Ola Radio Privacy Policy

1735781316

1. Introduction

China Fujian Baofeng Electronics Co., Ltd., registered address: Changfu Industrial Zone, Xiamei Town, Nan'an City, Fujian Province, China, hereinafter referred to as "the Company", "we", "us" or "our") collects personal information ("Personal Data" or "Personal Data") when providing the Company's products, applications, services and websites (collectively, the "Services"). As a radio technology company, we consider the protection of personal data to be a core management priority and are committed to respecting and protecting your privacy. We are committed to complying with applicable national and regional laws and regulations (collectively, the "Applicable Regulations") in the countries in which we operate and are committed to protecting personal data in accordance with this Privacy Policy.

This Privacy Policy applies to all personal data collected by the Company through its products, apps, services and websites, regardless of the user's country or region. This policy explains how we collect, use, provide and manage your personal data, and how you can control and manage your personal data. We are committed to being transparent about our data processing activities and to providing you with the right to control your own information.

The Service includes services, products and content provided to the Company.

The Company provides this Privacy Policy in multiple languages for your reference. However, in the event of any discrepancy between the different language versions, the English version shall prevail. The Company may update this Privacy Policy in response to changes in applicable law or business needs. The latest version of the Privacy Policy will be posted on our official website and you are advised to check back regularly for any changes.

2. Legal basis

a) Applicable Privacy Regulations

The Company will comply with applicable privacy laws and regulations in the jurisdictions in which it operates, including but not limited to:

i. EU General Data Protection Regulation (GDPR)

ii. UK Data Protection Act 2018 (DPA 2018)

iii. German Federal Data Protection Act (BDSG)

iv. Other applicable national and regional privacy regulations

b) Other relevant laws and regulations

The Company will also comply with other relevant laws and regulations, including but not limited to:

i. The EU ePrivacy Directive, in particular with regard to the use of cookies and other tracking technologies.

c) Children's Privacy Protection

The Company does not knowingly collect personal information from underage users. In order to ensure the protection of children's privacy, the Company takes the following measures:

i. Ask for a date of birth when the user registers to verify age.

ii. If it is discovered that the personal data of a minor user has been collected, the Company will immediately deactivate the relevant account and delete the relevant data.

d) Compliance of data transmission and storage

The Company stores all international users' personal data in a data center located in Germany. In order to ensure the legality and security of data transmission and storage, the Company operates according to the following framework:

i. European Union-US Data Privacy Framework（DPF）

ii. European Union - General Data Protection Regulation (GDPR)

iii. Asia-Pacific Economic Cooperation Cross-Border Privacy Rules System (APEC CBPR)

iv. EU Standard Contractual Clauses (SCCs) to ensure compliance for cross-border data transfers

e) A detailed description of the legal basis

The Company processes your personal data on the following legal bases:

i. Performance of a contract: Processing of personal data is necessary for the performance of a contract between us and you, or to take steps at your request prior to entering into a contract.

ii. Legal obligation: Processing of personal data is necessary for compliance with a legal obligation of the Company.

iii. Legitimate interests: Processing is necessary to protect your vital interests or those of a third party.

iv. Consent: processing of personal data based on your explicit consent.

v. Public interest: the processing of personal data is necessary for reasons related to public interest, historical document keeping, surveys or statistics.

3. Definitions of key terms

In order to ensure that you can better understand this Privacy Policy, we have defined the following key terms here:

a) Personal Data

Definition: means any information relating to an identified or identifiable natural person. Personal data includes, but is not limited to:

i. Identification information such as name, email address, phone number, ID number, etc.

ii. Location information (e.g., GPS coordinates, IP address, etc.).

iii. Device information (e.g., device model, operating system, advertising identifier, etc.).

iv. Data generated when using the Service (e.g., browsing history, search history, interaction history, etc.).

Legal basis: According to Article 4 of the GDPR, personal data means any information relating to an identified or identifiable natural person.

b) Data Subject

Definition: means the natural person to whom the Personal Data relates.

Legal basis: According to Article 4 of the GDPR, a data subject is the natural person to whom personal data relate.

c) Data Controller

Definition: means the natural or legal person who determines the purposes and means of the processing of personal data. For the purposes of this Privacy Policy, the data controller is China Fujian Baofeng Electronics Co., Ltd.

