Personal Information Protection Policy

‍

Date of Release:  / / 2025

Effective Date:  / / 2025

‍

Introduction

Welcome to the DidaTravel Platform! Shenzhen DidaTravel Technology Co., Ltd. (hereinafter referred to as "DidaTravel "), as a technology-driven travel distribution service provider, is dedicated to connecting the supply and demand sides through technological solutions. Leveraging a one-stop procurement platform and industry-leading information technology, DidaTravel Tech provides global tourism resources to over 23,000 travel buyers worldwide.

DidaTravel (hereinafter also referred to as "we") fully recognizes the importance of your personal information and places the highest priority on protecting your privacy and personal data. In compliance with applicable laws and regulations, and through this DidaTravel Personal Information Protection Policy (hereinafter referred to as the "Policy"), we aim to transparently explain how we process your personal information when you use the products/services on the DidaTravel Platform, as well as the methods we provide for you to access, update, delete, and safeguard such information.

‍

【Special Notice】

Before accessing or using the products/services on the DidaTravel Platform, please read this Policy carefully and ensure you fully understand its contents, particularly the terms highlighted in bold font, which require your focused attention. Only after confirming your full understanding and agreement should you proceed to use the products/services. If you or your legal guardian (if you are a minor) disagree with any part of this Policy, you will be unable to log in and access the DidaTravel Platform’s products/services. For any questions, feedback, or suggestions regarding this Policy, please contact us using the methods provided in [Article VIII ] of this Policy.

Please pay special attention to the scope of application of this Policy:

1. This Policy applies to all products and services provided by the DidaTravel Platform. If our products/services utilize DidaTravel Platform offerings that do not have a standalone personal information protection policy, such portions shall also be governed by this Policy. For products/services with independent personal information protection policies, those standalone policies shall take precedence. Any matters not addressed in the standalone policies but stipulated herein shall be subject to this Policy.‍
2. ‍This Policy does not apply to third-party information/services (including third-party applications, websites, etc.) embedded within or linked to the DidaTravel Platform’s products/services. Such information/services are operated by third parties and must comply with the respective third party’s personal information protection policies or similar regulations.

Part I Definition

1. DidaTravel Platform: Refers to the webpages and clients (including WeChat Mini Programs) primarily accessible via the domains dida.com, with client applications compatible with terminal devices such as PCs, tablets, mobile phones, and others.

‍‍

2. DidaTravel/We: Includes both the developer and operator of the DidaTravel Platform,  Shenzhen DidaTravel Technology Co., Ltd.(registered at Room 1005-01, Aokangde Group Building, 2010 Shennan East Road, Chengdong Community, Dongmen Street, Luohu District, Shenzhen).

‍

3. Affiliated Companies: All subsidiaries, affiliates, and related entities under Shenzhen DidaTravel Technology Co., Ltd. , including but not limited to:

Shenzhen GoodluckTrip International Travel Service Co.,Ltd.

Shenzhen Youdao Travel Co., Ltd.

Caring(Shenzhen) Travel Service Co.,Ltd.

Zhejiang GoodluckTrip International Travel Service Co.,Ltd.

DidaTravel International Limited.

DIDA TECHNOLOGY SINGAPORE PTE.LTD.

‍

4. Client/You:Refers to any natural person or legal entity that accesses or uses the products/services provided by the DidaTravel Platform, including but not limited to registered and unregistered users.

‍‍

5. Personal Information: Any information recorded by electronic or other means that relates to an identified or identifiable natural person.

‍‍

6. Sensitive Personal Information: Personal information that, if leaked, illegally disclosed, or misused may endanger personal and property safety, easily lead to personal reputation, physical and mental health damage or discriminatory treatment of personal information. Sensitive personal information covered in this policy includes biometrics, religious beliefs, specific identities, medical and health information, financial accounts, whereabouts and other information, as well as personal information of minors under 14 years of age.

‍

7. Deletion of Personal Information: The act of removing personal information from systems involved in daily business operations, rendering it irretrievable and inaccessible.

‍‍

8. Children: Minors under the age of 14.

‍‍

9. Minor: A natural person under the age of 18. A minor aged 16 or older who primarily relies on their own labor income for livelihood shall be deemed to have full civil capacity.

‍‍

10. API: API (Application Programming Interface) refers to a predefined set of rules, protocols, and tools for building software applications.

