Privacy Policy Legal Disclaimer and Privacy Policy Version: September 2020 Company: Smart Aroma Notice Your trust is very important to us, and we fully recognize the significance of user information security. We will take security measures as required by laws and regulations to ensure the safety and controllability of your personal information. Therefore, we have formulated this Legal Disclaimer and Privacy Policy (hereinafter referred to as the "Policy"). We remind you: Before using our services, please carefully read and fully understand this Legal Disclaimer and Privacy Policy. Only after confirming that you fully understand and agree can you use the related products and services. Once you start using our services, it will be considered as your acceptance and acknowledgment of this Policy. Before accepting this agreement, please carefully read the entire content (especially the parts marked in bold and/or underlined). If you have any doubts about the terms of this agreement, please inquire with the relevant department, and we will explain the terms to you. If you do not agree with any part of this agreement or cannot accurately understand our explanation of the terms, please do not proceed with further actions. Definitions Personal Information: Refers to various information that can identify a natural person’s identity, either individually or in combination with other information, including but not limited to a person’s name, date of birth, ID number, biometric information, address, phone number, etc. The personal information in this Privacy Policy is collected, transmitted, stored, used, and shared for the purpose of providing you with our services. Business Data: Unlike personal information, business data refers to data uploaded, downloaded, stored, and processed by you using our services. Legal Disclaimer 1. Ownership Rights 1.1. Our logo, brand name, text, graphics, and combinations thereof, as well as other identifiers, trademarks, and service names, are registered trademarks in China and other countries. Without our written authorization, no one is allowed to display, use, or handle these in any way (including but not limited to copying, spreading, displaying, mirroring, uploading, or downloading). Nor may anyone suggest that they have the right to display, use, or handle these. 1.2. All our products, services, technologies, and programs (hereinafter referred to as "technical services") are owned by us or the rights holders of the respective products and services. 1.3. Unless otherwise stated by us, we own all the rights (including but not limited to copyrights, trademarks, patents, trade secrets, and other related rights) to the documents and other information we publish, such as text, graphics, images, photos, audio, video, icons, colors, layout designs, electronic documents, etc. Without our permission, no one may use, copy, broadcast, display, mirror, upload, or download any content from us. Authorized browsing, copying, printing, and disseminating of our content must not be used for commercial purposes, and any usage must include this rights statement. 2. Limitation of Liability We hereby remind you that during the use of our services, you must comply with the laws of the People’s Republic of China, and you must not engage in activities that harm network security or use our services to infringe on others' reputation, privacy, intellectual property, and other legal rights. Despite this reminder, we do not bear any responsibility for the use of our services for purposes or goals other than those intended. 3. Intellectual Property Protection We respect intellectual property and oppose and combat infringements. Any organization or individual who believes our client page content may infringe on their legitimate rights can submit a written rights notice, and we will promptly address the matter after receiving a valid notification from the intellectual property rights holder. We will sign strict confidentiality agreements with companies, organizations, and individuals with whom we share user information, requiring them to handle user information in accordance with our instructions, this Privacy Policy, and other relevant confidentiality and security measures. 3.2. Transfer We will not transfer your user information to any company, organization, or individual, except in the following cases: 3.2.1. With explicit consent: If we obtain your explicit consent, we may transfer your user information to others. 3.2.2. In the event of a merger, acquisition, or bankruptcy liquidation involving us or another legal entity, or other situations involving mergers, acquisitions, or bankruptcy liquidation, where user information transfer is necessary, we will require the new entity holding your user information to continue to adhere to this Policy. Otherwise, we will require the company, organization, or individual to obtain your consent again. 3.3. Public Disclosure We will only publicly disclose your user information under the following circumstances: 3.3.1. If you explicitly consent or choose to disclose your user information, we may disclose it. 3.3.2. To protect the personal property safety of our platform, its affiliates, users, or the public, we may disclose your user information based on applicable laws or our relevant agreements. 3.4. Exceptions for Sharing, Transferring, and Public Disclosure of User Information Without Prior Consent In the following cases, sharing, transferring, or publicly disclosing your user information does not require prior consent: 3.4.1. Related to national security or defense security. 3.4.2. Related to public safety, public health, or major public interests. 3.4.3. Related to criminal investigation, prosecution, trial, and enforcement of judgment. 3.4.4. To protect your or other individuals’ major legal rights such as life and property when it is difficult to obtain consent. 