Introduction

In view of the fact that Sanwood's global operations involve the processing and transmission of a large amount of personal and corporate sensitive information, in order to ensure the security and compliance of this information, this "Sanwood Privacy Protection Regulations" (hereinafter referred to as the "Regulations") are specially formulated. This Regulation aims to clarify the principles, responsibilities, measures and violation handling mechanisms for privacy protection, so as to protect the legitimate rights and interests of all relevant parties and promote the sustainable development of enterprises.

I. Privacy Protection Principles

Legal and Compliance: Strictly abide by the privacy protection laws and regulations of various countries to ensure the legality of information processing activities.

Minimize Collection: Only collect personal and corporate information necessary to achieve business purposes and avoid excessive collection.

Clear Purpose: Clarify the purpose of information processing and ensure that the use of information does not exceed the original scope.

Secure Storage: Take appropriate technical and organizational measures to protect information from unauthorized access, disclosure, tampering or loss.

Transparent Communication: Clearly and accurately explain to the information subject the purpose, scope and method of information collection, use and sharing.

Respect Choice: Respect the right of choice of the information subject and allow him to withdraw consent, request deletion of information or restrict information processing.

2. Privacy protection responsibility

High-level commitment: The company's senior management commits to abide by the privacy protection principles and provide the necessary resources and support for privacy protection.

Departmental collaboration: All departments work together to ensure the effective implementation of privacy protection measures in business processes.

Employee training: Regularly conduct privacy protection training for employees to enhance the privacy protection awareness and skills of all employees.

Third-party management: Strict qualification review and contract management of third-party suppliers that handle personal and corporate information to ensure that they comply with privacy protection requirements.

3. Privacy protection measures

Access control: Implement strict access rights management to ensure that only authorized personnel can access sensitive information.

Encryption technology: Use advanced encryption technology to protect the security of information during transmission and storage.

Security audit: Conduct security audits regularly to monitor and identify potential security risks and violations.

Emergency response: Establish a privacy breach emergency response mechanism to ensure that measures can be taken quickly to mitigate damage when a privacy breach occurs.

4. Rights of information subjects

Right to know: Information subjects have the right to understand the collection, use, and sharing of their personal and corporate information.

Right to access: Information subjects have the right to request access to their personal and corporate information and obtain a copy of the information.

Right to correction: The information subject has the right to request correction of inaccurate or incomplete personal and corporate information.

Right to deletion: Under certain circumstances, the information subject has the right to request deletion of his or her personal and corporate information.

Right to restrict processing: The information subject has the right to request restriction of processing activities of his or her personal and corporate information.

Right to data portability: The information subject has the right to obtain his or her personal and corporate information in a structured, commonly used, machine-readable format and has the right to transfer it to other controllers.

V. Violation handling mechanism

Internal investigation: Conduct timely and fair internal investigations on any suspected violation of privacy protection regulations.

Disciplinary sanctions: Take disciplinary measures such as warnings, fines, and termination of contracts for employees or third-party suppliers who violate privacy protection regulations, depending on the severity of the violation.

Legal liability: For privacy violations that constitute a crime, the legal liability of relevant personnel shall be investigated in accordance with the law.

Improvement measures: Analyze the causes based on the results of violation handling, optimize privacy protection measures, and prevent similar incidents from happening again.

VI. International cooperation and compliance supervision

International cooperation: Actively participate in international privacy protection cooperation and exchanges, learn from international best practices, and improve the global privacy protection level of enterprises.

Compliance supervision: accept supervision and inspection by regulatory agencies of various countries, respond to regulatory requirements in a timely manner, and ensure the compliance of privacy protection work.

VII. Effectiveness and Revision

This regulation shall take effect from the date of promulgation, and the company reserves the right to revise it according to actual conditions. The revised content will be announced in a timely manner through internal notifications, company official websites and other channels to ensure that all relevant parties can understand and comply with the latest privacy confidentiality requirements in a timely manner.

VIII. Conclusion

Through the implementation of this "Sanwood Privacy Confidentiality Regulation", we are committed to building a safe, compliant and transparent information processing environment to protect the legitimate rights and interests of every information subject. We encourage all stakeholders to actively participate and jointly promote the healthy development of global privacy protection.