Precision Delivery · Enterprise-Grade Email Service with Reliable Delivery
TNT Mail

TNT Wuyou Chuhai Privacy Policy

Updated: January 19, 2025

I. Definitions and Scope of Application

1.1 Core Definitions

  • Personal Information: Refers to various information related to identified or identifiable natural persons recorded in electronic or other forms, excluding information that has been anonymized (as defined by the Personal Information Protection Law of the People's Republic of China).
  • Sensitive Personal Information: Refers to personal information that, once leaked or illegally used, is likely to cause harm to the personal dignity or physical/property safety of natural persons, including biometric information, religious beliefs, specific identity, medical health, financial accounts, location trajectories, etc., as well as personal information of minors under the age of fourteen.
  • Anonymization: Refers to the process by which personal information is processed so that it cannot identify a specific natural person and cannot be restored.
  • De-identification: Refers to the process by which personal information is processed so that it cannot identify a specific natural person without the aid of additional information.
  • Data Processing: Includes collection, storage, use, processing, transmission, provision, disclosure, deletion, etc. of personal information.

1.2 Scope of Application

This Privacy Policy applies to all processing activities including collection, storage, use, processing, transmission, provision, disclosure, deletion, etc. of user personal information and related data during the process of TNT Wuyou Chuhai platform (hereinafter referred to as the "Platform") providing data filtering, marketing mass messaging, and related supporting services (hereinafter referred to as "the Service").

This Policy does not apply to services provided by third parties through platform links, cooperation modules, etc. Privacy policies for third-party services are formulated by themselves, and the Platform does not assume related liability. It is recommended that users carefully read third-party privacy policies.

II. Information Collection Scope and Methods

2.1 Account Registration and Identity Verification Information

  • Natural Person Users: Name, mobile phone number, email address, ID card number (for real-name authentication), contact address, etc. actively provided during registration;
  • Legal Entity and Other Organization Users: Enterprise name, unified social credit code, business license, legal representative name and ID information, authorized contact person name and contact information, office address, etc. actively provided during registration;
  • During identity verification process, supplementary materials provided by user according to platform requirements (such as facial recognition information, power of attorney, etc.), which Platform will only use for identity verification and will retain or delete according to regulations after verification is completed.

2.2 Service Use Related Information

  • Filtering Related Information: Filtering conditions set by user (including but not limited to industry classification, geographic scope, enterprise scale, business status, contact information type, etc.), filtering operation records, filtering result viewing and export records;
  • Marketing Mass Messaging Related Information: Marketing content (text, images, links, etc.) sent by user through platform, contact information list of recipients (including those provided by platform filtering and uploaded by user), sending time, sending quantity, sending status (success, failure, unsubscribe, etc.), unsubscribe user records;
  • Operation Log Information: User's login time, login IP address, account operation records (such as function use, information modification, permission adjustment, etc.), service usage duration, accessed pages and functional modules, error logs, etc.

2.3 Device and Network Information

Platform automatically collects the following information when user accesses or uses services, used to ensure normal service operation and optimize user experience:

  • Device Information: Device model, operating system version, device unique identifier (such as IMEI, MAC address, UUID, etc.), device manufacturer, device running status, screen resolution, etc.;
  • Network Information: IP address, network type (such as Wi-Fi, 4G/5G, etc.), network operator, access point name, browser type and version, browser language, Cookies and local storage data;
  • Location Information: Only with user authorization, collects approximate geographic location of device (based on IP address), used to provide region-related filtering services and compliance control. User can revoke authorization at any time through device settings or platform functions.

2.4 Use of Cookies and Similar Technologies

  • To optimize service experience and ensure account security, Platform may use technologies such as Cookies, Web Beacons, etc., to store user's login status, preference settings (such as filtering condition templates, interface language, etc.), service usage habits, etc.;
  • User can disable or delete Cookies through browser settings, but if necessary Cookies are disabled, some service functions may not be available normally (such as automatic login, saving filtering conditions, etc.);
  • Platform will not collect user's sensitive personal information through Cookies, nor will it use Cookies for purposes other than those agreed in this Policy.