Part II: Personal Information Protection Policy

This Policy outlines the following key aspects:

‍

I.How We Collect and Use Your Personal Information

II. How We Use Cookies

III. How We Share, Transfer, Entrust Processing, and Publicly Disclose Your Personal Information

IV. How We Store and Cross-Border Transfer Your Personal Information

V. How We Protect the Security of Your Personal Information

VI. How We Protect Minors’ Personal Information

VII. Amendments and Notifications of This Policy

VIII. How to Contact Us

‍

I. How We Collect and Use Your Personal Information

When using our products/services, you may need to authorize us to collect and use personal information under the following circumstances:

‍

Essential Functionality: To provide basic features of our products/services, you must authorize us to collect and use necessary information. If you refuse to provide such information, you will be unable to use our products/services normally.

‍

Additional Functionality: To access enhanced features of our products/services, you may voluntarily authorize us to collect and use information. Refusal to provide such information will restrict your access to these additional features or limit their intended effects, but will not impact your use of core functionalities.

‍

Note:

As we offer diverse products/services, we collect and use your personal information strictly under the principles of legitimacy, fairness, and necessity, based on the specific products/services you select.

To enhance our offerings, we may introduce new or optimized features that require changes to the purposes, scope, or methods of personal information collection. In such cases, we will notify you via updated policies, pop-ups, or in-platform messages, clearly explaining the changes and seeking your explicit consent before implementation. For questions or feedback, contact us using the methods in [Article VIII] of this Policy.

‍

(A) Providing Search and Browsing Functionality

Under normal circumstances, you may search and browse various products on the DidaTravel Platform after accepting the Privacy Policy and logging into your account.

‍

After you agree to this policy, in order to ensure the realization of search and browsing functions, we will collect the search keywords you enter on the web page, the pages or links you click in order to return the corresponding pages or results to you on the service side of the Tao Travel platform. In addition, we also collect your log information for the purposes described above.

‍

Please note that log information alone or search keyword information alone cannot identify you and is not your personal information, only when your log information alone or search keyword information is used in combination with other information about you and can identify you; During the combined use, we will treat your log information or search keyword information as your personal information, which will be processed and protected in accordance with this policy.

‍

(B) Assisting with DidaTravel Account Registration and Management

If you want to use the products/services of the DidaTravel Platform, you first need your employer to register a Tao Travel account to become a DidaTravel Platform user. We will complete the account registration based on the company name, employee name, mobile number and email address provided by your employer.

‍

In order to ensure the security of your account during the registration process, we will send a verification message to your registered email address to verify registration or login. During the login process, we will send verification information to your registered mobile phone number or to your registered email address according to the login method you choose to ensure your login security.

‍

In order to protect the security of your account, we will send a verification code to your mobile phone number to verify that it is your operation when you extend a credit line, cancel an order, redeem points, top up, make a payment or any other action related to money operations on the DidaTravel Platform. When you query or modify account information (such as creating sub-accounts under the main account, modifying sub-account information under the main account, deleting sub-accounts, etc.), in order to ensure the security of your account, we will send a verification code to your mobile phone number to verify whether it is your operation. If you refuse to provide the corresponding information, please contact your employer, you will not be able to create an account and use the products/services of the DidaTravel platform.

‍

(C)Displaying, Recommending, and Promoting Products/Services

1.Providing Products and Services

When providing products and services to you, it is necessary to use your personal information or the actual user of the product/service. When providing hotel products, we usually need to collect the name and nationality of the check-in person, and the hotel will require the collection of the phone number, passport number or other ID number of the check-in person in order to confirm the check-in information. In order to assist guests in determining the room type and completing the booking and check-in, the hotel will ask to collect the name and age of children when they are brought to the hotel. When providing ticket products, we need to collect the passenger's name, document type and document number, mobile phone number, and email address if necessary.

‍

Please note that DidaTravel provides distribution services for travel products and is not the ultimate provider of travel products, so we may also provide products or services through third parties such as business partners and affiliates, so we may also share information collected with suppliers, third-party payment financial institutions, business partners, and related affiliates.

‍

2.Market Research and Promotions

In order to better provide you with products or services, we may periodically send you information about new products, special offers or other information that we think may be of interest to you to the email address you have provided. We will also invite you to participate in market research through the contact information you provide from time to time to fully understand your interest and opinions on our products and services.

