You can find below:

1. Introduction

2. Processing of Personal Data

3. What personal data do we collect and how do we use it

4. Retention period

5. Purpose limitation

6. Security of Personal Data

7. Sharing of Personal Data

8. International Transfer

9. Rights in relation to Personal Data

10. Questions and inquiries

11. How will we update this Privacy Policy

1 Introduction

This Privacy Policy ("Policy") provides information on the personal data processing by ROX. Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.

This Policy applies for all personal data processed by ROX and/or on behalf of ROX, which identify or may identify a person ("Personal Data"). These persons involved are hereinafter collectively referred to as data subjects ("Data Subjects").

ROX reserves the right to review and/or alter the Policy periodically, in order to comply with legislation, and for any other purpose deemed reasonably necessary by ROX.

For queries and inquiries about this Policy, please contact us via the Email address: privacy-protection@roxmotor.com.

2 Processing of Personal Data

This Policy sets out the elements necessary for ROX's compliance with applicable legislation, principles and practice, including but not limited to applicable privacy laws ("Applicable Laws").

The Policy is an external policy and is directed towards Data Subjects whose Personal Data are being processed by ROX for the purpose that has been collected. This Policy applies to the processing of Personal Data, in which ROX acts as the data controller within the meaning of the Applicable Laws. This is the case when ROX determines the purpose for and the means for the processing of Personal Data of Data Subjects within the purposes of this policy.

For business purposes, Data Subjects may be asked to provide their Personal Data. If this is the case, ROX, its affiliates and partners shall be required to keep such information confidential.

3 What personal data do we collect and how do we use it

When we provide our services, we have a need to process personal data. We typically process the following personal data when you use our website or using our services:

Access and Use of the Website: We automatically collect your personal identifiers (such as your device’s Internet Protocol (IP) address), location information (such as may be determined from your Internet Protocol (IP) address) to provide our Website to you. We don’t store your IP address.

When you use our services, we may send one or more Cookies or anonymous identifiers to your device to collect your preferences, account settings, and permissions, so as to:

1)Remember your registration, login, and permissions information to facilitate your more convenient operation of the system;

2)Timely detect and prevent security risks

We will not use Cookie or similar technologies for any purpose outside the scope of this privacy policy. You can manage or delete Cookie according to your preference. You can clear all Cookies saved in the software, but if you do so, you may need to change the user settings yourself every time you visit, and the corresponding information you have previously recorded will also be deleted, which may have some impact on the security of the services you use.

4 Retention period

ROX will use and store Personal Data within the period that is necessary to fulfil the above mentioned purposes and shall remove those Personal Data after relevant purposes no longer existing, or to comply with contractual obligations or as permitted or required by the Applicable Laws.

5 Purpose limitation

The Personal Data may only be processed to the extent necessary for the described purposes. Personal Data may in principle not be processed for other purposes other than that for which the Personal Data were collected. If there is a necessity or need to process Personal Data for other purposes, it shall be investigated by ROX whether the purposes of the intended data processing are compatible with the original purposes. ROX shall provide the Data Subject prior to that further processing with information on that other purpose.

6 Security of Personal Data

We have used industry standard security measures to protect the personal information provided by you, preventing unauthorized access, public disclosure, use, modification, damage or loss of data. We will take all reasonable and feasible measures to protect your personal information. For example, we will use national encryption techniques to ensure the confidentiality of data; We will use trusted protection mechanisms to prevent data from being maliciously attacked; We will encrypt the transmission and storage of your sensitive personal information.

We will deploy access control mechanisms to ensure that only authorized personnel can access personal information. We will hold security and privacy protection training courses to enhance employees' awareness of the importance of protecting personal information. We only allow employees and partners of us and our affiliates who need to know this information to access personal information, and have established strict access control and monitoring mechanisms for this purpose. We also require all personnel who may have access to your personal information to fulfill corresponding confidentiality obligations.

