My MIXUE User Privacy Policy

Last Updated: October 28, 2024

  

Zhengzhou Baodao Technology Co., Ltd. (hereinafter "Baodao Technology", registered at: No. 16006, Hanhai Beijin Commercial Center, East Wenhua Road, North Third Ring Road, Jinshui District, Zhengzhou City) and its affiliates (including but not limited to Zhengzhou Baodao Technology Co., Ltd.) (hereinafter collectively referred to as "Baodao Technology" or "we/us") prioritize protecting the personal information and privacy of our users ("you/your"). We are fully aware of the importance of your personal information and will adopt appropriate security measures to protect it, in accordance with legal and regulatory requirements as well as industry-standard security practices.

Through this My MIXUE User Privacy Policy ("Privacy Policy"), we wish to clearly introduce our practices regarding the handling of your personal information during your interaction with the "My MIXUE" App and other service deliveries. Additionally, we elaborate on the measures provided for you to access, rectify, delete, and secure such information, along with contact details.

 

For inquiries, complaints, or reports pertaining to this Policy or related issues, please reach out to Baodao Technology Personal Information Protection Team at mymixue@mxbc.com. We are committed to prompt responses and addressing your concerns.

 

This Privacy Policy is intended to assist you in understanding the following:

1. How We Collect and Use Your Personal Information;

2. How We Share, Transfer, and Publicly Disclose Your Personal Information;

3. How We Store and Protect Your Personal Information;

4. How You Can Manage Your Personal Information;

5. Protection of minors' personal information;

6. Notices and Amendments;

7. How to contact us;

8. Appendix.

[Special Prompt] Prior to utilizing our services, we urge you to thoroughly review and comprehend this Privacy Policy, noting the emphasized sections (in bold or underlined), and make informed decisions accordingly. By choosing to use or continuing to use our services, you agree to the processing of your relevant information in accordance with this Privacy Policy. If you have any questions regarding this Privacy Policy, you can reach out to us using the methods outlined in "VII. How to Contact Us" of this document.

Please note that there may be some differences in the functions of various applications, and the specific functions you utilize shall be determined by your actual usage. Furthermore, for particular services, we have established separate privacy policies to elaborate on the unique policies pertaining to those services. In the event of any discrepancies between the pertinent specific privacy policies and this general Privacy Policy, the former shall prevail.

It is important to note that this Privacy Policy does not extend to other third-party products or services accessed through our services ("Other Third Parties," including your transaction counterparties, any third-party websites, and third-party service providers, among others). Kindly refer to the privacy policies or analogous declarations of those third parties for detailed provisions. We strongly advise you to peruse and affirm your comprehension of such privacy policies prior to accepting relevant services and disclosing personal information.

I. How We Collect and Use Your Personal Information

During your use of our services, we may gather and employ your personal information in the following instances, with sensitive personal information being emphasized: In case of any modifications to the purpose and scope of our data collection and usage, we will notify you in a reasonable manner and seek your explicit consent.

(I) Basic Functionalities

To furnish you with the fundamental features of our services, we must collect and utilize essential personal information. Failure to provide such requisite information may hinder your ability to fully utilize our services. Adhering to the principles of legitimacy, lawfulness, and necessity, we will collect and use your personal information for the express purposes stated in this Privacy Policy.

1. Assisting you in account creation and login

To ensure compliance with legal requirements and enhance the convenience of our services, we will utilize your phone number and password to authenticate your identity during the login process to My MIXUE.

If you are a franchisee, we will acquire your phone number from other authorized franchise management systems (e.g., MiButler) to facilitate the creation of your My MIXUE system account and provide you with an initial password. You will be prompted to update your password upon logging in.

If you are employed as a store employee, your My MIXUE system account and initial password will be set up by the franchisee of your employing store. Please confirm that you are aware of and consent to this registration process. Following your initial login using the provided password, you will be required to change it.

If you are a company employee, we will secure your authorization during the onboarding process and establish an account password for you within the system management backend. This will enable you to log in and access the essential functionalities of My MIXUE.

2. Offering you a procurement management function

When viewing all orders, orders to be paid, and orders to be received, we display your material information, including material name, specification, ordered quantity, actual shipped quantity, unit price of material, total actual shipped quantity, and total amount. Payment information, such as order amount, tax amount, amount excluding tax, store discount, purchase subsidy, balance deduction, and payment amount, is also shown. Additionally, payment method, receipt information (comprising ordering store, recipient name, recipient contact information, and shipping address), and remark information are provided for your reference, enabling you to inquire about your order details.

