<b>Copyright</b> © Connectnow AI Technology Co.,Limited 2025. All rights reserved. No part of this document may be reproduced, distributed, or transmitted in any form without prior written permission from the company.
Trademark
[ConnectNow] (and other [ConnectNow] trademarks) are trademarks of Connectnow AI Technology Co.,Limited.
All other trademarks or registered trademarks mentioned herein are the property of their respective owners.
<b>Notes</b>
Your purchase of products, services, or features is subject to the commercial contracts and terms of Connectnow AI Technology Co.,Limited. Some or all products, services, or features described in this document may not be included in your purchase or usage scope. Unless otherwise contractually agreed, the company makes no express or implied warranties regarding this document.
This document may be updated periodically due to product version upgrades or other reasons. Unless otherwise agreed, it serves solely as a usage guide. All statements, information, and recommendations herein do not constitute any express or implied guarantees.
Connectnow AI Technology Co.,Limited
Address: Room 217, Building 5C, Shenzhen Software Industry Base, No. 11, 13, 15 Haitian 1st Road, Binhai Community, Yuehai Subdistrict, Nanshan District, Shenzhen, China
Website: ConnectNow - https://www.connectnowai.com
Customer Service Email: privacy@connectnowai.com
I.Overview
1.1. Scope
This ConnectNow (EU) GDPR Compliance Statement (hereinafter “Statement”) applies to the ConnectNow products and services provided by Connectnow AI Technology Co.,Limited (hereinafter “we”) to users or customers (hereinafter “you”) in EU member states. This Statement outlines the compliance measures adopted by ConnectNow to adhere to the General Data Protection Regulation (GDPR).
1.2. Definitions
a.<b>Personal Data:</b> any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b.<b>Consent of the Data Subject:</b> any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
c.<b>Data Controller:</b> a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
d.<b>Data Processor:</b> a natural or legal person, public authority, agency, or other body, which processes personal data on behalf of the controller.
e.<b>Data Processing:</b> any operation or set of operations performed on personal data, including collection, recording, storage, adaptation, disclosure, combination, restriction, erasure, or destruction.
II.GDPR Compliance Requirements
2.1. Introduction to GDPR
The General Data Protection Regulation (GDPR) is one of the world’s strictest privacy and data protection laws, mandating compliance for any organization processing personal data of individuals within the EU, regardless of its location. Since its enforcement on 25th May 2018, GDPR has significantly influenced global data protection practices.
2.2. Core Principles and Requirements
2.2.1. Fundamental Principles
a.<b>Lawfulness, Fairness, and Transparency:</b> Personal data must be processed lawfully, fairly, and transparently.
b.<b>Purpose Limitation:</b> Personal data shall be collected for specified, explicit, and legitimate purposes.
c.<b>Data Minimization:</b> Processed data must be adequate, relevant, and limited to what is necessary.
d.<b>Accuracy:</b> Personal data must be accurate and kept up to date; inaccurate data shall be rectified or erased without delay.
e.<b>Storage Limitation:</b> Data shall not be retained longer than necessary for the processing purposes.
f.<b>Integrity and Confidentiality:</b> Data must be processed securely, including protection against unauthorized access or destruction.
g.<b>Accountability:</b> Controllers are responsible for demonstrating compliance with these principles.
2.2.2. Data Security
GDPR requires controllers and processors to implement “technical and organizational measures,” such as access controls, encryption, and staff training.
2.2.3. Consent Requirements
GDPR imposes strict requirements on consent, including:
a.Consent must be “freely given, specific, informed, and unambiguous.”
b.Consent requests must be “clearly distinguishable” from other matters and presented under “clear and plain language.”
c.Data subjects may withdraw consent at any time, and their decision must be respected.
d.Written records of consent must be maintained.
2.2.4. Records of Processing Activities (RoPA)
Controllers and processors must maintain records of all data processing activities under their responsibility.
2.2.5. Data Subject Rights
GDPR grants data subjects rights including: Right to Information, Right of Access, Right to Rectification, Right to Erasure, Right to Restrict Processing, Right to Data Portability, Right to Object, and Rights related to automated decision-making.
2.2.6. Data Protection Impact Assessment (DPIA)
A DPIA must be conducted prior to high-risk processing activities (e.g., using new technologies).
2.2.7. Data Protection Officer (DPO)
GDPR recommends appointing a DPO to oversee compliance and act as a point of contact for data protection matters.
2.2.8. Data Processing Agreement (DPA)
A legally binding agreement must be established between controllers and processors, as per GDPR Article 28.
2.2.9. Data Breach Reporting
Processors must notify controllers of breaches without undue delay. Controllers must report breaches to supervisory authorities within 72 hours.
2.2.10. Cross-Border Data Transfers
In the event of a transfer of personal data that is being processed or is intended to be processed after transfer to a third country or international organisation, this shall only take place if the controller and processor comply with the relevant provisions of Chapter V of the GDPR.
III.The Role of ConnectNow Under the GDPR
ConnectNow’s products or services may involve two types of data about you: your registration, login information and subsequent usage data when you register and log in to use ConnectNow (collectively, “ConnectNow Product Usage Data”), and your personal data collected through the ConnectNow and related services. ConnectNow and related services are collected, saved, uploaded, downloaded, distributed, processed, used and otherwise processed by you (e.g., consumer personal information, contact information, etc., collectively referred to as “Business Data”).
Depending on the form of service we provide, the processing of the above two types of data may vary, as does our data role, which under the GDPR involves being a data controller and a data processor. In addition, purely technical service providers are not involved in processing data.
