JiHu GitLab Privacy Policy

Published/updated on: October 21, 2022

We know well the importance of personal information to you and will use every endeavor to protect the security and reliability of your information. Through the JiHu GitLab Privacy Policy (“this Privacy Policy”), we hope to explain to you how we will collect, use, store, share, transfer, publicly disclose and protect your personal information during your use of our products and services, and how you can manage such information.

Please read and fully understand this Privacy Policy before using our products or services. Some key terms hereof are highlighted by us in bold and underlined to draw your attention. You acknowledge and confirm that you have read and fully understood all the contents hereof before using our products or services. By starting the use of our products or services, you fully understand and agree to this Privacy Policy. If you do not agree to the contents hereof, you should stop using our products or services. Please liaise with us through the contact information set out herein in case you have any query, comment or suggestion about the contents hereof.

Through this Privacy Policy, we will make relevant explanations to you, with the key sections as follows:

Scope of Application
How We Collect and Use Your Personal Information
Entrusted Processing, Sharing, Transfer and Public Disclosure of Your Personal Information
How We Store Your Personal Information
How You Manage Your Personal Information
How We Protect Your Personal Information
Protection of Minors
Effectiveness and Update of this Privacy Policy
Contact Us
Governing Law
Language

1. Scope of Application

This Privacy Policy shall be applicable to the JiHu GitLab website(s) and services thereof (having the domain name gitlab.cn, the “Website”), as well as the JiHu GitLab SaaS products and services thereof (having the domain name jihulab.com, the “SaaS Products”) operated by GitLab Information Technology (Hubei) Co., Ltd., GitLab Innovation (Beijing) Information Technology Co., Ltd. and their Affiliates (collectively, “we”).

You are informed and understand that we may provide links to the Website and the SaaS Products on other JiHu GitLab websites. Once you access the Website and the SaaS Products through such links, this Privacy Policy will apply.

With the development of our business, we may update or improve the Website and the SaaS Products, and may also provide you with other new products and websites of JiHu GitLab. This Privacy Policy will also apply to the update and improvement of the Website and the SaaS Products, as well as any new products and websites of JiHu GitLab that we may subsequently make available to you. If necessary, we will amend this Privacy Policy and notify you thereof in accordance with relevant provisions of Article 8 hereof.

2. How We Collect and Use Your Personal Information

When you use the Website and the SaaS Products, we will collect and use your personal information for the following purposes set forth herein:

2.1. Registration for SaaS Products

When you register for a SaaS Products-related account, to help you complete the registration, you need to provide us with your name, mobile phone number, fixed line phone number and email information. If you refuse to provide such information, you may not be able to successfully complete the registration and normally use the SaaS Products.

2.2. Registration for Website Forums

When you register for a website forum-related account, to help you complete the registration, you need to provide us with your email information. Your refusal to provide such information may hinder you from successfully making the registration, but will not affect your normal use of other functions.

2.3. Application for Trial Paid Functions

When you apply for the trial paid functions on the Website or the SaaS Products, to help you complete the application, you need to provide us with such information as your mobile phone number, fixed line phone number, email, company name and company address. Your refusal to provide such information may hinder you from successfully applying for the trial paid functions, but will not affect your normal use of other functions.

2.4. User Survey and Feedback

When you feed back the problems you encounter in using the products and services to us through the Website and the SaaS Products, you need to provide us with your user ID and business form information (including, among others, your complaint feedback information, contact information and company information) for us to establish liaison with you and help you solve the problems as soon as possible, or record the solutions to relevant problems and the results thereof. Your refusal to provide the above information may hinder you from successfully using the survey and feedback function, but will not affect your normal use of other functions. The information you provide in the feedback will only be used for us to communicate and feed back with you, without disclosure to any third party unless otherwise explicitly consented to by the user or prescribed by laws.

2.5 Product Marketing and Promotion

To introduce you to our products and help you to learn about our business, we will use the registration name, mobile phone number, landline telephone number, email address and company name you have provided to us, in order to market and promote products or communicate with you via telephone, email or by other means.