3.4.5. Personal information that you voluntarily disclosed to the public. 3.4.6. Personal information collected from publicly disclosed legal sources, such as news reports or government public information channels. 4. User Information Management 5.1. You can log in to our client "administrator interface" to view and manage (modify or delete) basic business information (e.g., family area, family status, address) and family member information submitted when using our services. 5.3. In the following cases, you can request us to delete your user information: 5.3.1. If we process user information in violation of laws and regulations. 5.3.2. If we collect or use your user information without obtaining your explicit consent. 5.3.3. If we process your personal information in a way that severely violates our agreement with you. For security reasons, you may be required to provide a written request or otherwise prove your identity. We may first require you to verify your identity before processing your request. 5. Use of Cookies and Similar Technologies 6.1. To ensure normal operation, provide a smoother access experience, and recommend content you may be interested in, we store a small data file called a "Cookie" on your device. Cookies usually contain identifiers, site names, and some numbers and characters. We can only read the cookies we provide. 6.2. With cookies, we can store your preferences. The next time you visit, we will display the information you need. 6.3. You can manage cookies according to your preferences, or you can clear all cookies stored on your mobile device. However, if you do so, you will need to change your settings each time you visit us. 6.4. In addition to cookies, we also use beacons and pixel tags and other similar technologies. 6. User Information Security 7.1. We take your information security very seriously. We strive to implement reasonable physical, electronic, and managerial security measures to protect your user information from unauthorized access, public disclosure, use, modification, damage, or loss. We use encryption technologies to improve information security; we use trusted protection mechanisms to prevent malicious attacks; we implement access control mechanisms to ensure that only authorized personnel can access user information; and we conduct security and privacy protection training courses to enhance employee awareness of the importance of protecting user information. 7.2. We will take reasonable and feasible measures to avoid collecting irrelevant and unnecessary user information. We will only retain your user information for the period necessary to achieve the purposes stated in this Policy, unless an extension is agreed upon or legally permitted. After the retention period expires, we will delete or anonymize your personal information. 7.4. In the unfortunate event of a security incident (such as a leak or loss of user information), we will promptly inform you according to legal requirements: the basic situation of the security incident, its possible impact, the measures we have taken or will take, and suggestions for you to independently prevent and reduce risks, as well as remedial actions. We will notify you promptly via email, letter, phone, push notifications, or other means. If it is difficult to notify each user individually, we will adopt reasonable and effective means to announce the situation. 7.5. We will also report the incident to the regulatory authorities as required. 7.6. In the event of our product or service discontinuation, we will take reasonable measures to protect your user information, including promptly stopping the collection of user information, notifying users of the service discontinuation either individually or publicly, and deleting or anonymizing the personal information we hold. 7.7. If we use user information for purposes beyond the initial stated collection purpose or beyond directly related purposes, we will notify you and obtain your explicit consent. 7. Protection of Minors We value the protection of minors' personal information. If you are a minor, we recommend that your guardian carefully read this Privacy Policy and use our services or provide us with information only after obtaining your guardian’s consent. 8. Updates to the Privacy Policy 8.1. Our Privacy Policy may be revised. 8.2. Without your explicit consent, we will not limit the rights you are entitled to under this Privacy Policy. We will publish any revisions to the Privacy Policy on a dedicated page. 8.3. For major revisions, we will provide more prominent notifications (including, for certain services, notifying you through public notices that explain the specific changes to the Privacy Policy). 8.4. Major changes to this Policy include, but are not limited to: 8.4.1. A major change in our service model, such as the purpose of processing user information, types of user information processed, and how user information is used. 8.4.2. A major change in our control or organizational structure, such as ownership changes resulting from business adjustments, mergers, acquisitions, or bankruptcies. 8.4.3. A change in the main parties to whom user information is shared, transferred, or publicly disclosed. 8.4.4. A major change in the rights you have to participate in the processing of user information and how these rights can be exercised. 8.4.5. A change in the department responsible for user information security, contact details, and complaint channels. 8.4.6. An assessment report on user information security indicating high risks. 9. How to Contact Us If you have any questions or concerns about the content of this statement and policy, or if you have any questions or comments regarding our practices and operations of this Privacy Policy, you can contact us via the online hotline.