Funbox Privacy Policy

Introduction

Welcome to Funbox! We deeply understand the importance of your personal information and solemnly commit to protecting its security. This policy aims to clearly and transparently inform you about how we collect, use, store, and protect your personal information when you use our products and services, as well as the rights you are entitled to.

Please read and understand this policy carefully before using our services. Your initial use of our services or continued use after we update this policy indicates that you have fully read, understood, and agreed to all terms of this policy (including the updated content).

I. How We Collect and Use Your Personal Information

To provide you with basic services and specific features, we need to process your personal information in the following scenarios. We adhere to the principles of "legality, legitimacy, necessity, and good faith," and strive to achieve the "minimum necessity" for processing purposes.

1.1 Account Registration and Login

• Function Description: To create an account for you to use our core services.
• Information Collection: To ensure your account security and login verification, we will automatically generate an Account ID based on your device information. During login verification, we may collect your device information (such as device model, operating system version, unique device identifier) and log information.
• Note: Standalone device information and log information typically cannot identify a specific natural person. If we combine such non-personal information with other information to identify a specific natural person, we will treat it as personal information and process and protect it in accordance with this policy.

1.2 Certificate Service

• Function Description: To provide you with certificate acquisition and authorization services.
• Information Collection: When you use this function, we require you to provide your real name and national identity card number. This information is necessary to ensure you receive the sole valid credential for certificate authorization on the platform.

1.3 Customer Support and Contact

• Function Description: To answer your questions when you contact us via messages, email, phone calls, etc.
• Information Collection: We may retain records of your communication and contact details (such as name, mobile number, email) to contact you or help resolve your issue.

1.4 Ensuring Service Security and Stable Operation

• Function Description: To ensure normal app operation, troubleshoot crash causes, and prevent fraudulent activities.
• Information Collection: After obtaining your explicit consent, we will collect your device identification information. Such information will be used strictly for legitimate purposes including device identification, account security, anti-cheating, and statistical analysis. We commit not to using it for user profiling or targeted push notifications.

1.5 Exceptions Where Authorization Consent is Not Required

According to relevant laws and regulations, in the following circumstances, we may collect and use your personal information without obtaining your authorization and consent:

• Where it is related to our performance of obligations under laws and regulations;
• Where it is directly related to national security or national defense security;
• Where it is directly related to public security, public health, or significant public interests;
• Where it is directly related to criminal investigation, prosecution, trial, and execution of judgments, etc.;
• Where it is necessary for protecting the life, property, and other significant legitimate rights and interests of you or another individual, but it is difficult to obtain consent from the person;
• Where the personal information involved is disclosed to the public by yourself;
• Where personal information is collected from legally publicly disclosed information, such as legitimate news reports, government information disclosure, etc.

II. How We Use Cookies, Beacons, and Similar Technologies

2.1 Cookies

To ensure the normal operation of Funbox, we store small data files called Cookies on your mobile device. Cookies usually contain an identifier, site name, and some numbers and characters. With the help of Cookies, Funbox can store your login status (such as ID and Token). You can manage or delete cookies according to your preferences. However, please note that doing so may affect your use of services or functions that rely on cookies in certain situations.

2.2 Device Permission Requests

To enhance the service experience, we may request the use of your device permissions in specific scenarios. You can manage these permissions in your device settings. The permissions we may request include:

• Camera (including Flashlight): Used for scanning QR codes. We will not continuously access your camera.
• Sensors: Uses device gravity and acceleration sensor information to intelligently recognize and adapt to your device's portrait or landscape orientation.
• Calendar & Reminders: Used, after your setup, for reminders such as game release information.

III. How We Share, Transfer, and Publicly Disclose Your Personal Information

3.1 Sharing

We will not share your personal information with any company, organization, or individual other than Krayt Technologies Limited Liability Company and its affiliates, except in the following cases:

• Sharing with Explicit Consent: After obtaining your explicit consent, we will share your personal information with other parties.
• Sharing as Required by Law: We may share your personal information as required by laws and regulations, for litigation dispute resolution, or in accordance with mandatory requirements from governmental authorities.
• Sharing with Authorized Partners: Some of our services will be provided by authorized partners only to achieve the purposes stated in this policy. We will only share your personal information for lawful, legitimate, necessary, specific, and explicit purposes, and only share the personal information necessary to provide the services. We will require partners to not use the shared personal information for any other purposes through contracts or other means.

3.2 Transfer

We will not transfer your personal information to any company, organization, or individual, except in the following cases:

• Transfer with Explicit Consent: After obtaining your explicit consent, we will transfer your personal information to other parties;
• During Corporate Structure Changes: In the event of mergers, acquisitions, or bankruptcy liquidation, if personal information transfer is involved, we will require the new holder of your personal information to continue to be bound by this Privacy Policy. Otherwise, we will require that company or organization to seek your authorization and consent anew.

3.3 Public Disclosure

We will only publicly disclose your personal information under the following circumstances:

• After obtaining your explicit consent;
• Disclosure Based on Law: We may publicly disclose your personal information when required by laws, legal procedures, litigation, or mandatory requirements from governmental authorities.