When using the anomaly feedback function, we need to obtain the name and contact number of the feedback provider to enable us to reach out and communicate with you concerning the material issues you have reported.

Upon using the appointment pick-up function, we need your pick-up time, pick-up person's name, and pick-up person's phone number to facilitate the pick-up arrangement.

3、We offer a reservation registration function specifically designed for training reservations.

To assist you in reserving the training you wish to attend, during the registration confirmation process, we request information about the desired store location and the participant's name. This allows us to confirm the store and personnel participating in the training.

4.  Providing you a personnel management function

For franchisees, when using the personnel management function, we require you to input details such as names, ID numbers, genders, account numbers, phone numbers, birthdates, positions, store numbers, and entry dates for yourself, the store manager, and the tea specialists in your store. This information is necessary to facilitate effective personnel management of your store employees. Please ensure that you collect and store the personal information of your store employees legally, adhering to the agreements signed with us and relevant laws. Additionally, guarantee that your store employees are informed and provide consent for any processing of their personal information.

5. Providing you a document management function

If you are a store owner or manager, when utilizing the "My Documents" management function, you must enable camera or photo album permissions. By actively uploading images, videos, or capturing photos and recordings, you authorize us to access your camera and photo album. This allows you to upload proof of identity and display the associated information. When using the health certificate management function, we require your health certificate and its validity period for optimal management of your personal documents.

6. Offering you with functions that rely on photo album and camera usage permissions

When using the abnormal feedback function, you must enable your device's camera or photo album permissions. By actively uploading images or capturing photos, you're authorizing us to access your camera and photo album for uploading images of abnormal situations.

When using the return application function, you must enable your device's camera or photo album permissions. By actively uploading images or capturing photos, you're authorizing us to access your camera and photo album for uploading images of goods requiring return application.

For the order placement function, you are required to enable your device's camera or photo album permissions. Through actively uploading images or taking photos, you permit us to access these tools, allowing you to submit payment evidence for order verification.

To utilize the "My Documents" function, you need to enable your device's camera or photo album permissions. By proactively uploading or capturing images, you're granting us access to upload documents such as identity and health certificates.

When using the QR code scanning check-in function, you must enable your device's camera or photo album permissions. By actively uploading images or capturing photos, you're authorizing us to access your camera, facilitating the store check-in process.

Please note that none of the aforementioned permissions are enabled by default. We will seek your confirmation prior to activating this function. Additionally, you have the option to revoke the album and camera permissions that we have been granted in your mobile device's system. However, please note that doing so may hinder your ability to utilize the services we offer that rely on these permissions, or may prevent you from attaining the anticipated outcomes of the related services.

7. Providing Security for You

To ensure the security of your account and our system's operations, in compliance with laws and regulations, and with your consent, we will collect device information during your service usage. This includes details such as device model, unique identifiers (e.g., Android ID, OPENUDID, GUID, SIM card, IMSI, device serial number), MAC address, software listings, and telecommunications provider.

To bolster your security while using our services and better prevent phishing frauds and malware, we may utilize or integrate your personal information along with data obtained from affiliated and other related parties, either with your permission or as permitted by law. We will comprehensively evaluate the risks linked to your account and transactions based on your usage patterns and preferred software. This includes identity verification and the prevention, detection, and investigation of potential security threats like fraud, network viruses, and attacks, as well as breaches of agreements, policies, or rules set by us or our affiliates. Our aim is to protect the legitimate interests of you, other users, ourselves, and our affiliates. Additionally, we will keep a record of any links ("URLs") that we deem to be risky.

8. Personal Information We Automatically Collect

When you use our services after logging in, we automatically gather and store data related to your browsing and search activities, known as network logs. These logs encompass details such as your IP address, browser type, language preference, operating system version, access timestamps, posted information, browsing behavior, search queries, and network requests. Primarily, this data collection aims to ensure the secure functioning of our services. Additionally, it enables us to gain a deeper understanding of our users, including their geographical origins and the specific content within our services that piques their interest. Following anonymization, we utilize this information for internal analytical purposes, aiming to enhance the overall quality and relevance of our offerings tailored to you. Furthermore, maintaining these logs is essential for documenting the operational status of our applications, aligning with the regulatory requirements stipulated by Chinese laws.

