The tables below explain the information we collect under certain business scenarios and the purposes for which we use them. The collection and use of such information may vary under different scenarios.

Please note that when you choose to receive certain UBR Services, you should provide us with or allow us to collect certain information that is necessary to achieve the major purpose or use the core function (collectively, “Core Function”) of such Services or we will not be able to provide you with the Core Function.

You may also be requested to provide us with certain additional information which enables us to provide you with better user experience. However, if you choose not to provide such additional information, you will still be able to use the Core Function, but may not be able to receive certain additional Services or enjoy better user experience thereunder.

The tables below explain the categories of information we collect and the purposes for which we use them. Each UBR Service’s collection and use may vary. Please note that we may use any or all the information to comply with laws, detect or prevent fraud, or defend our legal rights. Further detail about each of the purposes is set out in the “Additional Information on Purposes of Use” section below.

Personal information (“PI”) means any information that is recorded, electronically or otherwise, that can be used alone or in combination with other information to identify a natural person or reflect the activity of a natural person, including such as name, date of birth, ID numbers, personal biometric information, residential address, contact information, communication records and content, username and password, property information, credit information, records of whereabouts, accommodation information, health and physiological information, transaction information of an individual.

Sensitive personal information means the personal information that once leaked, illegally provided or abused, could endanger personal and property safety, or easily lead to damages to personal reputation, mental & physical health, or discriminatory treatment, etc., including such as ID numbers, personal biometric information, bank account information, communication records and content, property information, credit information, records of whereabouts, accommodation information, health information, transaction information, and PI of minors under the age of 14. Sensitive personal information under this Policy is in bold letters and underlined.

Categories of PI we collect	Purposes of use
Information you provide to us:
Contact information and account registration May include: name, nick name, email, mailing address, telephone number of the guest himself/herself or the booker, account username and password, business contact information, and any information you may provide to us at an event or in person.	• Provide UBR Services • Personalize your experience • Send you marketing communications • Provide seamless experience across platforms and devices • Protect our users, Services and properties • Build and manage business-to-business relationships • Market and advertise for third-parties
Identification and demographics May include: government ID number, date of birth, gender, nationality, interests, lifestyle information, photos, social media credentials, including identification information about friends, contacts or referrals you provide.	• Provide UBR Services • Personalize your experience • Send you marketing communications • Provide seamless experience across platforms and devices • Protect our users, Services and properties • Market and advertise for third-parties
Transactional May include: credit/debit card details, purchase history, purchase order information, delivery address, membership information, reservations, and the personal details of any of your guests.	• Provide UBR Services • Personalize your experience • Send you marketing communications • Provide seamless experience across platforms and devices • Protect our users, Services and properties • Market and advertise for third-parties
User-generated content May include: photos, videos, audios, and other information you may submit to us, such as comment on our platforms.	• Provide UBR Services • Personalize your experience • Send you marketing communications • Protect our users, Services and properties • Market and advertise for third-parties
Research and feedback May include: comment that you send to us through online and social media platforms, by email, over the phone, by mail, or in surveys.	• Provide UBR Services • Personalize your experience
Biometric identifiers May include: facial image (Facial Recognition or “FR”), we collect at some of our theme parks or our offices.	• Provide UBR Services • Personalize your experience • Protect our users, Services and properties
Audio and video May include: audio recordings of guest service calls or security video footage if you visit one of our properties utilizing audio or video recording equipment such as security cameras and body-worn cameras.	• Provide UBR Services • Personalize your experience • Protect our users, Services and properties
Device information and identifiers May include: IP address, cookie IDs, browser type and language, operating system, platform type, device type, device ID (e.g. Android ID), and advertising and app identifiers.	• Provide UBR Services • Personalize your experience • Provide seamless experience across platforms and devices • Protect our users, Services and properties • Market and advertise for third-parties
Connection and usage May include: domain names,browsing activities, scrolling and keystroke activities, advertisements viewed, forms or fields you completed or partially completed, search terms, whether you open an email, content you viewed and duration, quality of the service and interaction with the content, logs, and other similar information. If these events occur while you are offline, they may be logged and uploaded to us when you are connected next time.	• Provide UBR Services • Personalize your experience • Provide seamless experience across platforms and devices • Protect our users, Services and properties • Send you marketing communications • Market and advertise for third-parties
Geolocation May include: city, province and ZIP code associated with your IP address or derived through Wi-Fi triangulation. We will ask for your permission before using your precise location from GPS-based functionality on your mobile devices.	• Provide UBR Services • Personalize your experience • Provide seamless experience across platforms and devices • Protect our users, Services and properties • Market and advertise for third-parties
Incident-related data May include: time, location and cause of the incident; physical condition and health information of the persons affected by the incident; belongings of the persons affected by the incident; treatment and assistance provided.	• Provide UBR Services • Protect our users, Services and properties
Health Information This may include the following information related to your park visit: your past medical history, medical treatment, present disease history, infection history, and information related to your physical health, such as temperature	• Provide UBR Services • Comply with pandemic prevention and control requirements • Provide in-park guest first aid assistance • Protect our users, Services and properties

