Welcome to the QAX X-WING SaaS Version!
Qianxin International Co. Limited fully acknowledges the importance of privacy and personal data protection, strictly complies with the Personal Data (Privacy) Ordinance of Hong Kong (Cap 486) ("PDPO"), the Laws of the Hong Kong Special Administrative Region ("Hong Kong") and implements security measures to safeguard your personal data. The term "personal data" has the meaning as defined in the PDPO.
QAX X-WING SaaS Version (hereinafter referred to as "this Product") is primarily intended to provide services to organizations and institutions. In this context, the User of this Product refers to the organization or institution (hereinafter referred to as "you" or the "User"), excluding individuals within the organization or institution who install, use, or otherwise interact with this Product on terminal computers or other terminal devices (hereinafter referred to as "Authorized Users"). This Privacy Policy (hereinafter referred to as "this Policy") applies exclusively to data exchanges between the User of this Product and QAX via the Management Platform, as well as data exchanges between Authorized Users and QAX via terminals conducted under the User's instructions (if any). With respect to data exchanges between the Management Platform of this Product and Authorized Users (if any), unless otherwise expressly stated, QAX does not directly collect such data. We do not assume any legal liability for the Management Platform's processing(including collection, use, storage, provision, etc.) of Authorized User information (including the Authorized User's personal data). Users shall independently establish the legal basis for the processing of personal data in accordance with applicable laws and regulations, to ensure that both your and our processing of Authorized User information is lawful and compliant.
We hereby inform you through this Policy how we handle (including collection, use, storage, provision, etc.) and protect your personal data when using this Product. Provisions of this Policy that may significantly affect your legitimate interests are highlighted in bold for your attention. Please carefully read and fully understand this Policy before using this Product, and only proceed with use after confirming your complete understanding and agreement. Before collecting your personal data, we will obtain your explicit consent in a prominent manner (unless otherwise required by law). If you have any questions, comments, or suggestions regarding this Policy, please contact us using the contact information provided at the bottom of this Policy.
This Policy will help you understand the following:
I. Scope of Application of this Policy
II. How We Collect and Use Your Personal Data
III. How We Use Cookies and Similar Technologies
IV. How We Store Your Personal Data
V. How We Share, Transfer, and Publicly Disclose Your Personal Data
VI. How We Protect Your Personal Data
VII. Protection of the Exercise of Personal Rights
VIII. How Your Personal Data Is Transferred Globally
IX. Protection of Children's Personal Data
X. Changes and Amendments to this Policy
XI. How to Contact Us
This Policy applies exclusively to QAX X-WING. Please note that this Policy does not apply to Third-Party Products or Services accessed through this Product. When you use Third-Party Products or Services through this Product, the protection of your personal data shall be governed by the privacy policies of such third parties, and we shall not be held responsible for their personal data processing activities. We strongly recommend that you carefully read and fully understand the privacy policies and related documents of third parties before choosing to use their services.
This Product is equipped with multiple functional modules, including Real-Time Security Protection, Vulnerability Remediation, Privacy Protection, Application Awareness, Multi-Device Management, Cloud Backup of Log Activities, and junk cleaning. However, we collect and process User data, including a limited amount of personal data, only under certain functional modules for the purposes specified below. Please be advised that, to provide you with comprehensive security protection and management services, all functions of this Product are enabled by default except those explicitly stated in this Policy as requiring Users to activate them proactively. Please review the relevant settings upon your first use of this Product. You may also modify the relevant settings at any time to stop data exchanges with us under the corresponding functions.
We will collect and use your personal data for the purposes and in accordance with the provisions set forth in this Policy. If you do not provide the relevant information or do not consent to our collection of such information, you may be unable access certain services we provide, or achieve optimal service outcomes.
You understand and agree that we will process the personal data of Authorized Users you provide solely based on your documented instructions and for the purposes set out in this Policy. You shall strictly comply with the principles of legality, legitimacy, necessity, and data minimization when uploading and/or instructing us to access personal data from Authorized Users of this Product. You shall ensure that Authorized Users have been fully and lawfully informed in advance of the personal data processing scenarios (including the purposes and methods of processing), ensuring that the relevant personal data processing activities have a sufficient and valid legal basis as required by applicable laws and regulations. Any disputes arising from your failure to comply with the above obligations including inadequate notice or consent from Authorized Users and the resulting legal liabilities shall be borne solely by you.
