The AGIBOT entity identified in the table below (“we” or “AGIBOT” ) and its affiliates and subsidiaries, are responsible for processing your personal data in the course of providing products and services (“products and services”) to you through our remote operation & deployment platforms, including AimMaster, AimOMP and Agibot Go apps, websites, software, and related services, accessed via any platform or device, that link to this Privacy Policy. We are committed to protecting your personal data and to respect your privacy.

The purpose of this Privacy Policy (“Policy”) is to provide you with the information, in accordance with the applicable laws and regulations, on our practices regarding the collection, use and sharing of personal data that you provide to us. For the purposes of this Policy, “personal data” shall have the meaning ascribed to it by applicable laws, and typically refers to any information relating to an identified or identifiable natural person, including in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This Policy will help you understand the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. Please read this Policy carefully before using our products or services.

We provide a large variety of products and services, and this Policy may not address all possible data processing scenarios. We may inform you of data processing scenarios related to specific products and services through corresponding privacy policies. Such privacy policies describe in detail how we process your data when you use these products or services. If there is any conflict between this Policy and the privacy policy for a specific product or service, the specific privacy policy shall prevail.

We may directly or indirectly collect personal data when you use our products and services, or when you interact with us. Your personal data with us is obtained from various sources. This includes: (a) data provided by you or sources authorized by you, such as our affiliates or partners; (b) information generated through your use of our products and services; (c) information obtained from legally and publicly available sources.

In accordance with the applicable laws and regulations, we follow the principles of lawfulness, legitimacy, necessity, and integrity, collect only the personal data necessary for the implementation of product functions, and use the collected personal data for explicit purposes only. You will be informed whether you have to provide certain personal data that are required for the establishment and implementation of a business relationship and for the fulfillment of the associated contractual obligations or for the processing of which we are legally obligated. Please note that without the provision of such personal data, access to certain products and services of ours may be impossible.

The specific processing activities set out below depend on the products and services you actually use. The processing of personal data includes the following:

1. Account Registration and Login

To fully use our products and services, you need to first register a user account. During the registration or login process, we may collect the relevant personal data you provide by filling in forms or through other means, including your username, user ID, password, device identifier, email address, and contact number. We may verify your identity by sending a text message or email. To ensure the security of your personal information, please do not transfer or lend your account to others.

Where applicable, the above processing is based on the performance of contract.

2. Project Management

To help you create a project, we may collect your country/region, address, and deployment personnel and sales personnel information you provide.

To display and help you manage project administrator information, we may collect the administrator’s name, mobile number, login account, role permissions, message notifications, creation time, and operation information.

To help you manage project delivery information, we may collect the delivery personnel, delivery time, and delivery note.

Where applicable, the above processing is based on the performance of contract.

3. Settings Management

To help you manage the log list, we may collect the robot SN code, file name, collection time and sample text, creation time, and operation information.

Where applicable, the above processing is based on the performance of contract.

4. Trace R&D Testing

To provide you with the Trace R&D testing feature, we may collect the device number, tenant, session ID, session status, session text, and response text.

Where applicable, the above processing is based on the performance of contract and our legitimate interests.

When you choose to upload facial information, create a knowledge base, or input knowledge points and related materials, you shall ensure that such information is obtained from lawful sources and that you have obtained the explicit consent of the relevant rights holders to authorize us to conduct necessary analysis and processing of such information on this platform. If the information you import infringes upon the personal information rights and interests of any third party, you shall bear the corresponding legal liabilities. We do not assume any obligation to review the legality of the information you import; however, upon receiving a complaint from a rights holder, we reserve the right, in accordance with applicable laws and regulations, to delete the relevant content and suspend the provision of related services.

5. Customer Service Communication

When you contact us, we may collect and retain your call records and content, or the contact information you leave, in order to contact you, help resolve your issues, or record the handling methods and results of related matters.

Where applicable, the above processing is based on the performance of contract.

