Your privacy is critically important to us. At Glodon, our fundamental philosophy is “users first”. That value powers all of the decisions we make, including how we collect, use, share, store and respect your personal information. Since this Privacy Policy is closely related to Services (defined as below) we provide, please read this Privacy Policy carefully and make appropriate choices if necessary.

We've crafted this Privacy Policy below to be as clear and straightforward as possible. Our aim is for you—our users—to always feel informed and empowered with respect to your privacy on Glodon.

For customers from Europe: this Privacy Policy complies with principles set in General Data Protection Regulation (Regulation (EU) 2016/679). Privacy Policy is available on our homepage https://account.global.glodon.com/privacy.

For customers from Singapore: this Privacy Policy complies with principles set in Singapore Personal Data Protection Act 2012 (PDPA).

For customers from Malaysia: this Privacy Policy complies with principles set in Personal Data Protection Act (PDPA 2010).

For customers from Indonesia: this Privacy Policy complies with principles set in Personal Data Protection Law (PDPL).

1. Important Information and Who We Are

● When this Privacy Policy Applies

Our Privacy Policy applies to our websites located at [https://account.global.glodon.com] and other websites operated by us through which our Services are provided (“Sites”), our mobile device applications (“Apps”), and our software products available for use via the Apps or via installation on personal computers (collectively, the “Products”). This Privacy Policy applies to only those websites, products, services and applications included within the “Services”, including but not limited to our official website, User Center, Transaction Platform, CAD Reader, Gsite, Cubicost’s products, XieZhu, Glodon Dongle Programs, and Authorization Platform, Encryption Authorization Platform.

It is important that you read this Privacy Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.

Unless otherwise prescribed in the Privacy Policy, the terms in the Privacy Policy shall have the same implications with the terms in the Glodon Account Agreement (if any).

Please note that the Privacy Policy doesn’t apply to the following cases:

• The information collected by any third party service (including any third party website) through our services;

• The information collected by other companies or institutions that provide advertising services through our services.

In such circumstances, you should refer directly to the Privacy Policies for the relevant third party.

● Purpose of this Privacy Policy

This Privacy Policy aims to give you information on how Glodon collects, stores and processes your personal data through your use of Services, including any data you may provide through our Services.

● Data Controller

Glodon Company Limited is the controller and responsible for your personal data (collectively referred to as "Glodon", "we", "us" or "our" in this Privacy Policy).

● Contact Details

If you have any questions about this Privacy Policy or our privacy practices, please contact us in the following ways:

Full name of legal entity: Glodon Company Limited

Email address: G-data-security@glodon.com

Postal address: E-13,10 Xibeiwang East Road, Haidian District, Beijing, China

● Changes to the Privacy Policy

Our Privacy Policy may change from time to time, and these changes may constitute only a part of the Privacy Policy. If the changes are significant that may affect your rights, we will provide more prominent notice on our home page or inform you by sending emails, or through other means before the amendment takes effect. Under such circumstances, if you continue to use our services, you will be considered agreed with our revised Privacy Policy.

● Third Party Links

Our Services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policy. You shall use these links at your own discretion. When you leave our website, we encourage you to read the privacy policy of every website you visit.

2. The Data We Collect about You

Personal data, or personal information, means any information about an individual, from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We collect the following information about you:

● Basic Registration Information

If you create an account in connection with your use of any of Services (“Account”), either through our Sites or when you download and install our Products, you need to provide your email address. To use our Services, you may also provide name or nickname, gender, birthday, company, address, Government ID number, phone number, etc. If you enter into a project via our Services, your project administrator may provide us with your department and role, or change the name you provided.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

● Information Related to Transactions

When you purchase our products or subscribe to our Services online (including on behalf of your company), your payment will be directed to third party online payment service providers to proceed your payment, and we will not collect your information relating to the transaction such as your credit and debit card information, your passcode of online payment. In such circumstances, you should refer directly to the Privacy Policies for the relevant third party service provider for detailed information about how your data relating to the transaction will be processed by them.

To verify your purchase of our Products or your subscription to our Services, we will only collect information, including the payment amount, the Products purchased or Services subscribed, your mailing address, and your company information.

● Information Related to Use of the Services

Our servers automatically record certain data about how you uses our Services (“Log Data”) when you install, activate, update, uninstall or relevant Products or Services. Log Data may include certain data such as your registration time and date, your use of our services, the access date and time, your IP address. We use Log Data to administer the Services and we analyze (and may engage third parties to analyze) Log Data to improve, customize and enhance our Services. We may use Aggregated Data such as statistical data to improve our Service.Aggregated Data could be derived from your and others’ personal data but is not personal data as such data will not directly or indirectly reveal your or others’ identities. For example, we may aggregate your Log Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this Privacy Policy.

