Welcome to the China International Import Expo (hereinafter referred to as "CIIE") Information Platform (hereinafter referred to as "the Platform"). The Platform is operated by the China International Import Expo Bureau and National Exhibition and Convention Center (Shanghai) Co., Ltd. (hereinafter referred to as "we"). The Personal Information and Privacy Protection Policy(hereinafter referred to as "the Policy") applies to your (hereinafter referred to as "you" or "user") access and use of the Platform's websites, mobile websites (including the website version identified by the URL "www.ciie.org" and its mobile-optimized counterparts), applets, WeChat official accounts, and mobile applications.

The terms "you" or "user" in the Policy refer to CIIE exhibitors, buyers, trade visitors, and any other entities that access, browse, apply for account registration, log in, or utilize the services provided by the Platform.

We place paramount importance on the protection of your personal information. The Policy is established in compliance with applicable laws, regulations, and standards of the People's Republic of China (for the purposes of the Policy, excluding Hong Kong, Macao, and Taiwan regions), to clarify our procedures for processing and safeguarding your personal information, as well as your rights to protect your legitimate interests.

Prior to your initial use of the products and/or services offered by the Platform, please carefully review and confirm that you have fully comprehended all provisions of the Policy and make informed decisions based on the guidance provided herein. We employ bold formatting to highlight sensitive personal information in the Policy for your attention.

By checking the "I have read and agree to the Personal Information and Privacy Protection Policy" option, you expressly consent to our collection, use, storage, sharing, transfer, public disclosure, and protection of your basic personal information in accordance with the Policy.

If you do not agree to the Policy or any of its provisions, you must immediately cease registration, login, or use of any services on the Platform. If you have already registered an account but do not agree to the Policy or its updates, you may choose to cancel your account or discontinue using the Platform's services.

Last Update Date: October 16, 2025.

Should you have any inquiries or concerns regarding the Policy or related matters, please contact us using the information provided in [IX. How to Contact Us].

Important Notice:

The Policy does not apply to functions or services provided by third parties through the aforementioned websites, mobile applications, or applets. If the information you provide to a third party is not covered by the Policy, we advise you to review the third party's personal data protection statement to understand their information handling practices. You shall be solely responsible for any consequences arising from providing or sharing personal information with third parties when using their services.

Part I: Definitions

Platform Functions or Services of the Platform: refers to the integrated multi-terminal system and mobile client developed, operated and maintained by the official organizer of the CIIE, which provides registration and related services for participants including national representatives, social organizations, overseas enterprises, domestic trade missions, trade visitors, media personnel, and support staff attending the CIIE and Hongqiao International Economic Forum. This includes the CIIE official website, official mobile application, applets, WeChat official account, Weibo account, and Facebook official account.

Functions and Service Providers of the Platform: refers to the official organizers of the CIIE, including the China International Import Expo Bureau and the National Exhibition and Convention Center (Shanghai) Co., Ltd.

Address: 333 Songze Avenue, Qingpu District, Shanghai

ContactInformation: +86-21-968888

User: In the Policy, unless otherwise specified or expressly stated, refers to any natural person, legal entity, or other organization that accepts the Policy.

Personal Information: refers to any information recorded in electronic or other forms that, either alone or in combination with other information, can identify a specific natural person or reflect the activities of a specific natural person, including but not limited to name, gender, email address, mobile phone number, etc., and is strictly limited to the types of information necessary for achieving the service purposes described in the Policy.

Sensitive Personal Information: refers to personal data that, if disclosed or misused, may lead to infringement of a natural person's dignity or jeopardize personal and property safety. This includes biometric data, specific identity information, financial accounts, religious beliefs, medical and health records, job positions, departments, location tracking, transaction details, and personal information of children aged 14 or below. When processing sensitive personal information, we will obtain your explicit consent and clearly disclose the purpose, methods, retention period, and potential impact on your rights.

Personal Information Deletion: refers to the removal of personal data from operational systems to render it permanently irretrievable and inaccessible.

Network Services: refer to internet-based services provided by the Platform, including CIIE-related business promotion, business handling, business inquiries, and event consultation services.

Part II: Network Services

I. Network Services Provided by the Platform

1) Information services, including news releases, images, videos, audio recordings, announcements, guidelines, and other materials published on the CIIE platform.

2) Services including account registration, login, secure logout, password recovery, password modification, personnel registration, and credential verification for designated users such as CIIE exhibitors, trade missions, professional buyers, and media representatives.

3) Services including business handling, payment, and inquiries for designated users such as CIIE exhibitors.

4) Services including mobile navigation, positioning, traffic information, and translation.

5) Services including supply-demand matching for exhibitors and trade missions.

6) Services including insurance, transportation, aviation, catering, and advertising for the CIIE.

7) Services including forums and events related to the CIIE.

8) Additional services provided by the Platform to users.

II. The Platform reserves the right to modify the content of network services in accordance with the development of the CIIE business. Services provided by the Platform may be subject to change at any time without prior notice, and no commitment is made regarding the availability or discontinuation of such services. The Platform shall not be liable for any compensation or indemnification if users are unable to access part or all of the services due to adjustments, modifications, or termination of service content.

III. The Platform solely provides network services. All costs associated with communication equipment (e.g., computers, mobile phones, modems, and other internet-access devices) and communication services (e.g., telephone charges, broadband fees, and mobile data expenses for internet access) shall be borne by users.

