- How we collect and/or use your personal information;
- How we protect your personal information;
- The rights you have on personal information;
- How we deal with children’s personal information;
- How your personal information transfer cross-border;
- How you contact us.
How we collect and/or use your Personal Information
- Scope and Rule in the Collection and/or Use
- Passively-collected Personal Information
You may access the Website and obtain related information in anonymous without providing your identity. In order to achieve basic operational functions of the websites, most browser will collect a limited range of necessary information. You shall authorize us to collect and/use such necessary information, including:
- Information related to your device or SIM card: for instance, device manufacturer information and model number, network operator and telecom carrier, browsing and operating system type, screen resolution, mobile device type and mark, and hardware infrastructure configuration data and use-related information.
- Log information: information related to your use of certain features and browsing of information on the Website, such as network requests, standard system logs, error and default records, and activity time of the service.
- IP address: The IP of the computer you use is automatically assigned by your Internet Service Provider (ISP). When you visit a website, the server will by itself recognizes the IP address and records alongside the access time and number of pages you visited.
We are committed to use the foregoing information exclusively for the daily operation of the network, and for the quality improvement of the operation thereof, for instance, to use as a reference to resolve issues related to the use, management, maintenance, and diagnosis of the Website and server. It is worthwhile to note that independent device information and log information are unable to identify a specific individual, and as such are not Personal Information or personal sensitive information. Whereas, in the event that such non-personal information is used in conjunction with other information to identify a particular natural persons or to use in combination with other Personal Information, such non-personal information shall be treated as Personal Information during the identification or combination. We will resort to your necessary consent or authorization should the event occurs.
- Actively-provided Personal Information
When you use certain services or features offered on the Website, for the services or features to achieve its contemplated target, you will need to provide certain Personal Information to us. Our online registration form will inform you what information we need, and what information is necessary or optional. For example, if you use the “Contact us” section, you will provide your name, email address, mobile phone number, company and its address; if you use the “recruitment” section, you will provide your email address and might also provide your career, contact information, name, education background and other information you deem necessary.
We undertake to use the foregoing information exclusively for the purpose to fulfill the specific target of the services or features described herein, and will solicit your explicit consent or authorization before collecting such information. If you only need to use our basic services such as browsing, searching and others, you are under no obligation to register or to provide the foregoing information.
For the accuracy and security of our record, you should provide the correct, truthful, up-to-date and complete information on the registration form, and update us in a timely manner to ensure there are no errors, misrepresentations, outdated, incomplete or misleading information therein. If the information you provided include Personal Information belonging to other third parties, you shall ensure that you have obtained lawful consent or authorization from the third parties before such provision.
- Passively-collected Personal Information
- Consent Exception of the collection and/use
Pursuant to currently effective laws and regulations in the People’s Republic of China, UII do not need to solicit your explicit consent or authorization to collect and/or use the Personal Information, provided that the collection and/or use:
- Concerns UII’s compulsory obligations to comply with all applicable laws and regulations;
- Involves national security or defense concerns, and state secrets;
- Relates to public safety, public health and major socio-economic benefits;
- Touches on criminal investigation, prosecution, trial and execution of judgments directly;
- Protects the life and property rights of the Personal Information subject or other individuals, while unfeasible to obtain your own consent;
- Contains Personal information collected from legally publicly disclosed sources, such as legitimate news reports, government information disclosure, and others;
- Verifies specific accounts or claims for the purpose of secure transactions and fraud prevention; and
- Performs the required contractual agreement, including to perform you requested need, as the pee-requisite to complete the request, UII need to proceed your personal information.
In accordance with current effective laws and regulations, provided that we have taken comprehensive technical measures and other necessary measures to annoymize and de-identificate Personal Information, in such a way that the data receiver is unable to re-idenitfy or tracking the specific individual, you acknowledge that the subsequent processing of such information which has became non-personal information do not require your further awareness or consent.
- Rules in Sharing, Transferring, and Publicly Disclosing your Personal Information
We will take reasonable safety measures to protect the Personal Information under our control. Unless it is requested by law or law enforcement actions, UII will not share any Personal Information collected via the Website to any unrelated third parties (including companies, organizations and individuals);
However, we may share Personal Information in good faith and in the belief such practices are necessary for the following:
- Voluntary sharing: based on your explicit consent, authorization or proactive choice, UII may share Personal Information to your designated third party within your agreed scope;
- Sharing within our Group: In order to ensure that affiliates of UII provides you the same quality of services, we will share the Personal Information to affiliates exclusively on a need-to-know basis and apply the rules and scope stipulated herein. If we share sensitive personal information or the affiliates change the purpose of processing the Personal Information, we undertake to ask your re-consent or authorization. Affiliates hereby refer mainly to Shanghai United Imaging Healthcare Co., Ltd. and its affiliates.