To log in to this Product, you are required to provide at least your email address and password. If you refuse to provide the aforementioned information, you will be unable to use this Product normally.
The cloud virus detection and removal engine (QCE) and artificial intelligence engine (QDE) employed by this Product utilize the cloud security center database, which contains extensive virus samples, software information, and lists of malicious URLs. By leveraging artificial intelligence methods, they rapidly assess the security of files, URLs, and software, thereby promptly and effectively performing virus detection, removal, and protection.
To fulfill the Virus Detection and Removal function, we will, in accordance with your or the Authorized User's instructions and depending on the type of object to be scanned (file or URL), collect the following information related to the file or URL from the terminal and transmit it to the Cloud Security Center database for Virus Detection and Removal:
a) File: File name (which may involve the Authorized User's personal data, such as name), file path, file release attributes (including version, product name, signer, file runtime parameter attributes, and file fingerprint MD5 and SHA1 values);
b) URL: URL hostname, URL resolution IP value, MD5 and SHA1 encrypted URL.
To identify unknown suspicious programs (i.e., files that are neither in the Identification Center virus sample blacklist database nor in the whitelist database, but present certain risks), this Product will, upon discovery of an unknown suspicious program on the Authorized User's terminal, automatically send an unknown file identification request to our Cloud Security Identification Center for virus analysis. This Product will transmit the device's anonymous ID, terminal IP address, as well as any suspicious programs and suspicious executable files (exe, dll) or script files found in sensitive locations and startup items from the terminal to the identification center for virus analysis. Please be advised that the aforementioned information we collect will be used solely for the analysis of viruses, malicious files, and suspicious files, as well as to enrich the virus sample database of this Product and to improve our products and services, thereby continuously enhancing our security protection capabilities.
To prevent applications on the device from unauthorized access to the system, applications, and sensitive data, Authorized Users may configure the Privacy Protection Function for important information on the device (including but not limited to browsing history, chat records, emails, system privacy settings, and other commonly used software). Information, applications, or files included within the scope of Privacy Protection, as well as the privacy protection strategies and settings adopted by Authorized Users, will be stored locally on the current device and will not be collected by us.
To address issues of slow performance on Authorized Users' terminal devices and to optimize the experience of Authorized Users, we will, after de-identifying the User ID and anonymizing the terminal device, collect information such as the application names, usage duration, usage frequency, CPU usage, memory usage, hard disk resource usage, and Input/Output read records for each application on the device. This information will be used solely for statistical analysis, to promptly identify and record applications exhibiting abnormal operation, and to assist Authorized Users in identifying the causes of computer slowness.
You or your authorized administrators may use the Multi-Device Management function to view the operational status of multiple devices under your Account, such as Virus Detection and Removal, vulnerability detection results, device IP addresses, and online status. You may also perform operations such as Virus Detection and Removal, Vulnerability Remediation, and shutdown on devices via the Management Platform.
To facilitate you or your authorized administrator in viewing the historical records of log activities across multiple devices, this Product will, in accordance with your instructions, upload system logs from user devices, as well as logs generated by this Product's Real-time Security Protection, Privacy Protection, and Application Awareness functions, to our cloud. Except for providing backup logs that may be accessed at any time by logging into the cloud and downloading relevant log information, we will not use the log information of Authorized Users for any other purpose.
This Product assists Users in locating and deleting junk files and clearing space on User terminals by scanning the directories of Authorized User terminals. We do not collect any personal data in the course of providing this service.
This Product identifies and categorizes files occupying significant disk space on the computer by scanning the computer disk for stored files and displaying them in order of size. Authorized Users may view, delete, or ignore files based on the query results.
To continuously improve our products and provide you with higher quality features and services, we will collect information such as the location of devices within your enterprise or organization, client software version information, and button click behaviors for anonymous statistical analysis. For example, under the Privacy Protection Function, we will collect information such as whether Authorized Users utilize the Privacy Protection Function and the number of times Authorized Users access the Privacy Protection Function within a specific period, for anonymous statistical analysis to optimize related product services.
You may report any issues encountered while using this Product to us through the Security Service Center. We will make every effort to resolve the issues you report. The content you provide in your feedback may involve your personal data, such as your contact Information. Such information will be used solely for our communication and feedback with you.