Part III: Legal Notice

I. Rights Ownership

The logos, emblems, texts, graphics, and their combinations of CIIE and the Platform, as well as other logos, emblems, and service names of the Platform, are proprietary marks of CIIE in China and other countries. Without our prior written authorization, no individual or entity may display, use, or otherwise process (including but not limited to reproducing, disseminating, exhibiting, mirroring, uploading, or downloading) these elements in any manner, nor may you represent to others that you possess the right to display, use, or process them.

All intellectual property rights about the products, services, technologies, applications, or their components/functions (hereinafter referred to as "Technical Services") on the Platform are owned by the Platform or their respective rights holders. Unless otherwise specified, the Platform retains all rights (including but not limited to copyrights, trademarks, patents, trade secrets, and other related rights) to the materials published on its website, including but not limited to texts, graphics, pictures, photographs, audio, video, icons, color schemes, layout designs, and electronic documents. Without the express authorization of the Platform or relevant rights holders, no institution or individual shall use the aforementioned content without permission (including, but not limited to, monitoring, copying, retransmitting, displaying, mirroring, uploading, or downloading any content on the Platform through programs or devices). Authorized browsing, copying, printing, and dissemination of information content about the Platform's functions and services shall not be used for commercial purposes. Such use must clearly indicate the source of reference and acknowledge the Platform's ownership of all rights therein.

In the event of a user's violation of the Policy or applicable laws and regulations, the Platform reserves the right to take appropriate measures, including but not limited to service suspension/termination, account cancellation, or reporting to competent authorities, without assuming any liability arising therefrom.

II. Liability Limitations

Users of the Platform may upload, provide, or publish relevant information on their own initiative, including but not limited to personal data, user names, company names, contact persons and contact information, related pictures, and other materials. All such information is provided solely by the users, who shall bear full legal responsibility for any content they submit.

The Platform hereby notifies you that while using its functions and services, you must comply with the laws of the People's Republic of China. You shall not compromise network security or utilize the Platform's functions and services to engage in activities that infringe upon others' reputation, privacy, intellectual property rights, or other legitimate rights and interests. Notwithstanding the above notice, the Platform shall not be held liable for any consequences arising from your use of its functions and services, except in cases resulting from the Platform's intentional misconduct or gross negligence. In the event of any violation of this Policy or applicable laws and regulations, the Platform reserves the right to take actions, including, but not limited to, service suspension, account cancellation, or reporting to relevant authorities, without assuming any liability arising therefrom.

III. IPR Protection

We uphold intellectual property rights and prioritize their protection, actively opposing and combating any infringement thereof. Should any organization or individual believe that the Platform's functions and services infringe upon their lawful rights, they may submit a formal written notice with valid supporting documentation to our official service hotline (+86-21-968888). The Platform owner will promptly address such matters in accordance with the law upon receipt of complete documentation.

Part IV: Privacy Protection Policy

Recognizing the critical importance of personal information, we implement appropriate security safeguards in full compliance with legal requirements. The Policy aims to inform you about how we collect and use your personal information when you use the Platform. The Policy will help you understand the following details:

·How We Collect and Use Your Personal Information

·How We Use Cookies and Similar Technologies

·How We Entrust Processing, Share, Transfer, and Publicly Disclose Your Personal Information

·How We Protect Your Personal Information

·Your Rights

·How We Handle Children's Personal Information

·How Your Personal Information Is Transferred Globally

·How the Policy is Updated

·How to Contact Us

I. How We Collect and Use Your Personal Information

(I) Scenarios and Categories of Personal Information We Collect

1. Account Registration or Use of Specific Business Functions

1) During the account registration process, we will collect essential personal information from you, including but not limited to: username, account password, mobile phone number, and email address.

2) If you use specific business functions (e.g., processing, binding, or reusing credentials), we will collect additional necessary personal information from you:

1. Essential registration details pertaining to [company nature, business type, import business data, etc.].

2. For individual users, we shall collect your full legal name, residential address, nationality, [personal identification documents, professional designation, certificate photo], and related information.

3. For corporate, institutional, or governmental entity users, we shall collect your institution's name, registered capital, unified social credit code, address, contact number, business scope, [other registration prerequisites], and other requisite details.

4. In compliance with the Personal Information Protection Law of the People's Republic of China, the Security Management Measures Concerning the Application of Facial Recognition Technology, and other relevant laws and regulations, as well as public safety supervision and public health administration requirements, we will collect personal information, including certificate photos and facial biometrics, to fulfill mandatory identity authentication purposes. The aforementioned information is collected exclusively for identity authentication, service security assurance, and compliance with statutory public safety management obligations. We will employ automated recognition technology to verify your facial biometrics against identity credentials and certificate photos. Upon successful verification, such data will be either immediately discarded or securely encrypted and retained only for the legally mandated retention period. Unless otherwise required by applicable laws and regulations, your personal information will be retained only for the minimum duration necessary to fulfill the aforementioned processing purposes. Failure to provide the aforementioned information may result in denied access to CIIE exhibition venues due to incomplete identity verification, and we will be unable to provide related services. However, you can still enjoy other services that do not require facial recognition. The specified personal information will be stored on our servers. We undertake to safeguard this information and fulfill our obligations regarding information security protection. We may collaborate with third-party partners to enhance identity verification technology. Such third parties will be contractually obligated to maintain security standards equivalent to ours when storing and processing this information, and to fulfill their information protection responsibilities. Unless we obtain your separate consent or are legally required, your facial biometrics will not be transmitted via the internet or utilized for other purposes. Should you choose not to use facial recognition, alternative verification methods will be provided; however, please note this may impact your experience and reduce access efficiency. We appreciate your understanding.

