**TtripAI Global Travel Customization Personal Information Protection Policy**

Welcome to the TripAI platform! Somytrip (hereinafter also referred to as “our company”) will handle your personal information in accordance with legal requirements and through this **TripAI Global Travel Customization Personal Information Protection Policy** (hereinafter referred to as “this Policy”) to explain to you how we process your personal information when you use our platform's products or services, as well as the methods we provide for you to access, update, delete, and protect this information.

Before you use our platform's products or services, please be sure to carefully read and fully understand this Policy, especially the terms in italics and boldface, which you should focus on. You should only begin to use our platform's products or services after confirming that you fully understand and agree to them. If you or your guardian (if you are a minor) do not agree with any part of this Policy, you may use the search and browse functions of our platform, but you will not be able to use our platform's products or services. Should you have any questions, opinions, or suggestions regarding the content of this Policy, you may contact us through the contact information provided in this Policy.

This Policy applies to all products and services provided by our platform. If our company and its affiliates' products or services use products or services provided by our platform but do not have a separate personal information protection policy, then this Policy will also apply to that part of the products or services. If our company and its affiliates' products or services have established independent personal information protection policies, then the independent policies will take precedence. Any content not mentioned in the independent personal information protection policies but agreed upon in this Policy will apply. This Policy does not apply to information or services (including any third-party applications, websites, etc.) contained in or linked to by our platform's products or services, which are operated by third parties and must follow the third parties' personal information protection policies or similar regulations.

**Part I Definitions of Terms Used in This Policy**

1. **TripAI platform**: The web page and client (including App, WeChat mini-program, or H5 page) with the domain name primarily as [ www.tripai.net](http:// www.tripai.net). The client is applicable to terminal devices including but not limited to PC, tablet, mobile phone, television, etc.

2. **Somytrip/Our Company**: The developer and operator of the TripAI platform, namely Shenzhen Somytrip Intelligent Technology Co., Ltd.

3. **Affiliate**: Refers to all companies under Shenzhen Somytrip Intelligent Technology Co., Ltd., as well as its subsidiaries and affiliated companies.

4. **User/You**: A natural person who accesses or uses the products or services provided by the TripAI platform, including registered and unregistered users.

5. **Personal Information**: Information recorded in electronic or other forms related to an identified or identifiable natural person, excluding information that has been anonymized.

6. **Sensitive Personal Information**: Sensitive personal information is information that, once leaked or used illegally, is likely to lead to the infringement of a natural person's dignity or endanger their personal or property safety. This includes biometric data, religious beliefs, specific identities, medical health, financial accounts, location tracks, and personal information of minors under the age of fourteen.

7. **Personal Information Deletion**: The act of removing personal information from the systems involved in the daily business functions so that it remains unretrievable and inaccessible.

8. **Child**: A minor under the age of fourteen.

9. **Minor**: A natural person under the age of eighteen. A minor over the age of sixteen who primarily relies on their own labor income for living is considered to have full civil capacity.

**Part II Personal Information Protection Policy**

**Table of Contents**

I. How We Collect and Use Your Personal Information

II. How We Use Cookies and Similar Technologies

III. How We Share, Transfer, Entrust Processing, and Publicly Disclose Your Personal Information

IV. How We Store and Cross-Border Transfer Your Personal Information

V. How We Protect the Security of Your Personal Information

VI. How We Protect the Personal Information of Minors

VII. How You Can Exercise Your Personal Information Rights

VIII. Revision and Notification of This Policy

IX. How to Contact Us

Attachment: **TripAI Account Cancellation Agreement**

**I. How We Collect and Use Your Personal Information**

When you use our products or services, the scenarios in which you need or may choose to authorize us to collect and use personal information include:

1. To provide you with the basic functions of our products or services, you need to authorize us to collect and use necessary information. If you refuse to provide the aforementioned necessary information, you will not be able to normally use our products or services.

2. To provide you with the additional functions of our products or services, you may choose to authorize us to collect and use information. If you refuse to provide the aforementioned information, you will not be able to normally use the related additional functions or achieve the functional effects we intend, but it will not affect your normal use of the basic functions of our products or services.

Since the types of products and services we provide to you are diverse, we will collect and use your personal information in accordance with the principles of “reasonableness, legitimacy, and necessity” based on the specific products or services you choose to use. In addition, for the purpose of providing you with better products and services, we may from time to time introduce new or optimized functions, which may increase or change the purposes, scope, and methods of collecting and using personal information. In this regard, we will notify you separately through updating this Policy, pop-up windows, or in-site messages about the purposes, scope, and methods of collecting and using the corresponding information, and provide you with the option to agree or not. Only after obtaining your express consent will we collect and use the corresponding information. During this process, if you have any questions, opinions, or suggestions, you may contact us through the contact information provided in this Policy.

**(i) Providing You with Search and Browse Functions**

Under normal circumstances, you can search for and browse various products on the TripAI platform in the unregistered state or privacy browsing mode after agreeing to the Personal Information Protection Policy. However, for the purpose of protecting commercial information, some detailed information on the TripAI platform may require you to register an account and log in to browse.

After you agree to this Policy, in order to ensure the realization of the search and browse functions, we will collect the search keywords you enter on the webpage or APP, the pages or links you click on, so that our platform's server can return the corresponding pages or results to you. In addition, we will also collect your log information.

Log information alone or only search keyword information cannot identify your identity and does not belong to your personal information. When your log information or search keyword information is combined with other information and can identify your identity, we will treat your log information or search keyword information as your personal information and process and protect it in accordance with this Policy.

**(ii) Helping You Register and Manage Your TripAI Account**

1. **Account Registration**

If you wish to use the products or services of the TripAI platform, you must first register a TripAI Account to become a member of the TripAI platform. During registration, you must at least provide a mobile phone number (for receiving SMS verification codes) and set a password to create a TripAI Account. If you refuse to provide a mobile phone number, you will not be able to create an account on the TripAI platform and use the products or services of the TripAI platform, but this will not affect your normal use of the search and browse functions of the TripAI platform.

Any actions you take on the TripAI platform after logging in with your TripAI Account represent you personally. The electronic information records of your TripAI Account operations are valid evidence of your actions and you will be held fully responsible for any consequences arising therefrom.

2. **Account Login**

If you choose to log in to the TripAI platform through a third-party account (including WeChat, QQ, Apple, Alipay, Weibo, Baidu, etc.), after you agree to this Policy, we will obtain the third-party account information (avatar, nickname, and any other personal information you authorize on the page) that you authorize to share from the third party, and bind your third-party account with your TripAI Account, so that you can log in and use our services directly through the third-party account. We will use your personal information in accordance with the agreement with the third party and in compliance with relevant regulations.

In the case where you log in to the TripAI platform for the first time using a third-party account (including the first login after unbinding a third-party account), in order to comply with legal requirements and protect your account security, we will still require you to provide a mobile phone number to verify your true identity. At the same time, we will bind the third-party account with your TripAI Account based on the mobile phone number you provide. You can bind or unbind the associated third-party account at any time through “Settings”->“Account Security”->“Account Association”. Your unbinding will not affect your use of the basic functions of the TripAI platform.