‍

3.Understanding Your API Collaboration Intentions

In order to better understand your cooperation intention and cooperation mode, and improve the communication efficiency of cooperation intention, we set up an API cooperation intention collection interface on the DidaTravel platform. If you are interested in API cooperation, you can fill in the cooperation intention on our platform. In order to provide you with services and communication, we need to collect the company name of your employer, the country where the company is located, the type of business of the company and the address of the company's website on the Intention to cooperate interface. In order to contact you or your employer, we need to collect your employer's company phone number and company email address, your name and your title at your employer.

‍

In order to provide you with products or services more accurately, we may need to know whether your company type is a travel agent or travel agency, your company's travel turnover profile in the previous year, your company's hotel room night turnover profile in the previous year, and whether your company has a history of API integration. In order to optimize our products or services, we also need to understand why your company is interested in working with us.

‍

(D)Providing Bookmarking Functionality

While using the DidaTravel Platform’s products/services, you may choose to bookmark hotels of interest. To enable this functionality and other purposes explicitly disclosed to you, we will collect at least the log information generated during your bookmarking activity (e.g., timestamps, hotel IDs).

‍

(E)Providing Order Inquiry and Account Management Functionality

When you place an order for products/services on the DidaTravel Platform, the system generates an order record. During the ordering and management process, we may collect the following information:

‍

(1) Information required by the specific product/service you select.

(2) Contact details: Name and mobile number of the contact person.

(3) Order information generated during your use of the Platform.

‍

Purpose of Collection:

(1) To facilitate transaction confirmation, payment settlement, notifications, order management, and client support/after-sales services.

(2) To monitor transaction anomalies and ensure your transaction security.

‍

Special Requirements for Travel Products/Services

Due to the nature of travel services, the following products require additional mandatory information to complete bookings. You must provide this information directly or authorize us to assist in its entry. Please review details during the booking process:

‍

1.Flight Bookings:

• Domestic flights: At minimum, passenger’s name, ID type, ID number, and mobile number.
• International flights: At minimum, passenger’s name (including phonetic spelling), gender, nationality, date of birth, ID type, ID number, ID expiration date, and contact mobile number. Additional fields (e.g., contact email) may apply depending on the product.

2. Hotel Reservations:

• At minimum, guest’s name and mobile number. Additional fields (e.g., ID number, email) may apply depending on the product.

3.Airport Transfers/Chartered Car Services:

• Passenger’s name, contact phone/email.
• For airport transfers: Flight number (to ensure punctuality).
• For chartered services: Travel date (to confirm scheduling).

4.Minors in Travel Groups:

• Name, ID type, and ID number of minors, provided with consent from their legal guardian.

5.Bank Card Binding:

• Name, bank card number, mobile number, ID type, and ID number.

Additional Requirements:

Other products/services may require further information as specified during the booking process. Please review prompts and authorizations carefully.

‍

(F) Facilitating Payment Completion

When purchasing products through the DidaTravel Platform, third-party payment platforms may collect relevant information to ensure successful payment processing for your order. If you use an international bank card, depending on the requirements of your selected payment provider, we may collect your billing address details, including:

• Country
• Contact address
• Email address

This information is necessary to comply with cross-border payment regulations and complete the transaction securely.

‍

(G) Facilitating Delivery of Products/Services

To ensure the secure delivery of your purchased products/services, we will collect and use at minimum your order information during this process.

‍

For Redemption via Points Mall:

• If you redeem points for digital vouchers or mailing services (e.g., invoices, physical goods), we require:

(1) Recipient’s phone number and email address.

(2) For physical goods: Delivery address, recipient’s phone number, and recipient’s title (e.g., Mr./Ms.).

• For digital vouchers: Your mobile number is required for online redemption.

For Invoicing:

• If you request paper or electronic invoices for purchased products/services, we collect:

(1) Billing information: Invoice title, email address.

(2) Delivery details (as specified above).

‍

(H) Contacting You

We may contact you via website notifications, email, phone, or postal mail to address order-related issues or other product/service inquiries.