9. Necessity of Self-starting or Associated Starting

Upon utilizing our software's online update feature, the application's self-starting capability (exclusive to the Android version) is triggered once the update process is completed. This ensures that you can promptly access our software following the update.

(II) SDK

To facilitate the operation of our apps and provide you with a seamless app experience, we have integrated several Software Development Kits (SDKs) sourced from third-party providers within our applications. During your interaction with our various features, these third-party suppliers may gather and process your personal information. For a detailed overview of the SDKs incorporated into our applications, along with the specific purposes and scopes of their data collection and processing activities, please refer to the table below:

SDK Name

SDK Provider

Personal Information Collected or Permissions Invoked

Purpose of Use

Third-party Official Website Link

GeTui Push Message SDK

 

Merit Interactive Co., Ltd.

 

iOS version: Device brand, device model, and system version

To enhance the efficiency of channel resources and bolster the delivery rate and stability of message pushing

https://docs.getui.com/privacy/

 

iOS Version: Network information, including IP address, WIFI details, base station data, operator information, and location-related details.

Maintaining maximum network connection stability and establishing a continuous link requires an understanding of the device's network status and changes to ensure stable and uninterrupted push notification services.

Providing refined push notifications tailored for offline scenarios, recommending content that better aligns with your needs while minimizing the disruption caused by irrelevant push messages.

Firebase Android SDK:

Google

Application and device information (such as hardware specs, basic system details, and settings)

Utilized for push notifications

https://firebase.google.cn/docs/cloud-messaging?hl=zh-cn

ZXing QR Code Scanning SDK

This open-source SDK has no specific provider.

Accessing your camera permissions

Offering you QR code scanning services

https://github.com/jenly1314/ZXingLite

  

(III) Guidelines for Personal Information Usage

To cater to your needs, maintain and enhance our service quality, we use the following information, complying with legal regulations and your explicit authorization:

1. We may gather information you voluntarily provide during service surveys, along with data shared during interactions with our partners and affiliates. This aids in addressing user complaints and optimizing our customer service approach and quality. We will notify you of the specific processing rules prior to collection, and obtain your consent in compliance with the requirements of applicable data protection laws.

2. The personal information we collect may be used for statistical analysis and operational improvements. Anonymized data, which cannot be traced back to you, may be utilized for database creation and commercial purposes. For example, we may conduct statistical analysis based on your location, preferences, and other factors to improve our products and services; additionally, we may carry out technical upgrades, network maintenance, troubleshooting, development of internal policies and processes, and generation of internal reports for the enhancement of our systems.

If we intend to use the information for purposes not specified in this Privacy Policy, or if we plan to use information collected for a specific purpose for other purposes, we will seek your explicit consent separately.

II. Our Approach to Cookies and Comparable Technologies

(I) Use of Cookies

To ensure the normal and efficient operation of the application and to provide you with a more seamless access experience, we will store small data files called Cookies on your device terminal/system. These Cookies enable us to retrieve your information during future visits to our platforms, simplifying tasks like completing personal details (such as one-click login). Additionally, they help us provide you with customized settings for secure shopping, optimize your ad selection and interaction, and maintain your data security. We assure you that we will only use Cookies for the purposes outlined in this Privacy Policy. You have the flexibility to manage or delete Cookies according to your preferences. You can choose to clear all Cookies stored on your computer or mobile device, and you always have the right to accept or decline Cookies. Most browsers automatically accept cookies, but you can typically adjust your browser settings to decline cookies based on your preferences. Additionally, you have the option to clear all cookies stored within the software. However, disabling Cookies may limit your ability to fully utilize certain convenient and secure features of our services.

(II) Use of Web Beacons and Comparable Technologies

Apart from Cookies, our applications often incorporate other similar technologies, such as electronic images referred to as "single-pixel" GIF files or "Web Beacons." These technologies aid us in tracking the number of users accessing our platforms or visiting specific Cookies. The way we use the Web Beacons includes the following:

1. We utilize Web Beacons on our platforms to tally user visits and recognize registered users by accessing Cookies.

2. Through the Cookie information obtained, we are able to offer more convenient services on our platforms.

 

III. How We Share, Transfer, and Publicly Disclose Your Personal Information

(I) Sharing

We may share your personal information under the following circumstances:

1. We have obtained your explicit consent or authorization for sharing.

2. Sharing is required by statutory situations, for instance, when administrative, judicial, or other authorized bodies lawfully request and follow relevant procedures according to laws and regulations.

