Last modified October 1, 2022
Our Privacy Commitment
Fanruan Software Co., Ltd. ("Fanruan" or "we" "our") believes in the importance of thoughtfully handling personal information and is committed to privacy practices that are transparent and compliant. This Privacy Statement sets out how Fanruan uses the personal information we collect and receive about you. By using our website, product and service, you consent to the collection, sharing and use of information as described here.
Information we collects and control
When we process your personal information, we will only do so where at least one of the following applies:
- We need to use your personal information to perform our responsibilities under our contract with you and to provide you with tools and services.
- We have a legitimate reason to collect and use your personal information. For example, it is in our legitimate interests to use usage data including your personal information to improve our products and services.
- to tell you about changes to this Privacy Statement and other policies
- to tell you about new products, services and events or changes to our products, services or websites.
- for business reasons (for example to develop and expand our business); and to tell you about offers or promotions we are running.
- You have given consent to use your personal information. You may withdraw consent by opting out where we give you the opportunity to do so, or by contacting us using the contact details below.
- If it is necessary for us to use your personal information in order to comply with a legal obligation.
- You have chosen to make the information public. You should not share any personal information which you wish to keep confidential or private.
1) What information we collect
(1) FanRuan's Product Deployment Options
FanRuan products can be installed by customers at locations they choose, through local installation, server deployment, integration into other systems and cloud providers chosen by customers (with deployment managed by customers) or use of cloud services through authentication. FanRua's product deployment options are listed below. To confirm how the product you purchased is deployed, please contact your organization's system administrator/IT department.
|Product deployment mode||Description|
|Use of the designer locally|
1.Download the designer
|Server deployment||Deploy FineReport to Web Application Server, types of deployment: |
1.Server deployment package
|Integration||1.Enterprise-level system integration: integrate the FineReport decision-making platform system with existing systems.|
2.Web page integration: embed other developed pages or templates directly into FineReport templates or embed FineReport templates into existing Web pages through page iframe integration.
|Private cloud deployment||The License Server returns the authorized functions, authorized access domain name, authorized access port, authorized access expiration date and other information to the Report Server for verification. If verified, the Report Server will enter normal access routines, or otherwise it will be considered unauthorized.|
|Public cloud deployment||Compared with private cloud verification, if a customer is unwilling to provide physical information or set up a server locally in some cases, FanRuan will support public cloud registration.|
(2) FanRuan's Customer Management Deployment
2.1 Server registration
2.1.1 Procedure: generate registration information locally and e-mail such information to the business department of FanRuan for the generation of licenses on the basis of any signed contracts, and then send the licenses back to customers. The flow also applies to the procurement of additional functions.
2.1.2 Registration information: generally including MAC address, machine code, server project name, product version information
2.2 Designer activation
2.2.1 Procedure: Get an activation code through FineReport official website, enter the activation code in the designer to activate it and each machine can be activated once. Network connection is not required for activation. The activation information will be saved in a related local file.
2.3 Platform login and authorization
2.3.1 Platform user login: This occurs after products are deployed. The administrator will configure username, password and other information and, once logged in, may choose not to verify the login until the session of a traced user times out or the user chooses to log out
2.3.2 Authorization: Authorization determines the operation permissions granted through authorization management (with such permissions to be determined by the administrator). Data for user authorization (i.e., usernames, passwords, department, etc.) is only saved locally. In these cases, authorization or authentication data will not be sent to FanRuan.
2.4 Usage data
please refer to the table below:
|Collection and use of product usage data (Non-identifiable data)||Time of data being sent to FanRuan|
[If data return is enabled, then:]
2.4.1 FanRuan uses collected data for analysis, so that we can have a better understanding of the technological environment of software installation and user behavior in products and then optimize, support and improve our products and services. Any collected data received is analyzed on a macro, statistical basis. Collected data is identifiable at the customer level (i.e., company name), but non-identifiable at the individual (user) level. As we do not collect/process personal data, privacy laws (e.g., GDPR) do not apply to such collection/processing. However, users can opt out of current data collection. Users may opt out if they wish by changing the settings in FineReport settings. Additionally, the Admin user represents the organization as a whole, who may opt out of the organization by changing FineReport settings.
2.4.2 To enable data return and analysis, our products may collect data on usernames (which might include personal data) as other providers do in China, which data will be encrypted during processing.
For data in server and designer: data tracker is stored locally with customers. Such data will be sent to overseas websites by default (including the non-simplified Chinese version). Return of data (non-identifiable data) is disabled for the time being and there is a "Product Improvement Program" checkbox which is unchecked by default. Even if the checkbox is checked, data return is still disabled currently. If users agree, we might consider enabling data return in the future.
