Privacy Policy
1. Information About the Data Controller
Our application (the "App"), whether provided through the website or various application stores, is managed by Shanfeng Cultural Tourism Technology Co., Ltd., which is the controller of your personal data. Therefore, in this policy, "we", "our company", or "our" refers to the data controller.
We have appointed a Data Protection Officer (DPO) to assist us in complying with the requirements of Regulation (EU) 2016/679 General Data Protection Regulation. You may contact the Data Protection Officer directly by email at support@summit-wind.com.
2. Personal Data Processed and Legal Bases for Processing
When you use the App, we collect different types of information from you or your device. We only collect the data necessary to provide the service and do not collect additional unnecessary information.
The information we collect may come from information you actively provide, or may be automatically identified by the system from your device. This information may include data provided by the operating system or data manually entered by you when authorizing certain actions in the App.
Data you provide to us
Legal basis for processing
1. Social network information used to log in via OAuth methods (learn more about OAuth via https://oauth.net), including your public profile data (such as Facebook), which you can control at any time.
Performance of a contract with you. We cannot provide registered user services without obtaining such data.
2. Your name and avatar (the image you choose to display in the App).
Your consent at the time of submission. You may change or replace your name and avatar at any time in the App settings.
3. Messages and communication content with customer service.
Performance of a contract, enabling us to respond to your inquiries and provide customer support. These data will not be used for other purposes, such as profiling or targeting users' behavior.
The remaining data are technical information that must be processed in order to provide our services effectively.
Data automatically collected or assigned by us
Legal basis for processing
1. The servers used by the App may log requests sent from your device to the servers, including device and browser details, your IP address, date and time of access, city and country, operating system, browser type, and mobile network information.
Performance of a contract. The App requires these data to function properly and connect to the network. This information is used only for technical purposes, to ensure the normal operation and security of the App, and to investigate potential security incidents.
2. Device identifiers provided by the operating system (such as device ID or vendor ID) or assigned by us (such as your in-App ID).
We process these under our legitimate interests to prevent fraud and unauthorized access, and to ensure the App's technical availability and security.
3. App version, operating system version information, browser type, language settings, device model, etc.
Performance of a contract. These technical data are essential to ensure that the App functions properly on your device.
4. Usage events generated during your use of the App (such as logs, events, games played, purchase history, App crashes, system reports, etc.). Statistical information regarding App usage.
Partly for performance of a contract, and partly based on legitimate interests to prevent fraud and unauthorized access and to ensure the App's technical availability and security. Analysis of such statistical data helps optimize the App for future updates without affecting your rights and freedoms or disclosing any personal data about you or your contacts.
We may collect technical information related to your device, such as device ID, advertising identifiers (such as IDFA or GAID), IP address, browser type, and operating system version. These data are mainly used to improve the performance of our services and the user experience.
3. How We Use Your Personal Data
We attach great importance to the protection of your personal data and ensure that it is processed in a manner consistent with your expectations. Unless we have clearly informed you and obtained your consent, we will not use your data in any way that would surprise you or be unexpected.
For example, when you register an account, we encrypt it and store your personal data on secure servers to prevent unauthorized access or destruction.
The purposes for which we process your personal data are:
To provide our services to you
To prevent fraud
To improve and enhance our services
To notify you of any changes or updates to our services
4. Retention Period of Personal Data
The length of time we retain your personal data depends on the type of data. Generally, your data will be retained until you delete the App or after six months of inactivity. Certain data (such as IP addresses used for fraud prevention or blacklisted email addresses) may be retained longer based on our legitimate interests in protecting the business from potential losses.
As required by law, we must delete data that is no longer necessary to provide the service. If you do not use the App for more than six months (the "inactive period"), we will consider you to have permanently stopped using our services. After this inactive period, we will delete all personal data we hold.
However, if you decide to return to our App, you may create a new account again at any time and use our services again.
5. Our Security Measures
Your personal data are stored on secure servers rented by us, and we follow industry-standard best practices to ensure their security. We implement appropriate technical and organizational measures to prevent personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access during transmission, storage, or other processing.
