Last Updated: 20 July 2023
Effective date: 20 July 2023
The following section will help you understand how we collect, store, process, transfer, share and protect personal information; help you understand how to access, copy, delete, correct, or withdraw authorized personal information. Please pay special attention to the terms and conditions, which are bolded.
2.How we collect and use your information
4.How we store your information
5.How we protect your information
6.How we share, transfer, or disclose your information
7.How you manage your information
Personal information: all kinds of information related to identified or identifiable natural persons recorded electronically or by other means, excluding anonymized information.
Sensitive personal information: personal information that, once leaked or illegally used, may easily lead to the infringement of a natural person’s human dignity or endanger the safety of their person or property, including biometric, religious beliefs, specific identity, medical and health care, financial accounts, location information, as well as the personal information of minors under 14 years.
Employer: an organization that uses Gaia’s products and services under a contract. Employers can register business accounts on behalf of their employees by obtaining the employees’ authorization.
Enterprise users: users invited by the employer and have obtained the employer’s authorization to use the platform as members of the employer.
Individual users: refers to users who independently register and Gaia products.
De-identification: is the technical method to process personal information so that the owner of the personal data cannot be identified without the help of additional information.
Anonymization: is the technical method to make the owner of personal information unrecognizable, and the processed data cannot be recovered.
Unless otherwise agreed, the definitions used in this Policy have the same meaning as those in the Gaia User Service Agreement.
2.How we collect and use your information
2.1Information we collect
When you use our products or services, we need/may need to collect and use your personal information including the following two types:
1.In order to provide you with the basic functions of our products or services, you must authorize us to collect and use the necessary information. If you refuse to provide the corresponding information, you will not be able to use our products and/or services normally.
2.In order to provide you with additional functions of our products or services, you can choose to individually agree or disagree with the information we collect and use. If you refuse to provide it, you will not be able to use the relevant additional functions or achieve the functional effects we intend to achieve, but will not affect your use of our basic functions.
We hereby remind you in particular, we provide labor management and related services. However, due to the diverse needs of enterprises or users, the product functions/service ranges that different enterprises/users choose to use are different, so basic/additional functions and corresponding collection and use the type and scope of personal information will be different, please refer to the specific product/service function.
The specific functional scenarios we will provide you with include:
2.1.1During your use of this application, the relevant scenarios of the information obtained from you are:
- Upload avatar, you can upload any suitable local image information as your avatar. This function obtains the album/file storage permissionof your device，read the contents of your device memory card and collects your image information or get permission to take photos with your device’s camera, but this function is optional. Not uploading avatar will not affect you use basic functions.
- Real-name authentication, real-name authentication can be carried out in two forms if applicable: a. ID card authentication method b. Bank card authentication method. During the real-name authentication process, you need to collect your name, ID number, mobile phone number, and/or bank card number information if applicable.However, this authentication function is optional. Failure to perform real-name authentication does not affect your use of basic functions.
- Change your password or forget your password,when you forget your password or actively change your password, we need to collect your mobile phone number information to verify that this operation is yours. If you do not provide your mobile phone number information, we cannot provide you with password modification services.
- Time attendance check-in, when you use the check-in service, depending on the check-in method, we will obtain different permissions or information. If you choose to use geographic location to check in, we need to read your GPS location information and WIFI access point andWIFI status information. If you choose to use geographic location to check in, we will collect the Bluetooth information of your device. If you refuse to enable those permission, we will not be able to provide you with related services. But it does not affect your use of other functions.
- My Schedule, when you use the function, we need to read the calendar information of your deviceand obtain the permission to add, modify, and delete the calendar in the app. If you refuse to authorize, we cannot provide you with related services. But does not affect your use of other functions.Contact customer service, when you use the contact customer service function in the program, we need to obtain your permission to make calls and manage calls. If you refuse to provide this permission, we cannot directly call customer service for you. But it does not affect your use of other functions.
- Push notifications,push notifications are required when a new message arrives. We need to obtain notifications and push permissions from your device, and turn on your self-start service If you refuse to provide this permission and turn off it, we will not be able to push messages to you through the App. But it does not affect your use of other functions. You can find the turn off button from the way: Setting- Application-Self Start Management module.
- Parental leave,for parental leave, when you apply for parental leave (the exact name of the leave is shown in the system), we will need to obtain the date of birth of your child(s) and, at your employer’s request, you may also need to provide proof of this. If you refuse, we will not be able to assist you and your employer in completing the parental leave application process on the Platform. But does not affect your use of other functions.