To enhance the security of your use of this Product, our Affiliated companies, and partners; to protect the personal and property safety of you, other Users, or the public from harm; to better prevent security risks such as network vulnerabilities, computer viruses, cyber-attacks, and network intrusions; and to more accurately identify violations of applicable laws and regulations or relevant agreements and rules of QAX, we may use or integrate your device information and software usage information collected through the aforementioned functions, as well as information obtained from our Affiliated companies and partners with your authorization or as shared in accordance with the law, for the purposes of identity verification, detection and prevention of security incidents, and to take necessary measures for recording, auditing, analysis, and handling in accordance with the law.
During the use of this Product, it may be necessary to request and invoke the following system permissions. This Product will notify the Authorized User prior to invoking any permissions, and will only enable the relevant permissions upon the Authorized User's consent.
| Serial Number | Permission Name | Supported Function | Type of Personal Data Collected |
|---|---|---|---|
| 1. | Location | APP-Generated Device Identifier | Location Information |
| 2. | Network Status | Used to determine the User's network conditions to optimize content display | Wi-Fi Information |
| 3. | Read Hardware Device Information | Bind Device | MAC address, SSID information, IMEI, IMSI, Android_id |
| 4. | Access Network | Connect to network, login, registration, and other operations | None |
| 5. | Device Application Installation List | Virus Detection and Removal Software Center Application Installation and Management | None |
| 6. | Task List | Improve location accuracy and enhance application quality | Application Information |
| 7. | Read external storage | Virus Detection and Removal | None |
| 8. | Write to external storage | Update Virus Signature Database and Rule Database | None |
| 9. | Camera capture | Modify personal avatar | Photos |
| 10. | Photo album | Modify personal avatar | Photos |
| 11. | Email address | Enable Users to Quickly Send Emails to Customer Service | None |
| 12. | Remove App ATS restrictions | Support HTTP requests | None |
To ensure a smoother and more convenient user experience, we may identify you through small data files known as "Cookies" when you use this Product, thereby helping to reduce the number and frequency of information entries. When you first use this product, a pop-up window will be displayed to seek your consent for Cookies. Cookies typically contain identifiers, site names, and certain numbers and characters. With the aid of Cookies, this Product is able to store data generated during your use, including login status, access records, device identifiers, and other related information.
We will not use Cookies for any purposes other than those described in this Policy. Most web browsers are equipped with functions to block Cookies. You may manage or delete Cookies according to your preferences, and you may clear all Cookies stored on your device at any time. If you choose to clear cookies, you will be required to reconfigure your user settings each time you access this Product using your device.
The personal data we collect when you use this Product will be stored in accordance with the following rules:
1. Other Business Data: Including but not limited to security protection logs, device information, application usage data, etc., will be stored on servers located in the Hong Kong. Without your explicit consent, we will not transfer data stored on Hong Kong servers to Mainland China or any other overseas regions.
We will retain your personal data only for the period necessary to achieve the purposes stated in this Policy and within the time limits required by applicable laws and regulations. Upon expiration of the necessary period, we will delete or anonymize your personal data. If deletion is technically infeasible, we will cease all processing activities except for storage and the implementation of necessary security protection measures. If we discontinue operation of this Product, we will promptly cease collecting personal data from you, notify you of the discontinuation by means of an announcement or similar method, and delete or anonymize any personal data (if any) provided by you and stored by us.
We will only share, transfer, or publicly disclose your personal data with your consent or as permitted by laws and regulations.
In circumstances where our Affiliated companies provide products or services to you or to us, we may share your personal data with such Affiliated companies. Affiliated companies refer to any person who directly or indirectly controls QAX, is controlled by QAX, or is under common control with QAX. For the purposes of this definition, the term 'control' (including the related meanings of 'controlled by' and 'under common control with') refers to the direct or indirect possession of the power to direct or cause the direction of the management and policies of such person, whether through the ownership of voting securities, by contract, or otherwise; Under no circumstances shall the User be deemed an affiliated party of QAX. Specifically, in order to provide a unified user center service and to update the Virus Signature Database, we may share your mobile phone number and any virus sample information you upload with Affiliated companies. We only share necessary information, and the processing of your personal data by Affiliated companies is governed by this Policy. If Affiliated companies intend to change the purpose of processing such information, your consent will be sought again.
Unless we have obtained your explicit authorization and consent, we will not share user information with third-party advertisers, application developers, open platforms, or other partners.
We have implemented industry-standard security measures to protect the personal data you provide, and to prevent unauthorized access, public disclosure, use, modification, damage, or loss of data.
