Privacy Policy

Foundire is provided by PayInOne ("PayInOne", "we", "our" or "us"). We respect your privacy and are committed to safeguarding your personal information. This privacy policy ("Policy") outlines how we collect, use, and protect your information when you access or use our Foundire services through our website ("Services"). For purposes of this Privacy Policy, "you" and "your" means you as a user of the services ("User"). Unless otherwise defined in this Policy, capitalized terms used in this Policy have the same meanings as in our Terms of Service. This Policy governs your use of the Services however accessed, including via an internet browser, smartphone, tablet, or other internet connected device, and is incorporated into and forms part of our Terms of Service. This Policy will also provide you with information so that you are able to consent to the processing of your personal data in an explicit and informed manner, where appropriate. We ask that you read our Privacy Policy carefully before using the Services. By accessing, browsing or otherwise using the Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not accept the Policy, you shall not access, browse, or use the Services.

Commitment and Standards. PayInOne is committed to privacy and the protection of all personal data related to the users of the Services. The personal data provided by users to PayInOne during the service usage will be protected and regulated in accordance with applicable laws and the Policy. Privacy standards differ depending on where you are in the world. We will collect, store, use and disclose personal data in accordance with all applicable laws relating to the protection of personal data, including but not limited to Personal Information Protection Law of the People's Republic of China, the EU General Data Protection Regulation 2016/679 and any national implementing legislation ("Data Protection Laws"). PayInOne is also committed to upholding strong ethics as part of our core business approach. We have adopted rigorous principles and processes to govern the use of newer technologies and place a great focus on Privacy.

Amendment. Since laws change, technology changes, our product evolves, and your feedback makes us better, we may change this Privacy Policy from time to time. We will notify you of the policy changes by displaying the effective date of the changes at the top of the Policy, or by other means if applicable. The effective date of the changes will always be at the top of the policy. By continuing to use our Service or providing us with personal data after we have posted an updated Privacy Policy, or notified you by other means if applicable, you consent to the revised Privacy Policy and practices described in it. Every time you wish to use the Services, please check this Privacy Policy to ensure you understand the Policy that apply at that time. We encourage you to periodically review this page for the latest information on our privacy practices.

Recruiting Services Notice. Foundire is designed for recruiting and hiring workflows. If you use Foundire as a candidate, reference, or interviewer, your information may be provided by you, by the Foundire customer you interact with (such as an employer or recruiter), or by third parties at the customer's direction. In those cases, Foundire may process your Personal Data on behalf of that customer, and the customer's own privacy practices may also apply.

Personal data. We may collect, use, store, and transfer certain personally identifiable information that alone or in combination with other information in our possession could be used to contact or identify you ("Personal Data" "Personal Information"). "Personal Data" means any information relating to an identified or identifiable natural person (a "Data Subject"). Identifiable means someone who can be identified directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Data includes Special Category Data (defined below) but excludes: publicly available information from government records; data where the identity has been removed (anonymous, de-identified, or aggregated consumer information); information specifically excluded from the scope of relevant privacy and security laws and regulations.

Personal Data we collect may include: (a) Identity Data. First name, surname, middle name (optional), username or similar identifier, date of birth, information of ID card/Passport/Driver's License or other identification documentation. (b) Contact Data. Email address and telephone numbers. (c) Special Category Data. A sub-category of Personal Data and means information revealing biometric recognition, religious belief, specific identity, medical and health. (d) Technical Data. Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website. (e) Usage Data. Information about how you use our website, products and services. (f) Marketing and Communication Data. Your preferences in receiving marketing from us and our third parties and your communication preferences. (g) Public and Third-Party Records. Details about you that are in public records and information about you that is publicly available on the internet. We also collect information about you which we receive from other companies, such as credit reference or fraud protection agencies.

Aggregated Data. "Aggregate Data" means de-identified aggregated data or information regarding information or data submitted to, collected by, or generated by PayInOne through the Services or in connection with PayInOne Services.

Recruitment Data. "Recruitment Data" means any documents, files, information or data provided, stored or processed through use of the Services that concerns the User's human resource demands, job openings or recruiting practices, or any documents, files, information, or data related to candidates. Recruitment Data includes, without limitation, the names, addresses, telephone numbers, e-mail addresses and any other personally identifiable information of the User's candidates. The Recruitment Data does not include (a) Aggregate Data; (b) information or data collected directly by third party providers from the User or any; or (c) any PayInOne Materials.

