Privacy Policy for Personal Information Protection
This Privacy Policy applies only to the automated driving and information services provided by Guangzhou WeRide Technologies Co., Ltd. ("WeRide" or "us"), including:
(1) Your registration and use of WeRide's automated driving services through WeRide Go platform, including but not limited to WeChat official account, mobile internet applications (APPs), and telephone services;
(2) Your provision, acquisition, authorization of relevant information, suggestions and/or services through WeRide Go platform. These are collectively referred to as "Services."
If you have any questions, opinions or suggestions, please contact us through the following methods:
Email: legal@weride.ai
Phone: 020-29093399
Address: 21st Floor, Tower A, Guanzhou Life Science Center, International Bio-Island, Haizhu District, Guangzhou
This policy will help you understand the following:
- Rules for collecting and using personal information
- How we protect your personal information
- Your rights
- How we handle children's personal information
- How this policy is updated
- How to contact us
Personal information refers to various types of information that can be used to identify a specific individual or reflect a specific individual's activities, which are recorded electronically or in other ways. This includes but is not limited to names, dates of birth, identity document numbers, personal biometric information, addresses, contact information, communication records and contents, account passwords, property information, credit information, travel trajectories, accommodation information, health and physiological information, and transaction information. We may process your personal information by collecting, storing, using, sharing, transferring, and publicly disclosing it during the provision of our Services.
We understand the importance of personal information to you, and we will make every effort to protect the security and reliability of your personal information to the maximum extent possible. We are committed to maintaining your trust in us and adhere to the following principles to protect your personal information: the principle of consistency between rights and obligations, the principle of clear purpose, the principle of choice and consent, the principle of minimum necessity, the principle of ensuring security, the principle of subject participation, and the principle of openness and transparency. At the same time, we promise to adopt corresponding security protection measures to protect your personal information in accordance with mature security standards in the industry.
Please read and understand this policy carefully before using our Services. If you do not agree with any part of this policy, you should choose not to use our Services.
Personal Information Collection and Usage Policy
1. What personal information do we collect from you?
The business functions we provide rely on certain information to operate. If you choose to use our services, you will need to provide or allow us to collect the necessary information, including network logs, precise location information, phone numbers, user-posted content, identity authentication information, order logs, internet logs, driving trajectory logs, transaction information, account information, password information, location information (precise location information, user departure location, user arrival location), third-party payment information, in-car videos, and voice data.
A total of 17 categories of personal information.
The above information we collect includes your sensitive personal information: precise location information, trajectory logs, transaction information, account information, password information, third-party payment information, in-car videos, and voice data. You can choose to provide or allow us to collect more information. This information is not necessary for the operation of the business functions, but it is very important for improving service quality, developing new products or services, and so on. We will not force you to provide this information, and your refusal will not have a negative impact on your use of the service.
When you use our services, our app will request the following system permissions related to personal information: location permission, storage permission, and call permission.
A total of 3 system permissions. If you do not grant these permissions, we will not be able to provide the service. In addition to these permissions, you can choose whether to grant additional system permissions to the app.
2. How do we use your personal information?
We will use your personal information to provide the business functions and to maintain and improve the services we provide, develop new business functions, and so on. If we change the purpose or expand the scope of information collection and usage, we will obtain your consent again through pop-ups, notifications, and other means.
We will store and back up your personal information within the territory of the People's Republic of China.
We will always retain or only retain the collected information within a reasonable period of time based on business needs while providing services to you. After you cancel your account, we will promptly delete and destroy your personal information in a commercially and technically feasible manner. Excluded from this are information that cannot be associated with specific individuals after processing and cannot be restored (i.e., anonymized information) in accordance with legal requirements.
3. How do we delegate processing, share, transfer, and publicly disclose your personal information?
(1) Delegation of processing
Certain specific modules or functions in this business function are provided by external suppliers. For example, we may hire service providers to assist us in providing customer support.
We will sign strict confidentiality agreements with companies, organizations, and individuals who handle personal information on our behalf, requiring them to handle personal information in accordance with our requirements, this privacy policy, and any other relevant confidentiality and security measures. We will not be liable for any infringement of personal information caused by external suppliers.
(2) Sharing
We will not share your personal information with any company, organization, or individual outside of our company and affiliated companies without your explicit consent.
