This policy applies to the services we provide to you through our official website. It should be noted that this policy does not apply to services provided to you by other third parties. For example, third-party services or websites you link to through the official website. You understand that these services are provided to you independently by third parties, and the third parties will be solely responsible for the processing of your personal information in accordance with their policies or user agreements.

We may formulate specific service or product personal information protection policies, statements, notices, etc. (hereinafter referred to as "Specific Policies") for specific online or offline services or products. In the event that other specific policies have special provisions, such specific policies shall prevail; where such specific policies are not covered, this Policy shall prevail.

“Personal information” refers to any information recorded electronically or otherwise that can identify a specific natural person or reflect the activities of a specific natural person alone or in combination with other information.

"Personal sensitive information" refers to personal information that, once leaked, illegally provided or abused, may endanger personal and property safety, and may easily lead to damage to personal reputation, physical and mental health, or discriminatory treatment.

When you use the official website, we will collect and use the personal information necessary to provide relevant services as follows;

if you do not use this function, we will not collect the corresponding information.

1. Register a DBiM account and apply for a trial

DBiM account on the official website , we need to collect your email address, email verification code or phone number , SMS verification code. The above functions are basic functions of the DBiM platform. If you do not provide the above information, you will not be able to use DBiM 's specific products.

2. Visit the official website

When you browse the official website through a computer or mobile device, we will collect the following information from you:

(a) Technical information, such as Internet Protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology you use on your devices to access the Official Website. (b) Usage information, such as information about how you use our website, products, and services.

3. Order placement and order management

When you recharge your account or purchase DBiM related services, the system will generate an order for your purchase. You need to confirm your user information in the order, and the order will also include the order number, the product or service information you purchased, the order time, and the amount you should pay.

All the above information constitutes your "order information". We will use your order information to verify your identity, confirm transactions, make payments, complete services, query orders for you, and provide customer service consultation and after-sales services (including with third parties who provide you with the above services). We will also use your order information to determine whether there are any abnormalities in your transaction to protect your transaction security.

4. Personal certification, corporate certification and offline contract certification

When you purchase DBiM related services for your account, the system may require you to perform personal real-name authentication or corporate authentication depending on the type of service .

If you need personal real-name authentication when purchasing services, you will need to upload your identity document (Hong Kong users: Hong Kong identity card or passport; overseas users: passport and valid visa page) during the system personal authentication process and undergo facial recognition verification.

If you need real-name authentication for your company during the purchase of services, you will need to provide your company registration certificate and conduct facial recognition authentication during the system enterprise authentication process. If you choose to use the face scanning authentication method for the company's principal, you will need to provide an additional authorization letter with the company's seal and the principal's personal identity document , and conduct facial recognition verification.

If you need offline contract authentication during the service purchase process, you need to contact the operation customer service for processing and provide relevant authentication information according to the customer service requirements during the authentication process .

All of the above information constitutes your "Authentication Information". We will use your Authentication Information to control your authority to purchase DBiM related services.

5. Business cooperation

When you apply for business cooperation with us, we need to collect your contact number, email address and specific requirements to understand your specific needs and contact you to carry out business cooperation.

We may also use the information above to (i) process and respond to your or your organization’s questions and comments; (ii) provide information about products and services that may be of interest to you or your organization; and (iii) solicit information and feedback from you or your organization, including through surveys and questionnaires.

6. Ecosystem Cooperation

When you apply for ecological cooperation with us, we need to collect your specific contact information and other requirements to understand your specific needs and contact you to carry out ecological cooperation.

We may also use the information above to (i) process and respond to your or your organization’s questions and comments; (ii) provide information about products and services that may be of interest to you or your organization; and (iii) solicit information and feedback from you or your organization, including through surveys and questionnaires.

7. Improve and optimize our services

Please note that we also collect, use and share Aggregated Data, such as statistical data or structured data. Aggregated Data may be derived from your Personal Information, but is not Personal Information because it does not directly or indirectly reveal your identity, and we have the right to use it for any lawful purpose (for example: we may aggregate your usage information to find out how many users visit a specific website feature, study consumer and market preferences, improve existing products and services, financial forecasting and modeling). If we combine or associate Aggregated Data with your Personal Information so that it can directly or indirectly identify you, we will treat the combined information as Personal Information and will treat it in accordance with the provisions of this Statement.