Categories of PI we collect	Purpose of use	Source of information
Information we collect from third-parties:
Information from public and commercial sources May include: demographic information including at a household level, contact information, inferences about your preferences, loyalty program membership, and purchasing data.	• Provide UBR Services • Personalize your experience • Provide seamless experience across platforms and devices • Send you marketing communications • Build and manage business-to-business relationships • Market and advertise for third parties	• Advertising providers • Analytics providers • Marketers • Partners (such as for sweepstakes partners) • Consumer data resellers • Public records databases • Related Companies
Social Media Information May include: if you interact with us through social media service or log in using social media credentials, depending on your social media settings, we may have access to your information from that social media platform such as your name, email address, friends list, photos, age, gender, location, birthday, social media ID, current city, your comment about our Services, and people/sites you follow.	• Provide UBR Services • Personalize your experience • Send you marketing communications • Provide seamless experience across platforms and devices	• Social media networks • Partners of social media networks

Additional information we collect for business relationships only
Categories of PI we collect	Purpose of use	Source of information
Business contact information May include: company name, your name, email address, and job title.	• Build and manage business relationships	• You • Your company • Trade associations • Social media • Business data resellers
Due diligence information May include: contact information, nationality, job title, age, date of birth, gender, country of residence, employment and education information, public,religious, political or trade union roles, personal and professional affiliations, connections to criminal activities or offences related to money laundering.	• Compliance and risk management activities for business relationships	• Your or your company’s responses to our due diligence questions • Third-party compliance screening tools and databases we purchase

In the following scenarios, we may need you to grant specific access to us in the App, so that we can provide corresponding functions to you to the extent permitted by law and the app stores rules, including:

1. After granting us the NETWORK permission on your device, you can use your network to browse the relevant content in the App;
2. After granting us the PHOTOS and STORAGE permissions, you can cache it and use functions such as sharing posters;
3. After granting us the NOTIFICATION permission, we may send notifications to you;
4. After granting us the LOCATION permission, you allow us to obtain your location information to provide you with location-based services, such as: (1) obtaining your real-time location to provide map navigation services; (2) determining whether you are in the resort area or other specific areas to provide related functions exclusive to the resort area or such other specific areas;
5. After granting us the MICROPHONE permission, you allow us to obtain the voice you input, so that you can use the intelligent customer service and other functions accordingly; and
6. After granting us the advertising identifier permission, you allow us to obtain the IDFA (iOS 14 or above) of your iOS system or the equivalent in your Android system, so that we can provide you with personalized advertisements and directional push content.

The above permissions may, at your option, be turned on or off. Among them, Item 1 is necessary: If you do not grant us the permission, you will not be able to browse the basic content of the App. Items 2 to 6 are optional permissions: only when you need to use the corresponding functions, the specific permissions are required; if you refuse to grant any relevant permission, it will not affect your browsing of the basic content of the App.

We may provide additional notice or request specific consent before access your camera, microphone or other features on your phone if you choose to utilize certain advanced application features or functions.

