Simpcare Privacy Policy

This policy solely applies to the websites products, and services of N.O.D Topia (Guangzhou) Biotechnology Co., Ltd. and its subsidiaries (hereinafter referred to as "Simpcare", "we", "us", "our").

Updated: August 2022

If you have any questions, comments or suggestions, you can always reach out to us using the information below:

Email: mail@simpcare.com

This policy will help you familiarize yourself with the following information:

■ How do we collect and use your personal information

■ How do we protect your personal information

■ Your rights

■ How do we handle children’s personal information

■ How your personal information is transferred between countries

■ How this policy is updated

■ How to contact us

Simpcare is aware of the value you place on your personal information. That is why we make every effort to keep your personal information secure. As part of our commitment to upholding your trust in us, we abide by the following principles when protecting your personal information: the commensurability of powers and responsibilities principle, the purpose specification principle, the consent principle, the minimization principle, the ensuring security principle, the subject participation principle, and the openness and transparency principle. Simpcare guarantees that we will protect your personal information in accordance with the industry-accepted security standards by using appropriate safeguards.

Please read this entire privacy policy before using our products or services.

■ How do we collect and use your personal information

(I) What personal information do we collect

● We are able to offer features and functionality by employing certain data. In order to use such features and functionality, you will be required to give us or enable us to collect the essential information, such as your name, address, email address, mobile phone number, and other personal information.

● You may choose to provide us with or allow us to collect the following information at your discretion.

Personal information such as gender, age, ethnicity, religion, hobbies, employment history, and educational background. Although not required for the features to function as intended, this information is essential for enhancing service quality, developing new products or services, recruiting, giving customers the after-sales support they need, etc. You are not required to share this information. It will not have a negative impact on how you use these features if you choose not to.

● We will ask for your permission to access the following personal information when you use these features.

Location information, account information, a mobile phone number, a friend list, and other device information. We won't be able to deliver the functionality without your permission. You can choose whether to grant permission to access data other than those listed above.

(II) How do we use your personal information

● We use essential personal information to provide features and functionality, such as mailing you the products you've ordered, offering after-sales support, and performing market research.

● We use non-essential personal information for things like new product development, customer trend identification and recruitment.

(III)  How do we entrust processing, share, transfer, or publicly disclose your personal information

1.Entrustment

External vendors provide some specific modules or features for our business. For instance, we might work with service providers to help us with customer support. Stringent confidentiality agreements requiring the handling of personal information in accordance with our requirements, this policy, and any other pertinent confidentiality and security measures are placed on businesses, organizations, and individuals whom we entrust with processing personal information.

2.Sharing

Unless we have your express consent, we will not share your personal information with any company, organization, or individual not affiliated with Simpcare.

We may share your personal information with third parties, if pursuant to the requirement of any law or regulation or pursuant to the order of any government authority.

3.Transfer

We will not transfer your personal information to any company, organization or individual, except for those set forth below:

(1) If it is expressly permitted: We will only transfer your personal information to third parties with your explicit consent;

(2) In the event of a merger, acquisition, bankruptcy, or liquidation involving the transfer of personal information, we will first request that the new company or organization holding your personal information agree to remain subject to this personal information protection policy before requiring that company or organization to ask for your consent.

4.Public disclosure

We will only disclose your personal information in the following circumstances:

(1) With your express consent;

(2) Pursuant to the requirement of law: We may publicly disclose your personal information pursuant to the requirement of law, legal process, proceedings, or pursuant to the order of any government authority.

■ How do we protect your personal information

(I) We have put in place security measures that comply with industry standards to safeguard the personal information you give against unauthorized access, disclosure, use, modification, data loss, or damage. We will protect your personal information by using every technically feasible approach, for instance, network isolation techniques, data encryption technologies and authorization management.

(II) We'll do everything within our power to prevent the collection of any unrelated personal information. Unless a longer retention period is required or permitted by law, we will only keep your personal information for as long as it takes to fulfill the goals outlined in this policy.

(III) We shall routinely update and publicly disclose the information included in reports on security risks, impact analyses of the security of personal information, etc. You can get access to the data by emailing to mail@simpcare.com.

(IV) The cyberspace is not entirely secure. We will make every effort to assure or warrant the security of any information you provide to us. If our physical, technical, or administrative safeguards are compromised, leading to unauthorized access to, disclosure of, alteration of, or destruction of information, harming your legal rights and interests, we will assume appropriate legal liability.

(V) In the unfortunate event that a security breach of personal information occurs, pursuant to the requirement of laws and regulations, we will promptly inform you of: the general circumstances about the security breach and any potential effects, the countermeasures we have taken or will take, recommendations for you to independently prevent and reduce the risk, remedial measures for you, etc. We will promptly let you know by email, letter, phone, push notification, etc. how the incident-related situation is developing. When it is challenging to notify each personal information subject individually, we shall use a practical and efficient method to make an announcement.

In addition, we will take the initiative to disclose the outcome of incidents pursuant to the requirements of regulatory authorities.

■ Your rights

In accordance with the applicable laws, rules, and regulations of China as well as the common practices of other countries and regions, we protect your right to exercise the following rights with respect to your personal information:

(I) Accessing your personal information

You have the right of access to your personal information, except for situations as stated in laws and regulations. Please send an email to mail@simpcare.com if you would want to exercise your right of access to your personal information. We will respond to your request for access within 30 days.

We will give you access to any additional personal information we collect about you while you use our products or services, as long as it does not require excessive input on our side. To exercise your right to access your personal data, please send an email to mail@simpcare.com.

(II) Correcting your personal data

You have the right to request that we fix any errors in the personal information we have processed about you. Through one of the channels mentioned in "(I) Accessing your personal information", you can submit a request for rectification.

