— 89 —
ensure the user-information is accessible only to authorized personnel to the
maximum extent possible, and hold training sessions about security and privacy
protection to enhance our employee’s awareness of the importance of user
information protection.
6.2. We will take reasonable and practical measures to avoid collecting irrelevant
and unnecessary user information to the maximum extent possible. We will retain
your user information only for the period as is necessary to achieve the purposes
outlined in this Policy unless it is agreed by you and us to prolong the retention
period or permitted by law. Upon the expiration of such retention period, we will
delete or anonymize your Personal Information.
6.3. Upon the occurrence of any user information security incident (such as
disclosure or loss), we will, in accordance with the requirements of laws and
regulations, notify you of the following matters: basic information and possible
influence of such security incident, handling measures we have taken or will take,
suggestions on how you may prevent or reduce risks on your own, and remedies to
be taken for you. We will notify you of the relevant information of such incidents
through email, letter, phone, and push notification. If it is difficult to notify each user
information subject one by one, we will publish the announcement reasonably and
effectively.
6.4. In addition, we will also report the handling of user information security
incidents according to the requirements of regulatory authorities.