Beijing Qiancheng Hexin Human Resources Co., Ltd. ("we," "our," or "us") collects information to provide and improve our services. This includes:
Personal Information: Name, email address, phone number, mailing address, and other contact details you provide when registering or using our services.
Business Information: Company name, job title, industry, and other business-related information for enterprise clients.
Technical Data: Device type, operating system, browser type, IP address, and usage patterns when accessing our websites or mobile applications.
Mobile Application Data: Employee management data, attendance records, payroll information, and other HR-related data you process through our applications.
Location Data: With your consent, we may collect location information for attendance tracking and workforce management purposes.
How We Use Your Information
We use collected information for the following purposes:
Providing, maintaining, and improving our human resources services and mobile applications
Processing payroll and managing employee records for our enterprise clients
Facilitating attendance tracking and time management
Delivering customer support and responding to inquiries
Sending service-related notifications and updates
Analyzing usage patterns to enhance user experience
Complying with legal obligations and regulatory requirements
Protecting against fraud, unauthorized access, and other security threats
International Data Transfers
As a global enterprise, your information may be transferred to and processed in countries outside your residence, including but not limited to:
China: Our primary data centers are located in Beijing, China
United States: For North American operations and certain cloud services
European Union: For European clients to ensure compliance with GDPR
Singapore: For Asia-Pacific regional operations
When transferring data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or adequacy decisions as required by applicable law.
Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specifically:
Account Data: Retained while your account is active and for 3 years after account closure
HR Records: Retained for 7 years after employment termination as required by applicable labor laws
Mobile App Data: Retained according to your organization's data retention policies
Analytics Data: Anonymized and aggregated data retained for up to 5 years for improvement purposes
Children's Privacy
Our services are not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately at support@qianchenghx.com.
For applications and services that may be used by educational institutions, we comply fully with:
COPPA (Children's Online Privacy Protection Act): For US users under 13
GDPR-KR: For South Korean users under 14
Piwik PRO: Age verification requirements for applicable jurisdictions
Data Security
We implement industry-standard security measures to protect your information, including:
End-to-end encryption for sensitive data transmission
Multi-factor authentication for account access
Regular security audits and penetration testing
Role-based access controls and data segmentation
ISO 27001 compliant security infrastructure
Incident response and breach notification procedures
Data Sharing & Disclosure
We may share your personal information with the following categories of third parties under specific circumstances:
Service Providers
We share data with trusted service providers who assist us in operating our business, including:
Cloud Infrastructure: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform for data storage and processing
Payment Processors: Stripe, PayPal, and regional payment gateways for payroll and billing services
Communication Services: Twilio, SendGrid for email, SMS, and push notifications
Analytics Providers: Google Analytics, Firebase, Mixpanel for usage analytics and insights
Customer Support: Zendesk, Freshdesk for ticket management and support services
Business Transfers
In the event of a merger, acquisition, bankruptcy, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.
Legal Requirements
We may disclose your information when required by law, including:
Responding to lawful requests from courts, law enforcement, or government agencies
Enforcing our terms of service and agreements
Protecting the rights, property, or safety of our company, employees, or users
Complying with international sanctions and export control regulations
Aggregated & Anonymized Data
We may share aggregated, anonymized, or de-identified data that cannot reasonably identify you with third parties for research, marketing, analytics, or industry benchmarking purposes. Such data does not constitute personal information under applicable privacy laws.
Automated Decision-Making & Profiling
We utilize automated systems and algorithms to process personal data for the following purposes. You have the right to understand how these systems affect you and to request human intervention when applicable.
Automated Decision-Making Applications
Our services may include automated decision-making processes, particularly in HR management contexts:
Attendance Verification: Automated systems verify employee check-in/check-out records and flag anomalies for review
Schedule Optimization: AI-powered algorithms generate optimized work schedules based on availability, skills, and workload
Payroll Processing: Automated calculation of wages, deductions, and benefits distribution
Fraud Detection: Pattern recognition systems identify potentially fraudulent activity in timesheets or expense claims
Performance Metrics: Automated aggregation of productivity data for performance evaluations
Profiling & Analytics
We create user profiles to personalize your experience and improve our services:
Usage Profiles: Analyzing feature usage patterns to customize interface and functionality
Workforce Analytics: Aggregated insights about team productivity and engagement trends
Preference Learning: Understanding user preferences for notifications, communication channels, and content
Predictive Analytics: Forecasting staffing needs and resource allocation for enterprise clients
Your Rights Regarding Automated Processing
Depending on your jurisdiction, you may have the following rights:
Right to Human Review: Request that decisions significantly affecting you be reviewed by a human
Right to Express Your View: Provide your perspective before automated decisions are finalized
Right to Contest Decisions: Challenge decisions made solely by automated processing
Right to Explanation: Obtain meaningful information about how automated decisions are made
To exercise these rights, contact us at privacy@qianchenghx.com. We will respond within 30 days with an explanation of the logic involved and the significance of the process.