Additional information on purpose of use

Provide UBR Services, for example:

• responding to your requests or inquiries, including technical support
• sending you service-related communications
• providing ticketing, hotel booking, payment services, mapping guidance, and offers
• displaying content you generate, such as video or comments
• carrying out research and analytics for uses including improving our Services and developing new Services
• processing your information for promotional campaigns such as sweepstakes and contests, and for surveys of online and offline panels and focus groups

Please note that, to provide you with park admission services and locker services, we may collect your facial image to complete photo validation. For more details of the photo validation process and how we use your facial image, please refer to Photo Validation Notice for Park Admission and Photo Validation Notice for Locker Services.

Personalize your experience, for example:

• providing you with customized product experiences, including personalized newsletters, viewing and other content recommendations from UBR, our partners and other organizations
• providing you with advertising based on your activities and interests including at a household level
• creating and updating profiles and audience segments that can be used for analytics, interested-based advertising and marketing on the UBR Services, third-party services and platforms, mobile apps and/or websites, connected and offline devices
• using inferences about your preferences and interests for any and all of the above purposes
• When we provide above personalized information to you based on your activities, interests and preferences through our algorithm, we will also provide you with an opt-out option

Send marketing communications (with consent if required), for example:

• sending you newsletters, surveys and information about products, services and promotions offered by UBR

Provide seamless experience across platforms and devices, for example:

• identifying you when you log into the UBR Service on multiple devices or web browsers to provide continuity and match your interests across devices for the purposes of analytics, advertising, reporting and to improve Services
• identifying you if your devices have attributes suggesting that they may be used by the same individual or household for purposes of analytics, advertising, reporting and to improve Services

Build and manage business relationships, for example:

• pursuing potential business opportunities, including identifying and contacting the correct person within the company
• sending communications for business purposes
• sending event invitations, marketing emails and campaigns, and tracking the effectiveness of such communications
• providing business contacts with access to our systems, and managing such access

Market and advertise for third-parties (with consent if required), for example:

• sending you newsletters, promotional emails, surveys and information about products, services and promotions offered by our partners and other organizations we work with (with consent if required)
• customizing content that our third-party partners deliver on the Services (e.g., personalized third-party advertising)
• creating and updating inferences about you and audience segments that can be used for interest-based advertising and marketing on the Services, third-party services and platforms, and mobile apps
• creating profiles about you, including adding and combining information we obtain from third-parties and matching your interests across devices, which may be used for third-party marketing and advertising on UBR Services, third-party services and platforms, mobile apps and/or websites, connected and offline devices

Compliance and risk management activities for business relationships, for example:

• complying with laws and regulations
• managing third-parties and other risks to our business
• protecting the reputation of our businesses
• following the principles of ethical business conduct set out in our code of conduct

Protect our users, Services, and properties, for example:

• protecting the safety and security of users and visitors to UBR Services
• providing appropriate assistance to users and visitors affected by safety and security incidents
• protecting our digital and physical properties
• detecting and preventing safety and security threats and other activities that may be illegal or in violation of our Terms of Services for the respective UBR Services
• investigating safety and security incidents
• pandemic prevention and control

Please note that during the COVID-19 pandemic period, in order to comply with the relevant regulatory requirements for pandemic prevention and control, when you enter the park, we will collect your health information and other relevant information by the following means:
- We will use temperature monitoring management system to collect your photos and temperature information, which will be stored locally and deleted in 7 days.
- You can provide your health information by scanning your ID card on a dedicated device provided by a carrier. If you choose to do so, the carrier will collect your ID number, name, gender, time of passage and health normal/abnormal information and delete it after 30 days. Your health normal/abnormal information is provided by Beijing Jian Kang Bao (Beijing Big Data Center). Alternatively, you can also show your Beijing Jian Kang Bao information to our staff.

We may combine all the information we collect from or receive about you for the outlined purposes. We may anonymize your information and may use, share, rent or sell such information which cannot identify you for any purpose as permitted by law, and such information is not subject to this Policy.

1. When we share your information

We will not share your personal information with any company, organization or individual, except under the following circumstances:

(1) Related Companies

Our related companies include Beijing Shouhuan Cultural Tourism Investment Co., Ltd., Universal (Beijing) Consulting Co. Ltd., and their respective affiliates (“Related Companies”). We may share your personal information with our Related Companies to help better tailor and provide the Services, products, marketing, and advertising to you and to other existing and potential customers. We may share identification and demographics, device information and identifiers, and research and feedback for purposes such as improving and tailoring the Services. In addition, business information may be shared for business operational purposes.