Legal basis: According to Article 4 of the GDPR, the data controller is the natural or legal person who determines the purposes and means of the processing of personal data.

d) Data Processor

Definition: means a natural or legal person who processes personal data on behalf of the Data Controller. Data processors may include third-party service providers, such as hosting services, data analysis services, etc.

Legal basis: According to Article 4 of the GDPR, a data processor is a natural or legal person who processes personal data on behalf of a data controller.

e) Third Party

Definitions: means any natural or legal person other than the Data Controller and the Data Processor, including but not limited to: • Advertisers • Partners • Research Institutions • Government Agencies •

Legal basis: According to Article 4 of the GDPR, a third party is any natural or legal person other than the data controller and the data processor.

f) Cookie

Definition: means a small piece of text stored on a user's device that is used to track user behavior, provide personalized services, or analyze website traffic.

Legal basis: According to ePrivacy Directive, a cookie is a small piece of text that is stored on a user's device and is used to track user behavior.

g) Location Information

Definition: Refers to the user's device location information, including: precise location (e.g., GPS coordinates) and approximate location (e.g., geographic location derived from IP address)

Legal basis: Location information is part of personal data in accordance with Article 4 of the GDPR.

h) Child

Definitions: means a minor user as defined under applicable law, such as:

i. United States: Under 13 years of age

ii. Europe: Under 16 years old

iii. Thailand: Under 11 years of age

iv. Indonesia: Under 18 years of age

Legal basis: According to Article 8 of the GDPR, a child is a natural person under the age of 16.

i) Association Learning

Definition: Refers to a data analysis technique used to discover correlated rules and patterns in data.

Legal basis: According to Article 4 of the GDPR, data processing includes data analysis technologies.

j) Differential Privacy

Definition: Refers to a privacy-preserving technology that protects the privacy of individuals by adding noise or perturbating data while allowing data analysis.

Legal basis: According to Article 32 of the GDPR, data protection measures include technical means, such as differential privacy.

k) Data Protection Regulations

Definitions: means national and regional privacy regulations applicable to the Company's business, including but not limited to:

i. EU General Data Protection Regulation (GDPR)

ii. UK Data Protection Act 2018 (DPA 2018)

iii. German Federal Data Protection Act (BDSG)

Legal basis: In accordance with Article 3 of the GDPR, data protection regulations apply to all activities that process personal data.

l) Cross-Border Privacy Rules (CBPR)

Definition: means the framework for cross-border data transfers and privacy protections established by the Asia-Pacific Economic Cooperation (APEC).

Legal basis: Under the APEC CBPR system, a system of cross-border privacy rules is used to ensure the legality of cross-border data transfers.

m) Data Privacy Framework

Definition: means the EU-US Data Privacy Framework to ensure the lawfulness of cross-border data transfers.

Legal basis: Under the EU-US Data Privacy Framework, the data privacy framework is used to ensure the legality of cross-border data transfers.

4. Data Collection

a) Scope of Data CollectionThe Company will collect the following personal data in a lawful and fair manner:

i. Personal data you provide to us

ii. Personal data generated when you use the Service

iii. Personal data collected by the Company from third parties through lawful means

b) The specific manner in which the data is collected

i. Personal Data You Provide to the CompanyThe Company will collect the personal data voluntarily provided by you in the following ways:

Registered account: information such as email address, password, name, phone number, etc., that you provide when you register for an Ola Radio account.
Fill out a survey: Responses you provide when you participate in our surveys.
Uploads: Profiles you upload, such as profile pictures, cover photos, status messages, and more.

ii. Personal Data Generated When You Use the ServiceThe Company will automatically collect the following information generated when you use the Service:

Usage: How long you use Ola Radio, how often you use it, how many features you use, etc.
Location Information: Information about the location of your device to provide personalized services.
Device information: your device model, operating system version, browser type, etc.
Network information: your IP address, network operator, etc.

c) Lawful Basis of Data CollectionThe Company collects your personal data based on the following legal bases:

