Introduction

In view of the sensitivity of Sanwood's processing of large amounts of personal data in its global operations and the importance of protecting personal privacy, this Privacy Reporting Policy is specially formulated to establish a safe, efficient and transparent privacy reporting mechanism to encourage employees, partners, customers and the public to actively participate, jointly safeguard personal privacy rights and interests, and prevent data leakage and abuse risks.

I. Purpose and Principles of Reporting

Purpose: To ensure that personal privacy data is handled legally, safely and responsibly, and to promptly discover and correct any violations of privacy protection laws and regulations.

Principles:
Confidentiality: Ensure the confidentiality of the identity of the reporter and the content of the report, and avoid any form of retaliation or adverse effects on the reporter.
Fairness: Treat all reports equally, investigate impartially, and ensure the transparency and fairness of the handling process.
Timeliness: Respond to reports quickly, handle them efficiently, and take timely measures to prevent damage from expanding.

II. Scope of Reporting

Illegal collection, use, disclosure or sale of personal data.

Violation of the principle of data minimization and excessive collection of personal information.

Failure to take necessary security measures to protect personal data.

Unauthorized access, modification or deletion of personal data.

Any other behavior that may harm personal privacy rights and interests.

III. Reporting channels and processes

Reporting channels:

A dedicated privacy reporting mailbox (info@sanwood.com) is set up to ensure that reports are received 24 hours a day.

Publish reporting channel information on the company's official website, internal platforms and important cooperation channels.

Reporting process:

Receiving reports: After receiving a report, immediately confirm receipt and assign a unique reporting number.

Preliminary assessment: The privacy protection team conducts a preliminary assessment of the content of the report to determine its urgency and compliance.

In-depth investigation: For confirmed violations, a comprehensive investigation is initiated, including but not limited to data audits, interviews with relevant personnel, etc.

Feedback on processing results: Inform the reporter of the investigation results and measures taken to ensure transparency.

Continuous improvement: Based on the reporting case, analyze the causes, optimize privacy protection measures, and prevent similar incidents from happening again.

IV. Whistleblower protection

Identity confidentiality: The identity of the whistleblower shall not be disclosed unless required by law.

Prevention of retaliation: Establish a zero-tolerance policy for retaliation and deal with any retaliation seriously.

Psychological support: Provide necessary psychological support and consulting services to whistleblowers to reduce their psychological pressure.

V. Reward Mechanism

The company will commend, reward or give other forms of recognition to whistleblowers who provide effective clues and help the company discover and correct major privacy violations according to the actual situation.

VI. Training and publicity

Regular training: Regular training of employees on privacy protection laws and regulations, reporting mechanisms, etc.

Public publicity: Through media, social media and other channels, improve the public's awareness of personal privacy protection and encourage all sectors of society to participate in supervision.

VII. Compliance supervision and continuous improvement

Regular audit: Regularly audit the effectiveness of privacy protection policies, processes and reporting mechanisms.

Policy update: Update privacy protection policies and reporting mechanisms in a timely manner according to changes in laws and regulations and business needs.

International cooperation: Strengthen cooperation with other multinational companies, international organizations and government agencies to jointly improve the level of global privacy protection.

VIII. Effectiveness and Revision

This regulation shall take effect from the date of promulgation. The company reserves the right to revise it according to actual conditions. The revised content will be announced in a timely manner through internal notifications, the company's official website and other channels.

IX. Conclusion

Through the implementation of this "Privacy Reporting", we are committed to building a safe, transparent and responsible data processing environment to protect the privacy rights and interests of every individual user. We encourage all stakeholders to actively participate, jointly safeguard personal privacy and security, and promote the healthy development of global data protection.