Personal data means any electronic or other information which alone or jointly with other information can be used to identify a natural person or make him/her identifiable. This Policy explains how HashMax processes your personal data, but does not cover all processing scenarios as you will be informed in specific processing activity. Therefore, before using a specific product or service, it is recommended that you read the privacy notice or supplementary statement released by HashMax for that product or service to understand how it processes your personal data.
1. How HashMax Collects and Uses Your Personal Data
1) Personal Data Collected by HashMax
Personal data means any data that, either on its own or jointly with other data, can be used to identify a natural person. You directly provide us with such data when you use our websites, products, or services, or interact with us by, for example, creating a HashMax account or contacting us for support. We may also obtain data by recording how you interact with our websites, products, or services. For example, we may use technologies like cookies or receive user data from software running on your device. As permitted by law, we may also obtain data from public and commercial third-party sources, for example, purchasing statistics from other companies to support our services. The personal data we collect includes name, enterprise name, postal and email addresses, phone number, login information (account and password), photos, and certificate information, etc., depending on how you interact with HashMax, for example, the website you visit or the products and services that you use. We also collect the information you provide to us and the content of messages you send us, such as the query information you provide, or the questions or information you provide for customer service support. In addition, we may also collect Non-identifiable data, which refers to data that cannot be used to identify an individual, for example, the statistics on website visits, application downloads, and product sales volume.
Before using our products or services, you do not have to provide your personal data to HashMax, but in some cases, the non-provision of certain personal data will cause the inability to provide you with some related products or services.
2) How HashMax Uses Your Personal Data
HashMax may use your personal data for the following purposes:
1. Register a HashMax ID.
2. Information relating to e-commerce orders may be used for processing the purchase order and related after-sales services, including customer support and re-delivery. In addition, the order number is used to cross check the order with the delivery partner as well as the actual delivery of the parcel. The receipt details, including name, address, phone number and postal code are for delivery purposes. The email address is used to send parcel tracking information to the user. The list of purchased item(s) is used for printing the invoice and allowing users to see what is in the parcel.
3. Deliver, activate, or verify the products and services you have requested, or perform changes and provide technical support and after-sales services for the foregoing products and services based on your requirements.
4. Send you important notifications.
5. Provide personalized user experience and content.
6. Send you information about products and services you might be interested in, invite you to HashMax’s promotional activities and market surveys, or send marketing information to you. If you do not want to receive such information, you can opt out at any time.
7. Collect user feedback. The feedback you choose to provide is important to help HashMax improve its services. To process your feedback, we may use the personal information you provide to contact you and keep records.
8. Carry out internal auditing, data analysis, and research; analyze business operation efficiency and measure market shares; and improve HashMax’s products and services.
9. Ensuring the security of our products, services and customers or users.
10. Process pursuant to laws and regulations, e.g. tax, authority requests.
11. Other purposes within specific services or with your consent.
HashMax’s websites, online services, interactive applications, email messages, and advertisements may use “cookies” and other technologies such as pixel tags and web beacons. These technologies help us better understand user behavior, tell us which parts of our websites people have visited, and facilitate and measure the effectiveness of advertisements and web searches. We treat information collected by cookies and other technologies as non‑personal information. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered personal information by local law, we also treat these identifiers as personal information.
A cookie is a text file stored by a web server on a computer or mobile device, and the content of a cookie can be retrieved and read only by the server that created the cookie. Cookies are unique to the browser or mobile application you are using. The text in a cookie often consists of identifiers, site names, and some numbers and characters.
Sometimes, HashMax stores cookies on computers or mobile devices for the purpose of improving user experience, including the following scenarios:
Technical cookies: Login and verification. When you use a HashMax ID to log in to a website, the “session-based” cookies ensure that your visit to this site functions as smoothly as possible.
Statistical cookies. With cookies, HashMax can collect information about your use of our websites and other applications, either for a single visit (using a session cookie) or for repeated visits (using a persistent cookie).
2) Web Beacons and Pixel Tags
In addition to cookies, HashMax and some third parties may also use web beacons and pixel tags on websites. A web beacon is usually an electronic graphic image embedded into a website or email to identify your device cookies when you browse the website or email. Pixel tags allow HashMax to send emails in a way that is readable to you and find out whether an email is opened.
HashMax and some third parties use these technologies for various purposes, including analysing service usage (together with cookies) and providing more satisfactory content and advertisements to you. For example, when you receive an email from HashMax, it may contain a click-through URL which links to a HashMax web page. If you click the link, HashMax will track your visit to help us learn about your preferences for products and services and improve our customer service. You can unsubscribe from the mailing list of HashMax at any time if you do not want to be tracked in this manner.
3) Other Local Storage
HashMax and some third parties may use other local storage technologies, for example, local shared objects (also called “Flash cookies”) and HTML5 local storage, in certain products and services. Similar to cookies, these technologies store information on your device and can record some information about your activities and preferences. However, these technologies may use different media from cookies. Therefore, you may not be able to control them using standard browser tools and settings.
4) Do Not Track
Many web browsers provide a Do Not Track function that can release Do Not Track requests to websites. Currently, major Internet standardization organizations have not established policies to specify how websites should handle these requests. If you enable Do Not Track in your browser, all HashMax’s websites will respect your selection.