Both individual and institutional users shall be responsible for the authenticity, accuracy, and completeness of the registration information provided, and must not infringe upon any third-party rights. Your refusal to provide such information will not affect the normal operation of other functions.

We adhere to the "minimum necessity" principle when collecting the aforementioned information, obtaining only essential data for registration and specific business functions. Sensitive personal information, including identification documents and certificate photos, is rigorously protected through encrypted storage and access control measures. Such data will not be disclosed or repurposed without legal mandate or your explicit authorization.

2. Account Cancellation

You have the right to cancel your account at any time. Upon voluntary account cancellation, we will cease providing you with products and services, and shall delete or anonymize your personal information in compliance with applicable laws and regulations.

Important:Account cancellation is irreversible. After cancellation, you will no longer have access to any services or benefits associated with this account.

For inquiries regarding the Platform's account cancellation procedure, please contact our official service hotline at +86-21-968888.

3. Information Generated Through Platform Functions and Services

1) Information you provide to us

We will retain your personal information only for the period necessary to fulfill the purposes outlined in the Policy. We have executed stringent data protection agreements with all third parties, mandating their compliance with our directives, the Policy, and all applicable confidentiality and security protocols when processing personal information. They are expressly prohibited from using your personal information for any purposes beyond those authorized by us.

While utilizing our functions or services, you may provide feedback regarding your experience with the Platform's functions or services via the official service hotline (+86-21-968888). This enables us to better understand your usage patterns and requirements, thereby enhancing our functions and services.

2) Information collected during your use of functions and services

To deliver tailored smart hardware/software, optimized page displays, search results, product compatibility assessments, and abnormal account detection, we may automatically collect and retain your personal information on the Platform, including but not limited to movement trajectories, browsing history, etc.

Device Information: Based on the specific permissions granted during software installation and use, we collect and record information related to your device (e.g., device model, platform name, device ID, system version, manufacturer, hardware serial number, public IP address, IMEI, carrier name, mobile phone number, mobile country code, mobile network code, browser user agent, MAC address, OS version and type, CPU model, and machine name). We also collect location-related data (e.g., IP address, GPS/BeiDou coordinates, and sensor information from Wi-Fi access points, Bluetooth, and base stations).

Log Information: When you utilize the functions or services provided by our website or client applications, we automatically gather detailed usage data, which is stored as network logs. This includes search queries, IP address, browser type, telecom carrier, language preferences, access timestamps, visited webpage records, and call status information.

Please note that standalone device information, log data, search keywords, and similar data points cannot be used to identify a specific natural person. If we combine such non-personal information with other information to identify a specific natural person, or use it in conjunction with personal information, such non-personal information will be treated as personal information during the period of combined usage. Unless authorized by you or required by applicable laws and regulations, we will anonymize and de-identify such personal information.

When you contact us, we may require necessary personal information to verify your identity in order to safeguard your account security. To facilitate communication with you, promptly address your inquiries, or document solutions and outcomes, we may retain records of our correspondence/call logs and related content (including account information, supporting evidence you provide, or contact information such as phone numbers and email addresses).

3) Information collected during your use of personalized recommendation services

We collect relevant service usage information, including device information, logs, and service usage details to provide you with enhanced and more personalized services, such as delivering a consistent yet tailored experience across different servers or devices, offering input recommendations, customer service interactions, or information push notifications that better align with your needs, assessing product compatibility, and detecting abnormal account activities.

Logs: When you utilize functions or services on our webpages or client applications, we automatically record detailed usage data of our functions and services, which is stored as network logs. This includes your IP Address, browser type, telecom carrier, language preferences, access timestamps and duration, software/hardware specifications, requested webpage records, and Cookies related to the Platform's functions or services.

Service Usage Information: We will record information you submit or generate when utilizing the Platform's functions or services, including settings (such as password retention and modification timestamps).

4) Location information (including precise positioning information)

It refers to location information we collect when you enable device positioning and use our location-based services, including geographic location information obtained through GPS or Wi-Fi when accessing our services via mobile devices with positioning capabilities.

5) Supplementary services

During CIIE, individuals with inquiries may use the Platform's communication channels, including instant messaging and message boards. To utilize this function, real-name verification requirements may necessitate providing authentic identification details, including full name, personal identity information (ID card number/passport number), and contact information.

To enhance and improve our services, we may conduct surveys, opinion polls, or other market research activities to collect your feedback or preferences. Your participation may require you to provide personal information, including but not limited to name, gender, age, preferences, and interests.

For these supplementary services, you may choose not to provide such personal information while retaining full access to all other functions.

6) Collection of your personal information from third parties

We may obtain your personal information indirectly from third parties, provided that: we have verified that such third parties have obtained your explicit authorization and consent for sharing such data with us, or the disclosure is legally permitted or required under applicable laws.