8. Third-party services

When providing you with specific services, we may need to access third-party technical services (such as SDK/API) based on the needs of functional implementation. Such service providers may collect necessary personal information (such as device identifiers, location information, etc.) in accordance with their privacy policies. We will conduct technical inspections and behavioral audits on such partners or service providers from time to time, and require them to comply with the cooperation legal agreement to maximize their collection and use of data in accordance with the law, regulations and contracts. Please note that although we will require such third parties to strictly protect your personal information through contracts and technical means, such third parties will independently assume the responsibility for protecting your personal information in accordance with their personal information protection policies.

Please note that if we want to use your personal information for other purposes not specified in this Policy or collect other personal information not mentioned, we will obtain your consent through page prompts, interactive processes or other means. Once you agree, such additional uses will be considered part of this Policy, and such additional information will also be subject to this Policy.

9. Security Audit

To ensure that you have a safe operating environment when using the services of us, our affiliates, and our partners, and to effectively identify abnormal account status, we will collect and use your account information, device information, network logs, and legally shared information from our affiliates and partners. This information will help us prevent security risks such as phishing websites, fraud, network vulnerabilities, viruses, network attacks, and intrusions, and accurately identify violations of laws and regulations or large device-related agreements and rules. During your use of the large device service, we will use this information to assess account and transaction risks, conduct identity authentication, detect and prevent security incidents, and take necessary recording, auditing, analysis, and disposal measures in accordance with the law. If you refuse to provide the above information, we will not be able to provide you with this service.

1. Directly related to our performance of obligations under the laws and regulations of the Hong Kong Special Administrative Region or other jurisdictions applicable to our services;

2. Directly related to national security and national defense security;

3. Related to public safety, public health, and major public interests (according to the statutory definitions of the jurisdiction where the service is applicable);

4. Directly related to judicial or law enforcement activities such as criminal investigation, prosecution, trial and execution of judgment;

5. For the purpose of protecting the life, property and other major legitimate rights and interests of the personal information subject or other individuals, but it is difficult to obtain your consent;

6. The personal information collected is disclosed to the public by you on your own initiative;

7. Collecting personal information from legally disclosed information, such as legal news reports, government information disclosure and other channels;

8. Necessary for maintaining the safe and stable operation of the products or services provided, such as discovering and handling product or service failures;

9. Necessary for legitimate news reporting;

10. When academic research institutions conduct statistical or academic research based on public interests and provide the results of academic research or descriptions to the public, they shall de-identify the personal information contained in the results;

11. Other circumstances that comply with the laws, regulations or international standards of the Hong Kong Special Administrative Region or your country/region.

To ensure the normal operation of the product, we will store small data files called cookies on your computer or mobile device. Cookies usually contain identifiers, site names, and some numbers and characters. With the help of cookies, the product can store data such as your preferences. We will not use cookies for any purpose other than those described in this policy. You can manage or delete cookies according to your preferences.

In addition to cookies, we may use other technologies to automatically collect information. We may use browser web storage (including through HTML5), also known as local storage objects, for similar purposes as cookies. Browser web storage can store greater amounts of data than cookies. Your web browser may offer the ability to clear your browser web storage.

Most browsers allow you to delete or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings.

If you do not accept our cookies, you may experience some inconvenience in your use of the Site. For example, we may not be able to recognize your computer or mobile device, and you may need to log in each time you visit the Site.

We strictly comply with the requirements of the Personal Data (Privacy) Ordinance (Chapter 486 of the Laws of Hong Kong) ("PDPO") and the Personal Data (Privacy) (Amendment) Ordinance 2021 ("PDPAO"), classify and grade data, strictly implement security assessment procedures for cross-border data transmission, implement encrypted storage and access control for sensitive information, and establish a complete data lifecycle management mechanism to ensure the secure destruction of expired data.