Interview Data. "Interview Data" means audio, video, or text collected during interviews or assessments conducted through the Services (including live interviews, collaborative interviews, mock interviews, or screening questionnaires), such as recordings (where enabled), transcripts, chat messages, candidate responses, timestamps, interviewer notes, rubrics, and evaluation outputs.

AI Inference and Output Data. "AI Inference and Output Data" means data generated by automated systems (including machine learning or generative AI) based on Recruitment Data or Interview Data, such as suggested interview questions, summaries, skill tags, scoring suggestions, recommendations, and similar analytics. AI-generated outputs may be probabilistic and may contain errors.

Background Check Data. "Background Check Data" means information used to initiate, conduct, or review background screening where enabled, which may include identifiers provided by the relevant individual (or by a customer with lawful authority) and results returned by third-party background check providers. Background Check Data may include sensitive information depending on jurisdiction and the scope of the check.

Cookies. "Cookies" are small text files that are placed on your computer by the websites you visit. They are widely used in order to allow websites to work properly, remember your preferences, improve user-experience and provide information to the owners of the Services. We mainly use cookies that are necessary for the proper functioning of the website, as well as for providing you with an enhanced user-experience. More details about cookies can be found in below in this Policy.

Email Import Data. If you choose to connect an email account (for example, via IMAP) to import candidate resumes or other Recruitment Data, we may process the messages and attachments you authorize us to access for that purpose. Email access credentials are stored encrypted and you can disconnect the integration at any time to stop further access.

Voice Profile Data. Where enabled, the Services may allow an interviewer to create a voice profile to support speaker identification in voice-assisted interviews. Voice Profile Data may be considered biometric data in some jurisdictions. You can delete your voice profile in the Services at any time.

AI Interviewer. Certain interview modes use an AI-powered virtual interviewer to conduct interviews. The virtual interviewer's responses are generated by artificial intelligence. Candidates will be informed when participating in an AI-conducted interview.

Provide our services for you. We only use or process your personal data as allowed by the law and do not sell it. Depending on whether you are a visitor, client, employee, candidate, contractor, vendor or supplier, we use information we collect to: (a) manage our relationship with you or your business; (b) provide services, carry out our obligations arising from and exercising our rights set out in our contracts; (c) respond to your requests; (d) protect the security or integrity of our Site and Services; (e) improve our marketing and promotional efforts; (f) statistically analyze Site usage; (g) improve our product offerings and user experience; (h) customize and operate recruiting workflows, including resume parsing and screening, candidate communications, interview scheduling, AI-assisted interviewing, evaluation, and background checks where enabled; (i) maintain business records, logs, and other reporting tools; and (j) other general administrative and operational tasks.

Secure access to our services, operate and improve our platform, and analyze and develop our products and services. PayInOne has the right to aggregate data submitted to, collected by, or generated by PayInOne through the Services or in connection with our services in a non-identifiable format, and to freely use the aggregated data for our own business purposes, including to improve, support, or expand the Services or our services. All aggregated data that we disclose to third parties will be in anonymous, de-identified form only and will not be specifically linked to you or to any individual. PayInOne retains all intellectual property rights in the aggregated data.

Marketing and communication. We may use your data to contact you to communicate with you about products or services we believe may be of interest to you. We may use that information to send special offers to your email or telephone number with your consent. You may also opt out of receiving emails by following the instructions contained in each promotional email we send you. If at any time you do not wish to receive future marketing communications, you may contact us. If you unsubscribe from our marketing lists, you will no longer receive marketing communications but we will continue to contact you regarding management of your account, other administrative matters, and to respond to your requests.

Crime prevention and managing risks. Our services comply with laws and regulations, so we need to manage risk for us and our Users. We will identify, investigate, report and prevent fraud, money laundering and other crime. We may validate your identity (including via SMS or Voice Call, as applicable).

Exemptions for the collection and use of personal data. According to relevant laws, regulations and regulatory rules, we may collect and use your personal information without your authorization or approval in the following circumstances: The collection and use of your personal information directly relates to national security and defense and other national interests; For the purpose of safeguarding yours or other persons' life, property, reputation, and other significant legitimate rights and interests, and it is difficult to obtain individual consent; The personal information collected has been made public by you; The personal information has been collected from information disclosed to the public in accordance with the law, including legal news reports, government information, and other channels; The information is necessary for signing and executing a contract at your request; The information is necessary for maintaining the safe and stable operation of products or services provided, e.g., finding and handling service failures; Other circumstances as stipulated by laws, regulations, and regulatory rules.