User consent: based on your explicit consent, such as a declaration of consent when registering for an account.
Performance of a contract: To perform a contract between the Company and you, such as processing payment information.
Legal obligation: To comply with applicable laws and regulations, such as providing information to government agencies as necessary.
Legitimate interests: To protect the legitimate interests of the Company or a third party, such as to prevent fraud, maintain the security of the Services, etc., provided that these interests do not infringe on your privacy rights.
Public interest: To perform public tasks or for purposes in the public interest, such as statistical analysis, research, etc.

d) Transparency in Data CollectionThe Company ensures transparency in data collection in the following ways:

Automatic Collection: Data is collected automatically through server logs, cookies, and other technologies, such as your IP address, device information, browsing history, etc.
User-solicited information: Information you voluntarily provide when you register an account, fill out a questionnaire, or upload content.
Third-party sources: Be clear about where your data comes from and make sure you understand how it's being collected and what it's used for.

e) User ControlYou can control data collection in the following ways:

Cookie settings: Manage the use of cookies through your browser settings.
Location: Turn off location services permissions in your device's settings.
Account Settings: Adjust data sharing options in your Ola Radio account settings.
Contact Customer Service: If you have any questions about data collection or need further control, you can contact us through the customer service channel.

5. Data Use

a) Purpose of use of data

The Company will use the personal data collected (including the personal data you provide when using the Service and the personal data collected from third parties) for the following purposes:

i. To provide and maintain services: for example, to process user account registration, login, content posting, etc., as well as to respond to your inquiries, handle marketing activities, and publish announcements related to the Service.

ii. To develop and improve services: For example, to optimize the user experience through user behavior analysis, develop new features, and improve service performance.

iii. Security and protection against unauthorized use: For example, monitoring for unusual login behavior to prevent account takeover, and censoring illegal content to maintain platform security.

iv. Optimize services for users: For example, to provide personalized content recommendations based on user preferences and to provide service information relevant to your current location.

b) Scope and conditions of data sharing

i. Sharing data with third parties:

The Company may share your personal data with the following types of third parties:

Service providers: such as hosting services, data analysis services, etc., to help us provide and maintain the Services.

The Company will only share your personal data under the following conditions:

User consent: Your personal data will be shared with your explicit consent.
Legal Requirements: To share your personal data as required by applicable laws or regulations.
To protect the rights and interests of users: to protect the rights and interests of you or other users, and to prevent fraud or illegal behavior, personal information is shared.

ii. Cross-border data transfer:

The Company stores all international users' personal data in a data center located in Germany.
In order to ensure the legality and security of data transmission and storage, the Company operates according to the following framework:

- European Union-US Data Privacy Framework（DPF）

- European Union - General Data Protection Regulation (GDPR)

- Asia-Pacific Economic Cooperation Cross-Border Privacy Rules System (APEC CBPR)

- EU Standard Contractual Clauses (SCCs): Used to ensure compliance for cross-border data transfers.

The Company will take necessary measures to ensure that personal information is appropriately protected in accordance with the Company's security standards, such as appropriate encryption measures on the path to access personal information.

iii. User Control:

The Company provides privacy settings that allow users to choose whether or not to allow data sharing.
You can manage the collection, use, and sharing of your personal information through settings within the Service, such as:

- Manage your friends list

c) Data anonymization and de-identification

i. Anonymization and de-identification technology:

The Company uses the following technologies to anonymize and de-identify personal data:

Hash function: Hashes sensitive information such as user IDs to ensure that the data is irreversible.
Data encryption: Personal data is encrypted during transmission and storage.
Data masking: Sensitive information in data is masked to protect user privacy.

iv. Unrecoverable:

The Company expressly makes anonymized data irreversible in order to comply with the requirements of the GDPR to ensure that user privacy is adequately protected.

v. Compliance Instructions:

The Company ensures that anonymization and de-identification are handled in compliance with applicable privacy regulations such as GDPR to ensure that user privacy is adequately protected.