3. **Profile Maintenance and Account Management**

(1) To maintain your personal information and enhance your service experience, you may choose to provide an avatar, community nickname, real name, gender, date of birth, regional information, etc. Among them, to ensure transaction recognizability, your avatar and community nickname will be publicly displayed.

(2) To facilitate the filling of relevant information when using the products or services of the TripAI platform, you may choose to add frequently used information, including travelers, contacts, address information, reimbursement voucher information, etc.

If you choose not to provide this information, it will not affect your normal use of the basic functions of the TripAI platform. Additionally, when you enter text, we may read your clipboard to enable functions such as pasting. For example, if you directly paste the clipboard content into the APP search bar.

**(iii) Providing You with Collection, Follow, and Sharing Functions**

During the process of using our platform's products or services, you may choose to collect, follow, or share information. We will at least need to collect log information generated during these processes to realize the aforementioned functions and other purposes that we have explicitly informed you about.

**(iv) Providing You with Order Placement and Order Management Functions**

When you are ready to order products or services on our platform, our system will automatically generate an order for the product or service you are ordering. During the order placement and order management process, we may collect the following information:

(1) Information required for different products or services you select;

(2) The name and mobile phone number of your contact person;

(3) Order information generated during your use of our platform's products or services.

We collect this information to help you confirm transactions, complete payment settlements, receive notifications, assist you in querying and managing order information, and provide customer service and after-sales support. We will also use your order information to determine whether your transactions are abnormal in order to protect your transaction security.

Due to the special nature of the products or services provided by Somytrip, for the following products or services you choose, you will need to provide additional necessary information to complete the reservation. This information must be filled in by you personally or authorized by you for us to assist in completing the information entry. We also remind you to pay attention during the specific reservation process:

(1) When you book domestic or international flights, depending on the type of service, you may need to provide different types of information. When booking domestic flights, you must at least provide the passenger's name, type of identification, identification number, and mobile phone number. When booking international flights, you must at least provide the passenger's name (including pinyin), gender, nationality, date of birth, type of identification, identification number, validity period of the identification, and the contact person's mobile phone number. Depending on the product, you may also need to provide the contact person's email address. Some flights require you to complete airline membership verification/registration to make a reservation. On the verification/registration page, you must at least provide your email address, nationality, TripAI membership account, and TripAI membership level information. You may also choose to provide the passenger's mobile phone number to receive flight information or provide an airline membership card number to enjoy mileage accumulation services.

(2) When booking domestic train tickets, different types of information will be required depending on the booking method. When choosing “Somytrip Booking,” you must at least provide the passenger's name, type of identification, identification number, mobile phone number, and passenger type. When choosing “12306 Booking,” you will also need to provide your 12306 account information.

When booking international train tickets, you must at least provide the passenger's name, date of birth, passport number, and contact person's mobile phone number. Depending on the product or type of identification, you may also need to provide your email address, gender, nationality, and validity period of the identification.

(3) When booking hotels, guesthouses, and inns, you must at least provide the name and mobile phone number of the check-in person. Depending on the product, you may also need to provide the identification number and email address. You may also choose to provide your date of birth and gender to use individual hotel membership services.

(4) When booking scenic spot tickets or activity services, you must at least provide the name of the traveler and the contact mobile phone number. Depending on the product, you may also need to provide the contact person's email address, the traveler's mobile phone number, type of identification, identification number, validity period of the identification, place of issue, country/region, nationality, gender, date of birth, place of birth (province), weight and height (for horse riding projects), shoe size, and degree of myopia (for safety considerations).

(5) When booking car rental services (including domestic and international car rental services), depending on the type of service, you may need to provide different types of information. When booking domestic car rental services, you must at least provide the driver's name, mobile phone number, type of identification, and identification number. When booking international car rental services, you must at least provide the driver's name, date of birth, nationality, mobile phone number, and email address. You may also choose to provide the flight number of the traveler to enjoy the service of vehicle retention for a certain period in case of flight delay (subject to the specific rules on the product or service page).

(6) When booking chauffeur services (including domestic and international airport transfers, domestic station transfers, domestic taxi services, and domestic and international car rentals), depending on the type of service, you may need to provide different types of information. When booking domestic taxi services, you must at least provide the mobile phone number of the passenger. When booking international taxi services, you will also need to provide the passenger's name in pinyin. When booking domestic airport transfers, station transfers, and car rental services, you must at least provide the passenger's name and mobile phone number. When booking international car rental and airport transfer services, you will also need to provide the passenger's English name. You may also choose to provide the passenger's common addresses (home, company, etc.), the passenger's WeChat ID, the phone number of the accompanying person, the phone number of the reserved hotel, and third-party instant messaging account information to facilitate communication with the driver or to provide more convenient services.

(7) When booking bus tickets or tourism routes, you must at least provide the passenger's name, type of identification, identification number, mobile phone number, and passenger type. If the type of identification provided is a passport, you will also need to provide the date of birth.

(8) When booking ferry, yacht, or cruise ship services, you must at least provide the name and identification number of the passenger, and the contact person's mobile phone number. Depending on the product you choose, you may also need to provide information such as the flight information for the ferry connection, the vehicle license plate number brought on board, and the email address.

(9) When booking airport parking, you must at least provide the name of the traveler, vehicle license plate number, parking time, pick-up time, return flight number, and contact person's mobile phone number.

(10) When booking visa services, you must at least provide your name, age group (to distinguish between adult and child visa application fees), customer type (to distinguish the materials required for visa application), delivery address, and the contact person's name, mobile phone number, and email address. We will inform you of the necessary materials for visa application through the email address you provide (subject to the requirements of the selected embassy or consulate), and these materials will only be used for the purpose of applying for a visa from the embassy or consulate.

(11) When using foreign currency exchange services, you need to provide the time of withdrawal, the withdrawal outlet, the order amount, the purchased product, the currency, the withdrawal city, the name of the person withdrawing the cash, mobile phone number, ID number, and the purpose of the purchase.

(12) When using online shopping services, you need to provide your mobile phone number, email address, name, and identification information. Additionally, depending on the type of service, you may also need to provide flight number and date (for in-flight pickup), hotel name and check-in date (for hotel pickup), cruise ship number and port of embarkation (for cruise pickup).

(13) When using in-store purchase services, you need to provide your bank card number and mobile phone number.

(14) When booking mobile WLAN or telephone card services, you need to provide the collection date/card collection date, return date (only for mobile WLAN), number of bookings/number of cards booked, traveler's name, and contact mobile phone. If you choose to pick up the service yourself, you will also need to provide the pick-up point information.

(15) When booking international data roaming services, you need to provide the destination, mobile phone number, and duration information.

