Privacy Policy

Personal Information Protection Policy

Updated: September 2024

Effective Date: September 2024

Thank you for using the services provided by Bundlite.

We will provide you with Bundlite portable Wi-Fi products and mobile data connection services. When you use the above products and services, we may collect, use, save and share your relevant personal information. Before providing us with your personal information, please make sure that you have carefully read this Personal Information Protection Policy ("this Policy").

You know and confirm that when you check "Agree" to this policy and use or continue to use the services we provide, you agree that we collect, use, save, share and protect your personal information in accordance with this policy. If you do not agree with the content of this policy, you may not be able to continue to use all or part of our services. Please make careful judgments. Please note that we will update this policy in a timely manner, so the content of the relevant personal information protection terms will change accordingly. When there are substantial changes to this policy, we will inform you of the updated content through pop-ups and other prominent notification methods. After reading and clicking "Agree", you will be deemed to have agreed to the updated personal information protection policy.

This policy applies to the Bundlite APP and other Bundlite online platforms operated and managed by us.

"Bundlite" and "we" mentioned in this policy refer to Bundlite, and "you" refers to the user protected by this policy. We attach great importance to protecting your personal information and privacy security. We understand that your use of our services is based on trust in us. We value this trust, know the importance of privacy to you, and do our best to protect your privacy. If you have any questions or suggestions about this policy, please contact us through the contact information specified in Article 8 of this policy.

This policy will help you understand the following:

1. Personal information collection and use rules for various business functions

2. How do we use Cookies

3. How do we share, transfer, and publicly disclose your personal information

4. How do we protect and save your personal information

5. Your rights

6. How do we handle children's personal information

7. How to update this policy

8. How to contact us

1. Rules for the collection and use of personal information for various business functions

Personal information refers to various information related to identified or identifiable natural persons recorded electronically or otherwise.

Personal sensitive information refers to personal information that, once leaked or illegally used, is likely to cause infringement of the personal dignity of natural persons or endanger personal and property safety, including information such as biometrics, religious beliefs, specific identities, medical health, financial accounts, whereabouts, and personal information of minors under the age of fourteen. We will prominently mark specific personal sensitive information in bold in this policy, please pay special attention to this.

Our products and services include basic business functions and extended business functions.

Basic business functions: Our products and services include some basic business functions, which include functions necessary for registering an account, viewing, purchasing, and using our products and services to achieve mobile data connection services.

Extended business functions: Other functions other than the basic business functions provided by our products and services are extended business functions.

We will provide a detailed introduction on how to collect, use, share, transfer, and publicly disclose your personal information based on business functions so that you can better understand the relevant situation.

(I) Rules for the collection and use of personal information for basic business functions

1. Registration/Login

(1) Account Registration

When you register as our user, we will collect one of the four login information: your mobile phone number, email address, Google account or Apple virtual login account, or Apple account provided with your consent. If you register using your mobile phone number or email address, we will also collect your login password.

We will collect the permanent residence you select and submit, and you can enjoy exclusive discounts in and around that place.

If you do not provide the above information, you will not be able to complete the account registration. However, you can use the visitor mode to browse the Bundlite portable WiFi device and data package product information before registration to decide whether to further use our products and services.

(2) Complete identity information

You can also set your nickname and fill in your name. If you do not provide the above information, it will not affect your use of our services.

We may contact you through the email address you provided when you registered to notify or remind you that your package is due or to send you promotional information. If you do not want to receive our notification messages, you can unsubscribe through the unsubscribe method provided in our email.

2. Binding device

After turning on the camera/camera permission, you can scan the device QR code to bind the Bundlite portable WiFi device. We will only call this permission with your consent when you scan the device QR code. If you refuse us to obtain the camera/camera permission, you will not be able to bind the device by scanning the QR code, but you can still select the device type and manually enter the device SN number and the device initial PWD number to bind the device.