6. Data storage

a) The location where the data is stored

i. Main storage location: The Company stores all personal data of international users in a data center located in Germany.

ii. Backup storage: Data may be backed up in other EU member states or countries recognized by the European Commission.

iii. Cross-border transfer mechanism: The transfer of data between different countries will be carried out in accordance with the following mechanisms:

European Union - General Data Protection Regulation (GDPR): Ensure compliance for cross-border data transfers.
EU-US Data Privacy Framework(DPF): The Company conducts data transfers in accordance with the EU-US Data Privacy Framework to ensure that personal data transferred from the EU to the US complies with EU data protection requirements. The framework requires participating companies to adhere to a set of data protection principles, including the legality, minimization, accuracy, and security of data.
Asia-Pacific Economic Cooperation Cross-Border Privacy Rules (APEC CBPR): The system of cross-border privacy rules is used to ensure the legality of cross-border data transfers.

iv. Applicable privacy regulations: The Company complies with international privacy laws such as GDPR and CCPA, which will be determined based on the user's location.

b) Security measures for data storage

i. Encryption: Data is encrypted in transit and at rest using the encryption algorithm.

ii. Access control: Implement role-based access control (RBAC) to ensure that only authorized personnel have access to personal data.

iii. Security monitoring: 24/7 security monitoring to detect and respond to security threats in a timely manner.

iv. Security audit and evaluation: The company regularly conducts internal security audits and security evaluations.

v. Technology R&D: Continuously develop new security technologies to respond to evolving security threats.

vi. Data Breach Notification: In the event of a data breach, the company will notify affected users within 72 hours of discovering the incident and take steps to mitigate the loss..

c) Data storage period and deletion mechanism

i. Data storage period:

Once your account is deleted, the Company will delete most of your personal data within 30 days.
Data for specific purposes (e.g. APP messages) will be deleted within 30 days after the purpose is achieved.
If the retention period of data is specified by applicable regulations or other norms, the Company will retain personal data in accordance with that period.

ii. Data deletion process:

Users can submit a request to delete their account through their account settings or by contacting customer service.
The Company will complete the deletion process within 30 days of receiving the request and notify the User.

iii. Data anonymization:

After the expiration of the storage period, the data will be anonymized so that no individual can be identified.

iv. User Control and Transparency

User control function: Users can manage personal data through account settings, including data export, data retention settings, etc.
Transparency Report: The Company will publish a transparency report on a regular basis, disclosing the details of data storage and processing, including the location of data storage, the implementation of security measures, etc.

7. Cross-Border Data Transfers

a) Legitimacy mechanisms for cross-border data transfers

i. Adequacy decision: When transferring data across borders, Huawei will give preference to countries or regions that have passed the adequacy decision of the European Commission (such as the European Economic Area, Canada, etc.) for data storage and processing.

ii. Cross-Border Privacy Rules (CBPR): For cross-border transfers involving the Asia-Pacific region, the Company operates in accordance with the APEC Cross-Border Privacy Rules System (CBPR) to ensure adequate data protection.

iii. Other Legality Mechanisms: Where applicable, the Company may also rely on Standard Contractual Clauses (SCCs) or other approved compliance mechanisms for cross-border data transfers. Users will be notified of the scope and details of the specific mechanism through the Privacy Policy Update.

b) Security measures for data transmission

i. Data encryption: The Company uses industry-standard encryption technology (such as TLS 1.2 or higher) during cross-border transmission to ensure the security of data during transmission.

ii. Access control: Access to data storage systems transmitted across borders is restricted to authorized personnel and the scope of data access is restricted through strict access control mechanisms, such as role-based access control.

iii. Security audits and assessments: The company regularly conducts internal security audits and security evaluations to ensure that data transferred and stored across borders meets the latest security standards.

iv. Data storage location: All international users' personal data is stored in a data center located in Germany, which complies with the requirements of EU data protection legislation.

c) The user's right to know and consent to cross-border transmission

i. Right to know: The Company will clearly list the specific scenarios of cross-border transfer, the scope of data, the country or region where the recipient is located, and the purpose of cross-border transfer in the privacy policy. The most current version of the Privacy Policy will always be posted on the Company's APP and can be consulted by the User.

ii. Right to consent: Before transferring personal data across borders, the company will allow users to choose whether to agree to save and transfer personal data through clear and easy-to-understand means (such as pop-up prompts, checkboxes, etc.). Users have the right to delete or withdraw their consent at any time, and the method of deleting or withdrawing their consent will be clearly notified to users through the Privacy Policy.

iii. Transparency: If the purpose or recipient of the cross-border transfer changes, the Company will promptly update the Privacy Policy and notify the user by reasonable means (e.g., in-app notification, email, etc.).