2.6. Security

In order to improve the security of your use of our services, protect your, other users’ or the public’s personal and property security, better prevent phishing websites, fraud, network vulnerabilities, computer viruses, network attacks, network intrusion and other security risks, and more accurately identify violations of laws, regulations or JiHu GitLab-related agreements and rules, we may collect your user ID, IP address, the Website and the SaaS Products browsing records, click records, the Website and the SaaS Products function use records, as well as information which we may share with your authorization or according to law, for identity verification, risk controls including fraud prevention, detection and prevention of security incidents, and take necessary recording, auditing, analysis and response measures in accordance with law. Your refusal to provide the above information will not affect your normal use of other functions.

2.7. Presenting and Pushing Products or Services to You

Subject to the national laws and regulations, we may anonymize, summarize, desensitize and encrypt your personal information to form statistical information or user profiles (which, however, cannot identify any individual users), as well as present and push relevant services or products to you. Without your prior consent, we will not use such information for purposes other than those specified herein, nor will we use any information collected for a specific purpose for other purposes.

2.8. Cookies and Similar Technologies-based Services

We use cookies and similar technologies to provide you with products and services. We will place cookies which are small files on your device to store your device information and identify you when you use our services. In addition, we may use cookies to analyze and improve our services, and deliver interest-based advertising to you according to your online activities. Most browsers allow you to delete cookies, the specific operation instructions of which can be found at https://allaboutcookies.org/manage-cookies/. For more information about cookies and how we use cookies, please refer to our Cookies Policy.

2.9. Exceptions to Authorization

According to applicable laws and regulations, we may collect and use your relevant personal information without your authorization and consent under any the following circumstances:

(1) the collection and use are necessary for execution and performance of contracts to which you are a party;
(2) the collection and use are necessary for us to perform our statutory duties or obligations;
(3) the collection and use are directly related to national security and national defense security;
(4) the collection and use are directly related to public safety, public health and major public interests, for example, they are necessary for responding to public health emergencies or protecting the life, health and property safety of natural persons in emergencies;
(5) the collection and use are directly related to criminal investigation, prosecution, trial and enforcement of judgment, etc.;
(6) the collection and use are for the purpose of protecting your or other individuals’ life, property and other major legitimate rights and interests, to which it is difficult to obtain your consent;
(7) we collect your personal information disclosed by your own to a reasonable extent in accordance with laws and regulations;
(8) we collect the user information from legally disclosed information, such as legal news reports and government information disclosures, to a reasonable extent in accordance with laws and regulations;
(9) the collection and use are necessary for maintaining the safe and stable operation of the products or services offered, such as finding and handling faults of the products or services;
(10) other circumstances stipulated by laws and regulations.

3.1. Entrusted Processing

We will, in case of authorizing third-party companies, organizations or individuals to process your personal information, enter into data processing agreements with them, requiring them to process your personal information in accordance with our requirements and applicable laws, and take confidentiality and security measures to protect your personal information.

3.2. Sharing

We will not share your information with any company, organization or individual except:

(1) Sharing with Explicit Consent：We will share your information with other parties after obtaining your explicit consent.
(2) Sharing under Statutory Scenarios：We may share your information externally in accordance with laws and regulations or the mandatory requirements of judicial authorities, governmental authorities and other government departments.
(3) Sharing with Authorized Partners：Solely for the purposes stated herein, we may share your personal information with third-party partners to provide better services. We will only share information for legitimate, appropriate, necessary, specific and clear purposes, to the extent required for the provision of services.
(4) Sharing with our Affiliates：We may share your personal information with our affiliates so that we can offer certain services to you together with them. We will only share necessary information for the purposes stated herein. Our affiliates will seek your separate authorization and consent if they intend to change the use and processing purposes of the personal information.

3.3. Transferring

We will not transfer your information to any company, organization or individual, except to the extent:

(1) we have obtained your consent;
(2) the personal information is disclosed by you or obtained by us from other legal public channels;
(3) with the development of our business, in case of merger, acquisition or bankruptcy liquidation in which personal information transfer is involved, we will require the new companies and organizations holding your personal information to continue to be bound by this Privacy Policy. If there is any change in such manners for collecting and processing personal information as set out herein, the said companies and organizations will separately seek your authorization and consent.

3.4. Public Disclosure

Subject to applicable laws and regulations, we will not publicly disclose your personal information unless with your explicit consent.