If we cease to operate our official website and related services, we will promptly stop collecting your personal information and notify you of the cessation of operations in the form of an announcement. At the same time, we will delete or anonymize the personal information we store.

1. Sharing

We will not share your personal information with any company, organization or individual, except in the following circumstances:

1) We will share your personal information with other parties with your explicit consent.

2) We may share your personal information in accordance with the laws and regulations of the Hong Kong Special Administrative Region or your jurisdiction, or in order to comply with the requirements made by judicial organs or regulatory authorities in accordance with the law.

3) To the extent permitted by applicable laws, necessary sharing for the purpose of safeguarding the personal and property safety, public interest, or security of DBiM, our affiliates, partners, you, or other users (e.g., anti-fraud investigation, cybersecurity incident handling).

4) Sharing with our affiliates. In order to facilitate our provision of services to you, we may share your personal information with our affiliates. However, we will only share necessary personal information, and the use of your personal information by our affiliates is subject to this Policy or the policies of our affiliates that have been authorized and agreed by you and provide substantially the same level of protection for your personal information as this Policy. We and our affiliates will strictly abide by DBiM 's personal information and data security protection system and policies.

2. Transfer

We will not transfer your personal information to any other company, organization or individual, except in the following circumstances:

1) Obtain your explicit consent or authorization in advance;

2) Where the provision is required by legal process, administrative or judicial requirements of the Hong Kong Special Administrative Region or your jurisdiction;

3) Comply with the relevant agreements signed with you (including online electronic agreements and corresponding platform rules) or other legal documents;

4) As our business develops, we and our affiliates may conduct mergers, acquisitions, asset transfers or other similar transactions. If the relevant transaction involves the transfer of your personal information, we will require the new company, organization or individual holding your personal information to continue to be bound by this policy, otherwise we will require the company, organization or individual to obtain your authorization and consent again.

3. Public Disclosure

We will only disclose your personal information in the following circumstances:

1) After obtaining your explicit consent;

2) Disclosure based on law: We may disclose your personal information publicly in accordance with the laws, judicial procedures or mandatory requirements of government authorities in the Hong Kong Special Administrative Region or your jurisdiction.

We attach great importance to the security of your personal information and have taken security measures that meet industry standards to protect the personal information you provide to prevent unauthorized access, public disclosure, use, modification, damage or loss of data. We will take all reasonable and feasible measures to protect your personal information.

1. DBiM has appointed a dedicated person in charge of personal information protection, who is responsible for handling all matters related to DBiM's products and services that may involve user personal information, as well as planning and formulating the company's policies, reviewing the user agreements of each product, and supervising the working principles and information processing mechanisms of each product.

2. We have conducted a classification assessment of the information security level protection. In accordance with the requirements of the information security level protection, we have formulated the overall policy and security strategy for information security work, established a security management system covering the host, data, application, management and other levels, established an information security management committee and an information security executive committee, and established the System Platform Department as the functional department for product security management. We have clarified the responsibilities, division of labor and skill requirements of each department and position within the security management organization, and formulated clear regulations on personnel recruitment and resignation management.

3. We will encrypt transmission and storage of identifiable personal sensitive information, and the encryption strength meets security requirements to ensure the confidentiality of the data. Our application system provides identity authentication, user identification uniqueness check, role-based access control and other functions. It uses the HTTPS security protocol for communication, sets the maximum number of concurrent session connections, and can detect and alarm when the system service level drops to a pre-defined minimum value. We deploy an access control mechanism on the server side, adopt the principle of minimum sufficient authorization for staff who may have access to your personal information, and regularly check the list of access personnel and access records. Our server operating system and database system passwords have complexity requirements, use the SSH security protocol for remote management, strictly limit the access rights of the default account, and modify the default password. The audit records are comprehensive and cover all users.

4. The server systems that we use to store user personal information are all security-hardened operating systems. We will conduct account audits and monitoring of server operations. If we find a server operating system with security issues that is announced externally, we will immediately upgrade the server security to ensure the security of all server systems and applications.

5. We regularly organize training on laws and regulations related to personal information protection for our staff to enhance their awareness of user privacy protection.