d) Data Storage and Deletion Policy

i. Retention period: Personal data stored across borders will be kept for as long as necessary to provide the service, achieve policy purposes, or comply with applicable regulations. The specific storage period will be clearly stated in the privacy policy.

ii. Deletion mechanism: Users have the right to request the deletion of their personal data, and the Company will complete the deletion operation within a reasonable time (e.g. within 30 days) after receiving the request and notify the user of the deletion result.

iii. Data Retention: Even if a user deletes their account, the Company may retain some of the data to the extent permitted by applicable regulations to resolve disputes, prevent misuse, or comply with legal obligations. The specific retention period and scope will be communicated to the user through the privacy policy.

e) Realization of user rights

i. Inquiry and management: The Company will provide convenient channels (such as user control panels, customer service hotlines, etc.) to enable users to inquire, correct, and delete their personal information after cross-border transmission.

ii. Right to data portability: Users have the right to request that the Company transfer their personal data to other service providers, and the Company will provide specific procedures and contact details.

iii. Feedback mechanism: Users who have any questions or feedback about cross-border transmission can contact the Company through the contact information provided in the Privacy Policy (such as email, online form, etc.), and the Company will reply within 15 working days after receiving the feedback.

a) Updates and Notices to the Privacy Policy

i. Update Mechanism: The Company will update the Privacy Policy from time to time in accordance with changes in applicable regulations and business needs. The most current version of the Privacy Policy will always be posted on the Company's website.

ii. Notification method: If the Privacy Policy involves material changes to the terms of cross-border transmission, the Company will notify the user through reasonable means (such as in-app notification, email, SMS, etc.) and provide a summary of the changes.

iii. Version History: The Company will keep a record of the previous version of the Privacy Policy for the convenience of users to review the changes.

b) Children's Privacy Protection

i. Age Restrictions: The Company expressly prohibits the use of the Service and the provision of personal information by underage users (e.g., under the age of 13 in the United States, under the age of 16 in Europe, etc.) without the consent of their legal representatives.

ii. Protection of cross-border transfers: If the Company discovers that data involving minor users has been transferred across borders, it will immediately take measures to delete the relevant data and notify the user or his/her legal representative.

iii. Special protection: For the data of minor users, the Company will adopt higher encryption standards and stricter access control measures to ensure their privacy and security.

8. Data Security

a) Data Security Measures

i. Encryption: We use industry-standard encryption technology, such as TLS 1.2 or higher, to protect the security of data in transit. Stored personal data is also encrypted to ensure the security of the data during storage and transmission.

ii. Access control: The Company implements strict access control measures and only authorized personnel have access to users' personal data. Access is based on a "need-to-know" principle to ensure that access to data is minimized.

iii. Security monitoring: The company implements 24/7 security monitoring, real-time monitoring of the security status of systems and data, and timely detection and response to potential security threats.

iv. Security Audit and Evaluation: The company regularly conducts internal security audits and security evaluations to ensure that data transferred and stored across borders meets the latest security standards. Relevant certification information will be notified to users through Privacy Policy updates.

v. Technology R&D: The company continues to invest R&D resources to develop and apply new security technologies to respond to evolving security threats.

vi. Data storage security: All international users' personal data is stored in a data center located in Germany, which complies with the requirements of EU data protection regulations, ensuring the security of the storage environment.

b) Data breach response mechanisms

i. Notification Obligations: In the event of a data breach, the Company will notify affected users within 72 hours of becoming aware of the incident. The notification will include a description of the incident, the scope of the impact, the actions taken, and recommendations for protective actions that users can take. Notification methods include, but are not limited to, email, SMS, or in-app notifications.

ii. Emergency Response Plan: The Company has developed a detailed emergency response plan in response to a data breach. Emergency response measures include:

Immediately isolate affected systems to prevent further data breaches;
Initiate a data recovery process to ensure data integrity and availability;
Investigate the cause of the incident and take measures to prevent the recurrence of similar incidents;
Report the incident to the relevant law enforcement agencies and cooperate with the investigation.

iii. User Support: The Company will provide users with a dedicated support channel to help them respond to data breaches. Users may contact us at any time for further assistance and guidance using the contact details provided in the Privacy Policy.

