Privacy Policy
We are Midea,
providing software services and data processing services to KAISAI. The Privacy Agreement applies to
mobile application services provided to you. We will collect personal
information from you as appropriate and necessary in accordance with laws
and regulations. We will do our best to protect your information from
disclosure, damage, or missing through reasonable and effective
information security techniques and management
processes and corresponding security protection measures. We
hope to clarify how we are committed to protecting your personal information
through the following Privacy Agreement.
The Privacy Agreement is updated at least
every 12 months. The Privacy Statement was updated on April 30, 2021 (V4)
Please read the
Privacy Agreement in its entirety. If you have any questions about
the Privacy Agreement, you can contact us via the email address
provided herein.
By using or continuing to use our products and
services, you agree to the content of the Privacy Agreement. If you
do not agree to any of the Privacy Agreement, please stop using our
services immediately.
Personal information refers to any information
relating to an identified or identifiable natural person. In other words,
personal information is any information that allows us to identify you directly
or indirectly.
In the Privacy Agreement, we also use
"data" to represent personal information.
We will collect your personal information
under the following circumstances:
· When
you register as our user;
· When you buy
our product;
· When
you sign up or join our event;
· When
you use our services and products;
We will handle all types of
personal information, including the data
clearly provided by you and your
device data and personal information generated from
the use of our services, specifically:
· When
you register or log in, we will collect your Email, user name, password, registration
region/company
· When
you download or use the app, we may read information about your mobile device,
such as information of the hardware model, IMEI number or other unique device
identifier, MAC address, IP address, operating system version, and
location. We may also read information about the use of your appliances through
the Internet of Things (IoT) app, such as the device model, operating status,
frequency of usage, and the use of cameras built into the device. We may also
receive and record information about your conversations, audios, videos,
pictures, etc. in voice interaction with IoT devices.
· When
you use bonded and controlled devices, we will collect the information of
device model, IP address, location, and device status. We collect your current
location information, not track your whereabouts, open the location service can
directly obtain your location information to provide you with services, such as
weather service, intelligent scene service, network function. The device will
save WiFi SSID and password when connected to a home WiFi router, and such information will not be uploaded to
the cloud.
· When you handle the business of your company, such as
door-to-door installation, the app will collect device SN, device location, and
device time zone. After you log in the app, you can set the parameters of the
device installed by you or your company through the Bluetooth channel, and
check the device power, power consumption information and control device.
· To
help us understand the operation of M-smart App, we will use the mobile
analysis software SDK.We may record
information of your frequency of usage data, corrupted data, overall
usage data, performance data, etc. We will not associate information stored in
the analysis software with any of your personal information.
· It
is important to note that separate device information or service log
information cannot identify a particular natural person. If we combine such
non-personal information with other information to identify a particular
natural person or use it in conjunction with personal information, such
non-personal information will be treated as personal information during the
period combined use, and we will de-identify such information unless we have
your authorization or unless otherwise stipulated.
As mentioned above, we will store your account
information in the database so that you can get your personal data every time
you visit our website and use our App or other services.
Your data will be stored in our
server as log files and used for analysis and research. After being processed in the
server, your data will be transmitted to the database.
We will back up data on a regular basis to
prevent data loss due to server failure or human error, and will delete
them immediately at your request.
In order
to facilitate the management of installation activities, we process your
personal data as the joint controller. The purpose of data processing
activities is determined by KAISAI, but Midea defines the collection fields to provide the
functions of the app. However, it needs to be clarified that when you use the
app service, you will process the device information of consumers, so please
strictly abide by the relevant requirements of local laws and regulations to
protect the relevant information of consumers. Midea and your company will also
have a relevant agreement for data processing, and your company may also pass
on these requirements to you. As the joint controller, Midea is only responsible for
the information registered by you using the app and the data of mobile devices
collected for providing app services to you..
We process your
data for the following one or more purposes:
· When
it requested as per the explicit instructions or requirements of the data
controller;
· When
we have your consent;
· When
it requested for the purpose of marketing;
· When
it requested for the purpose of performing the contract
we enter into with you;
· When
it is legally obligated;
· When
it is within our legal rights or interests. For example, to implement our
policies, manage day-to-day business, aggregate data for data analysis,
maintain information security, or prevent frauds, or, if
necessary, we transfer the data to other BUs of our company).
Generally, your consent constitutes the legal
foundation for us to handle your information. It is therefore necessary for you
to agree with our user agreement and Privacy Agreement for our
agreement to be formulated and performed and our legal rights and interests to
be protected.
You have the right to choose whether to provide
the relevant data. We may not be able to undertake part or all of the
obligations according to the service terms or provide our services without some
of your information. If you wish to learn more, please contact our data
protection office using the contact details under the last section of this
Privacy Agreement.
We will use information provided by you and
collected by us in the process of services to offer you our services. We will
not use your data for any other purposes that do not fit the purposes for data
collection that are detailed below.