2.5 Other Information

  • Information provided by user through customer service consultation, complaints, feedback, etc. (such as communication records, problem descriptions, requests, etc.);
  • Information Platform is authorized by user to obtain from third parties (such as account information provided by third-party login authorization, compliance data provided by partners, etc.), which Platform will use only within the scope of user authorization.

III. Information Use Purposes and Methods

3.1 Core Service Provision

  • Based on filtering conditions set by user, retrieve, organize, and provide enterprise information lists to support implementation of marketing mass messaging functions;
  • Store user's service usage records, preference settings, etc., to provide users with personalized service experience (such as reusing filtering condition templates, recommending commonly used functions, etc.);
  • Respond to user's after-sales consultation, complaint feedback, and resolve problems encountered during service use.

3.2 Account Security and Compliance Control

  • Conduct identity verification, account login verification, monitor abnormal login behaviors (such as remote login, unfamiliar device login, etc.), and prevent account theft or impersonation;
  • Detect and prevent illegal or non-compliant behaviors such as fraud, spam information sending, network attacks, etc., to maintain service order and network security;
  • In accordance with laws and regulations and the provisions of this Policy, conduct compliance review of user's service usage behaviors to ensure compliance with data security and privacy protection requirements.

3.3 Service Optimization and Improvement

  • Conduct statistical analysis on anonymized and de-identified user usage data to understand service usage status, functional satisfaction, etc., optimize service processes, and iterate functional modules;
  • Based on data analysis results, develop new service functions or products to improve service quality and user experience;
  • Troubleshoot service faults, fix technical vulnerabilities, and ensure service stability and security.

3.4 Marketing and Promotion

  • After obtaining explicit consent from user, send user marketing content such as product update notifications, service discount information, industry trends, etc., through methods including SMS, email, in-site messages, etc.;
  • User can revoke marketing authorization at any time through platform settings (such as marketing information unsubscribe entry) or by contacting customer service. Platform will stop sending related marketing information, and revocation of consent does not affect the legitimacy of information processing behaviors previously based on user consent.

3.5 Other Legal Purposes

  • Comply with mandatory requirements of laws and regulations, judicial organs, or administrative organs;
  • Protect legitimate rights and interests of users, Platform, or third parties (such as responding to complaints and reports, preventing infringement behaviors, etc.);
  • Used for commercial transactions such as Platform's mergers, acquisitions, reorganizations, etc. If information transfer is involved, Platform will notify users in advance and ensure that the transferee complies with the privacy protection requirements of this Policy.

3.6 Information Use Limitations

  • Platform uses user information only within the scope necessary to achieve the use purposes agreed in this Policy, and shall not abuse information beyond reasonable scope;
  • The use of user information shall follow the "minimum necessity" principle, collecting and using only information necessary to achieve the purpose;
  • Without user consent or authorization by laws and regulations, Platform shall not use user's personal information for purposes other than those agreed in this Policy.

IV. Information Sharing, Disclosure, and Transfer

4.1 Information Sharing

  • Business Cooperation Sharing: To implement core services such as data filtering and marketing mass messaging, Platform may share necessary information with cooperative suppliers (such as data storage service providers, SMS/email sending service providers, server operation and maintenance service providers, etc.); Platform will sign strict data processing agreements with suppliers, clarify their information protection obligations, require suppliers to use information only within authorized scope and not for other purposes, and supervise suppliers' information processing behaviors;
  • Internal Group Sharing: To achieve unified operation management, technical support, etc., Platform may share user information among its affiliated companies (referring to companies controlled by the same actual controller); Affiliated companies will comply with the privacy protection requirements of this Policy, take information protection measures at the same level as Platform, and use information only for purposes agreed in this Policy;
  • User Authorized Sharing: With user's explicit authorization, Platform may share specified information with third parties according to user's requirements (such as user agreeing to share filtering results with their partners);
  • Emergency Situation Sharing: To protect users, Platform, or public interests from infringement, in emergency situations (such as involving personal safety, major property loss, public security crisis, etc.), Platform may share necessary information within reasonable scope.

