1 Personal Information Collection
1.1 Definition of personal information
Personal information refers to any information relating to an identified or identifiable natural person. In other words, personal information is any information that allows us to identify you directly or indirectly.
1.2 Circumstances of personal information collection
We will collect your personal information under the following circumstances:
• When you register as our user;
• When you buy our product;
• When you sign up or join our event;
• When you use our services and products;
1.3 Scope of personal information collection
We will handle all types of personal information, including the data clearly provided by you and your device data and personal information generated from the use of our services, specifically:
• When you register or log in, we will collect your email address, password, nickname, and profile photo that you use in registration.
• When you download or use the app, we may collect internet or other electronic network activity information and read information about your mobile device, such as information of the hardware model, IMEI number or other unique device identifier, MAC address, IP address, operating system version, and settings. We may also read information about the use of your appliances through the Internet of Things (IoT) app, such as the device model, operating status, frequency of usage, and the use of cameras built into some devices.
• When you use bonded and controlled devices, we will collect the information of device model, IP address, location, and device status.
• With your consent, we collect geolocation data, specifically, your current location information; however, we do not track your whereabouts. The location service can directly obtain your location information to provide you with services, such as weather service, intelligent scene service, network function. The device will save WiFi SSID and password when connected to a home WiFi router, and such information will not be uploaded to the clouds.
• When you use an IoT device, you can view the real-time and historical video footage captured by the camera through the software. You can also save the video locally. In order to enable the said function, we will send all videos captured by the camera to your app in an encrypted manner. We will neither store your video footage on our server nor use it for any other purpose or share it with any third party without your consent.
• When you use a product or service, we will automatically receive and record information about your browser and computer or App client, such as your IP address, browser type, language used, and access date and time, hardware and software feature information and web page records you need; when you apply for after-sales service, we may also collect your phone number and address.
• To help us understand and analyze the operation of the App, we will use the mobile analysis software SDK. We may record relevant information such as your frequency of usage data, corrupted data, overall usage data, performance data, etc. We will not associate information stored in the analysis software with any of your personal information.
• It is important to note that separate device information or service log information cannot identify a particular natural person. If we combine such non-personal information with other information to identify a particular natural person or use it in conjunction with personal information, such non-personal information will be treated as personal information during the period combined use, and we will de-identify such information unless we have your authorization or unless otherwise stipulated by law.
As mentioned above, we will store your account information in the database so that you can get your personal data every time you visit our website and use our App or other services.
Your data will be stored in our server as log files and used for analysis and research. After being processed in the server, your data will be transmitted to the database.
We will back up data on a regular basis to prevent data loss due to server failure or human error, and will delete them immediately at your request.
2 Data Processing
2.1 Our role
We are the controller of your information.
2.2 Legal foundation
We process your data for the following one or more purposes:
• When we have your consent;
• When it requested for the purpose of marketing;
• When it requested for the purpose of performing the contract we enter into with you;
• When it is legally obligated;
• When it is within our legal rights or interests. For example, to implement our policies, manage day-to-day business, aggregate data for data analysis, maintain information security, or prevent frauds, or, if necessary, we transfer the data to other BUs of our company).
2.3 Reasons for providing your personal information
2.4 Purposes and methods
We will use information provided by you and collected by us in the process of services to offer you our services. We will not use your data for any other purposes that do not fit the purposes for data collection that are detailed below.
We will use your information for the following purposes in the following manners:
• To verify your identity to prevent unauthorized access;
• To offer our services or products according to the contract we enter into;
• To offer other services you request according to the requirements stated during data collection;
• To process transactions and communicate with you regarding the details of such transactions;
• To help track and fix any fault or error in the application;
• To conduct internal audit, data analysis or research to the end of improving our products and services through evaluating our efficiency;
• To share your information with our partners so that they can assist us in offering our products and services to you;
• To collect your email address by staff of local branch office when and where you join the operating campaign for equipment activation, and match your data with data on the US server under strict access control to confirm the authenticity and validity of your equipment activation, so as to provide subsequent rights and interests;
• To share your information with other branch institutions for internal management and background support;
• To maintain the integrity and security of the information system where we store and process your information;
• To scrutinize and investigate into data leaks, illegal activities and fraudulent behaviors;
• To comply with applicable laws and regulations or the demand for your information requested for litigation and other legal proceedings or imposed by governmental authorities.
You have the right to choose to not let us to use your personal information for any purpose(s), however, please be aware, by your choice of that, we may not be able to undertake part or all of the obligations according to the service terms or provide our services without some of your information.