6. We have developed a cybersecurity incident emergency plan and deployed sufficient resources to ensure the implementation of the emergency plan. We conduct training and emergency event drills on the emergency plan every year. If our physical, technical or management protection measures are unfortunately damaged, we will promptly activate the emergency plan to prevent the security incident from expanding, report it to the Office of the Privacy Commissioner for Personal Data (PCPD) of Hong Kong and the regulatory authorities in your jurisdiction in accordance with the requirements of laws and regulations, and promptly take reasonable and effective measures such as push notifications and announcements to inform you of the basic situation of the security incident, possible impact, measures taken or measures to be taken, etc.

1. Query and correct your personal information

You can contact us through the contact information in Article 11 below to inquire about and correct your personal information.

2. Deleting your personal information

You have the right to request us to delete your account registration information in the following circumstances:

1) We collected your personal information illegally without your consent.

2) Our processing of your personal information violates laws and regulations.

3) We use and process your personal information in violation of our agreement with you.

4) You no longer use our products or services.

5) We stop providing services to you.

You can contact us through the methods provided in Article 11 of this Policy to request the deletion of your personal information, and we will complete the processing within 15 working days. After we delete your personal information from the server, we may not immediately delete the corresponding data from the backup system, but we will delete this information when the backup is updated.

3. Withdraw your authorization

Each business function requires some basic personal information to be completed. You can give or withdraw your authorization and consent for the collection and use of additional personal information at any time. Your withdrawal of authority does not affect our previous processing of your personal information, but we will not continue to process your personal information. You can contact us through the contact information in Article 11 below to change the scope of your authorization and consent.

4. Account cancellation

You can cancel your previously registered account at any time. You can contact us to cancel your account using the contact information in Article 11 below.

Our products, websites and services are intended for adults. You may not use our products or services without the consent of your parents or guardians.

In the case of collecting children's personal information with parental consent, we will only use or disclose this information when permitted by law, with the explicit consent of the parent or guardian, or when necessary to protect the child.

If we find ourselves collecting personal information from children without first obtaining verifiable parental consent, we will work to delete the relevant data as quickly as possible.

Our privacy policy may change. Without your explicit consent, we will not restrict your rights under this policy.

We will provide prominent notice for significant changes to this policy. You can also visit the official website at any time to view the latest policies.

Major changes referred to in this policy include but are not limited to:

1. Our service model has undergone major changes, such as the purpose of processing personal information, the type of personal information processed, the way personal information is used, etc.;

2. We have major changes in control rights, etc., such as changes in ownership caused by mergers and acquisitions, reorganizations, etc.;

3. Changes in the main objects of sharing, transfer or public disclosure of personal information;

4. There are significant changes in your rights to participate in the processing of personal information and how to exercise them;

5. When our responsible department for handling personal information security, contact information and complaint channels change;

6. When the personal information security impact assessment report indicates that there is a high risk;

7. Your continued use of our website after such changes and revisions will be deemed as your consent to the changes and revisions to this policy.

We are committed to protecting your personal information and the rights set out in this Policy reflect your rights under applicable laws. Applicable laws for the purpose of this Policy means: (a) the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2013; (b) General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) until such time as it might cease to apply in the UK; and (c) to the extent applicable, any legislation ratifying or otherwise adopting the GDPR in the UK, and any applicable associated or supplementary data protection laws or regulations.

We recognize that as an international business, some of our customers are resident in jurisdictions other than England and Wales. In certain circumstances, local laws of these jurisdictions, may by way of their application, afford rights to a customer in respect of the personal data that they provide to us. We anticipate that the rights set out in this Policy also provide you with such protection in relation to your personal information. Please do e-mail our Data Protection Officer at service@dbim.com to discuss any additional questions you may have.

Dbim Holdings Ltd is the operator of the official website and the controller of your personal information. Its operating address is [16/F, Chow Tai Fook Center, 580A Nathan Road, Mong Kok, Kowloon, Hong Kong]. If you have any questions, comments, suggestions or complaints about our policies and the handling of your personal information, please contact us by sending an email to service@dbim.com.