For data in mobile terminal: data return can be disabled in "About" on the App. It is enabled by default. Mobile terminals of both a personal designer and a server will release the pre-notification function for data return in the new version.
2.4.3 Please refer to FanRuan User License Agreement in PDF format to obtain more details on which information will be collected and why (website, clauses).
(3) FanRuan's Log Files and Support Data
3.1 What is a log file?
Customer management deployment collects business data in a log file (the "log file"), which is composed of non-personal statistics, system statistics and usage data generated by FanRuan products and can be used for auditing, monitoring and troubleshooting. Logs include application usage data and logs for collection: stored locally, these log files might include user IDs (possibly including personal data, please refer to section 2.4). System logs: fanruan.log, stored locally, which records system operation and environmental information. If the highest-level logging is enabled, log files might contain pieces of data processed by our products, possibly including personal/sensitive content. These logs can be used for auditing, monitoring and troubleshooting in the development and debugging.
3.2 Are log files sent to FanRuan
Generally, no. Log files are saved locally in the customer environment. However, customers may send log files and other data to FanRuan, so as to help address faults/technical problems. Any content sent to FanRuan Support is processed only to solve technical problems, securely stored and subject to our access and data retention policies. It is recommended that log files and any other data content sent to FanRuan be processed to address faults/support problems in accordance with general IT best practices concerning security and access permissions.
Customer management deployment may be configured through Platform Management to adjust the data captured in log files. For more details on log files listed by product type, please refer to the link at the end of this Policy.
The development of new versions is still underway, with possible adjustments to functions or release time. For new functions already released, see Release History. The stable version will be uploaded by default on the overseas official website, and existing customers have to upgrade to experience released new functions. A preview of new functions might be released on the official website and risk disclosure will be made on the corresponding page of the preview
(4) Cloud Services
4.1 When customers use FineReport Standard, which personal data is collected ?
The only personal data received by FineReport Standard is authentication information (e.g., FineReport Standard accounts). FineReport Standard also processes and uses the usage/statistical data in connection with cloud products, so as to (1) help solve problems and (2) make analysis on a generally anonymous basis to ensure service quality and product improvement.
4.2 Where is the data center hosting FineReport Standard ?
Aliyun, Santa Clara, California, USA.
4.3 Can I choose to save my FineReport Standard cloud service data in my region (e.g., can EU users ensure that their data will not be taken out of the EU) ?
We will not change the location of the cloud server for the time being
If you attach personal data and files to the application (it is not mandatory to provide FanRuan with true personal data and we recommend you anonymize the data before sending it to FanRuan) or if a FanRuan employee has to solve a problem by accessing your account (which is unlikely), then the employee can access to your real data and files.
4.4 Content data accessed and used by FanRuan:
FanRuan employees have no access to the user content on FineReport Standard, unless (1) users share it with FanRuan staff (e.g., in the context of consulting services), or (2) FanRuan is prompted by customers to access a single piece of content for troubleshooting, in which case only a limited number of specific FanRuan staff can access a single piece of content for troubleshooting, and only under strict control.
4.5 Building and Security:
4.5.1 Where are FineReport cloud services hosted ?
FineReport Standard is hosted by Ali Cloud.
4.5.2 Retention of content data
Users may delete the application at any time, with relevant content controlled by users. Once deleted by users, all information hosted by FineReport in the application will be deleted immediately and back-up data will be deleted after a period of time, which conforms to our internal data retention rules. Sleeping applications (i.e., applications that have been inactive for more than 12 months in an account) may be deleted by FineReport.
4.6 Who can access content data ?
For FineReport Standard subscription, all users can control who can access applications shared by individual while group owners can control who can access applications created and shared as a part of their workgroups.
With respect to FineReport Standard, other users will not see the application before the application creator releases the application to users. Users control who is invited to view the application within their authorizations.
(5) FanRuan as Customers' Data Processor
The information below describes when FanRuan serves as a data processor and/or data controller (as defined by GDPR or similar legislations).
