CubeBESS Privacy Statement

CubeBESS., Ltd. and its global affiliates (collectively, "CubeBESS", "we", "us", and "our") respect your privacy and understand how important it is to you. This Privacy Statement ("this Statement") applies to CubeBESS enterprise business websites, applications, products, and services that display or provide links to this Statement. Before using them, please read this Statement.

It describes how CubeBESS processes your personal data in enterprise business, but it may not address all possible personal data processing scenarios. CubeBESS may issue a dedicated privacy statement or notice for a specific CubeBESS enterprise business website, application, product, or service to explain how we process your personal data and how you can exercise your rights and contact the data controller. You are therefore advised to read the dedicated privacy statement or notice in conjunction with this Privacy Statement before using the specific website, application, product, or service.

I. How We Collect & Use Your Personal Data

Personal data means any data that, either on its own or jointly with other data, can be used to identify an individual. Depending on how you interact with us, you may need to provide us with such data when you use our websites, applications, products, or services. In some cases, you can choose not to provide such data, but this may prevent us from providing you with corresponding products or services, or may mean that we cannot respond to or resolve any issues you have raised.

A. How We Collect Your Personal Data

We collect your personal data only for the purposes described in this Statement. The following are examples of personal data that we may collect:

1. Information that you provide to us

(1) Account information, such as your account ID, password, name, email address, phone number, and country. If you use a social media account to log in, we will collect your OpenID and related information.

(2) Personal contact information, such as your name, email address, phone number, country, city, company, position, and address.

(3) User experience feedback, such as any feedback you provide about the use of our products and services, purchase requirements, comments, and satisfaction.

2. Information obtained during your use of products and services

(1) Device data. When you use our products and services, we will collect information about your device. This includes the operating system, IP address, browser type and version, and other technical information that varies depending on the products and services.

(2) Interaction information.

• When you watch webinars, click ads, or open or click marketing or service notification emails we send to you, we will collect the generated interaction records.

• When you interact with our customer communication channels (such as pre-sales or after-sales service centers) face-to-face, online, or via phone or email, we will record the communication process, including your phone number, recordings, and chat logs.

• When you participate in our offline activities, such as exhibitions and summits, we may collect your attendance records, photos, and audio and video files.

• When using location-based products or services, you may need to authorize us to obtain your location information.

• When you use our products or services, we automatically collect and store necessary log information, such as the time of access, access count, IP addresses, and events (such as access success or failure).

(3) Information from third-party sources

As permitted by law, we may also obtain information about you from public and commercial third-party sources. For example, we may obtain the alias you use when logging in to our website from a third-party social media platform.

(4) Collection and use of non-personally identifiable information (PII)

Non-PII is information that cannot be used to identify a particular individual. For example, statistical data, such as the number of visits to our website, is non-PII. We collect this data to understand how people use our websites, applications, products, and services so that we can improve our quality of service and better meet user requirements. We may collect, use, process, transfer, or disclose non-PII for other purposes at our own discretion. We will try best to isolate your personal data from non-PII and use them separately. If non-PII is mixed with your personal data, it will be treated as personal data.

B. How We Use Your Personal Data

1. Purposes of using personal data

We collect and use personal data to provide better product and service experience for you. We may use your personal data for the following purposes:

(1) Authentication. When you use our products or services, you may need to provide personal data in order to create an account and for subsequent authentication and permission management.

(2) With your consent, contacting you, informing you about products and services of interest, and inviting you to join our activities and surveys. You can opt out of receiving such information at any time.

(3) Confirming your participation requests, sending marketing campaign information, and collecting survey information by CubeBESS or authorized partners when you have signed up for our online or offline marketing campaigns.

(4) With your consent, sharing your hashed user ID with third-party social media platforms to present CubeBESS-related products or services to you.

(5) Fulfilling contracts, handling payments, arranging shipment, and providing delivery and maintenance services related to our products or services.

(6) Providing technical support and after-sales services for our products or services based on contractual obligations or according to your requirements. This includes resolving any issues you raise and providing solutions or suggestions.

(7) Organizing and managing CubeBESS certification exams and online learning, and managing the training and ICT competitions organized by CubeBESS or authorized partners.

(8) Qualifying, managing, communicating with, and doing business with suppliers and business partners.

(9) Providing you with personalized experience and content.

(10) Carrying out internal audits, data analysis, and research; analyzing business operations efficiency and measuring market share; and improving our products and services.

(11) Ensuring the security of your personal data and that of our products and services, and executing and improving our loss-prevention and anti-fraud plans.

(12) Complying with and enforcing applicable laws.

2. Legal basis for processing data

We process your personal data following the requirements of applicable laws based on an appropriate legal basis, including:

• Necessity for the performance of a contract;

• Your consent;

• Necessity for the protection of our or a third party's legitimate interests. Legitimate interests include enabling us to more effectively manage and operate our business and provide our products and services; protecting the security of our businesses, systems, products, services, and customers; a nd other legitimate interests;

• Necessity to comply with and fulfill legal obligations.