3. Sharing with affiliates: To ensure consistent service provision, facilitate unified management, and fulfill other Policy-specified purposes that necessitate the use and internal sharing of your personal information (occasionally including sensitive personal information), we may share pertinent personal information with our affiliates. This will involve sharing your personal information with Baodao Technology entities located outside the country/region where the information was originally collected. We will anonymize the necessary personal information and utilize it solely for internal and critical analysis, while adhering to the applicable laws and regulations for completing the corresponding procedures.

4. We may share pertinent information with our business partners to facilitate the provision of services to you. Our business partners encompass, but are not limited to, those involved in technical, payment, financial, renovation, and logistics services.

5. Based on the agreement: It is necessary to share information with a third party in accordance with the relevant agreements (including electronically signed agreements, platform rules, or other legal documents) between you and us.

Prior to any specific sharing, we will inform you of the third party's details, including their name, contact information, processing purpose and method, and the type of personal information being processed. We will then obtain your consent, in compliance with the applicable data protection laws. Please note that we will only share your personal information for legitimate, appropriate, necessary, specific, and clearly defined purposes. For companies, organizations, and individuals that we share personal information with, solely for the purposes stated in this privacy policy, we will establish strict information protection and confidentiality agreements, requiring them to adhere to these agreements and implement relevant security measures to safeguard your personal information.

Please be aware that to ensure uninterrupted access to your application account, browsing information, core function usage, and receipt of after-sales service on various Baodao Technology client ends, we will share certain usage information between these client ends (such as the MiButler system). This includes application account details, your operational records on various client ends, and the information gathered about you by these platforms.

(II) Transfer

As our business evolves, we and our affiliates may undergo mergers, acquisitions, asset transfers, or similar transactions. In cases where such transactions involve the transfer of personal information, we will ensure that the receiving company or organization continues to adhere to this privacy policy. If not, we will require that they seek your fresh authorization and consent. During this process, we may need to conduct due diligence and other reasonable business arrangements, as requested by potential buyers or other entities. This might involve anonymizing your personal information to guarantee that your identity remains unrecognized and unrecoverable before disclosing it to third parties, such as audit institutions, law firms, and advisors.

(III) Public Disclosure

We will only publicly disclose your personal information under the following circumstances, and after implementing industry-standard security measures:

1. Disclosing the personal information you specify, in the manner you explicitly agree to, based on your need;

2. We may publicly disclose personal information, as per the required types and disclosure methods, in accordance with legal obligations or directives from administrative or judicial authorities. Subject to legal and regulatory provisions, upon receiving requests for disclosure of the aforementioned information, we require the presentation of corresponding legal documents, such as subpoenas or investigation notices.

Please be aware that information voluntarily published or publicly shared while utilizing our services may contain personal or sensitive personal information about yourself or others. This includes order details, as well as text, images, or videos uploaded when providing feedback or using after-sales functions, which may include personal data. We strongly advise caution when deciding whether to publish or publicly share such information through our services.

(IV) Exceptions to Obtaining Authorization and Consent for Sharing, Transferring, and Public Disclosure of Personal Information

In certain circumstances, we are not obliged to seek your authorization and consent prior to sharing, transferring, or publicly disclosing your personal information:

1. When it pertains to fulfilling our legal and regulatory obligations;

2. When it directly relates to national or defense security;

3. When it directly concerns public safety, health, or significant public interests;

4. When it is directly linked to criminal investigations, prosecutions, trials, or verdict executions;

5. When necessary to protect significant legitimate rights and interests, such as life and property, of you or others, and consent is difficult to obtain;

6. Personal information that you have voluntarily made public;

7. Collecting personal information from legitimately public sources, like news reports, government disclosures, or other channels.

As per legal provisions, when de-identified personal information is shared, transferred, or publicly disclosed, and it is ensured that the data recipient cannot restore or re-identify the subject, we are not required to separately inform you or obtain consent for processing such data.