6. Product and Service Optimization and Continuous Development

We may use the information collected to improve our products and services, and to carry out necessary business operations and analytical research, such as operating products or providing services, evaluating, maintaining, and improving the performance of products and services, developing new products and services, and providing customer support. To improve our products and services, we may also conduct statistical analysis of product usage. At the same time, we may share these statistical analysis results with the public to demonstrate overall usage trends of our services, provided that such statistical analysis results do not contain any of your personal information.

Where applicable, the above processing is based on the performance of contract and our legitimate interests.

Your personal data will not be used for automated decision-making, including profiling.

1. The retention period of personal data collected by us shall be the shortest time necessary to realize the purpose specified herein, unless a longer retention period is required by laws and regulations. Your personal data will be deleted or anonymized after the aforementioned retention period expires.

2. Where part or all of our products or services disabled for special reasons, we will inform you in time, stop collecting and processing your personal data on related products or services, and delete or anonymize the personal data of the related products or services, unless otherwise stipulated by laws and regulations.

We may share your personal data inside the company if it is necessary to provide services in a timely manner. We will not share your personal data with other companies, organizations or individuals, except in the following cases: (1) Such sharing is necessary for us to fulfill legal obligations or responsibilities; (2) Such sharing is necessary for the conclusion and performance of your contract as a party; (3) Such sharing is intended to protect the health of natural persons and the safety of their property in case of public health emergencies, or other emergencies.

We may share your personal data with the following categories of recipients:

1. AGIBOT Affiliates and Subsidiaries

Access to your personal data may be provided to staff of AGIBOT affiliates and subsidiaries. Such staff abide by statutory, and when required, additional confidentiality agreements.

2. Business Partners

We may also share necessary personal data with our business partners in accordance with the principle of minimization to provide the related services. We will require our business partners to strictly comply with our measures and requirements for data privacy protection to ensure your privacy security. If an authorized partner needs to use your personal data for an unauthorized purpose, it will seek your prior consent.

3. Service Providers

We involve external service providers such as IT service providers, marketing agencies, customer service providers and other advisors or service providers working on AGIBOT’s behalf. We have carefully selected these service providers and monitor them regularly, in particular their careful handling and safeguarding of the data stored with them.

4. Law Enforcement and Government Authorities

To fulfil our legal obligations, we may be required to disclose information in response to subpoenas, court orders, or lawful requests from government authorities conducting investigations. This includes compliance with law enforcement requirements, regulatory inquiries, and the verification or enforcement of our policies and procedures. We may also disclose information in emergencies to prevent or halt potentially illegal, unethical, or legally actionable activities. When we receive a request for personal data from a law enforcement authority, we assess the necessity and proportionality of the requested information.

Where relevant, we will sign strict confidentiality agreements with companies, organizations and individuals receiving your personal data and require them to use your personal data in strict accordance with this Policy and take relevant confidentiality and security measures to process your personal data.

We will, where reasonably practicable, store your personal data within the region in which you are located. For example:

If you are located in the European Union, your personal data will be stored in the EEA region.

If you are located in North America, your personal data will be stored in the United States.

If you are located in the Middle East, your personal data will be stored in Dubai, UAE.

If you are located in Southeast Asia, Hong Kong SAR, Macao SAR or Taiwan region, your personal data will be stored in Singapore;

If you are located in Japan or South Korea, your personal data will be stored in Tokyo, Japan.

In exceptional circumstances, technical personnel located in the People’s Republic of China may be engaged for the purpose of troubleshooting, technical support and service improvement. In such cases, we will ensure that any access to and processing of your personal data is limited to what is strictly necessary for the relevant purpose.

Regardless of where your personal data is processed, when required by applicable laws, we will ensure that the recipients provide an adequate level of protection for your personal data using various means, which include without limitation a binding agreement which providing an adequate level of protection, obtaining data subject consent or relying on other legal bases.

