隐私政策

序言与接受条款

更新日期：2022年5月16日。更新版本自更新之日起生效。

己任律师事务所是一家综合性律师事务所（以下称“己任”或“我们”），我们在北京、上海、深圳三地设有办公室，为客户提供综合性的法律咨询服务。关于己任的详细介绍，请见我们的网站（https://www.genlaw.com/）。

己任深知个人信息对您的重要性，也深知为您的个人信息提供有效保护是我们业务健康、可持续发展的重要基石。我们将会按照法律法规要求，采取相应的安全保护措施来保护您的个人信息。

我们希望通过本隐私政策（“本政策”）向您说明，在您浏览我们的网站、公众号或者与我们合作、取得联系时，我们如何收集、使用、存储、共享、转让和公开披露您的个人信息，以及我们为您提供的访问、更新、删除和保护这些信息的方式。

我们在收集、处理您的个人信息时将严格遵守合法、正当、必要、诚信的原则。在您向己任提供您的个人信息之前，请仔细阅读本政策，尤其是以下加粗字体，以了解我们处理和保护个人信息的做法。

请务必仔细阅读并了解本政策的内容，在确认充分理解并同意后向我们提供您的个人信息。一旦您提供您的个人信息，即表示您已充分理解并同意本政策，并同意我们按照本政策收集、使用、存储、共享、转让和公开披露您的个人信息。 若您提供的信息中含有他人的个人信息，在向我们提供这些个人信息之前，您需确保您已经取得合法的授权或具有向我们披露该个人信息的其他合法事由。

如果您对本政策有任何疑问、意见或建议，请通过以下联系方式与我们联系：

电子邮箱：privacy@genlaw.com

本政策将帮助您了解以下内容：

一、我们如何收集和使用您的个人信息

二、我们如何使用Cookies或同类技术

三、我们如何存储您的个人信息

四、我们如何委托处理、共享、转让和公开披露您的个人信息

五、我们如何保护您的个人信息

六、您的权利

七、儿童个人信息的保护

八、本政策的适用范围

九、本政策的变更和修订

十、如何联系我们

十一、名词释义

一、    我们如何收集和使用您的个人信息

为了保护您的合法权益，我们将严格遵循“合法、正当、必要、诚信”原则，向您如实、公开告知个人信息收集、使用的目的、方式和范围，并在征得您的授权同意后实施收集、处理活动。您的授权同意可在任何时候撤回，且撤回后原则上我们将不再处理您的个人信息，但撤回同意不影响撤回前我们基于您的同意而进行的个人信息处理活动。

我们仅会出于本政策所述的以下目的收集和使用您的个人信息。

（一）  您须授权我们收集和使用您个人信息的情形

1.  法律咨询及服务

为了解您的法律咨询需求相关事实背景、核实您的身份、建立正式法律服务关系和向您提供法律服务之目的，我们可能根据办案需要，收集和使用以下一种或几种您的个人信息：姓名、性别、您所在组织机构名称、您的职位、电子邮箱、电话号码、地址、传真号码。在提供某些法律服务中，我们可能会收集和使用敏感个人信息，例如公司法定代表人的身份证件复印件、您的银行账户、医疗健康信息、您的刑事犯罪记录信息等。

2.  履行合同

为履行我们与您或您所在组织机构签署的法律服务协议或相关合同，我们可能收集和使用您或您所在组织机构的联系人姓名、电话、职位、电子邮箱、地址、银行账户信息。

3.  客户沟通和市场推广

为了方便您了解行业最新的监管信息和己任的动态，我们可能会通过网站或公众号等多种在线方式邀请您订阅我们的简报等出版物、通知。如果您同意订阅或者接受了我们的邀请，我们可能会收集和使用您的姓名、职位、电子邮箱、组织机构名称和地址，用于向您发送简报、法律更新、宣传材料、出版物、活动信息、营销推广信息和其他您可能感兴趣的信息或材料。如果您取消订阅，我们将停止向您发送前述信息。

4.  招聘

我们会不定时通过己任网站和微信公众号发布招聘公告。如您有意成为我们的一员，您可以通过电子邮件的方式向我们发出求职申请。我们可能会要求您提供您的简历，也可能会在面试、笔试过程中收集您的个人信息，包括您的姓名、性别、电话号码、照片、电子邮箱、教育经历、工作经历和其他您主动提供的信息（统称“求职信息”），以便我们处理您的求职申请、评估您的技能、资格和特定职位的背景、核实您的信息、进行背景调查（如适用）并做出决定。

如果您没有被录用，我们仍然可能保留您的求职信息，以便我们在未来考虑是否有适合您的其他岗位。如果您不希望我们在您所申请的职位招聘结束后继续保留您的求职信息以备将来向您推荐其他相关岗位的，您可以通过下文“如何联系我们”中所述的联系方式与我们取得联系，要求我们删除您的求职信息。如您选择接受我们的入职通知，我们可能为与您签订合同、管理与您的雇佣工作关系之目的进一步收集和使用您的个人信息；届时，我们将另行书面告知您具体收集、处理个人信息的方式和目的，取得您的同意，法律法规规定无需获得您同意的情形除外。

对于您的某些个人信息（如教育背景和过去的工作单位信息），我们除通过您提交的简历或类似的文件予以收集外，还可能通过第三方公开渠道（如招聘网站）进行收集。我们也可能从您以前的雇主那里获得推荐信或对您进行背景调查。

