Introduction 

Welcome to KIMIYA.AI, a platform by Innocorn Technology Limited offering AI-related products and services, both through our own offerings and third-party solutions. 

Innocorn Technology respects the privacy rights of its website visitors. This privacy policy outlines how we collect, store, and use your personal data when you browse our website or provide information through forms or documents during our activities or programs. Alongside any specific terms and conditions included in these forms, this policy details the types of personal data we collect, how we utilize it, and your rights regarding its use.

We prioritize your personal data security and strive to create a safe online environment. This Privacy Policy outlines how we collect, use, store, share, transfer, and process your personal information related to our products and services. Additionally, it details your rights to access, correct, supplement, and delete your data. To enhance clarity, we’ve used straightforward language and included definitions of key terms in “Appendix 1: Definitions of Key Terms.”

Please note that this Privacy Policy does not apply to the services with which any third party using our products/services (e.g., our API) provides its end users. If a third party, as a personal information processor, presents, links or repackages our products/services and then offers products and services to its end users, the end users shall comply with the privacy policy of the third party. We are unable to understand or control the purpose for collection and use of personal information by the third party, the end users shall carefully review and cautiously access or use such third-party services.

You must carefully read and fully understand this Privacy Policy before using Kimiya.AI products and services, especially the clauses highlighted in bold, and acknowledge that you have fully understood and agreed to this Privacy Policy before using the relevant products or services. You can contact us using the contact details (info@innocorn.com.) published by KIMIYA.AI if you have any questions about this Privacy Policy. If you disagree with the terms of this Privacy Policy, you shall stop using the Kimiya.AI products/services immediately.

We respect your right to privacy and will only process the personal data you provide to us in compliance with the requirements of the Personal Data (Privacy) Ordinance in Hong Kong or the Personal Data Protection law (Law No. 8/2005) in Macau, as applicable in your jurisdiction.

This Privacy Policy will help you understand the following: 
•    I. How we collect and use your personal information 
•    II. How we use Cookies and similar technologies 
•    III. Authorization and consent of end users 
•    IV. How we share, transfer or disclose your personal information 
•    V. How we store your personal information 
•    VI. How we protect your personal information 
•    VII. How you exercise the rights in personal information 
•    VIII. How we process children’s personal information 
•    IX. How we update and revise this Privacy Policy 
•    X. How you contact us 
•    XI. Other legal basis for processing your personal information (only for EEA) 
•    Appendix 1: Definitions of Key Terms 

 
I. How we collect and use your personal information 
 
(I)    We collect and use your personal information to perform essential functions of our platform. Below is a detailed list of these functions and the necessary information for each, which we will collect only with your consent.

a.    Registration Information: To register or log in to your account, you must provide your email address or phone number and password. Alternatively, you can register using a third-party account, in which case we will collect your third-party account information. If you register as a corporate user, you may provide additional information such as your name, work email, position, and company name. By registering on the KIMIYA.AI platform, you agree to use your Kimiya account credentials to access the platform’s products and services, and you accept the Kimiya platform's Privacy Policy.

b.    Payment Information: When you use our paid services or products, we collect your order information, billing address, billing contact for your KIMIYA.AI account, and payment details to process payments and send invoices.

c.    Usage Information: When you use our products or services, we collect any personal information contained in the [input content, uploaded files, or feedback] ("Input Information") you provide to tailor the output to your needs. Without this information, you cannot access our services or products. We do not retain Input Information that can identify you, nor do we create user profiles based on it. If you choose to use voice input, you must grant microphone permissions; otherwise, voice input will be unavailable.

d.    Communication Information: If you contact us by means of communication, we may collect your [name, contact information, and any messages you send to us during the communication (“Communication Information”)] in order to verify your identity and solve the problems you raise. 

e.    Technical Information: When you browse or log in to use our products/services, we may collect your user-side system time, time zone, and IP address. By doing so, we can count user traffic based on user-side system time, time zone, and IP address and conduct data analysis to keep our system secure. 