Our websites, products, applications, and services may contain links to third-party websites, products, and services. You can choose whether to visit or accept websites, products, and services offered by third parties. We have no control over third-party privacy and data protection policies as such third parties are not bound by this Policy. Before you submit Personal data to third parties, please refer to their privacy policies.

We attach great importance to the security of your personal data and will use reasonable security measures (including technical and organizational measures) to protect your personal data against improper use, as well as unauthorized access, disclosure, use, alteration, damage, loss, or leakage.

You acknowledge and understand that, despite our implementation of reasonable and effective security measures and compliance with applicable legal requirements, due to technological limitations and the existence of potential malicious means, it is not possible to guarantee the absolute security of information at all times.

In the event of a personal data security incident, we will, in accordance with applicable laws and regulations, promptly inform you of the basic circumstances of the incident and its potential impact, the measures we have taken or will take in response, suggestions you may adopt to prevent or mitigate risks, and the remedial measures available to you. We will notify you of relevant information regarding the incident in a timely manner via push notifications, email, post, SMS, or other appropriate means. Where it is difficult to notify individuals on a case-by-case basis, we will issue announcements in a reasonable and effective manner. We will also report the handling of such incidents to the relevant regulatory authorities as required by applicable laws and regulations.

We respect your rights to your Personal data. To the extent provided by applicable data protection laws, you may have the following right(s):

(1) Right to access. You are entitled to know how we process your personal data and access the personal data we store; 

(2) Right to reject. You have the right to object to or restrict our processing of your personal data in special cases. Even if you object to or restrict our processing of your personal data, we are still obliged to continue processing your personal data and reject your request where it is explicitly required under the applicable laws and regulations; 

(3) Right to rectify. You may request to correct the incomplete or inaccurate personal data about you that we store; 

(4) Right to erasure. You may request to delete your personal data. Please note that where it is required by laws, we are obliged to retain your personal data even if you require us to delete it; 

(5) Right to restrict data processing. You have the right to restrict the processing of your personal data in specific circumstances;

(6) Right to data portability. You have the right to receive your personal data in a structured, machine-readable format for your own purposes, or to request us to share it with a third party;

(7) Right to withdraw consent. Where we have asked for your consent to process personal data, you may withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

(8) Right to complain. You have the right to lodge complaints to the related regulators if there is any objection to our personal data processing activities or this Policy.

(9) Right not to be subject to automated decision-making. You shall have the right not to be subject to automated decision-making, which will affect you to a substantial degree. You also have the right to review your personal data used for automated decision-making, to question the results, to be informed of the reasons of the resulting decision, and to be informed of what actions you can take to secure a different decision.

The way in which you exercise rights depends on the specific product or service you use. In addition, you may contact us through the information set out in the Section XII. As a general rule, we provide responses to the exercise of your rights free of charge. However, we may need to charge a reasonable fee if the request is manifestly unfounded or excessive, or if necessary and unavoidable costs are incurred. We will ensure the security of your personal data when you exercise the rights.

In addition to the above rights, we kindly remind you that you are also subject to certain obligations under applicable laws. The protection of personal privacy and data security is a joint effort, achieved by fulfilling our respective responsibilities.

We understand the importance of protecting minor's privacy. In particular, our services are not directed at, marketed to, nor intended for minors (as defined under applicable laws). We do not knowingly collect, use, sell, share or disclose the personal data of minors. If we collect the personal data of minors on an occasional basis, we will delete the relevant information as soon as possible after verification. If you find that we have collected the personal data of minors during your usage of our products and services, please contact us through the contact information published in this Policy. Upon receipt of your notice, we will verify it in a timely manner and delete relevant information after verification.