Data Breach Response & Incident Management
We maintain comprehensive procedures to detect, respond to, and mitigate data breaches. This section outlines our commitment to protecting your information and the steps we take in the event of a security incident.
Our Security Commitments
24/7 security monitoring with automated threat detection systems
Dedicated incident response team available around the clock
Regular security training for all employees handling personal data
Annual third-party security assessments and penetration testing
When a data breach is detected, we follow a structured response process:
Detection & Assessment: Identify and evaluate the scope and nature of the breach within 1 hour
Containment: Implement immediate measures to prevent further unauthorized access or data loss
Investigation: Conduct thorough forensic analysis to determine root cause and impacted data
Remediation: Apply corrective measures and security patches as appropriate
Notification: Notify affected individuals and regulators according to legal requirements
Post-Incident Review: Document lessons learned and update security measures
Notification Timeline
We are committed to providing timely notification about data breaches:
Internal Assessment: Complete initial assessment within 24 hours of breach detection
Affected Users: Notify directly affected individuals within 72 hours where required by law
Regulatory Bodies: Report to relevant supervisory authorities within 72 hours under GDPR Article 33
Public Disclosure: Issue public statements for significant breaches affecting large numbers of users
Notification Contents
Our breach notifications will include, to the extent available:
Description of the nature of the breach
Categories and approximate number of affected data subjects
Categories and approximate number of affected personal data records
Likely consequences of the breach
Measures taken or proposed to address the breach
Contact point for further information
Free Remediation Services
In cases where the breach is likely to result in high risk to your rights and freedoms, we may offer complimentary services such as credit monitoring, identity theft protection, or fraud resolution assistance.
Mobile Application Privacy
Our mobile applications provide specialized functionality for workforce management. This section explains how we handle your data when you use our mobile apps.
App Permissions
Our mobile applications may request the following permissions. All permissions are optional and can be managed through your device settings:
Location (Background): Required for attendance tracking in geo-fenced work zones. We collect location data only during scheduled work hours with explicit employer configuration.
Location (Coarse): Used for identifying nearby office locations and facilitating clock-in/out at designated sites.
Camera: Enables photo capture for employee verification, document scanning, and attendance selfies.
Notifications: Sends push notifications for shift reminders, schedule changes, payroll updates, and important company announcements.
Contacts: Optional access for quick communication with approved colleagues through our internal directory.
Biometric (Face ID/Touch ID): Provides secure authentication alternative to passwords for app access.
Calendar: Syncs work schedules and shift information with your personal calendar app.
Storage: Allows saving documents and offline access to payslips and HR documents.
Background Data Collection
To provide reliable attendance tracking and workforce management, our app may collect certain data in the background:
Location Updates: When enabled by your organization, the app may periodically collect location data to verify attendance within authorized work zones.
Activity Recognition: Motion sensors may be used to detect movement patterns and improve attendance accuracy.
Bluetooth Beacons: Some deployments use Bluetooth beacons for indoor location verification in facilities where GPS is unreliable.
You can disable background location and activity collection at any time through your device settings or app preferences. Note that disabling these features may affect the accuracy of attendance records.
Application Updates
We regularly update our mobile applications to improve functionality, fix bugs, and enhance security:
Automatic Updates: Critical security updates may be installed automatically without explicit user consent to ensure protection.
Feature Updates: New features and improvements are rolled out with user-visible update notifications.
Policy Updates: Privacy policy changes will be communicated through in-app notices requiring acknowledgment.
Minimum Version: Older app versions may be deprecated for security reasons. We provide reasonable notice before ending support for major versions.
