland, please dial 95516.