Sharing with third-parties. In certain circumstances we may share your data with third parties for being efficient about how we fulfil our legal and contractual duties: Recruitment Data and Interview Data are typically processed to provide the Services to the relevant Foundire customer (for example, an employer or recruiter). Accordingly, we may share such data with (a) the customer account that created the job opening or invited you to an interview; and (b) our service providers that help us deliver the Services (for example, cloud hosting and storage, communications (email/SMS), video/audio and transcription, analytics, and customer support). Where background check functionality is enabled, we may share necessary information with third-party background check providers at the customer's direction and subject to applicable law.

Vendors, Suppliers and Service Providers. To assist us in meeting business operations needs and to perform certain services and functions, we may share data with vendors and service providers. When we provide your information to these third parties, we enter a contract that requires the recipient to keep that information confidential. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, and the law.

Other third parties as required to provide our services. They may include: (a) government agencies and taxing authorities; (b) credit reference agencies; (c) banking and financial institutions; insurance carriers; (d) legal and financial advisors and auditors.

Legal requirements. We may share your data, if required to do so by law or our good faith belief that such action is necessary to: (a) comply with a legal obligation; (b) protect and defend our rights or property; (c) act in urgent circumstances to protect the personal safety of users of the Services, or the public; (d) detect, prevent, or respond to fraud, intellectual property infringement, violations of this Policy, our Terms of Service, violations of law, or other misuse of our Site or otherwise; (e) protect against legal liability.

Affiliates and business transfer. We may share data with our current and future affiliates, meaning an entity that controls, is controlled by, or is under common control with our Company. Our affiliates may use the data we share in a manner consistent with this Policy. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a "Transaction"), your data and information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets. In such event, we will use commercially reasonable efforts to help ensure that your data and information will be subject to appropriate privacy protections, in accordance with applicable privacy law.

Subprocessors and service providers. To deliver the Services, we may use third-party service providers (subprocessors). Key subprocessors may include Cloudflare (CDN, security, and storage), Microsoft Azure (speech recognition/transcription), OpenAI (AI inference), and Stripe (payment processing). We will update this Policy when we make material changes to our subprocessors.

AI-Assisted Recruiting and Automated Processing. Certain features of the Services use machine learning and generative AI to analyze Recruitment Data and Interview Data to generate insights such as interview questions, summaries, and scoring suggestions. These outputs are intended to assist human decision-making and are not a substitute for professional judgment. Foundire does not make hiring decisions.

We do not use Recruitment Data or Interview Data to train our own models. When you use AI features, we may send relevant content to third-party AI providers (for example, OpenAI) solely to provide the Services. Where available, we configure third-party AI provider settings to restrict secondary use of your data (such as model training). If you would like to disable AI features for your account, please contact [email protected].

Cookies. We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information. Types of cookies we use may include, but are not limited to: (a) Necessary cookies. These cookies are strictly essential in order to enable you to navigate around the webpages and the various features. Our website requires the use of these cookies to properly operate or provide necessary functions relating to the services you request. (b) Analytical cookies. These cookies collect information about how you use the website, for example, which pages are visited the most often as well as if any error messages may have occurred. The information collected remains anonymous and does not include any identifiable information about the website visitor. (c) Preferences cookies. These cookies allow our website to remember information that changes how the website behaves or looks, like your preferred language or the region you are in. (d) Marketing cookies. These cookies enable different advertising related functions. They may allow us to record information about your visit to our website, such as pages visited, links followed and videos viewed. We do not sell your data to any third parties. We may use them, however, for gathering analytics and intelligence about the Services. These cookies only use anonymous identifiers and have no way of associating identifiable users. (e) Third-party cookies. Some cookies we use are from third party companies, which provide us with web analytics and intelligence about our websites. We do not control the third party's use of those cookies, their duration, or their ability to share information with other third parties. Please review each party's cookie disclosure before consenting to this use category.

You can manage your cookies settings to clear or block specific cookies, such as third-party cookies, or all cookies. You may consent to the use of all, some, or none of our non-essential cookies. While continued use of the website will imply your consent. You may withdraw your consent or otherwise limit your consent at any time on our Cookie Choice page. Should you opt to accept all cookies, they won't be with you forever. With the exception of essential cookies, all cookies will expire after two weeks.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service. You can access these settings via our cookie banner, or in your browser by going to the browser settings; this option should be available for most browsers. Please keep in mind that by clearing all cookies, your website preferences may be lost, including your ability to opt-out enabling cookies as this function itself requires the placement of a cookie on your device.