(16) When booking local guide services, you must at least provide the name and mobile phone number of the traveler. You may also choose to provide email, common addresses (home, company, etc.), traveler's WeChat ID, phone number of accompanying person, phone number of reserved hotel, third-party instant messaging account information to facilitate communication with the guide or to provide more convenient services.

(17) When booking dining services, you must at least provide the name and mobile phone number of the contact person.

(18) When booking travel services, travel services (free travel, weekend travel, cruise travel, surrounding travel, customized travel, high-end travel, theme travel, air/train + hotel, hotel + scenic spot) as a combination product, the information you need to provide depends on the combination of information collected by the specific sub-services (air, train, car rental, chauffeur, hotel, guesthouse, inn, bus, tourism route, ferry, yacht, cruise ship, visa, guide, ticket, activity, insurance), and the categories of information collected by the specific services will not exceed the total sum of the categories of information collected by the involved sub-services.

(19) When booking insurance, you must at least provide the insured person's name, type of identification, identification number. Depending on the type of insurance you choose, you may also need to provide the insured person's nationality, date of birth, gender, whether the insured person has social security, the policyholder's nationality, the policyholder's Chinese and English names, the policyholder's mobile phone number, the policyholder's email address, the policyholder's type of identification, the policyholder's identification number, the policyholder's date of birth, the relationship between the policyholder and the insured person, the contact mobile phone number of the claimant, the contact email address of the claimant, the bank account name of the claimant, the bank account number of the claimant, the bank where the claimant's account is opened, the flight number of the insured person, the address of the house, the vehicle license plate number.

To meet the requirements of the China Banking and Insurance Regulatory Commission's [2020] No. 26 "Notice on the Management of Traceability of Internet Insurance Sales Behavior," when you purchase insurance products, the insurance agency company of the TripAI platform will collect personal information, including the policyholder and the insured person's information and page operations, on the insurance product page to form a restorable and verifiable image or video.

(20) When using financial products or services, you must at least provide your name and ID number to us. Depending on the product, you may also need to provide a color photo or photocopy of your ID card, bank card or third-party payment account information, the mobile phone number reserved with the bank, facial information (used for identity verification to ensure the security of your account). According to the regulatory requirements of financial-related services in China, if you do not provide the required information for real-name authentication to verify the authenticity of your identity, you will not be able to use financial products or services.

(21) When the travelers in your party include minors, we need you as the guardian or with the consent of the guardian to provide the name, type of identification, and identification number of the traveling minor.

Other scenarios where you need to provide additional necessary information to complete the reservation of products or services will be subject to the display, prompts, or authorization content in the reservation process. Please pay attention and read carefully.

**(v) Assisting You with Payment and Repayment**

When you need to complete payment settlement for products or services purchased through the TripAI platform, or when you use Somytrip financial services for payment or repayment, depending on the service, we need to collect bank card numbers, expiration dates, bank reserved mobile phone numbers, cardholder names, cardholder identification documents, and card verification codes to ensure that your orders can be successfully completed. When you use an overseas bank card, based on the requirements of the different payment institutions you choose, we will collect your billing address information.

To enable you to use payment services more safely and conveniently, if your device supports fingerprint functionality, you may choose to enable fingerprint payment. You need to record your fingerprint information on your device, and when you make a fingerprint payment, you need to complete the fingerprint verification on your device. We only receive the verification result and do not collect your fingerprint information. If you do not wish to use fingerprint verification, you can still pay through other means.

**(vi) Assisting in the Delivery of Products or Services to You**

To deliver products or services to you, we need to collect and use your order information at least to ensure that the products or services you have ordered can be safely and successfully delivered.

If the products or services you order or win in a marketing promotion activity require electronic redemption or mailing (invoices, products), you must at least provide the name and mobile phone number of the user or recipient of the product or service. Depending on the product, you may also need to provide delivery address, electronic mail address, so that your invoices, products or services can be redeemed or delivered.

If you need to issue a paper or electronic invoice for the products or services you order, we must at least collect the invoicing information such as the invoice title, email address, and the aforementioned delivery information.

**(vii) Providing You with Review, Community Notes, and Other Information Publishing Functions**

When you actively review products or services on the TripAI platform or publish other content (including community notes, comments), you can actively choose the information you upload (such as reviews, photos, videos, dates, locations or geographical location information). Your community nickname, avatar, and published content will be publicly displayed.

The information you upload, publish, or share may lead to the public disclosure of your or others' personal information and even sensitive personal information. Please carefully consider whether to upload, publish, and share relevant information when using our services.

**(viii) Providing You with Live Streaming Services**

When you watch live streaming on the TripAI platform, we need to access your mobile phone's call status to ensure that the sound of the live broadcast is muted when you have an incoming call.

To comply with the requirements of the **Regulations on the Administration of Internet News Information Services** and the **Regulations on the Administration of Internet Live Streaming Services**, when you comment or gift in the live broadcast, we will require you to undergo real-name authentication. We will collect information such as your comments and gift records in the live broadcast. If you register as a live broadcast host and use the Somytrip Host APP, you must also comply with the **Somytrip Host Privacy Policy**.

**(ix) Providing You with Customer Service and Resolving Disputes**

To ensure the security of your account, our telephone customer service and online customer service will use your membership information and order information to verify your identity. When you actively request us to provide customer service related to your orders, we may query your relevant order information to provide you with appropriate assistance and processing. If you actively request customer service to help you modify relevant information (such as delivery address, contact person, or contact number), you may also need to provide other information in addition to the aforementioned information to complete the modification.

When you contact us, we may keep the communication or call records and content, or the contact information and related information you leave, in order to contact you or help you solve problems, or to record the solutions and results of the relevant issues. In addition, when you use chauffeur services, your calls with the driver may be recorded, and we may keep the call records and content between you and the driver to handle potential future disputes and ensure service safety. The aforementioned recordings will be automatically deleted after being retained for the shortest necessary period required by law, unless they need to be retained due to compliance requirements or legitimate interests.

**(x) Providing You with Security Assurance Functions**

1. **Transaction Security Assurance**

To more accurately identify and prevent attacks and protect your account security (including forming risk control tags/portraits/models, determining whether it belongs to IP/device blacklist, whether it is a real device/simulator, whether risk software/App is installed, etc.), after you agree to this privacy policy, we will automatically collect device information or software information during your use of the product. This information includes your IP address and the model/version/name/storage space and device identification code (IMEI/IMSI/OAID/Android ID/OPENUDID/GUID/hardware serial number) of the mobile device used, SIM card information, device application installation/uninstallation list, process information, device MAC address, network type/network status, device connection to wireless network information (SSID/BSSID/status/list), sensor information, MEID (only for CDMA mobile phones), and configuration information used to access our services through web browsers and mobile devices.

The collection scenarios we collect may include when the TripAI Travel APP is switched to the background. The collection frequency of the above information will be based on the minimum frequency required for security and risk control. When you open the APP each time, we will control the upload frequency of the unique device identification code IMEI, IMSI, MAC, Android ID to no more than twice. We will protect these device and software information through security measures such as access permission minimization, access log recording, and separate storage and authorization from order information.

