Last Update Date: [November 15, 2022]
Welcome to use Deepin Upgrade Tool. Deepin Upgrade Tool (hereinafter referred to as “the Software”) is developed and operated by Wuhan Deepin Technology Co., Ltd. and its affiliates (especially, UnionTech Software Technology Co., Ltd.) (hereinafter referred to as “Wuhan Deepin” or “We”) for system upgrade. This Privacy Protection Guide for Deepin Upgrade Tool (hereinafter referred to as the “Guide”) will explain to you how the Software will collect, use, store, protect and expose your individual information and what rights you are entitled to.
This Guide is merely applicable to non-EU people who make use of the Software. If you are a user in the EU region, you shall be obliged to furnish us with additional instructions before making use of products and enjoying services, and we shall be entitled to refuse your application for making use of relevant products and enjoying services.
If you have any questions, opinions or suggestions regarding this Guide, you can contact us in the following ways:
Wuhan Deepin Technology Co., Ltd.                  
[Address] F11, Building B5, Future City, 999 Gaoxin Avenue, East Lake High-Tech Development Zone, Wuhan    
[E-mail] privacy@uniontech.com
[Tel] 400-8588-488
Wuhan Deepin understands the importance of personal information to you, and we will protect your personal information and privacy in accordance with laws and regulations, and ensure that you are the ultimate controller of the personal information you provide to us. We are committed to maintaining your trust in us and will protect your personal information with full abidance to the principles of “keeping consistency between power and responsibility, having clear objectives, offering options for acceptance, collecting the least information required, and ensuring security, subject participation, openness and transparency”. Meanwhile, Wuhan Deepin undertakes that we will take corresponding security measures to protect your personal information in line with the mature security standards in the industry.
We endeavor to present this Guide in a concise, clear and understandable manner. With a view to facilitate your reading and understanding, we have defined special terms associated with the protection of individual information. Please go to "Appendix 1: Definitions" of this Guide to know the specific contents of these terms, so that you can grasp the information we wish to express to you in an accurate manner.
This Guide will help you understand: 
I. How We Collect and Use Your Personal Information 
II. How We Publicize, Transfer and Disclose to the Public Your Personal Information. 
III. How We Protect Your Personal Information 
IV. How We Store Your Personal Information
V. Your Rights 
VI. How to Update This Guide 
VII. Our Department for Personal Information Protection/Responsible Person for Personal Information Protection 
VIII. Your Right to Complain or File a Lawsuit with the Regulatory Authorities and Governing Law
Please read and comprehend this Guide carefully before making use of our products or services, particularly the black and bold parts, so that you can get a better understanding of the products and services furnished by us and make corresponding authorization and consent based on full understanding of the contents hereof.
I. How We Collect and Use Your Personal Information 
If you use the Software, we will follow the principles of legality, legitimacy, necessity and good faith, collect only the information that is necessary to achieve a specific, particular, explicit and lawful purpose, and ensure that such information is not further processed in any manner inconsistent with such purpose.
1. Operation Analysis and Security Guarantee
In strict compliance with laws and regulations, to guarantee the safety of Products and Services of Wuhan Deepin, help us better understand the operation of Products and Services of Wuhan Deepin and enhance your user experience, we will collect your device information during your use of the Software for necessary internal audit, analysis & research of big data and security assurance. We will not integrate the aforementioned information with any personally identifiable information presented by you during our processing.
2. In the event that we need to collect personal information of you under your custody beyond the above-mentioned purpose of use, we will explain to you and seek your consent again.
3. Please understand, according to relevant laws, regulations and national standards, in any of the following circumstances, we may collect and use your personal information without seeking your consent:
3.1. Where it is necessary for performance of our statutory duties or legal obligations;
3.2. When it involves national security, national defense security and other national interests directly and when it involves public security, public health, public right to know and other major public interests;
3.3. When it directly relates to criminal investigation, prosecution, trial and execution of judgments;
3.4. When it is collected to protect the life, property, reputation or other major legal rights of you or other individuals in the situation where it is difficult to obtain your own authorization or consent;
3.5. When it is required for execution and performance of contracts at your request;
3.6. When it is necessary for maintaining the safe and stable operation of the Software, such as identifying and resolving failures of products or services;
3.7. Where it is necessary for news reporting, media supervision and performing other acts in the public interest to the extent reasonable;
3.8. When it is necessary for academic research institutions to collect statistics or conduct academic research in the public interest, provided that any personal information contained in the results of such academic research or descriptions thereof has been de-identified; or
3.9. Other circumstances as stipulated by laws and regulations.
II. How We Publicize, Transfer and Disclose to the Public Your Personal Information  
1. External Provision
1.1. We will not provide your personal information to any third party except as permitted by laws, regulations, normative documents and regulatory provisions or with your prior consent, except in the following cases:
1.1.1. We may publicize your personal information as required by laws and regulations, or according to the compulsory requirements of the competent government authorities. 