f.    Service Data: When you use our "WorkSpace" service, we will collect your [operational behavior data and conversation data using Bot]. You agree that the Bot creator used in the "Workspace" has the right to view all the conversation data of your Bot use for the Bot creator to optimize and improve its Bot functions. You can choose to refuse, but if you refuse, you will not be able to use this service

g.    Cookie Information: We will collect your [Cookie information] to identify the login user. We will also collect the [browser language type] you select when you use the services, and switch the corresponding website language based on the language you select, so that you can read and use our services. In addition, we collect [User-Agent information] to recognize the [browser type and version] and ensure compatibility with browser API, thereby enhancing your experience when using our platform’s services. 

h.    Aggregated Data: We may aggregate or de-identify your personal and Input Information to prevent identification and use this data to analyze our services' effectiveness, enhancing features accordingly. Occasionally, we will analyze user behavior and characteristics, summarize this data, and share it with third parties or publicly disclose it. Please note that this summary information is not personal information, as it cannot identify individuals, and we will not attempt to re-identify anyone from it.
 
(II)    Your personal information obtained by us from third parties 

a.    Partner Information: We may obtain your personal information from a third party (partner) with your consent. In such case, the third party acts as a data processor (controller) of your personal information, and the type and scope of personal information provided by you to the third party, as well as methods of provision, will be determined by the third party based on its products/services. You shall read the privacy policy and user agreement of the third party in detail. We will process your personal information under mandate from the third party only in accordance with the contract signed by us and the third party. We guarantee that we will process your personal information in strict accordance with the provisions of the contract signed by us and the third party, and applicable laws. 

b. Use of Google user data: To facilitate your use of our services, you can authorize and agree to download the documents on your Google Drive to our server for your use in creating BOT. We will only use this data to provide you with the services you expect. You understand and agree that these documents will be shared with the large language model provider you choose as the "Input Information of users" stipulated in this privacy agreement. We will not use the Google Workspace API to develop, improve, or train generalized AI and/or ML models. 

c.    Public Information: We may obtain and appropriately use publicly available information about you through webpage and other public channels, or obtain from third parties the business information that your company has publicly disclosed, so as to help us better understand our customer base, such as your industry, and the scale and website URL of your company. 

We hereby give you a reminder that if such information cannot identify your personal identity individually or together with other information, it will not belong to your personal information defined by the law; if your relevant information can identify your personal identity individually or together with other information, or we use any data that cannot be linked with any specific personal information in combination with your other personal information, such information will be treated and protected as your personal information in accordance with this Privacy Policy during the period of combined use. 
 
 
II. How we use Cookies and similar technologies 

When you use our services, we store small files called Cookies on your device to ensure our website functions properly. Cookies typically contain identifiers, site names, and various numbers or characters. Their main purposes are to enhance your experience with our products and services and to help us track unique visitors. By using Cookies, we can offer personalized services and enable you to customize specific options. When you engage with our products or services, we will send Cookies to your device. Additionally, when you interact with services from our partners, Cookies (or other anonymous identifiers) may be sent to our servers.

We will not use Cookies for any purpose other than as set forth herein. You can manage or delete Cookies based on your preferences. You can clear all Cookies stored on your computer, and most web browsers have the function to block Cookies. Accordingly, if you do this, you may need to change the user settings every time you visit our website, and you may not be able to log in or use the services or functions provided by KIMIYA.AI with reliance on Cookies. 
 
For more information about the types of Cookies we use, reasons and how to control Cookies, please refer to AboutCookies.org. 

III. Authorization and consent of end users 
 
This Section applies to third parties (partners) who are our business partners. You should be aware that you may access/integrate/apply our KIMIYA.AI services into your products/services, and your end users may provide personal information when using your products/services, in which case you, as the data processor (controller) of the end users’ personal information, will at your sole discretion determine the type and scope of personal information collected from end users and processed, and methods of collection and processing, etc., and whether to entrust us to process the personal information about end users provided by you. You acknowledge and agree that we will provide data processing services based on your instructions, but we cannot control/ determine how you collect, use, and provide data belonging to your end users. 
 