3. Payment settlement

When you purchase a traffic package, we will collect your order information and transaction status, including purchase content, order ID, order amount, order creation time, payment time, payment method, and transaction cancellation time. We need to share your order number and transaction amount information and other necessary information required by law with third-party payment institutions to ensure that they confirm your payment instructions and complete the payment. In order to complete the order payment settlement, the third-party payment institution will collect your bank card information and order information in accordance with the law. For details on the entrusted processing, sharing, transfer, and public disclosure of your personal information, please refer to the introduction of Article 3 of this policy.

If you need us to issue an invoice, you need to provide us with the information required for the invoice. Specifically, if you need to issue an invoice with a personal or non-corporate title, you need to provide us with the title name and the email address to receive the invoice, otherwise we will not be able to issue the invoice for you. If you need to issue an invoice with a corporate title, you need to provide us with the company name, the email address to receive the invoice and the company tax number, otherwise we will not be able to issue the invoice to you. In addition to the above information, you can also provide us with the company's bank account, company bank account number, company phone number, company address, and remarks information so that we can issue invoices for you more conveniently. If you do not provide this information, it will not affect the issuance of invoices.

4. Traffic billing

During your use of mobile data connection services, we will collect and count your daily traffic usage so that you can be charged according to the traffic you use.

(II) Rules for the collection and use of personal information for extended business functions

1. Browsing in visitor mode

You can use the visitor mode to browse Bundlite portable WiFi devices and traffic package information through our APP or website and other online platforms without registering or logging in.

2. Recharge service

In order to provide you with recharge services so that you can purchase traffic package products more conveniently and at a preferential price, we will collect your account balance information. You can also choose not to use the recharge service and use our mobile data connection service by directly purchasing a traffic package.

3. Set up a blacklist

When you use the blacklist function, we will collect the MAC address of your mobile device to prevent your device from being mistakenly added to the blacklist and unable to connect to WiFi.

2. How we use Cookies

(I) What Cookies we collect and their uses

Cookies and similar technologies (such as pixels and ad tags) (collectively, "Cookies") are small data files that, when placed on your device, help us collect data, including your personal information, so that we can implement certain functions and provide specific services. We and our service providers use Cookies to collect data and identify you and your device. We do this to better understand the effectiveness of our services and enhance your user experience.

(II) How to prohibit the collection of Cookies

You can modify your browser settings to reject Cookies according to your needs. Please note that if you choose to reject Cookies, you may not be able to fully experience the services we provide.

3. How we share, transfer, and publicly disclose your personal information

(I) Information sharing

We are committed to keeping your information strictly confidential. Unless otherwise provided by laws, regulations and regulatory authorities, we will only share your information with third parties in the following circumstances, including our affiliates, third-party payment institutions, advertising analysis service partners, customer service partners, and other partners. If your information needs to be shared with a third party in order to provide you with services, we will evaluate the legality, legitimacy and necessity of the third party's collection of information. We will require the third party to take protective measures for your information and strictly comply with relevant laws, regulations and regulatory requirements. In addition, we will obtain your consent in the form of confirming the agreement, text confirmation in specific scenarios, pop-up prompts, etc. in accordance with the requirements of laws, regulations and national standards, or confirm that the third party has obtained your consent.

(1) Your explicit consent to sharing: We will share your personal information with other parties after obtaining your explicit consent;

(2) Sharing in accordance with the law: We may share your personal information in accordance with the various obligations stipulated by laws and regulations and the needs of criminal investigation, prosecution, trial and judgment execution, and in accordance with the requirements of administrative and judicial organs in accordance with the law;

(3) Sharing to safeguard legitimate rights and interests, major public interests and national defense security: Sharing to safeguard our legitimate rights and interests, the life, property safety and other legitimate rights and interests of users and other members of the public, public safety, public health, major public interests and national defense security;

(4) Sharing with our affiliates: We may share necessary personal information with our affiliates, and our affiliates will adopt protection measures that are no less stringent than those in this policy;