c) Regular assessment and updating of security measures

i. Regular assessment: The Company conducts a comprehensive assessment of security measures every six months, including technical vulnerability checks, compliance reviews, and effectiveness evaluations of security measures. The results of the evaluation will be notified to the user through the Privacy Policy Update.

ii. User feedback mechanism: The company has set up a user feedback channel, and users can give us feedback on security issues or suggestions at any time through the contact information provided in the Privacy Policy. We will adjust and improve our security measures in a timely manner based on user feedback.

iii. Transparency Report: The Company will regularly publish a changelog and transparency report on our security measures to show users our efforts and progress in data security.

d) User's Responsibility for Security

i. User responsibility: Users should properly manage their account information, including changing passwords regularly, not using weak passwords, and not disclosing account information to others. The user shall be responsible for security issues caused by his own negligence.

ii. Security Advice: The Company recommends that Users take the following security measures when using the Services:

Don't log in to your account on a public device;
Regularly check account activity and detect anomalies in a timely manner;
Be wary of phishing sites and suspicious links;
Apps and services downloaded using official channels.

iii. Educational content: The Company will provide privacy best practice recommendations on our Privacy Policy page to help users better protect their data.

e) Security of third-party modules

i. Third-party security standards: We only work with third-party module providers that comply with international security standards. All third-party modules are subject to a security assessment to ensure that they meet the company's security requirements.

ii. Data sharing restrictions: When the Company shares data with a third party, it will take security measures such as encrypted transmission and minimizing the scope of shared data to ensure the security of the data during the sharing process.

iii. User control: Users can choose whether or not to allow data to be shared through third-party modules. Users can manage permissions in their privacy settings for more control over data sharing.

9. Data Subject Rights

We respect your rights as a data subject and are committed to providing you with a clear and convenient way to exercise these rights. The following are your rights as a data subject and how to exercise them:

a) Your Rights

i. Access and Correction of Personal Data: You may enquire about your personal data held by the Company and, if necessary, request the correction of inaccurate or outdated information.

ii. Deletion of Profile: You may request deletion of your profile. Please note, however, that in some cases, we may not be able to delete your data immediately due to legal obligations or security considerations.

iii. Restriction of processing: You can request the restriction of the processing of your personal data, for example where the accuracy of the data is questioned or where the lawfulness of the processing is under review.

iv. Withdrawal of consent: You can withdraw your consent to data processing at any time. Please note that withdrawing consent may affect your use of certain service features.

v. Data portability: You can request a copy of your personal data for use in other services.

vi. Object to automated decision-making: You can ask us to explain how automated processing of your personal data is being carried out and have the right to request human intervention.

b) How to exercise your rights

You can exercise your rights in the following ways:

i. Email: Send your request to [email protected].

ii. Written Request: Send a written request to the following address: No. 888, Changfu Village Hall, Xiamei Town, Nan'an City, Fujian Province, People's Republic of China, Fujian Baofeng Electronics Co., Ltd. Data Privacy Protection Department, Postal Code: 362302

We will respond to your request within 15 business days of receipt. If your request is complex, we may extend the processing time, but will notify you in a timely manner.

c) Restrictions on the Exercise of Rights

We may not be able to comply with your request if:

i. disclosure of personal data may cause damage to your life, body, property, or other rights and interests or those of others;

ii. disclosure of personal data may materially interfere with the normal business operations of the Company;

iii. disclosure of personal information in violation of other laws or regulations;

iv. You have not provided sufficient identity verification information to confirm your identity;

v. In accordance with applicable regulations, we have the right to refuse your request.

d) User education and support

To help you better understand and exercise your data subject rights, we provide the following resources:

i. User Guide: On the Privacy Policy page, you can find detailed instructions on how to exercise your rights.

ii. Frequently Asked Questions (FAQs): We've got you covered with FAQs to help you quickly understand your rights and our processes.

iii. Customer support: If you encounter any problems during the exercise of your rights, you can contact us through our customer service hotline at +86-400-012-3353 and our customer service team will support you.