We require third parties to warrant the lawful and compliant sourcing of personal information. In cases of legal violations by third parties, we shall expressly demand that they assume corresponding legal liabilities.

We will ascertain the scope of authorization and consent obtained by third parties for personal information processing, including the intended purposes, and whether the information subject has consented to transfer, sharing, public disclosure, deletion, etc.

The personal information obtained from third parties will be utilized to provide services to you and to ensure the accuracy of records maintained by us. Should our processing of such personal information exceed the scope of the authorization and consent obtained by third parties, we will seek your explicit consent, either directly or through the third parties providing the information, within a reasonable period after obtaining the data or before processing it. In the event of data leakage or loss due to a third party's failure to obtain proper user authorization or any unlawful or non-compliant conduct, the Platform will actively assist users in pursuing accountability against such third parties.

7) Declaration regarding redirects to third-party platforms

The Platform may include links to third-party websites, products, or services. When you utilize these services (e.g., by scanning QR codes to access third-party services), your information will be directly collected and processed by such third parties. We hereby formally notify you:

This service is provided by third parties, and the Platform assumes no responsibility for its content, privacy policies, or operations.

Prior to disclosing any personal information to third parties, please thoroughly review and comprehend their respective privacy policies.

The information processing relationship between you and any third party shall be governed exclusively by such third party's privacy policy, and is not subject to the Policy.

For clarity, the aforementioned scenarios are not mutually exclusive with respect to the categories of personal information we collect. Information collected under one scenario may similarly be obtained in other specified scenarios.

(II) Utilization of Your Personal Information

1. During service provision, we employ collected information for identity verification, customer support, security protection, fraud detection, archival purposes, and backup procedures to safeguard the security of products and services delivered to you.

2. To assist in designing and promoting new products and services, as well as enhancing our existing products and services through data analysis.

3. To gain deeper insights into how you utilize our services, enabling us to cater to your personalized needs more effectively, including language preferences, location settings, customized assistance, and tailored responses for you and other users.

4. To deliver targeted advertisements relevant to your interests instead of generic promotions. When using our services, we may send emails, SMS, or push notifications based on your information. You may opt out by following the provided instructions.

5. To assess and enhance the effectiveness of advertisements, promotional campaigns, and other marketing initiatives within our products and services.

6. For software authentication or managing software upgrades.

7. To invite your participation in surveys regarding our products and services.

8. After collecting your personal information, we will de-identify the data through technical measures, and the de-identified information will no longer be attributable to any specific individual. By acknowledging this policy, you agree that we reserve the right to utilize de-identified information under such circumstances. Furthermore, in compliance with applicable laws and regulations, we may conduct a comprehensive analysis and utilization of user databases containing your personal information.

9. Should we intend to use your information for purposes not specified herein, we will obtain your explicit consent in advance.

(III) Mobile Application Permissions

1. Scope of Mobile Application Permissions

1) To ensure the security, legitimacy, and authentication of your mobile application usage, as well as account protection, we collect the following device information: MAC address, unique device identifier, SIM card information, IMSI information, IMEI information, device model, IP address, mobile phone number, network type, and manufacturer information.

2) To ensure proper operation of the mobile application, including loading H5 pages and displaying requested content and functions, we require your authorization for the mobile application to access multimedia content (including images) on your device and utilize its storage capabilities.

3) To utilize intelligent voice translation or voice assistant features, you must grant the mobile application authorization to access your device's microphone. Without this authorization, the corresponding services will be unavailable.

4) To access location-based navigation services, you must authorize the mobile application to obtain your device's location information. Without this authorization, the corresponding services will be unavailable.

5) To connect to public WiFi within the venue, you must grant the mobile application permission to access your device's mobile network information, WiFi connection information, and modify network connectivity settings. Without these authorizations, the corresponding services will be unavailable.

6) If the mobile application you are using requires functions such as facial recognition or real-name authentication, you must grant camera access permissions to your device. Without this authorization, the corresponding services will be unavailable.

7) Should you need to contact the official service hotline (+86-21-968888) or identify relevant supply-demand information via phone call, you must grant the mobile application authorizations to access your device's contact list and place calls. For email correspondence, authorization is required to access your device's application list and launch email-related applications. For SMS/MMS communications, authorizations to read/write messages must be granted. Without these authorizations, the corresponding services will be unavailable. You may also record or copy the contact information of relevant contact persons, input or paste such information in external applications, and establish communication with the respective contact persons.

8) To perform updates or upgrades via built-in mobile functions, you must grant authorizations for file installation and application list access. Without these authorizations, the corresponding services will be unavailable.

9) To enhance your understanding of CIIE developments, we may deliver relevant updates through mobile push notifications.

These authorizations can be reviewed and revoked on your device. Refer to [V. Your Rights] for detailed revocation procedures.

2. Information Collection by Third-Party Services

In specific business service scenarios, to enhance processing capabilities, improve response times, or for other operational considerations, we may engage qualified third-party service providers to deliver Software Development Kits (SDKs) for your service. These SDKs may collect and process your personal information, which we will only do upon obtaining your explicit authorization and consent.