除非相关法律允许或者您明确同意，否则我们不会处理任何您的敏感个人信息。

（二）  您可自主选择提供的个人信息的情形

线上或线下活动

为了加强沟通交流，我们可能会通过网站或公众号等多种方式邀请您参与我们举办的活动、研讨会、参与调查等，您参加我们线上活动、线下活动填写的调查问卷、签到表或您提供的名片中可能包含您的姓名、公司职位、电子邮箱、电话号码、地址信息。

（三）  我们通过间接方式收集的信息

我们可能从其他第三方合法来源获取您的个人信息，例如通过公开数据库、社交媒体、第三方服务供应商、活动合作伙伴、线上线下活动收集的您的名片等。我们承诺将对这些个人信息保密并按照第三方的授权范围使用这些个人信息，除非法律、行政法规另有规定。

（四）  其他

1.   若您提供的信息中含有他人的个人信息，在向我们提供这些个人信息之前，您需确保您已经取得合法的授权或具有向我们披露该个人信息的其他合法事由。若其中涉及儿童个人信息的，您需在提供前取得对应儿童监护人的同意，前述情形下监护人有权通过本政策“如何联系我们”中提供的途径联系我们，要求更正或删除涉及儿童个人信息的内容。

2.  我们将严格按照本政策所述目的使用您的个人信息。如需将您的信息用于本政策未载明的其他用途，或者将基于特定目的收集而来的信息用于其他目的时，我们会事先征求您的同意。

3.   请知悉，根据适用的法律，若我们对收集的您的个人信息采取技术措施和其他必要措施进行匿名化或去标识化处理，使得无法重新识别特定个人且不能复原，则此类处理后数据的使用无需另行向您通知并征得您的同意。我们有权使用、共享已经匿名化或者去标识化且无法重新识别个人信息主体的信息，开展案例分享、数据分析、精准营销等商业化应用。

4.   对于为向您提供法律服务或法律咨询所收集的敏感个人信息，我们将向您进行明确告知，并告知您拒绝提供或者拒绝同意将带来的影响，以确保您在完全知情的基础上决定是否提供或授权我们查询、收集、共享您的敏感个人信息，并取得您的单独同意。

5.  我们收集您的个人信息的其他合法依据

根据相关法律法规规定，以下情形中我们收集您的个人信息无需征得您的授权同意。但我们仍将在我们可控的范围内，对您的个人信息尽到合理保护义务。

（1）   为订立、履行您个人作为一方当事人的合同所必需；

（2）   为履行法定职责或者法定义务所必需；

（3）   为应对突发公共卫生事件，或者紧急情况下为保护自然人的生命健康和财产安全所必需；

（4）   在合理的范围内且您未明确拒绝的情况下收集您自行公开或其他已经合法公开的个人信息；

（5）   法律、行政法规规定的其他情形。

二、   我们如何使用Cookies或同类技术

Cookie是由用户访问的网站向浏览器发送的一小段文本文件，通常包含标识符、站点名称以及一些号码和字符。每个网站发给您的Cookie是唯一的，它只能被发给您Cookie的Web服务器读取，常用来简化您重复登录的步骤、帮助网站记住您的设备和使用服务的偏好、分析您使用网站的情况，从而帮助您获得更轻松的访问体验。

我们使用网站运行必要的Cookie以确保页面导航、网站访问等基本功能。如不允许这些Cookie的使用，网站将无法正常运行。我们不会将Cookie用于本政策所述目的之外的任何用途。大多数浏览器上工具栏的“设置”部分会告诉您怎样防止您的浏览器接受新的Cookie或如何禁用大部分类型Cookie。您可以根据自己的偏好管理或清除己任网站内保存的所有Cookie。如果您清除这些Cookie，之前所记录的相应信息也均会被删除，这可能会对您所使用服务的安全性和便捷性有影响。

      三、 我们如何存储您的个人信息

（一）  保存地域

我们在中华人民共和国境内收集和产生的个人信息将存储在中华人民共和国境内的服务器上。

如果您从中国大陆以外地区访问己任的网站或公众号，请您注意，您的信息将被传送至且储存于中国大陆，并且在中国大陆进行处理，这是因为我们的服务器位于中国大陆。中国的网络安全和数据保护相关规定可能与您所在的司法辖区不同，您应当关注您所在司法辖区的个人信息跨境传输相关规定（例如欧盟《通用数据保护条例》（GDPR）第五章向第三国和国际组织传输个人数据的相关规定），我们则将会采取合理措施保护您向我们提供的个人信息的安全性。在使用我们服务的同时，您理解并同意您的个人信息可能如本政策所述被处理。

若为处理跨境业务，确需向境外机构传输境内收集和产生的相关个人信息的，我们会按照法律、行政法规和相关监管部门的规定执行并另行征得您的授权同意。我们会确保您的个人信息得到足够的保护，例如对其进行匿名化、加密处理等。

（二）  保存期限

我们将根据法律法规、会计或监管机关等的要求，在实现本政策所述目的所必需的最短期限内保留您的个人信息。保存期限届满后，我们将对您的信息进行删除或匿名化处理，但法律法规另有规定或者您另行授权同意的除外。