1.1.2. Entrusted processing: In order to achieve our service functions, we will entrust external suppliers to assist us in providing relevant services to you. In the case of entrusted processing, the third party receiving personal information is only entitled to provide services to you on our behalf as we instruct, and we are liable to you for their acts to the extent we have entrusted.
1.2. In order to fulfill the agreement with you or for other reasonable purposes, we may provide some of your personal information to a third party personal information processor, and such processor has the right to process the personal information received only when such information as the purpose of processing, manner of processing and type of personal information has been notified to you. If the recipient changes the original purpose or manner of processing, the recipient shall ask for your consent again.
1.3. Software Development Kit
In order to ensure the realization of the related functions of the Products and Services of the Software and the safe and stable operation thereof, we may access the software development kit (“SDK”) provided by a third party and provide the third party with the information need to know to implement and improve the relevant functions. We will carry out strict auditing and safety monitoring on the access and use of SDKs provided by third parties, in order to secure your personal information. Please understand, we will try our best to update the list of third party SDKs, but in some cases, it may lag behind. In the meantime, in order to keep confidential our business information and technological means, some SDKs used for platform risk control or special cooperation may not be included in this list, but if your important privacies or device permissions are required by such SDKs, we will get your authorization in a reasonable manner.
The Following is a List of Third Party SDKs We Use:
Please note, third party SDKs may change the type of personal information due to such reasons as version upgrade and policy adjustment. Please refer to the corresponding publicized official instructions.
SDK name: Golang
Third party name: Google
Service type: Programming language
Type of Personal Information Collected: None
Privacy Policy Link: http://www.google.com/intl/en/policies/privacy/
SDK name: QT
Third party name: Digia
Service type: Programming language
Type of Personal Information Collected: None
Privacy Policy Link: https://www.qt.io/zh-cn/licensing
1.4. What needs to be drawn to your attention is that, when the relevant service providers render services to you by means of third party access such as page jumping to the service provider’s page, the corresponding service providers shall directly reach the corresponding usage license of personal information authorization with you, and such personal information collected directly by the service providers is not within the scope of personal information we make public for them. In such cases where services are directly furnished by third parties, we will clearly identify the third party information in the specific service page. To avoid ambiguity, you ought to know and understand that the links of websites, applications, products and services operated by an independent third party mentioned above are only furnished for users to browse relevant pages. When you visit such third party websites, applications, products and service links, you shall separately assent to the Privacy Policy or the terms on the protection of individual information furnished by them. We and such third party websites, applications, products and service providers shall assume independent responsibilities for the protection of personal information to you within the scope specified by law and agreed by the Parties.
2. Transfer 
We will not transfer your personal information to any companies, organizations or individuals, except under the following circumstances: 
2.1. Transfer with prior separate consent: with your prior separate consent, we will, in accordance with the provisions of laws and regulations, transfer your personal information to other parties;
2.2. When it involves mergers, acquisitions or bankruptcy or liquidation, and involves transfer of personal information, we will require the new company or organization which holds your personal information to continue being bound by this Guide, or we will require such company or organization to get your authorization and consent anew. 
3. Public Disclosure 
We will only make public disclosure of your personal information under the following circumstances with safety protection measures in line with industrial practice: 
3.1. To disclose the specified personal information as required by you via the disclosure means separately agreed upon by you; 
3.2. To disclose your personal information according to the required information type and disclosure means when such disclosure is made under laws and regulations, compulsory administrative law enforcement or judicial requirements. Under the premise of compliance with laws and regulations, when we receive the aforesaid request for information disclosure, we will require that it is a prerequisite to provide corresponding legal documents, such as summons or investigation letter. We firmly believe that the information we are required to provide should be as transparent as possible to the extent permitted by law. We have reviewed all requests with due diligence to ensure that they have legitimacy basis and are restricted to data that law enforcement authorities have the legitimate right to obtain for specific investigative purposes. Without prejudice to laws and regulations, the documents we disclose are protected by encryption keys.
