Privacy Policy

Privacy Policy

Privacy Policy

Last updated: January 19, 2022

Latest effective date: January 19, 2022

 

This Privacy Policy (hereafter call “this Policy”) applies to logistics service provided by S.F. Express Co., Ltd. and its affiliates (hereafter called “SF or We”) to the customers whose shipping places are in the People's Republic of China (hereafter called “You”) through the SF official website, SF Express App, WeChat official account, mini program and so on. We will explain to you the principles of SF’s protection of personal information, how your personal information is collected and processed, and common protection measures and mechanisms, and show you the basic standards and systematic construction of SF’s protection on personal information.

We strive to present this Policy in a concise, clear and comprehensible manner. SF understands the importance of personal information to you and will try our best to protect your personal information. We are committed to maintaining your trust in us and protecting your personal information by adhering to the following principles: consistent rights and liabilities, clarity of purpose, consent of choice, minimum sufficiency, security guarantee, subject participation, transparency and so on. At the same time, SF undertakes to protect your personal information by taking appropriate security measures in accordance with industry-proven security standards.

Before using our products, please read this Policy carefully so that you can understand our products and services provided better and make appropriate choices. Unless otherwise provided by law and administrative regulations, you have the right to know and decide how we handle your personal information, and the right to restrict or reject processing of your personal information by us or other parties; At the same time, you are entitled to require us to interpret our rules of processing your personal information. To enable you to fully know and understand how we process your personal information, the processing scope and the consequences thereof, and to serve as a basis for your exercise of the relevant rights, we hereby formulated the preliminary “1. Basic rules for the processing of your personal information to fulfill our legal obligation to inform you. For this reason, we strongly recommend that you should first read the instructions in this section carefully and give the appropriate consent based on full understanding of the content of this Policy.

Should you have any questions, comments or advises, please dial our customer service hotline 95338 or contact us by contact information specified in “9. How to contact us” in this Policy.

This Policy will help you understand the following contents:

1. Basic rules for the processing of your personal information

2. How do we collect and use your personal information

3. How do we protect your personal information

4. Your rights

5. How do we process children’s personal information

6. Our protection of personal information of deceased users

7. How is your personal information transferred in the world

8. How we update our privacy policy and applicable laws

9. How to contact us

 

 

1. Basic rules for the processing of your personal information

Important definitions in this Policy are based on related definitions specified in the Personal Information Protection Law and the Personal Information Security Specifications (GB/T35273-2020), which are supplemented based on our practice. In case of any inconsistencies, the Personal Information Protection Law and the Personal Information Security Specifications shall prevail. It is also important to note that the core purpose of the instructions in this section is to guide you to fully know and understand the rules of how we process your personal information, the processing scope and the consequences thereof to fulfill our legal obligation to inform you. For this reason, we strongly recommend that you should read the instructions in this section carefully and give consent with full understanding of the instructions.

1.1 Personal information refers to all kinds of information related to an identified or identifiable natural person recorded electronically or by other means, such as personal phone number, personal information subject account, IP address, unique device identification number and so on. Sensitive personal information refers to personal information that may easily lead to the infringement of dignity of a natural person, or harm to personal and property security, including biometrics, religious beliefs, specific identity, medical care, financial account, tracking and other information, as well as personal information about minors under the age of 14. In this Policy, if the personal information is sensitive personal information, we will make the font bond for your attention and obtain your separate consent, and you shall pay additional attention to the list of such information. You can learn about in which scenarios and for what purpose we will process the categories of personal information from 2.1 Collection and use of personal information. In terms of the services we provide to you, the scope of your personal information we processed is as follows:

categories of Personal Information

Personal Information

Basic personal information

Name, address, personal phone number, email, birthday, gender, area

Internet identification information

Account name/nickname, account password, IP address, WeChat ID

Personal communication information

Communication record and content

Personal property information

Order number, transaction amount, waybill information (shipper and receiver name, address, contact information, shipment information and routing records)   

Personal web surfing record

Web browsing record, operation log

Common personal device information

Device ID, device model, system version

Personal identification information

ID card information

Personal biometric information

Facial recognition characteristic information

Personal location information

Longitude and latitude

 

1.2 Personal information processor: refers to an organization or individual who determines by itself the purpose and manner of processing personal information in the course of personal information processing activities.

1.3 Processing: Processing of personal information includes collection, storage, use, assembling, transmission, provision, disclosure, deletion and so on of the personal information. For more information about how we collect and use your personal information, you can view in 2. How do we collect and use your personal information.

1.3.1 Collection refers to acquiring control over personal information, and solely decide the purpose of processing and the manner of processing of personal information. The collection of personal information including by the means of direct collection, such the personal information provide by the subjects actively, active collection through our interaction with the personal information subjects or by recording the behavior of the person who has personal information, and the means of indirect collection through receiving other personal information and/or collecting public information.

