PRIVACY

FanRuan Product Privacy Policy

Last modified June 9, 2020

With an increase in privacy/data protection regulations, especially the EU General Data Protection Regulation (GDPR), FanRuan Software Co., Ltd. and its global affiliates (hereinafter referred to as "FanRuan", "we", "us" or "our") have realized and understood the importance of privacy to you. Taking the issue seriously, FanRuan will on the one hand respect your privacy and on the other hand implement security- and privacy-based design procedures and observe data protection laws in the process of product development. This Privacy Policy (the "Policy") relates to how FanRuan manages data privacy in its product portfolio.

1.FanRuan's Product Deployment Options

FanRuan products can be installed by customers at locations they choose, through local installation, server deployment, integration into other systems and cloud providers chosen by customers (with deployment managed by customers) or use of cloud services through authentication. FanRua's product deployment options are listed below. To confirm how the product you purchased is deployed, please contact your organization's system administrator/IT department.

Product deployment mode Description
Use of the designer locally
  1. Download the designer
  2. Install the designer
  3. Start the designer
  4. Others:
    1) Uninstall the designer
    2) Upgrade the designer
Server deployment

Deploy FineReport to Web Application Server, types of deployment:

  1. Server deployment package
  2. Independent deployment
  3. Embedded deployment
Integration
  1. Enterprise-level system integration: integrate the FineReport decision-making platform system with existing systems.
  2. Web page integration: embed other developed pages or templates directly into FineReport templates or embed FineReport templates into existing Web pages through page iframe integration.
Private cloud deployment The License Server returns the authorized functions, authorized access domain name, authorized access port, authorized access expiration date and other information to the Report Server for verification. If verified, the Report Server will enter normal access routines, or otherwise it will be considered unauthorized.
Public cloud deployment Compared with private cloud verification, if a customer is unwilling to provide physical information or set up a server locally in some cases, FanRuan will support public cloud registration.

2. FanRuan's Customer Management Deployment

Which data is sent to FanRuan through a customer's use of any customer management deployment?

2.1 Server registration

2.1.1 Procedure: generate registration information locally and e-mail such information to the business department of FanRuan for the generation of licenses on the basis of any signed contracts, and then send the licenses back to customers. The flow also applies to the procurement of additional functions.

2.1.2 Registration information: generally including MAC address, machine code, server project name, product version information

2.1.3 Four ways of registration supported by FineReport:

  1. Local machine information authentication (MAC address registration)
  2. Private cloud authentication
  3. Public cloud authentication
  4. Encryption lock authentication

2.2 Designer activation

2.2.1 Procedure : Get an activation code through FineReport official website, enter the activation code in the designer to activate it and each machine can be activated once. Network connection is not required for activation. The activation information will be saved in a related local file.

2.2.2 Registration information: To obtain the activation code, you need to provide market-related information such as company name, telephone number and e-mail address through our official website. For this information, please refer to Cookie and Privacy Policy on FanRuan's website

2.3 Platform login and authorization

2.3.1 Platform user login: This occurs after products are deployed. The administrator will configure username, password and other information and, once logged in, may choose not to verify the login until the session of a traced user times out or the user chooses to log out

2.3.2 Authorization: Authorization determines the operation permissions granted through authorization management (with such permissions to be determined by the administrator). Data for user authorization (i.e., usernames, passwords, department, etc.) is only saved locally. In these cases, authorization or authentication data will not be sent to FanRuan

2.4 Usage data

please refer to the table below

Collection and use of product usage data (Non-identifiable data) Time of data being sent to FanRuan
  • Product terminal (designer & mobile terminal) version information.
  • Product terminal (designer & mobile terminal) function usage statistics (including time consumed by template production, alphafine function records).
  • Error logs on crashed programs on product terminals (designer & mobile terminal).
  • Basic environmental information (production version, type of environmental container, JDK version, etc.) of the server connected to product terminals (designer & mobile terminal).
  • Product function usage statistics (function usage, template usage, etc.) in connection with the server connected to product terminals (designer & mobile terminal).

[If data return is enabled, then:]

  • (a), (b) and (c) will be returned every three days.
  • will be returned when statistics is automatically triggered at 5:00 a.m. on the first day of each month, or manually triggered by customers.
  • will only be enabled by customers through the cloud operation and maintenance (O&M) function and will be manually uploaded or automatically uploaded on the first day of each month.