2. **Financial Risk Control**

When you use Somytrip's financial products (such as consumer installment products, credit products), for the purpose of financial risk control, such as identity verification, assessment of credit qualifications, credit and repayment capacity, you may need to provide us with and allow us to collect more information (such as photos of valid identification documents, facial images or videos, contact information, address information, educational background, employment and workplace information, contact person information, loan purpose, email address, relevant income, property, and credit information). Before you use such services, we will separately inform you of the corresponding personal information collection and usage rules through page prompts, interactive processes, and online display of agreements, and obtain your consent.

To ensure transaction security and control credit risk, we and our affiliates, business partners who provide you with services may conduct data analysis on user information and make business decisions based on the analysis results.

3. **Venue Security Assurance**

To ensure the security of offline venues, we have installed image capture devices in Somytrip stores to collect your personal images. We have set up relevant提示signs and comply with national regulations, and use them only for the purpose of ensuring venue security.

**(xi) Calling Permissions to Provide You with Complete Services**

To provide you with complete product services and enhance user experience, you can use our additional functions based on the relevant permissions of your mobile device operating system that you authorize on your own. If you do not enable these permissions or do not provide the personal information collected by these permissions, you can still complete the booking and related services of various services on the TripAI platform. However, these permissions may vary due to different mobile device operating systems.

By enabling any permission, you authorize us to collect and use the relevant personal information to provide you with the corresponding service. Once you disable any permission, it means that you have canceled the authorization, and we will no longer continue to collect and use the relevant personal information based on the corresponding permission, nor can we provide you with the service corresponding to that permission. However, your decision to disable the permission will not affect the information collection and use that has been carried out based on your previous authorization.

You can visit the Somytrip terminal device permission list to query the relevant permissions that the TripAI platform may apply for and use.

**Android System Application Permission List:**

- Network Access Permission: Used for data interaction with remote servers;

- Precise Location Permission: Used to obtain nearby information to prepare travel plans;

- Fuzzy Location Permission: Used to obtain nearby information to prepare travel plans;

- Device and Operator Information Permission: Used to obtain nearby information to prepare travel plans;

- Network Status Permission: Used to obtain nearby information to prepare travel plans;

- Wi-Fi Network Information Permission: Used to obtain nearby information to prepare travel plans;

- Wi-Fi Status Change Permission: Used to obtain nearby information to prepare travel plans;

- Additional Location Instructions Permission: Used to obtain nearby information to prepare travel plans;

- Write External Storage Permission: Used to write cache location data;

- Read External Storage Permission: Used for troubleshooting;

- Camera Permission: Used to take photos to upload avatars and dynamic pictures;

- Recording Permission: Used to record audio for audio translation;

- Make Phone Calls Permission: Used to call customer service;

- Application Installation List Permission: Used to check if the user has installed the WeChat app.

**iOS System Application Permission List**

- Network Access Permission: Used for data interaction with remote servers;

- Location Permission: Used to obtain nearby information to prepare travel plans;

- Camera Permission: Used to take photos to upload avatars and dynamic pictures;

- Photo Album Permission: Used to upload avatars and dynamic pictures;

- Recording Permission: Used to record audio for audio translation;

- Make Phone Calls Permission: Used to call customer service;

**(xii) Improving Somytrip's Products or Services**

1. We may conduct de-identified research, statistical analysis, and predictions on the collected information to improve the content and layout of the TripAI platform, provide product or service support for business decisions, and enhance our products and services.

2. We may use your order data for data analysis to help us understand your location, preferences, and demographic information, or match it with data from other sources (including third parties) to develop and improve our products and services.

3. We may invite you to participate in market or service surveys through the contact information you provide, and based on the information you provide when participating in market surveys, analyze and measure your interest in our products, services, and website, follow up on your service experience and feelings, and thus develop and improve our products and services. If you choose not to participate in market surveys and provide relevant information (subject to the specific market survey display page), it will not affect your normal use of the basic functions of the TripAI platform.

**(xiii) Special Notes on the Collection and Use of Your Personal Information**

1. If the information you provide contains personal information of other users, for example, when you order products or services for others through the TripAI platform, you need to submit the personal information of the actual orderer, or when you actively upload, publish, or share information through the TripAI platform that involves personal information of other users, in the aforementioned scenarios, before providing such personal information to the TripAI platform, you must ensure that you have obtained the consent of the person concerned, and ensure that they are aware of and accept this Policy. If it involves children's personal information, you need to obtain the consent of the corresponding child's guardian in advance. Unless in accordance with the exceptions for obtaining authorization consent (see "I. How We Collect and Use Your Personal Information" in this Policy), otherwise we will follow the requirements of laws, regulations, and national standards, and obtain your separate consent for certain scenarios of sensitive personal information processing. The specific separate consent method will be subject to the display on the specific function page.

2. If we use the information for purposes not specified in this Policy, or use the information collected for a specific purpose for other purposes, we will obtain your authorization consent again.

3. We may obtain relevant information about you from third parties such as our affiliates and business partners who provide you with services. For example, when you book through the websites and mobile applications of our affiliates or business partners, the booking information you provide to them may be handed over to us so that we can process your orders and ensure that you can book smoothly. We will confirm the legality and compliance of the source of the personal information collected by the third party in accordance with the agreement with the third party, understand the scope of authorization obtained by the third party for your personal information, and if the purpose of our collection and use of your information exceeds the scope of authorization obtained by the third party, we will obtain your consent again before processing your personal information, either by ourselves or by requiring the third party to do so.

4. Exceptions for Obtaining Authorization Consent

According to legal requirements, in the following circumstances, we do not need to obtain your authorization consent to collect and use your personal information:

- It is necessary to perform the statutory duties or obligations of Somytrip;

- It is related to national security or national defense security;

- It is related to public safety, public health, or major public interests;

- It is related to criminal investigation, prosecution, trial, and judgment execution;

- It is necessary to conclude or perform a contract in which you are a party;

- In an emergency situation, to maintain the life, health, and property safety of you or other individuals;

- The personal information collected is personal information that the personal information subject has voluntarily disclosed to the public or other personal information that has been legally disclosed;

- It is collected from legally disclosed information, such as legal news reports, government information disclosure, etc.;

- It is used for news reporting, public opinion supervision, etc., for the purpose of maintaining public interests within a reasonable scope and processing personal information; used to maintain the safe and stable operation of the provided products or services, for example, to discover and deal with faults in products or services;

- Academic research institutions conduct statistical or academic research for the public interest, and when providing the results of academic research or description, the personal information contained in the results is de-identified;

- Other circumstances stipulated by laws, regulations, and national standards.

According to applicable laws, if we take technical measures and other necessary measures to process personal information so that the data recipient cannot re-identify a specific individual and cannot restore it, then the use of such processed data does not require separate notification to you and obtaining your consent.