1.We ensure transparency in the processing of User personal data by publishing this Policy and establishing channels for user feedback, thereby accepting public oversight.
2.We encrypt the transmission and storage of personally identifiable information to ensure the confidentiality of your data.
3.We have implemented access control mechanisms on the server side, applying the principle of least-privilege to personnel who may access user information, and we regularly review the list of authorized personnel and access records.
4.All server systems used to store User personal data operate on security-hardened operating systems. We conduct account audits and monitor server operations. If an external announcement discloses a security vulnerability in a server operating system, QAX will promptly perform a security upgrade to ensure the security of all our server systems and applications.
5.We regularly organize training on applicable laws and regulations related to personal data protection for our staff to strengthen their awareness of personal data protection.
6.In the unfortunate event that physical, technical, or managerial protective measures are compromised, we will promptly initiate emergency response plans to prevent the escalation of the security incident, report to the competent authorities as required by applicable laws and regulations, and promptly inform you of the basic circumstances of the security incident, its possible impact, and the measures that have been taken or will be taken, through reasonable and effective means such as notifications or public announcements.
Please note that the Internet is not an absolutely secure environment. You are advised to use complex Passwords and to properly safeguard your Account and Password. If you discover that your personal data has been leaked, especially your Account or Password, please contact us immediately using the Contact Information provided in this Policy so that we may take appropriate measures.
You are responsible for responding to and ensuring the exercise of personal data-related rights lawfully enjoyed by Authorized Users. If, during this process, the settings of this Product or other circumstances require us to provide technical assistance, you may submit an Assistance Request to us using the Contact Information provided in Section XI of this Policy. In general, we will respond to your Assistance Request within 15 business days. If the situation is complex and requires an extension, we will also provide an explanation within 15 business days. If your Assistance Request involves end-user personal data unrelated to you, exceeds reasonable limits, requires excessive technical means (such as developing a new system or fundamentally changing existing practices), may infringe upon the legitimate rights and interests of others, is impractical, or if we have other legitimate and justifiable reasons, we may refuse to respond to your Assistance Request and will provide you with an explanation. Please understand that even if we decline to respond to your assistance request, you are still required to accept and process requests from Authorized Users to exercise their rights. To the extent permitted by law, we do not assume any legal liability for your refusal to allow Authorized Users to exercise their rights.
In principle, personal data collected in the Service is handled according to the following rules regarding cross-border transfer:
1.Registered Account Information: Stored in Hong Kong. If it is necessary to transfer such information outside Hong Kong, we will conduct a data export security assessment and obtain your separate consent.
2.Business data: stored in Hong Kong: If it is necessary to transfer such data from Hong Kong to Mainland China or other overseas regions, we will:
The Users and Authorized Users of this Product are primarily adults. Without the consent of a guardian, you must not allow or authorize children (minors under the age of 18) to create their own authorized account or use this Product. We are unable to ascertain or control the specific circumstances of Authorized Users. Therefore, it is your sole responsibility to determine whether any Authorized User is a child, and whether the collection of children's personal data requires the consent of a guardian. You shall independently bear all relevant Legal Liability.
This Policy may be subject to change. Without your explicit consent, we will not restrict the rights to which you are entitled under this Policy.
For material changes to this Policy, we will also provide prominent notice (for example, by displaying a Pop-up Window to notify you in a timely manner when the software installed on this Product is revised or upgraded, or when you log in again).
Major changes as referred to in this Policy include, but are not limited to, the following:
1.Significant changes to our product model. Such as changes to the purposes for processing User personal data, the types of User personal data processed, or the methods of use of User personal data;
2.Significant changes in control, such as changes in ownership resulting from mergers, acquisitions, or restructuring;
3.Changes in the primary recipients of User personal data sharing, transfer, or Public disclosure;
4.Significant changes to your rights to participate in the processing of User personal data and the manner in which such rights are exercised;
5.Changes to the department responsible for the security of User personal data , contact information, or complaint channels;
6.When the User personal data security impact assessment report indicates a high risk.
If you have any requests for access to data or correction or erasure (erasure shall only be applicable when the right to erasure is mandatory) of data or any questions, comments, suggestions, or complaints regarding this Policy or our handling of User personal data, please contact us using the following methods:
We reserve the right to charge you a reasonable fee for complying with a data access request as permitted by the PDPO.