1.3.2 Use: We will specify the scenarios and purposes for which we will use your personal information in the list 2.1 Collection and use of your personal information, together with related legitimate reasons of processing for you to understand the corresponding obligations we need to comply with. When we use information collected for a particular purpose for other purposes, we will seek your consent in advance or inform you of other legitimate reasons for processing. The “Use” we specified in this Policy is specifically defined as how we process data for storage, access and presentation, integration, statistical analysis, personalized presentation, and automated decision-making.

You agree that we will conduct integration, identification, analysis, profiling or further assembling of the personal information you provide, actively or passively, directly or indirectly, in the course of using SF products or services through our own or authorized party’s technologies, and form diverse label that reflects your behavior, hobbies, or economic, health, or credit status, identification feature to different extent (hereafter called “label information”). We will use the label information for specific scenarios and purposes to improve our services, or to show and recommend products, services, or promote commercial advertising that better meets your potential needs, including:

a) Automated decision-making: refers to the activities of using personal information to automatically analyze, evaluate, and make decisions of the personal behavior, hobbies, or economic, health, or credit status through computer systems and algorithm programs. Generally speaking, we use automated decision-making in the following scenarios:

(i) We will use automated decision-making mechanisms to evaluate the security of your device’s mobile number, which may require you to log in with other verification methods. This decision making may significantly affect your legitimate interests (i.e., whether you can use our services), you have the right to ask for clarification through the contacts specified in this Policy, and you have the right to reject our decision solely made through automated decision making. We will provide appropriate remedies. For details, see the description in “4.6 Restriction of automated decision-making by information system”.

(ii) Automated decision-making mechanism can be used to personalized presentation and/or send commercial marketing information to you. Based on the consistency of our account management system, the personal information collected through one product may be integrated and used for the purposes of personalized presentation in other SF products and services.

b) Operation guarantee: Operating and providing services to you are our important business activities. Based on the needs of our business operations, we need to use your personal information internally, including for internal audit, data analysis, further practice research or academic research and will use the information collected for big data analysis. For example, we use the information we collected to analyze and form statistical products which do not contain any personal information, to show the overall picture of the SF service, analyze the behavior patterns of different groups and so on. We may disclose and share with our partners the big data analytic information which is statistically processed and do not contain identifiable contents. At the same time, we need to use the information we collected to deliver SF’s products and services, improve the performance of our products and services, and perform the necessary business operations and assessments, customer support and so on. Based on the need to secure operation and network, we need to collect your IP address, device information, network information and operational logs, and if you refuse to provide such information, we may not guarantee normal operation of the service.

1.3.3 Storage: refers the recording of personal information in electronic or non-electronic form on a medium that we can access and retrieve. For normal business needs, we may keep the personal information required by the product for a period of time for different legitimate reasons for processing:

a) Personal information processed on the basis of your consent will be retained from the date of collection to the fulfillment of the processing purpose, the user cancels/deletes all account information or withdraws consent and the agreed rescission period expires;

b) Personal information necessary for the conclusion or performance of a contract to which you are a party will be retained from the date of collection until the completion of the contract and the expiry of limitation of action;

c) Personal information necessary to fulfill a legal obligation will be retained from the date of collection until the legal obligation has been fulfilled and expiry of limitation of action;

If laws, regulations, regulatory documents, and supervisory provisions impose different requirements for the said retention period, the requirements of laws, regulations, regulatory documents, and supervisory provisions shall be satisfied. In addition, our personal information collected on a product-based basis will be remained on servers in the People’s Republic of China in accordance with the latest requirements of laws in principle. We will not provide any of your personal information to foreign subjects without meeting the conditions and procedures set forth in laws, regulations, regulatory documents and supervisory provisions.

1.3.4 Provision to third party: refers to the activity that a personal information processor provides personal information to another person’s information processor and the receiving party should process in accordance with the category, processing purpose and processing manner of the personal information informed to the subject of the personal information.

1.3.5 Authorized processing: The activity that a personal information processor authorizes other persons to process the personal information and supervises his processing activities. The authorized processor can only process personal information within the authorized scope, and can not authorize others to process the personal information.

1.3.6 Anonymization: The activity that the personal information cannot be used to identify a particular natural person after being processed, which cannot be recovered.

1.3.7 Affiliates: means any entity that directly or indirectly controlled by, or under common control with S.F. Express Co., Ltd., and for the purposes of this Policy, please see our latest annual report disclosed on official designated channels for the scope of our affiliats (http://www.szse.cn/certificate/individual/index.html?) Code=002352). Entities in this definition include but are not limited to individuals, partnerships, companies, and other legal entities.

2. How do we collect and use your personal information

We will collect and process personal information from you for the purpose of providing you with relevant products and services, and disclose it to you in the list (see the example below) in the principles of legality, legitimacy and necessity. We will disclose the collection and use of your personal information to you as comprehensively, completely and promptly as possible, and if you notice errors or omissions in our disclosure, please contact us through the contact information specified in this policy.

