Personal information protection standards and obligations

Our partners commit to strictly comply with legal requirements and user agreements in handling personal information during the provision of products and services, ensuring the maximum protection of users' lawful rights and social public interests. Our partners undertake to adhere to the following standards and obligations for personal information protection:

When processing personal information, it should adhere to the principles of legality, legitimacy, necessity, and good faith. Our partners are committed to strictly prohibiting the handling of personal information through misleading, fraudulent, coercive, or any other improper means. Users shall not be compelled to provide unreasonable 'one-time authorizations'.
The processing of personal information should have clear and reasonable purposes, directly related to the processing objectives, and adopt the least intrusive approach to individuals' rights. The collection of personal information should be limited to the minimum scope necessary to achieve the processing purposes and should not involve excessive collection of personal information.
When processing personal information, the principle of minimum necessity should be followed. Only the minimum and necessary types and quantities of personal information directly related to the business functions of providing products or services should be processed. The collection frequency should be controlled to what is reasonably required for the business, and no personal information unrelated to the provided products and/or services should be collected, nor should personal information be collected excessively. Additionally, the storage period of personal information should also follow the principle of minimum necessity. After the purpose is achieved, personal information should be promptly deleted or anonymized.
Personal information processing rules should be disclosed in a clear, understandable, and reasonable manner, including the scope, purposes, methods, etc., of processing personal information. An interface should be provided for easy access, browsing, and storage. In the event of changes to the personal information processing rules, they should be promptly updated and communicated to the individuals whose information is being processed through appropriate means.
When handling personal information, it is necessary to ensure the quality of personal information, promptly respond to the right of correction of the personal information subject, and avoid any adverse impact on personal rights and interests caused by inaccurate or incomplete personal information.
It is necessary to take responsibility for personal information processing activities. For personal information that is actively collected or processed, if it causes harm to the legitimate rights and interests of the personal information subject during the personal information processing activities, corresponding responsibilities will be assumed.
When handling personal information, it is necessary to possess security capabilities that are commensurate with the security risks faced and to adopt sufficient management measures and technical means to protect the confidentiality, integrity, and availability of personal information.
The realization of the rights of the personal information subject should be ensured, and a convenient mechanism for the personal exercise of rights should be established for the acceptance and processing of applications. Partners should provide personal information subjects with methods such as querying, copying, correcting, supplementing, deleting their personal information, as well as revoking consent, canceling accounts, lodging complaints, restricting or refusing processing rights, explaining rights, information portability rights, and exercising the rights of deceased individuals as close relatives, etc. The methods for exercising the rights of the personal information subject should be described in the privacy policy, and if a request to exercise rights is denied, the reasons should be explained.
It is necessary to establish a personal information protection management accountability system, whereby the company, as the personal information processor, implements a system of holding responsible and accountable the performance of duties and obligations by organizations at all levels within its business scope.
Jointly resist the black market industry chain. Do not collect information obtained through illegal channels and firmly reject any transactions or dealings with the personal information black market industry chain.
Advocate industry self-discipline. Jointly explore best practices for personal information protection that are scalable, replicable, and aligned with international standards, to drive and assist in raising the overall level of the industry.
Accept social supervision. Fulfill corporate commitments and proactively accept supervision from various sectors of society.

Chaintool has developed and implemented a privacy protection policy and data security measures. Partners commit to adopting and maintaining personal information protection measures that are not lower than those of Chaintool.

PreviousMain concepts and definitions NextEvaluation and audit

Last updated 1 year ago

Personal information protection standards and obligations

When processing personal information, it should adhere to the principles of legality, legitimacy, necessity, and good faith. Our partners are committed to strictly prohibiting the handling of personal information through misleading, fraudulent, coercive, or any other improper means. Users shall not be compelled to provide unreasonable 'one-time authorizations'.
The processing of personal information should have clear and reasonable purposes, directly related to the processing objectives, and adopt the least intrusive approach to individuals' rights. The collection of personal information should be limited to the minimum scope necessary to achieve the processing purposes and should not involve excessive collection of personal information.
When processing personal information, the principle of minimum necessity should be followed. Only the minimum and necessary types and quantities of personal information directly related to the business functions of providing products or services should be processed. The collection frequency should be controlled to what is reasonably required for the business, and no personal information unrelated to the provided products and/or services should be collected, nor should personal information be collected excessively. Additionally, the storage period of personal information should also follow the principle of minimum necessity. After the purpose is achieved, personal information should be promptly deleted or anonymized.
Personal information processing rules should be disclosed in a clear, understandable, and reasonable manner, including the scope, purposes, methods, etc., of processing personal information. An interface should be provided for easy access, browsing, and storage. In the event of changes to the personal information processing rules, they should be promptly updated and communicated to the individuals whose information is being processed through appropriate means.
When handling personal information, it is necessary to ensure the quality of personal information, promptly respond to the right of correction of the personal information subject, and avoid any adverse impact on personal rights and interests caused by inaccurate or incomplete personal information.
It is necessary to take responsibility for personal information processing activities. For personal information that is actively collected or processed, if it causes harm to the legitimate rights and interests of the personal information subject during the personal information processing activities, corresponding responsibilities will be assumed.
When handling personal information, it is necessary to possess security capabilities that are commensurate with the security risks faced and to adopt sufficient management measures and technical means to protect the confidentiality, integrity, and availability of personal information.
The realization of the rights of the personal information subject should be ensured, and a convenient mechanism for the personal exercise of rights should be established for the acceptance and processing of applications. Partners should provide personal information subjects with methods such as querying, copying, correcting, supplementing, deleting their personal information, as well as revoking consent, canceling accounts, lodging complaints, restricting or refusing processing rights, explaining rights, information portability rights, and exercising the rights of deceased individuals as close relatives, etc. The methods for exercising the rights of the personal information subject should be described in the privacy policy, and if a request to exercise rights is denied, the reasons should be explained.
It is necessary to establish a personal information protection management accountability system, whereby the company, as the personal information processor, implements a system of holding responsible and accountable the performance of duties and obligations by organizations at all levels within its business scope.
Jointly resist the black market industry chain. Do not collect information obtained through illegal channels and firmly reject any transactions or dealings with the personal information black market industry chain.
Advocate industry self-discipline. Jointly explore best practices for personal information protection that are scalable, replicable, and aligned with international standards, to drive and assist in raising the overall level of the industry.
Accept social supervision. Fulfill corporate commitments and proactively accept supervision from various sectors of society.

PreviousMain concepts and definitions NextEvaluation and audit

Last updated 1 year ago