Self provided. We collect data when you create an account on our site, subscribe to and use the Services, request marketing to be sent to you, enter a promotion or survey, or give us feedback or contact us. In addition, we receive data provided by you when filling in forms (e.g., applications or questionnaires) on our Site or other third-party sites, sign up to receive notifications, newsletters or other communications from us, interact with our social media accounts or correspond or otherwise communicate with us. You should check the privacy settings of third-party services to understand what data may be disclosed to us. If you provide us with personal information of other individuals, you shall ensure that you have obtained sufficient authorization to share such personal information with us and to permit us to process it. In a recruiting context, a customer may upload or integrate Recruitment Data (such as resumes, interview notes, or candidate contact details) and is responsible for providing any required notices and obtaining any required consents from candidates and other individuals.

Third-parties provided. They may include: (a) companies and business partners that introduce you to us; (b) our service partners, third-party vendors and suppliers, including without limitation those that help us authenticate your identity; (c) social networks and other technology providers, for instance, when you click on one of our Google adverts; (d) fraud prevention agencies; (e) financial services companies to fulfil a payment or other service as part of a contract which they have with you, or to help prevent, detect and prosecute unlawful acts, money laundering, and fraudulent behavior; (f) public information sources; (g) third-party agents, suppliers, sub-contractors and advisers; (h) market researchers; (i) firms providing data services; (j) government, law enforcement agencies, authorities and regulatory bodies to help us comply with legal obligations.

Automatically collected and cookies. PayInOne may automatically collect certain Technical Data when you access and interact with the Services, including your IP address, browser type, operating system, the type of device you are using, and the device identifier. We also use technologies such as cookies, beacons, tags, server logs, and scripts in order to gather information regarding your use of the Services. This allows us to analyze trends, administer the Services, and gather demographic information about our user base as a whole. We also use cookies and other internet tracking software to collect data while you are using our website or mobile apps with your consent. Some features of the Services may only be available through the use of a cookie. You are always free to decline cookies if your browser permits, although in that case you may not be able to use certain features of the Services and you may be required to reenter your password more frequently during a session.

Email import (IMAP) and attachments. If you choose to connect an email account to import candidate resumes or other Recruitment Data, we access messages and attachments only as authorized by you for the purpose of importing that data into the Services. Email access credentials are stored encrypted and can be removed by disconnecting the integration at any time, which will stop further access.

We will only retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, and consistent with applicable law, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. After the above purposes have been achieved or the retention period has expired, we will delete your personal data or anonymize your personal data.

We may also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods. In that case, we will aggregate or anonymize your personal data so that it can no longer be associated with you.

In some circumstances you can ask us to delete your data, via email to [email protected]. Please be aware that it is not always possible to completely remove or delete all of your personal information from our systems due to backups or technical constraints, for example, the period of retention stipulated by laws and administrative regulations has not yet expired, the deletion of personal information is technically difficult to implement, or where the processing of personal information is necessary for us to provide our products and/or services to you.

Recruitment Data retention. Recruitment Data, Interview Data, and AI Inference and Output Data are retained for as long as necessary to provide the Services and in accordance with our contractual commitments and the instructions of the relevant Foundire customer. Customers may delete candidate records, resumes, transcripts, and other Customer Data within the Services where available and may request deletion. If you disconnect an email import integration, we stop accessing the mailbox and delete stored email access credentials within a commercially reasonable period. Voice Profile Data can be deleted in the Services at any time. We may retain certain information for backups, security, fraud prevention, dispute resolution, and compliance with applicable law; backup copies may persist for a limited period (for example, up to 90 days) after deletion.

The security of your Data and Personal Information is important to us. We implement commercially reasonable technical, physical, administrative, and organizational measures to protect Personal Data both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Finally, we have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

However, please be aware that no method of transmission over the internet, email or method of electronic storage is ever fully secure or error free, and we are unable to guarantee the absolute security of the Personal Information we have collected from you. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Services, or third-party websites. You are also a key stakeholder in making sure that your Personal Information is protected. If you become aware of any breach of security or privacy, please contact us immediately.

Links to other sites. The Services and Service may contain links to other websites including social media services not operated or controlled by us ("Third-Party Sites"). If you click on a third-party link, you will be directed to that third party's site. By providing these links we do not imply that we endorse or have reviewed these sites. We strongly advise you to review the Privacy Policy of every site you visit. The information that you share with Third-Party Sites will be governed by the specific privacy policies and terms of service of the Third-Party Sites and not by this Privacy Policy. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites or services. Please contact the Third-Party Sites directly for information on their privacy practices and policies.