2.1 Collection and use of personal information

With the iteration, exploration and upgrade of products or services, the categories of personal information we collected and used may change. In this case, we will explain to you in detail and seek your consent by updating this Policy and by pop-ups, pages, and so on in SF’s products. In this service, the categories of personal information we need to collect and process for different processing purposes are listed below:

Processing Purposes

Legitimate processing reasons

Categories of personal information

Sensitive personal information

Registered account

Necessary for performance

Basic personal information

Internet identification information

None

Complete account information

Consent

Basic personal information

Internet identification information

None

Real-name authentication requirements on sending package

Mandatory legal requirements

Basic personal information

Personal identification information

ID card information

Identity verification

Consent

Personal biometric information

Facial recognition characteristic information

Performance of logistics contracts

Necessary for performance

Basic personal information

Personal identification information (customs clearance)

Waybill information

ID card information

Use previous waybill information to complete, correct the inaccurate or undeliverable addresses and so on for the completion of delivery

Consent

Waybill information

None

Query about service point, easily input address

Consent

Personal location information

Personal location information

Payment settlement

Necessary for performance

Basic personal information

Personal property information

None

Sending service message

Necessary for performance

Common personal device information

None

Customer service and after-sale service

Necessary for performance

Basic personal information

Internet identification information

Waybill information

Personal communication information

None

Guarantee for transaction security

Necessary for performance

Basic personal information

Personal web surfing record

Common personal device information

Internet identification information

Waybill information

None

Identification analysis

Consent

Basic personal information

Personal identification information

Personal property information

Personal web surfing record

Internet identification information

Common personal device information

Waybill information

ID card information

Personalized recommendations and advertising messages sending

Consent

Internet identification information

Common personal device information

Basic personal information

None

 

2.2 Collection and use of device access information

If you use our services through the SF Express App, WeChat official account, and mini program, in order to comply with laws, regulations, regulatory requirements, ensure transactions security and to collect personal information, we need to apply to enable related device access in SF Express App, WeChat official account and mini program for different business functions you selected. If permitted by your mobile phone system, we will explain by pop-ups to you and seek your consent. Granting these permissions means that you authorize us to collect and process this information to perform related functions. You can withdraw the authorization through the relevant settings on your device, but we will not be able to provide you with the appropriate business functions after your withdrawal. The permissions that need to be enabled and specific scenarios in which they are used are listed in the following table:

Authorization information

Application scenarios, purposes and reasons

Microphone

Input the waybill information by speech or consult and interact with our customer service robot. In these functions, we will collect your audio recording content to identify your shipment demand and customer service and after-sale service demands.

Geographical location (location information)

Inquire about SF service points and use the navigation function to get the current location information to help the user enter the shipper address.

Camera

Scan the code for sending shipments, making payment and face recognition.

Photo album (photo gallery)

Identify address from the photo, upload consignment photo, and upload sign-off photo for value-added services.

Address book

For your convenience, you need not manually enter the information of the contact person in your address book when you fill in the waybill Information.

Clipboard

Read and identify the contents from the clipboard, which is used to intelligently fill in the shipper, contact phone, and address information

 

2.3 How we use Cookie and similar technologies

2.3.1 Use of Cookie and similar technologies

To satisfy your personalized online experience and more convenient access experience, we will send one or more small data files or equivalent technical files named Cookies to your computer or mobile device. Cookies assigned to you are unique and can only be read by Web servers in the domain in which cookies are released to you. We send you Cookies to simplify the steps of repeated login, to help you determine your login status and to verify the account or data security.

We will not use the Cookie for any purpose other than the purpose set forth herein. You may manage or delete the Cookies and clear all the Cookies stored in your computer according to your own preference. Most web browsers accept Cookies automatically, however, you can usually modify your browser’s settings to reject cookies according to your needs. In addition, you can also clear all cookies saved in the software, but if you do so, you may need to change the user settings by yourself at each visit, and the corresponding information you previously recorded will be deleted, which may have certain impact on the security of the services you use. If you need to understand in detail how to change the setting of the browser, please visit the setting page of the browser you use.

2.3.2  Do Not Track

Many web browsers have the function of “Do Not Track”. You can submit a “Do Not Track” request to the website. At present, major Internet standard organizations have not established related policies on how websites response to such request. However, if your browser has enabled “Do Not Track”, we will respect your choice.

2.4 Use your personal information within SF Group

2.4.1 In accordance with the SF Group’s unified information security management requirements and operational control strategies, we will assemble and integrate all information contained in the list “2.1 Collection and use of personal information” of this Policy. If our scope or purposes of use of the receiving party are beyond the description of this Policy, the receiving party that changes the purpose shall obtain your consent again. You have the right to appeal to us or to any affiliates who  have collected and processed your personal information through the contact information specified in this Policy, or to request us or any affiliates who have collected and processed your personal information  to explain and make response to Group data sharing issues described in this article.