3.5. Exceptions to Authorization

Additionally, pursuant to relevant laws, regulations and national standards, we may share, transfer and disclose your relevant personal information without your authorization and consent under the following circumstances:

(1) the sharing, transferring and disclosure are related to performance of our obligations under laws and regulations;
(2) the sharing, transferring and disclosure are directly related to national security and national defense security;
(3) the sharing, transferring and disclosure are directly related to public safety, public health and major public interests;
(4) the sharing, transferring and disclosure are directly related to criminal investigation, prosecution, trial and enforcement of judgment;
(5) the sharing, transferring and disclosure are for the purpose of protecting your or other individuals’ life, property and other major legitimate rights and interests, to which it is difficult to obtain your consent;
(6) the personal information involved has been disclosed to the public by yourself;
(7) the personal information is collected from legally disclosed information, such as legal news reports and government information disclosures.

4. How We Store Your Personal Information

4.1. The personal information we collect and generate in the People’s Republic of China will be stored in the People’s Republic of China. We will, insofar as we need to transmit your personal information abroad for business demands in compliance with applicable laws and regulations, obtain your prior consent and inform you of the recipient’s name, the categories of the outbound personal information, the purposes and methods of processing, the contact information, the methods and procedures for exercise of the rights over the overseas recipient, among others.

4.2. We will only store your personal information during the period necessary for the purposes hereof and within the time limit required by laws and regulations. We will, to the extent we cease our products or services, promptly stop collecting your personal information, notify you of the operation cessation in the form of delivery one by one or announcement, and delete or anonymize your personal information stored by us.

5. How You May Manage Your Personal Information

5.1. Viewing and Correcting Personal Information

You can query and correct the basic information (basic data) and contact information submitted when using the Website and the SaaS Products by logging in to the Website or the SaaS Products-related account and then entering “Edit Profile” in the background of the account. Generally, you are allowed to browse and modify the information submitted by you at any time, but for security and identity recognition (such as number request service), you may not be able to modify certain initial registration information and verification information provided during your registration.

5.2. Deleting Personal Information

5.2.1. You can contact us through the method set out in Article 9 hereof requesting to delete your personal information in any of the following cases:

(1) our processing of the personal information violates laws and regulations;
(2) we collect and use your personal information without your consent;
(3) our processing of the personal information goes against the agreement with you;
(4) you no longer use our products or services, or you have canceled your account;
(5) we cease providing products or services, or the retention period has expired;
(6) you have withdrawn your consent;
(7) the purpose for which we process your personal information has been achieved or cannot be achieved, or the relevant personal information is no longer necessary for the purpose of the processing.

5.2.2. We will give you a reply within 15 working days after verifying your user identity. Your personal information in the backup system may not be deleted by us therefrom immediately upon deletion of it from our server, but will be deleted when the backup is updated. Please understand that if the retention period stipulated by laws and administrative regulations has not expired, or it is technically difficult to delete the personal information, we will stop processing except storing and taking necessary security measures over the information.

5.3. Cancellation

You may cancel your account related to the Website or the SaaS products by logging in to such account, and then opting to “Delete Account” after entering “Edit Profile” in the background of the account. Please note that canceling your such account will permanently deprive you of the right to access the account and the data therein.

5.4. Response to Your Request

5.4.1. We usually respond to the foregoing requests from you or your guardian, close relatives and other authorized entities, as well as requests for supplementing, copying and transferring your personal information, withdrawing or changing authorization and permit, restricting or rejecting data processing activities on your personal information, and requiring an explanation of your personal information processing rules within 15 working days.

5.4.2. In principle, we will not charge you any fees for the above reasonable requests. However, we may refuse requests which are made repeatedly, require excessive technical assistance, would pose risks to the legitimate rights and interests of others, or are highly impractical. Nevertheless, we will explain the corresponding reasons to you in case we are unable to respond to your requests.

5.4.3. We will be unable to respond to your request if:

(1) there is a relevance to performance of our obligations under laws and regulations;
(2) there is a relevance to national security or national defense security;
(3) there is a direct relevance to public safety, public health and major public interests;
(4) there is a direct relevance to criminal investigation, prosecution, trial and enforcement of judgment;
(5) we have sufficient evidence to show your subjective malice or abuse of rights;
(6) we do so for the purpose of protecting your or other individuals’ life, property and other major legitimate rights and interests, to which it is difficult to obtain your consent;
(7) response to your request will cause serious damage to the legitimate rights and interests of you or other individuals or organizations; or
(8) trade secrets are involved.