2.1.2To maintain the proper functioning of our software and services, optimize the experience of our services, protect the security of your account, or comply with applicable laws and regulations. we may collect the following information from you.
- To ensure the safe operation of the services, the application background will collect your device information, including:
- device identifier like IMEI, IDFA, Android ID, MAC address, OAID, IMSI, and other related information.
- application information like application crash, notification switch status.
- device parameters and system information like device type, model, operating system and hardware.
- user network information like IP address, WIFI status information and other related information.
- To prevent malicious programs and necessary for secure operations, we collect the information on the installed app, running processes, overall function, usage and frequency, app crashes, installation and usage, performance data, and app sources.
- We may use your account information, device information, service log information, and information that our affiliates and partners are authorized by you or are legally allowed to share to determine account security, authenticate, detecting and prevent security incidents.
2.1.3In order to meet the needs of different business scenarios and ensure that users can use Gaia’s products or services normally, we will store and process the user’s personal information provided by the data controller. However, due to differences in business requirements, we may store the following parts or all following information, and not limited to the following information:
Basic personal information includes name, birthday, gender, address, phone number, profile picture or image, email address, ethnicity, nationality, family relationship, etc.
Identification information, such as ID number, passport, etc.
Work-related information includes occupation, position, department, supervisor, work location, education, work experience, training certificates, contract information, etc.
Financial information includes bank account numbers, salary-related information, etc.
Biometric information includes fingerprints, facial features, etc.
Health information includes sick leave slips, body temperature (only for the health reporting during the pandemic), etc.
2.2 Purpose changes to data collection and usage
Please be aware that we may adjust and change our products’ features and services as our business grows. In principle, we will not inform you further and obtain your consent when new features or services are related to those we currently provide. The collected information will be directly or reasonably associated with the original purpose of processing. If the collected data is not directly or reasonably related to the original purpose, we will again inform you and obtain your consent when we collect such information.
2.3 Personal information exempt from consent for collection and use
Please understand that we may collect and use your personal information without your authorization according to the laws, regulations, and relevant national standards in the following situations.
- Necessary to enter into or perform a contract at the request of you or your business;
- Necessary for the performance of legal duties or obligations (e.g. we may share your personal information in accordance with laws and regulations, necessary for dispute resolution such as litigation or as required by administrative or judicial authorities in accordance with the law)
- Necessary to respond to public health emergencies or to protect the lives, health and property of others in an emergency;
- To handle personal information within a reasonable range for the implementation of news reporting, public opinion supervision, etc. in the public interest
- Handling personal information that you have disclosed on your own or other personal information that has been legally disclosed within a reasonable range (such as personal information that has been legally disclosed through legitimate news reports, government information disclosure, etc.)
- Other circumstances as stipulated by laws and regulations.
3.How we use Cookie & similar technologies
3.1To ensure safe and efficient products and services
We may set authenticated and secure Cookies or anonymous identifiers to enable us to confirm that you securely log into the services or that you encounter theft, fraud, or other wrongdoing. These technologies will also help us improve service efficiency and login/response speed.
3.2Better access experience
Using such technologies can help you avoid repeating the steps to fill out your personal information, set your preference, and enter search content (examples: search history, form filling, multilingual selection).
3.3How to clear Cookie
Most browsers support clearing the browser’s cached data. You can remove the data in the browser settings. If you clear the data, you may not use our services or corresponding features that rely on Cookies to function properly.
4.How we store your information
We store your personal information in the People’s Republic of China, which is collected in China in accordance with laws and regulations. However, to meet your employer’s needs, we may be required by contract to transfer your information overseas after your employer has expressly informed you of this. If we do so, we do comply with the terms of the contract and applicable regulations.
For enterprise users, we will keep your personal information during your use of our Platform under the terms of your employer’s contract. When you terminate the use of the Platform, we will delete or anonymize your information as required by the terms and conditions of the contract, unless otherwise required by laws and regulations for the retention period of specific information. If we stop the Platform service, we will delete or anonymize your personal information immediately according to the applicable laws and contract terms.
5.How we protect your information
5.1We take the security of your personal information as our highest priority. We will endeavor to take reasonable measures (both technical and administrative) to protect your personal information from improper use or unauthorized access, disclose, use, modification, damage, loss, or leakage.
5.2We will use encryption technologies, anonymization, and other reasonable means to protect your personal information and use a mechanism to prevent malicious attacks on your personal information.