4.2 Information Disclosure

  • Legal Mandatory Disclosure: According to legal requirements of laws and regulations, judicial organs, or administrative organs (such as subpoenas, investigation assistance notices, etc.), Platform needs to disclose user information to relevant competent organs to cooperate with investigation and evidence collection, execution of effective judgments, etc.;
  • Compliance Disclosure: To maintain Platform's legitimate rights and interests (such as responding to litigation, arbitration, complaint reports, etc.), disclose user information within reasonable and necessary scope, and disclosure behavior complies with provisions of laws and regulations;
  • Public Disclosure: Platform only discloses user's personal information with user's explicit consent or when allowed by laws and regulations; reasonable measures will be taken before public disclosure to protect user's privacy security and avoid sensitive information leakage.

4.3 Information Transfer

Platform shall not transfer user's personal information to third parties unless the following conditions are met:

  • (1) Obtaining user's explicit written consent;
  • (2) Due to commercial transactions such as Platform's merger, acquisition, restructuring, bankruptcy liquidation, etc., transferring user information to transferee, and Platform will inform users 7 natural days in advance through public announcement or separate notice, and the transferee must commit to complying with the privacy protection requirements of this Policy;
  • (3) Other legal circumstances stipulated by laws and regulations.

4.4 Limitations on Sharing, Disclosure, and Transfer

  • Platform will not share, disclose, or transfer user information to third parties without legal qualifications;
  • Platform will not share, disclose, or transfer user's sensitive personal information to third parties, unless obtaining user's explicit consent and complying with laws and regulations;
  • When sharing, disclosing, or transferring user information, Platform will perform necessary desensitization processing on information (such as removing name, contact information, etc. that can identify personal identity) to ensure data security.

V. Cross-border Information Transfer

5.1 Cross-border Transfer Scenarios

  • Due to the cross-border nature of this Service (such as marketing information sent to overseas recipients, some Platform service nodes located overseas, cooperative suppliers located overseas, etc.), user's information may need to be transferred to countries or regions outside the People's Republic of China;
  • Platform conducts cross-border information transfer only in the following circumstances:
  • (1) Obtaining user's explicit consent;
  • (2) Complying with relevant laws and regulations and regulatory requirements for cross-border transfer of personal information of the People's Republic of China (such as passing security assessment by national cyberspace administration, signing cross-border data transfer standard contracts, obtaining personal information protection certification, etc.);
  • (3) Necessary to achieve service purposes agreed in this Policy, and the recipient can provide sufficient information protection.

5.2 Cross-border Transfer Protection Measures

  • Platform will sign cross-border data transfer agreements with overseas recipients, clarify rights and obligations of both parties, require recipients to comply with privacy protection laws and regulations of the People's Republic of China and destination country/region, and take information protection measures at the same level as Platform (such as encrypted storage, access control, etc.);
  • Platform will supervise the information processing behaviors of overseas recipients, regularly verify their compliance performance, and ensure user information is effectively protected;
  • If the information protection level of the destination country/region does not meet requirements, or the recipient fails to fulfill information protection obligations, Platform will take measures such as suspending transfer, requiring rectification, terminating cooperation, etc., to ensure user information security.

5.3 User Right to Know Protection

  • When user first uses services involving cross-border data transfer, Platform will explicitly inform user of information such as the destination of cross-border transfer, recipient, transfer purpose, protection measures, etc., and obtain user's consent before conducting transfer;
  • User has the right to consult Platform about relevant situations regarding cross-border information transfer, and Platform will respond truthfully.

VI. User Rights and Exercise Methods

6.1 Right to Access

User has the right to log in to Platform account and access their personal information (including account information, service usage records, filtering conditions, etc.), and Platform will provide users with convenient access paths (such as "Personal Center - Information Management" module).

6.2 Right to Correction

If user finds that their personal information contains errors or is incomplete, they have the right to self-correct through Platform account or contact customer service to apply for correction; Platform will conduct verification within 15 working days after receiving correction application, and if meeting correction conditions, will promptly correct and inform the user.