(2) Service Providers

We may engage service provider to perform business purposes on our behalf and share information with them to enable them to provide us with such business purposes, including research and analytics, hosting, transaction and payment processing, promotion administration, fraud prevention, identity management, acquisition and other services. Service providers may use such information for their operational purposes in order to provide their services to us.

(3) Advertisers, Advertising Networks, and Other Third Parties

We may share information about how you use UBR Services and interact with content or ads to better tailor the Services, products, marketing and advertising on our Services and third-party platforms. To enable these purposes, we may share certain demographics information, user-generated content, device information and identifiers, connection and usage data, geolocation data, public and commercial information, and social media information. These third-parties may use their own tracking technologies to collect or request information about you, please see our Cookies and Tracking Technologies Policy.

(4) Partners

We may share your information with third-party partners. For example, if you enter a contest or sweepstake sponsored by a third-party, we may share the information you provide for such entry with the sponsor. Depending on the partnership, we may share certain information including contact information (at your direction), identification and demographic information, transactional information, user-generated content that you provide, research and feedback, device information and identifiers, connection and usage information, public and commercial information, and social media information.

(5) Search Engines

Depending on the UBR Services, you may be able to engage with other members of the Services or the public. This may make the name and photo associated with your profile and any comments or user-generated content you provide visible to other members of that Service or the general public. If the information is available to the general public, it may also be searchable by search engines.

(6) Law Enforcement, Regulators, Anti-fraud Coalitions and other groups

We share any of the categories of information we collect, as appropriate, with these third-parties in order to: protect and enforce the legal rights, privacy, and safety of ourselves and our visitors; protect against possible fraud or other illegal activity or for risk management purposes; respond to inquiries or requests from government, regulatory, law enforcement, or public authorities; permit us to pursue available remedies, commence, participate in, or defend litigation, or limit the damages that we may sustain; and otherwise comply with the law including legal process.

(7) Third-party SDKs

Part of the services in our App or mini-program are provided by or with the support from third-party service partners. For this reason, our App or mini-program needs to integrate with third-party software development kit (“SDK”) or other similar tools. We will conduct security test on such SDKs, enter into agreement with the providers of such SDKs and require them to use, process and protect your personal information in accordance with this Policy and their respective applicable personal information protection policy.

We may need to adjust the third-party SDKs we integrate with in order to provide more services, ensure service stability and quality, or upgrade related functions. We will inform you of the latest status of such third-party SDKs on this page.

Third-party SDK List

SDK name: Bugly SDK

SDK provider: Shenzhen Tencent Computer Systems Co., Ltd.

Scenarios: UBR App IOS & Android version

Type of collected personal information: users’ device information (phone model, system version, root status, storage status, SD usage, memory usage, CPU architecture, Rom details, download channel)

Purpose of collecting personal information: Identifying and reporting bug issues for trouble shooting

SDK provider’s privacy policy (may be updated from time to time by such SDK provider): https://privacy.qq.com/

SDK name: Tencent Map SDK

SDK provider: Tencent Cloud Computing (Beijing) Co., Ltd.

Scenarios: UBR App iOS & Android version, and WeChat Mini-program

Type of collected personal information: users’ location

Purpose of collecting personal information: providing location services such as navigation

SDK provider’s privacy policy (may be updated from time to time by such SDK provider): https://privacy.qq.com/

SDK name: Tencent QCloudAIVoice SDK

SDK provider: Tencent Cloud Computing (Beijing) Co., Ltd.

Scenarios: UBR App iOS & Android version, and WeChat Mini-program

Type of collected personal information: voice messages uploaded by users

Purpose of collecting personal information: Improving users’ experience by providing services such as translation, Q&As, etc. via voice recognition technology

SDK provider’s privacy policy (may be updated from time to time by such SDK provider): https://privacy.qq.com/

SDK name: Tencent TPNS SDK

SDK provider: Shenzhen Tencent Computer Systems Co., Ltd.