We will use your information for the following
purposes expressly stated by the data controller in the following manners:
· To
verify your identity to prevent unauthorized access;
· To
offer our services or products according to the contract we enter into;
· To
offer other services you request according to the requirements stated during
data collection;
· To
process transactions and communicate with you regarding the details of such
transactions;
· To
help track and fix any fault or error in the application;
· To
conduct internal audit, data analysis or research to the end of improving our
products and services through evaluating our efficiency;
· To
share your information with our partners so that they can assist us in offering
our products and services to you;
· To
share your information with other branch institutions for internal management
and background support;
· To
maintain the integrity and security of the information system where we store
and process your information;
· To
scrutinize and investigate data leaks, illegal activities and fraudulent
behaviors;
· To
comply with applicable laws and regulations or the demand for your information
requested for litigation and other legal proceedings or imposed by governmental
authorities.
We occasionally demand authorizations to
access, including but not limited to, your storage, contacts, notifications,
GPS locations, cameras, Bluetooth, NFC when providing services. You may deny
the access to relevant personal information by turning off part or all of the
authorizations in device settings. The authorization management process is
different in different devices. Please refer to the relevant instructions for
accessing the device settings and the system developer mode.
Your personal information will be kept strictly
confidential and will not be shared with any other company, organization, or
individual, except in the following circumstances:
· When
we have obtained your clear consent to share your information with a third
party.
· When
we share your information with our staff members or the branch
institutions of our company across the world only in order to: provide further
services; carry out internal management; scrutinize for or handle data leaks,
illegal activities, or frauds; to maintain the integrity of the company’s IT
system. We share only necessary information
with our staff members within the minimal scope, which
are subject to this Privacy Agreement. We sign
non-disclosure agreements (NDAs) with the authorized staff members.
· When
we share your personal information with a third-party service
provider (or partner) for the benefit of offering or improving our services
including but not limited to cloud services, video surveillance services, IT
supports, custom services. We sign rigorous data handling agreements with all
relevant third-party service providers (or partners) which requires them to
take certain security measures in handling your information pursuant to the
relevant laws and regulations and our requirements to safeguard your data
security.
· When
we disclose your information under the demands of the laws and regulations or
government authorities.
We will not transfer your information to any
other company, organization, or individual except under any of the following circumstances:
· Transfer
under clear consent: when we have obtained your clear consent, we will transfer
your information to a third party.
· In
the case of merger, acquisition, or bankrupt clearance, we will demand the new
company or organization now in possession of your personal information to
continue to be bound by this Privacy Agreement. We will demand the
company or organization to obtain your new consent otherwise.
We will only disclose your information under the
following circumstances:
· When
we have obtained your clear consent;
· When
the law, legal proceedings including litigation, or government authorities,
demand so.
We will continue to save your information so
long as for purposes specified in this Privacy Agreement,and within any additional period as
required or permitted by law, until you withdraw the consent.
Whereas, we may postpone the retention of your
information for research or statistics, but we will desensitize your
information from tracking you.
At the same time, in accordance with the
law of the country in which you live, we may retain your personal
information to assist in any government and judicial investigations for the
purpose of submitting or maintaining legal requests or civil, criminal or
administrative procedures. If the above reasons fail to apply to the data we
preserve, we shall delete and destroy your data in a secure manner in
accordance with the relevant requirements.
Our products and services shall be primarily
for adults, yet, we shall be aware of the importance of taking extra
precautions to guarantee the privacy and security of people under legal age who
use the products and accept the services. We consider anyone who is
under the age of 16 (or the age as required by the local law) a person under
legal age.
We will only use or disclose the personal
information of people under legal age collected with the consent of the
guardian on the condition that the law permits, the guardian expressly consents
or the protection of the people under legal age is necessary. At any time, the
guardian who asks to access to, modify or delete personal information of the
person under guardianship shall contact us as described in Section 13.
If we are found to collect personal information
of people under legal age without firstly obtaining the consent of a verifiable
guardian, we shall try to remove the relevant content as soon as possible.
We adhere to recognized key data
protection principles (fairness, purpose limitation, data quality, data
retention, compliance with individual rights, and security), and take
reasonable measures to guarantee the security of your personal
information. We have applied a range of techniques to guarantee the security of
your personal information to minimize the risk of misuse, unauthorized access,
unauthorized disclosure and inaccessibility. Security measures we have adopted include
but are not limited to: data desensitization, data encryption, and
authorization control of firewalls and data access.
In addition, we shall regularly check and
update the security mechanisms used to protect data in order to provide
effective protection against data misuse. If you believe that the security of
your data has been compromised, or you would like to know more information
about the measures we adopt to protect data, please contact the
Data Protection Office through the contact method provided in the last section.
For we provide services globally, based
on the consideration of data storage security, we
will store synchronously all the information we collect
from you in our servers in Germany and the United States no
matter which country you live.