By accepting this Privacy Policy and accessing/integrating /applying our products/services into your own products/services, you acknowledge and guarantee that: 
 
1.    you have informed end users of the following and obtained their full, necessary, and explicit authorization, consent, and permission: you will collect and use the end user’s personal information necessary for providing services and entrust us to process their personal information (including its transmission and storage in Singapore). Meanwhile, you shall fully inform end users of the risks involved in such entrusted processing and obtain their express consent; 
 
2.    unless otherwise provided in applicable laws, you have informed end users of the following and obtained their full, necessary, and explicit authorization, consent, and permission: you will allow us to process the personal information with which you provide us and to use the personal information of end users for the purposes and uses as set out in Section 1 hereof subject to applicable laws and regulations. You have fully informed end users of the relevant terms of this Privacy Policy, including presenting this Privacy Policy, its updates, and hyperlinks, among others, to end users. 
 
3.    You have complied with and will continue to comply with applicable laws, regulations, and regulatory requirements, including but not limited to developing and publishing relevant policies regarding the protection of personal information and privacy; 
 
4.    You have provided end users with an easily accessible mechanism to exercise their rights, which describes how and when users can exercise their rights to be informed and make decisions in the processing of your personal information, access and/or copy, correct, and/or supplement their personal information, request us to delete their personal information, request us to make an explanation of relevant personal information processing rules, and also describes the rights of close relatives regarding personal information. When an end user requests exercise of his rights and such request involves our obligations (such as deleting the user’s personal information), you shall give us a notice within a reasonable period of time or ask the end user to notify us thereof, and we will respond to such request in accordance with the provisions of this Privacy Policy, the contract signed by you and us, and applicable laws. 
 
 
IV. How we share, transfer or disclose your personal information 
 
(I)    Sharing 

We will not share your personal information with any third party except for the following circumstances: 

a.    With your express consent. We will share your personal information with other parties after obtaining your express consent; 

b.    We may share your personal information in accordance with applicable laws, regulations, legal procedures, or governmental requirements, including national security, emergency services or law enforcement requirements; 

c.    It is necessary to provide your personal information to a third party for protecting your or the public’s interests, property or safety to the extent required or allowed by law; 

d.    You disclose the personal information to the public by yourself, or we can obtain the personal information from other lawful public channels. 

e.    Sharing with our affiliates: Your personal information may be shared with our affiliates; we will only share the necessary personal information, subject to this Privacy Policy. If an affiliate intends to change the purpose of processing personal information, we will seek your authorization and consent again; or 

f.    In order to provide you with more comprehensive and high-quality products and/or services, certain functions may be provided by our service partners, such as third-party service providers, contractors or agents. We may entrust these service partners to process certain personal information on our behalf. For example, third-party suppliers may send emails or push notifications or conduct statistical analysis of de-identified information on our behalf. 

We will sign a strict confidentiality agreement or data processing agreement with any company, organization and individual entrusted to process your personal information, which shall define entrusted matters, entrusted processing purpose, duration, processing methods, type of personal information to be processed, protection measures, and the rights and obligations of the two parties, and require such company, organization and individual to process personal information in strict accordance with our requirements, this Privacy Policy, and relevant confidentiality and security measures. We will oversee the personal information processing activities of these third-party service providers. If such third parties change the purpose of processing personal information, they should seek your consent again, and we will also monitor the same. If you refuse to allow our service partners to collect or use the personal information necessary for providing the services, you may be unable to use certain services provided by these partners among our products and/or services. 
 
(II)    Transfer 

We will not transfer your personal information to any company, organization or individual, unless: 
 
a.    With your express consent; or 
 
b.    You disclose the personal information to the public by yourself, or we can obtain the personal information from other lawful public channels. 

In case of personal information transfer involved in a merger, acquisition or bankruptcy liquidation, we will inform you of the name or contact information of the recipient, and will request the new company or organization holding your personal information to continue to be bound by this Privacy Policy. Otherwise, we will request such company or organization to seek your authorization and consent again. If personal information transfer is not involved, we will inform you fully, and delete or anonymize all personal information under our control within fifteen business days. 
 