5.3We set up a special security department, security management system, data security process to ensure your information security. We adopt a strict approach to data use and access to ensure that only authorized personnel access your personal information. We conduct security audits of data and technology from time to time.
5.4Gaia has met the requirements of authoritative standards such as ISO/IEC 20000, ISO/IEC 27001, and Network Security Level Protection (Level III) and has obtained the corresponding certificates. We also have obtained the SOC 2 TYPE II authentication report.
5.5The standards required by the relevant laws and regulations have been complied with; please understand that due to technical limitations and the possibility of various malicious means, it is not always possible to guarantee 100% security of information, even with all efforts to strengthen security measures. However, reasonable and effective steps have been taken as described above. We will try our best to ensure your information security.
5.6You acknowledge and understand that when you access our services, the systems and communications networks may be compromised by factors beyond our control. Therefore, we strongly recommend that you take active measures to protect the security of your personal information, including but not limited to using complex passwords, regularly changing passwords, and not disclosing your account password and relevant personal information to others.
5.7We have established emergency response plans. When a security incident occurs, we will immediately launch emergency response plans and strive to prevent the impact and consequences of these security incidents from expanding. Once the security incident (leakage, loss) occurs, we will comply with the laws and regulations and data processing standards stated in the contract, and timely inform you (or your employer) of the basic situation, possible impact, the measures we have taken or will take, the advice of preventing or reducing risks, and remedies for you. We will inform you of the incident by notifications, email, letter, SMS, or other channels. If it is difficult to inform one by one, we will make an announcement properly. Moreover, we will report the security incident as required by relevant regulatory authorities.
5.8When you leave Gaia and relevant services and browse or use other sites, services, or content, we will not be able to or obligated to protect your software, personal information submitted to other sites, regardless of whether the above software or sites you login, browse or use is linked to Gaia or directed by Gaia.
6.How we share, transfer, or disclose your information
We do not share your personal information with companies, organizations, and individuals outside of Gaia and its affiliates, except for the following:
1.Sharing with your consent: we may share your information with other parties after obtaining your explicit consent.
2.The personal information shared is anonymized and processed, and the owner of such information cannot be re-identified by the sharing third party.
3.Sharing under legal circumstances: we may share your information with the public in accordance with laws and regulations, litigation, dispute resolution needs, or as requested by administrative or judicial authorities according to the relevant law.
4.Sharing by yourself: Only by sharing your personal information and personal sensitive information. Then we can provide you with third-party products or services that you request. In the Gaia service, the scenarios you can choose third-party services and share information with the third-party are:
- Email and SMS sending services.When you choose to use email notifications or receive verification codes through your mobile phone number, we need to call SendCloud a third party to provide you with sending services. At this time, you need to share your receiving email address with the service provider. Mobile phone number and message content. SendCloud service agreement: https://sendcloud.sohu.com/#/friendlyLink?tab=protocal
- Message push service.When you choose to enable the message push service, Gaia will use the Jiguang push service to help trigger the message. The service will call the message push SDK such as Huawei and Xiaomi. At this time, you need to share your device information with the service party.
- OCR content recognition. When you choose to use automatic recognition image information, such as recognizing the information from your bank card or ID card, you need to use OCR content recognition service from Shanghai Hehe Information Technology Co., Ltd..This service needs to obtain your images which will be recognized.
- Geographic location services. When you choose to use GPS to check in, we will share your GPS information with third-party location service providers so that you can return location results.
- Wallet function. When you choose to use the wallet function, our partner will provide you with services, and the service party will collect financial information within the necessary limits. The actual service shall prevail.
- Face punch function, when you choose to use face punch function, we will collect your face picture, and share the picture to the third party Tencent Cloud Computing (Beijing) Co., Ltd. for face recognition, in order to confirm whether the punch user is the target user.
We will carefully evaluate the purpose of third parties’ use of shared information, conduct a comprehensive assessment of the security capabilities of these partners, and require them to follow legal agreements.
5.The third-party SDK collects and uses information
In order to ensure the stable operation of the application or to achieve the relevant functions, we may access the software development kit (SDK) provided by third parties to achieve the aforementioned purposes. We will exercise due diligence and conduct strict security monitoring of the software tool development kits (SDKs) from which our partners obtain information to protect data security.
The third-party SDKs we access primarily serve the needs of you and the business you represent, so we may adjust the third-party SDKs we access to meet new service requirements and changes in business functionality, and we will keep you informed of the latest status of the third-party SDKs we access in this note. Please note that the third-party SDKs may have some changes in the type of data processing due to their version upgrade and policy adjustment, etc. Please refer to their published official descriptions.