III. How We Protect Your Personal Information 
1. Wuhan Deepin has adopted all types of security technologies and protective measures in line with industry standards in order to protect users’ individual information from unauthorized access, use or leakage. We strictly observe domestic and foreign security standards to set up a security system, and implement such standards in combination with cutting-edge and mainstream security technologies to prevent users’ personal information from unauthorized access, use or leakage. A perfect security defense system has been set up so that when we are attacked by external network and infected by viruses, the attack behaviors can be intercepted actively in a prompt manner. The Software shall be subject to HTTPS encryption protocol transmission in the course of network communication, which can effectively avoid the information being stolen by a third party in the course of communication. The privacy and sensitive personal information involving users shall be stored by encryption in the Software and backed up in real time.
2. Wuhan Deepin has set up a sound data security management system, including hierarchical classification, encryption and storage of user information, and division of data access rights. The internal data management system and operation procedures are worked out, which raise stringent process requirements from data acquisition, use and destruction, in a bid to avoid illegal use of user privacy data. Determine the security management responsibilities of all departments as well as their persons in charge who contact the personal information of users; set up the workflow and security management system for the collection, use as well as other relevant activities of users’ personal information; carry out authority management for staff and agents, review information exported, copied and destroyed in batches, and take measures to prevent leakage; properly keep paper media, optical media, electromagnetic media and other carriers that record users’ personal information, and take corresponding safe storage measures; conduct access review for information systems that store users’ personal information, and take anti-invasion and anti-virus measures; record the personnel, time, place, events and other information that operate users’ personal information; formulate and organize the implementation of emergency plans for personal information security incidents; hold regular training on security and privacy protection to raise employees’ awareness of the protection of personal information.
3. In accordance with laws and regulations and the requirements of competent authorities, we will, establish a special department for personal information protection and designate persons responsible for the protection of personal information to supervise the processing of personal information and the protection measures taken, and, on a regular basis, update and publicize the relevant contents of reports such as security risks and security impact assessment of personal information. For more information about the department and the person in charge of personal information protection, please refer to [Section VII] of this Guide.
4. Currently, in terms of information security, we have met the international certification standards in ISO27001. Also, we have obtained the corresponding certification. But we need to remind you that the Internet environment is not 100% secure. We will use our best efforts to ensure or guarantee the security of any information you send to us. We will be liable for any damage to your legal rights and benefits resulting from unauthorized access, public disclosure, alteration or destruction of information due to any damage to our physical, technological or administrative protection facilities.
5. If unfortunately, a personal information safety event occurs, we will, according to the requirements of laws and regulations, inform you of the basic situation of the safety event and possible impact in a timely way, the emergency response we have already taken or are about to take and other relevant disposals, remedies for you via messages/your reserved contact information. If it is difficult to notify the subjects of personal information one by one, we will make a public announcement in a reasonable and effective manner, and take the initiative to report the handling of security incidents of personal information to the regulatory authorities concerned.
6. If you raise any questions concerning our protection of personal information, you can contact us via the contact ways in [Section VII] of this Guide. If you learn that your individual information is leaked, please contact us forthwith through the contact ways specified in this Guide so as to facilitate up to take corresponding measures in a prompt manner.
IV. How We Store Your Personal Information 
1. Location for Personal Information Storage
We will, in pursuance of the provisions of laws and regulations, merely store your personal information collected within the territory of the People’s Republic of China in the territory of the People's Republic of China. If the storage location of your personal information changes from inside China to outside China, we will follow the law in a strict manner and get your explicit consent again.
2. Duration of Personal Information Storage
2.1 Generally, we will only retain your personal information for the shortest period required for achieving the purposes described herein and in pursuance with the laws and administrative regulations. We will delete or anonymize your personal information if it is stored for a period that exceeds what is permitted by law. If it is technically difficult to delete the relevant personal information, we will stop processing it except for the purpose of storage and taking necessary security measures. However, in the following circumstances, we may change the storage time of personal information for the need of complying with legal requirements:
● Comply with the provisions in court judgments, adjudications or other legal procedures;
● Comply with the requirements of relevant government authorities or legally authorized organizations;
● We have reasons to believe that we need to comply with laws, regulations and other relevant provisions.
2.2. In the event that the Software is discontinued, we will stop collecting your personal information in a timely manner, notify you of the discontinuation by delivering an individual notice or by announcement, and delete or anonymize your personal information within a reasonable period.