We will request the aforementioned third party through agreements or otherwise to take proper confidentiality and security measures when they handle personal information. 
 
(III)    Public disclosure 

Subject to applicable laws and regulations, we will not publicly disclose your personal information without your express consent. 
 
 
V. How we store your personal information 
 
(I)    Storage location 

In principle, we will store your personal information on servers located in Singapore. However, considering that we may access third-party products/services, the content you input while using our products/services may be transmitted to and stored in data storage centers located outside Singapore and is used by a third party. The data storage centers established and the data-processing rules for different third-party products/services can be available at the official websites of those third-party products/services. 

If you are our registered user, you agree to the cross-border transmission and storage of your personal information. Cross-border transmission may involve certain data security risks in the process of transmission, and you agree that you will bear all risks and liabilities arising therefrom. 

If you are our business partner and when you access/integrate/apply our services into your products/services, the personal information of your end users, if any, may be transmitted internationally. We strongly recommend that you seek professional advice and take appropriate measures to ensure that such cross-border transmission complies with the regulatory requirements on data cross-border transmission in your country or region. You agree that you will actively fulfill the legal obligations on data cross-border transmission, including informing the end users, obtaining their express consent, and conducting security assessments of cross-border transmission, and personal information protection certification in accordance with the laws of your country or region. Otherwise, you will bear all risks and liabilities related to the outbound transfer of data arising therefrom. In particular, when cross-border transmission involves countries or regions such as the European Union, Russia, India, and the United States, please note the regulatory requirements on personal information of these countries and regions. You agree to solely bear the risks and liabilities arising from cross-border transmission. 
 
(II)    Storage period 

We will keep your and/or end users’ personal information within the shortest time as required by laws and regulations only for the purposes as set forth herein, and will delete or anonymize such personal information, if any, upon expiration of such storage period. However, subject to applicable laws and regulations, we may extend the storage period of your and/or your end users’ personal information for defending litigation, safeguarding public interest and protecting personal property or legitimate rights. 
 
 
VI. How we protect your personal information 
 
1. We have taken safety precautions, meeting the industry standards to protect the information you provide and prevent data from unauthorized access, disclosure, use, alteration, damage, or loss. We will take reasonably practicable measures to keep your data secure. For example, data exchange between your browser and the “services” will be protected by SSL encryption; we will also provide https for our website; we will use encryption technology to ensure confidentiality of data; we will deploy trusted protection mechanisms to prevent data from being maliciously attacked; we will implement access control mechanisms to ensure that only authorized personnel can access personal information; and we will regularly organize security and privacy protection training courses to enhance employees’ awareness of the importance of personal information protection. 
 
2.    Our data security capabilities: We have established security defenses based on data life cycle that cover data collection, transmission, storage, use, circulation, archiving, deletion and other data processing stages. 
 
3.    We will take reasonably practicable measures to avoid collecting unrelated personal information. We will store your personal information only within the period necessary for achieving the purposes as set forth herein and take technical measures such as encryption for the stored information. 
 
4.    The internet has no absolute security, and email, instant messaging, and other forms of communication with other users are not encrypted, so we strongly recommend that you should not send personal information through such means. Please use complicated password and regularly change it to help us guarantee the security of your account. 
 
5.    No internet environment is completely safe, so we will do our best to ensure the security of any information you send to us. We have used necessary and reasonable efforts, but there may exist a risk of personal damage, property, reputation and other losses posed to you and your users due to theft, illegal occupation or misuse of data. You have been aware of such risk and voluntarily assume it. 
 
6.    After any personal information security incident occurs unfortunately, we will, as required by laws and regulations, promptly inform you of: basic information on the security incident and its possible impacts, handling measures taken or to be taken by us, suggestions that you may solely prevent and reduce risks, remedies granted to you, etc. We will timely inform you of the relevant information on the accident through such methods as email or notification push. If it is difficult to inform the personal information subjects one after another, we will take reasonable and effective methods to make announcements. Meanwhile, we will also actively report the handling progress of personal information security incidents as required by regulatory authorities. 
 