We may share your personal information with others according to legal and regulatory requirements or mandatory requests from government authorities.
(3) Transfer
We will not transfer your personal information to any company, organization, or individual, except in the following circumstances:
Transfer with explicit consent: After obtaining your explicit consent, we will transfer your personal information to other parties;
In the event of a merger, acquisition, or bankruptcy liquidation, if personal information transfer is involved, we will require the new company or organization holding your personal information to continue to be bound by this privacy policy; otherwise, we will require the company or organization to obtain your authorization again.
(4) Public Disclosure
We will only disclose your personal information publicly in the following circumstances:
With your explicit consent;
Based on legal disclosure: we may disclose your personal information publicly if it is required by law, legal procedure, litigation, or government authorities.
3. How We Protect Your Personal Information
As the information protection industry standard for autonomous ride-hailing cars is still developing, we will make every effort to use security measures that comply with industry standards based on experience to protect the personal information you provide to prevent unauthorized access, public disclosure, use, modification, damage, or loss of data. We will take all reasonable and feasible measures to protect your personal information.
We will take all reasonable and feasible measures to ensure that irrelevant personal information is not collected. We will only retain your personal information for the period necessary to achieve the purposes described in this policy, unless the retention period needs to be extended or is permitted by law.
We will regularly update and publicly disclose reports related to security risks, personal information security impact assessments, and other related content. You can obtain this information through our official website, official WeChat public account, or other channels we deem appropriate.
The internet and the IoT environment are not 100% secure. We will do our best to ensure or guarantee the security of any information you send us. If our physical, technical, or managerial protection facilities are breached, resulting in unauthorized access, public disclosure, tampering, or destruction of information, and causing damage to your legitimate rights and interests, we will be responsible according to legal provisions.
If a personal information security incident occurs, we will inform you in a timely manner in accordance with legal requirements: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, suggestions for you to prevent and reduce risks, and your remedial measures, etc. We will notify you of the relevant situation of the incident in a timely manner in accordance with the law. The notification method is not limited to email, letter, phone, text message, push notification. If it is difficult to notify the individual information subject one by one, we will adopt reasonable and effective methods to issue a public notice.
At the same time, we will actively report the disposal situation of personal information security incidents according to the requirements of regulatory authorities.
4. Your Rights
In accordance with relevant laws, regulations, rules, normative documents and standards in China, as well as common practices in other countries and regions, we guarantee your rights to exercise the following rights regarding your personal information:
Access to Your Personal Information
You have the right to access your personal information, except for exceptions provided by laws and regulations. If you want to exercise your data access rights, you can send an email to legal@weride.ai at any time. We will respond as soon as possible in the shortest time feasible.
The personal information that you can access includes the type of personal information or personal information we hold about you, the source of the personal information, the purpose for which it is used, and the third-party identity or type that has obtained the above personal information. If you inquire about personal information that you did not actively provide, we will make a decision on whether to respond after weighing the risks and damages to your legitimate rights and interests, technical feasibility, and the cost of implementing the request, and give an explanation.
Correct Your Personal Information
When you find that the personal information we process about you is incorrect, you have the right to request us to correct it. You can submit a correction request through the methods listed in "Access to Your Personal Information."
You can request that we delete your personal information in the following circumstances:
- If our processing of personal information violates laws and regulations;
- If we collect and use your personal information without your consent;
- If our processing of personal information violates our agreement with you;
- If you are no longer using our services or have canceled your account;
- If we no longer provide services to you.
If we decide to respond to your deletion request, we will also notify entities that obtained your personal information from us to promptly delete it, unless otherwise provided by laws and regulations or authorized by you.
After you delete information from our service, we may not immediately delete the corresponding information from our backup systems, but we will delete it when the backup is updated.
Change the Scope of Your Authorized Consent
Each business function requires some basic personal information to be completed. For the collection and use of additional personal information, you can give or withdraw your consent at any time.
You can make the request through the contact information we provide.
After you withdraw your consent, we will no longer process the corresponding personal information. However, your decision to withdraw consent will not affect the processing of personal information based on your authorization before.
Subject to Personal Information Account Cancellation
You can cancel the account you previously registered at any time, and you can do it yourself through the following methods: [platform operation].