如我们停止提供服务，我们将及时停止继续收集您个人信息的活动，并将停止运营的通知以逐一送达或公告的形式通知您，并在15个工作日内对我们存储的个人信息进行删除或匿名化处理。

四、   我们如何委托处理、共享、转让和公开披露您的个人信息

（一）  委托处理

我们服务的某些具体功能可能由外部服务提供商提供。例如我们会使用外部服务提供商提供的文件管理与协同服务、短信或邮件发送服务、软件系统管理服务、网站/系统服务器托管服务。

对我们委托处理个人信息的法人、非法人组织和自然人，我们会与其签署严格的保密协定，要求他们按照我们的要求、本政策以及其他任何相关的保密和安全措施来处理个人信息。

（二）  共享

原则上，我们不会与任何法人、非法人组织和自然人共享您的个人信息，但以下情况除外：

1.   在获取您明确同意的情况下，我们会与其他方共享您的个人信息。

2.   为保障向您提供完善的法律服务并进行可持续改善，我们可能在己任内部不同办公室之间共享您的个人信息。

3.   为与第三方服务商共享，包括保险公司、IT服务提供商等。

4.   与其他专业服务机构共享。我们可能与其他专业机构（例如，会计师事务所、咨询公司、税务顾问等）一起或在其他专业机构的协助下（例如，公证处、翻译机构）为您提供专业服务，我们基于您的同意与相关专业机构共享您的信息，包括个人信息。我们建议您查阅其隐私政策、使用条款及其他相关政策，以保障您的合法权益。

5.   根据法律法规及监管规定要求，或者按照法院、执法机构出具的裁定、决定等对外提供或共享，包括但不限于向法院、行政机构、仲裁庭、出庭律师、专家证人等机构和人员提供个人信息。

对于基于获得您的同意、我们与之共享个人信息的法人、非法人组织和自然人，我们会要求其按照国家法律、法规和标准之要求，以不低于本政策之水平建立和实施针对个人信息的保密和安全措施，要求其按照我们的说明、本政策以及其他任何相关的保密和安全措施来处理个人信息。他们无权将共享的个人信息用于任何其他用途，如要改变个人信息的处理目的，我们将再次征求您的同意。

我们也可能与第三方共享统计或者匿名化处理后的信息。这些信息不含有任何可识别特定个人的信息，我们将其用于市场推广以及开发您可能感兴趣的产品和服务。

（三）  转让与公开披露

除非获得您的明确同意，我们不会将您的个人信息转让给任何法人、非法人组织或自然人，也不会公开披露您的个人信息。

（四）  共享、转让、公开披露个人信息的其他合法依据

以下情形中，我们共享、转让、公开披露您的个人信息无需事先征得您的授权同意：

1.   为订立、履行您个人作为一方当事人的合同所必需；

2.   为履行法定职责或者法定义务所必需；

3.   为应对突发公共卫生事件，或者紧急情况下为保护自然人的生命健康和财产安全所必需；

4.   在合理的范围内且您未明确拒绝的情况下共享、转让、公开披露您自行公开或者其他已经合法公开的个人信息；

5.   法律、行政法规规定的其他情形。

五、   我们如何保护您的个人信息

我们已采取符合业界标准的安全防护措施保护您提供的个人信息，防止数据遭到未经授权的访问、公开披露、使用、修改、损坏或丢失。我们会采取一切合理可行的措施，保护您的个人信息。

1.   我们非常重视您个人信息的安全，将努力采取合理的安全措施来保护您的个人信息。

2.   我们部署访问控制机制，对可能接触到您个人信息的工作人员采取最小够用授权原则。

3.   我们为工作人员定期举办个人信息保护相关法律法规培训，以加强工作人员的个人信息保护意识。

4.   尽管我们采取了以上各项保护措施，但互联网环境并非百分之百安全。如果不幸发生个人信息泄露、篡改、丢失等事件，我们会及时启动应急预案，防止安全事件扩大，按照法律法规的要求上报国家主管机关，并及时采取推送、公告等合理、有效的方式向您告知发生或者可能发生个人信息泄露、篡改、丢失的信息种类、原因和可能造成的危害；我们采取的补救措施和您可以采取的减轻危害的措施等。同时，我们还将按照监管部门的要求，上报个人信息安全事件的处置情况。

六、   您的权利

（一）  访问和更正您的个人信息

我们将采取合理措施以确保您可以便捷地查询您的信息是否准确、完整并且按照告知您的用途使用。您可以通过“如何联系我们”中提供的联系方式与我们取得联系，要求查看以及更正、更新您的信息。

（二）  删除您的个人信息

以下情况发生时，我们将主动删除您的个人信息；如我们未删除的，您有权自行通过“如何联系我们”中提供的联系方式与我们取得联系后要求我们删除：

1.   本政策所述的处理目的已实现、无法实现或者为实现处理目的不再必要，且您的全部业务已完结且不涉及任何投诉、争议或其他需要您的个人信息才能处理的情形下；

2.   我们停止提供服务；

3.   您撤回了同意；

4.   我们违反法律、行政法规或者违反本政策的约定处理了您的个人信息；

5.   法律、行政法规规定的其他情形。

如果法律、行政法规规定的保存期限未届满，或者删除个人信息从技术上难以实现的，我们可能无法立即响应您的删除请求，但我们将停止除存储和采取必要的安全保护措施之外的对您的个人信息的处理活动。