Third-party service providers may also calculate and/or count independent device information, log information (non-personal information) in aggregate forms, and we will use such statistical information to understand the population browsing and/or using the Website, the population’s interacting with the Website, and the general trend in using the Website, such as the amount of usage in a given country or region. These uses do not involve the identification and tracking of specific subjects.
We will not transfer your Personal Information to any other entities, organizations or individuals except in the following cases:
- transfer with your express consent; and
- Public disclosing
We will publicly disclose your personal information exclusively in the following circumstances:
- to disclose required by law, legal notice, litigation or mandatory requirements of the competent government authorities;
- to comply with UII's policies or practices applicable, and obtained your notice and confirmation of the legal process;
- to avoid personal or property damage or emergency measures taken by Personal Information subject or other individuals; and
- to take necessary measures to protect the property and life safety of UII, its affiliates or the general public.
How we protect your Personal Information
- Network security measures
- We use encryption features such as the Secure Socket Layer (SSL) protocol and provide a secure browsing link with Hyper Text Transfer Protocol over Secure Socket Layer (HTTPS);
- Your personal information is stored on a secure Microsoft cloud server and protected by industry-standard firewall systems;
- We have special and limited access control for your Personal Information, and we allow only specific personnel of UII to view or use it under necessity;
- We will classify the storage of the Personal Information based on its importance and sensitivity, and ensure that the collection, storage or use of the corresponding classification has corresponding security standards and ratings;
- We regularly review, monitor and evaluate the operation mode of our cybersecurity system, to identify possible cybersecurity risks and take corresponding pre-cautions;
- We will conduct regular information security training to test and strengthen the importance of Personal Information to all employees.
- The principal to minimize collection and/use of Personal Information
- Cybersecurity incidents
To prevent Personal Information from unauthorized access, cyber attacks, disclosures, modifications, damage, or similar risks, we have taken or will implement practicable security measures, including but not limited to physical, technical, and managerial processes to protect the Personal Information under our control. These measures include but without limitation:
We will only retain your personal information for the period of time required to achieve the purposes of the Website and for the scope defined herein. After your Personal Information exceeds the retention period, we will remove or de-identificate your Personal information as required by applicable laws. When such deletion is to be taken, we may not immediately remove the information in the backup system, but will remove in the time of system updates.
Please note that the internet environment is not 100% secured and we will do our best to ensure or guarantee the security of your Personal Information. We therefore strongly recommend that you use a safe and encrypted communication method to send the foregoing Actively-provided Personal Information. You should avoid sending sensitive personal information to us, or inform us when you do so, we will then classify your sensitive information and store it in separate secured locations.
If you have reasonable awareness of a possible Personal Information leak, please contact us immediately so that we can take timely remedial action. In the event of a cybersecurity incident, we will promptly inform you pursuant to the laws and regulations: the basic situation and possible impact of incidents, the measures we have taken or will take, and the mitigate remedies you may take and others. Judging from the relevant circumstances, the notification to you may be by mail, letter, telephone, push notification and others. When it is unfeasible to inform individual subject one by one, we will issue a public notice in a reasonable and effective manner.
The rights you have on Personal Information
- The request you can exercise
- In accordance with laws and regulations of the country or region to which you apply, you have the right to request access, correction, deletion, change of authorization, and restrict information system automatic decision (collectively, “requests”) for any and all Personal Information under our control.
- To exercise the requests, you may contact Inquiry_UII@united-imaging.com. If you are unable to make a request through the email, you can also fill in the registration form on “Contact us” page anytime. We will respond to your request within thirty (30) business days. Please note that to ensure the reliability and security of your request, we hope that you:
- make a request in writing, unless the local laws and regulations expressly require recognition of the oral request; and
- Provide your name, contact information and other necessary information to ensure that the company can verify your identity so as to confirm the requester is the Personal Information subject or other legal agent of Personal Information subject.
You have the right to access the Personal Information under our control. Based on your request, we may provide a record of such Personal Information or its copy.
You have the right to ask us to delete your personal information, if:
- we deal with personal information in violation of laws and regulations;
- we collect and use your personal information without your consent;
- we process personal information in violation of your agreement;
- you no longer need us to store or use this personal information; and
- we no longer provide such products or services for you.
If we decide to respond to your removal request, we will also notify other entities that obtained your personal information from us, including but not limited to the third-party service providers, to request that they remove the Personal Information in a timely manner, unless otherwise required by laws and regulations, or Independent consent you entered into with those entities.
When such deletion is to be performed, we may not immediately remove the information in the backup system, but will remove in the time of system update.
In some features, decisions may be made based solely on non-manual automatic decision mechanisms such as information technology and algorithms. If these decision mechanisms significantly affect your legal rights, you have the right to ask us for an explanation and we will provide you appropriate remedies.