5.1 SaaS products (cloud services):
FineReport is a data controller for personal data. FanRuan collects and processes to manage, maintain and improve our products, for example, authentication data such as usernames and passwords, and usage data such as login frequency, daily usage and traffic/usage in each country. It helps FanRuan better allocate resources and serve FanRuan customers and/or improve FanRuan services. When receiving user subscription, FanRuan, like all other businesses, maintains a database of customer and partner contacts for billing, marketing and other general business purposes. FanRuan processes this data in accordance with privacy laws and maintains appropriate security protection for such data. Storage/input of the personal data content that can be used to identify a particular individual is not the primary function of FineReport, which complies with the principle of data minimization and anonymization under the GDPR. FanRuan does not recommend that users insert their personal data into our applications
FanRuan is usually not a data processor for customer management deployment. This is because any content customers choose to store or create locally remains in customers' systems. FanRuan cannot access such content; therefore, customers, not FanRuan, are the data controller and data processor of such content under data protection laws. There might be exceptions if a customer chooses to share the content in customer management deployment coincidentally containing personal data when FanRuan offers support or consultation services to the customer. The sharing shall be at the customer's own discretion and personal data content shall be anonymized or minimized by the customer as per the best practices for data anonymization/minimization in privacy laws. Hence, customers usually need not to sign a data processing agreement with FanRuan. For further questions about data processing agreements, please contact email@example.com
(6) Cookies & Similar Technologies
Our websites use various software technologies including cookies, web beacons and pixel tags. Cookies are small text files that we and others may place on visitors' devices to store their preferences. We use web beacons or pixel tags - small pieces of code placed on a web page or within the body of an email - to monitor the behavior and collect data about the visitors viewing a web page or viewing or opening an email. Web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page, and we use them from time to time for this and advertising purposes.
We partner with third parties, including analytics companies, advertisers, and ad networks, who may place cookies on your browser when you visit our websites, may send their own cookies to your cookie file, and may use those cookies to track and collect information about you and your online activities over time and across different websites, devices, and applications and to provide targeted advertising based on your interests and previous browsing history.
2）Purposes for using information
Fanruan collects personal information in support of its mission to help people see and understand their data. This personal information is collected in a variety of ways. You provide some information directly to us; we receive some information when you visit our website or use our products and services; and we receive some information from third parties.
The categories of information we collect will depend on your interactions with Fanruan:
- Contact information. Name, employer, title, email address, physical address, phone number, and similar contact info, user names, passwords, IP addresses, password hints, and similar security information used for authentication and account access.
- Payment and financial information. Company registration Information, banking information, billing address, payment instrument number (such as a credit card number), and the security code associated with your payment instrument.
- Demographic Information. Employment status, occupation, region. If you participate in Fanruan user research activities, you will have the option to provide further information, such as gender, race, age, and personal propensities.
- Inferred and derived information. Data such as propensities and attributes that Fanruan generates to help us understand you and your preferences.
- Transaction and registration information. The information which is generated in the course of your transaction with Fanruan, including account information, logins, passwords, and purchase history. Product registration information, product interest information, transaction information, and in some cases, student and teacher verification information. We may also collect registration information related to your attendance at Fanruan events, including travel information, scheduling information, food preferences or allergies, and accessibility requests.
- Usage and geographic data. Fanruan collects information related to your use of our products, services and websites. We analyze that usage data so that we can improve our products and your experience with them. In certain instances, Fanruan provides administrative tools so you can opt-out of the collection of some usage data.
- Usage data includes online and technical information about your computer's or mobile device's operating system and browser type; your device type; details about how you are using our products (including natural language queries); your Internet Protocol (IP) address, and geographic areas derived from your IP address; networking connection data; Fanruan cookie information; file information; metadata; time-stamped logs regarding access times and duration of visits; the web pages you visited before coming to Fanruan websites (referring URL); and other usage data relating to your activities on our Sites(including official website, help document website, demo website, forum and all other websites that serve Fanruan users), including the pages you request. We may link this information to the personal information we have collected about you and use it for the purposes described in this Privacy Statement, and we may deliver targeted marketing and product information back to you based on your usage data.
- Third-party data. We may receive your personal information from third party suppliers or partners. If you connect with Fanruan accounts on third party social networking sites, we may receive information about your social networking accounts, for example, your name, user name or display name, public profile, and email address. We may combine information you provide with data we collect automatically and with data we receive from third parties.
- Images, video and recordings. Pictures, videos or audio recordings may be collected by Fanruan. For example, if you attend a Fanruan event, your image may be captured in a photo or video. If you call Fanruan customer support, your call may be recorded. If you decline to provide your personal information or ask us to delete it, we may be unable to continue to provide or support our products or services.