Information collected while you use the Services and/or Service, including your Personal Information, may be transferred to and maintained on computers located outside of your country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. Your consent to this Privacy Policy followed by your submission of such Personal Information represents your agreement to that transfer. Accordingly, by using our services, you authorize the transfer of your information to where we are based and to other locations where we and/or our service providers operate, and to their storage and use as specified in this Privacy Policy.

Cookies. The cookies we use may process, store, or transfer personal data in and to a country outside your own, with privacy laws that provide different, possibly lower, protections. You consent to this transfer, storing, or processing when you consent to our cookie use.

We do not knowingly collect Personal Information from minors. If you are a parent or guardian and you learn that your minor child has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a minor without verifiable parental consent, we will take steps to remove that information from our servers.

The age described in Clause 8.1 may differ in different jurisdictions to define a "minor" in accordance with applicable laws. PayInOne will strictly comply with Data Protection Laws where applicable.

We will only use and disclose the personal information of a minor, which we collect with the consent of their parent or guardian, as permitted by laws, regulations, and regulatory requirements, upon the unambiguous consent of the parent or guardian, and as necessary to protect the minor. We will adhere to the principles of justification, necessity, informed consent, specific purpose, security safeguards and legal use, ensure strict compliance with laws and regulations in the storage, use, and disclosure of such information, and will not retain it for a longer period than is necessary to achieve the purpose of collection and use. We will protect the confidentiality and security of the personal information of minors in accordance with relevant national laws and regulations.

The information below is required pursuant to EEA law regarding privacy and data protection. The terms below apply to our EEA and UK customers and Website visitors, in addition to the terms in the rest of the Policy. We collect, process, use and are responsible for certain personal information about you, regulated under the General Data Protection Regulation (EU) 2016/679 (GDPR) which applies across the European Union and EEA (including in the UK), and the Data Protection Act 2018 (together with the DPA).

Data transfer. You should be aware that when sharing your information, it may be transferred to, and stored at, a destination outside the EEA or the UK, as applicable. Please note that where data is transferred outside of the EEA, non-EEA countries may not offer the same level of protection for personal data as is available in the EEA. PayInOne will take various measures to ensure that your data is treated securely, which may include, but not be limited to: (a) assessing the security measures taken at any place your personal data is transferred to; (b) having suitable contract terms in place that oblige a data processor to only process in accordance with our instructions; (c) having monitoring, reporting and resolution procedures in place with regard to ongoing security; and (d) only transferring your data via an appropriate safeguard as described in Article 46 of GDPR, including: Standard Contractual Clauses adopted by the European Commission (Article 46.2).

Data subject rights. You have rights regarding how your personal data is handled, especially some or all of the following: (a) to request access to your personal data; (b) to rectify inaccurate personal information; (c) to erase your personal information in limited circumstances where it is no longer necessary in relation to the purposes for which it was collected or processed; however, we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request; (d) to request the transfer of your personal data to you or to a third party; (e) to obtain a copy of your personal information together with information about how and on what basis that personal information is processed; to obtain a portable copy of your personal information, or to have a copy transferred to a third-party controller; to obtain a copy of or access to safeguards under which your personal information is transferred outside of the EEA; (f) to challenge processing which we have justified on the basis of our legitimate interest; to object to decisions which are based solely on automated processing or profiling; to restrict processing of your personal information where: the accuracy of the personal information is contested; the processing is unlawful but you object to the erasure of the personal information; we no longer require the personal information for the purposes for which it was collected, but it is required for the establishment, exercise or defense of a legal claim; and/or (g) to withdraw consent at any time where we are relying on consent to process your personal data; however, this will not affect the lawfulness of any processing carried out before you withdraw your consent; and if you withdraw your consent, we may not be able to provide certain products or services to you; we will advise you if this is the case at the time you withdraw your consent.

We will not discriminate against you for exercising any of your rights related to accessing, restricting, transferring, or deleting your personal information. If you wish to exercise any of the rights set out above, please contact us at [email protected]. We may ask you for additional data to confirm your identity and for security purposes, before disclosing data requested to you. We reserve the right to charge a fee where permitted by law. We may also decline to process requests that jeopardize the privacy of others, are extremely impractical, or would cause us to take any action that is not permissible under applicable laws. Additionally, as permitted by applicable laws, we may need to retain certain personal information for a limited period of time for record-keeping, accounting and fraud prevention purposes.