We provide ConnectNow services to you in two main ways: the public cloud approach and the private deployment approach.
(1)Public Cloud Deployment
a.For Usage Data, we act as a Data Controller. For more information on how we process your ConnectNow Product Usage Data, please see the ConnectNow Privacy Policy
b.For Business Data, we act as a Data Processor and we solemnly undertake not to have unauthorised access to said business data. Specifically, the ConnectNow product is deployed as SaaS, i.e., a multi-node distributed deployment of the service side of your system, and we do not have access to your business data, but only host the service resources for the purpose of the service. Please ensure that you have taken appropriate compliance measures in accordance with applicable law before processing such personal data, such as informing the data subject of the manner and purpose of the data processing through, for example, a privacy policy.
(2)Private Deployment
We serve solely as a technical service provider and do not process any data. Please ensure that you have taken appropriate compliance measures in accordance with applicable law before processing such relevant data, e.g. by informing the data subject of the manner and purpose of the data processing, e.g. through a privacy policy.
IV.How ConnectNow Complies with GDPR
| Data Protection Obligations | ConnectNow takes appropriate technical and organisational measures to protect data security, such as pseudonymisation and encryption, access control, security audits, the establishment of a data protection team, and the establishment of systems for data protection. |
| Lawfulness, Fairness, and Transparency | ConnectNow ensures that all data processing activities have a lawful basis, and will legally and reasonably obtain the consent of users when providing ConnectNow’s products and services, and transparently demonstrate to data subjects how their data will be processed through the Privacy Policy. |
| Purpose limitation | ConnectNow will only process customers’ personal data for the purposes limited in the contractual agreements and the Privacy Policy Statement. |
| Data Minimization | ConnectNow collects and processes only the minimum amount of personal data necessary to fulfil the specific purposes, and ConnectNow ensures that data collection and processing is necessary by regularly reviewing data processing activities. |
| Storage Limitation | Upon reaching the retention period, ConnectNow will delete/anonymise the customer’s personal data as contractually agreed. |
| Data Security | a.ISO 27001 certification implemented by our affiliated company. b.Internal policies: Data Protection Policy, Data Retention Policy. c.Data Breach Response Plan established. |
| Consent | Where consent is the basis for legitimacy, ConnectNow processes personal data after obtaining the express consent of the user at the registration and login screen, and ConnectNow processes personal data only within the scope of the contractual agreements and the purposes defined in the Privacy Policy Statement. |
| Records of Processing (RoPA) | ConnectNow maintains Data Processing Records in accordance with GDPR Article 30. |
| Protection of the rights of the data subject (e.g., Right to Information, Right of Access, Right to Rectification, Right to Erasure, Right to Restrict Processing, Right to Object, Right to Data Portability) | a. ConnectNow informs the data subject, through its privacy policy or otherwise, in a concise, transparent, easily understandable and accessible form, using clear and straightforward language, of the information on how he or she will exercise his or her rights in relation to personal data. b. ConnectNow provides data subjects with the ability to access, correct, delete, and export data through an interactive interface in the design of the product or service. c. ConnectNow’s DPO, in conjunction with the customer service department, ensures that the data subject’s complaint channels are open and responds in a timely manner to requests for personal data rights in accordance with the requirements of the GDPR. |
| Data Protection Impact Assessment (DPIA) | a.ConnectNow conducts Data Protection Impact Assessment (DPIA) when processing high-risk data. b.Based on the results of the DPIA, ConnectNow will propose improvements to data protection measures to mitigate risks in data processing. |
| Data Protection Officer (DPO) | ConnectNow appoints a DPO to oversee the implementation of the data protection strategy and to act as the main point of contact for data protection issues. The contact details of the DPO are publicly available in our Privacy Policy. |
| Data Processing Agreement (DPA) | ConnectNow, as a data processor, has prepared templates for data processing agreements and provides data controllers (customers) with the corresponding data processing agreements. |
| Data Breach Reporting | a.As a processor: Notify controllers immediately. b.As a controller: Report to authorities within 72 hours. |
| Cross-Border Transfers | ConnectNow is not involved in cross-border transfers of data and its data localization deployment scheme is such that, for customers or end-users located in the EU, personal data will be stored in servers within the EU. |
V.Summary
We are committed to delivering secure, reliable, and GDPR-compliant products and services. By prioritizing data protection and continuously improving our technical and organizational measures, we ensure the confidentiality, integrity, and availability of your data. We monitor regulatory updates globally and adapt our practices to meet evolving legal requirements.
To ensure that the business activities conducted in various regions comply with local privacy protection laws and regulations, we will continuously monitor updates to relevant laws and regulations, and convert new regulatory requirements into our internal policies. We will optimize our internal processes to ensure that all our activities meet legal and regulatory requirements. We will continue to develop and launch privacy protection-related services and solutions in line with updated legal and regulatory requirements, helping you meet the new requirements of privacy protection laws and regulations.
Compliance with GDPR and related data protection laws and regulations is a long-term and multi-faceted task, and we are willing to continue to improve our ability to meet the requirements of related laws and regulations in the future, in order to provide you with safe and trustworthy products or services.
This article is for reference only and does not have legal effect or constitute legal advice. Please use your discretion to assess your own situation and ensure compliance with the GDPR when using ConnectNow.
VI.Version History
| Version | Release Date | Description |
|---|---|---|
| 1.0 | 2025/04/27 | Initial Release |