若我们决定响应您的删除请求，我们还将同时通知从我们获得您的个人信息的实体，要求其及时删除，除非法律法规另有规定，或这些实体获得您的独立授权。

（三）  撤回您的同意或授权

当您与我们的委托或合同关系已完结且不涉及任何投诉、争议或其他需要您的个人信息才能处理的情形下，您的授权同意可在任何时候撤回。您撤回授权后，原则上我们将不再处理您的个人信息，但撤回同意不影响撤回前我们基于您同意的个人信息处理活动。

如果您拒绝接受我们给您发送的简报、法律更新、宣传材料、出版物、活动信息、营销推广等信息，您可以随时联系我们取消。但我们依照法律法规、监管规定或单项服务的服务协议约定发送消息的情形除外。

（四）  获取个人信息副本

您有权询问我们是否正在处理您的数据，如果我们正在处理您的数据，您可以要求获得您的个人信息副本。您可以通过 “如何联系我们”中提供的联系方式与我们取得联系后要求获取。在符合国家网信部门规定条件的情况下，我们还可按您的要求，直接将您的个人信息副本传输／转移给您指定的第三方。

（五）  响应您的上述请求

为保障安全，您可能需要提供书面请求证明您的身份。我们可能会先要求您验证自己的身份，然后再处理您的请求。我们将在15个工作日内对您的请求完成核查和处理。如您对我们的处理不满意，还可以通过联系我们进行投诉。请您理解，基于法律法规要求、保障信息安全、技术限制等原因，您的部分信息可能无法访问、更正和删除。

在以下情形中，按照法律法规要求，我们将无法响应您的请求：

1.   与我们履行法律法规规定的义务相关的；

2.   与国家安全、国防安全直接相关的；

3.   与公共安全、公共卫生、重大公共利益直接相关的；

4.   与刑事侦查、起诉、审判和执行判决等直接相关的；

5.   我们有充分证据表明您存在主观恶意或滥用权利的；

6.   出于维护您或其他个人的生命、财产等重大合法权益但又很难得到您本人同意的；

7.   响应您的请求将导致您或其他个人、组织的合法权益受到严重损害的；

8.   涉及商业秘密的。

七、   儿童个人信息的保护

原则上我们不会收集儿童的个人信息，且我们一向非常重视对儿童的个人信息保护。如涉及收集和使用儿童的个人信息，我们将事先取得其父母或其他监护人的明确同意。如果我们知悉儿童未经父母或其他监护人明确同意即将其个人信息发送给我们，我们将在合理时间内尽快删除该信息，法律法规和监管要求另有规定的除外。

八、   本政策的适用范围

本政策仅适用于己任提供的产品和/或服务。如果您通过我们的网站或微信公众号被链接至第三方网站，请知悉这些第三方网站并不受本政策的约束，我们建议您查阅其隐私政策、使用条款、以及其他相关政策，以保障您的合法权益。

九、   本政策的变更和修订

请您理解，我们在未来可能会变更或修订本政策。未经您明确同意，我们不会限制您按照本政策所应享有的权利或增加您的义务。

对于本政策的重大变更，我们将在本页面首页标注本政策最近修改的日期，修改将于发布时生效。我们将会通过在己任网站上发布显著公告的方式将主要的修改内容告知于您。请您务必定期查阅本政策，以知悉最新版本。

本政策所指的重大变更包括但不限于：

1.   我们的服务模式发生重大变化。如个人信息的处理目的、处理方式，处理的个人信息种类、保存期限等；

2.   我们在控制权等方面发生重大变化。如并购、重组等引起的所有者变更等；

3.   个人信息共享、转让或公开披露的主要对象发生变化；

4.   您参与个人信息处理方面的权利及其行使方式发生重大变化；

5.   我们负责处理个人信息安全的部门联系方式及投诉渠道发生变化时。

如本政策所述的个人信息的处理目的、处理方式和处理的个人信息种类发生变更的，除通过以上方式向您及时通知外，我们还将就该变更事宜重新取得您的同意。

十、   如何联系我们

如您对本政策有任何疑问、意见或建议，或发现个人信息可能被泄露的，请通过以下方式联系我们：

电子邮箱：privacy@genlaw.com

一般情况下，我们将在合理确认您的身份之日起15个工作日内回复，并且尽全力保护您的合法权益。如果您对我们的回复不满意且没有在合理时间内采取有效补救措施，特别是我们的个人信息处理行为侵害了您的合法权益，您可以通过向法院提起诉讼来寻求解决方案。

十一、  名词释义

1.   个人信息：是以电子或者其他方式记录的与已识别或者可识别的自然人有关的各种信息，不包括匿名化处理后的信息。

2.   敏感个人信息：是一旦泄露或者非法使用，容易导致自然人的人格尊严受到侵害或者人身、财产安全受到危害的个人信息，包括生物识别、宗教信仰、特定身份、医疗健康、金融账户、行踪轨迹等信息，以及不满十四周岁未成年人的个人信息。本政策所涉及的敏感个人信息以加粗方式予以标识。

3.   去标识化：是指个人信息经过处理，使其在不借助额外信息的情况下无法识别特定自然人的过程。

4.   匿名化：是指个人信息经过处理无法识别特定自然人且不能复原的过程。

5.   儿童：指不满十四周岁的未成年人。

Privacy Policy

Preamble and Acceptance

Last Updated: 16 May 2022. This updated version takes effect as of the date of update.