‍

(I) Providing Client Support and Resolving Disputes

1. In order to ensure the security of your account, our telephone and online client service will use your user information and order information to verify your identity. When you take the initiative to ask us to provide client service related to your order, we may inquire your relevant order information in order to give you appropriate help and treatment. If you voluntarily ask client Service to assist you in modifying the information (such as shipping address, contact person, or contact number), you may need to provide additional information in addition to the above information to complete the modification
2. When you contact us, we may save the communication/call records and content with you, or the contact information and related information you left, in order to contact you or help you solve the problem, or record the solution and result of the relevant problem.
3. In order to protect your information security, transaction security and service quality, to deal with possible disputes in the future, when you contact our client service consultation, we may save the call record and content between you. Such call records and contents are automatically deleted after the minimum necessary storage period as required by law, unless retained for compliance requirements or legitimate interests. In addition, due to the network status, call environment, policies and regulations, the recording/storage failure cannot be ruled out.
4. If you consult, complain or provide suggestions regarding our services or specific orders, we will use your account information, order information, and page operation records of related orders to facilitate the clarification of facts and settlement of disputes, and provide them to administrative regulatory authorities, judicial departments and our litigants within the scope permitted by law.
   

(J) Enhancing DidaTravel Platform Products/Services

We may use your de-identified data for research, statistical analysis, and predictive modeling to improve the Platform’s content, layout, support business decision-making, and refine our offerings.

‍

(K)Special Notes on Personal Information Collection and Use

1. If the information you provide contains the personal information of other users, for example, you need to submit the personal information of the actual subscriber when ordering products/services for others through the DidaTravel Platform, or the personal information of other users is involved in the information uploaded, published or shared by you through the DidaTravel Platform, in the foregoing circumstances, before providing such personal information to the DidaTravel Platform, You must ensure that you have obtained your consent and that you are aware of and accept this Policy. If a child's personal information is involved, you need to obtain the consent of the child's guardian in advance.

‍

2. Unless there are authorized consent exceptions (see "I, How We Collect and Use your Personal Information" in this Policy), we will, in accordance with the requirements of laws and regulations and national standards, obtain your individual consent in a reasonable way for the processing of sensitive personal information in certain scenarios. The specific individual consent method is subject to the display of the specific function page. You understand and understand that if you do not handle sensitive personal information properly, your personal dignity may be violated or your personal and property safety may be jeopardized. We will try our best to de-identify your sensitive personal information on the basis of ensuring the availability of information.

‍

3. If we use the information for other purposes not specified in this policy, or use the information collected for a specific purpose for other purposes, we will re-obtain your consent.

‍

4. We may obtain information about you collected by third parties such as affiliated companies and business partners that provide services to you. For example, when you book through our affiliates, business partner websites and their mobile apps, the booking information you provide to them may be transferred to us so that we can process your order and ensure that your booking is smooth. According to the agreement with the third party, we will ask the third party to explain the source of your personal information before collection, and confirm the legal compliance of these personal information sources, and understand the scope of authorization and consent of the third party to collect your personal information. If we collect and use your information for purposes beyond the scope of authorization granted to a third party, we will process your personal information ourselves or require the third party to obtain your consent separately.

‍

5. Exceptions to authorized consent

You are fully aware that according to the requirements of laws and regulations, we do not need to obtain your authorization to collect and use your personal information in the following circumstances:

• Necessary for the performance of the statutory duties or statutory obligations of  DidaTravel;
• Related to national security and national defense security;
• Related to public security, public health and major public interests;
• In connection with criminal investigation, prosecution, trial and execution of judgments;
• Necessary for the conclusion and performance of a contract to which you are a party;
• In case of emergency, to protect the life, health and property of you or other individuals;
• The personal information collected is the personal information subject's own disclosure to the public or other personal information that has been legally disclosed;
• Your personal information collected from legally publicly disclosed information, such as legitimate news reports, government information disclosure and other channels;
• Conduct news reporting, public opinion supervision and other acts in the public interest, and process personal information within a reasonable scope;
• Other circumstances stipulated by laws, regulations and national standards.

Please be aware that, in accordance with applicable law, if we process personal information with technical measures and other measures necessary to make it impossible for the recipient of the data to re-identify a particular individual and to recover it, the use of such processed data does not require further notice to you and your consent.

‍

II. How We Use Cookies

To enhance your browsing experience, when you visit the DidaTravel Platform or use our services, we may store small data files called Cookies on your device or system to recognize your identity. These Cookies help:

Simplify repeated logins by saving registration details.

Optimize ad preferences and interactions.

Assess your account security status.

‍

Managing Cookies:

You may clear all Cookies stored on your computer or mobile device.

You have the right to accept or reject Cookies. If your browser automatically accepts Cookies, you can modify its settings to block them.

‍

Note: If you choose to reject Cookies, some features of our services may be limited or unavailable.