- We use the personal information we collect for the purposes described in this Privacy Statement, as covered in any agreement that incorporates this Policy, or as disclosed to you in connection with our websites. For example, we will use your information to:
- Provide and deliver products or services, including software upgrades, plug-in installation, function additions, project services, examination services, customer service, and other new services. For example, Fanruan's partners may contact you by email, post, social media account or phone to market Fanruan or Fanruan-compatible products
- Operate and improve our operations, systems, products, and services;
- Understand you and your preferences to enhance your experience;
- Respond to your comments and questions and provide customer service
- Provide service and support, such as sending confirmations, invoices, technical notices, updates, security alerts, and administrative messages and providing customer support and troubleshooting;
- Communicate with you and your referrals about promotions, upcoming events, and news about products and services offered by Fanruan and our selected partners;
- Link or combine information about you with other personal information we get from third parties, to help understand your needs and provide you with better and more personalized service;
- Enforce our terms and conditions or protect our business, partners, or users;
- Protect against, investigate, and deter fraudulent, unauthorized, or illegal activity;
- Keep our products, facilities, and services secure.
The European Economic Area (EEA) provides certain rights to data subjects (including access, rectification, erasure, restriction of processing, data portability, and the right to object and to complain). FanRuan undertakes to provide you the same rights no matter where you choose to live.
3）Legal processing bases
Applicable to FanRuan : If you are an individual from the European Economic Area (EEA), our legal basis for information collection and use depends on the personal information concerned and the context in which we collect it. Most of our information collection and processing activities are typically based on (i) contractual necessity, (ii) one or more legitimate interests of FanRuan or a third party that are not overridden by your data protection interests, or (iii) your consent. Sometimes, we may be legally required to collect your information, or may need your personal information to protect your vital interests or those of another person.
Withdrawal of consent: Where we rely on your consent as the legal basis, you have the right to withdraw your consent at any time, but this will not affect any processing that has already taken place.
Legitimate interests notice : Where we rely on legitimate interests as the legal basis and those legitimate interests are not specified above, we will clearly explain to you what those legitimate interests are at the time that we collect your information.
4）Your choice in information usage
Opt out of non-essential electronic communications : You may opt out of receiving newsletters and other non-essential messages by using the 'unsubscribe' function included in all such messages. However, you will continue to receive essential notices and emails such as account notification emails (password change, renewal reminders, etc.), security incident alerts, security and privacy update notifications, and essential transactional and payment related emails.
Disable cookies : You can disable browser cookies before visiting our websites. However, if you do so, you may not be able to properly use certain features of the websites.
Optional information: You can choose not to provide optional profile information such as your photo. You can also delete or change your optional profile information. You can always choose not to fill in non-mandatory fields when you submit any form linked to our websites.
5）Who we share your information with
Information that we process on your behalf
Our marketing emails permit you to opt-out of receiving further marketing emails. You may also contact us at firstname.lastname@example.org at any time to let us know that you no longer wish to receive marketing emails. If you opt-out but are a current customer, we will still send you transactional emails. Transactional emails are necessary communications about your accounts and our business dealings with you, such as renewals and updates, and, as allowed by applicable law, requests for your participation in surveys.
You have certain rights in your personal information, subject to local data protection laws.
Children's personal information
Our websites, products and services are primarily intended for adults. A child must not create a Fanruan account without the consent of a parent or guardian. If a child's personal data is collected with prior parental consent, we will only use or disclose the data as permitted by law, with the explicit consent of the child's parents or guardians, or when necessary for the protection of the child. If we accidentally collect a child's personal data without verified prior consent from the child's parents, we will attempt to delete the data as soon as possible.
How do we keep your personal data secure
FanRuan implements privacy design agreement and considers privacy as a local component of its R&D/product development process. For example, hierarchical authorization management: different departments share a system and each department has its own administrator who authorize the employees in that department, that is, level-to-level distribution by hierarchical administrators. Hierarchical administrators can only authorize within the scope of their respective duties. Unless the application creator or a person with administrator account affirmatively grants the access to the application to another user, only the application creator can access the application by default.