10. Children's Privacy Protection

The Company attaches great importance to the protection of children's privacy and is committed to ensuring that the data security and privacy rights of minor users are fully protected. The following are specific measures and instructions for the protection of children's privacy:

a) Age Restriction and VerificationThe Service is intended for the general public, but minors must obtain the consent of their legal representatives to use the Service. If you are under the age of 18, please ensure that you have obtained the explicit consent of your guardian before using the Service. In order to protect the privacy of underage users, the Company has set age restrictions on certain services and has taken the following measures to verify the age of users:

i. Ask users for their birthday information at the time of registration to automatically detect age.

ii. If the user is under the required age (US: under 13; Europe: under 16 years of age; Thailand: under 11 years old; Indonesia: Under 18 years old), the user will be reminded that the consent of the legal representative must be obtained. • Provide a dedicated guardian consent form for guardians to confirm online.

b) Guardian Participation MechanismThe Company respects the rights of guardians and provides the following mechanisms for guardians to participate in the privacy protection of minor users:

i. Guardian Consent: Guardians may explicitly consent to the use of the Service by Minor Users via email confirmation or online consent form.

ii. Guardian access: Guardians can access the data of minor users and manage their privacy settings.

iii. Guardian contact information: Guardians can contact us in the following ways:

Email: Send your request to [email protected].
Written Request: Send a written request to the following address: No. 888, Changfu Village Hall, Xiamei Town, Nan'an City, Fujian Province, People's Republic of China, Fujian Baofeng Electronics Co., Ltd. Data Privacy Protection Department, Postal Code: 362302

c) Data Protection Measures

The Company does not knowingly collect personal information from underage users. If we find that we have collected data from underage users, we will take the following actions:

i. Data deletion: Immediately deactivate the account of the minor user and delete their profile as soon as possible after confirmation.

ii. Security measures: Adopt technical measures such as encrypted storage and access control to ensure the privacy and security of minor users.

iii. Data use restrictions: Even with the consent of the guardian, the data of minor users will only be used for the provision of services and will not be used for other purposes.

d) Transparency and user education

In order to help users better protect the privacy of underage users, the Company provides the following resources:

i. User Guide: On the Privacy Policy page, you can find detailed guidelines on the protection of children's privacy.

ii. Frequently Asked Questions (FAQs): We've got answers to frequently asked questions to help you get up to speed on how to protect children's privacy.

iii. Educational modules: Include a short educational module on the privacy policy page or user settings to help users better understand how to protect the privacy of underage users.

e） Complaint and feedback mechanisms

If you have any questions or complaints about the protection of children's privacy, please contact us at:

i. Email: Send your request to [email protected].

We will deal with your complaint as soon as possible and respond within 15 working days of receiving it. If we find that the data of a minor user has been collected incorrectly, we will take the initiative to notify the guardian and provide a solution.

11. Third-Party Service Providers

In order to provide richer functions and services, the Company may install third-party software development kits (SDKs) such as the HERE SDK in the Services. These third-party modules are used for the following purposes (but are not limited to):

a) Analytics of Location Information: When you use certain features of the Service, the HERE SDK may process your location information. This information will be used in strict compliance with the applicable regulations of your country or region and will only be used to provide the relevant service or function.

Third-party privacy policyWhen a third-party module processes your personal data, that third party's privacy policy will apply. For example, if you use a location service that involves the HERE SDK, its privacy policy is The HERE Technologies Privacy Charter.

We recommend that you read the third party's Privacy Policy carefully to understand how they handle your personal data. You can access HERE Technologies' Privacy Policy at the following link: The HERE Technologies Privacy Charter.

12. Cookies and other analytics tools

Definition of Cookies: A cookie is a small text file that is stored on your device (such as a computer, mobile phone or tablet) when you visit a website. The information stored in these text files can be read by the website operator when you visit the website again.

How We Use CookiesWe use cookies to operate and provide our services, including but not limited to the following:

a) To provide and optimize services: Cookies help us to provide web-based services and ensure that you can access and use our platform smoothly.

b) Improving user experience: Cookies allow us to understand how you use the Services so that we can improve your experience. For example, we may recommend relevant content for you based on your browsing history.

c) Customized services: Cookies help us remember your preferences (such as language selection, theme settings, etc.) and provide you with a personalized service experience.

d) Security and Authentication: Cookies are used to verify your identity, keep your account secure, and prevent unauthorized access.

e) Analyze and improve the Service: We use cookies to collect data about the use of the Service in order to analyze user behavior, optimize functionality, and improve the overall quality of the Service.