3. How HashMax Shares Your Personal Data
We do not share personal data with other companies, organizations and individuals unless one of the following circumstances applies:
1) Sharing with consent: After obtaining your consent, HashMax will share the information that you have authorized with specified third parties or categories of third parties.
2) Sharing pursuant to laws and regulations: HashMax may share your information as required by laws and regulations, for resolving legal disputes, or as required by administrative or judicial authorities pursuant to law.
3) Sharing with HashMax’s affiliates: Your information may be shared within HashMax’s affiliates only for explicit, and legitimate purposes, and the sharing is limited only to information required by services. For example, we verify the global uniqueness of accounts before allowing them to be registered.
4) Sharing with business partners: Some products and/or services are provided to you directly by our partners. HashMax also may share your information with them, they may use your information to provide you with products and/or services you request (e.g., products sold by third-party sellers through HashMax’s ecommerce platform, video content provided by other companies through HashMax’s applications), make predictions about your interests and may provide you with advertisements, promotional materials and other materials.
5) Sharing with service providers: HashMax also may disclose your information to companies that provide services for or on behalf of us. Examples of these service providers include companies that provide hotline services, send email, or provide technical support on behalf of HashMax. The service providers can use your information only for the purpose of providing services to you on behalf of HashMax.
6) HashMax will share your information when there is a reasonable requirement to do so, for example, to meet requests of applicable law, regulation, legal process or enforceable government.
In scenarios 3 to 6, HashMax will ensure that the lawfulness of this sharing and sign stringent non-disclosure agreements (NDAs) and/or data processing clauses with the companies, organizations, and individuals with whom personal data is shared, requiring them to comply with this Policy and take appropriate confidentiality and security measures when processing personal data.
4. How HashMax Protects Your Personal Data
HashMax attaches great importance to the security of your personal data and has adopted standard industry practices to protect your personal data and prevent it from unauthorized access, disclosure, use, modification, damage, or loss. To this end, HashMax takes the following measures:
1) We take reasonable and feasible measures to ensure that the personal data collected is minimal and relevant to what is necessary in relation to the purposes for which they are processed. We retain your personal data for no longer than is necessary for the purposes stated in this Policy and privacy notice of specific product or service, unless extending the retention period is required or permitted by law.
2) We use a range of technologies such as cryptographic technologies to ensure the confidentiality of data in transmission. We implement trusted protection mechanisms to protect data and data storage servers from attacks.
3) We deploy access control mechanisms to ensure that only authorized personnel can access your personal data. In addition, we control the number of authorized personnel and implement hierarchical permission management on them based on service requirements and personnel levels.
4) We strictly select business partners and service providers and incorporate personal data protection requirements into commercial contracts, audits, and appraisal activities.
5) We hold security and privacy protection training courses, tests, and publicity activities to raise employees’ personal data protection awareness.
HashMax is committed to protecting your personal data. Nevertheless, no security measure is perfect and no product, service, website, data transfer, computing system, or network connection is absolutely secure.
To cope with possible risks, such as personal data leakage, damage, and loss, HashMax has developed several mechanisms and control measures, clearly defined the rating standards of security incidents and vulnerabilities and corresponding processing procedures. HashMax has established a dedicated emergency response team to implement security planning, loss reduction, analysis, locating, and remediation, and to perform tracking operations with related departments based on security incident handling regulations and requirements.
If any personal data incident occurs, HashMax will notify you, pursuant to relevant legal and regulatory requirements, of the basic information about the security incident and its possible impact, measures that HashMax has taken or will take, suggestions about active defense and risk mitigation, and remedial measures. The notification may take the form of an email, text message, push notification, etc. If it is difficult to notify data subjects one by one, we will take appropriate and effective measures to release a Security Notice. In addition, we will also report the handling status of personal data security incidents as required by supervisory authorities.
5. How You Can Manage Your Personal Data
1) Access, rectification, deletion, data portability, restriction of processing, objection to processing.
Legislation in some countries and regions to which HashMax provides products and services or from where HashMax processes personal data, provides that data subjects the rights request (hereinafter referred to as “requests”) in regards to the accessing, rectifying, deleting or erasure, porting, restricting, and objecting, the processing of related personal data by HashMax retains.
A. Requesting modes and channels
Data subjects’ requests must be submitted in accordance with HashMax designated privacy channels. The requests are valid even when the requester does not specify the laws on which the requests are based.
If you would like to request access to your personal data held by us or if you believe any information we are holding on you is incorrect or incomplete, please submit your request to our online service. A copy of your personal data collected and processed by us will be provided to you upon your request free of charge. For any extra requests of the same information, we may charge a reasonable fee based on actual administrative costs according to the applicable laws.
B. Validity of requests
Most laws require data subjects to comply with specific requirements when they initiate requests. This Policy requires data subjects to:
Submit requests to our online service.
Provide sufficient information for HashMax to verify their identities (to ensure those who initiate the requests are the data subjects themselves or those authorized by them).
Ensure that their requests are specific and feasible.
There are some circumstances, provided by laws and regulations, in which HashMax may not have to comply with the request in full or at all.