Huawei Push SDK
Operator: Huawei Software TECHNOLOGIES Co., Ltd..
Purpose of use: used to push messages to Huawei mobile phone users
Collected data type: Basic application information, device identifiers within the application, hardware information of the device, basic system information and system setup information
Xiaomi Push SDK
Operator: Beijing Xiaomi Mobile Software Co., Ltd.
Purpose of use: used to push messages to Xiaomi mobile phone users
Types of collected data: IMEI/OAID (applicable to systems above Android Q), IMEI MD5/MEIDMD5, Android ID, VAID, AAID, and your MID (applicable to MIUI systems), device model, Wi-Fi information, device information (BSSID, SSID), running application list information
VIVO Push SDK
Operator: Vivo Mobile Communication Co., Ltd.
Purpose of use: used to push messages to VIVO mobile phone users
Collected data type: Device identification information (e.g. IMEI, EmmCID, UFSID, ANDROIDID, GUID, GAID, OPENID, VAID, OAID, RegID, encrypted Android ID), application software information using push services (e.g. app package name, version number, APPID, install, uninstall, restore factory settings, running status), device manufacturer, network type, country code, device type
OPPO Push SDK
Operator: Guangdong Huantai Technology Co., Ltd.
Purpose of use: used to push messages to OPPO mobile phone users
Collected data type: device identifier (OAID, VAID, AAID, UDID), device related information (IMEI, Serial Number, IMSI, User ID, Android ID, Google Advertising ID, mobile phone region settings, device model), application information that use push services, network related information(such as IP or domain name connection result, current network type), notification bar status (such as notification bar permission, user clicking behavior)
Meizu Push SDK
Operator: Meizu Telecom Equipment Co., Ltd.
Purpose of use: used to push messages to Meizu mobile phone users
Collected data type: Device related information, such as phone brand, phone model, system version, system language, as well as device identifier and status information of the switch for third-party applications to receive push messages
Gaode Open Platform Positioning SDK
Operator:Amap Software Co., Ltd.
Purpose of use: Help users to achieve time attendance check-in based on location.
Collected data types: location information (GNSS information, IP address, Wi-Fi hotspot, base station information, Bluetooth devices, and other positioning sensors information), device information (unique identifier (IDFV, OAID, IMEI, MEID, IMSI), mac address, operating system version, device brand, model, device configuration, operator type name, code, application information (application name, version number)), Wi-Fi information, running application list information, mobile phone storage permission
Google Service Framework SDK
Purpose of use: overseas users use Google push
Collected data type: equipment identification information (IDFV, OAID, IMEI, MEID, IMSI, etc.)
Official website link: https://firebase.google.com/
Aurora Push SDK
Operator: Shenzhen Hexun Huagu Information Technology Co., Ltd.
Purpose of use: Provide information push service for mobile application usersoperation of the system
Collected data type: SN, ICCID, SIM information): used to identify unique users, ensure accurate delivery of push and accurate statistics of push messages; network information (IP address, WiFi information, base station information, DNS address, DHCP address, SSID, BSSID) and location information (latitude and longitude): used to optimize the network connection request between SDK and Aurora server, ensure the service stability and continuity of the service, and at the same time realize the regional push function; application list information (application crash information, notification switch status, APP application list and active status, APP application page information, APP function event related information): when a device has multiple APP push links active at the same time, we use the merge link technology to randomly merge into a single link to achieve the purpose of saving electricity and Push log information: so that developers can query the use of push service records, understand the situation of push information delivery, and adjust the push strategy.
Tencent Browsing Service SDK
Operator: Shenzhen Tencent Computer System Co., Ltd.
Purpose of use: Help users improve the experience of loading web pages in the application
Collected data type: device information (IMSI, device model, operating system, CPU type)
Operators: Beijing Ruixunlingtong Technology Co., Ltd., Youmeng Tongxin (Beijing) Technology Co., Ltd., Zhejiang Alibaba Cloud Computing Co., Ltd., Beijing Diyuanxin Internet Data Technology Co., Ltd., etc.