(5) Sharing with our authorized partners: For the purpose of achieving the purposes stated in this policy, we may share your order information, account information, etc. with partners and other third parties to ensure the smooth completion of the services provided to you. However, we will only share your personal information for legitimate, legitimate, necessary, specific and clear purposes, and will only share personal information necessary to provide services. Our partners have no right to use the shared personal information for other purposes unrelated to the purposes stated in this Policy. Our authorized partners include the following types:

a) Third-party payment institutions: When you purchase products and services and make top-ups, we will share specific order information with third-party payment institutions;

For companies and organizations with whom we share personal information, we will sign strict confidentiality agreements with them and require them to process personal information in accordance with this Policy and other relevant confidentiality and security measures. Our partners have no right to use the shared personal information for other purposes unrelated to the purposes stated in this Policy; if you want to change the purpose of processing personal information, we will ask for your authorization again.

(6) To achieve the purposes stated in this Policy, some third-party plug-ins (such as software development kits (SDKs) and application programming interfaces (APIs)) will be connected to our products or services to support specific functions of our products or services. To this end, we need to share or transmit specific personal information with such third parties, and such third-party plug-ins may also collect personal information directly from you through our App. We will conduct technical inspections and behavioral audits on such partners or service providers regularly or irregularly, and require them to comply with the cooperation agreement to maximize their collection and use of data in accordance with laws, regulations and contracts.

(II) Information Transfer

We will not transfer your personal information to any company, organization or individual without your consent, except in the following circumstances:

(1) Obtain your explicit consent or authorization in advance;

(2) In the event of a merger, acquisition or bankruptcy liquidation, if personal information transfer is involved, we will require the new company or organization holding your personal information to continue to be bound by this personal information protection policy, otherwise we will require the company or organization to re-ask for your authorization and consent; if personal sensitive information is involved, we will obtain your explicit consent in advance.

(III) Public Disclosure

Without your consent, we will only publicly disclose your personal information in the following circumstances:

(1) Disclose your designated personal information in accordance with your needs and in the disclosure method you explicitly consent to;

(2) In the case where we must provide your personal information in accordance with the requirements of laws and regulations, mandatory administrative enforcement or judicial requirements, we may publicly disclose your personal information based on the required personal information type and disclosure method. Subject to compliance with laws and regulations, when we receive a request for the above disclosure of information, we will require the other party to produce the corresponding legal documents, such as a subpoena or investigation letter;

(3) We do not need to obtain your authorization and consent for public disclosure in order to safeguard our legitimate rights and interests, the life, property safety and other legitimate rights and interests of users and other members of the public, public safety, public health, major public interests and national defense security.

IV. How We Protect and Preserve Your Personal Information

(I) How We Protect Your Personal Information

1. We attach great importance to information security and have established a dedicated team for this purpose. We strive to provide you with information protection, adopt appropriate management, technical and physical security measures, and establish an information security assurance system that is compatible with business development in accordance with domestic and international information security standards and best practices.

2. From the perspective of the data life cycle, we have established security protection measures in various links such as data collection, storage, display, processing, use, deletion, and destruction, and adopted different control measures according to the level of information sensitivity, including but not limited to access control, SSL encrypted transmission or encryption algorithm with strength of AES256bit or above for encrypted storage, and desensitized display of sensitive information.

3. We have taken strict management of employees who may have access to your information, and can monitor their operations. We have established an approval mechanism for important operations such as data access, internal and external transmission and use, desensitization, and decryption, and signed confidentiality agreements with the above employees. At the same time, we also regularly conduct information security training for employees, requiring employees to form good operating habits in their daily work and enhance data protection awareness.

4. We will take all reasonable and feasible measures to ensure that no irrelevant personal information is collected. We will only retain your personal information for the period required to achieve the purposes stated in this statement, unless the retention period needs to be extended or permitted by law.