2.4.2 Your personal information may be provided and shared within the SF Group for the following processing purposes:

a) Create a unified login account, verify your identity, unify your identity authentication, and enjoy corresponding benefits within the Group.

b) Work with affiliates to provide you with services or work together to achieve the business function of a specific product.

c) Protect against security risks by making comprehensive verification on your personal information, tag information, etc. within the Group, and detect and prevent from security risks such as phishing websites, fraud, network vulnerabilities, computer viruses, network attacks, network intrusions, etc.), identify violations of laws and regulations or agreements and rules related to product and service more accurately to protect the legitimate interests of you, other users, us, or affiliats.

d) Identify, analyze, assemble and form label information within the Group and use it for automated decision-making, personalized presentation, operational support, academic research, notifications and message sending (including sending commercial advertisements and message to you) and improvements to products and services.

e) Other uses permitted by laws, regulations, regulatory documents, and supervisory provisions, and other uses under your authorized consent.

2.4.3 We will control the security of the data flow within SF Group through systems, agreements and technical means. In the meantime, to ensure the security of the data flow within SF Group, we will conduct internal routine checks and require all affiliats within the SF Group to strictly enforce the Group’s information security management requirements and operational control policies.

2.4.4 SF Group: For the avoidance of ambiguity and as far as this Policy concerns, SF Group includes S.F. Holding Co., Ltd. , its subsidiaries and entities controlled by it.

2.5 External provision

2.5.1 We will not provide your personal information to third parties unless permitted by laws, regulations, regulatory documents, and supervisory requirements or for other legitimate reasons for processing. We will only provide your personal information to third-party personal information processors for legal, legitimate, necessary, specific and explicit purposes. We will enter into related confidentiality agreements with the receiving party and require them to process personal information in accordance with the requirements of this Policy, along with other necessary confidentiality and security measures. The circumstances that we provide your personal information to third parties mainly include:

a) Authorized processing: To realize the business function of a specific product, we will authorize external suppliers to assist us in providing you with relevant services, and under the mode of authorized processing, the third party receiving personal information will only be entitled to provide the services on our behalf. We will be responsible to you for the processing activities authorized to the third party within the scope of the authorization. For example, we will authorize suppliers, service providers and other partners who support our business to provide us with technical infrastructure services, analysis of the operation manner or potential risk of our services, advertising services, transportation, warehousing, customs clearance, last mile delivery, payment convenience, customer services, data storage or data analysis services and third-party additional business functional services (e.g. speech input and map function).

b) Provisions to third party: In performance of our agreement with you or for other reasonable purposes, we may provide certain personal information about you to third-party personal information processors, and we will disclose it to you as required by law. The third-party personal information processor who receives personal information has the right to process personal information to the extent that you have been informed of the purpose of processing, the manner of processing, and the categories of personal information, If the receiving party changes the original purpose of processing and the manner of processing, the receiving party shall obtain your consent again. For example, when we provide you with customs clearance services, we may need to provide your personal identification information for customs clearance.

In particular, we would like to draw your attention to the fact that if you authorize a third party to request us to provide all or part of your personal information in the service, you agree that we have the right to verify your identification and the authenticity of your authorization to the third party based on our own practice, and have the right to decide to agree or decline to provide your personal information by ourselves as described above, unless you give separate instructions through the contact information specified in this Policy. For example, if you authorize a third-party financial institution to collect your specific personal information from us, and if the third party requests us to provide your personal information based on that authorization, we will provide it to the third party at its request and within the scope of your authorization.

c) Third party SDK

If you use our services through SF Express app, we will access third-party personal information processors in the form of SDKs in SF Express app and provide your personal information to third-party personal information processors, and if you refuse to provide us with your personal information to affiliates and third-party processors, you may not be able to use corresponding business functions. To ensure that you have a whole picture of Provisions of your personal information to third party, we have summarized the following table to let you know the full range of SDK access patterns in the services and we specifically draw your attention that:

(i) SDK is a toolkit assembled by the provider in advance, and the categories of personal information we disclose in the table are based on disclosures and commitments made to us by the SDK, and we cannot control and check the truthfulness of personal information collection at any time, but we will adopt a feasible management mechanism to monitor its risks;

(ii) Some SDKs can collect your personal information directly (not from us) and we will make such high-risk SDKs bold in the table;

(iii) To facilitate your understanding of the full SDK access in the application, some of the items include situations where we are the data receiver (indirect collection), and where we are authorized to process personal information on behalf (authorized processing);

(iv) The following table contains SDKs embedded in websites, applications, products, and services operated by other independent third parties, for which the accessing party and the SDK provider are jointly responsible. We will display with an * symbol.

SDK name

Receiving party

Legitimate processing reasons

Cooperation purpose

Cooperation pattern

categories of provided personal information

Personal information transmitted back from the receiving party

Link to Privacy Policy

Pushed by Aurora Mobile

Aurora Mobile Information Technology Co., Ltd.

Necessary for performance

Provide the function of pushing message for users

Authorized processing

Device information, geographic location, network information

Information ID

https://www.jiguang.cn/license/privacy

Pushed by Vivo

Vivo Mobile Communications Limited

Necessary for performance

Provide the function of pushing message for users

Authorized processing

Device information, network information, log information

None

https://www.vivo.com.cn/about-vivo/privacy-policy

Pushed by MI

Beijing Xiaomi Technology Co., Ltd.

