LEGAL BASIS FOR PROCESSING PERSONAL DATA OF CHINESE RESIDENTS

4Sync is committed to compliance and adherence to Personal Data privacy and protection laws, rules and regulations, including:

Data Retention

Retention of Personal Data of 4Sync Users within the territory of China will be handled in accordance with 4Sync Data Retention policy (see Chapter IV, Section 5 of the Privacy Policy).

Personal Data Rights of Chinese Users of 4Sync

Pursuant to Personal Information Protection Law ("PIPL"), Chinese users of 4Sync have the right to access their Personal Data that 4Sync maintains, as well as

• request anonymization, restriction or deletion of unnecessary and/or excessive Personal Data;
• exercise the right of Data portability;
• revoke consent to Personal Data processing at any time.

To exercise any of these rights, please send us a corresponding request to the 4Sync Data Protection Officer (DPO), at privacy@4sync.com.

We do not collect Personal Data from Users who do not have a registered account at 4Sync.

4Sync is committed to resolving complaints about our collection or use of Personal Data.

Chinese individuals who have complaints regarding this Privacy Policy should first contact the 4Sync DPO at privacy@4sync.com.

Disclosure of Personal Data to Third Parties, Onward Transfer

4Sync may disclose Personal Data of Chinese Users of 4Sync to third parties in cases described above in Chapter III of this Privacy Policy.

The disclosed Personal Data will be used solely for the purposes set forth in this Privacy Policy.

You may request disclosure, correction, addition/update, restriction and erasure of your Personal Data processed by 4Sync by contacting our DPO at privacy@4sync.com.

Notifying Third Parties about Personal Data Restriction, Rectification, Erasure

Where 4Sync has disclosed Personal Data of its Chinese User to any third parties, and the User has subsequently exercised any of the rights of restriction, rectification or erasure of such data, 4Sync will promptly notify those third parties of the User's exercising of those rights. In no case 4Sync shall be liable for the failure of any third party to comply with such a User's request.

4Sync is exempt from this obligation if it is impossible or would require disproportionate effort.

Cross-border Data Transfer

4Sync doesn't own or operate any web servers on the territory of the People's Republic of China, hence processing Personal Data of Chinese individuals outside the territory of China.

Cross-border data transfer is handled in accordance with our Terms of Service and Privacy Policy for the purpose of fulfilling our obligations as a provider of cloud data storage and cross-platform data sync services within our Digital Properties.

Security Breach Remediation Mechanisms and Notifications

In the event of any security breach, 4Sync is committed to taking the immediate remediation actions and promptly notify affected 4Sync Users. 4Sync will be exempt from such obligation in case it is impossible, or if our adopted measures have enabled us to effectively avoid security breach harms to individual Users of 4Sync.

Collection and Use of Sensitive or Special Categories of Personal Data

4Sync does not knowingly collect, store or in any other way process Sensitive Personal Data, such as:

• Personal Data revealing health information, sex life and/or sexual orientation;
• Personal Data, regarding a person's racial or ethnic origin, religious or philosophical beliefs, political opinions, trade-union membership;
• biometric and/or genetic data;
• Personal Data of Children aged below 18 years.

If 4Sync is made aware that it has received such Sensitive Personal Data, we will take reasonable steps to remove this Personal Data from our records.