5. Please be aware that no security system or system that transmits information over the Internet can guarantee absolute security. We will do our best to ensure the security of any information you send to us. If our physical, technical, or management protection facilities are damaged, resulting in unauthorized access, public disclosure, tampering, or destruction of information, which in turn damages your legitimate rights and interests, we will bear the corresponding legal liability.

6. After the unfortunate occurrence of a personal information security incident, we will promptly inform you of the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, your suggestions for self-prevention and risk reduction, and your remedial measures in accordance with the requirements of laws and regulations. We will promptly inform you of the relevant circumstances of the incident by email, letter, telephone, push notification, etc. When it is difficult to inform the subject of personal information one by one, we will take reasonable and effective measures to issue an announcement. At the same time, we will also proactively report the handling of personal information security incidents in accordance with the requirements of the regulatory authorities.

(II) Storage of personal information

In principle, we will only store your personal information within the time limit required to achieve your authorized service, unless there is a mandatory retention requirement by law, such as the "E-Commerce Law of the People's Republic of China" requires that the storage period of product and service information and transaction information be no less than three years from the date of completion of the transaction. We judge the storage period of personal information mainly by referring to the following standards and the longer of them shall prevail:

1. Complete the business functions you agree to use;

2. Ensure the safety and quality of the services we provide to you;

3. The longer retention period you agree to;

4. Whether there are other special agreements on the retention period.

After the end of providing services to you, if we continue to keep your transaction records in accordance with the law in order to fulfill our legal obligations, we will not use the information for other purposes other than legal retention. For information that is not required to be retained by legal obligations, we will anonymize or delete the information in a timely manner after the service purpose is achieved.

If we stop operating Bundlite products or services, we will stop collecting your personal information in a timely manner, and notify you of the suspension of operations in the form of one-by-one delivery or announcement, and delete or anonymize the personal information held.

V. Your Rights

In accordance with relevant Chinese laws, regulations, standards, and common practices in other countries and regions, during your use of our products or services, you may review, copy, correct, supplement, and delete your personal information, request us to explain the rules for processing your personal information, exercise the right to change the scope of authorization, refuse personalized product, service display or marketing information, and cancel your account, and request that your personal information be transferred to a designated personal information processor within the scope of laws and regulations. In addition, you can contact us through the methods specified in Article 8 of this Policy, and your opinions will be processed in a timely manner.

(I) Access to Your Personal Information

1. Account Information - You can access your nickname, name, account, and email account through the Bundlite APP [My → User Avatar].

2. Traffic Package Information - You can access your traffic package information through the Bundlite APP [My → Traffic Package].

3. Order Information - You can access your order information through the Bundlite APP [My → Order Management].

4. Balance Information - You can access your balance through the Bundlite APP [My → Balance].

5. Device information - You can access your bound device through Bundlite APP [Device].

For other personal information that you cannot access through the above methods, you can contact us through the contact information specified in Article 8 of this Policy.

(II) Correct your personal information

You have the right to correct your personal information. To facilitate your correction of your personal information, we provide you with two ways: online self-correction and application for correction to us.

1. For some of your personal information, you can correct it yourself through the methods in "Access your personal information".

2. You can also seek help from us through the contact information provided in Article 8 of this Policy to assist you in correcting your personal information.

(III) Deleting your personal information

In the following circumstances, you may request us to delete your personal information through the contact information specified in Article 8 of this Policy:

(1) If our collection and use of personal information violates the provisions of laws and regulations;

(2) If we collect and use your personal information without your consent;

(3) If our collection and use of personal information violates the agreement with you;

(4) If you no longer use our products or services, or you cancel your account;

(5) If we no longer provide you with products or services.

If we decide to respond to your deletion request, we will also notify the entity that obtained your personal information from us and require it to delete your personal information in a timely manner, unless otherwise provided by laws and regulations or these entities obtain your independent authorization.