**II. How We Use Cookies and Similar Technologies**

**(i) Cookies**

To provide you with a more convenient and effortless browsing experience, when you visit the TripAI platform or use our services, we may store small data files named Cookies on your device terminal or system to identify your identity. This helps you avoid the need to re-enter registration information repeatedly, optimize your interaction with advertisements, and assist in determining the security status of your account. You can clear all Cookies saved on your computer or mobile device, and you have the right to accept or reject Cookies. If your browser automatically accepts Cookies, you can modify the browser settings to reject Cookies according to your needs. Please note that if you choose to reject Cookies, you may not be able to fully enjoy the services we provide.

**(ii) Other Similar Technologies**

In addition to Cookies, to monitor the effectiveness of advertising placement, we also use pixel tag technology on our website. With the help of pixel tags, we can better understand whether the advertisements we have placed have been viewed by users.

**III. How We Share, Transfer, Entrust Processing, and Publicly Disclose Your Personal Information**

**(i) Sharing and Providing**

1. **Principles of Processing**

We may share your order information, account information, device information, and location information with partners and other third parties to ensure the successful completion of the services provided to you. However, we will only share your personal information for legitimate, proper, necessary, specific, honest, and clear purposes, and we will only share the personal information necessary to provide the services. We will assess the legality, propriety, and necessity of the third party's collection of your personal information, and at the same time, require the third party to handle your personal information within the scope of your authorization consent, and take necessary information management measures and technical means to prevent your personal information from being leaked, damaged, lost, tampered with, etc. The third party has no right to use the shared personal information for any other purpose. If they need to change the purpose or method of processing personal information, they will obtain your separate authorization consent again.

2. **Separate Consent**

Unless in accordance with the exceptions for obtaining authorization consent (see "I. How We Collect and Use Your Personal Information" in this Policy), otherwise we will follow the requirements of laws, regulations, and national standards, and take reasonable ways to separately obtain your separate consent for certain scenarios of personal information sharing and provision, except for the aforementioned circumstances. However, regardless of whether separate consent is required, we will inform you in a reasonable manner of the specific third-party supplier information involved in the product or service provided to you and the purposes, methods, and types of personal information they will process. For example, when you are preparing to order some products or services on the TripAI platform, we may inform you of the above information through the order filling page or order confirmation page before you place an order, and obtain your separate consent for Somytrip to provide your personal information to the supplier or service provider when necessary. The specific form of separate consent will be subject to the specific product or service order page.

3. **Types of Our Partners Include (Including Entities within and outside of China):**

(1) **Suppliers**: Including but not limited to hotels, airlines, cruises, car rentals, travel agencies, scenic spots and activity providers, and agents that meet your booking needs. We will share personal basic information, personal identification information, and contact person information with suppliers. These suppliers may contact you as needed to complete travel products or services.

(2) **Financial Institutions and Third-Party Payment Institutions**: When you place an order, apply for a refund, purchase insurance, etc., we will share specific order information with financial institutions or third-party payment institutions. When we believe it is necessary for fraud detection and prevention, we will further share other necessary information with relevant financial institutions, such as IP addresses. When you use our financial services, such as consumer installment products, credit products, wealth management, flash travel card services, etc., we will share your identity information, contact information, bank account information, and other information required by the cooperating financial institutions for risk control with the cooperating financial institutions according to the agreement or authorization you have when opening the specific product, so that these institutions can provide you with the services you need. Before you use such services, we will inform you separately of the corresponding personal information sharing rules through page prompts, interactive processes, agreement display, and other ways, and obtain your consent.

(3) **Business Partners**: We may provide products or services together with partners and share relevant personal information with partners for purposes such as courier services, communication services, customer services, market promotion, advertising placement, technical services, real-name authentication services, and consulting services. For example, to provide you with service information or commercial information push purposes, we will provide your mobile phone number and the content of the information to be pushed to the SMS service provider. Of course, you can set to close the commercial information push function through “VII. How You Can Exercise Your Personal Information Rights” (vi) Limit Automated Decision-Making. After the function is closed, we will no longer push commercial information targeted at your personal characteristics to you.

(4) **Affiliates**: We may share your relevant personal information with our affiliates so that they can provide you with travel-related or other products or services. They will take no less strict protection measures than this Policy.

(5) **Credit Reporting Agencies**: If you authorize the credit reporting agency to query and collect your information from us, we will share your information with the credit reporting agency within the scope allowed by laws, regulations, and regulatory policies and within the scope of your authorization to the credit reporting agency. We will confirm the legality of the source of the authorized personal information in accordance with the agreement with the credit reporting agency, and process your personal information in accordance with laws, regulations, and regulatory policies.

Based on the purpose of preventing and detecting fraud by business partners and affiliates, we may also cautiously provide your necessary personal information. The provision of this personal information will go through strict internal security assessment and approval and be limited by signing the corresponding agreement on the purpose of use.

4. The affiliates of Somytrip allow users of the TripAI platform to use their TripAI Accounts to log in to the platforms of the affiliates and use their services. Any actions taken by users of the TripAI platform on the platforms of the affiliates must comply with the relevant agreements, published rules, and instructions for the correct use of services. To achieve the aforementioned functions, you have the right to choose whether to agree to synchronize your registration information, transaction/payment data, etc. on the TripAI platform to the systems of the affiliates and allow them to use it on the platforms of the affiliates.

**(ii) Third-Party SDKs and Third-Party Monitoring**

To enable you to receive information push notifications, log in and share information on third-party platforms, use third-party payment, use map services, use facial recognition authentication functions, achieve one-click login with mobile phone numbers, and other services and functions, our applications will embed software development kits (hereinafter referred to as "SDKs") or similar other applications from authorized partners. We use these SDKs through the operating system's interface call method. The names, providers, purposes of collecting personal information, and categories of these third-party software development kits (SDKs) can be queried through the third-party software development kit (SDK) details page. For example:

1. Integration of AMap SDK, operated by Alibaba Group; official website link: [https://lbs.amap.com](https://lbs.amap.com); purpose of use: to obtain user location and display the location of scenic spots and hotels in travel plans on the map; types of personal information collected: device information (such as IMEI/IMSI, SIM card serial number/MAC address, android_id), network information, and geographical location information.

2. Integration of China Telecom | Tianyi SDK, operated by China Telecom Group Co., Ltd.; official website link: [http://www.chinatelecom.com.cn](http://www.chinatelecom.com.cn); purpose of use: to obtain the user's mobile phone number to achieve one-click login.

3. Integration of Getui SDK, operated by Daily Interactive Co., Ltd.; official website link: [https://www.getui.com](https://www.getui.com); purpose of use: to achieve message push notifications.

4. Our product integrates the Umeng+ SDK, which needs to collect your device MAC address, unique device identification code (IMEI/android ID/IDFA/OPENUDID/GUID/IP address/SIM card IMSI information) to provide statistical analysis services, and to calibrate the accuracy of report data through geographical location, providing basic anti-fraud capabilities.