2.4.1 FanRuan uses collected data for analysis, so that we can have a better understanding of the technological environment of software installation and user behavior in products and then optimize, support and improve our products and services. Any collected data received is analyzed on a macro, statistical basis. Collected data is identifiable at the customer level (i.e., company name), but non-identifiable at the individual (user) level. As we do not collect/process personal data, privacy laws (e.g., GDPR) do not apply to such collection/processing. However, users can opt out of current data collection. Users may opt out if they wish by changing the settings in FineReport settings. Additionally, the Admin user represents the organization as a whole, who may opt out of the organization by changing FineReport settings.

2.4.2 To enable data return and analysis, our products may collect data on usernames (which might include personal data) as other providers do in China, which data will be encrypted during processing.

For data in server and designer: data tracker is stored locally with customers. Such data will be sent to overseas websites by default (including the non-simplified Chinese version). Return of data (non-identifiable data) is disabled for the time being and there is a "Product Improvement Program" checkbox which is unchecked by default. Even if the checkbox is checked, data return is still disabled currently. If users agree, we might consider enabling data return in the future.

For data in mobile terminal: data return can be disabled in "About" on the App. It is enabled by default. Mobile terminals of both a personal designer and a server will release the pre-notification function for data return in the new version.

2.4.3 Please refer to FanRuan User License Agreement in PDF format to obtain more details on which information will be collected and why (website, clauses).

3.FanRuan's Log Files and Support Data

3.1 What is a log file?

Customer management deployment collects business data in a log file (the "log file"), which is composed of non-personal statistics, system statistics and usage data generated by FanRuan products and can be used for auditing, monitoring and troubleshooting. Logs include application usage data and logs for collection: stored locally, these log files might include user IDs (possibly including personal data, please refer to section 2.4). System logs: fanruan.log, stored locally, which records system operation and environmental information. If the highest-level logging is enabled, log files might contain pieces of data processed by our products, possibly including personal/sensitive content. These logs can be used for auditing, monitoring and troubleshooting in the development and debugging.

3.2 Are log files sent to FanRuan

Generally, no. Log files are saved locally in the customer environment. However, customers may send log files and other data to FanRuan, so as to help address faults/technical problems. Any content sent to FanRuan Support is processed only to solve technical problems, securely stored and subject to our access and data retention policies. It is recommended that log files and any other data content sent to FanRuan be processed to address faults/support problems in accordance with general IT best practices concerning security and access permissions.

Customer management deployment may be configured through Platform Management to adjust the data captured in log files. For more details on log files listed by product type, please refer to the link at the end of this Policy.

The development of new versions is still underway, with possible adjustments to functions or release time. For new functions already released, see Release History. The stable version will be uploaded by default on the overseas official website, and existing customers have to upgrade to experience released new functions. A preview of new functions might be released on the official website and risk disclosure will be made on the corresponding page of the preview

4.Cloud Services

4.1 When customers use FineReport Standard, which personal data is collected ?

The only personal data received by FineReport Standard is authentication information (e.g., FineReport Standard accounts). FineReport Standard also processes and uses the usage/statistical data in connection with cloud products, so as to (1) help solve problems and (2) make analysis on a generally anonymous basis to ensure service quality and product improvement.

4.2 Where is the data center hosting FineReport Standard ?

Aliyun, Santa Clara, California, USA.

4.3 Can I choose to save my FineReport Standard cloud service data in my region (e.g., can EU users ensure that their data will not be taken out of the EU) ?

We will not change the location of the cloud server for the time being

If you attach personal data and files to the application (it is not mandatory to provide FanRuan with true personal data and we recommend you anonymize the data before sending it to FanRuan) or if a FanRuan employee has to solve a problem by accessing your account (which is unlikely), then the employee can access to your real data and files.

4.4 Content data accessed and used by FanRuan:

FanRuan employees have no access to the user content on FineReport Standard, unless (1) users share it with FanRuan staff (e.g., in the context of consulting services), or (2) FanRuan is prompted by customers to access a single piece of content for troubleshooting, in which case only a limited number of specific FanRuan staff can access a single piece of content for troubleshooting, and only under strict control.

4.5 Building and Security:

4.5.1 Where are FineReport cloud services hosted ?

FineReport Standard is hosted by Aliyun.

4.5.2 Retention of content data

Users may delete the application at any time, with relevant content controlled by users. Once deleted by users, all information hosted by FineReport in the application will be deleted immediately and back-up data will be deleted after a period of time, which conforms to our internal data retention rules. Sleeping applications (i.e., applications that have been inactive for more than 12 months in an account) may be deleted by FineReport.