IV. How We Store and Protect Your Personal Information

(I) Preservation of Personal Information

1. Duration of Storage: Unless otherwise mandated by law or agreed upon by both parties, we will retain your pertinent personal information only for the minimum duration necessary to fulfill its purpose. The determination of the storage duration for personal information is primarily based on the following criteria, whichever comes longer:

(1) Completion of transactions related to you, maintenance of corresponding records to address potential inquiries or grievances from you;

(2) Ensuring the safety and quality of the services we provide to you;

(3) Your consent to a prolonged storage period;

(4) The presence of any other special agreements or legal and regulatory stipulations regarding the retention period.

(5) After the storage period has elapsed, your personal information will be erased or anonymized.

2. Storage Location: We will store the personal information we collect from you in your geographical area, complying with the requirements of applicable laws and regulations. To manage our global business and maintain our service level, we may transfer the collected personal information to countries and regions beyond your geographical area, and/or permit access to the stored personal information by entities from such locations, only when necessary and in accordance with applicable laws and regulations. We will adhere to the corresponding procedures and fulfill our obligation for cross-border transfer of personal information, as per the legal requirements. Additionally, we will ensure that data recipients handle personal information in line with this Privacy Policy and other pertinent security measures, providing protection standards that are not less than those outlined in this Policy.

3. Termination of Operations: In case of circumstances like the cessation of operations, we will provide you with a minimum of 30 days' advance notice and either delete or anonymize your personal information following the termination.

(II) Measures for Protecting Personal Information

1. Data Security Precautions. To guarantee the safety of your information, we have put in place a range of physical, electronic, and administrative security measures that align with industry standards for protecting your personal information. Simultaneously, we have set up a system for data classification and grading, specifications for data security management, and guidelines for data security development, aimed at regulating the storage and usage of personal information. MIXUE Ice Cream & Tea employs comprehensive security measures for data prevention and control through confidentiality agreements for information access, along with monitoring and auditing systems. These are designed to prevent unauthorized access, public disclosure, misuse, alteration, damage, or loss of your personal information. As an example, we utilize SSL encryption technology when exchanging sensitive data (like credit card details) between your browser and our "Service"; the website itself is secured with https browsing; encryption methods are employed to maintain data confidentiality; trusted mechanisms are in place to thwart malicious data attacks; and access controls ensure that only authorized individuals can access personal information. Furthermore, we conduct security and privacy training sessions to reinforce among our employees the significance of protecting personal information.

2. Please be aware and understand that the internet does not offer absolute security. We strongly advise you to create a complex password and use secure login methods for your account, as this aids us in enhancing your account's security. If you become aware of any leakage of your personal information, particularly relating to your account or password, we urge you to immediately contact us using the details provided in this Privacy Policy, enabling us to take prompt and appropriate action.

3. Security Incidents. In the event of a personal information security incident, we will swiftly assemble a dedicated emergency response team, initiate contingency plans to halt the incident's spread, and, in compliance with legal regulations, promptly notify you of pertinent details: the incident's basics and potential consequences, the measures we've taken or intend to take, advice for you to mitigate risks independently, and remedial actions available to you, amongst others. We will expeditiously communicate the incident's status to you via various channels such as email, letter, phone, or push notifications. If directly notifying each individual is impractical, we will employ reasonable and efficient means to disseminate public announcements. Concurrently, we will adhere to regulatory authorities' directives and proactively report on the handling of personal information security incidents.

V. How You Can Manage Your Personal Information

You retain the following rights over your personal information:

(I) You are entitled to access, copy, amend, and augment your personal information.

You may oversee your account details by accessing your personal profile and account settings; if you encounter difficulties managing this information, you may reach us at any time using the contact details outlined in the "How to Contact Us" section of this Privacy Policy. We will respond to your access requests within 15 working days from the receipt of your feedback.

(II) You reserve the right to erase your personal information.

You may delete selected information as outlined in section (I) “) You are entitled to access, copy, amend, and augment your personal information”, or alternatively, contact us to remove your personal data using the contact information provided in the "How to Contact Us" section of this Personal Information Protection Policy. Furthermore, you have the option to eliminate all your information by requesting account cancellation.