Scenarios: UBR App iOS & Android version, and WeChat Mini-program

Type of personal information collected: device information

Purpose of collecting personal information: message push

Website: https://cloud.tencent.com/product/tpns

SDK provider’s privacy policy (may be updated from time to time by such SDK provider): https://cloud.tencent.com/document/product/548/50955

SDK name: Gaode MAMapKit

SDK provider: AutoNavi Software Co., Ltd.

Scenarios: Alibaba Mini Program

Type of collected personal information: users’ location

Purpose of collecting personal information: providing location services such as navigation

SDK provider’s privacy policy (may be updated from time to time by such SDK provider): https://lbs.amap.com/home/privacy/

SDK name: TalkingData AdTracking SDK

SDK provider: Beijnig Tendcloud Tianxia Technology Co., Ltd.

Scenarios: UBR App iOS & Android version, and WeChat Mini-program

Type of collected personal information: device unique identifier, system version information, application information (SDK host application package name, version number, etc.)

Purpose of collecting personal information: mobile advertising monitoring, transaction data statistics and cheating prevention

SDK provider’s privacy policy (may be updated from time to time by such SDK provider): https://www.talkingdata.com/privacy.jsp?languagetype=zh_cn

SDK name: OPPO Push SDK

SDK provider: Guangdong OPPO Mobile Telecommunications co., Ltd.

Scenarios: UBR App Android version

Type of collected personal information: device information

Purpose of collecting personal information: message push

SDK provider’s privacy policy (may be updated from time to time by such SDK provider):

https://open.oppomobile.com/new/developmentDoc/info?id=10288

SDK name: Weibo SDK

SDK provider: Beijing WeiMengChuangKe Network Technology Co., Ltd.

Scenarios: UBR App iOS & Android version

Type of collected personal information: device information

Purpose of collecting personal information: sharing content to Weibo App

SDK provider’s privacy policy (may be updated from time to time by such SDK provider): https://open.weibo.com/wiki/Sdk/privacy

SDK name: Xiaomi Push SDK

SDK provider: Xiaomi Technology Co., Ltd.

Scenarios: UBR App Android version

Type of collected personal information: device information

Purpose of collecting personal information: message push

SDK provider’s privacy policy (may be updated from time to time by such SDK provider): https://dev.mi.com/console/doc/detail?pId=1822

SDK name: Alipay SDK

SDK provider: Alibaba Cloud Computing Co., Ltd.

Scenarios: UBR App iOS & Android version

Type of collected personal information: device information

Purpose of collecting personal information: provide Alipay payment service

SDK provider’s privacy policy (may be updated from time to time by such SDK provider): https://opendocs.alipay.com/open/54/01g6qm

SDK name: Tencent Browsing Service SDK

SDK provider: Shenzhen Tencent Computer Systems Co., Ltd.

Scenarios: UBR App iOS & Android version

Type of collected personal information: device information, application information, Wi-Fi status

Purpose of collecting personal information (may be updated from time to time by such SDK provider): provide web browsing service

SDK provider’s privacy policy (may be updated from time to time by such SDK provider): https://opendocs.alipay.com/open/54/01g6qm

(8) Other Sharing

We may share information about you along with a hashed or masked identifier, with third-parties so they may better personalize your experience with them and the offers they send to you.

If you are affected by a safety or security incident (e.g., if you suffer an injury or illness, or you lost your belongings) during your visit to our properties, we may collect the incident-related data for incident response purposes. To provide you with appropriate assistance that you may need, we may also share such data with third-parties such as first-aid clinic, hospital or police station.

With regard to any companies, organizations or individuals we may share personal information with, we will sign strict confidentiality agreements with them, under which we will require them to follow our declaration, this Policy and any other relevant confidentiality and security measures in handling such shared personal information.

2. When we transfer your information

We will not transfer your personal information to any other company, organization or individual, except under the following circumstances:

(1) Transferring information with explicit consent: we will transfer your personal information to other parties upon obtaining your explicit consent; or

(2) In the event that we or our Related Companies are involved in a merger, acquisition, transfer of control, bankruptcy, reorganization or sale of assets, or diligence associated with such matters, we may sell or transfer the information described in this Policy as part of such transaction.

We will require the new company or organization that will hold your personal information to continue observing this Policy. Otherwise, we will require the new company or organization to ask for your authorization and consent separately.