Necessary for performance

Provide the function of pushing message for users

Authorized processing

Device information, network information

None

https://dev.mi.com/console/doc/detail?pId=1822

Pushed by Huawei

Huawei Technologies Co., Ltd.

Necessary for performance

Provide the function of pushing message for users

Authorized processing

Device information, network information

None

https://developer.huawei.com/consumer/cn/doc/development/HMSCore-Guides/privacy-statement-0000001050042021

Pushed from message of Meizu

Meizu Technology Co., Ltd.

Necessary for performance

Provide the function of pushing message for users

Authorized processing

Device information, network information, log information

None

https://i.flyme.cn/privacy

Tencent XG Push

Tencent Technology (Shenzhen) Co., Ltd.

Necessary for performance

Provide the function of pushing message for users

Authorized processing

Device information, geographic location, network information

None

https://cloud.tencent.com/document/product/301/11470

Baidu map

Baidu Online Network Technology (Beijing) Co.Ltd.

Consent

Location display,inquiry about service point information, navigation

Authorized processing

Geographical location,device information

Geographical code

http://lbsyun.baidu.com/index.php?title=open/privacy

Alipay

Alipay (China) Network Technology Co., Ltd.

Necessary for performance

Payment of freight charges

Authorized processing

Device information, network information

Payment result

https://render.alipay.com/p/c/k2cx0tg8

WeChat

Shenzhen Tencent Computer System Co., Ltd.

Necessary for performance ,consent

Login and share by third-party account, payment of freight charges

Reception, authorized processing

Device information, network information

Payment result, openid

https://open.weixin.qq.com/cgi-bin/frame?t=news/protocol_developer_tmpl

All in One Net of China Merchants Bank

China Merchants Bank Co., Ltd.

Necessary for performance

Payment

Authorized processing

Device information, network information

None

http://www.cmbchina.com/Personal/Netbank/NetbankInfo.aspx?guid=ca085e03-b3f2-4ac8-8a35-3560e8276cb2

China UnionPay & App pay

China UnionPay Co., Ltd.

Necessary for performance

Payment

Authorized processing

Device information, network information

None

https://user.95516.com/pages/misc/newAgree.html

Sina

Sina.com Technology (China) Co., Ltd.

Consent

Login by third-party account

Reception

Device information, network information

Openid

https://weibo.com/signup/v5/privacy

Tencent bugly

Shenzhen Tencent Computer System Co., Ltd.

Consent

Used to collect fault issues in use of the app

Authorized processing

Device information, network information

None

https://mta.qq.com/mta/ctr_index/protocol_v2/

Baadu Mobile Statistics

Baidu Online Network Technology (Beijing) Co.Ltd.

Consent

Used for log statistics

Authorized processing

Device information, network information

None

https://tongji.baidu.com/web/help/article?id=330&type=0&castk=LTE%3D

*AutoNavi map

 

AutoNavi Co., Ltd.

Consent

Obtaining location, search for address, navigation

/

Device information, network information

/

https://lbs.amap.com/home/privacy/

*Mi account SDK

 

Beijing Xiaomi Technology Co., Ltd.

Consent

Provides login capabilities

/

 

/

https://privacy.mi.com/miaccount/zh_CN/

*V5 Customer Service SDK

 

Shenzhen SF Fix Technology Co., Ltd.

Consent

Provides online technical support for users to automatically answer user questions and transfer to manual customer service

/

Device information, network information, personal information

/

https://www.v5kf.com/web/about/declaration.html

*Growingio

 

GrowingIO Technology Co., Ltd.

Consent

Statistical analysis and analysis

/

Login information, browse information

/

https://accounts.growingio.com/privacy

*Beijing Zhuanzhuan Spirit SDK

Beijing Zhuanzhuan Spirit Technology Co., Ltd.

Consent

Static content display associated with the voucher

/

User information

/

https://m.zhuanzhuan.com/platform/zzapppages/zzothers/privacy.html?zzv=5.9.0&isReplaced=1

*Fmy90 SDK

Shanghai Shanyi Network Technology Co., Ltd.

Consent

Used for activity or function navigation

/

User information

/

https://wechat.fmy90.com/fmy90/public/index.php/index/publicpage?id=141

*Hangzhou Kenfei SDK

Hangzhou Kenfei Information Technology Co., Ltd.

Consent

Used to get user data, login, retrieve data presentation

/

Network information

/

https://m.52bjy.com/about/copyright.html

* Alibaba Cloud SDK

 

Ali Cloud Computing Co., Ltd.