For enjoying some specific services, you may provide your information. For example, if you want to get a demo, become our partner or know more information in our official website, you shall provide your name, email address, telephone number, country, department and role, company name and other requirements to make sure that we can contact you and send you information regarding our products and services.

If you are an administrator for enterprise users, you will need to provide your mobile phone number for binding and authentication when first turn on the two-factor authentication. You cannot conduct two-factor authentication if you do not provide your mobile phone number. If you are an end user and your enterprise administrator has applied for and activated the two-factor authentication, you will need to provide your mobile phone number for binding and authentication when logging in for the first time. You cannot use the two-factor authentication function normally if you do not provide your mobile phone number. Your mobile phone number and verification code are required for subsequent login. To turn off the two-factor authentication, please contact the enterprise administrator for application and operation.

We need to access your camera and photo album to collect real-time images or audio-visual information from your album to support features such as QR code login, updating personal avatars, and other basic functions. Additionally, some of the business scenarios, such as issues, site diary and album, require these permissions to complete necessary business operations.

● Information Related to the Device

We may collect certain data sent by your device when you use our Services, such as internet protocol (IP) address, MAC address, operation system, the browser type and the language used as well as the CPU, screen resolution, graphics processing unit, memory, hardware drive, serial number of hard drive, browser, Uniform Resource Locator, International Mobile Device Identity (IMEI) of the mobile phone, unique user ID of our Services.

● Information Received from Our Partners and Other Third Parties

We also may link your subscription information with the data we receive from our partners or other third parties (such as Google Analytics, etc.), including but not limited to user ID, domain, the access date and time, new visitor or returning visitor, data sources, to help smoothly facilitate our Services for you, to better understand your needs and to provide you with better Services experience.

● Information Collected Using Cookies and Other Web Technologies

Cookies and anonymous identifiers. The main function of Cookies is to facilitate your use of the Site and/or Services and to help the website to count the number of unique visitors.

Cookies will be sent to your device when you use our Services. We also allow Cookies or the anonymous identifiers to be transmitted to Glodon’s server when you interact with the Services we provide for our partner (such as advertisement and promotional services as well as service functions provided by Glodon that may appear on other sites).

You can choose to turn off Cookies by modifying browser settings. If you choose to turn off Cookies, you may be unable to log in or use the Glodon services or functions that rely on Cookies. If you don’t want Glodon to provide you with personalized promotion information based on Cookies when you visit the Glodon website, you can customize Cookies settings in your browser.

We use Google Analytics tools to better understand how you interact with our online Services. You can opt out from Google Analytics here at (https://tools.google.com/dlpage/gaoptout).

● If you Fail to Provide Personal Data

Where we need to collect personal data by law, or under the terms of a contract we have with you or your employer, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with Products or Services). In this case, we may have to cancel a Product or Service you have with us but we will notify you if this is the case at the time.

3. How We Use Your Information

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• To enter and perform a contract with you or your employer to provide the Services, or to perform any steps you require from us before entering into a contract to provide the Services.

• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We may use your personal information in our legitimate interests to improve our Services, contact you, handle, update and manage our customer register, conduct research, profiling, to fulfil your requests for Products and Services, identify you when you login to your account, to verify your transactions, for purchase confirmation, billing, security, and authentication, as well as for other purposes which are in our legitimate interests and of which we will inform you if different from those listed.

• Where we need to comply with a legal obligation.

4. Data Profiling

We will use your personal data collected through our Services, including account information, log data, device data, etc. to conduct data profiling. We conduct the data profiling to improve our Services, and you have the right not to be subject to such data profiling. To exercise you right, please contact us as the way we stated in “7. Your Rights in Relation to Our Use of Your Information”.

5. Information We Share

Without asking for your consent in advance, we will not share your personal information with any third party except in the following cases:

● Information Shared with Our Services Providers

We may share your personal data with our affiliated companies, partners, third party service providers, contractors and agencies (such as communication service providers that send emails or push SMS notifications on behalf of Glodon, and map service providers like Google Map that provide location data for us; some of them may not be located in your country) for the following purposes: (i) to provide our services for you; (ii) to achieve the targets stated in “The Data We Collect about You”; (iii) to fulfill our obligations or to practice our rights mentioned in User Agreement or Privacy Policy; (iv) to provide, maintain and improve our services.

We will take the required steps to make sure the third party would comply with the standards required by this Privacy Policy, so that they would use your personal information in an appropriate and secure way.