In principle, we do not charge fee for any reasonable request, but we will charge a reasonable cost for repeated requests that exceed the reasonable limit. We may refuse to respond for those requests needing too many technical means (for example, requiring us develop new systems or fundamentally changing our existing practices), posing risks to the legal rights of others, or being excessively impractical (for example, involving information stored on backup tapes).
We will not be able to respond to your request when
- It relates to the performance of our obligations stipulated by laws and regulations;
- It concerns national security and national defense security;
- It concerns public safety, public health, and major public interests;
- It is required by criminal investigation, prosecution, trial, and execution of judgments;
- We have sufficient evidence to show that the Personal Information Subject has malicious intent or abuse of rights;
- Our responding to Personal Information Subject’s request will result in serious damage to the legitimate rights and interests of the Personal Information Subject or other individuals or organizations; and
- It involves trade secrets.
How we deal with children’s personal information
UII is very concerned about children's privacy protection. In accordance with current effective laws and regulations, children specifically refer to minors aged fourteen (14) and under. The services on this website are primarily for adults, and children should not provide personal information without the consent of their parents or guardians.
In the event we have obtained consent from parents or guardians, we will only use, share, transfer or publicly disclose Children’s Personal Information if permitted by law and with the explicit consent of the parent or guardian.
If we discover that a child has provided us Personal Information without prior verifiable parental consent, we will immediately remove the Personal Information thereof.
Any UIH staff who accesses children's Personal Information must record the access and take technical measures such as encryption. We strictly prohibit the illegal copying, downloading, or sharing, transfer, or public disclosure of children's Personal Information, except as required by laws and regulations or mandatory measures.
How your Personal Information transfer cross-border
- General specifications for cross-border transfers
- Special specifications for EU residents
- We strive to comply with the laws and regulations of all jurisdictions, including the direct obligations in the General Data Protection Regulations (“GDPR”). However, if you are an EU resident but are browsing and/or using the Website anonymously, we might unintentionally transfer your Personal Information to countries outside the EU exclusive economic zone. You acknowledges that these countries may not be able to provide the same level of protection as the EU exclusive economic zone.
- Please note that GDPR does not apply to EU residents providing Personal Information outside the EU. If you are an EU resident but are browsing and/or using the Website in China, your Personal Information should be collected, used and/or processed in accordance with effective laws and regulations of the People's Republic of China.
- When GDPR is applicable, you have the following additional rights:
We have servers in People's Republic of China (including Shanghai and Hong Kong) that will collect and/or store Passively-collected Personal Information. Whereas Actively-provided Personal Information will be available only within the People's Republic of China (excluding Hongkong, Macau, and Taiwan). In general, your Personal Information will be transmitted to these countries/regions in accordance with applicable laws and regulations.
If your Personal Information is transferred to overseas jurisdictions or was accessed from these jurisdictions, you should be aware that some jurisdictions may have different data protection laws or even absence of relevant laws. In these cases, we will apply our best efforts to ensure that your Personal Information is adequately protected to the same standard of care as required by laws in People's Republic of China. For example, we will ask you for permission to transfer Personal Information across borders or to implement security measures such as data de-identification before such transfers.
- Limit our data processing activities or oppose to certain data processing activity;
- Request data transfer for Personal Information;
- Request transfer of Personal Information from UII to other data controllers in a structured or electronic form; and
- Submit a request to your local data protection agency (DPA). The following links can help you find the appropriate DPA:
If you have such a requirement, you can exercise your additional rights in the same way as listed in the above request exercise section. Please note that this may also mean that we will not be able to provide you with related services or services of the same quality.
- Significant changes in the way the website is viewed and/or used, which affects the processing of Personal Information, the type of Personal Information collected or used;
- Significant changes in UII ownership structure, organizational structure, and others caused by business adjustment or bankruptcy mergers and acquisitions;
- Changes in the main object of personal information sharing, transfer or public disclosure;
- Significant changes in your rights with relation to your Personal Information and how they shall be exercised;
- Changes in the person responsible for handling Personal Information security, contact information, and complaint channels; and
- High risk detected in the cybersecurity system which impact the safety of Personal Information.
If you have any questions or have any suggestions, please contact us by:
Shanghai United Imaging Intelligence Healthcare Co., Ltd.:
2875 Longteng Avenue, Xuhui District, Shanghai
TEL: +86 (21) -67076888
FAX: +86 (21) -67076889
If you are dissatisfied with how we handle Personal Information, especially if our Personal Information processing actions harm your legal rights, you can resort to the industry association where the defendant's residence is located.
© Shanghai United Imaging Intelligence Co., Ltd. 2017-2019. All rights reserved.
Last updated: November 15, 2019