For detailed information about our use of Cookies, please refer to the [Cookie Policy].

‍

III. How We Share, Transfer, Entrust Processing, and Publicly Disclose Your Personal Information

‍

(A)Sharing and Provision

1.Principles of Processing

We may share your order information, account details, device data, and location information with third parties (e.g., partners) to ensure the successful delivery of services. However, we will only share your personal information for lawful, legitimate, necessary, specific, good faith, and explicit purposes, and only to the extent strictly required to provide such services.

• Third-Party Assessments: We evaluate the legality, legitimacy, and necessity of third parties’ data collection practices.
• Data Handling Requirements: Third parties must:

Process your personal information within the scope of your authorized consent.

Implement necessary administrative and technical measures to prevent unauthorized access, loss, alteration, or leakage of your data.

• Usage Restrictions: Third parties are prohibited from using shared data for purposes beyond the agreed scope. If they intend to alter the purpose or method of processing, they must re-obtain your explicit consent.

2.Separate Consent

Unless there are authorized consent exceptions (see "I, How We Collect and Use your Personal Information" in this policy), we will, in accordance with the requirements of laws and regulations and national standards, take reasonable ways to obtain your separate consent for the sharing and provision of personal information in certain scenarios other than those described above. However, regardless of whether we need to obtain your separate consent, we will explicitly inform you in a reasonable manner about the third-party supplier information that specifically provides you with the products/services involved and the purpose, method and type of processing your personal information. For example, when you are preparing to order some products/services of the Travel Platform, We may explicitly inform you of the above information through the order filling page or the order confirmation page before you place an order, and obtain your separate consent to authorize Tao Travel to provide your personal information to suppliers or service providers if necessary. For specific individual consent forms, please refer to the specific product/service order page.

‍

3.Our Partners Include the Following Types (Domestic and International Entities)：

(1) Your Employer:

As a client of DidaTravel, your employer may receive necessary personal information from us based on contractual agreements and operational needs. This data sharing enables purposes such as reconciliation, data analysis, and statistical reporting. Information may also be shared with individuals authorized by your employer.

‍

(2) Suppliers:

Includes but not limited to hotels, airlines, car rental services, travel agencies, attraction and activity providers, and agents to fulfill your bookings. We share:

• Basic personal details (e.g., name, nationality).
• Identity information (e.g., passport/ID number).
• Contact details (e.g., phone number, email).

Suppliers may contact you directly to finalize travel arrangements.

‍

(3) Financial Institutions & Third-Party Payment Providers:

• When placing orders or requesting refunds, we share specific order details (e.g., transaction amount, booking dates).
• For fraud detection and prevention, we may share additional data (e.g., IP address) with relevant institutions.

(4) Business Partners:

We collaborate with partners to deliver services such as:

• Logistics (e.g., courier services).
• Communication (e.g., SMS providers for notifications).
• Customer support, marketing, technical services, identity verification, and consulting.
• For example, SMS providers receive your mobile number and message content for service updates.

(5) Affiliated Companies:

We share personal information with DidaTravel’s affiliates to offer travel-related or complementary products/services. These affiliates adhere to protection measures no less stringent than those outlined in this Policy.

‍

Important Note:

To prevent and detect fraud, we may prudently share necessary personal information with partners and affiliates. Such sharing undergoes rigorous internal security assessments and approvals, with strict agreements limiting data usage to specified purposes.

‍

4. We may share your personal information in accordance with laws and regulations, litigation dispute resolution needs, relevant agreements signed between you and us (including online electronic agreements and platform rules) or legal documents, or when required by administrative, judicial and other competent authorities according to law.

‍

5. In addition to the above instructions or otherwise provided by laws and regulations, if we share your personal information with any other company, organization or individual, we will seek your authorization again according to law.

‍

(B) Information Transfer

We will not transfer your personal information to any company, organization, or individual, except in the following circumstances:

1. With your explicit prior consent or authorization.
2. To comply with applicable laws, regulations, legal proceedings, or mandatory administrative/judicial requirements.
3. In the event of mergers, divisions, acquisitions, asset transfers, or similar transactions:

• If personal information transfer is involved, we will:

Notify you in advance of the name and contact details of the receiving entity.

Ensure the new entity continues to be bound by this Policy and assumes the original personal information processing obligations.

• If the new entity cannot comply, we will require them to re-obtain your authorization and consent.