We are a multinational company and the
responsibility range of our teams responsible for data processing may cover the
world or a variety of countries/regions. Therefore, these teams may be anywhere
in the world where we conduct business, including outside the EU, in countries
that do not pursue the same standards for personal information protection as
your country. We may also transmit data outside the EU, including China. By
using or joining our services and/or providing us with your information, you
agree that we will collect, transmit, store and process your information
outside the country/region you live in accordance with this Privacy Policy. We
will make every effort to ensure that they comply with applicable legal
requirements to the extent permitted by existing technology, for example, by
executing standard contract terms. All of your data that we collect is used for
user and product analysis after necessary confidential processing to provide
you with better services. But in this case, we will take steps to protect your
information appropriately.
To provide you with more convenient and
personalized information display, search, and push services when you use our
services, we may extract your preferences based on your purchase information
and service log information, and produce an indirect portrait based on feature
labels for display, information push, and possible commercial advertising.
We may analyze processed data that fail to
identify you to improve our products and services.
We will not use your
data to conduct any fully automated decision.
· Access:
demand to provide a copy of the personal information we hold about you;
· Correct:
demand to correct the information containing errors or the expired information;
· Logout
and Cancel: demand to cancel your account or delete your personal information;
· Carry:
demand to provide your data and, if possible, to transfer the data directly to
data controller;
· Restrict:
demand to limit the processing for any dispute on the accuracy or legality of
our processing of personal information; yet, the right on processing may cause
you to be unable to accept our services normally;
· Refuse:
oppose to use your personal information for user portraits and automatic
decision-making, and oppose to send commercial information for direct marketing
by using your personal information;
· Lodge a
complaint: lodge a complaint on the processing of your data with the competent
authority of your residence or the member state that processes your data;
· Agree
to withdraw: withdraw the consent at any time when we rely on your consent to
process the data.
We will protect your right to access and
correct your personal information. If you wish to exercise any of the
rights described in Article 11.1, you may send e-mail to our Data Protection
Office for processing.
As we receive a large amount of commercial
promotion e-mails every day, we shall not respond if we believe that your
e-mails are not related to personal information.
After the request is made by the subject of
personal information, the following results may occur:
(1) Request denied
In some cases, requests from personal
information subjects shall be rejected, including but not limited to:
· The
subject of personal information is not granted relevant rights by laws of
where you live;
· The
identity of the person making the request fails to be verified;
· The
request made by the subject of personal information fails to be verified and is
beyond scope, especially when the request is repeated;
· The
disclosure of information is prone to harm the interests of the relevant
parties if the information involved is related to the damage or compensation
received in the dispute;
· The
information shall be retained for statistics and research, and the results of
statistics and research shall not reveal personal identities;
· Other
legally prescribed circumstances.
If the access request of the subject of
personal information is rejected, we shall formally explain the reason to the
requester.
(2) Request accepted
If there is no circumstance as specified in
(1), we shall process the request. If you really want the request to be
accepted, please provide us with as much detailed information as possible when
requesting, such as the request type and specific content, information about
the holder (such as the name of the product and service you use), and time for
generating or processing information (if the time could be as exact as
possible, the request may be accepted).
You may change the scope of your authorization
to continue to collect personal information or withdraw your authorization by
deleting the configuration information, removing binding the associated device,
and canceling the account number.
Please understand that the service of business
function shall require some basic personal information (registration e-mail) to
be completed, so if you withdraw your consent or authorization, we will stop
providing the service corresponding to the withdrawal of consent or
authorization. Yet, your decision to withdraw your consent or authorization
shall not affect the processing of personal information previously based on
your authorization.
We shall reserve the right to modify the
Privacy Agreement. Without your express consent, we shall not reduce
your rights in accordance with the Privacy Agreement. Any change to
the Privacy Agreement shall be posted on this page. For major
changes, we shall provide more obvious notice (for certain services, we shall
send an e-mail notification to state the specific changes to the
Privacy Agreement.)
Major changes referred to herein include but
are not limited to:
· Major
change of our service model, such as the purpose of processing personal
information, and the type of personal information under processing,
the way of using personal information;
· Major
change of our ownership structure, organizational structure, etc.,
such as owner change caused by business adjustments, bankruptcy mergers,
etc.;
· Main
subject change of public disclosure of personal information;
· Major change
of your right to participate in the processing of personal information and the
corresponding exercising methods;
· Change
of the department responsible for processing the security of personal
information, or change of contact information and complaint receiving channels;
· A
high risk shown in the assessment report of personal information
security impact.
At the same time, we shall archive the former
version of this Privacy Agreement for your reference.
If you have any questions about this
Privacy Agreement or you wish to exercise any right, or you have any
requests to discuss with us, please send an email to our Information Protection
Office specially established at the following address:MideaDPO@midea.com. Upon receiving
your request, we shall make every effort to respond within one month of the
request from the subject of personal information for the access. Your patience
and understanding are highly appreciated. Given the complexity and
quantity of requirements, the period may be extended for another 45
days as necessary. In case of deferred response, we shall inform the
subject of the personal information and the reasons for the delay. If the
limitation period set in this paragraph conflicts with the local laws, the
local laws shall prevail. The above statements are
only limited to midea being the joint controller of
your personal data.
If you disagree with us about our processing of
your personal information, you may submit a mediation request or other requests
to data protection regulator where you are located.