The specific names of authorized third-party service providers, processing purposes, types of personal information involved, and links to their privacy policies are all detailed in the latest SDK inventory published separately on our official website. The Platform will conduct periodic compliance evaluations of all integrated third-party SDKs and publish updated lists in our privacy policy or on the official website. We mandate that third-party service providers implement personal information protection measures that meet or exceed the standards set forth in the Policy, and execute data processing agreements to define their respective rights and obligations. A dedicated consent pop-up must be displayed upon a user's first engagement with the relevant function to obtain explicit permission. In the event of personal information leakage caused by the negligence of a third-party SDK service provider, the Platform shall assume corresponding liabilities within the legal framework and pursue compensation from the relevant third parties in accordance with applicable laws. For the list and details of integrated SDK vendors, please click here.

3. In compliance with national laws, regulations, and relevant policies, the following services on the Platform may collect corresponding information:

To ensure service security, availability, and stability, and to better analyze mobile application performance, we may record and access relevant data, including usage frequency, crash reports, aggregate usage statistics, performance metrics, and application origin of the client application.

(IV) Exemptions from Consent Requirement

Where permitted by law, we may collect and use your personal information under the following circumstances without requiring prior authorization and consent, and may decline requests for correction/modification, deletion, cancellation, consent withdrawal, or information access:

1. Concerning national security and defense.

2. Concerning public safety, public health, or significant public interests.

3. Concerning judicial or administrative law enforcement, including criminal investigation, prosecution, trial, and execution of judgments.

4. For the protection of vital legal rights and interests (such as life or property) of you or other individuals, where timely consent cannot be obtained.

5. Personal information voluntarily disclosed by you to the public.

6. Personal information collected from legally disclosed sources, including lawful news reports and government information releases.

7. Essential for the execution and performance of agreements or other binding documents with you.

8. Essential for ensuring the secure and stable operation of provided products and/or services, including the identification and resolution of malfunctions.

9. Essential for lawful news reporting purposes.

10. Where academic research institutions conduct statistical or academic research in the public interest and disclose research findings or descriptive results externally, any personal information contained therein shall be de-identified.

11. Other circumstances as prescribed by laws and regulations.

Please note that your consent to our use of the aforementioned information and authorizations constitutes authorization for us to collect and process such personal information. Revoking these permissions constitutes withdrawal of authorization, whereupon we shall cease further collection and processing of your personal information and will be unable to provide related functions dependent on such authorization. Your revocation of permissions shall not affect the lawfulness of any prior processing activities conducted based on your authorization. Detailed revocation procedures are specified under [V. Your Rights].

We hereby assure you that, except for the aforementioned exceptional circumstances, all personal information we collect is obtained through lawful means with proper authorization, and we shall never acquire your personal information through any illicit channels.

II. How We Use Cookies and Similar Technologies

(I) Cookies

To enhance your browsing experience, when you access the functions or services of the Platform, we may employ various technologies to collect and store data related to your usage. This enables us to recognize your identity upon subsequent visits and, through data analysis, deliver optimized services tailored to your needs. This includes utilizing small data files to authenticate your identity, which helps us understand your usage patterns, eliminate repetitive credential input, and enhance account security. Such data files may include Cookies, Flash Cookies, or other local storage mechanisms provided by your browser or associated applications (collectively referred to as "Cookies"). Please note that certain services are exclusively available through the use of Cookies. If your browser or browser supplementary service permits, you may modify your Cookie acceptance settings or decline the Platform's Cookies. However, refusing the Platform's Cookies may result in limited access to certain features or services that rely on Cookies. Should you choose to reject or disable Cookies, the Platform does not guarantee the proper functioning of related functions or services and shall not be liable for any service unavailability or diminished user experience resulting therefrom.

(II) Pixel Tags and Client Beacons

Web pages often incorporate electronic pixel tags, known as "single-pixel GIFs" or "web beacons," which assist websites in tracking user visits or accessing specific Cookies. We utilize web beacons to collect information about your browsing activities, including the addresses of visited pages, referring page locations, duration of page visits, browsing environment, and display settings.

The Platform utilizes pixel tags in emails to determine whether an email has been opened. If you do not wish your activities to be tracked in this manner, you may refer to [V. Your Rights] for detailed instructions on how to revoke authorization.

(III) Do Not Track

Many web browsers are equipped with a Do Not Track feature, which sends Do Not Track requests to websites. Currently, major internet standards organizations have not established policies specifying how websites should respond to such requests. However, if Do Not Track is enabled in your browser, all our websites will honor your preference.

III. How We Entrust Processing, Share, Transfer, and Publicly Disclose Your Personal Information

(I) Entrusted Processing

Certain modules or functions may be provided by external service providers. For instance, we may engage professional data processing service agencies to offer technical support for data analysis on the Platform.

We enter into strict confidentiality agreements with companies, organizations, and individuals entrusted to process personal information on our behalf, mandating their compliance with our requirements, the Policy, and all applicable confidentiality and security measures.

(II) Sharing

To facilitate your communication with other CIIE users, you will share the personal information you provide on the Platform (excluding ID card number) between participating supply and demand parties (e.g., between you as a buyer and exhibitors, or between you as an exhibitor and buyers). You expressly acknowledge and consent to such information sharing with designated parties under the aforementioned conditions, provided it remains within the usage scenarios explicitly agreed upon during registration. We implement appropriate technical measures to ensure the security of your information.

Furthermore, your personal information may be disclosed to third parties under the following circumstances:

1) With your explicit consent, we may disclose your personal information to third parties other than exhibitors and buyers of the CIIE.