("China" for the purposes of the Privacy Policy here refers to Mainland China or the People's Republic of China ("PRC"), and excludes the Special Administrative Regions of Hong Kong and Macao, and Taiwan.) If you are a PRC resident, the following information applies to you in addition to the Policy.

Definition of Personal Information. Personal information refers to all kinds of information relating to an identified or identifiable natural person recorded electronically or otherwise, excluding information that has been anonymized. Personal information includes names, dates of birth, ID numbers, personal biometric information, correspondence addresses and contact information, places of residence, account information, property information, whereabouts, communication records and content, account passwords, credit information, accommodation information, health and physiological information, and transaction information. Any personal information that, once leaked or illegally used, may easily result in an infringement of the personal dignity of a natural person or damage to personal or property safety, is considered sensitive personal information, which includes biometric information, identification information, religious beliefs, medical health information, financial accounts information, and whereabouts, and the personal information of individuals under the age of fourteen.

Cross-border Transfer of Personal Information. In order to provide and improve our services, we may share, transfer, or store your personal data outside of Mainland China if we are satisfied that adequate levels of protection are in place to protect the integrity and security of your personal data or adequate security measures have been adopted in compliance with legal requirements. We will ensure that the entity that receives your personal data properly handles your personal data and your personal data gets the same level of protection that it obtained in Mainland China. In addition, we will strictly comply with PRC laws and regulations on data security and personal information protection.

Your Data Protection Rights. You have the following rights: To request access to your personal data. You have the right to access the personal data we are keeping about you. In many cases, this information is already available to you in your online services from us. Your right to access this data may, however, be restricted by legislation, protection of other persons' privacy, and consideration for PayInOne's business practices, business secrets and internal assessments. To request corrections of incorrect or incomplete data. If the data we have about you is incorrect or incomplete, you are entitled to have the data corrected, as long as such corrections are compliant with any restrictions imposed by law. You have the right to change the scope of your consent or withdraw your consent. You have the right to refuse to be contacted for direct marketing purposes. To request erasure. You have the right to request the deletion of your data under the following circumstances except where the period of retention stipulated by laws and administrative regulations has not yet expired or; the deletion of personal information is technically difficult to implement; or where the processing of personal information is necessary for us to provide our products and/or services to you: when our processing of your personal information violates the law or the agreement with you; when we collect or use your personal information without your consent; when the purpose of processing your personal information has been achieved, cannot be achieved, or the processing is no longer necessary (e.g., when you no longer use our services); when we no longer provide you with any services; or when you have withdrawn your authorization and consent to our processing of your personal information. Other rights stipulated by current laws and regulations.

Information Security Protection. PayInOne strives to guarantee its users' information security, so as to avoid information loss, improper use, and unauthorized access or disclosure of its users' data. PayInOne will take various security protection measures to ensure information security within a reasonable security level. For example, PayInOne will protect your personal information by using encryption techniques, anonymous processing, and other means. PayInOne will establish special management rules, processes, and organizations to safeguard information security. For example, PayInOne will strictly restrict the scope of persons who have access to your information and require them to observe confidentiality obligations.

Protection of Personal Information of Minors. Our website and services are mainly targeted at adults. Without the consent of parents or guardians, underage children should not create their own user accounts. If you are a child under the age of 18, please ask your parent or guardian to read the Policy and the additional terms for China users carefully, and not use our services or provide information to us until you obtain the consent of your parent or guardian. We will only use and disclose the personal information of a minor, which we collect with the consent of their parent or guardian, as permitted by laws, regulations, and regulatory requirements, upon the unambiguous consent of the parent or guardian, and as necessary to protect the minor. We will protect the confidentiality and security of the personal information of minors in accordance with relevant national laws and regulations. If your parent or guardian does not consent to your use of our services or to your provision of information to us in accordance with the Policy and the additional terms for China users, please cease to use our services immediately and send a notice to us promptly. If you are the parent or guardian of a child under the age of 18, please contact us using the contact information provided below if you have any doubts about the processing of the personal information of the child under your care or guardianship.

If you have any questions about our Privacy Policy or information governance practices, please feel free to contact us ([email protected]). If you disagree with our approach or have a particular concern with how we handle your Personal Data, you may lodge a complaint with your country's proper oversight agency. We would, however, appreciate the chance to deal with your concerns directly before you make a complaint so please contact us first.