 
VII. How you exercise the rights in personal information 

We attach great importance to your management of personal information and try our best to protect your rights to access, view, copy, modify, supplement and delete personal information, so as to keep your privacy and information secure. 
 
1.    Rights to be informed and make decisions 
 
a.    We inform you of how we process your personal information through the publication of this Privacy Policy. We are committed to presenting transparency in the use of your information; we will remind you of this Privacy Policy and allow you to make an independent decision whether to agree or disagree when you first register or every time you log in to your account. In addition, you can view this Privacy Policy in whole at any time according to the guidelines provided in the Section titled [How we update and revise this Privacy Policy] hereof. 
 
b.    If the products cease service or operation, we will promptly stop collecting your personal information, notify you of this situation individually or through an announcement at least thirty calendar days, and delete or anonymize all of your personal information we hold within fifteen business days after the products cease service or operation formally. 
 
 
2.    Right of access 

You may directly view or access your personal information on the [Personal Center] at our website, including logging in to your account at any time on the relevant product page to access the personal information related to your account. If you are unable to view or access your personal information on your own or encounter any problem when exercising your right to access data, you can contact us according to the guidelines provided in the Section titled [How you contact us] hereof to request us to provide your personal information. 
 
3.    Rights of correction and supplement 

If you would like to exercise your rights to correct and supplement data, e.g., you want to edit the corporate/individual information in your account, change your password or add information, you can access the Personal Content of KIMIYA.AI to perform such operations. 

If you are unable to correct or supplement your personal information on your own or encounter any problem when exercising your right to correct or supplement data, you can contact us according to the guidelines provided in the Section titled [How you contact us] hereof to request us to provide your personal information. 
 
4.    Right of deletion 

You can contact our customer service through emailing info@innocorn.comto request us to delete the personal information you provide if: 
 
(1)    we collect and use personal information in violation of laws and regulations; 
 
(2)    we collect and use personal information in violation of the agreement between you and us; 
 
(3)    we collect and use your personal information without your consent; 
 
(4)    we share with or transfer to a third party personal information in violation of laws and regulations or the agreement between you and us, in which case we will immediately stop such act and notify the third party of timely deleting it; 
 
(5)    we publicly disclose personal information in violation of laws and regulations or the agreement between you and us, in which case we will immediately stop such act and notify the relevant recipients to delete it; 
 
(6)    you no longer use our products or services, or you have cancelled your account; or 
 
(7)    we cease to provide you with the products or services. 

When deleting the relevant information, we may verify your identity to ensure account security. Once the request for deletion is responded to, your personal information will be deleted within fifteen business days, unless otherwise required by laws and regulations. Please note that if you request us to delete specific personal information about a user, such user may be unable to continue to use our products and services. 
 
 
5.    Withdrawal of your authorization 

In general, each of business functions may be realized with some basic personal information collected, and you can contact our customer service by emailing info@innocorn.com to request withdrawing your consent with respect to the collection and use of your personal information. After you withdraw your consent, we will no longer collect and use your relevant personal information. However, please understand that once you withdraw your consent or authorization, we will be unable to continue to provide the specific functions and/or services associated with the withdrawn consent or authorization. If you withdraw your consent, this will not affect our processing of your personal information with your consent prior to such withdrawal. 
 
6.    Account cancellation 

You may cancel your previously registered account at any time, and you can click "Personal Center" - "Preferences" - "Account Deletion", and follow the relevant operation instructions on the page to delete your account. You should know that cancellation of your KIMIYA.AI account will make you permanently lose your rights to the account and the data therein. We will provide you with account cancellation services after verifying your identity and fully handling assets in your account through consultations with you. After your KIMIYA.AI account is cancelled, we will cease to provide you with the products or services and delete or anonymize, upon your request, your personal information within fifteen business days, unless otherwise provided by laws and regulations. 
 
7.    Refusal of notification push 

We may send marketing messages to your email address or phone number, You can choose not to receive marketing emails/messages from KIMIYA.AI according to the unsubscribe/opt-out instructions in the received emails/messages, or directly indicate your unwillingness to receive any marketing call from KIMIYA.AI when receiving the same. You can also contact customer service by emailing info@innocorn.com to opt out of future marketing emails/messages. 