Consent

Photo, label storage

/

Device information

/

http://terms.aliyun.com/legal-agreement/terms/suit_bu1_ali_cloud/suit_bu1_ali_cloud201902141711_54837.html?spm=5176.19720258.J_9220772140.87.e9392c4aXgcDz6

 

2.5.2 To avoid ambiguity, you shall be aware of and understand that the product may contain links to websites, applications, products and services operated by other independent third parties. We make no express or implied warranties with respect to this third-party website, applications, products, and services, and these links are provided only to facilitate users' access to relevant pages. When you access links to such third-party websites, applications, products and services, we will provide your personal information to third parties under your explicit authorization, and you shall be noted that you agree to the privacy policies or personal information protection terms that they provided to you. The accessing party and his SDK provider shall bear joint responsibility for the SDK accessed independently from these third-party websites and applications. The providers of these third party websites, application programs, products and service and us shall respectively take independent responsibility for personal information protection based on laws and agreements between the parties.

2.6 Assignment 

We will not assign your personal information to any company, organization or individual except in the following cases:

2.6.1 Assignment after explicit consent is obtained: After your explicit consent is obtained, we may assign your personal information to other parties;

2.6.2 When any merger, acquisition or bankruptcy liquidation is involved, we will require any new company or organization holding your personal information to continue to be bound by this Policy in case of any assignment of personal information; otherwise we will require such company or organization to re-obtain your consent.

2.7 Disclosure

We will disclose your personal information to the public only in the following circumstances:

2.7.1 After your separate consent is obtained;

2.7.2 Disclosure based on laws: When required by laws, legal procedures, lawsuits or competent government departments’ mandatory requirements, we may disclose your personal information to the public.

3. How do we protect your personal information

3.1 We have used security measures that meet industry standards to protect the personal information you provided against unauthorized access, use, modification, disclosure, damages or loss. We will take all reasonable and feasible measures to protect your personal information. For example, we use encryption technology to ensure the confidentiality of personal information; We use reliable protection mechanisms to protect personal information from malicious attacks; We deploy access control mechanisms to ensure that personal information is only accessible to authorized person; And we will organize personal information security and privacy training courses to enhance employees’ awareness of the importance of protecting personal information.

3.2 Our Personal Information Security capabilities: SF has set up an Information Security Department to build a complete and advanced data security system for its products, including classification, encrypted storage, and data access control of user information; Internal data management systems and operational procedures have been developed, with strict process requirements from the collection, use, deletion or anonymization of data to avoid illegal use of user privacy data; Clarify the security management responsibilities of the departments and their responsible person who have access to users’ personal information; Establish work-flow and security management systems for the collection, use and related activities of users' personal information; Access management for staff and agents, review for batch queries, modifications, copying, exporting, deleting personal information and taking anti-disclosure measures; Keeping the paper, optical, electromagnetic media, and other carriers that record the user's personal information properly, and take the appropriate storage security measures; Reviewing information systems that store users' personal information, and take measure as intrusion prevention, virus protection and so on; Recording information of the people who process the user's personal information and the time, location and events, etc. of the processing; Training on personal information security and privacy protection regularly to raise awareness of the protection of personal information among employees.

3.3 We will take all reasonable and feasible measures to ensure that irrelevant personal information is not collected. We will retain your personal information only for the period necessary to achieve the purposes stated in this Policy, unless you need to extend the retention period or are permitted by law.

3.4 The Internet environment is not 100% secure, and we will try our best to ensure or guarantee the security of any information you send to us. If our physical, technical, or administrative defenses are damaged, resulting in unauthorized access, disclosure, alteration, or destruction of information, as a result, your legitimate interests are impaired and we will be held legally responsible.

3.5 In the event of an unfortunate personal information security incident, you will be informed in a timely manner, as required by law and regulations, of the basic circumstances and possible impact of the security incident, the measures we have taken or will take to address it, your own suggestions for preventing and mitigating risks, and the remedies available to you. We will promptly inform you of the incident by email, letter, phone call, pushed notification, etc. We will issue announcements in a reasonable and effective manner.

We will also proactively report the disposition of personal information security incidents in accordance with regulatory requirements.

If you notice that your personal information is being disclosed, please contact us immediately through the contact information specified in this Policy so that we can take appropriate action in a timely manner.

4. Your rights

In accordance with the established practice of related laws, regulations and standards in China, we will try to guarantee the your rights during the personal information processing activities, including but not limited to:

4.1 Access, copy, and transfer your personal information 

4.1.1 You have the right to log on to SF’s relevant websites, apps, WeChat official account, mini program you have registered to access, copy and transfer personal information about you, except under the exceptions provided by law and regulations. Where technology is feasible, we will provide you the function to export relevant personal information on your own, please be noted that your certain personal information cannot be exported to current legal and regulatory requirements and/or our technical capabilities. Please follow the instructions on the export interface to export your personal information.

4.1.2 If you are unable to access your personal information through the above path, or if you need to copy or transfer your personal information, you may contact us at any time through the contact information specified in this Policy, and we will respond to your requests to access, copy and transfer the information within fifteen business days. Appropriate means of transfer will also be provided when the transfer conditions meet the requirement set by the Cyberspace Administration of China.

4.2 Correct and supplement your personal information

4.2.1 If you find that your personal information is inaccurate or incomplete, you have the right to correct and supplement it by the path specified in Section 4.1 of this Policy.

4.2.2 If you are unable to correct and supplement such personal information through the above path, you may contact us at any time through the contact information specified in this Policy and we will respond to your request within fifteen business days.