We have contracted with Google (the "hosting provider") to store your personal data. The hosting provider holds various international security certifications that ensure your data security. You can read more about its security measures on the hosting provider's website:
https://cloud.google.com/security/compliance/compliance-reports-manager#/ReportType=Certificate ISO 27001 certificate
We also ensure that access to these data is granted only where necessary. These access controls are implemented through a series of technical and organizational measures, including:
Two-step verification for access to the hosting provider;
Following the principle of least privilege (that is, providing only necessary access rights);
All servers and services are continuously monitored, including logging personal access in the user interface;
Each employee may access the system only through their personal account, and their access rights are limited to their scope of duties and team.
You have the right to choose not to share or sell your personal data. If you wish to opt out, please contact our privacy support team at: support@summit-wind.com.
6. Categories of Data Recipients
We do not share your personal data with third parties, except in the following cases:
Sharing with data processors (service providers) operating under our instructions in order to fulfill our obligations to you;
Where explicitly described in this Privacy Policy;
Where we are required to comply with a legal obligation.
This does not mean that we blindly follow all disclosure requests. We examine each request to ensure it complies with relevant safeguards and includes a valid court order or is issued under legal provisions relating to the prevention, investigation, detection, or prosecution of criminal offenses.
Independent data controllers
For iOS and Android users:
6.1 Adjust GmbH ("Adjust") – Adjust is a data analytics platform that provides solutions such as campaign monitoring, optimization, and user data security, helping mobile marketers achieve app growth. The Adjust SDK collects and processes information in accordance with Adjust's privacy policy, which you can review at https://www.adjust.com/terms/privacy-policy
The data collected by the Adjust SDK help us understand and improve the effectiveness of marketing campaigns. These data are used to show you our website and its content, provide information or services you request, and for marketing and advertising purposes. They may also be used for other purposes specifically explained to you before your information is collected.
The information collected by the Adjust SDK helps us monitor and optimize promotional campaigns, ensure secure data management, and improve the user experience of our App.
6.2 Google LLC ("Google")
Google provides various services that help us ensure the stability, security, and proper operation of this application. These services are operated by Google LLC and process data in accordance with its Privacy Policy, details of which are available at: https://policies.google.com/privacy
6.2.1 Firebase
Firebase is a mobile application development platform operated by Google that provides authentication, cloud messaging, crash analytics, and other features. Firebase may collect login information, error reports, and notification delivery status data to support these functions. These data help us implement secure login, real-time push notifications, monitor crashes, and improve overall application performance. In addition, we may use such data for other clearly explained purposes after obtaining your consent. For more details, please refer to the Firebase Privacy Notice: https://firebase.google.com/support/privacy
6.2.2 Play Integrity API
Play Integrity API is a service provided by Google to protect applications and their users from fraud, abuse, and unauthorized activity. This service collects data such as the app installation source, whether the app has been tampered with, and whether the device is officially certified, in order to verify whether the app is running in a trusted environment and to help prevent cheating, fraud, and abuse. These data are processed in accordance with Google's Privacy Policy, details of which are available at: https://policies.google.com/privacy
7. Your Rights
You are entitled to all rights granted under the General Data Protection Regulation (GDPR), and we will do our utmost to comply with any valid request. You may exercise some rights by deleting certain functions on your device, or exercise all other rights by emailing support@summit-wind.com.
We fully respect your rights, including but not limited to:
Right of access: to request access to your personal data;
Right to rectification: to request correction of any inaccurate or incomplete personal data;
Right to erasure: to request deletion of your personal data;
Right to withdraw consent: where applicable, to withdraw your consent to the processing of your personal data;
Right to non-discrimination: to ensure that you are not discriminated against when exercising any of your rights.
Right to lodge a complaint: if you believe your privacy rights have been violated, please lodge a complaint with the supervisory authority in your country/region (within the European Economic Area).
To ensure data security, we may ask you to provide evidence proving that the request originates from the data subject. This process may include contacting us through the App and confirming a code sent to the registered email address. This ensures that personal data are not obtained by unauthorized persons.
If the personal data you request to delete are subject to our data retention policy or legal requirements, we will retain only the necessary information to protect our legitimate interests or comply with legal obligations.
Please note that all requests may be submitted via email to support@summit-wind.com or through the relevant App website (if applicable).
8. Children's Privacy
The App is intended only for users aged 18 and above. We do not knowingly collect or solicit any personal information from children aged 13 or under. The App's content is not directed to or intended to attract people in this age group.