Under the following circumstances, you may submit a request for personal information deletion through the designated contact channels in our Privacy Policy's "How to Contact Us" section:

1. If our handling of personal information is in violation of laws and regulations;    

2. If we have gathered and utilized your personal information without your explicit consent;    

3. If our management of personal information grossly breaches our agreement with you;

4. If our processing objective has been fulfilled, is unachievable, or is no longer pertinent to the intended purpose;

5. If we discontinue offering products or services, or if the storage duration has elapsed, etc.    

Following the deletion of pertinent information, either by you or with our assistance, please note that due to legal and technical security constraints, we might not be able to instantly remove the corresponding data from our backup systems. Rest assured, we will securely maintain your personal information and prohibit any further processing until such time as the backup can be purged or anonymized.

(III) Changing the Scope of Your Authorization or Withdrawing Authorization

You can adjust the scope of your consent or revoke your authorization by removing information within the app, altering privacy settings, or turning off device permissions within the system. Please be aware that, following these actions, we will be unable to continue delivering services linked to the revoked consent or authorization. However, this will not impact the processing of personal information that has already occurred based on your earlier authorization. . If you encounter difficulties completing these actions via the aforementioned links, you may reach us at any time using the contact details outlined in the "How to Contact Us" section of this Privacy Policy. We will respond to your access requests within 15 days from the receipt of your feedback.

(IV) Canceling Your Account

You reserve the right to terminate your My MIXUE account. You can get in touch with us and communicate your cancellation request through the contact details outlined below in this privacy policy.

We will finalize the cancellation process within 15 working days from the receipt of your cancellation request. To maintain security, we might ask you to furnish adequate proof verifying your identity and the validity of your request. We commit to responding to your request within 15 working days upon receiving and validating your feedback and identity. Upon successful cancellation, we will cease offering you products or services and promptly delete or anonymize your personal information, in accordance with legal and regulatory provisions, unless otherwise specified by law. For instance, the E-Commerce Law of the People's Republic of China stipulates that commodity, service, and transaction information must be retained for a minimum of three years from the transaction's completion date. Once your personal information surpasses the retention period, we will delete or anonymize it in compliance with legal mandates.

(V) Exercising Other Statutory Rights of Personal Information Subjects

If you intend to exercise additional statutory rights pertaining to personal information under Chinese law (e.g., requesting the transfer of your personal information to a specified third party when prescribed conditions are met), feel free to contact us at any time via the contact information listed in the "How to Contact Us" section of this privacy policy. We will respond to your access requests within 15 working days from the receipt of your feedback.

We will respond to all requests related to exercising data subject rights, adhering to the requirements and timelines specified by applicable data protection laws. Within the bounds permitted by laws and regulations, there may be instances where we are unable to accommodate your rights exercise request:

l If your request clashes with our legal and regulatory obligations;

l If the information requested bears direct relevance to national or defense security;

l If the information requested is directly linked to public safety, public health, or substantial public interests;

l If the information requested pertains directly to criminal investigations, prosecutions, trials, or verdict executions;

l If compelling evidence suggests subjective malice or abuse of rights on your part;

l To protect significant legitimate rights and interests, such as your life, property, or those of other individuals, when it's difficult to obtain your authorization and consent;

l If responding to your request to exercise rights will cause serious harm to the legitimate interests of you, other individuals, or organizations;

l If the information requested pertains to commercial secrets.

VI. Complaints and Reports on Violations of Your Personal Information

If you believe we have engaged in any unlawful conduct or failed to adhere to this Privacy Policy in handling your personal information, you are entitled to lodge a complaint or report with us. You may reach out to us using the contact details provided in the "10. How to Contact Us" section. During the complaint process, kindly provide a comprehensive account of the circumstances where you believe your privacy rights have been infringed, along with pertinent evidence (e.g., screenshots containing your personal information).

We will meticulously examine all complaints and reports and communicate the resolution within [15] working days from the receipt of your complaint or report. In cases where your complaint involves grave violations, we will commence internal investigation procedures and take remedial action, if deemed necessary. Furthermore, we commit to preserving your privacy rights during the handling of your complaint, ensuring that your personal information remains secure from misuse.

If you harbor any inquiries or dissatisfaction regarding our handling outcomes, you also have the option to file a complaint with the local data protection regulatory authority.

VII. Protection of Minors' Personal Information;

It is important to note that we do not typically proactively gather or process the personal information of minors. In situations where we obtain personal information from minors with the approval of their parents or guardians, we shall only utilize or publicly disclose such information within the boundaries permitted by law, with unequivocal consent from parents or guardians, or when it is deemed essential for the protection of the minors.