(D) Public Disclosure

We will only publicly disclose your personal information under the following circumstances:

1.At Your Request:

• With your separate consent, we will disclose your specified personal information in the manner you approve.

2.Legal or Judicial Obligations:

• To comply with laws, regulations, mandatory administrative enforcement actions, or judicial orders, we may disclose your personal information as required, including the type of data and method of disclosure.

• In compliance with legal requirements, we will demand proper legal documentation (e.g., subpoenas, investigation letters) before responding to such requests.

IV. How We Store Your Personal Information

‍

(A) Storage Location

‍

1.Principles of Processing

In compliance with laws and regulations, we store personal information collected within the People’s Republic of China on servers located within China.

‍

2.Cross-Border Transfers

If your personal information is transferred from China to overseas, we will strictly adhere to legal requirements.

Scenarios requiring cross-border transfers include:

• Your explicit authorization.
• Involvement of overseas service providers in marketing activities.
• Your proactive actions (e.g., booking international hotels/flights through the DaoTrip Platform that involve overseas suppliers).
• Legal or regulatory mandates.

Unless exempt under consent exceptions (see Section I), we will seek your separate consent through reasonable methods for cross-border transfers beyond the above scenarios. Regardless of consent requirements, we will clearly inform you about:

• Domestic/overseas service providers involved.
• Purpose, methods, and categories of data processing.
• For example, when ordering overseas products/services, this information will be disclosed on the order entry or confirmation page, and your separate consent will be sought if required.

Legal Compliance:

• We will fulfill obligations such as security assessments, personal information protection certifications, and executing standard contracts with overseas recipients as prescribed by authorities.
• Overseas entities must maintain confidentiality and uphold equivalent data protection obligations.

(B) Retention Period

We retain your information only for the shortest period necessary to fulfill the purposes outlined in this Policy or as required by laws and regulations. Our criteria for determining retention periods include:

• Achieving transaction-related purposes.
• Maintaining transaction and business records to address potential inquiries or complaints.
• Ensuring service security and quality.
• Complying with statutes of limitations.
• Adhering to legal retention requirements or specific agreements.

After exceeding the retention period, or upon your request to delete data or close your account, we will delete or anonymize your personal information.

‍

Exceptions for Extended Retention:

We may adjust retention periods under the following circumstances:

1. Legal Compliance: To meet statutory obligations (e.g., the E-Commerce Law mandates retaining product/service and transaction records for at least three years from the transaction date).
2. Judicial Requirements: To comply with court judgments, rulings, or legal proceedings.
3. Government or Regulatory Requests: To fulfill demands from authorized governmental or regulatory bodies.
4. Public or Individual Interests: To safeguard public interests or protect the safety, property, or legal rights of DidaTravel Platform users, our company, affiliated entities, employees, or other stakeholders.

(C) Cessation of Operations

If we cease operations of the DidaTravel Platform or its services:

• We will immediately halt further collection of your personal information.
• Notify you via individual notifications or public announcements.
• Securely delete or anonymize all retained personal information.

V. How We Protect the Security of Your Personal Information

1. DidaTravel attaches great importance to information security and has set up a dedicated team responsible for the supervision of personal information processing activities and protection measures taken. We strive to provide you with information protection, take appropriate management, technical and physical security measures, with reference to domestic and foreign information security standards and best practices to establish an information security assurance system suitable for business development, has obtained ISO27001 information security management system standard certification, PCI-DSS payment card industry data security standard certification..
2. From the perspective of data life cycle, we have established security protection measures in various aspects of data collection, storage, display, processing, use, destruction, etc., and adopted different control measures according to the level of information sensitivity. This includes but is not limited to access control, SSL encrypted transmission, encrypted storage using an AES256bit or higher encryption algorithm, and desensitized display of sensitive information.
3. We also strictly manage employees who may have access to your information, monitor their operations, establish an approval mechanism for data access, internal and external transmission and use, desensitization, decryption and other important operations, and sign confidentiality agreements with the above employees. At the same time, we also regularly conduct information security training for employees, requiring them to form good operating habits in their daily work and enhance their awareness of data protection.
4. Despite the aforementioned security measures, please understand that there are no "perfect security measures" on the network. We will provide appropriate security measures according to existing technology to protect your information, provide reasonable security, we will do our best to ensure that your information is not leaked, damaged or lost.
5. Your account has a security protection function. Please keep the device you use to log in to the DidaTravel Platform, as well as your account name and password information, and do not provide the device to others for logging in to the DidaTravel Platform or inform others of your password. If you find your personal information leaked, especially your account name and password leaked, please contact our customer service immediately. So that we can take corresponding measures.
6. please save or back up your text, pictures and other information in a timely manner, you need to understand and accept that your access to our services in the system and communication network, there may be problems due to factors beyond our control.
7. When using the service of Tao Travel Platform for online transactions, please properly protect your personal information (including but not limited to the traveler's name, contact information or contact address), and only provide it to others when necessary. Please use a complex password to help us keep your account secure. We will do our best to ensure the security of any information you send us. In order to prevent unauthorized use of your password or use of your computer, mobile device or SIM card, if you find that your personal information, especially your account or password, has been leaked, please contact our customer service immediately so that we can verify and take appropriate measures according to your application.
8. In the event of an unfortunate personal information security incident, we will inform you in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, the suggestions you can independently prevent and reduce risks, and the remedial measures for you. We will inform you by email, letter, telephone, push notification, etc. When it is difficult to inform the personal information subject one by one, we will take a reasonable and effective way to release the announcement. At the same time, we will also report the disposal of personal information security incidents in accordance with the requirements of the regulatory authorities.