2) We may disclose your personal information when required by applicable laws and regulations, dispute resolution procedures, or mandatory orders from administrative or judicial authorities.

3) We may share your personal information with our affiliated entities. We will only share the minimum necessary personal information strictly for the purposes stated in the Policy. Should we need to share your sensitive personal information (like personal identity information) or if affiliated entities intend to process personal information beyond the scope of the Policy, we will obtain your explicit separate consent.

4) We may share your personal information with authorized partners of the CIIE to ensure the proper provision and completion of our products and/or services. However, we will only share your personal information for lawful, legitimate, necessary, specific, and explicit purposes, and only to the extent necessary for providing our products and/or services. Our partners are not permitted to use the shared personal information for any other purposes.

With regard to companies, organizations, and individuals with whom we share personal information, we enter into strict confidentiality agreements requiring them to process such information in compliance with our instructions, the Policy, and all applicable confidentiality and security measures.

The Platform's functions or services may include links to external websites. Unless otherwise required by law, the Platform assumes no responsibility for the privacy practices of external websites. We may engage additional business partners or co-branded websites as needed, but we will only provide them with aggregated information that does not reveal your identity.

For personal information leakage, misuse, or other unlawful activities caused by third parties due to their own actions, the Platform shall only be liable for its own conduct and assumes no joint liability for independent actions of third parties. Users shall directly assert claims against third parties for any losses incurred due to third-party services. Third-party websites, services, or content accessed through the Platform are governed by their own independently established and implemented personal information protection policies. The Platform assumes no responsibility for third-party privacy protection measures. Users are advised to thoroughly review third-party privacy policies prior to utilizing such services.

(III) Transfer

We shall not transfer your personal information to any company, organization, or individual, except under the following circumstances:

1) With your explicit consent, we may transfer your personal information to third parties.

2) In the event of merger, acquisition, dissolution, or bankruptcy liquidation involving the transfer of personal information, we will notify you of such transfer and require the new entity in possession of your personal information to remain bound by the Policy. Otherwise, we will require said entity to obtain your consent anew.

(IV) Public Disclosure

We will only disclose your personal information publicly under the following circumstances:

1) Upon obtaining your explicit consent.

2) Legally mandated disclosure: We may disclose your personal information when required by law, legal proceedings, or mandatory requests from competent government authorities.

IV. How We Protect Your Personal Information

(I) Information Storage Location

In compliance with applicable laws and regulations, all collected information shall be stored within China. However, as our Platform serves a global user base, you must consent to the storage of personal information collected from users outside the People's Republic of China during their use of the Platform's functions or services on servers located within China. The Platform shall ensure that such cross-border data transfers comply with the security assessment standards established by the Cyberspace Administration of China. Should you decline this policy, the Platform will be unable to provide you with any services. In such circumstances, we shall implement this policy to ensure adequate protection of your personal information.

(II) Information Retention Period

We retain your personal information only for the period necessary to fulfill the purposes outlined in the Policy, unless otherwise required by laws or regulations. Upon account cancellation, we shall permanently delete or anonymize personal information. Technical limitations may delay the deletion of backup information, which shall be retained only for the minimum necessary period (not exceeding statutory maximum retention periods) with strictly restricted access privileges.

(III) How We Protect Your Personal Information

We place paramount importance on the security of your personal information. In strict compliance with applicable laws and regulations including the Cybersecurity Law of the People's Republic of China, the Data Security Law of the People's Republic of China, the Personal Information Protection Law of the People's Republic of China, the Provisions on Protecting the Personal Information of Telecommunications and Internet Users, the Information Security Technology—Personal Information Security Specification, and the Baseline for Classified Protection of Cybersecurity, we have implemented a comprehensive information security management system and adopted appropriate technical and organizational measures to safeguard your personal information.

1) We have established a data-centric security management framework that encompasses the entire data lifecycle, enhancing system security through multi-dimensional approaches, including organizational structure, institutional design, personnel management, and product technology. Currently, our information systems have obtained Class III certification under the Classified Criteria for Security Protection of Computer Information System.

2) We have implemented encryption, anonymization, and other advanced technologies on our platform to enhance the security of personal information; employed trusted protection mechanisms to safeguard against malicious attacks; and deployed robust access control measures to prevent unauthorized access; Additionally, we have established a dedicated Security Management Center, comprising specialized Information Protection Division and Data Security Emergency Response Team, to advance and ensure personal information security; and conducted regular security and privacy protection training programs. Our implemented measures are designed to provide security safeguards commensurate with the risks associated with processing your personal information.

3) We will implement all reasonably practicable measures to minimize the collection of non-essential personal information.

(IV) Security Incident Management

To address potential risks, including personal information breaches, damage, or loss, we have established comprehensive protocols that define classification standards for security incidents and vulnerabilities, along with corresponding response procedures. Additionally, a dedicated emergency response team has been established for security incidents on the Platform. In compliance with security incident handling protocols, contingency plans are activated for various security incidents to mitigate losses, conduct analysis, identify root causes, implement remedial actions, and collaborate with relevant departments for traceability and comprehensive analysis.