If you are a parent or guardian of a minor and have inquiries about our handling of their personal information, you may contact us through the details outlined in the "How to Contact Us" section.

VIII. Notices and Amendments

To provide you with better services, our business may undergo occasional changes, and consequently, this Privacy Policy may be adjusted. We will not diminish your rights under this Privacy Policy without obtaining your explicit consent. We will inform you of any updates to relevant content either through the release of an updated application version or via other communication methods. We kindly encourage you to visit us regularly to stay up-to-date with the latest Privacy Policy. In the event that you continue using our services after the aforementioned updates, it signifies your acceptance of the revised Privacy Policy and your agreement to be bound by its terms.

You can ascertain the update time of this Privacy Policy by referring to the information presented at its commencement.

IX. How to Contact Us

If you harbor any inquiries or concerns pertaining to our utilization of your personal information or this Privacy Policy, particularly if you suspect that our handling of personal information has infringed upon your legitimate rights and interests, you may reach out to us through the following avenues. Rest assured, we will respond to your inquiry within 15 days from the date of receiving your feedback:

1. You may get in touch with us via the online contact information/customer service system accessible on platforms such as the website of MIXUE Ice Cream & Tea (for instance, https://www.mxbc.com/), our app, WeChat Open Platform account, or mini program. Alternatively, you can dial our National Customer Service Hotline at 400-700-6146, ext. 4.

2. Additionally, you have the option to contact us through postal mail. Our mailing address is as follows: 16/F, Block A, Hanhai Beijin Commercial Center, located at the Intersection of Wenhua Road and North Third Ring Road, Jinshui District, Zhengzhou City, Henan Province, People's Republic of China, post code: 450003.

3. For email communications, you can reach our Personal Information Protection Department at mymixue@mxbc.com.

4. To ensure your privacy and security, when corresponding with us, we may request verification of your identity prior to processing your inquiry.

5. In principle, we do not impose fees for reasonable requests. However, in cases of repetitive or excessive requests beyond reasonable limits, we reserve the right to charge a fee, depending on the circumstances. We may reject requests that are unreasonably repetitive, demand excessive technical measures (such as the development of new systems or significant alterations to existing practices), pose risks to others' legitimate rights and interests, or are highly impractical.

6. Under the following circumstances, legal and regulatory obligations prevent us from responding to your requests:

(1) When it directly relates to national or defense security;

(2) When it directly concerns public safety, health, or significant public interests;

(3) When it is directly linked to criminal investigations, prosecutions, trials, or verdict executions;

(4) When there is ample evidence of subjective malice or abuse of rights;

(5) When responding to your request could cause severe harm to the legitimate rights and interests of you, other individuals, or organizations; or

(6) When trade secrets are involved.

X. Appendix

1. Personal Information: Refers to a range of information, recorded electronically or through other means, that can identify or reflect the activities of a specific individual, either alone or in combination with other data. The personal information that may be involved in this Privacy Policy includes but is not limited to: basic personal information (such as name, phone number, gender, address, birthdate, etc.); personal identification information (such as ID card, military ID, passport, driver's license, etc.); network identity information (including system account, IP address, email address, as well as passwords, passphrases, and passphrase protection answers related to the aforementioned); personal property information (such as bank account number, transaction and consumption records, credit records, virtual property information, etc.); contact information (including contact list information, friend list, etc.); personal internet browsing history (including website browsing history, click history, etc.); personal device information (including unique device identification codes and other information describing the basic attributes of personally used devices); personal location information (including travel tracks, precise location information, etc.).

Please note that information which cannot identify you or be directly linked to you, either in isolation or when combined with other data, does not constitute personal information. If we combine information that cannot be linked to any specific individual with other information to identify a natural person, or use it alongside personal information, such information will be considered personal information during the period of combined use.

2. Sensitive personal information pertains to personal information that, if disclosed, unlawfully provided, or abused, may harm personal and property safety, and is highly likely to cause damage to personal reputation, physical and mental health, or lead to discriminatory treatment. The sensitive personal information that may be covered by this Privacy Policy comprises: personal identification information (including ID cards, military IDs, passports, driver's licenses, student IDs, etc.); personal financial information (bank account details, transaction and consumption records, credit histories, virtual property information, etc.); and other information (such as movement trajectories, address book details, precise location data, etc.).