Deleting your personal information

You may make a request to us to delete your personal information in the following situations:

1. if we handle personal information in violation of laws and regulations;

2. if we collect and use your personal information without your consent;

3. if our handling of personal information violates our agreement with you;

4. If you stop using our products or services or close your account;

5. If we stop offering you our products or services

If we decide to comply with your request for deletion, we will also simultaneously notify the entities from which we obtained your personal information to request its prompt deletion, unless otherwise required by law or regulation, or unless such entities have your independent authorization.

When you delete information from our service, we may not immediately delete the corresponding information in our backup system but will delete it when the backup is updated.

Modifying the range of data which you give us consent to access

Each feature needs a few pieces of fundamental personal information to work as intended. You always have the option to give or withdraw your consent for the collection and use of extra personal information.

We won't continue to process the associated personal information once you withdraw your consent. However, the processing of personal information that was previously done with your consent will not be impacted by your decision to withdraw your consent.

You can unsubscribe at any time by sending an email to mail@simpcare.com if you do not want to receive commercial advertising from us.

Cancelling accounts of personal information subjects

You may send an email to mail@simpcare.com to at any moment to request cancellation of your previously registered account.

Except where prohibited by laws or regulations, we shall stop offering you products or services once you cancel your account and delete your personal data at your request.

Getting a copy of the personal data that you have provided as the personal information subject

You can exercise your right to get a copy of your personal data by emailing to mail@simpcare.com.

Upon your request, we may also transfer a copy of your personal information directly to a third party you choose, subject to technical feasibility, if the data interface has been established.

Restricting automated decision-making done by information systems

We might only use automated, non-human decision-making techniques, such as information systems and algorithms, when offering particular functionalities. You have the right to ask us for an explanation, and we will offer suitable remedies if these decisions have a major impact on your legal rights.

Getting responses to your requests for the rights listed above to be exercised

You might be asked to submit a written request or provide other forms of identification verification for security reasons. Before we can process your request, we might need you to prove your identity.

We'll get back to you within 30 days. If you are not satisfied, you may also file a complaint using the following information: mail@simpcare.com

In general, we don't charge you for your reasonable demands, but when they are persistent or go beyond acceptable bounds, we reserve the right to charge a fee. We reserve the right to refuse requests that are unnecessarily repetitive, necessitate a major investment in technology (such as the development of new systems or significant changes to existing procedures), threaten the legal rights of others, or are utterly impractical (for example, involving the backup of information stored on tape).

The following situations prevent us from being able to fulfill your request:

1. Pertaining to the personal information controller’s fulfillment of its legal and regulatory obligations;

2. Directly concerning national security or national defense;

3. Directly tied to public safety, public health, and crucial public interests;

4. Directly associated with criminal investigation, prosecution, trial and execution of judgment, etc.;

5. When the personal information controller has adequate proof of data subject’s subjective malice use or abuse of rights;

6. For the purpose to protect life, property and other crucial legitimate rights and interests of the personal information subject or other individuals, but in cases where getting their consent is challenging;

7. When fulfilling the request of the personal information subject would seriously impair his/her legitimate rights and interests, or those of other people or organizations;

8. When trade secrets are at stake.

■ How do we handle children’s personal information

Our services, products, and website are largely designed with adults in mind. Without parental or guardian permission, children shouldn't create their own accounts as personal information subjects.

If we obtain parental consent to collect personal information from a child, we will only disclose such information if the law permits it, the parent or guardian has given their express consent, or if doing so is required to protect the child.

We consider individuals under the age of 14 as children, despite the fact that local laws and conventions define children differently.

If we learn that a child’s personal information was collected without prior verifiable parental consent, we will work to have the data deleted as soon as we can.

■ How your personal information is transferred between countries

In principle, we collect and generate personal information in the People’s Republic of China and such information will be stored in the territory of the People’s Republic of China.

As we provide our products or services using resources and servers located all over the world, with your consent, your personal information may be transferred to or accessed by entities in jurisdictions outside of the country in which you use the product or service.

These jurisdictions could have various data protection rules, or even none at all. Where this occurs, we'll make sure your personal data is appropriately safeguarded in the same way as it is in the People's Republic of China. For instance, we might ask for your permission before transferring personal data internationally or put security measures in place.

■ How this policy is updated

We may update this privacy policy from time to time.

We will not reduce your rights under this policy without your express consent. Any modifications to this policy will be announced on this page.

We will also give a more prominent notice (including, for certain services, email notification specifying the changes to our personal information protection policy) if there are significant changes to this policy.

Within the context of this policy, significant changes include but not limited to:

1. A significant change in our service model, such as the purpose of processing personal information, the kind of personal information processed, and the manner in which personal information is used;

2. Significant alterations to our organizational structure, ownership structure, etc., such as a change in ownership brought on by a merger, bankruptcy, or corporate restructuring;

3. Changes to the principal subjects whose personal information is to be shared, transferred, or made publicly available;

4. Significant changes to your participation rights in the processing of your personal information and how you can exercise them;

5. Changes to our department in charge of handling personal information security, as well as our contact information and complaint channels

6. When the personal information security impact assessment report shows a high risk.

Previous versions of this policy will also be kept on file for your information.

■ How to contact us

If you have questions, comments or suggestions about this policy, please contact us using the following information: mail@simpcare.com

We have set up a personal data protection team, you can contact the team using the following information: mail@simpcare.com

In most cases, all substantive contacts receive a response within 30 days.

If you are not satisfied with our response, especially if our handling of your personal information has jeopardized your legitimate rights and interests, you can also seek solutions through the following external channels: you can file a lawsuit through the people’s court with jurisdiction over the registration address of N.O.D Topia (Guangzhou) Biotechnology Co., Ltd.