3. When we make public disclosure of your information

We will publicly disclose your personal information (excluding personal biometric identifying information) only under the following circumstances:

(1) After obtaining your explicit consent; or

(2) Disclosure according to applicable laws: we may publicly disclose your personal information as required by laws, under legal procedures, in lawsuits or upon compulsory requirements of competent governmental authorities.

Most of UBR Services are intended for users of all ages. Information about practices of UBR Services directed to children under the age of 14 or where we have actual knowledge a child is under such age can be found in our UBR Children Personal Information Protection Notice.

If you are a parent or guardian and believe your child under age of 14 has provided us with personal information without consent, please contact us through the contact information specified in “CONTACT US” below.

According to relevant laws and regulations, we will ensure you to exercise the following rights in relation to your PI:

1. Access, correct or complete your PI

You have the right to access, correct or complete your PI. You can do so by the following means by yourself:

Logging onto UBR’s App or mini programs, enter "Me"-"Settings"-"Account Linking and Settings" to access, correct or complete relevant information in your personal account.

2. Delete your PI

(1) You can log onto UBR’s App or mini programs, enter "Me"-"Settings"-"Account Linking and Settings" to delete some of your PI;

(2) You can submit a request to delete your PI to us under the following circumstances:

• If our processing of your PI violates laws or administrative regulations;
• If we collect and use your PI without your consent;
• If our processing of your PI breaches our agreement with you;
• If you have de-registered your account;
• If we cease our service and operation;
• Other circumstances provided by laws and administrative regulations.

Unless otherwise provided by laws and regulations, we will delete your PI at your request. When we delete the information from our Services, we might not delete the corresponding information from our backup system immediately, but we will delete it when the backup system is updated.

3. Change the scope of your consent

You can withdraw part of your consent by turning off certain functions of your device, unbinding account, modifying personal settings, and deleting related information. You can also withdraw all your consent to the continuing collection of your PI by de-registering your account.

Please understand that each business function needs some basic PI to work. When you withdraw your consent, we cannot continue to provide you with services corresponding to the withdrawal of your consent and we will stop processing the corresponding PI. However, your withdrawal of consent will not affect the processing of your PI already carried out based on your prior consent.

4. De-register account

You can de-register your previously registered account at any time by the following means by yourself:

Logging onto UBR’s App or mini programs, enter "Me"-"Settings"-"Account Linking and Settings" to de-register your account.

After de-registration, we will stop providing you with any product and/or service. Unless otherwise required by laws and regulations, we will delete or anonymize your PI.

5. Obtain a copy of your PI

You have the right to obtain a copy of your PI by contacting us through the contact information specified in the “X. CONTACT US” section below.

6. Respond to your above-mentioned requests

If you cannot access, correct, complete, delete your PI, change the scope of your consent, de-register your account by the above means, or you want to obtain a copy of your PI or you have other requests, or you believe that our processing of your PI breaches laws, regulation or our agreement with you regarding the collection or use of your PI, you can contact us through the contact information specified in the “X. CONTACT US” section below.

To ensure the safety of your account, we may ask you to verify your identity (for example, you may be required to submit a written request or verify your identity by other means) before processing your request. We will complete the verification and respond to you within 15 working days. If you are not satisfied with our reply, you can file a complaint through the contact information specified in the “X. CONTACT US” section below.

In principle, we will not charge you for your reasonable requests. However, a fee to reflect the cost will be imposed as appropriate on repeated requests beyond reasonable scope. As for repeated requests that are groundless and require excessive technological means (e.g. developing a new system or fundamentally changing the current practices) to fulfill, bring about risks to others’ legitimate rights and interests, or are downright impractical (e.g. involving information stored on a backup disk), we may reject.

We will not be able to respond to your request under the following circumstances or other circumstances provided by laws and regulations:

• Circumstances which are related to our compliance with the obligations under the laws and regulations;
• Circumstances which are directly related to national security or defense security;
• Circumstances which are directly related to public security, public health or major public interests;
• Circumstances which are directly related to criminal investigations, prosecutions, trials and enforcement of court decisions, etc.;
• Circumstances where we have sufficient proof that you have subjective malice or that you misuse your rights；
• Circumstances which are for the purpose of safeguarding life, property and other important legal rights and interests of yourself or other individuals but it is difficult to obtain the consent;
• Responding to your request will cause serious harm to your legitimate rights and interests, or those of other individuals or organizations;
• Circumstances involving trade secrets.