To ensure the normal and efficient operation of our products and services, to provide you with smoother access experience, and to recommend content that may be of interest to you, we place small data files called "Cookies" on your device. Cookies help recall your information on subsequent visits to our website, simplify the process of entering personal details, provide you with personalized settings such as secure shopping preferences, and protect your data security, among other functions. We will not use Cookies for any purposes other than those described in this Policy. You can manage or delete Cookies according to your preferences. You have the right to accept or refuse Cookies. You may clear all Cookies stored on your computer or mobile device. Most web browsers automatically accept Cookies, but you can usually modify your browser settings to refuse Cookies according to your needs. Please note that if you choose to clear all Cookies stored within the software, you may not be able to fully experience some of the convenient and secure service features we offer.

In addition to Cookies, we may use other similar technologies on our websites, such as web beacons and pixel tags (also known as clear GIFs). These technologies help us count users who visit our web pages or open emails and links, allowing us to understand your preferences and usage patterns in order to improve our services and user experience.

This Policy is subject to updates or revisions from time to time. If this Policy is revised, we will release the latest version in a timely manner and publish it in a noticeable place on our official website. For major changes, we will also provide more noticeable notifications. For any changes to the purposes, methods, and types of personal data to be processed for specific products and services, we will seek your consent again prior to processing your data.

This Policy allows adjustments. However, without your express consent, we will not diminish your rights under this Policy. If you do not agree to the above Privacy Policy, we will not be able to collect and use the information necessary to provide the service, and will not be able to provide you with services normally.

If you want to assert your rights, propose suggestions or have any questions, except as expressly set out in Section XIII, please contact us through the following details:

Where AGIBOT is subject to privacy requirements in the EU/EEA: 

Where AGIBOT is subject to the requirements of General Data Protection Regulation (GDPR), the following applies:

1. International Transfer

In principle, the personal data we process is stored in the EEA. In some cases, we may transfer personal data to recipients located outside the EEA and your personal data will be processed in the People’s Republic of China. In such cases, we ensure before the transfer that either the data recipient provides an adequate level of data protection or we use the EU standard contractual clauses to contractually require the data importer to ensure a level of data protection consistent with the one in the EEA to protect your personal data. If you would like to have an overview of the safeguards which are in place, please submit a request through the following contact information.

2. Contact Information  

AGIBOT’s representative in the EEA is William S (William@agibot.com).

You may reach AGIBOT’s data protection officer via Jérôme DEROULEZ (privacy@agibot-global.com).

Where AGIBOT is subject to privacy requirements in the United States of America:

Where AGIBOT is subject to the requirements of the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Acts of 2020 (CPRA), and California Consumer Privacy Act Regulations (CCPR), the following applies:

1. Collection of Personal Data within the Last Twelve (12) Months

We have collected the following personal data from your using our services and products within the last twelve (12) months.

2. Personal Data that has been Sold or Shared within the Last 12 Months

In the preceding 12 months, we have not sold or shared your personal data.

3. Personal Data that has been Disclosed for a Business Purpose within the Last 12 Months

In the preceding 12 months, we have disclosed your personal data for business purpose to third parties, as described in the “Who Will We Share Your Personal Data With” section of this Privacy Policy.

4. Your Rights to Your Personal Data

In addition to the personal data rights enlisted in Section VII above, you are also entitled to the following：

ž Right to Opt-Out - of sale or sharing of personal data to third parties, targeted advertising, profiling, automated decision making, collection of sensitive personal data, or collection of personal data through the operation of a voice or facial recognition.

ž Right to Restrict Sensitive Personal Data — to limit the use and disclosure or to opt-out.

ž Right to not be discriminated against for exercising your privacy rights.

Where AGIBOT is subject to privacy requirements in South Korea:

Where AGIBOT is subject to the requirements of the Personal Information Protection Act (PIPA) and Enforcement Decree of PIPA (Enforcement Decree of PIPA), the following applies:

1. Processing and Retention Period of Personal Data

In principle, your personal data is retained pursuant to the storage mechanisms and the criteria established for determining retention periods, as set out in Section II above. More specifically:

ž Information on account registration and login: deleted upon account termination;

ž Information on project management: deleted upon service termination, or retained for 6 months;

ž Information on settings management: deleted upon service termination, or retained for 6 months;

ž Information on trace R&D testing: deleted upon service termination, or retained for 6 months;

ž Information on customer service communication: deleted without delay once the purpose is achieved, or retained for one month;

ž Information on product and service optimization and continuous development: retained for 5 years after service use ends.

