Nanjing i4U Software Technology Co., Ltd. (“i4U”) engages in cloud service software product operated and sold by the data center located in the People’s Republic of China (excluding Hong Kong, Macao and Taiwan). This statement applies to the said service and any other i4U services displayed by or linked to this statement. Such services are collectively called “service” in this statement.

Article 1 Definition of client

1.1 Client: Individuals or legal entities that, directly or through agent partners of i4U, in different privacy rights, purchase, subscribe for or use products or services of i4U or any other products or services of a third party for which i4U acts as an agent.

Article 2 Definition of client data

2.1 Client data refer to all the data provided to i4U by client and its end users in service use or provided in the name of client and include all the texts, audio files, software and photo files, but do not include configuration, technology configuration or service record information.

2.2 Client data are confidential information and client always has their ownership. i4U (and any subcontractor employed by i4U based on this Agreement) is entitled to obtain and use client data for the purpose of performing obligations of this Agreement within the Agreement term. When this Agreement expires or terminates in advance for any reason, i4U will return all client data held by i4U in both machine readable format and medium under the premise of meeting i4U’s record maintenance provisions, but related fees shall be undertaken by client. i4U shall never use client data for any purpose other than performing services of this Agreement.

Article 3 Applicable provisions of privacy law

3.1 Client and i4U hereby clarify and acknowledge that client will, in all applicable laws related to data privacy, personal data, cross-border data flow and data protection (collectively called “Privacy law”), always act as custodian of client data and have the right to process data for any purpose and in no way shall this Agreement restrain or limit client’s rights or obligations as client data owner and/or custodian (only limited for purposes mentioned above). As client data custodian limited for purposes above, client will, as per provisions of this Agreement, direct i4U as to how to process client data. Both parties further clarify and acknowledge that related privacy laws may stipulate special obligations on i4U, which, as client data handler, accepts such obligations within the necessary limit and agrees to accept such obligations as an important part of this Agreement service. Suppose privacy law binding upon expected activities of this Agreement is amended or new privacy law applicable to such activities is promulgated, i4U will, in coordination with client, carry out the amended or promulgated privacy law.

3.2 i4U only uses client data in providing service. This possibly includes troubleshooting (preventing, monitoring or solving problems affecting service operation) and function improvement, for example monitoring and protecting users from new and derivative threats.

3.3 Client data will be only saved in the data center in China. In limited circumstances, when it’s necessary to perform troubleshooting of client support events or solve technical problems, i4U may authorize its affiliated party, supplier or subcontractor outside China to have access to client data. i4U will monitor such access and stop such access when problems are solved.

3.4 Unless indicated by client or according to client agreement, the description in this privacy statement, or applicable laws and regulations, i4U will not disclose client data, administrator data or payment data (generally called “client information”) to any third party other than an affiliated party of i4U.

3.4.1 i4U will, from time to time, entrust other companies, whether in China or outside China, to provide technologies or services (for example client support) in the name of i4U. i4U may allow such companies to have access to client information whenever necessary for their provision of the said technologies or services. However, such companies will be required to keep client information confidential and forbidden to use client information for any purpose other than serving Party A.

3.4.2 If necessary to disclose client data to a third party, unless prohibited by laws, i4U shall make all commercially reasonable efforts to notify client of such disclosure in advance.

3.4.3 i4U may share administrator data or payment data with a third party, whether in China or outside China, in order to prevent fraud or facilitate payment transaction.

3.4.4 This service enables client to purchase, subscribe for or use service, software and content of companies other than i4U (hereinafter referred to as “the third party product”). If client purchases, subscribes for or uses the third party product, i4U will provide the third party with client’s administrator data or payment data, so that the third party can supply its product to client (send promotion message to client on the basis of client’s contact information preference). Such contact information and client’s use of the third party product will be limited by privacy statement and policy applicable to third party.

3.4.5 Without prior written consent of client, i4U will not make material response to request of client’s end users for data protection and privacy.

Article 4 Law observance

4.1 Client acknowledges that, according to laws and regulations of China, internet information service provider shall not make, duplicate, release or disseminate information conveying the following content (“forbidden content”). Suppose Party A finds that information released by client in its website is forbidden content, Party A shall immediately stop the release, keep related records and report to competent state organ. The following information is forbidden content:

4.1.1 Information that goes against fundamental principle determined by the constitution;

4.1.2 Information that endangers national security, reveals state secrets, subverts state power and undermines national unity;

4.1.3 Information that damages state honor or interest;

4.1.4 Information that incites ethnic hatred or ethnic discrimination or undermines ethnic unity;

4.1.5 Information that undermines national religious policy or promotes the cults or superstitions;

4.1.6 Information that spreads rumors, disturbs the social order or undermines social stability;

4.1.7 Obscene, pornographic, gambling, violent, murder or terrorist information or information that instigates others to commit a crime;

4.1.8 Information that insults or slanders others or infringes upon other people’s legitimate rights and interests;

4.1.9 Information that contains something that is prohibited by laws and administrative regulations.

Article 5 Preview release

5.1 i4U preview, test or other prerelease service (collectively called “Preview”) is selective evaluation version provided by i4U before normal release to get user feedback. This section describes different or additional clauses:

5.1.1 Administrator data: i4U may contact clients to obtain their feedback about preview or their wills of continuous use after normal release.

5.1.2 Client data: i4U may use client data obtained from preview to improve preview, service and i4U related product and service.

5.1.3 Safety: Preview may take safety measures less seen in or different from present typical service. Some data may be very sensitive to client and client’s organization, so it’s possible to require the safety measure level not provided in the preview.

Article 6 Change of data security and privacy statement

6.1 i4U will, from time to time, update our privacy statement to reflect user feedback and our service change. When releasing changed privacy statement, Party A will update the “latest update” date on the top of this statement. In case of any material changes to this statement or Party A’s method of using client information, Party A will, prior to such change’s becoming effective, notify clients by making an announcement or issuing a notice to clients. Party A encourages clients to periodically review the privacy statement of products and services used by them; as a result, they can understand how Party A protects client information.