GEN Law Firm is a full-service law firm ("GEN" or "we"), with offices in Beijing, Shanghai and Shenzhen, providing comprehensive legal advisory services to clients. For further information about GEN, please visit our website at https://www.genlaw.com/.

GEN fully recognises the importance of personal information to you and understands that providing effective protection for your personal information is an important foundation for the healthy and sustainable development of our business. We will take appropriate security measures to protect your personal information in accordance with applicable laws and regulations.

Through this Privacy Policy (this "Policy"), we explain how we collect, use, store, share, transfer and publicly disclose your personal information, and how we enable you to access, update, delete and protect such information, when you browse our website or official WeChat account, cooperate with us, or otherwise contact us.

When collecting and processing your personal information, we will strictly adhere to the principles of lawfulness, legitimacy, necessity and good faith. Before providing your personal information to GEN, please read this Policy carefully, in particular the boldface text below, so that you may understand how we process and protect personal information.

Please be sure to read and understand the contents of this Policy carefully, and provide us with your personal information only after confirming that you fully understand and agree to it. Once you provide your personal information, you will be deemed to have fully understood and agreed to this Policy, and to have consented to our collection, use, storage, sharing, transfer and public disclosure of your personal information in accordance with this Policy. If the information you provide contains another person's personal information, you must ensure, before providing such personal information to us, that you have obtained lawful authorisation or otherwise have another lawful basis for disclosing such personal information to us.

If you have any questions, comments or suggestions regarding this Policy, please contact us at:

Email: privacy@genlaw.com

This Policy will help you understand the following:

1.     How We Collect and Use Your Personal Information

2.     How We Use Cookies or Similar Technologies

3.     How We Store Your Personal Information

4.     How We Entrust Processing of, Share, Transfer and Publicly Disclose Your Personal Information

5.     How We Protect Your Personal Information

6.     Your Rights

7.     Protection of Children's Personal Information

8.     Scope of Application of This Policy

9.     Changes and Revisions to This Policy

10.  How to Contact Us

11.  Definitions

I. How We Collect and Use Your Personal Information

In order to protect your lawful rights and interests, we will strictly follow the principles of lawfulness, legitimacy, necessity and good faith, and truthfully and openly inform you of the purposes, methods and scope of our collection and use of personal information, and carry out collection and processing activities after obtaining your authorisation and consent. You may withdraw your consent at any time. After withdrawal, in principle, we will cease processing your personal information, but withdrawal of consent will not affect personal information processing activities carried out on the basis of your consent before such withdrawal.

We will only collect and use your personal information for the following purposes described in this Policy.

(I) Circumstances in Which You Must Authorise Us to Collect and Use Your Personal Information

1. Legal Consultation and Services

For the purposes of understanding the factual background relevant to your legal consultation needs, verifying your identity, establishing a formal legal services relationship and providing legal services to you, we may, as required by the matter concerned, collect and use one or more of the following types of your personal information: your name, gender, the name of the organisation at which you work, your position, email address, telephone number, address and fax number. In the course of providing certain legal services, we may collect and use sensitive personal information, such as copies of the identity documents of a company's legal representative, your bank account information, medical and health information, and information concerning your criminal record.

2. Performance of Contracts

For the purpose of performing the legal services agreement or other relevant contract signed between us and you or the organisation at which you work, we may collect and use the name, telephone number, position, email address, address and bank account information of you or the relevant contact person at your organisation.

3. Client Communications and Marketing

To help you keep abreast of the latest regulatory developments in your industry and GEN updates, we may invite you, through our website, official WeChat account or other online channels, to subscribe to our newsletters and other publications or notices. If you agree to subscribe or accept our invitation, we may collect and use your name, position, email address, organisation name and address in order to send you newsletters, legal updates, promotional materials, publications, event information, marketing information and other information or materials that may be of interest to you. If you unsubscribe, we will stop sending you the foregoing information.

4. Recruitment

From time to time, we publish recruitment notices through the GEN website and official WeChat account. If you are interested in joining us, you may submit a job application by email. We may require you to provide your CV and may also collect your personal information during interviews and written tests, including your name, gender, telephone number, photograph, email address, educational background, work experience and other information that you voluntarily provide (collectively, "Application Information"), so that we may process your application, assess your skills, qualifications and background for a particular role, verify your information, conduct background checks (where applicable), and make a decision.

If you are not hired, we may still retain your Application Information so that we may consider whether other suitable positions may become available to you in the future. If you do not wish us to retain your Application Information after the recruitment process for the position you applied for has ended for the purpose of recommending other relevant positions to you in the future, you may contact us through the contact details set out below under "How to Contact Us" and request that we delete your Application Information. If you choose to accept our offer of employment, we may further collect and use your personal information for the purpose of entering into a contract with you and managing the employment relationship with you. At that time, we will separately notify you in writing of the specific methods and purposes of collecting and processing personal information and obtain your consent, except where laws and regulations provide that your consent is not required.

For certain of your personal information, such as your educational background and information about your former employers, in addition to collecting such information from your CV or similar documents, we may also collect it from publicly available third-party channels, such as recruitment websites. We may also obtain references from your former employers or conduct background checks on you.

Unless permitted by applicable law or expressly agreed by you, we will not process any of your sensitive personal information.