6. How We Protect Your Personal Information

6.1. We attach great importance to your information security, trying to take reasonable physical, electronic and administrative security measures to protect your user information from unauthorized access, public disclosure, use, modification, damage or loss.

6.2. We provide training regarding laws and regulations related to privacy protection for our staff on a regular basis as well as formulate internal policies on privacy protection at the company level to improve their awareness of privacy protection.

6.3. In the event of an unfortunate user information security-related incident (disclosure, tampering and loss), we will, in accordance with the requirements of laws and regulations, promptly inform you of the categories of personal information leaked, tampered with or lost, the causes and possible harm of the leakage, tampering or loss, the handling measures that have been or will be taken by us, the suggestions on your preventing and reducing the risks, and the remedial measures for you, among others. We will timely notify you of information with respect to the event by mail, letter, telephone and push notification, etc., and will, in case it is difficult to notify the user information entities one by one, make an announcement on the same in a reasonable and effective way. Meanwhile, we will also report handling of the incident as required by the regulatory authorities.

6.4. Irrespective of having taken the above reasonable and effective measures and complied with the standards required by relevant laws and regulations, we may still not be able to guarantee the security of your personal information when it is communicated through unsafe means. Therefore, you should take active measures, such as changing your account password regularly and refraining from disclosing your account password and other personal information to others, to ensure the security of your personal information.

6.5. You understand that the personal information protection measures made available by us are only applicable to the Website and the SaaS Products; once you leave the Website and browse or use other websites, services and content resources, we will have no ability and obligation to protect any personal information you submit on websites other than the platform contemplated hereby, regardless of whether you log in or browse such websites based on the link or guidance on the Website.

7. Protection of Minors

7.1. We do not offer products and services to minors under the age of eighteen (18), nor will we collect any personal information of minors under the age of eighteen (18).

7.2. If you are the parent or guardian of a minor under the age of eighteen (18), and find that the minor in your custody uses our products and services, or have any questions about his/her personal information, please liaise with us through the contact information disclosed in this Privacy Policy.

8. Effectiveness and Update of this Privacy Policy

8.1. This Privacy Policy shall take effect from the date on which it is published.

8.2. This Privacy Policy may be amended.

8.3. Without your express consent, we will not limit your rights hereunder. Any amendments to the Privacy Policy will be published on dedicated pages.

8.4. With respect to material amendments, we will also give you a more prominent notice (e.g. for some services, we will notify you through announcement on website or even provide you with pop-up prompts to indicate the specific changes in the Privacy Policy).

8.5. For the purpose hereof, amendments are material if there are, inter alia:

(1) material changes in our service model, such as the purpose of processing user information, the category of user information processed, and the way in which user information is used;
(2) material changes in our control and organizational structure, such as change of ownership caused by business adjustment, bankruptcy and merger, etc.;
(3) changes in the main parties with or to whom personal information is shared, transferred or publicly disclosed;
(4) material changes in your right to participate in personal information processing and the way you exercise thereof;
(5) changes in our departments responsible for user information security, the contact information thereof and the complaint channels;
(6) high risks as indicated in the personal information security impact assessment report.

8.6. We will also keep an older version of this Privacy Policy on file for your reference.

9. Contact Us

In case of any inquiries and comments on the content or the practice and operation hereof, please email us at contact@gitlab.cn. We will review the relevant inquiries as soon as possible and reply within fifteen (15) working days after verifying your user identity.

10. Governing Law

The execution, effectiveness, performance and interpretation of as well as dispute resolution in relation to this Privacy Policy shall be governed by the laws of the Mainland of the People’s Republic of China in force. Should any provision hereof is rendered invalid by conflict with such laws, the provision shall be reinterpreted on a principle of getting as close as possible to the original purpose of this Privacy Policy without violating the aforesaid laws, and the validity of other provisions hereof shall not be affected thereby.

11. Language

This Privacy Policy may be provided in Chinese, English or other languages. In case of any discrepancies or conflicts among different linguistic versions of this Agreement, the Chinese version shall prevail.