Please note that even if you choose to opt out of marketing communications, we may still send you non-promotional information related to updates of our Service Terms or Privacy Policy, security alerts, and other notifications related to your access or use of our products and services. 
 
8.    Protection of deceased individuals’ personal information 

After a user (individual only) dies, the user’s close relatives may exercise the rights to access, copy, correct or delete the personal information of the deceased using the contact information as set forth herein for his or her own legitimate and proper interests, unless otherwise arranged by the deceased user during his or her lifetime. 

You understand and acknowledge that in order to fully protect the personal information rights of the decreased user, the close relative who applies for exercising the rights specified in this Section shall submit the identification document and death certificate of the deceased user, the identification document of the applicant, the certificate of relationship between the applicant and the deceased user, type of the rights that the applicant applies for exercising, and purpose according to the process designated by us or our customer service instructions. You can obtain further information on protection process, conditions and other related matters concerning the personal information of the deceased user using the contact details specified in this Privacy Policy. 
 
9.    Response to your requests above 

For the security, we may need to verify your identity before processing your requests. You may need to provide written document or otherwise prove your identity. In principle, we will respond to all of your requests under this Section within fifteen business days after receiving the same and verifying your identity. 

We generally do not charge any fees for your reasonable requests as described above. We may refuse requests that are unreasonably repetitive, require excessive technical means (such as the development of new systems or fundamental changes to current practices), pose risks to the legitimate rights and interests of others, or are highly unrealistic (such as requests involving information stored on backup tapes). 

We will be unable to respond to your requests under any of the following circumstances: 
 
(1)    related to our fulfilment of obligations under laws and regulations; 
 
(2)    directly related to public security, public health or major public interests; 
 
(3)    we have sufficient proof that you have subjective malice or engage in any abuse of rights; 
 
(4)    for the purpose of safeguarding your or other individuals’ life, property or other significant legitimate rights and interests, it is hard to obtain your or their consent; 
 
(5)    responding to your request will cause serious harm to your legitimate rights and interests, or those of other individuals or organizations; or 
 
(6)    involving trade secrets. 

If you have any questions regarding the exercise of the rights as described above, you can contact us using the contact details as set forth in Section X hereof. 
 
 
VIII. How we process children’s personal information 

We have clearly stated in the service premise that we do not accept the registration of any child as defined in the laws of your country or region as our user, and nor do we accept children’s personal information you provide, so you are advised to exercise caution when providing information. If you are our partner and your application is designed and developed for children, please ensure that you have obtained the consent of the child’s guardian with respect to your collection and use of and provision of the child’s personal information to us. You should remind the guardian to read and agree to the privacy policy related to the products/services you provide, and this Privacy Policy. 
Given the existing technologies and business patterns, it is difficult for us to proactively identify children’s information. If a child’s guardian discovers unauthorized collection of personal information of a child, the guardian may notify us to delete it. If we ourselves discover such situation, we will also proactively delete the information, unless retention of such data is required by law. 
 
 
IX. How we update and revise this Privacy Policy 

To provide you with better services, our platform and relevant services will be updated and changed from time to time. We will revise this Privacy Policy at the appropriate time. Any revision of this Privacy Policy constitutes a part of, and has the same legal force with this Privacy Policy. Without your express consent, we will not reduce the rights that you should have in accordance with this Privacy Policy. 

We will release the updated policy at our official website or by sending an email/message to you. We will also remind you of the updated content in an appropriate manner before the updated terms take effect, so that you can keep informed of the latest version of this Privacy Policy. 

Regarding any material change, we will also provide more prominent notifications, including, for certain services, giving notifications by means of email, message or announcement, which describe the specific changes to this Privacy Policy. Therefore, please review and understand the privacy policy with which you should comply at any time. If you disagree with the terms of this Privacy Policy, you shall stop accessing and using our services. 