4.3 Delete your personal information

4.3.1 You may delete any personal information you have voluntarily submitted after registration through the path specified in Section 4.1 of this Policy.

4.3.2 In the following circumstances, you may contact us through the contact information specified in this Policy and request us to delete your personal information if we have not deleted proactively:

a) The processing purpose has been achieved, cannot be achieved, or the personal information is no longer necessary for processing purposes;

b) We stop providing the products or services, or the retention period has expired;

c) You have withdrawn your consent;

d) We disposed your personal information in violation of laws, administrative regulations, or agreements;

e) Other circumstance regulated by laws and administrative regulations.

4.3.3 We will reply to you within fifteen business days after receiving your request to delete your personal information. If we decide to respond to your deletion request, we will also notify any entities receiving your personal information from us and require such entities to delete your personal information in time unless otherwise regulated by laws and regulations or such entities obtain your independent consent.

4.3.4 When you delete your information in our services, we may not delete corresponding information in our backup system immediately, but we will delete such information when our backup system is updated.

4.3.5 If the retention period regulated by laws and administrative regulations has not expired, or if the removal of personal information is technically difficult, we will stop any processing activities other than storing and taking the necessary security measures.

4.4 Change the scope of your consent

4.4.1 Each business function requires some basic personal information. If you withdraw your consent, the function of related business cannot be used.

4.4.2 In addition, you can grant or withdraw your consent based on paths specified in section 4.1 Access, copy, and transfer your personal information or change access permission in Bluetooth, voice settings, or specific product setup options on your smart device.

4.4.3 If you have additional requests to withdraw your consent that cannot be fulfilled, you may change the scope of your consent by sending us a notice via the contact information specified in this Policy.

4.4.4 When you withdraw your consent, we will cease to process corresponding personal information. However, your decision to withdraw your consent will not affect the previous processing of your personal information based on your previous consent.

4.4.5 In particular, if you do not wish to accept the commercial marketing information we send to you, you may reply to cancel through cancellation method expressly stated on a marketing email or SMS or contact us through the contact information specified in this Policy.

4.5 Personal information subject’s account cancellation

4.5.1 Members of SF Express may submit cancellation application on SF Express’s WeChat official account, SF Express App or account cancellation interface of the membership system on SF Express’ official website; If you have any questions during the process of canceling your account, you may contact us at any time through the contact information specified in this Policy and we will respond within fifteen business days.

4.5.2 After you cancel your account, we will stop providing you with products or services and will delete or anonymize your personal information at your request, unless otherwise provided by law and regulations.

4.5.3 Please be noted that we have the right to retain your personal information for a reasonable period after your cancellation as required by law and regulations. In the event of a dispute, you agree that the personal information in our system shall prevail and that we will guarantee the authenticity. After you confirm that the cancellation was successful, the account information, personal identification information, membership privileges, etc. may not be restored or available; However, you remain responsible for your actions before the cancellation and during the use of the services.

4.6 Restriction of automated decision-making by information system

4.6.1 In some business functions, such as login environment detection, we may make decisions solely based on non-manual automated decision-making mechanisms including information systems and algorithms. This decision may significantly affect your legitimate interests, you have the right to ask for clarification through the contact information specified in this Policy, and you have the right to reject our decision solely made through automated decision-making, and we will provide appropriate remedies to protect your legitimate rights. For example, we may show you the logic of automated decision-making and the related impact on you, or introduce manual reviews to check the correctness of automated decisions.

4.7 Response to your requests above  

4.7.1 In order to guarantee security, you may need to submit a written request or otherwise prove your identity. We may first require you to verify your own identity and then process your request.

4.7.2 We will reply to your request within fifteen working days. If you are not satisfied with our reply, you can also complain to us through the contact information specified in this Policy.

4.7.3 In principle, we will not collect charges for your reasonable request, but we will charge certain costs depending on the circumstance in case of any repeated request beyond a reasonable scope. We may refuse any request that is repeated without cause or requires too many technical means (e.g. requiring development of a new system or fundamental change of current practices) or requests that may cause risks to others’ legitimate interests or is very impracticable (e.g. involving information stored on backup tapes).

4.7.4 In the following circumstances, we will not be able to respond to your request according to the requirements of laws and regulations when:

a) the processing is in connection with the performance of the obligations of the personal information processor under laws and regulations;

b) the processing is directly related to national security and national defense security;

c) the processing is directly related to public security, public health and significant public interests;

d) the processing is directly related to criminal investigation, prosecution, judgment and execution of judgment;

e) the personal information processor has sufficient evidence to prove that the personal information subject is malicious or has abused the right;

f) the processing of personal information is aimed to protect the life, property and other significant legitimate interests and interests of the personal information subjects or other individuals but it is very difficult to obtain the consent of the personal information subjects;

g) the response to your request may cause serious harm to the personal information subject or other individuals’ or organizations’ legitimate interests;

h) the requests is involved with trade secret.