6.3 Right to Deletion

In the following circumstances, user has the right to require Platform to delete their personal information:

  • Information processing purpose has been achieved, cannot be achieved, or is no longer necessary;
  • User revokes consent to information processing;
  • Platform processes information in violation of laws and regulations or this Policy's provisions;
  • Other circumstances where deletion can be required by law.

Platform will conduct verification within 15 working days after receiving deletion application, and if meeting deletion conditions, will promptly delete relevant information; if retention is required by laws and regulations, Platform will anonymize the information and no longer use it for purposes other than those agreed in this Policy.

6.4 Right to Account Cancellation

User has the right to apply to cancel their Platform account, and the cancellation path is "Personal Center - Account Security - Account Cancellation"; Platform will verify the user's account status, unsettled fees, etc. after receiving cancellation application, and if meeting cancellation conditions, will complete account cancellation within 30 working days, and delete or anonymize user's personal information (except those required to be retained by laws and regulations).

After account cancellation, user will no longer be able to use this account to log in or use Platform services. Rights and obligations related to the account (such as refund of unused service fees, unresolved complaints, etc.) must be settled before cancellation.

6.5 Right to Withdraw Consent

User has the right to withdraw consent to information processing at any time (such as marketing information receiving authorization, location information collection authorization, etc.), and withdrawal methods include:

  • Marketing Information Authorization: Withdraw through unsubscribe entry in marketing information, Platform "Personal Center - Privacy Settings" module;
  • Device Permission Authorization: Withdraw through device system settings (such as location, camera, storage, etc. permissions);
  • Other Authorizations: Contact customer service to submit written withdrawal application.

After withdrawing consent, Platform will stop relevant information processing behaviors, but this does not affect the legitimacy of information processing behaviors previously based on user consent, nor does it affect information processing necessary for Platform to achieve core services, ensure account security, etc.

6.6 Right to Data Portability

Subject to laws and regulations and technical feasibility, user has the right to require Platform to provide their personal information to the user or a designated third party in a structured, readable, and transmittable format; Platform will verify within 15 working days after receiving application, and if meeting conditions, will provide in the agreed format.

6.7 Right to Objection and Right to Complain

  • If user has objection to Platform's information processing behavior, they have the right to raise it to Platform, and Platform will respond within 15 working days;
  • If user believes that Platform's information processing behavior infringes their personal information rights and interests, they can complain through Platform customer service channels (such as customer service phone, email, online consultation, etc.), and Platform will complete verification processing and provide feedback within 30 working days after receiving complaint;
  • User can also file complaints and reports with regulatory authorities (such as National Internet Information Office, Consumer Association, etc.).

6.8 Limitations on Exercise of Rights

  • When exercising the above rights, user needs to provide valid identity proof (such as ID card copy, enterprise power of attorney, etc.), and Platform will verify user's identity to avoid others impersonating identity to exercise rights;
  • Due to requirements of laws and regulations, protection of public interests, account security, etc., Platform may impose reasonable limitations on user's exercise of rights and explain the reasons to user.

VII. Information Storage and Security Protection

7.1 Storage Period

Platform stores user information only within the shortest period necessary to achieve the information use purposes agreed in this Policy, and will automatically delete or anonymize relevant information after the storage period expires; specific storage periods are as follows:

  • (1) Account Information: From date of account registration until 3 years after account cancellation (except where laws and regulations require longer retention);
  • (2) Service Usage Records (filtering conditions, sending records, etc.): Retain for 2 years from date of service completion;
  • (3) Customer Service Communication Records, Complaint Feedback Information: Retain for 1 year from date of problem resolution;
  • (4) Information Stored by Cookies and Similar Technologies: Retain for 1 year from date of generation, and becomes invalid immediately if user deletes or disables.

If needed for compliance investigations, litigation/arbitration, etc., Platform may extend information storage period until relevant matters are fully processed.