● Information Disclosed in Connection with Business Transactions

Since we are still rapidly expanding our business, Glodon may conduct mergers, acquisitions, asset transfers or similar transactions. Your personal data may be transferred as a part of a transaction, of course we would inform you these possible transactions in advance where we are able to do so.

● Information Required by Law

Glodon cooperates with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to respond to claims, legal processes (including subpoenas); (ii) to protect our property, rights and safety and the property, rights and safety of a third party or the public in general; and (iii) to stop any activity that we consider illegal, unethical or legally actionable.

● Other Data Shared with Third Parties

We may share aggregated data and non-personal data with third parties for industry research and analysis and other similar purposes.

In addition, we may share your information with companies in the same group as us, as well as other third parties with your consent and/or of which we have informed you. We do not transfer, share, disclose, assign, sell or rent your personal information to third parties, which are not in connection with our business operations.

6. Information Security, Storage and Data Transfer

We only keep your personal information for the purposes stated in the Privacy Policy within the necessary period and time limit permitted by laws and regulations.

Your personal data will be stored on servers provided by our service providers, which are distributed in Frankfurt, Singapore, and China. If you are a European customer or use a European product, your data will be stored on a server located in Frankfurt. If you are a Chinese customer or use a product from China, your data will be stored on a server located in China. If you are not a customer in Europe and China or are not using products from Europe and China, your data will be stored on a server located in Singapore. No matter where we are, we will strictly abide by the relevant laws and regulations of the corresponding countries and regions to protect your personal information and related data.

We use various technologies to protect your information from being lost, being misused, unauthorized access or leaking. For instance, we use encryption techniques (such as SSL) in some services to protect the personal information you provide. However, please understand that due to limit of technology and various possible malicious means in the internet industry, we cannot guarantee 100% information security all the time even though we try our best to enforce security measures. Besides, you need to understand that when you access to the system and the communication network applied for using our services, problems may occur due to factors out of our control,that Glodon employs two-factor authentication as an additional layer of protection to ensure the security of online services.

Personal information included in the register may only be processed by such people that are in service of Glodon and its affiliated companies and have a justified need for the processing based on their work assignments. All people processing the register are bound by secrecy obligations.

• Data transfer basis (EEA and UK customers)

Transferring personal data out of the EEA requires an appropriate basis for the transfer and compliance with the other requirements imposed by data protection legislation. On July 16, 2020 the Court of Justice for the European Union (CJEU) reaffirmed the validity of Standard Contractual Clauses (SCC) as an appropriate legal mechanism to transfer personal data outside of the EEA. We have included SCC as a part of our data processing agreements with our European service providers MagiCAD Group AB and MagiCAD Group Ltd to ensure secure and compliant data transfer for our European customers.

7. Your Rights in Relation to Our Use of Your Information

You have rights under data protection law in relation to our use of your information, including to:

• Request access to your information;

• Update or amend your information if it is inaccurate or incomplete;

• Object to certain uses of your information (which includes direct marketing, data profiling, processing based on legitimate interests, and processing for purposes of scientific or historical research and statistics) on grounds relating to your particular situation;

• Request the deletion of your information, or restrict its use, in certain circumstances (for example you can request that we erase your information where the information is no longer necessary for the purpose for which it was collected unless certain exceptions apply);

• Request us to return the information you have provided to us, to use for your own purposes (often called your right to data portability) where the processing is based on your consent or for the performance of a contract, and such processing is carried out by automated means; and

• Lodge a complaint with the relevant supervisory authority.

If you have any question about these rights or you would like exercise any of them, please contact us by sending an email to G-data-security@glodon.com. You can exercise your right to access, update and delete your information either on our Apps and Products, or you could contact us and we will assist you to exercise your right. Additional details of how to get in touch are set out below.

Please note that if you decide not to provide us with the information that we request, you may not be able to access all of the features of the Services, including but not limited to the following:

● You may not able to download, install and/or use any of our Services and/or any of their updates and upgrades.

● You may not be able to subscribe to or log in to our Services, or make any purchase of affiliated Services.

● We may not be able to be aware of your problems with our Services, and we may not be able to adequately respond to your needs and proposals.

8. Our Policy towards Children

To protect children’s privacy and safety, we provide specific protection with regard to children’s personal data. Our Services are not directed to children under the age of 16 years and we do not intentionally or knowingly collect personal data from children. If you are a child under 16, you are not permitted to use and install our products or create your own Account, unless your parent provides verifiable consent.

Once a child downloads, installs or uses any of our Services, in whole or part, such action shall be deemed representing that his/her parents agree with our policies, terms and conditions including but not limited to this Privacy Policy.