The above links to the developer documentation or personal information protection policy or privacy policy pages are made and published by the corresponding SDK developers or providers. The relevant SDK developers or providers may change or adjust the content of the links and the web pages linked therein within the scope allowed by law. Since some SDK developers or providers have not provided online documentation, we are unable to provide links to the development documentation or corresponding personal information protection policies or privacy policies for all third-party SDKs.

We conduct rigorous security technology testing and access control for the SDKs of our authorized partners. Our partners have no right to use the shared personal information for any other purpose. If they need to change the purpose of processing personal information, they should seek your authorization consent again.

For the purpose of advertising monitoring, on the advertising pages involving third-party monitoring, we may use embedded third-party code as required by the advertiser to provide advertising monitoring services. The names, purposes of use, and types of information involved in the third-party advertising monitoring platforms can be accessed through the third-party advertising monitoring platform details page.

**(iii) Information Transfer**

Except for the following situations, we will not transfer your personal information to any company, organization, or individual:

(1) With your prior explicit consent or authorization;

(2) As required by applicable laws, regulations, legal procedures, compulsory administrative or judicial requirements;

(3) In the event of a merger, division, acquisition, asset transfer, or similar transactions, if it involves the transfer of personal information, we will inform you of the name and contact information of the company or organization receiving the information before formally transferring the information, and require the new holder of your personal information to continue to be bound by this Policy and to continue to fulfill the personal information processing obligations originally undertaken by us. Otherwise, we will require that company or organization to obtain your separate authorization consent again.

**(iv) Entrusted Processing**

To improve the efficiency of information processing, reduce the cost of information processing, or increase the accuracy of information processing, we may entrust affiliated companies with professional technical capabilities or external service providers outside of Somytrip to process your personal information. We will enter into a entrusted processing agreement with the entrusted party and require the entrusted party to process personal information in accordance with the entrusted processing agreement, this Policy, and any other relevant confidentiality and security measures. When the entrusted relationship is ineffective, invalid, revoked, or terminated, we will require the entrusted party to return, delete your personal information (including but not limited to the original information or copies, abstracts obtained due to entrusted processing, etc.), and not to retain it. Without your authorization consent, we prohibit the entrusted party from entrusting others to process your personal information.

**(v) Public Disclosure**

We will only publicly disclose your personal information in the following circumstances:

(1) In accordance with your demand, and under the disclosure method you recognize and agree to, disclose the personal information you have designated;

(2) As required by laws and regulations, compulsory administrative law enforcement or judicial requirements, we may disclose your personal information in accordance with the type of personal information required and the method of disclosure. Within the scope permitted by law, when we receive the aforementioned request for disclosure of information, we will require the issuance of corresponding legal documents.

**IV. How We Store Your Personal Information**

**(i) Storage Location**

1. **Principles of Processing**

We will store user personal information collected within the territory of the People's Republic of China within the territory of China in accordance with legal requirements.

2. **Cross-Border Transfer**

If it is necessary to transfer your personal information to a location outside of China, we will strictly follow the provisions of the law.

Scenarios where your personal information needs to be transmitted overseas include:

(1) Obtaining your explicit authorization;

(2) When the marketing scenario involves overseas service providers;

(3) When you engage in cross-border transactions through the TripAI platform (such as booking overseas hotels, booking international flights, booking bus tickets, train tickets, ferry tickets, taxis, travel services involving overseas suppliers providing services);

(4) Explicit requirements of laws and regulations.

We will implement in accordance with the conditions stipulated by laws, administrative regulations, and the national cyberspace administration, and require overseas institutions to keep confidential the personal information they obtain and fulfill the corresponding personal information protection obligations.

**(ii) Storage Period**

We will only retain your information for the shortest period necessary for the purposes stated in this Policy or for the time limits required by laws and regulations. After the aforementioned storage period has expired, or when you exercise your right to delete personal information or cancel your account, we will delete or anonymize your personal information.

However, in the following circumstances, we may adjust the storage time of personal information to comply with legal requirements:

(1) To comply with relevant laws and regulations;

(2) To comply with the provisions of court judgments, rulings, or other legal procedures;

(3) To comply with the requirements of relevant government agencies or legally authorized organizations;

(4) To maintain social public interests, to protect the users of the TripAI platform, our company or our affiliates, other users, or the personal and property safety of our employees, or other legitimate interests that are reasonably necessary.

**(iii) Cessation of Operations**

If we cease operations of the TripAI platform products or services, we will promptly stop the continued collection of your personal information, notify you in the form of individual delivery or announcement, and delete or anonymize the personal information we hold.

**V. How We Protect the Security of Your Personal Information**

1. Somytrip has established a dedicated team responsible for supervising personal information processing activities and the protective measures taken. We strive to provide you with information protection by implementing appropriate management, technical, and physical security measures. We have established an information security assurance system in accordance with domestic and international information security standards and best practices to meet the needs of our business development, and have obtained the ISO27001 Information Security Management System Standard certification and the PCI-DSS Payment Card Industry Data Security Standard certification.

2. Starting from the lifecycle of data, we have established security protection measures in all aspects of data collection, storage, display, processing, use, and destruction. We have adopted different control measures based on the sensitivity level of the information, including but not limited to access control, SSL encrypted transmission, AES256bit or higher strength encryption algorithms for encrypted storage, and desensitization display of sensitive information.

3. We also strictly manage employees who may have access to your information, monitor their operations, establish an approval mechanism for important operations such as data access, internal and external transfer, desensitization, and decryption, and sign confidentiality agreements with the aforementioned employees. At the same time, we regularly provide information security training to employees, requiring them to develop good operational habits in their daily work and enhance their awareness of data protection.

4. You understand that there are no "perfect security measures" on the network, but we will provide corresponding security measures based on existing technology to protect your information and provide reasonable security assurance. We will do our best to prevent your information from being leaked, damaged, or lost.

5. Your account has security protection functions. Please properly keep the devices you use to log in to the TripAI platform, as well as your account name and password information. Do not provide the device to others for logging in to the TripAI platform or disclose your password to others. If you find that your personal information has been leaked, especially if your account name and password have been leaked, please contact our customer service immediately so that we can take corresponding measures.

6. The system and communication network you use to access our services may have problems due to factors outside our controllable range. Please save or back up your text, images, and other information in a timely manner.

7. When using TripAI platform services for online transactions, please properly protect your personal information (including but not limited to traveler's name, contact information, or contact address), and only provide it to others when necessary. Please use complex passwords to assist us in ensuring the security of your account. We will do our best to ensure the security of any information you send to us. To prevent others from using your password or using your computer, mobile device, or SIM card without authorization, if you find that your personal information, especially your account or password, has been leaked, please contact TripAI platform customer service immediately so that we can verify and take corresponding measures according to your application.

8. In the unfortunate event of a personal information security incident, we will inform you of the basic situation and possible impact of the security incident in accordance with legal requirements, the disposal measures we have taken or will take, the suggestions for you to independently prevent and reduce risks, and the remedial measures for you. We will notify you of the relevant situation through email, letters, phone calls, push notifications, etc. If it is difficult to notify each individual subject of personal information, we will take reasonable and effective ways to issue an announcement. At the same time, we will also report the disposal of the personal information security incident to the regulatory authorities in accordance with the requirements.