3 Device authorizations
We occasionally demand authorizations to access, including but not limited to, your storage, contacts, notifications, GPS locations, Bluetooth, NFC when providing services. You may deny the access to relevant personal information by turning off part or all of the authorizations in device settings. The authorization management process is different in different devices. Please refer to the relevant instructions for accessing the device settings and the system developer mode.
4 Sharing, transfer or disclosure of your information
4.1 Sharing of your information
Your personal information will be kept strictly confidential and will not be shared with any other company, organization, or individual, except in the following circumstances:
• When we have obtained your clear consent to share your information with a third party.
• When we share your personal information with a third-party service provider (or partner) for the benefit of offering or improving our services including but not limited to cloud services, video surveillance services, IT supports, custom services. We sign rigorous data handling agreements with all relevant third-party service providers (or partners) which requires them to take certain security measures in handling your information pursuant to the relevant laws and regulations and our requirements to safeguard your data security.
• When we disclose your information under the demands of the laws and regulations or government authorities.
4.2 Transfer of your information
We will not transfer your information to any other company, organization, or individual except under any of the following circumstances:
• Transfer under clear consent: when we have obtained your clear consent, we will transfer your information to a third party.
4.3 Disclosure of your information
We will only disclose your information under the following circumstances:
• When we have obtained your clear consent;
• When the law, legal proceedings including litigation, or government authorities, demand so.
You have the right to choose to not let us to disclose or/and transfer any or all of your personal information to third party, however, please be aware that, by your choice of that, we may not be able to undertake part or all of the obligations according to the service terms or provide our services without some of your information.
5 Limitation period for saving your information
Whereas, we may postpone the retention of your information for research or statistics, but we will desensitize your information from tracking you.
At the same time, in accordance with the law of the country in which you live, we may retain your personal information to assist in any government and judicial investigations for the purpose of submitting or maintaining legal requests or civil, criminal or administrative procedures. If the above reasons fail to apply to the data we preserve, we shall delete and destroy your data in a secure manner in accordance with the relevant requirements.
6 Protection of information of people under legal age
Our products and services shall be primarily for adults, yet, we shall be aware of the importance of taking extra precautions to guarantee the privacy and security of people under legal age who use the products and accept the services. We consider anyone who is under the age of 16 (or the age as required by the local law) a person under legal age.
We will only use or disclose the personal information of people under legal age collected with the consent of the guardian on the condition that the law permits, the guardian expressly consents or the protection of the people under legal age is necessary. At any time, the guardian who asks to access to, modify or delete personal information of the person under guardianship shall contact us as described in Section 13.
If we are found to collect personal information of people under legal age without firstly obtaining the consent of a verifiable guardian, we shall try to remove the relevant content as soon as possible.
7 Measures for information protection
We adhere to recognized key data protection principles (fairness, purpose limitation, data quality, data retention, compliance with individual rights, and security), and take reasonable measures to guarantee the security of your personal information. We have applied a range of techniques to guarantee the security of your personal information to minimize the risk of misuse, unauthorized access, unauthorized disclosure and inaccessibility. Security measures we have adopted include but are not limited to: data desensitization, data encryption, and authorization control of firewalls and data access.
At present, we have obtained the following professional certifications:
• ISO/IEC 27001 Information Security Management System Certification;
• ePrivacy Privacy Data Certification;
In addition, we shall regularly check and update the security mechanisms used to protect data in order to provide effective protection against data misuse. If you believe that the security of your data has been compromised, or you would like to know more information about the measures we adopt to protect data, please contact the Data Protection Office through the contact method provided in the last section.
8 Storage of personal information
As we provide services globally, based on data storage security considerations, all of your data we collect, regardless of the country you are located in, the above outlined information will be stored synchronously on servers in Germany, the United States and France.
9 Cross-border transmission of personal information
10 User portraits and automated decision
When you use our services,we may analyze processed data that fail to identify you to improve our products and services.
We will not use your data to conduct any fully automated decision.
11 Personal information rights and their exercising
11.1 The personal information rights you have
• Access: demand to provide a copy of the personal information we hold about you;
• Correct: demand to correct the information containing errors or the expired information;
• Logout and Cancel: demand to cancel your account or delete your personal information;
• Carry: demand to provide your data and, if possible, to transfer the data directly to data controller;
• Restrict: demand to limit the processing for any dispute on the accuracy or legality of our processing of personal information; yet, the right on processing may cause you to be unable to accept our services normally;
• Refuse: oppose to use your personal information for user portraits and automatic decision-making, and oppose to send commercial information for direct marketing by using your personal information;
• Lodge a complaint: lodge a complaint on the processing of your data with the competent authority of your residence or the member state that processes your data;
• Agree to withdraw: withdraw the consent at any time when we rely on your consent to process the data.