In the event of a personal information security incident, we will notify you within the legally prescribed timeframe with the following details: the nature and potential impact of the incident, measures taken or to be taken by us, recommendations for your personal risk mitigation, and available remedies. We will communicate incident-related information via email, postal mail, telephone, or push notifications. Should individual notification prove impractical, we will issue public announcements through appropriate and effective channels. In the event of a major security incident, we will issue an initial notification within 72 hours of discovery through prominent channels such as platform announcements, registered SMS messages, and in-site notifications. A detailed written explanation will be provided within the legally mandated timeframe.

Additionally, we will submit reports on the handling of personal information security incidents as required by regulatory authorities.

While no method of electronic transmission or storage is 100% secure, and thus we cannot guarantee absolute security of personal information, we implement appropriate technical and organizational measures to protect your information against theft, loss, misuse, and any unauthorized access, copying, collection, use, disclosure, alteration, or destruction.

We recommend using strong passwords to help maintain the security of your account.

For any inquiries regarding our personal information protection practices, please contact us using the designated contact information specified in the Policy. In the event of any unauthorized disclosure of your personal information, particularly involving your account credentials, please immediately contact us through the designated channels specified in [IX. How to Contact Us] of the Policy, so we may implement appropriate protective measures.

V. Your Rights

(I) Access to Your Personal Information

Unless otherwise stipulated by applicable laws and regulations, you are entitled to access your personal information at any time by logging into your account.

You may also exercise this right by contacting us through the channels provided in [IX. How to Contact Us].

Should any inaccuracies occur in the processing of your personal information due to the Platform's error, you have the right to request the Platform to rectify such information at no cost, ensuring its accuracy and completeness.

(II) Rectification of Your Personal Information

When you identify inaccuracies in the personal information we process, you are entitled to request corrections. You may directly log in to your account to amend or update your personal information.

You may also exercise this right by contacting us through the channels provided in [IX. How to Contact Us].

(III) Deletion of Your Personal Information

Under the following circumstances, you may submit a request for deletion of personal information through the contact information provided in [IX. How to Contact Us]:

1) If our processing of personal information violates applicable laws and regulations.

2) If we collect or use your personal information without obtaining your consent.

3) If our processing of personal information breaches our agreement with you.

4) If you cease using our products or services, or if you cancel your account.

5) If we discontinue providing you with products or services.

Should we decide to comply with your deletion request, we will simultaneously notify any entities that have obtained your personal information from us, requiring them to promptly delete such information, unless otherwise stipulated by laws and regulations or unless these entities have obtained your separate authorization.

When you delete information from our services, we may not immediately remove the corresponding information from our backup system, but we will delete such information during subsequent backup updates.

For personal information stored in the backup system, the Platform will ensure deletion during periodic backup data updates, with the retention period not exceeding six months. The Platform will establish operational procedures for backup data deletion to ensure timely compliance with deletion obligations.

(IV) Modifying the Scope of Authorization and Consent or Withdrawing Your Authorization

Within the scope of your authorization for us to collect and process your personal information, you may modify or withdraw your authorization through settings adjustments. Users may disable relevant privacy authorization via "Mobile Settings > Permissions", specifically:

Android devices: Settings > Apps > Permissions.

iOS devices: Settings > Privacy > Permissions > Apps.

We employ algorithms to deliver exhibition updates and service notifications to your smart devices, though you retain the right to opt out at any time. You may unsubscribe by adjusting the settings within your smart device. You may also exercise this right by contacting us through the channels provided in [IX. How to Contact Us].

Please be advised that each business function requires certain essential information for completion. Upon withdrawal of your consent or authorization, we will no longer be able to provide the corresponding services, nor will we continue processing your relevant personal information. However, your withdrawal of consent or authorization shall not affect any prior information processing activities conducted based on your authorization. The Platform shall not be held liable for any consequences arising from service discontinuation due to the user's withdrawal of authorization.

(V) Cancel Your Account

You may log in to your account and proceed with account cancellation. For a specific operation, click the "Cancel Account" button on the Personal Information page. After reviewing and agreeing to the cancellation notice, you may proceed with account cancellation.

Alternatively, you may contact us through the channels specified in [IX. How to Contact Us]. Upon identity verification, we will process your account cancellation request.

Upon voluntary account cancellation, we will cease providing you with products and services, and shall delete or anonymize your personal information in compliance with applicable laws and regulations.

(VI) Obtaining Personal Information Copies

You may log in to your account to obtain copies of your personal information.

You may also exercise this right by contacting us through the channels provided in [IX. How to Contact Us].

(VII) Restrictions on Automated Decision-Making in Information Systems

For certain business functions, we may rely exclusively on automated decision-making mechanisms (including information systems and algorithms) without human intervention. If such decisions significantly impact your lawful rights and interests, you have the right to request an explanation. We will provide recourse methods without compromising trade secrets, other users' rights, or public interests.

(VIII) Responding to Your Requests

For security purposes, you may be required to submit a written request or provide alternative proof of identity. We may require identity verification before processing your request.

Unless otherwise stipulated in the Policy, we will respond to your request within fifteen (15) working days. For complaints or inquiries, please contact us using the information provided in [IX. How to Contact Us].

For user requests to exercise rights, should the Platform be unable to fulfill them within a reasonable timeframe due to technical, compliance, or operational constraints, it reserves the right to extend processing deadlines or decline requests deemed unreasonable, repetitive, or exceeding reasonable limits based on actual circumstances. The Platform is entitled to establish reasonable frequency and volume restrictions, and may impose limitations or rejections on rights abuse within legally permissible bounds.