After you cancel your account, we will stop providing products or services to you and, upon your request, delete your personal information, except as otherwise provided by laws and regulations.
Subject to Personal Information Obtaining a Copy of Personal Information
You have the right to obtain a copy of your personal information, and you can do it yourself by sending an email to legal@weride.ai.
If technically feasible, such as through data interface matching, we can also directly transfer a copy of your personal information to a third party designated by you upon your request.
5. Constrain Information System Automatic Decision-making
In certain business functions, we may make decisions based solely on non-human automated decision-making mechanisms such as information systems and algorithms. If these decisions significantly affect your legitimate rights and interests, you have the right to request an explanation, and we will provide appropriate remedies.
We may collect, aggregate, and analyze personal information to analyze or predict your personal characteristics, such as occupation, economy, health, education, personal preferences, credit, behavior, etc., to form a personal feature model, which is a user profile of you. We may use personal information such as a specific individual's web browsing history, interests, consumption records, and habits to display information content, provide search results for goods or services, and other activities, which is targeted push. If you do not wish to receive targeted push information, you can turn it off through [the platform].
6. Respond to Your Above Requests
To ensure safety, you may need to provide a written request or other means to prove your identity. We may first ask you to verify your identity before processing your request. We will respond to your request as soon as possible within a commercially reasonable time, and if we cannot respond promptly, we will explain the reason to you. For your reasonable requests, we generally do not charge a fee, but for multiple repetitive requests beyond a reasonable limit, we will charge a certain cost fee. For requests that are groundless and repetitive, require too many technical means (such as requiring the development of a new system or fundamentally changing current practices), pose risks to the legitimate rights and interests of others, or are highly impractical (such as involving information stored on backup tapes), we may refuse to comply.
We will be unable to respond to your request under the following circumstances:
- Related to the personal information controller's performance of obligations stipulated by laws and regulations;
- Directly related to national security and defense;
- Directly related to public safety, public health, and significant public interests;
- Directly related to criminal investigation, prosecution, trial, and execution of judgments;
- The personal information controller has sufficient evidence to prove that the personal information subject has subjective malice or abuses rights;
- For the purpose of protecting the vital legitimate rights and interests of the personal information subject or other individuals, organizations, but it is difficult to obtain the personal consent;
- Responding to the personal information subject's request would cause serious damage to the legitimate rights and interests of the personal information subject or other individuals or organizations;
- Involving business secrets.
Identity Verification
During the exercise of your rights, we may verify your identity again to ensure information security and take appropriate control measures to avoid personal information leakage during the identity verification process.
Request Refusal
If we refuse one or more of your requests, we will explain the reasons to you.
7. How we handle children's personal information
For the purposes of this privacy policy, children refer to minors under the age of fourteen (14).
Our services are intended for adults only. Children should not create their own user accounts without the consent of their parents or guardians.
If we collect personal information from children with the consent of their parents, we will only use or disclose this information in accordance with the law, with the express consent of the parents or guardians, or when it is necessary to protect the child. If we discover that we have collected personal information from a child without prior consent from their parents, we will make every effort to delete the data as soon as possible.
During the provision of our services, the audio and video recording equipment in our vehicles may collect information about children riding with you, please be aware of this. We will collect, store, use, transfer, and disclose information about children in accordance with the law.
In accordance with the law, it is the responsibility of parents and guardians to fulfill their guardianship duties, educate and guide children to enhance their awareness and ability to protect personal information, and protect children's personal information security.
8. How this policy is updated
Our privacy policy may be changed from time to time. If there are any changes, we will notify you again. If there are significant changes, we will obtain your consent.
Significant changes referred to in this policy include, but are not limited to:
- Significant changes in our service model, such as the purpose of processing personal information, the type of personal information processed, and the way in which personal information is used;
- Significant changes in our ownership structure, organizational structure, etc., such as business adjustments, bankruptcy mergers, and changes in ownership caused by other reasons;
- Significant changes in the main objects of personal information sharing, transfer or public disclosure;
- Significant changes in your rights and ways of exercising your participation in personal information processing;
- Changes in the department responsible for personal information security, contact information, and complaint channels;
- When the personal information security impact assessment report indicates a high risk.
We will also archive previous versions of this policy for your reference.