4.6 Who can access content data ?

For FineReport Standard subscription, all users can control who can access applications shared by individual while group owners can control who can access applications created and shared as a part of their workgroups.

With respect to FineReport Standard, other users will not see the application before the application creator releases the application to users. Users control who is invited to view the application within their authorizations.

5.FanRuan as Customers' Data Processor

The information below describes when FanRuan serves as a data processor and/or data controller (as defined by GDPR or similar legislations).

5.1 SaaS products (cloud services):

FineReport is a data controller for personal data. FanRuan collects and processes to manage, maintain and improve our products, for example, authentication data such as usernames and passwords, and usage data such as login frequency, daily usage and traffic/usage in each country. It helps FanRuan better allocate resources and serve FanRuan customers and/or improve FanRuan services. When receiving user subscription, FanRuan, like all other businesses, maintains a database of customer and partner contacts for billing, marketing and other general business purposes. FanRuan processes this data in accordance with privacy laws and maintains appropriate security protection for such data. Storage/input of the personal data content that can be used to identify a particular individual is not the primary function of FineReport, which complies with the principle of data minimization and anonymization under the GDPR. FanRuan does not recommend that users insert their personal data into our applications

FanRuan is usually not a data processor for customer management deployment. This is because any content customers choose to store or create locally remains in customers' systems. FanRuan cannot access such content; therefore, customers, not FanRuan, are the data controller and data processor of such content under data protection laws. There might be exceptions if a customer chooses to share the content in customer management deployment coincidentally containing personal data when FanRuan offers support or consultation services to the customer. The sharing shall be at the customer's own discretion and personal data content shall be anonymized or minimized by the customer as per the best practices for data anonymization/minimization in privacy laws. Hence, customers usually need not to sign a data processing agreement with FanRuan. For further questions about data processing agreements, please contact international@fanruan.com

6.FanRuan's Privacy Compliance

6.1 Privacy in product design

FanRuan implements privacy design agreement and considers privacy as a local component of its R&D/product development process. For example, hierarchical authorization management: different departments share a system and each department has its own administrator who authorize the employees in that department, that is, level-to-level distribution by hierarchical administrators. Hierarchical administrators can only authorize within the scope of their respective duties. Unless the application creator or a person with administrator account affirmatively grants the access to the application to another user, only the application creator can access the application by default.

6.2 General privacy compliance information

FanRuan uses the above-mentioned data to provide, maintain and improve our products, solve technical support problems and observe legal requirements. For further information on security, access, sharing of any personal data and children's privacy, please refer to Cookie and Privacy Policy on FanRuan's website.

7.How Do Your Products Help Me Comply with the GDPR ?

FanRuan has realized that compliance with privacy/data protection laws, especially the GDPR, is the primary consideration of customers and partners. For this purpose, some useful features in FanRuan's products can help you comply with the requirements of the GDPR. Further information is available at FanRuan User License Agreement

8.Resources and updates

For further information, please contact FanRuan representatives you often contact or international@fanruan.com

For privacy information concerning FanRuan's website and general business, please visit https://www.finereport.com/en/privacy

List of links used herein:

Further information on log files:

Product-related
License verification Files containing machine information – MAC addresses and machine codes – should be returned. Whether the server is registered should be confirmed first.
Extranet requests/server connections Server: extranet and FanRuan server requests can be managed through a unified switch in Platform settings, and in Korean version it is off by default. FanRuan server is deployed in China.
Designer: extranet requests can hardly be controlled when the designer is started and the designer reads system caches when it is started; if there is no cache, then FanRuan server requests will be on.
Data transmission Please refer to session 2.4
Use of third-party services JDK: openjdk1.8 is used in FineReport.
Font: no fonts embedded; system fonts called.
Maps: open APIs of Mapbox, Baidu, etc (borders of China in those maps have been adjusted to those recognized by China).
Service-related
Technical support and assistance JDK: an installation package using openjdk1.7 will be sent if customers need.
Logs: it is generally required to send %FR_HOME%\logs\fanruan.log (system logs) to assist troubleshooting.

Legal materials:

FanRuan User License Agreement

Reference:

Cookie and Privacy Policy

The information contained herein is accurate as of (date). FanRuan reserves the right to change its product privacy practices from time to time and encourages you to view this Policy for any updates. This Policy is for reference only and does not constitute a part of customer contract terms

Privacy     Copyright©2020 FanRuan Software Co., Ltd.

top