3.4 Disclosure Regarding Third-Party SDKs

We solemnly declare that the current version of Funbox does not integrate any third-party SDKs. If future business needs require the integration of third-party SDKs, we will promptly update this policy to clearly inform you of the SDK name, purpose, types of information collected, and links to their privacy policies.

IV. How We Store and Protect Your Personal Information

4.1 Data Storage

• Storage Location: In accordance with laws and regulations, we will store the personal information collected and generated within the territory of the People's Republic of China within China.
• Storage Duration: We retain your personal information only for the period necessary to achieve the purposes described in this policy. For example, account information will be retained until you actively deactivate your account. After the retention period expires, we will delete your personal information or anonymize it.

4.2 Security Protection Measures

We have adopted security protection measures in line with industry standards to protect your personal information:

• Technical Protection: We use SSL encryption technology to protect data transmission; employ encryption technology to store sensitive information; and implement strict access control mechanisms to ensure only authorized personnel can access personal information.
• Security Management: We have established dedicated personal information protection management systems and processes, and provide employees with training on data security and privacy protection.
• Security Certification: Our core systems and data platforms have passed the evaluation and filing for the National Cybersecurity Level Protection (Level 3) certification.
• Contingency Plans: In the event of a personal information security incident, we will, in accordance with legal requirements, promptly inform you of the basic situation of the incident, potential impacts, measures taken, etc., and report to regulatory authorities as required by law.

V. Your Rights

You have the following rights regarding your personal information. You can submit requests to exercise these rights to us via the contact methods in Article VIII of this policy. To ensure security, we may require you to provide a written request or otherwise prove your identity. We will respond within fifteen (15) natural days.

5.1 Access, Correction, and Deletion of Your Personal Information

You have the right to access, correct, or delete your personal information. You can operate via the [My] path. Under the following circumstances, you can request us to delete your personal information:

• Our processing of your personal information violates laws and regulations;
• We collected and used your personal information without obtaining your explicit consent;
• Our processing of personal information seriously violates our agreement with you;
• You have permanently deactivated your account, or we no longer provide you with products or services.

5.2 Changing the Scope of Authorization Consent and Deactivating Your Account

You can withdraw your authorization for the processing of certain information at any time via your device system permission settings or through the contact methods in this policy. After withdrawal of consent, we will no longer process the corresponding personal information. You may also apply to deactivate your account. After deactivation, we will stop providing you with products and services and delete your personal information as per your request.

5.3 Refusal of Automated Decision-Making by Information Systems

In certain business functions, we may make decisions based on information systems or other non-human automated decision-making mechanisms. If these decisions significantly affect your legitimate rights and interests, you have the right to request an explanation from us.

5.4 Exceptions to Responding to Your Requests

According to laws and regulations, we may not be able to respond to your requests in the following circumstances:

• Where it is related to our performance of obligations under laws and regulations;
• Where it is directly related to national security or national defense security;
• Where it is directly related to public security, public health, or significant public interests;
• Where it is directly related to criminal investigation, prosecution, trial, and execution of judgments, etc.;
• Where we have sufficient evidence that you have subjective malice or abuse rights;
• Where it is necessary for protecting the life, property, and other significant legitimate rights and interests of you or another individual, but it is difficult to obtain consent from the person;
• Where responding to your request will seriously harm the legitimate rights and interests of you or other individuals or organizations;
• Where trade secrets are involved.

VI. How We Handle Minors' Personal Information

Our products and services are primarily intended for adults. We consider anyone under the age of 18 to be a minor.

Minors should not create their own user accounts without the consent of a parent or guardian. Regarding minors' personal information collected with parental consent, we will only use or publicly disclose this information as permitted by law, with the explicit consent of the parent or guardian, or as necessary to protect the minor.

If we discover that we have collected a minor's personal information without prior verifiable parental consent, we will endeavor to delete the relevant data as soon as possible.

VII. How This Policy Is Updated

To provide you with better service, our privacy policy may change.

For significant changes, we will notify you through prominent means such as pop-up windows or push notifications. Significant changes referred to in this policy include but are not limited to:

• Major changes in our service modes;
• Major changes in the primary objects of personal information sharing, transfer, or public disclosure;
• Major changes in your rights regarding personal information processing and how to exercise them;
• Changes in our department responsible for personal information security, contact details, and complaint channels;
• When Personal Information Security Impact Assessment reports indicate a high risk.

VIII. How to Contact Us

If you have any questions, comments, or suggestions regarding this Privacy Policy, or wish to exercise your rights related to personal information, please contact us via:

• Email: [email protected]

We will review the issues involved as soon as possible and respond within fifteen (15) natural days after verifying your user identity.

If you are not satisfied with our response, or believe our personal information processing practices have infringed upon your legitimate rights and interests, you may also file a complaint or report with regulatory authorities such as cyberspace administration, telecommunications, public security, and market supervision authorities.