**VI. How We Protect the Personal Information of Minors**

Somytrip places great emphasis on the protection of minors' personal information:

1. If you are a minor under the age of 18, you must obtain the consent of your legal guardian before using our services. We protect minors' personal information and privacy in accordance with the requirements of national laws and regulations such as the **Law of the People's Republic of China on the Protection of Minors**.

2. Somytrip will not actively directly collect personal information from minors. For the collection of minors' personal information with the consent of the guardian, we will only use, share, transfer, or disclose such information under circumstances permitted by laws and regulations, with the consent of the guardian, or when necessary to protect minors.

3. As a guardian, you can log in to the TripAI APP and query, correct, and delete minors' relevant information through “Me”->“Frequently Used Information”. If there is evidence that minors have registered and used our services without the consent of the guardian, the guardian can contact TripAI platform customer service, and we will delete the minors' personal information as soon as possible after confirmation.

4. For personal information of children under the age of 14, we will also follow the principles of legitimacy, necessity, informed consent, clear purpose, security protection, and lawful use, and process children's personal information in accordance with the requirements of laws and regulations such as the **Regulations on the Protection of Children's Personal Information on the Internet**. When you, as a guardian, choose to use TripAI platform-related travel services for the children under your guardianship, we may need to collect personal information of the children under your guardianship from you for the purpose of fulfilling the relevant services. If you do not provide the aforementioned information, you will not be able to enjoy the relevant services we provide. In addition, when you use the review function, you may actively provide children's personal information to us. Please be fully aware and cautious in your choices. As a guardian, you should properly fulfill your guardianship duties and protect the security of children's personal information.

5. If you have any opinions, suggestions, or complaints regarding children's personal information, please contact us.

**VII. How You Can Exercise Your Personal Information Rights**

You have the following rights over your personal information:

**(i) Inquiry, Correction, Supplement, and Management of Personal Information**

After logging in to the TripAI APP, you can access, correct, supplement, and manage your personal information according to the following steps:

- Access, correct, supplement, and delete your traveler information, address information, and reimbursement voucher information through “Me”->“Frequently Used Information”;

- Access, correct, and supplement the real name, nickname, gender, date of birth, bound mobile phone, and bound email you have filled in by clicking on your user avatar under “Me”;

- Access and bind/unbind your account association information through “Settings”->“Account Security”;

- Access and manage your order information through “Me”->“All Orders”;

- Access, correct, supplement, and delete your bank card information through “Me”->“My Wallet”->“Bank Cards”;

- Access and delete your browsing history information through “Me”->“Browsing History,” and access and delete your travel footprint information through “Me”->“Travel Footprint”;

- Access, correct, supplement, and delete community information through “Me”->“My Community”;

- Access and delete your travel itinerary information through “Itinerary”;

- Access and delete your messages and chat records through “Messages,” and access and delete your historical search records by clicking on the search box at the top of the “Home” page and then selecting “Historical Search”;

- Additionally, you can access more personal information through “Settings”->“Personal Information Collection List” and “Third-Party Shared Personal Information List” after logging in to the APP.

- After logging in to the TripAI web page, you can access, correct, supplement, and manage your personal information according to the following steps:

- Access, correct, supplement, and delete your frequently used traveler information, frequently used contact information, frequently used reimbursement voucher information, and frequently used address information through “My Somytrip”->“Frequently Used Information”;

- Access, correct, and supplement the real name, nickname, gender, date of birth, bound mobile phone, and bound email you have filled in by clicking on your user avatar under “My Somytrip”;

- Access and bind/unbind your account association information through “My Somytrip”->“Personal Center”->“Binding and Association”;

- Access and supplement your bound mobile phone and bound email through “My Somytrip”->“Personal Center”->“Account Security”;

- Access and manage your order information through “My Somytrip”->“Orders”;

- Access, correct, supplement, and delete your bank card information through “My Somytrip”->“Wallet”->“My Wallet”->“My Bank Cards”;

- Access and delete your messages through “My Somytrip”->“My Messages”.

**(ii) Deletion of Personal Information**

You can delete some of your information through the paths listed in “(i) Inquiry, Correction, Supplement, and Management of Personal Information”.

In the following circumstances, you may contact us and submit a request to delete personal information, and we will reply to your request within twenty working days:

(1) If our processing of personal information violates laws and regulations;

(2) If we collect and use your personal information without obtaining your explicit consent;

(3) If our processing of personal information seriously violates the agreement with you;

(4) If you no longer use our products or services, or if you have actively canceled your account;

(5) If we permanently cease to provide products or services to you.

After you or we assist you in deleting the relevant information, due to legal requirements or security technical reasons, we may not be able to immediately delete the information from the backup system. We will securely store your personal information and isolate it from any further processing until the backup is updated and the information can be cleared or anonymized.

**(iii) Changing the Scope of Your Authorization Consent or Withdrawing Consent**

You can change the scope of authorization for us to continue collecting personal information by deleting your personal information, disabling device functions, etc. You can also withdraw our authorization to continue collecting all your personal information by canceling your account. However, some basic personal information is required for each business function to be completed (see “I. How We Collect and Use Your Personal Information” in this Policy). After you withdraw your authorization, we will not be able to continue to provide you with the corresponding services. At the same time, due to the particularity of some products and the requirements of relevant laws and regulations, if the services you use have not ended, you may not be able to withdraw your authorization before the services end.

For our continuous data processing activities involving your personal information, after you perform the above operations, we will no longer process the corresponding personal information. However, your above operations will not affect the personal information processing that has been carried out based on your previous authorization.

**(iv) Cancellation of Your Account**

You can cancel your TripAI platform account through the following path: Log in to the TripAI APP to cancel your account. The specific path is: click on “Me”->“Settings” button at the top right->“Account Security,” and then click “Permanently Cancel Account.” You can also call the customer service phone number published on the Somytrip official website, follow the voice prompts to switch to人工customer service, and have the customer service representative cancel your account after verification. After canceling your TripAI platform account, all information in that account will be cleared, and we will no longer collect, use, or share personal information related to that account. However, we still need to save the information in accordance with regulatory requirements for a certain period of time, and the competent authorities still have the right to query the information in accordance with the law during the period of lawful preservation. For the relevant rules and procedures for account cancellation, please refer to the **TripAI Account Cancellation Agreement** attached to this Policy.

**(v) Obtaining Copies of Personal Information**

If you need copies of your personal information, you can contact us through the contact information in this Policy. After verifying your identity, we will provide you with copies of your personal information in our services (including basic information and identification information), except as otherwise provided by laws and regulations or this Policy.