The “material changes” referred to in this Privacy Policy include but are not limited to: 
 
1.    any material changes in our service mode, such as the purpose of processing personal information, type of processed personal information and how personal information is used; 
 
2.    any material changes in our ownership structure, organization structure and others, such as the change of owner due to any business adjustment, bankruptcy, merger or acquisition; 
 
3.    the change of the main object which personal information is shared with, transferred to, or publicly disclosed to; 
 
4.    any material changes in your rights involved in personal information processing and in how you exercise such rights; 
 
5.    the change of our responsible department, contact information and complaint channels for personal information protection; and 
 
6.    any high risks as shown in a personal information impact assessment report. 

This Privacy Policy and its updates constitute an integral part of the KIMIYA.AI User Service Agreement. KIMIYA.AI reserves all rights not expressly granted under this Privacy Policy. 
 
 
X. How you contact us 

We would like to resolve any dispute related to data protection practices between you and us. KIMIYA.AI has established a special privacy protection group, and you can raise your questions or seek assistance by sending an email to our privacy protection group (info@innocorn.com). 

If you have any questions, comments or complaints regarding your account information, personal information or other documentation technologies, or exercise your rights, you can contact us at info@innocorn.com or using any other specified method. In general, we will respond within fifteen business days. 
 
 
IX. Other legal basis for processing your personal information (only for EEA) 

You (the partner) shall give special attention to the following: when you engage in any personal information processing activity, you shall comply with the General Data Protection Regulation (“GDPR”) if you meet any of the following conditions: 
 
(1)    you are located in European Economic Area (“EEA”), whether such processing activity take place within the EU; 
 
(2)    you provide goods or services (for consideration or free of change) to any individual within the EEA, or monitor his or her behavior within the EEA; or 
 
(3)    you are located outside the EEA, but the laws of any EU member states shall apply pursuant to international public law, e.g., embassies or consulates of EEA member states. 

If you are from the EEA, the legal basis for our collection and use of the aforementioned personal information will depend on relevant personal information and the specific context in which we collect it. 
 
However, we generally collect personal information only under the following circumstances: when we need the personal information to perform a contract signed between you and us, when the processing is in our legitimate interests and not covered by your data protection rights and interests or fundamental rights and freedoms, or when we have obtained your consent. In certain cases, we may also have a legal obligation to collect personal information from you, or may need the personal information to protect your or others’ vital interests. For example, we may provide your personal information as required by relevant authorities for public safety purposes or respond to requests from law enforcement agencies. 
 
If you have any questions or require further information about the legal basis for our collection and use of your personal information, please contact us using the contact details as set forth in the Introduction of this Privacy Policy. 
 
Appendix 1: Keyword definition 
 
The specific words used in this policy is defined as follows: 
 
1.    We or KIMIYA.AI: Innocorn Technology Limited. and Kimiya Hong Kong Limited. 
 
2.    Affiliates: it refers to a subsidiary company or other affiliated enterprise within the scope of the consolidated statement with Innocorn Technology Limited. and Kimiya Hong Kong Limited or other entity which controls, is and will be controlled by or is under common control with KIMIYA.AI. 
 
3.    Control: means the ability directly or indirectly to influence the management of the company referred to, whether through ownership, voting shares, contracts or other means legally identified. 
 
4.    You: means the registered user who uses our products and/or services and the purchaser of the paid service. 
 
5.    Your End User: An end user who provides the product / service by you (access / integrate / apply our KIMIYA.AI service to your product / service). 
 
6.    This platform: refers to the KIMIYA.AI platform. 
 
7.    Personal Information: Information that is electronically or otherwise recorded that can be used alone or in combination with other information to identify a natural person or to reflect the behavior of a natural person. 
 
8.    Personal information subject: It refers to the natural person identified by personal information 
 
9.    De-identification: It refers to the technical processing of personal information. The personal information subject cannot be identified without additional information after this processing. 
 
10.    Anonymization: It refers to the process of making personal information subject unrecognizable through the technical processing of personal information, and the processed information cannot be recovered. 
 
 
Updates to this policy 
 
This privacy policy was last updated in August 2024. Please check back regularly to keep informed of updates to this privacy policy. We reserve the sole and absolute discretion to amend and update this privacy policy without prior notice.