13. Monitoring & Complaints

The Company is committed to a transparent and efficient user feedback mechanism to ensure that your questions and complaints are dealt with in a timely and effective manner. If you have any questions or requests regarding this Policy, or any questions, complaints, concerns, or comments regarding the processing of your personal data on the Service, please contact us at:

a) Feedback channels

i. Email: Send your request to [email protected].

iii. Online Feedback Form: Open the APP, enter the "My" page, and click "Feedback".

iv. Customer Service Hotline: Call the customer service hotline +86-400-012-3353 (working hours: Monday to Friday, 9:00-18:00).

b) Complaint Handling Process

We will review your complaint as soon as possible and respond to you within 15 working days. Responses will include:

i. the outcome of the complaint handling;

ii. specific measures taken;

iii. Follow-up plan (if any).

c) Transparency ReportThe Company will regularly publish transparency reports to display statistical data and typical cases of handling complaints, so as to enhance transparency and user trust.

d) User GuideIn order to help you better lodge an effective complaint, we have provided a detailed user guide and Frequently Asked Questions (FAQs) on our Privacy Policy page, where you can find more information about the complaint handling process.

e) Oversight mechanisms

The Company has a dedicated internal monitoring team to monitor and evaluate the effectiveness of the complaint handling mechanism. At the same time, we are subject to external oversight and audits to ensure that our complaint handling mechanisms meet the highest standards.

If you are not satisfied with our response or the outcome of your disposition, you may also lodge a complaint with the relevant supervisory authority. We are committed to open and transparent communication with our users and regulators.

14. Updates to the Privacy Policy

a) Notification Mechanism

The Company may change this Privacy Policy from time to time according to business development, changes in laws and regulations, or other necessary circumstances. The Company will notify you of changes to the Privacy Policy in the following ways:

i. Email: Notification of changes will be sent to the email address you provided when you registered.

ii. In-App Notifications: Announcements are posted within the App of the Service.

iii. SMS: Send SMS notifications to the mobile number you provided when you registered.

iv. Website Announcement: Publish a change announcement on the Company's website. The notice will include the details of the change, the effective date, and the action you need to take (e.g., reconsent).

b) Change history

The Company will provide a "Change History" section on the Privacy Policy page that lists the date and main content of each change. You can view the change history at the following link: Privacy Policy Change History.

c) User Consent MechanismThe Company will seek your consent in accordance with applicable laws and regulations. You can give your consent in the following ways:

i. Click the Confirm button: After receiving the change notice, agree by clicking the Confirm button.

ii. Continued Use of the Services: If you continue to use the Services after the effective date of the changes, you will be deemed to have agreed to and accepted the new Privacy Agreement.

If you do not accept the new Privacy Agreement, you may choose to deactivate your account. After the account is deactivated, the Company will process your personal data in accordance with applicable laws and internal rules.

d) User feedback channels

If you have any questions or feedback about changes to the Privacy Policy, please contact us at:

i. Email: Send your request to [email protected].

ii. Online Feedback Form: Open the APP, enter the "My" page, and click "Feedback".

iii. Customer Service Hotline: Call the Customer Service Hotline at +86-400-012-3353 (Monday to Friday, 9:00-18:00).

The Company will periodically review user feedback and respond as necessary.

e) Change the trigger conditions

The Company may change the Privacy Policy in accordance with the following circumstances:

i. Changes in laws and regulations: In order to comply with new legal and regulatory requirements.

ii. Business adjustment: In order to adapt to business development or to provide better services.

iii. Technology refresh: In order to introduce new technology or improve existing technology.

iv. User feedback: Adjust or optimize based on user feedback.

The Company will periodically publish transparency reports that demonstrate the reasons and implications of changes to our Privacy Policy.

15. Contact

If you have any questions, requests, or complaints about this Policy or the Services, please contact us at:

i. Email: Send your request to [email protected].

iii. Online Feedback Form: Open the APP, enter the "My" page, and click "Feedback".

iv. Customer Service Hotline: +86-400-012-3353 (Working hours: Monday to Friday, 9:00-18:00)

We promise to reply within 15 working days after receiving your feedback and ensure that your issue is properly resolved. Thank you for your trust and support in Ola Radio!

Effective Date: January 1, 2025