(II) Circumstances in Which You May Voluntarily Choose to Provide Personal Information

Online or Offline Events

To strengthen communication and exchanges, we may invite you, through our website, official WeChat account or other channels, to participate in events, seminars, surveys or similar activities organised by us. The questionnaires, sign-in sheets or business cards that you complete or provide when participating in our online or offline events may contain your name, company position, email address, telephone number and address.

(III) Information We Collect Indirectly

We may obtain your personal information from other lawful third-party sources, such as public databases, social media, third-party service providers, event partners, and business cards collected at online or offline events. We undertake to keep such personal information confidential and to use it within the scope authorised by the relevant third parties, unless otherwise provided by laws or administrative regulations.

(IV) Other Matters

12.  If the information you provide contains another person's personal information, you must ensure, before providing such personal information to us, that you have obtained lawful authorisation or otherwise have another lawful basis for disclosing such personal information to us. If such information involves children's personal information, you must obtain the consent of the relevant child's guardian before providing it. In such circumstances, the guardian has the right to contact us through the means set out in "How to Contact Us" in this Policy and request correction or deletion of content involving the child's personal information.

13.  We will use your personal information strictly for the purposes described in this Policy. If we need to use your information for any purpose not stated in this Policy, or to use information collected for a specific purpose for another purpose, we will obtain your consent in advance.

14.  Please note that, under applicable law, if we adopt technical measures and other necessary measures to anonymise or de-identify the personal information we collect, such that a specific individual cannot be re-identified and the process cannot be reversed, the use of data after such processing does not require separate notice to you or your separate consent. We have the right to use and share information that has been anonymised or de-identified and can no longer be used to re-identify a personal information subject for commercial applications such as case sharing, data analysis and targeted marketing.

15.  With respect to sensitive personal information collected for the purpose of providing legal services or legal advice to you, we will give you express notice and inform you of the consequences of refusing to provide or consent to such information, so as to ensure that you decide, on a fully informed basis, whether to provide or authorise us to inquire into, collect or share your sensitive personal information, and we will obtain your separate consent.

16.  Other lawful bases on which we may collect your personal information

Pursuant to applicable laws and regulations, we may collect your personal information without obtaining your authorisation and consent in the following circumstances. Even so, we will still perform our duty of reasonable protection of your personal information to the extent within our control.

17.  Where necessary for entering into or performing a contract to which you, as an individual, are a party;

18.  Where necessary for the performance of statutory duties or obligations;

19.  Where necessary to respond to a public health emergency, or in an emergency to protect the life, health or property of a natural person;

20.  Where your personal information that you have disclosed yourself or that has otherwise been lawfully disclosed is collected within a reasonable scope and you have not expressly refused; and

21.  Other circumstances provided by laws and administrative regulations.

II. How We Use Cookies or Similar Technologies

A Cookie is a small text file sent by a website visited by a user to the user's browser, and usually contains identifiers, the site name, and certain numbers and characters. Each Cookie sent to you by a website is unique and can only be read by the web server that sent it. Cookies are commonly used to simplify repeated log-in procedures, help a website remember your device and preferences when using the service, and analyse how you use the website, thereby making your access experience easier.

We use Cookies that are necessary for the operation of the website in order to ensure basic functions such as page navigation and website access. If you do not allow these Cookies, the website will not function properly. We will not use Cookies for any purpose other than those described in this Policy. The "Settings" section of the toolbar on most browsers will tell you how to prevent your browser from accepting new Cookies or how to disable most types of Cookies. You may manage or delete all Cookies stored on the GEN website according to your preferences. If you delete these Cookies, the relevant information previously recorded will also be deleted, which may affect the security and convenience of the services you use.

III. How We Store Your Personal Information

(I) Place of Storage

Personal information collected and generated by us within the territory of the People's Republic of China will be stored on servers located within the territory of the People's Republic of China.

If you access the GEN website or official WeChat account from outside mainland China, please note that your information will be transmitted to, stored in and processed in mainland China because our servers are located in mainland China. Cybersecurity and data protection rules in China may differ from those in your jurisdiction. You should pay attention to the rules in your own jurisdiction regarding cross-border transfer of personal information, for example the provisions in Chapter V of the General Data Protection Regulation (GDPR) concerning transfers of personal data to third countries and international organisations. We will take reasonable measures to protect the security of the personal information you provide to us. By using our services, you understand and agree that your personal information may be processed as described in this Policy.

Where, in order to handle cross-border business, it is indeed necessary to transmit relevant personal information collected and generated within China to overseas institutions, we will act in accordance with laws, administrative regulations and the requirements of relevant regulatory authorities, and will separately obtain your authorisation and consent. We will ensure that your personal information is adequately protected, for example by anonymising or encrypting it.

(II) Retention Period

We will retain your personal information for the shortest period necessary to achieve the purposes described in this Policy, in accordance with the requirements of laws and regulations and the requirements of accounting or regulatory authorities. Upon expiry of the retention period, we will delete or anonymise your information, unless otherwise provided by laws and regulations or otherwise authorised by you.

If we cease to provide services, we will promptly stop collecting your personal information, notify you of the cessation of operations by individual notice or public announcement, and delete or anonymise the personal information stored by us within 15 working days.