V. Your Rights 
In accordance with relevant Chinese laws, regulations and standards, as well as the common practices of other countries and regions, we will do our best to use appropriate technologies to ensure your exercise of the following rights on your personal information:
1. View and Duplicate Your Personal Information
Except as otherwise provided by laws and regulations, you have the right to view and duplicate your personal information. You can view and duplicate your information by yourself in the following ways:
1.1. If you would like to check or copy your personal information, you may contact us via [support@uniontech.com], and we will reply to your request within fifteen working days.
1.2. If you fail to view and duplicate your personal information by means of the aforesaid methods, you can contact us at any time via the contact ways in [Section VII] of this Guide. We will reply to your access and copy request within fifteen working days. 
1.3. For other personal information arising from your application of our products or services, we will furnish such information for you based on relevant arrangements in Item (6) of this Section: "Responding to Your Aforesaid Requests".
2. Correct and Supplement Inaccurate or Incomplete Personal Information
2.1 If you would like to correct and supplement any inaccurate or incomplete personal information, you may contact us via [support@uniontech.com], and we will reply to your request within fifteen working days. In particular, please pay attention to check the authenticity, timeliness, integrity and accuracy of the individual information you submit, otherwise we will be unable to effectively contact you and render some services to you as a result. If we suspect that the information submitted by you is wrong, incomplete and untrue based on reasonable reasons, we shall be entitled to ask you or inform you to correct it, or even suspend or stop rendering some services to you.
2.2. Some special information may not be corrected on your own, and you can contact us via the contact ways released in [Section VII] of this Guide. We will reply to your access request within fifteen working days. In a bid to protect your personal information security, we may request you to authenticate.
3. Withdraw Consent or Eliminate Processing Restrictions
3.1. You are allowed to alter the range of your personal information collected and used by us under your authorization by contacting us via e-mail [support@uniontech.com], shutting down the functions of related devices/tools or making other feasible privacy settings (subject to the Software version), and your withdrawal of consent or processing restriction request will be reviewed and handled by us within fifteen working days.
3.2. Where you fail to revoke your authorization consent in the above-mentioned manner, you can contact us at any time via the contact ways in [Section VII] and state which consent you intend to revoke to carry out such operations. We will reply to your access request within fifteen working days.
3.3. When you withdraw your consent, we will not continue to process your personal information anymore. However, your decision to withdraw consent will not affect the legality of personal information processing already launched based on your authorization.
4. Deletion of Personal Information
4.1. You may apply to us for deleting your personal information via the e-mail [support@uniontech.com]:
4.1.1. If our behavior of processing personal information violates laws and regulations;
4.1.2. If you withdraw your consent;
4.1.3. If our behavior of processing personal information violates our agreement with you;
4.1.4. If you no longer use our products or services, or if you cancel your account;
4.1.5. If we no longer provide products or services to you, or the retention period has expired;
4.1.6. If the purpose of processing has been or cannot be achieved or if it is no longer necessary to achieve the purpose of processing.
4.2. We will respond to your request for deletion of personal information within fifteen business days of receipt. In the case that we decide to respond to your deletion request, we will also inform the third parties (including the affiliated companies of Wuhan Deepin) that share your personal information from us with the best efforts, and request such third parties to delete your personal information in a prompt manner, unless otherwise specified by laws and regulations, or such third parties have gained your independent authorization.
4.3. In the event that you are unable to delete the personal information via the above path, you may contact us at any time via [Section VII] of this Guide. In a bid to protect your personal information security, we may request you to authenticate.
4.4. If the retention period stipulated by laws and administrative regulations has not expired, or if it is technically difficult to delete the personal information, we will stop processing it except for the purpose of storage and taking necessary security measures.
5. Obtaining a Copy of Personal Information
5.1. You shall be entitled to send us a written request via the contact ways released in this Guide to acquire a copy of your personal information.
5.2. To the extent that technology is feasible, such as data interface matching and conforming to the conditions prescribed by the national cyberspace administration, we may also transmit the copy of your personal information to the third party specified by you directly in line with your requirements and on the strength of existing general-purpose technology. In the event that the transmission fails as a result of the third party’s refusal to receive the copy of your personal information, you shall coordinate with such third party to address the issue, and we shall not assume any responsibility in this regard.
6. Respond to Your Above Request 
6.1. To ensure the security of your account, we may need you to submit a written request or verify your identity in other ways. We would probability require you to verify your identity first before processing your request. 