We generally do not impose fees for legitimate requests; however, for excessively repetitive or unreasonable requests, we reserve the right to assess appropriate cost recovery fees as warranted. Requests may be declined if they are manifestly repetitive, require disproportionate technical resources (e.g., necessitating new system development or fundamental operational changes), jeopardize third-party rights, or prove demonstrably impractical (e.g., involving data stored on backup tapes).

Pursuant to applicable laws and regulations, we shall be unable to accommodate requests under the following circumstances:

1) Directly concerning national security and defense.

2) Directly concerning public safety, public health, or significant public interests.

3) Directly concerning criminal investigation, prosecution, trial, and execution of judgments.

4) Where substantial evidence demonstrates your intentional misconduct or abuse of rights.

5) Where fulfilling your request would severely impair the lawful rights and interests of yourself or other individuals/organizations.

6) Involving trade secrets or state secrets.

VI. How We Handle Children's Personal Information

The Platform's functions and services are primarily designed for adults. Minors are prohibited from creating user accounts without guardians' consent.

We do not knowingly collect personal information directly from minors. For children's personal information collected with guardians' consent, we will only process or disclose such information when legally permitted, guardian-authorized, or necessary for child protection purposes.

Notwithstanding varying definitions of minors under local laws and customs, we classify any individual below 14 years of age as a minor.

Should we identify any collection of children's personal information without obtaining verifiable guardians' consent in advance, we will promptly delete the relevant data.

The Platform shall bear no liability for any consequences arising from users registering or utilizing platform services by falsely impersonating minors or their legal guardians.

The Platform has implemented dedicated safeguards for protecting children's personal information, including establishing exclusive channels for guardians to revoke consent; maintaining segregated storage systems separating children's information from regular users' information; and restricting access to authorized personnel only and prohibiting commercial analytics usage to ensure children's information is never utilized for purposes unrelated to its original collection intent.

VII. How Your Personal Information Is Transferred Globally

As a fundamental principle, all personal information collected and generated within the People's Republic of China shall be stored exclusively within Chinese territory. If personal information needs to be transferred overseas, we will: (1) obtain your explicit consent in advance through pop-up notifications and checkboxes; (2) ensure the recipient maintains an equivalent level of information protection and execute the Standard Contract issued by the Cyberspace Administration of China; (3) disclose the recipient's name, contact information, and processing purposes on our official website. Should you decline consent, we will cease providing services requiring cross-border information transfer.

As the Platform delivers functions and services globally, users outside the People's Republic of China must consent to the transfer and storage of collected personal information on servers within China to access the Platform's functions and services. Non-compliance will result in function and service restrictions. In such circumstances, we shall implement this policy to ensure adequate protection of your personal information.

The Platform shall obtain users' explicit consent via pop-up notifications, checkboxes, or other unambiguous methods prior to any cross-border transfer of personal information. In response to legal variations across different countries or regions, the Platform will conduct assessments and implement necessary compliance measures to ensure lawful and compliant cross-border transfers.

VIII. How the Policy is Updated

We may periodically update the Policy to reflect legal, technological, or business developments. However, we will not diminish your rights under the Policy without obtaining your explicit consent. The most current version of our Policy will be published on this page, with the latest revision date indicated in the "Last Update Date" section at the top of this document.

For material changes to the Policy, we will provide appropriate notice through in-platform messages, pop-up notifications, email, SMS, or other effective communication channels. Your continued use of our services following the Policy updates, or failure to raise objections within 30 days, shall constitute your acceptance of and agreement to be bound by the revised Policy. Such modifications to the Policy shall become effective as of the date specified in the notification. If you do not agree to the updated Policy, you may choose to discontinue using the affected services at your discretion. However, core functions shall remain accessible, and you may request account cancellation. The Platform shall not be liable for any consequences arising therefrom. The Platform shall not be held liable for any consequences resulting from users' failure to review notifications promptly.

Material changes referred to in the Policy include, but are not limited to:

1) Material changes to our service models; including but not limited to purposes of personal information processing, categories of personal information processed, or methods of personal information utilization.

2) Material changes in ownership structure or organizational framework; such as ownership transfers resulting from business restructuring, bankruptcy, or mergers and acquisitions.

3) Changes to primary recipients of shared, transferred, or publicly disclosed personal information;

4) Material changes to your rights regarding personal information processing or their exercise mechanisms.

5) Changes to the responsible department, contact information, or complaint channels for personal information security matters.

6) When the Personal Information Security Impact Assessment Report identifies high risks. We will maintain archived versions of the Policy for your reference.

IX. How to Contact Us

Should you have any inquiries, comments, or suggestions regarding the Policy, you may contact us via our official service hotline: +86-21-968888.

We will promptly review the matter and provide a response within thirty (30) days upon verification of your identity.

If our response proves unsatisfactory, or if you believe our personal information processing practices have infringed upon your legitimate rights, you may seek resolution through consultation with us. Should such consultation fail to yield resolution, you hereby consent to submit the dispute to the competent People's Court in our jurisdiction for adjudication under the laws of the People's Republic of China (excluding Hong Kong, Macao, and Taiwan regions).