IV. How We Entrust Processing of, Share, Transfer and Publicly Disclose Your Personal Information

(I) Entrusted Processing

Certain specific functions of our services may be provided by external service providers. For example, we may use external service providers to provide document management and collaboration services, text-message or email delivery services, software system management services, and website or system server hosting services.

With respect to legal persons, unincorporated organisations and individuals entrusted by us to process personal information, we will sign strict confidentiality agreements with them and require them to process personal information in accordance with our requirements, this Policy, and any other relevant confidentiality and security measures.

(II) Sharing

As a matter of principle, we will not share your personal information with any legal person, unincorporated organisation or individual, except in the following circumstances:

22.  Where we have obtained your explicit consent, we will share your personal information with other parties.

23.  In order to ensure that we provide you with comprehensive legal services and continuously improve them, we may share your personal information among different GEN offices.

24.  We may share your personal information with third-party service providers, including insurers and IT service providers.

25.  We may share your information, including personal information, with other professional service institutions based on your consent. We may provide professional services to you together with, or with the assistance of, other professional institutions, such as accounting firms, consulting firms, tax advisers, notaries and translation agencies. We recommend that you review their privacy policies, terms of use and other relevant policies to protect your lawful rights and interests.

26.  We may provide or share your personal information externally in accordance with laws, regulations and regulatory requirements, or in accordance with rulings, decisions or other instruments issued by courts or law enforcement authorities, including but not limited to providing personal information to courts, administrative authorities, arbitral tribunals, counsel appearing in proceedings, expert witnesses and other institutions and personnel.

For legal persons, unincorporated organisations and individuals with whom we share personal information on the basis of your consent, we will require them, in accordance with national laws, regulations and standards, to establish and implement confidentiality and security measures for personal information at a level no lower than that required under this Policy, and to process personal information in accordance with our instructions, this Policy, and any other relevant confidentiality and security measures. They shall have no right to use the shared personal information for any other purpose. If it is necessary to change the purpose of processing personal information, we will seek your consent again.

We may also share statistical information or information that has been anonymised. Such information does not contain any personally identifiable information, and we use it for marketing and for developing products and services that may interest you.

(III) Transfer and Public Disclosure

Unless we have obtained your explicit consent, we will not transfer your personal information to any legal person, unincorporated organisation or individual, nor will we publicly disclose your personal information.

(IV) Other Lawful Bases for Sharing, Transferring or Publicly Disclosing Personal Information

We may share, transfer or publicly disclose your personal information without obtaining your prior authorisation and consent in the following circumstances:

27.  Where necessary for entering into or performing a contract to which you, as an individual, are a party;

28.  Where necessary for the performance of statutory duties or obligations;

29.  Where necessary to respond to a public health emergency, or in an emergency to protect the life, health or property of a natural person;

30.  Where your personal information that you have disclosed yourself or that has otherwise been lawfully disclosed is shared, transferred or publicly disclosed within a reasonable scope and you have not expressly refused; and

31.  Other circumstances provided by laws and administrative regulations.

V. How We Protect Your Personal Information

We have adopted security safeguards that comply with industry standards to protect the personal information you provide, so as to prevent data from being subject to unauthorised access, public disclosure, use, alteration, damage or loss. We will take all reasonably practicable measures to protect your personal information.

32.  We attach great importance to the security of your personal information and will endeavour to take reasonable security measures to protect it.

33.  We have deployed access-control mechanisms and apply the principle of least privilege to personnel who may have access to your personal information.

34.  We regularly provide our personnel with training on laws and regulations relating to personal information protection so as to strengthen their awareness of personal information protection.

35.  Although we have adopted the above protection measures, the internet environment is not 100% secure. If, unfortunately, events such as personal information leakage, tampering or loss occur, we will promptly activate our emergency response plan to prevent the incident from expanding, report it to the competent state authorities in accordance with applicable laws and regulations, and promptly inform you, by push notification, public announcement or other reasonable and effective means, of the type of information that has been or may have been leaked, tampered with or lost, the causes and possible harm, the remedial measures we have taken, and the measures you may take to mitigate harm. At the same time, we will report the handling of the personal information security incident to the regulatory authorities as required.

VI. Your Rights

(I) Access to and Correction of Your Personal Information

We will take reasonable measures to ensure that you can conveniently verify whether your information is accurate and complete and is being used for the purposes notified to you. You may contact us through the contact details provided in "How to Contact Us" to request access to, correction of, or updates to your information.

(II) Deletion of Your Personal Information

We will proactively delete your personal information in the following circumstances. If we fail to delete it, you have the right to contact us through the contact details provided in "How to Contact Us" and request deletion:

36.  Where the purpose of processing described in this Policy has been achieved, cannot be achieved, or is no longer necessary for achieving that purpose, and all of your business with us has been completed and does not involve any complaint, dispute or other circumstance that requires your personal information to be handled;

37.  Where we cease to provide services;

38.  Where you withdraw your consent;

39.  Where we process your personal information in violation of laws, administrative regulations or this Policy; and

40.  Other circumstances provided by laws and administrative regulations.

If the retention period prescribed by laws or administrative regulations has not yet expired, or deletion of personal information is technically difficult to achieve, we may not be able to respond to your deletion request immediately. In such case, however, we will cease processing your personal information other than storing it and taking necessary security measures.

If we decide to comply with your deletion request, we will also notify the entities that obtained your personal information from us and require them to delete it promptly, unless otherwise provided by laws and regulations or such entities have obtained your independent authorisation.