5. How do we process children’s personal information

5.1 When you browse our products without logging in, we only collect information about the current status of your personal devices during the use of a particular product and the necessary personal common device information. Limited by existing technology, we cannot identify whether you are a child under the age of 14 or not, but we will use the information strictly in accordance with your consent and protect your personal information in accordance with the commitments of this Policy.

5.2 When you sign up to log in to your account and fill in age-related information or verify your real name, we will collect your age information and identify if you are a child. Since our products are mainly intended for adult users, if you are under age of 14 and do not obtain the consent from your parents or guardians, you shall not create your own personal account or use our services. For the personal information of minors under age of 14 we collected with the consent of the parents or guardians, we will only use or disclose such information permitted by relevant laws, the scope of consent by the guardians or required for protecting the child. Please check out the Children’s Personal Information Protection Policy formulated by us.

5.3 If we find that we have collected personal information about a minor under the age of 14 without the consent of a verifiable parent or guardian, we will try to delete the personal information as soon as possible.

6. Our protection of personal information of deceased users

6.1 Upon the death of a user (natural persons only), his or her close relatives may, for their legitimate interests, use the contact information specified in this Policy to access, copy, correct or delete the personal information of the deceased user, unless otherwise arranged by the deceased user before the death.

6.2 You understand and acknowledge that, in order to fully protect the interests of personal information of the deceased user, the close relatives of the deceased user who applied to exercise the right need to submit the deceased user’s identification document, proof of death, the applicant’s identification document, proof of relations between the applicant and the deceased user, and the type of rights and purpose for the application. You can learn more information about the personal information protection process and conditions of the deceased users by dialing customer service hotline at 95338 or by the contact information specified in this Policy.

7. How is your personal information transferred in the world

7.1 In principle, the personal information collected and generated in the People’s Republic of China will be stored in the country as required by applicable laws.

7.2 We will only provide your personal information abroad for purposes necessary to perform our contract or for other legitimate processing reasons, and undertake to meet the conditions required by effective laws and regulations. For example, if you choose SF ’s international shipment services, as our services are based on self-operation or partner agency modes, we will transmit the waybill information of the international shipment to our affiliates or partner in country / region outside China through system interconnection. There may be different data protection laws or no relevant laws in such country / region, and in this case, we will ensure that your personal information will get sufficiently equal protection as that in China. For example, we will transmit waybill information in an encryption manner, regularly assess and audit the receiver’s security capacity level and sign data processing agreements / clauses.

7.3 If, under applicable law, we need to protect your personal information in compliance with data protection laws of other countries, we will also make appropriate compliance guarantees and adjustments. Please log on to SF International website at https://www.sf-international.com/zh/query/getPrivacyPolicy.do) to view the documents related to our Privacy Policy for data protection in the related countries and regions.

8. How we update our privacy policy and applicable laws

8.1 Our privacy policy may be modified. We will not impair the rights to which you shall be entitled according to this Policy without your explicit consent. We will release the updated version of this Policy.

8.2 In case of any material changes, we will provide more obvious notice (including for some services, we will send out notice by email to explain specific changed of this Policy).

8.3 Material changes include but not limited to:

8.3.1  Material changes of our service modes such as the purpose of processing personal information, the categories of processed personal information, and the manner of use of personal information;

8.3.2  Material changes of our ownership or organizational structure such as owners’ change arising from business adjustment or bankruptcy or merger and acquisition;

8.3.3  Changes of the major subjects to whom the personal information will be provided, transferred or disclosed;

8.3.4  Your rights and its exercising manner of personal information processing experience material change;

8.3.5  Change of department responsible for handling the security of personal information, contact information and complaint channel;

8.3.6  Personal information security impact assessment report indicates that there is a high risk.

8.4 We will also archive an older version of this Policy for your review.

8.5 This Policy applies only to customers that send shipments from China, if you would like to know the privacy policy of other countries where we provide service, please view relevant privacy protection documents according to Section 7.3 of this Policy.

8.6 The laws of the People’s Republic of China (excluding Hong Kong, Macao, Taiwan) are applicable to the formulation, implementation, interpretation and settlement of disputes under this Policy excluded with the application of any conflict rules.

9. How to contact us

9.1 If you have any questions, comments or suggestions, you can contact our product team or our department responsible for protecting personal information by the following. We will reply to you within fifteen business days normally.

Company name: S.F. Express Co., Ltd.

Registered address: No. 1111, Hangzhan 4th Road, Bao’an International Airport, Shenzhen, Guangdong Province, P.R. China

Office address: 1/F, Block B, Building 1, Shenzhen Software Industry Base, Xuefu Road, Nanshan District, Shenzhen, Guangdong, P.R. China

Customer service contact information: 95338

Contact of department responsible for personal information protection: DPO@sfmail.sf-express.com

9.2 If you are not satisfied with our response, especially if you believe that our activities of processing personal information has harmed your legitimate interests, and you cannot reach a consensus with us, you may seek a solution by filing a lawsuit to the court with competent jurisdiction where S.F. Express Co., Ltd. is located.