If a personal information security incident unfortunately occurs, we will promptly inform you of the basic situation and possible impact of the security incident in accordance with legal requirements, the disposal measures we have taken or will take, suggestions that you can prevent and reduce risks independently, and remedial measures for you. We will inform you through email, letters, phone calls, push notifications, and other means. If it is difficult to inform the individual information subject one by one, we will take reasonable and effective measures to publish the announcement. At the same time, we will also proactively report the disposal of personal information security incidents in accordance with regulatory requirements.

We will make every effort to ensure the security of your personal information and use technical means to restrict unauthorized access, use, or disclosure of your personal information by others. Despite taking the above measures, please understand that due to the limitations of current technological development and various malicious means that may exist, even if we do our best to strengthen security measures, it is impossible to always fully guarantee the 100% security of personal information. Please understand that the systems and communication networks connected during the use of ROX and related services may encounter problems due to factors beyond our control. If our physical, technical, or management protection measures are damaged, resulting in unauthorized access, public disclosure, tampering, or destruction of information, which damages your legitimate rights and interests, we will bear corresponding responsibilities within the scope of legal provisions.

7 Sharing Personal Data

We share the information identified above:

1）within the ROX Group, which includes parents, corporate affiliates, subsidiaries, business units and other companies that share common ownership;

2) When we use third party service providers, we only share with them the personal data that is necessary for them to provide their services and we have a contract in place that requires them to keep your personal data secure and not to use it other than in accordance with our specific instructions.

3) With other entities for legal, security or safety purposes, we may share your personal data with third parties, law enforcement or other government agencies to comply with law or legal requirements; to enforce or apply our Terms of Service and other agreements; and to protect our rights and the property or safety of our users or third parties. We also may share your personal data and your vehicle information when we have reason to believe that someone is causing injury to or interference with our rights or property, other users of the websites or anyone else that could be harmed by such activities.

4）With other companies in connection with a corporate transaction, if we or some or all our assets are acquired by another company, including through a sale in connection with bankruptcy, we will share the personal datathat we hold with that company.

When third parties are given access to your personal data, we will take the required contractual, technical and organizational measures to ensure that your personal data are only processed to the extent that such processing is necessary.

8 International Transfer

To the extent that we may need to transfer personal information outside of your jurisdiction, whether to our affiliated companies (which are in the communications, social media, technology and cloud businesses) or Third Party Service Providers, we shall do so in accordance with the applicable laws. In particular, we will ensure that all transfers will be in accordance with requirements under your applicable local data protection laws by putting in place appropriate safeguards. You will have the right to be informed of the appropriate safeguards taken by ROX for this transfer of your personal information.

9 Rights in relation to Personal Data

You generally have the right to ask us:

· for access to and a copy of your personal data that we hold.

· that some of your personal data is provided to you or sent to another data controller in a commonly used, machine readable format.

· to update or correct your personal data in order to make it accurate.

· to delete your personal data from our records in certain circumstances.

· to restrict the processing of your personal data in certain circumstances.

· to object to us processing your personal data in certain circumstances.

To exercise these rights, please contact us using the contact information provided in Section 10 below.

These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data or if making the information available to you would reveal personal data about another person or if we are legally prevented from disclosing such information. In some instances, this may mean that we are able to retain data even if you withdraw your consent.

We hope that we can satisfy any queries you may have about the way we process your data. If you have any concerns about how we process your data you can contact us as described below in the section “10 Questions and inquiries”.

lodge a complaint with a supervisory authority.

Finally, please note that where we require personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship, or to meet obligations placed on us. In all other cases, provision of requested personal data is optional.

10 Questions and inquiries

If you have any questions about the processing of your personal data, please read this Privacy Policy first. For additional questions, please feel free to contact us. Please note that we take your satisfaction very seriously. Should you have a complaint, please also direct it to the same email address and we will respond to you as soon as we can.

ROX can be reached via the following contact details:

· Mailing address: 19th Floor, Building C4, Lane 1688, Guoquan North Road, Yangpu District, Shanghai, 200043, P.R. China

· E-mail address: privacy-protection@roxmotor.com

11 How will we update this Privacy Policy

We may update this Privacy Policy according to changes in our business functions and measures concerning the protection of personal information. If we make changes to this Privacy Policy, we will notify you through our website. Where changes to this Privacy Policy will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise any rights you have.