App Store Compliance
Our mobile applications comply with the privacy requirements of major app distribution platforms:
Apple App Store: Compliant with Apple's App Tracking Transparency (ATT) framework, providing detailed nutrition labels, and respecting user privacy choices.
Google Play Store: Compliant with Google's Data Safety section requirements, providing clear disclosure of data collection and sharing practices.
Regional Stores: For enterprise distribution and regional app stores, we maintain equivalent privacy disclosures as required.
Enterprise Mobile Device Management
When our app is deployed through enterprise Mobile Device Management (MDM) systems, additional data collection may occur as configured by your organization:
Device compliance status and security posture
App installation and usage statistics
Configuration profiles and policy enforcement
These enterprise management features are controlled by your organization's IT department. Please refer to your employer's internal policies for details on MDM-related data processing.
Legal Compliance
We comply with international privacy regulations including:
GDPR (European Union)
For EU residents, we process personal data under Article 6 legal bases including consent, contract performance, and legitimate interests. You have rights to access, rectify, erase, restrict processing, data portability, and object. Contact our EU Data Protection Officer at dpo@qianchenghx.com.
CCPA (California)
California residents have rights to know, delete, and opt-out of sale of personal information. We do not sell personal information. Submit requests via our contact form or email privacy@qianchenghx.com.
LGPD (Brazil)
Brazilian users have rights under Lei Geral de Proteção de Dados. Contact our Brazil representative for LGPD-related inquiries.
PIPEDA (Canada)
We comply with Canada's Personal Information Protection and Electronic Documents Act for Canadian users.
PDPA (Singapore)
Our Singapore operations comply with the Personal Data Protection Act 2012.
Third-Party Services
Our services may integrate with third-party platforms. When you use our mobile applications, we may share data with authorized ad networks and analytics providers including:
Google AdMob: For displaying advertisements within mobile applications
Facebook Audience Network: For targeted advertising purposes
Unity Ads: For game and app monetization
AppLovin: For advertising and user acquisition
ironSource: For mobile app advertising and monetization
Vungle (by NetEase): For in-app video advertising
Pangle (by ByteDance): For global mobile advertising
Mintegral: For programmatic mobile advertising
Chartboost: For mobile gaming monetization
InMobi: For enterprise mobile advertising
Appnext: For mobile discovery and recommendations
StartApp: For mobile advertising and data analytics
Fyber: For mobile app monetization
AdColony: For mobile video advertising
MoPub (by Twitter): For mobile ad serving
Amazon Ads: For advertising services
These third parties collect and process data according to their own privacy policies. We encourage you to review their privacy practices.
Your Rights
Depending on your location, you may have the following rights regarding your personal information:
Access: Request a copy of personal data we hold about you
Rectification: Request correction of inaccurate or incomplete data
Erasure: Request deletion of your personal data ("right to be forgotten")
Restriction: Request limitation of processing in certain circumstances
Portability: Receive your data in a structured, commonly used format
Objection: Object to processing based on legitimate interests
Withdraw Consent: Withdraw previously given consent at any time
Lodge Complaint: File a complaint with your local data protection authority
To exercise these rights, please contact us at privacy@qianchenghx.com or through our contact form. We will respond within 30 days.
Cookie Policy
We use cookies and similar tracking technologies to enhance your browsing experience. Our websites and applications use:
Essential Cookies: Required for basic site functionality
Analytics Cookies: To understand how visitors use our sites
Advertising Cookies: Used by our advertising partners for relevant advertisements
Session Cookies: Temporary cookies that expire when you close your browser
Persistent Cookies: Remain on your device for set periods
You can manage cookie preferences through your browser settings or our cookie consent manager.
Contact Us
For privacy-related inquiries, data subject requests, or security concerns, please contact our Data Protection Team:
Email:privacy@qianchenghx.com EU Representative:dpo@qianchenghx.com Address: Room 102, 20 meters north of National Highway 101, Tongjunzhuang Village, Shilibao Town, Miyun District, Beijing, 100000, China
We will respond to all legitimate privacy requests within the timeframe required by applicable law.
Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by:
Posting the updated policy on our website with a new "Last updated" date
Sending email notifications to registered users
Displaying in-app notifications for mobile application users
Requesting renewed consent where required by law
We encourage you to review this policy regularly. Continued use of our services after changes constitutes acceptance of the updated policy.