1. Cookies and Similar Technologies

We, and our service providers, advertisers, and other partners, use cookies and similar technologies (e.g., HTTP cookies, HTML 5, flash local storage cookies, web beacons, GIFs, embedded scripts, ETags/cache browsers, and software development kits) to recognize you and/or your device(s) on, off and across different UBR Services and devices. For more information about the use of cookies on the UBR Services (including your opt-out options), please see Cookies and Tracking Technologies Policy..

2. Mobile App and Connected Devices

Depending on the device you use, you may be able to manage your advertising and location preferences through your device settings and as outlined in our Cookies and Tracking Technologies Policy. Many operating systems provide their own instructions on how to prevent the delivery of tailored in-application advertisements. We do not control how the applicable system operator allows you to manage personalized in-application advertisements. You should review your device manufacturer’s support materials and/or the device settings for the respective operating systems for more detail on how to manage such preferences.

You can stop all collection of information by uninstalling the App.

3. Third-Party Online Services

UBR Services may contain links to third-parties’ websites or services. These sites (even if branded as UBR) may collect information of you when you visit them and use such information in accordance with their own privacy policies and terms of use. We do not endorse or control those third parties’ policies or practices.

Where UBR collects personal information on a co-branded website or service, we will provide a link to our Policy as appropriate.

We maintain organizational, technical, and physical safeguards to help protect the information we collect and use. These safeguards vary depending upon a variety of factors including the sensitivity of the information we collect and use.

We will keep your information for only as long as it is necessary to fulfill the purposes described herein, unless a longer retention is required or permitted by law. We may delete or anonymize your information sooner if we receive a verifiable deletion request, subject to exemptions under applicable laws. The retention period that applies to your information may vary depending on the UBR Services you use and how you interact with them. Some UBR Services may provide additional details on their data retention practices, and we encourage you to check the relevant terms and/or FAQs.

In principle, the information we collect and generate within the territory of People's Republic of China will be stored within the territory of People's Republic of China.

The fact that we provide our products or Services through our worldwide resources and servers means that when we have obtained your authorization and consent, your personal information might be transferred to other jurisdictions outside the territory of the country or region where you use our products or Services, or be accessed by these jurisdictions. This is necessary to provide our Services and for the purposes outlined in this Policy. Data privacy laws vary from jurisdiction to jurisdiction and may not be equivalent to, or as protective as, the ones in your jurisdiction. We take steps to ensure that reasonable safeguards are in place with the aim to ensure an appropriate level of protection of your information, in accordance with applicable laws. These measures include data transfer agreements. By providing us with your information, you acknowledge any such transfer, storage or use.

We reserve the right to amend this Policy at any time to reflect changes to our practices or applicable laws. We will make the revised Policy accessible through UBR Services. Please check the UBR Services periodically for updates.

The date at the top of the Policy indicates when it was last updated. If we make material changes to the way we collect or use your information, we will provide you with an appropriate notice, including but not limited to, by posting the updated Policy on this website, and providing notice in accordance with legal requirements. Any changes to this Policy will become effective when the revised Policy is posted. By continuing to use the UBR Services following any changes to this Policy, you acknowledge you have read and understood such updated Policy, and you understand that we will collect, use, and share the information as stated therein.

We have set up a specific department in charge of protecting personal information (or specialists in charge of protecting personal information). If you have any concerns, advice, opinions, complaints or information on the Policy, other applicable policies or our personal information protection practices, you can contact us at:

UBRContactUs@universalbeijing.com, or BOH #805, 2F UBR Legal Department, 101121, Universal Beijing Resort, Courtyard No.6, Resort North Street, Tongzhou District, Beijing, Attn: UBR Personal Information Protection Working Group.

According to applicable laws and regulations, we will accept and process your request within 15 working days.

If you are not satisfied with our reply, please contact us in time and we will reply as soon as possible.

We have separate policies for workforce data. Please see our Candidate Personal Information Protection Policy to find out more about the information we collect during our recruitment process.