2. Provision of Personal Data to Third Parties

We may provide your personal data to the recipients listed in Section III above. We contractually oblige them to use the data only for a period strictly limited to what is necessary for the processing purposes, and to engage sub-processors only upon our prior authorization. You may contact us to review relevant information about our processors and sub-processors.

Specifically, we may provide the following categories of personal data to the recipients:

ž Alibaba Cloud (Singapore) Private Limited: personal data listed in Section I, for the purpose of cloud storage.

ž Zhiyuan Innovation (Shanghai) Technology Co., Ltd.: personal data listed in Section I, for the purpose of troubleshooting, technical support and service improvement.

3. International Transfer

The personal data that has been collected in the data processing activities listed in Section I that involves cross-border data transfer may be transferred through the following mechanism:

ž Legal basis:Art.15①4 of Personal Information Protection Act (‘conclusion and performance of contract’)

Categories of Personal Data Transferred: personal data listed in Section I

Recipient Country(s): Japan

Method and Timing of Transfer: transferred remotely via secure network connections (including leased lines) upon commencement of service use

Recipient(s): Alibaba Cloud (Singapore) Private Limited( DPO_Intl@alibabacloud.com )

Purpose of Use: cloud storage 

Retention Period: the same as the retention period for personal data

ž Legal basis: Art.15①4 of Personal Information Protection Act (‘conclusion and performance of contract’)

Categories of Personal Data Transferred: personal data listed in Section I

Recipient Country(s): the People’s Republic of China

Method and Timing of Transfer: transferred remotely via secure network connections (including leased lines), on an as-needed basis when technical or service-related issues arise

Recipient(s): Zhiyuan Innovation (Shanghai) Technology Co., Ltd. (privacy@agibot.com )

Purpose of Use: troubleshooting, technical support and service improvement

Retention Period: deleted without delay once the purpose is achieved

Where AGIBOT is subject to privacy requirements in Japan:

Where AGIBOT is subject to the requirements of the Act on the Protection of Personal Information (APPI), Enforcement Decree of APPI and Enforcement Regulations of APPI, the following applies:

1. International Transfer

In principle, the personal data we process is stored in Japan. In some cases, we may transfer personal data to recipients located outside Japan and your personal data will be processed in the People’s Republic of China. In such cases, we confirm that the recipients have in place a personal data protection framework and you may contact us to review the relevant data protection frameworks of these recipients through the following contact information. We also require them to implement appropriate safeguards to protect the security of your personal data.

2. Contact Information

The legal representative of Agibot K.K. is Zhang He. 

Where AGIBOT is subject to privacy requirements in Singapore:

Where AGIBOT is subject to the requirements of the Personal Data Protection Act 2012 (PDPA) and Personal Data Protection Regulations 2021 (PDPR), the following applies:

Contact Information:

As to questions about the collection, use or disclosure of the personal data in Singapore, you may contact our dedicated personnel through Kelvin Lou (privacy@agibot-global.com).

Where AGIBOT is subject to privacy requirements in Hong Kong SAR:

Where AGIBOT is subject to the requirements of the Personal Data (Privacy) Ordinance (PDPO), the following applies:

Direct Marketing means the offering, or advertising of the availability, of goods, facilities or services, or the solicitation of donations or contributions for charitable, cultural, philanthropic, recreational, political or other purposes, through direct marketing means.

We do not use your personal data for direct marketing, or provide the personal data to third parties for use in direct marketing; however, we are required to let you know that you have the right to opt-out for use of your personal data for direct marketing or certain profiling, should we ever engage in such activities as defined by the PDPO.