7.2 Storage Methods

  • Platform stores user information on servers within the territory, and cross-border storage must comply with the provisions of Article V of this Policy;
  • Adopts technologies such as encrypted storage (such as AES-256 encryption algorithm), distributed storage, etc., to ensure information storage security;
  • Takes additional protection measures for sensitive personal information (such as separate storage, strict control of access permissions, etc.).

7.3 Security Protection Measures

(1) Technical Security

  • Data Transmission: Adopts SSL/TLS encryption technology to ensure information security during transmission, prevent theft or tampering;
  • Access Control: Implements minimum privilege principle, only authorized personnel can access user information, and access requires identity authentication (such as account password, multi-factor authentication, etc.) and access logs are retained;
  • Security Protection: Deploys firewalls, intrusion detection systems, data leakage prevention systems, etc., to prevent security risks such as network attacks, virus intrusions;
  • Regular Backup: Conducts regular backups of user information, establishes data recovery mechanisms to prevent data loss.

(2) Management Security

  • Formulates internal systems such as data security management systems, privacy protection operating procedures, etc., clarifying information protection responsibilities for each position;
  • Provides privacy protection and data security training to employees, signs confidentiality agreements, strictly prohibits employees from illegally obtaining, using, or leaking user information;
  • Conducts regular security audits, risk assessments, identifies security hazards, and timely rectifies issues;
  • Signs data processing agreements with third-party service providers, clarifies security protection obligations, and conducts regular security assessments on them.

(3) Emergency Response

  • Establishes information security incident emergency plans, clarifying incident classification, emergency response processes, etc.;
  • If security events such as data leakage, loss, tampering, etc. occur, Platform will immediately activate emergency plans, take remedial measures, and notify affected users within 72 hours (except where laws and regulations require delayed notification), informing them of relevant incident circumstances and response recommendations;
  • Reports information security incidents to regulatory authorities according to regulations.

7.4 Security Liability Limitations

  • Platform has taken the above reasonable security protection measures and strives to ensure user information security, but due to the complexity and uncertainty of network security, Platform cannot completely avoid security risks such as information leakage, loss;
  • If user information is damaged due to force majeure, third-party attacks, user's improper operation (such as password leakage, device loss, etc.), Platform does not assume compensation liability, but will provide assistance within reasonable scope.

VIII. Minor Protection

  • 8.1 Platform services are not directed at minors under the age of 14. If a minor needs to use this Service, they must register an account under the consent and accompaniment of their guardian, and the guardian will exercise relevant rights and fulfill relevant obligations on their behalf.
  • 8.2 If Platform discovers that it has mistakenly collected personal information of minors under the age of 14, it will immediately stop information processing, delete relevant information, and notify their guardian; if a guardian discovers that a minor is using this Service without consent, they can contact Platform to apply for account cancellation and information deletion.

IX. Privacy Policy Updates

9.1 Update Circumstances

Platform may update this Privacy Policy from time to time according to changes in laws and regulations, adjustments in service functions, improvements in privacy protection requirements, etc.

9.2 Update Process

  • The revised Privacy Policy will be published through at least one method that can reach users, such as Platform's official website, APP pop-up, in-site messages, etc., with a publicity period of no less than 7 natural days;
  • If the update content involves major changes (including but not limited to substantive adjustments such as information collection scope, use purposes, sharing methods, cross-border transfer rules, user right exercise methods, etc.), Platform will inform users through prominent methods (such as APP pop-up mandatory prompt, separate email notification, etc.) to ensure users are aware of the update content.

9.3 Effective Time

After the publicity period expires, the revised Privacy Policy takes effect; if user objects to the update content, they have the right to notify Platform in writing during the publicity period to terminate use of this Service. If user continues to use this Service after the publicity period expires, it is deemed as having fully read, understood, and agreed to accept the revised Privacy Policy.

9.4 Retention of Historical Versions

Platform will retain historical versions of this Privacy Policy, and users can access them through Platform designated channels (such as "Help Center - Privacy Policy Historical Versions"). Historical versions are for archiving purposes only and do not have legal effect.