**(vi) Limiting Automated Decision-Making**

After logging in to the TripAI APP, you can operate the push and display of the TripAI APP through “Me”-> top right “Settings”:

1. You can close the commercial messages that we send to your email, mobile phone, mailing address, etc., based on your personal characteristics through “Message Notification”->“Promotional Information,” including but not limited to the latest TripAI platform product information, promotional information, etc.;

2. You can close the page recommendation display based on your personal characteristics through “Privacy Settings”->“Personalized Recommendations.”

After you close the personalized recommendations, we will no longer display page recommendations based on your personal characteristics. Due to technical reasons such as caching, the page may still display recommended content before the cache is updated. After the system updates the cache or you actively clear the TripAI APP cache, the page will no longer display recommended content. You can also voluntarily choose to turn on personalized recommendations at any time to enhance your user experience.

If you need to view search results that are not targeted at your personal characteristics when using our search services, you can choose other objective sorting or filtering methods on the search results page for settings.

In addition, after informing you and obtaining your consent for certain business functions, we may make decisions based solely on information systems and algorithms, without human intervention. If you believe that these decisions significantly affect your legitimate rights and interests, you have the right to submit your request to us through the contact information in this Policy, and we will reply to your request within twenty working days.

**(vii) Transfer of Personal Information**

If you need to transfer your personal information to a designated personal information processor, you can contact us through the contact information in this Policy. After verifying your identity and upon review in accordance with the conditions stipulated by the national cyberspace administration, we will provide you with a way to transfer personal information, except as otherwise provided by laws and regulations or this Policy.

We will also take necessary information management measures and technical means to ensure the security of the transfer process and prevent your personal information from being leaked, damaged, lost, tampered with, etc.

**(viii) Responding to Your Requests**

If you are unable to access, correct, supplement, or delete your personal information through the above methods, or if you need to access, correct, supplement, or delete other personal information generated by you when using our products or services, or if you need to obtain copies of your personal information or transfer your personal information, or if you believe that we have violated laws and regulations or the agreements with you regarding the collection or use of personal information, you can contact us through the contact information in this Policy.

To ensure security, we may require you to provide a written request or proof of your identity. We will reply to your request within twenty working days after receiving your feedback and verifying your identity. For reasonable requests, we will generally not charge any fees. However, for multiple repeated requests that exceed a reasonable limit, we may charge a certain cost fee. For unreasonable requests that are repetitive, require excessive technical means, harm the legitimate rights and interests of others, or are very impractical, we may refuse them.

In accordance with legal requirements, we will not be able to respond to your requests in the following circumstances:

(1) Related to the fulfillment of statutory duties or obligations by Somytrip;

(2) Related to national security or national defense security;

(3) Related to public safety, public health, or major public interests;

(4) Related to criminal investigation, prosecution, trial, and judgment execution;

(5) There is sufficient evidence that you have subjective malice or abuse of rights;

(6) Necessary to maintain the life, property, and other major legitimate rights and interests of you or other individuals, but it is difficult to obtain your consent;

(7) Responding to your request will cause serious damage to the legitimate rights and interests of you or other individuals, organizations;

(8) Involves trade secrets.

**VIII. Revision and Notification of This Policy**

We may modify the personal information protection policy when necessary. We will revise this Policy from time to time and mark the most recent revision date, which will take effect after being publicized. Without your explicit consent, we will not reduce the rights you are entitled to under this Policy. For significant changes, we will provide more prominent notices (for some services, we will send notices by email explaining the specific changes to the personal information protection policy). Please frequently revisit this Policy to read the latest version.

Significant changes referred to in this Policy include but are not limited to:

1. Significant changes in our service model, such as the purpose of processing personal information, the types of personal information processed, the way personal information is used, etc.;

2. Significant changes in our ownership structure, organizational structure, etc., such as business adjustments, bankruptcy mergers, etc., that cause changes in ownership;

3. Significant changes in the main objects of personal information sharing, transfer, or public disclosure;

4. Significant changes in the rights and ways you participate in personal information processing;

5. Changes in the department responsible for handling personal information security within our company, contact information, and complaint channels;

6. When the personal information security impact assessment report indicates high risks.

**IX. How to Contact Us**

1. If you have any questions, opinions, or suggestions related to this Policy, you can contact us through the following ways: visiting our online customer service system , sending an email to our customer service mailbox（service@somytrip.com）, or calling our customer service phone number （ 4001-520-999 ）.

2. We have also established a personal information protection department. You can contact the person in charge of personal information protection by sending an email to their mailbox（service@somytrip.com）.

3. Generally, we will reply within twenty working days. If you are not satisfied with our reply, especially if our personal information processing actions have infringed upon your legitimate rights and interests, you can also file a complaint with the regulatory authorities such as the Cyberspace Administration or the Consumer Protection Association. The ways to file a complaint are as follows:

(1) National Cyberspace Administration Reporting Center: [www.12377.cn](http://www.12377.cn)

(2) Consumer Complaint and Reporting Hotline: 12315

Alternatively, you may also file a lawsuit with the people's court where our company is located to resolve the dispute.

**Attachment: TripAI Account Cancellation Agreement**

Dear TripAI User:

Before you cancel your account, please fully read, understand, and agree to the following matters:

The act of canceling your TripAI Account will lead to the termination of our services to you and may cause you many inconveniences in after-sales rights protection. After successful cancellation, we will delete or anonymize your personal information. You are aware and understand that, in accordance with relevant laws, relevant transaction records must be kept in the TripAI backend for three years or even longer.

When you fill in or provide information in accordance with the cancellation process, read and agree to the **TripAI Account Cancellation Agreement** and related terms and conditions, and complete the cancellation process, it means that you have fully read, understood, and accepted all the contents of this **TripAI Account Cancellation Agreement**. During the process of reading this **TripAI Account Cancellation Agreement**, if you do not agree with any of the terms and conditions, please immediately stop the account cancellation process.

If you still insist on canceling your account, your account must meet the following conditions at the same time:

1. The account registration site is consistent with the account cancellation operation site;

2. There are no pending orders, orders for which services have been provided but not paid for, or services;

3. The balance in the wallet and gift card does not exceed 50 yuan;

4. The积分does not exceed 20,000 points;

5. The account has no outstanding balances, no outstanding financial debts (including but not limited to consumer installment products, credit products, credit orders), and no opened wealth management business in the Somytrip system;

6. The account is a normally used account and has no record of any account restrictions.

During the TripAI Account cancellation process, if your account is involved in disputes, including but not limited to complaints, reports, litigation, arbitration, investigations by national competent authorities, Somytrip has the right to terminate the account cancellation process on its own without obtaining your consent again.

Once the TripAI Account is canceled, it cannot be restored. Please back up all relevant account information and data before the operation. After canceling the TripAI Account, you will no longer be able to use this TripAI Account, nor will you be able to recover the content or information related to the account in the TripAI Account, and Somytrip cannot assist you in restoring the aforementioned services.

Canceling this TripAI Account does not mean that the account behavior and related responsibilities before the account cancellation of this TripAI Account are exempted or mitigated.

New revision Publication Date: March 31, 2025

New revision Effective Date: April 10, 2025