II. How We Use Cookies & Similar Technologies

A. Cookies

To ensure our websites and applications work correctly, we may need to place a small piece of data known as a cookie on your computer or mobile device. A cookie is a text file stored by a web server on a computer or mobile device. The content of a cookie can be retrieved or read only by the user or server that creates the cookie. A cookie often consists of identifiers, site names, and some numbers and characters. Cookies are unique to the browsers or applications you use, and enable websites or applications to store data such as your preferences or items in your shopping cart.

Like many other websites or Internet service providers, we use cookies to improve user experience. Cookies allow websites or applications to remember your settings such as language, preferred font size, or other browser preferences. This means that you do not need to set your preferences on every visit. If you disable cookies, websites will treat you as a new visitor every time you load a web page. For example, if you navigate away from a website you are logged in to and then return to it, you will need to log in to it again.

We will not use cookies for any purpose other than those mentioned in this Statement. You can manage or delete cookies based on your own preferences. You can clear all the cookies stored on your computer, and most web browsers provide the option of blocking cookies.

B. Web Beacons and Pixel Tags

In addition to cookies, we may also use other similar technologies, such as web beacons and pixel tags, on our websites and applications. For example, we may send you an email that contains a click-through URL linking to a CubeBESS web page. If you click the link, we will track your visit to help us learn about your preferences for products and services and improve our customer service. A web beacon is a transparent image embedded in a web page or email. We use pixel tags in emails to find out whether an email has been opened. If you do not want to be tracked in this manner, you can click the unsubscribe link in the email.

By using our websites and applications, you consent to the use of cookies, web beacons, and pixel tags as described above.

III. How We Disclose Personal Data

Generally, we disclose your personal data only in the following scenarios:

1. We disclose the information you have authorized to your specified third party.

2. As a global company, we may share personal data with our affiliates. We do so only for specific, clear, and legitimate purposes, and share only the information necessary to provide services.

3. We may share your personal data with our partners, in accordance with this Statement, if we have authorized them to offer certain services. For example, when you make a purchase from us, we must share your personal data with the logistics provider to arrange shipment.

4. To comply with applicable laws or respond to valid legal procedures, we may disclose your personal data to law enforcement agencies. If we are involved in a restructuring, merger & acquisition, separation, bankruptcy, or liquidation lawsuit in a given jurisdiction, your personal data may be disclosed in connection with the transaction.

IV. How We Protect & Retain Your Personal Data

The security of your personal data is important to us. We use appropriate physical, management, and technical measures to protect your personal data from unauthorized access/disclosure/use/modification, damage, or loss. For example, we use cryptographic technologies for data confidentiality, protection mechanisms to prevent attacks, and access control mechanisms to permit only authorized access to your personal data. We also train our employees on security and privacy protection to ensure they have a solid understanding of personal data protection. Although no security measure can ever guarantee complete security, we are fully committed to protecting your personal data.

We will retain your personal data for no longer than is necessary for the purposes stated in this Statement, unless otherwise extending the retention period is required or permitted by law. The data retention period may vary depending on the scenario, product, and service. The standards we use to determine the retention period include: the time required to retain personal data to fulfill business purposes (including providing products and services; maintaining corresponding transaction and business records; controlling and improving the performance and quality of products and services; ensuring the security of systems, products, and services; handling possible user queries or complaints; and locating problems), whether you agree to a longer retention period, and whether the laws, contracts, and other equivalences have special requirements for data retention. We will maintain your registration information as long as your account is necessary for us to provide you with your desired products and services. You can choose to deregister your account, at which point, we will stop providing you with products and services through your account and delete or anonymize your relevant personal data within a necessary period of time, provided that deletion is not otherwise stipulated by special legal requirements.

V. How We Process Children's Personal Data

Our websites, applications, products, and services are not intended for children.

Children, as defined by local applicable laws, are not allowed to register with or use our websites, applications, products, or services without the consent of a parent or guardian.

If you are the parent or guardian of a child and believe that we may have collected personal data concerning your child, please contact CubeBESS according to "X. How to Contact Us" in this Statement. We will attempt to delete the data as soon as possible.

VI. Third-Party Providers and Their Services

In the use or experience process, you may receive content or web links from third parties other than CubeBESS. CubeBESS does not have control over the content or websites after redirection, but you can choose whether to use the links, view the content, or access the products or services provided by third parties.

The personal data you provide on a third-party website is collected and processed solely by the third party, independently from CubeBESS's processing activities. Such third parties are not subject to this Statement. Before submitting personal data to them, please read and understand their statements.

VII. Updates to This Statement

We reserve the right to update or modify this Statement at any time. The Statement published here will always be the latest one. If we make major changes to this Statement, we may notify you through different channels, for example, posting a notice on our website or sending you a direct notice.