(IV) Changing or withdrawing the scope of your authorization

You may change the scope of your consent or withdraw your authorization by adding or deleting information, changing privacy settings, or turning on/off the corresponding functions of your device, and by contacting us through the methods specified in Article 8 of this Policy.

However, please note that each product or service often requires the collection of necessary personal information to be implemented. Please understand that when you withdraw your consent, we will no longer be able to provide you with the products or services corresponding to the withdrawal of consent, but it will not affect the personal information processing services previously carried out based on your authorization.

(V) Cancel your account

You can cancel your account at any time through [My-Settings-Account Management-Cancel Account] in the Bundlite App. Your cancellation of your account will be deemed as your active abandonment of your account balance and unused traffic package products.

Please note that your cancellation of your account is irreversible. After you cancel your account, we will stop providing you with products or services, no longer collect your personal information, and delete or anonymize the personal information related to your account after the 60-day cooling-off period after account cancellation. However, the following circumstances are excluded:

(1) Laws and regulations provide otherwise;

(2) According to the requirements of administrative agencies, judicial agencies and other competent authorities, your account cannot be cancelled;

(3) In the process of using our services, you have seriously violated laws and regulations, contractual agreements, and the service policies and service rules formulated by us.

(VI) Your other rights

Where permitted by law, you may copy your personal information and request that your personal information be transferred to a designated personal information processor. You may also ask us to explain the rules for handling your personal information. You may contact us in the manner specified in Article 8 of this Policy to exercise the above rights.

(VII) Responding to your above requests

For security reasons, you may need to provide a written request or prove your identity in other ways. We may ask you to verify your identity before processing your request.

We will respond within fifteen working days. If you are not satisfied, you may also file a complaint through the contact information specified in Article 8 of this Policy.

In principle, we do not charge for your reasonable requests, but for repeated requests that exceed reasonable limits, we will charge a certain cost fee depending on the circumstances. We may reject requests that are unreasonably repeated, require too many technical means (for example, the need to develop a new system or fundamentally change current practices), pose risks to the legitimate rights and interests of others, or are extremely impractical (for example, involving information stored on backup tapes).

In the following circumstances, we will not be able to respond to your request in accordance with laws and regulations:

(1) Related to our performance of obligations under laws and regulations;

(2) Directly related to national security and national defense security;

(3) Directly related to public security, public health, and major public interests;

(4) Directly related to criminal investigation, prosecution, trial, and execution of judgments;

(5) There is sufficient evidence that you have subjective malice or abuse of rights;

(6) For the purpose of safeguarding the life, property, and other major legitimate rights and interests of the subject of personal information or other individuals, but it is difficult to obtain the consent of the person concerned;

(7) Responding to your request will cause serious damage to the legitimate rights and interests of you or other individuals or organizations;

(8) Involving commercial secrets.

VI. How we handle children’s personal information

We attach great importance to the protection of children’s personal information. We will not intentionally collect children’s personal information, and no part of our products and services is intended for children. If you are a child under the age of 14, please do not use or access our products and services in any way. When we learn that we have inadvertently collected children's personal information, we will delete it or take other appropriate measures in accordance with applicable laws and regulations.

VII. Updates to this Policy

Please understand that we may revise this Policy when necessary. We will mark the date of the most recent update of this Policy, and the update will take effect when it is published.

Without your explicit consent, we will not reduce your rights under this Policy. For major changes, we will also provide more prominent notices (for example, pop-ups to inform you of the updated content). It is recommended that you visit this Policy frequently to read the latest version.

VIII. How to Contact Us

If you have any questions about this Policy or personal information protection, please contact us through the following methods:

Customer Service Email: sales@bundlite.com

In general, we will respond within 15 working days. If you are not satisfied with our response, especially if our personal information processing behavior has damaged your legitimate rights and interests, you can also file a lawsuit with a court with jurisdiction. We hope that you can negotiate with us in a friendly manner before suing the court. We welcome and thank you for your supervision and suggestions on us.