Fanruan works to keep your personal information confidential and secure. In some circumstances Fanruan may share your information with third parties, for example:
- We may share your personal information when we have your permission, including when you choose to share information using Fanruan Public or post to our Community websites;
- We provide personal information to trusted partners who work on behalf of or with Fanruan to provide us with services. For example, we share contact information with our training and certification partners, our reseller and service partners, our data storage, customer support and marketing vendors, and with our software providers. These companies may use your personal information to perform services and to help Fanruan communicate with you, including making offers from Fanruan and our partners. Fanruan maintains contracts with these companies restricting their access, use and disclosure of personal information in compliance with this Privacy Statement and any legal obligations;
- If you connect to your third-party accounts through our products, we will use that information to authenticate you, enumerate the data sources available to you, download any data you request us to, and download and refresh authentication tokens or persist authentication information such as user names and passwords as necessary to continue to connect to these data;
- We may share your contact and transactional information with our current or future affiliates, which may include parent and subsidiary companies, joint ventures, or other companies under common control, in which case we will require our affiliates to honor this Privacy Statement;
- We will disclose your personal information to comply with legal requirements, such as in response to a court order or a subpoena. We also may disclose your personal information in response to a law enforcement agency's request, or where we believe it is necessary to investigate, verify, prevent, enforce compliance with, or take action regarding illegal or suspected illegal activities; suspected fraud; situations involving potential threats to the physical safety of any person; protection of the rights and property of Fanruan, our agents, customers, or others; violations or suspected violations of our agreements and policies; or as otherwise required or permitted by law or consistent with legal requirements;
- We transfer or disclose your personal information for corporate reasons. For example, to third parties in connection with or during negotiation of any merger, financing, acquisition, bankruptcy or similar transaction. We may also share personal information with our auditors, attorneys or other advisors in the connection with corporate functions;
- Finally, we also share aggregated, anonymized or statistical information about you, including demographics data, with others for a variety of purposes, for example, for improving products and services for Fanruan and others.
- If you register for or attend a Fanruan event, seminar or webinar Fanruan may share participant information (e.g. your name, company, and email address) with other participants, organizers or hosts of the same event, seminar, or webinar in order to facilitate the event and the subsequent exchange of ideas.
We may facilitate third party services or ways to share data through third parties, including social media platforms, websites, applications, and services through plug-ins, widgets, buttons, and other third party features on and connected with our websites, communications or products. Third parties whose services you use in connection with Fanruan, such as our training and certification partners, or third parties whose websites we link to, may have information practices that are different from ours. This Privacy Statement does not apply to the activities of third parties when they are collecting or using data for their own purpose or on behalf of others. We are not responsible for the activities of these third parties. We encourage you to review their privacy policies to understand how they use your information.
We have reasonable and appropriate physical, electronic, and managerial procedures in place to help safeguard your personal information. However, you should know that no company, including Fanruan, can fully eliminate security risks associated with personal information. To help protect yourself, use a strong password, do not use the same passwords to access your Fanruan accounts that you use with other accounts or services, and protect your user names and passwords to help prevent others from accessing your accounts and services. For more information about Fanruan security practices, see https://www.finereport.com/en/security.
Employees who have access to such personal information shall be trained regarding this Policy, advised that they are responsible for fully complying with the privacy principles articulated in this Policy and instructed that violations of these principles shall result in appropriate discipline up to and including termination.
Locations and international transfers
As a global company, your personal data collected by Fanruan may be processed or accessed in the country/region where you use our products and services or in other countries/regions where Fanruan or its affiliates, subsidiaries, service providers or business partners have a presence.
Information collected by Fanruan or on our behalf may be stored on your computers, on your mobile devices, or on our servers, and may be transferred to, accessed from, or stored and processed in Japan, Korea, Singapore and China, and any other country where Fanruan or its service providers maintain facilities or support centers (a list of Fanruan offices can be found here: https://www.finereport.com/en/contact-us, including jurisdictions that may not have data privacy laws that provide protections equivalent to those provided in your home country. However, we will protect all personal information we obtain in accordance with this Privacy Statement and take reasonable steps to ensure that it is treated lawfully.
In certain circumstances, we may retain your personal information after you have closed your account or are no longer actively engaged with Fanruan. For example:
- We may retain your personal information after you have closed your account so that we can send you information about products, services and publications we think you may be interested in. You can "unsubscribe" from receiving such messages or tell us you are no longer interested;
- We may retain your personal information in order to protect our legal rights, or those of third parties, or to comply with the law;
- We may retain personal information about how you have used our products and services in order to improve and develop our business;
- If you purchase products or services from us, we may retain your personal information for as long as we need to in order to provide you with customer service, or for compliance purposes, for example, in order to comply with our record-keeping requirements;
- Fanruan may also use and share aggregated, non-personally identifiable data for research, external training and marketing purposes.
How to contact us
Notification of changes
While we take reasonable precautions against possible security breaches of our site and records no website or Internet transmission is completely secure and we cannot guarantee that unauthorized access, hacking, data loss, or other breaches will never occur.
We offer you the ability to post information and exchange ideas through our websites and other services such as Fanruan Public. Because your posts and information shared through Fanruan Public are public and can be seen by others, we caution all users to consider what they post and not to disclose any personal information. Fanruan will not be responsible in the event that you disclose personal information in your posts, through our public services or during any other communication with other website users.