6.2. You may contact us via the e-mail [support@uniontech.com] and we will make a reply within fifteen working days. If you are not satisfied on this point, you are also suggested to complain via the channels specified in [Section VII] of this Guide.
6.3. For your reasonable requests, we do not collect any charges in principle, but for repeated requests or unreasonable requests, we will collect a certain amount of cost fees as the case may be. We may reject requests that are unprovoked and repeated, which require too many technical means (e.g., to develop new systems or fundamentally change existing practices), pose a risk to the legitimate interests of others or are highly impractical (e.g., information stored on backup tape). 
6.4. According to requirements of laws and regulations, we are unable to respond to your request in the following circumstances: 
6.4.1. When it involves the performance of our obligations under laws and regulations;
6.4.2. When it involves national security and national defense security directly; When it involves public security, public health and other major public interests; 
6.4.3. Information directly related to criminal investigation, prosecution, trial and execution of judgments; 
6.4.4. When there is sufficient evidence to prove that you are subjectively in bad faith or abuse your power; 
6.4.5. When responding to your request will cause serious harms to the legal rights and interests of other individuals or organizations. 
6.4.6. When any trade secret is involved;
6.4.7. When it is collected to protect the life, property or other major legal rights of you or other individuals in the situation where it is difficult to obtain your consent;
6.4.8. Other circumstances prescribed by applicable law.
VI. How to Update This Guide
1. Our Guide may be subject to change. Without your express consent, we will not reduce the rights that you enjoy according to this Guide. We will post any updates to this Guide. 
2. With respect to major changes, we will give a more prominent notice (for example, for some services, we will give a notice by email, specifying the detailed changes made to this Guide) and obtain your express consent again. 
3. Significant changes referred to in this Guide include, but are not limited to: 
3.1. Our products and service mode may change greatly. For example, we may change the purpose of personal information processing, the type of personal information processed, and the way of using personal information. 
3.2. Our ownership structure or organizational structure may change greatly. For example, the change of actual controller caused by business adjustment, bankruptcy, M&A and so on; 
3.3. The main objects of personal information publicization, transfer or public disclosure may change; 
3.4. Your right to participate in personal information processing and the way to exercise such right may significantly change; 
3.5. The department responsible for processing the security of personal information, its contact information and the complaining channel may change; 
3.6. The influence and evaluation report of personal information security shows that there is a high risk. 
4. We will also keep the old versions of this Guide in the archives for your reference.
VII. Our Department for Personal Information Protection/Responsible Person for Personal Information Protection 
1. We have appointed a department for the protection of personal information so as to assume responsibility for coordinating and monitoring the compliance and enforcement of laws, regulations as well as internal policies and systems associated with the protection of personal information by Wuhan Deepin.
2. If you raise any questions or come up with opinions or suggestions in relation to this Guide, you may contact the personal information protection agency in the following ways. In general cases, we will make a reply within fifteen working days or longer time permitted by applicable laws and regulations.
Company Name: [Wuhan Deepin Technology Co., Ltd.]
Department for Personal Information Protection/Responsible Person for Personal Information Protection: [Legal Department/Legal Director]
Address: [F11, Building B5, Future City, 999 Gaoxin Avenue, East Lake High-Tech Development Zone, Wuhan]
Tel: [010-62669253]
E-mail: [privacy@uniontech.com]
VIII. Your Right to Complain or File a Lawsuit with the Regulatory Authorities and Governing Law
1. In the event of any dissatisfaction with our reply, particularly if you consider that our behaviour for the processing of personal information has prejudiced your legitimate rights and interests, and no consensus can be reached through amicable consultation, you are entitled to file a complaint with the relevant supervision department for the protection of personal information, or either Party may file a lawsuit with the People’s Court of [Daxing District, Beijing].
2. The conclusion, implementation, interpretation and dispute resolution of this Guide shall be governed by the laws of the People’s Republic (excluding Hong Kong, Macao and Taiwan), without regard to the application of conflict rules.
Appendix 1: Definitions
● Personal Information
Personal information refers to all kinds of information recorded electronically or otherwise relating to identified or identifiable natural persons, including but not limited to the natural person's name, date of birth, ID card number, personal biometric information, address and tel, while the information that has been anonymized is not included.
● Sensitive Personal Information
Sensitive personal information is such information that, if leaked or used illegally, could easily lead to the infringement of a natural person's human dignity or cause personal or property damages to a natural person, including without limitation biometric identification, religious belief, specific identity, health care, financial accounts and whereabouts, as well as the personal information of minors under the age of fourteen.