Purpose of use: statistical analysis, social sharing
Data collection type: device information (IMEI/Mac/Android_ID/IDFA/OPENUDID/GUID/SIM card IMSI/IP address/geolocation), WLAN access point (such as SSID, BSSID), application list, device number
6.1.2 Shared information for security and analysis statistics
a.Use security: we value the security of accounts, services, and contents. To protect the accounts and property of you and other users and protect our legitimate rights and interest from unlawful infringement, we may share the necessary device, accounts, and log information with our service providers.
b.Analyze product usage: to analyze the usage of our services and improve user experience, we may share the statistical data of product usage (crash, flashback) with the related parties or third parties. Such data is difficult to combine with other information to identify your personal information.
c.Academic research: to improve the scientific ability and promote scientific and technological development, we may share the anonymized data with scientific research institutes, universities, and other institutions.
6.2.1We don’t transfer your personal information to any other third party without your explicit consent.
We will not publicly disclose your information unless required by laws and regulations or with your explicit consent. When we disclose your information, we will take security measures that comply with industry standards.
6.4 Personal information exempt from obtaining consent to share, transfer or disclose
Please understand that we may share, transfer, or disclose your personal information without your authorization by laws, regulations, and relevant national standards in the following situations：
a.Necessary to enter into or perform a contract at the request of you or your business;
b.Necessary for the performance of legal duties or obligations (e.g. we may share your personal information in accordance with laws and regulations, necessary for dispute resolution such as litigation or as required by administrative or judicial authorities in accordance with the law)
c.Necessary to respond to public health emergencies or to protect the lives, health and property of others in an emergency;
d.To handle personal information within a reasonable range for the implementation of news reporting, public opinion supervision, etc. in the public interest
e.Handling personal information that you have disclosed on your own or other personal information that has been legally disclosed within a reasonable range (such as personal information that has been legally disclosed through legitimate news reports, government information disclosure, etc.)
f.Other circumstances as stipulated by laws and regulations.
According to the laws and regulations, if the personal data has been anonymized and the data recipient cannot recover and re-identify the owner of personal information, we will not inform you and obtain your consent when processing such information.
7.How you manage your information
7.1How to access and copy your information
You can view your information, such as profile picture, name, department, birthday, phone number, etc., through the function module [My] on the mobile Gaia system, or log in to the website of Gaia system and view your information in [Personnel Information].
If you need to copy your personal information out of Gaia’s platform, you can use the [Personnel Information] export function or request your employer, and Gaia will cooperate in responding to your request.
7.2How to correct and add your personal information
You can upload or change your profile picture in [My]. To correct or supplement other personal information, you need to submit a request to your employer to correct or supplement the information that the administrator will handle.
7.3How to delete your personal information
You can cancel your account in [My] – [Settings] – [Account & Security]. Since we are the data processor, if you are an enterprise user, we will simultaneously notify your employer after you make a request to cancel your account. After verifying your user identity, we will process your request and cancel your account within fifteen working days. After account cancellation, your personal information in the Platform will be deleted or anonymized, except as otherwise provided by laws and regulations.
After you decide to terminate your use of the Platform, you need to apply to your employer simultaneously, and the enterprise user administrator will process your account for deletion.
7.4How to withdraw your authorization consent
7.5Your relatives’ right to search, copy, correct and delete
If we cease operations, we will promptly terminate the activities of collecting your personal information, notify you of the cessation of operations by individual delivery or announcement, and delete or anonymize the personal information about you.
- Our websites, products, and services are not intended for children.
b.We do not knowingly collect personal data from children without parental/ guardian consent. If a child’s data is collected with prior parental consent, we will only use or disclose the data as permitted by law, with the explicit consent of the child’s parents or guardians, or when necessary for the protection of the child. If we accidentally collect a child’s data without verified prior consent from the child’s parents, we will endeavor to delete the data as soon as possible.
c.If you have any concerns about your children’s data, please contact us via firstname.lastname@example.org.
b.We publish an updated version on Gaia Platform and notify you via our website (https://www.gaiaworks.cn/) or other means before the changes become effective.
c.For significant changes, we will also provide a more prominent pop-up alert notification and get your feedback again. Significant changes include:
- Significant changes to the business model of the product. Such as the purpose of processing personal information, the type of personal information processed, and the way personal information is used;
- Changes in the main subject of personal information sharing or public disclosure;
- Significant changes in the rights of users’ personal information and the manner of its exercise;
- When there is a change in the contact information and complaint channels of the person in charge of handling personal information protection.
- Contact us
If you have any concerns or complaints, please contact us by using the email address email@example.com or by postal mail sent to
Information Security Department
3rd floor, Building 1, No 209 Zhuyuan Road, New District, Suzhou.
We will review the issue as soon as possible and respond within fifteen (15) working days after verifying your user identity.