VI. How We Protect Minors’ Personal Information

‍

1. DidaTravel attaches great importance to the protection of minors' personal information. If you are a minor under the age of 18, you should obtain the prior consent of your legal guardian before using our services. We protect the personal information and privacy of minors in accordance with the requirements of the Law of the People's Republic of China on the Protection of Minors and other relevant national laws and regulations.

‍

2. No Direct Collection from Minors

DidaTravel。does not actively or directly collect personal information from minors. For information collected with guardian consent, we will use, share, transfer, or disclose such data only when:

• Permitted by laws and regulations.
• Necessary to protect the minor’s interests.
• Explicit guardian consent is obtained

3. Children Under 14

For personal information of children under the age of 14, we adhere to the principles of legitimacy, necessity, informed consent, purpose limitation, and security, in compliance with the Regulations on the Cyber Protection of Children’s Personal Information and other applicable laws.

Guardian Responsibilities:

• When using DidaTravel Platform services for a child under your guardianship, we may collect the child’s information as necessary to fulfill the service.
• Failure to provide such information will result in inability to access related services.
• Guardians must fulfill their responsibilities diligently to ensure the child’s information security.

4. Feedback and Complaints

For questions, suggestions, or complaints regarding children’s personal information, please contact us using the methods outlined in [Section VIII: How to Contact Us] of this Policy.

‍

VII. Policy Revisions and Notifications

We may update this Personal Information Protection Policy as necessary. Please note that we reserve the right to amend this Policy periodically, with the latest revision date clearly indicated. Revisions will take effect after being published. We will not diminish your rights under this Policy without your explicit consent. For material changes, we will provide prominent notice (e.g., email notifications detailing specific revisions for certain services). We encourage you to review this Policy regularly to stay informed of updates.

Material changes include, but are not limited to:

1. Significant changes to our service model, such as:

• Purposes of processing personal information.
• Types of personal information processed.
• Methods of using personal information.

2. Major changes in ownership or organizational structure, such as:

• Business restructuring.
• Changes in ownership due to bankruptcy, mergers, or acquisitions.

3. Changes to primary recipients of personal information sharing, transfers, or public disclosures.

4. Material changes to your rights regarding personal information processing and how to exercise them.

5. Changes to the department responsible for personal information security, contact details, or complaint channels.

6. High-risk findings identified in a personal information security impact assessment report.

‍

VIII. How to Contact Us

1. For any questions, feedback, or suggestions regarding personal information protection or privacy, please contact DidaTravel ’s client service at [+86-13986004209]. If you disagree with any terms of this Policy, you may choose to discontinue access to the Platform. Continued use will be deemed as your acknowledgement, acceptance, and binding agreement to this Policy.

Company Name: Shenzhen DidaTravel Technology Co., Ltd.

Registered Address: Room 1005-01, Aokangde Group, No. 2010, Shennan East Road, Chengdong Community, Dongmen Street, Luohu District, Shenzhen

‍

2. We have established a dedicated Personal Information Protection Department. You may reach our Head of Personal Information Protection via email at [james@dida.com].

• We generally respond within 5 business days after verifying your identity and related information.

‍