HNA iCard Privacy Policy

This Privacy Policy explains how the iCard System (HNA iCard) mobile application (“App”, “we”, “our”, or “us”) collects, uses, stores, and shares information when you use the App on Android or iOS.

1. Scope

This Policy applies to the iCard System (HNA iCard) application and related backend services required to provide core activation and BLE reader connectivity features.

2. Information We Process

2.1 Permissions and On-Device Data

• Camera access to scan activation QR codes.
• Bluetooth access to discover and connect supported RFID BLE readers.
• Photo library access when you explicitly select an image for QR scanning.
• Local configuration/runtime data such as server settings, connection history, activation/runtime records, and app preferences stored on your device.

2.2 Network Data

To provide app functionality, the App may transmit required activation/runtime fields to backend endpoints over secure transport in production environments.

3. How We Use Information

• Activate devices through QR-based workflows.
• Establish and maintain BLE reader sessions.
• Support policy-controlled offline operation.
• Persist necessary app state and user configuration.
• Improve reliability, diagnose operational errors, and maintain service security.

4. Legal Bases for Processing

Depending on your jurisdiction, we rely on one or more of the following legal bases:

• Consent (for device permissions such as camera/Bluetooth/photos).
• Performance of a contract/service (to deliver core app functionality).
• Legitimate interests (security, fraud prevention, service integrity).
• Legal obligations (where required by applicable law).

5. Sharing and Recipients

We do not sell your personal data. We share information only where necessary to operate core app functionality, including backend infrastructure and service providers acting on our instructions.

We do not use third-party advertising SDKs for behavioral advertising within this App.

6. Data Retention

On-device data is retained until you uninstall the App or clear app/device data (where supported). Server-side data is retained only for as long as needed for legitimate operational/legal purposes and then deleted or anonymized according to internal policies.

7. Data Security

We implement technical and organizational controls designed to protect data against unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is 100% secure, but we continuously improve safeguards appropriate to risk.

8. Your Rights and Choices

Depending on your jurisdiction, you may have rights to:

• Access, correct, or delete your data.
• Restrict or object to certain processing.
• Withdraw consent for permission-based processing.
• Request portability where legally applicable.

You can also manage device permissions at any time in Android/iOS settings. If required permissions are denied, some features may not function.

9. Children’s Privacy

The App is not directed to children under the legal age in relevant jurisdictions. If you believe a child provided personal information, contact us so we can take appropriate steps.

10. International Transfers

If data is processed outside your country, we apply safeguards required under applicable law to protect transferred information.

11. Changes to This Policy

We may update this Policy from time to time. Material updates will be reflected by updating the “Last updated” date on this page.

12. Contact Us

For privacy-related requests or questions, contact:
Le Hai Dang
Email: haidang.lhd@gmail.com