(III) Withdrawal of Your Consent or Authorisation

Where your engagement or contractual relationship with us has been completed and does not involve any complaint, dispute or other circumstance that requires your personal information to be handled, you may withdraw your authorisation and consent at any time. After you withdraw your authorisation, in principle, we will no longer process your personal information, but withdrawal of consent will not affect personal information processing activities conducted on the basis of your consent before such withdrawal.

If you do not wish to receive newsletters, legal updates, promotional materials, publications, event information, marketing information or similar materials from us, you may contact us at any time to unsubscribe, except where we send messages in accordance with laws, regulations, regulatory requirements or the terms of service for a particular service.

(IV) Obtaining a Copy of Personal Information

You have the right to ask us whether we are processing your data. If we are processing your data, you may request a copy of your personal information. You may contact us through the contact details provided in "How to Contact Us" to request such a copy. Where the conditions prescribed by the national cyberspace authorities are satisfied, we may also, at your request, directly transmit or transfer a copy of your personal information to a third party designated by you.

(V) Responding to Your Requests

To protect security, you may need to provide a written request and prove your identity. We may first require you to verify your identity before processing your request. We will complete verification and processing of your request within 15 working days. If you are dissatisfied with our handling, you may also lodge a complaint by contacting us. Please understand that, due to legal and regulatory requirements, information security considerations, technical limitations and other reasons, some of your information may not be accessible, correctable or deletable.

In the following circumstances, we will be unable to respond to your requests as required by laws and regulations:

41.  Where related to our performance of obligations prescribed by laws and regulations;

42.  Where directly related to national security or national defence security;

43.  Where directly related to public safety, public health or major public interests;

44.  Where directly related to criminal investigation, prosecution, trial or enforcement of judgments;

45.  Where we have sufficient evidence showing that you are acting with subjective malice or abusing your rights;

46.  Where it is necessary to protect the life, property or other major lawful rights and interests of you or another individual, but it is difficult to obtain your consent;

47.  Where responding to your request would cause serious damage to the lawful rights and interests of you or another individual or organisation; and

48.  Where trade secrets are involved.

VII. Protection of Children's Personal Information

As a matter of principle, we do not collect children's personal information, and we have always attached great importance to protecting children's personal information. If the collection and use of children's personal information is involved, we will obtain the explicit consent of the child's parents or other guardians in advance. If we become aware that a child has sent us personal information without the explicit consent of a parent or other guardian, we will delete such information as soon as possible within a reasonable period, unless otherwise required by laws, regulations or regulatory authorities.

VIII. Scope of Application of This Policy

This Policy applies only to the products and/or services provided by GEN. If you are redirected through our website or official WeChat account to a third-party website, please note that such third-party website is not bound by this Policy. We recommend that you review its privacy policy, terms of use and other relevant policies to protect your lawful rights and interests.

IX. Changes and Revisions to This Policy

Please understand that we may change or revise this Policy in the future. Without your explicit consent, we will not restrict the rights to which you are entitled under this Policy or increase your obligations.

For material changes to this Policy, we will indicate on the homepage of this page the date of the most recent revision, and the changes will take effect upon publication. We will inform you of the principal changes by posting a prominent notice on the GEN website. Please be sure to review this Policy regularly so that you are aware of the latest version.

Material changes to this Policy include, without limitation:

49.  Significant changes to our service model, such as the purposes of processing personal information, the methods of processing personal information, the categories of personal information processed, or the retention period;

50.  Significant changes in our control structure, such as changes of ownership arising from mergers or restructurings;

51.  Changes in the principal recipients of sharing, transfer or public disclosure of personal information;

52.  Significant changes to your rights in relation to personal information processing and the way in which those rights are exercised; and

53.  Changes to the contact details of the department responsible for the security of personal information or the complaint channels.

If the purposes of processing, methods of processing, or categories of personal information processed as described in this Policy change, then in addition to notifying you promptly in the above manner, we will also obtain your consent again in respect of such changes.

X. How to Contact Us

If you have any questions, comments or suggestions regarding this Policy, or if you discover that personal information may have been leaked, please contact us by the following means:

Email: privacy@genlaw.com

Under normal circumstances, we will respond within 15 working days from the date on which we have reasonably confirmed your identity, and we will do our utmost to protect your lawful rights and interests. If you are dissatisfied with our response and we have failed to take effective remedial measures within a reasonable period, in particular where our personal information processing has infringed your lawful rights and interests, you may seek a solution by bringing legal proceedings before a court.

XI. Definitions

54.  Personal Information: all kinds of information related to identified or identifiable natural persons recorded by electronic or other means, excluding information that has been anonymised.

55.  Sensitive Personal Information: personal information that, once leaked or illegally used, may easily lead to infringement of the personal dignity of a natural person or harm to personal or property safety, including biometric data, religious belief, specific identity, medical and health information, financial accounts, whereabouts and trajectory information, as well as the personal information of minors under the age of fourteen. Sensitive personal information involved in this Policy is identified in bold.

56.  De-identification: the process by which personal information is processed so that a specific natural person cannot be identified without the aid of additional information.

57.  Anonymisation: the process by which personal information is processed so that a specific natural person cannot be identified and the process cannot be reversed.

58.  Children: minors under the age of fourteen.