If you are a parent or guardian and believe that we may have inadvertently collected personal data from a child aged 13 or under, please contact us at support@summit-wind.com and we will immediately take steps to delete the relevant information.
9. Cookies and Similar Technologies
When you visit our website, we use Cookies. However, we will give you the opportunity to choose which non-essential optional Cookies to retain. For more specific information about the Cookies used on our website, please refer to the Cookies policy of the relevant website.
10. Notice to California Residents, USA
Pursuant to the California Consumer Privacy Act of 2018 ("CCPA"):
1) Pursuant to Sections 1798.140(ad)(2) and 1798.140(ah)(2), we do not sell or share any consumer personal information.
2) Pursuant to Section 1798.130(a)(5):
Section 7 of this Privacy Policy has clearly set out the list of your rights;
Section 2 of this Privacy Policy lists the categories of consumer personal information we have collected and have collected in the past 12 months, as well as the business purposes for collecting such information.
3) Pursuant to Section 1798.130(a)(1)(A) and (B), consumers may contact us using the email address provided in this Privacy Policy. If a specific application may independently access an internet website, that internet website may also be used by consumers to submit any request.
4) Pursuant to the final sentence of Section 1798.130(a)(2)(A), we do not intend to collect data beyond the scope of information already retained about the requester when handling verifiable requests. Therefore, we will require consumers to submit verifiable consumer requests using the proprietary account associated with our product.
In short, we are obligated to reduce the risk of processing unauthorized requests. Therefore, if you contact us by email requesting information about a user completely different from the email address and user ID, we will ask you to verify the request using the in-app chat. Information requests must undergo extremely strict identity verification.
5) You may designate an authorized agent to make a request on your behalf. To do so, you must first provide the agent with written and signed permission so the agent may submit the request on your behalf. Second, you must contact us directly to verify your identity and confirm the agent's authorization. Please note that we reserve the right to reject any request made by a purported authorized agent who fails to provide valid proof of authorization.
11. Rights of Virginia Residents
If you are a Virginia resident, under the Virginia Consumer Data Protection Act (VCDPA), you have the following rights:
You have the right to understand how we collect, use, and share your personal data.
You may request access to, deletion of, correction of, or receipt of a copy of your personal data.
You have the right to opt out of targeted advertising, profiling, or sales activities based on your personal data.
To exercise these rights, please contact us: Section 13
We will respond within 45 days of receiving your request.
12. Third-Party Login
Facebook Login
Our application integrates the Facebook Login SDK to provide you with a convenient login experience. When using this feature, we may collect the following information about you:
Facebook public profile information (such as name, profile picture, email, etc.).
Other information within the scope of authorized permissions.
Purpose of data use
This information is used only for identity authentication, login services, and personalized experience.
Data sharing
The login process involves data interaction with Facebook. For details, please refer to the Facebook Data Policy.
We do not sell your data to third parties.
Your choices
You may withdraw authorization at any time or choose another login method.
If you have any questions, please contact us.
Apple Login
Our application integrates Sign in with Apple to provide you with a convenient login experience. When using this feature, we may collect the following information:
Basic information provided by Apple (such as name, email address, or the anonymous email address you choose).
Purpose of data use
This information is used only for identity authentication, login services, and personalized experience.
Data sharing
The Apple login process involves data interaction with Apple. For details, please refer to the Apple Privacy Policy.
We do not sell your data to third parties.
Your choices
You may withdraw authorization or change settings at any time through the Apple ID management page.
If you have any questions, please contact us.
13. Data Protection Officer / Representative
1) The Data Protection Officer responsible for Bang Bang privacy and data protection matters can be contacted at: support@summit-wind.com
2) In accordance with applicable personal information protection laws and regulations, we will process any request/inquiry upon receipt without delay, and no later than within 30 days.
3) When contacting you and issuing such requirements, we will take reasonable measures to verify your identity and prevent unauthorized processing of personal information.
14. Contact Us
If you have any questions about this Privacy Policy, please feel free to contact us at any time by email, post, or through the App.
Shanfeng Cultural Tourism Technology Co., Ltd.
Addressee: Data Protection Department
Room 1309, 13/F, Golden Commercial Building, 2-4 Chawen Street, Tsim Sha Tsui, Hong Kong
Customer Service Team: support@summit-wind.com