11.2 Methods of exercising personal information rights
We will protect your right to access and correct your personal information. If you wish to exercise any of the rights described in Article 11.1, you may send e-mail to our Data Protection Office for processing.
As we receive a large amount of commercial promotion e-mails every day, we shall not respond if we believe that your e-mails are not related to personal information.
11.3 Results of request
After the request is made by the subject of personal information, the following results may occur:
(1) Request denied
In some cases, requests from personal information subjects shall be rejected, including but not limited to:
• The subject of personal information is not granted relevant rights by laws of where you live;
• The identity of the person making the request fails to be verified;
• The request made by the subject of personal information fails to be verified and is beyond scope, especially when the request is repeated;
• The disclosure of information is prone to harm the interests of the relevant parties if the information involved is related to the damage or compensation received in the dispute;
• The information shall be retained for statistics and research, and the results of statistics and research shall not reveal personal identities;
• Other legally prescribed circumstances.
If the access request of the subject of personal information is rejected, we shall formally explain the reason to the requester.
(2) Request accepted
If there is no circumstance as specified in (1), we shall process the request. If you really want the request to be accepted, please provide us with as much detailed information as possible when requesting, such as the request type and specific content, information about the holder (such as the name of the product and service you use), and time for generating or processing information (if the time could be as exact as possible, the request may be accepted).
11.4 Withdraw consent
You may change the scope of your authorization to continue to collect personal information or withdraw your authorization by deleting the configuration information, removing binding the associated device, and canceling the account number.
Please understand that the service of business function shall require some basic personal information (registration e-mail) to be completed, so if you withdraw your consent or authorization, we will stop providing the service corresponding to the withdrawal of consent or authorization. Yet, your decision to withdraw your consent or authorization shall not affect the processing of personal information previously based on your authorization.
11.5 Your Rights as a California Resident
You have the right to request that we disclose what personal information we collect, use, disclose or sell.
You have the right to request information about the personal information we’ve collected about you within the last twelve months. You may request to know if we have collected, sold or shared with third parties for a business purpose the following information:
• The categories of personal information we have collected about you;
• The categories of sources of personal information we collected about you;
• Our business or commercial purpose for collecting or selling personal information about you;
• The categories of third parties with whom we disclose personal information;
• The specific pieces of personal information we have collected about;
• Whether we have sold your personal information and if so the categories of personal information that each category of recipient purchased;
• Whether we have disclosed your personal information for a business purpose and if so, the categories of personal information that each category of recipient received.
You may request this information no more than two times per year.
(1) Right to Request Deletion
You have the right to request that we delete your personal information under certain circumstances we may be unable to delete your personal information, for example, to comply with legal obligations, or to complete a business transaction that you have requested.
(2) Right to Non-Discrimination
You have a right not to receive discriminatory treatment for exercising your privacy rights as identified in this section of the privacy notice as conferred by the CCPA.
(3) Right to Opt-Out
California law provides you with the right to opt-out of the sale of your personal information; however, we have not sold the personal information of CA residents in the preceding twelve months. We do not sell the personal information of minors under the age of 16 years of age.
To exercise the rights above you may make the request in the following ways:
• Emailing your request to MideaDPO@midea.com;
• Writing to us or calling us with the contact information at Section 13 Contact Us.
When you submit a request we will verify your request by requiring a screenshot of your profile page in the app. You may designate an authorized agent to make a request to know or a request to delete your personal information by providing the authorized agent written permission to do so; and by verifying your own identity with us directly. We will deny any requests from agents that do not submit proof of authorization.
Major changes referred to herein include but are not limited to:
• Major change of our service model, such as the purpose of processing personal information, and the type of personal information under processing, the way of using personal information;
• Major change of our ownership structure, organizational structure, etc., such as owner change caused by business adjustments, bankruptcy mergers, etc.;
• Main subject change of public disclosure of personal information;
• Major change of your right to participate in the processing of personal information and the corresponding exercising methods;
• Change of the department responsible for processing the security of personal information, or change of contact information and complaint receiving channels;
• A high risk shown in the assessment report of personal information security impact.
13 Contact Us
If you disagree with us about our processing of your personal information, you may submit a mediation request or other requests to data protection regulator where you are located.
If you have an unresolved privacy or data use request, concern or complaint that you feel have not been addressed satisfactorily despite the fact that you have written to MideaDPO@midea.com, or if your request had been rejected and you wish to make further inquiries about our rejection of your request or appeal our rejection of your request, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
158 CECIL STREET
Phone: +65 6222 2536