PRIVACY STATEMENT
Protecting the
personal privacy of every customer, vendor, and employee is a crucial part of
gaining and keeping your trust in Qingdao Haier Technology Co., Ltd (us).
As a global operating organization, we strive to provide a high level of
privacy protection across all of our businesses and services.
This Statement does
not apply to third-party applications, products, services, websites or social
media features that may be accessed through links that we provide on our services.
Accessing those links may result in the collection of information about you by
a third party. We do not control or endorse those third-party websites or
their privacy practices. We encourage you to review the privacy policies
of such third parties before interacting with them.
Please read this
Statement carefully. When using our services that link to or reference this Statement,
you agree to be bound by the terms and conditions of this Statement.
Your personal data – what is it?
Personal data
relates to a living individual who can be identified from that data.
Identification can be by the data alone or in conjunction with any other data
in the data controller’s possession or likely to come into such possession. The
processing of your personal data is governed by applicable privacy laws.
What
roles do we play in processing your data?
We are the data
controller with respect to processing your data (contact details below). This
means that we decide how your personal data is processed and for what purposes.
We know that you care how data about you is used and shared, and we appreciate
your trust that we will do so carefully and sensibly.
When
are your personal data collected?
Some of your data can, in particular, be collected by us:
·
whenever you register
to use our online services and become our customer;
·
whenever you use
our services and products;
·
whenever you
contact us via the various channels we offer you.
Our
collection of personal data
The personal data
we collect include any and all data you provide to us when you enter into
contract with us, register an account with us, use our services or add information
to your account, or give us in any other way. You can choose not to provide data
to us, but we may then not be able to service you where such services require
processing such data. We use the data that you provide for purposes administering
your use of our services, such as communicating with you, responding to your
requests, managing your account, customizing your service experience with us
and improving our products and services. We may communicate with you by
mail, email or telephone. We will send you strictly service-related
announcements or information on rare occasions when it is necessary to do so.
Examples of the data
we collect and store include:
When you register
to be our user, we collect data you entered, including Email address, nation,
photo, nick name, etc.
When you use our
services, we collect information including:
·
Device
information: hardware device Mac address, device information, device type, preference,
etc.;
·
Other
personal information: device usage information, location, etc.
All the data we
collect from you may be stored as log files in our server or as augmented
information associated with you or your devices. These log files are used for
analysis, research, auditing, and other purposes. Your data is stored in log
files until the data is transferred to backup databases or related texts.
We routinely back-up a copy your data to prevent loss of your data in case of a
server breakdown or human error. However, all such copies of your data in our
backup database will be retained only for as long as our data retention policy
permits (see “How long do we keep your personal data?” below), and will
in any case be deleted immediately upon your request.
How do we process your
personal data?
We comply with our
obligations under applicable privacy laws by keeping personal data up to date;
by storing and destroying it securely; by collecting and retaining only the
necessary data that we need to service you; by protecting personal data from
loss, misuse, unauthorized access and disclosure and by ensuring that
appropriate technical measures are in place to protect personal data.
The processing
operations we perform on your data cover automated and non-automated means of
collecting, recording, organizing, structuring, storing, altering, retrieving,
using, transmitting, disseminating or otherwise making available, aligning or
combining, restricting, and/or erasing your data.
We
use your personal data for the following purposes:
·
To design and deliver
our services and activities to you.
·
To provide services and products requested by you as
described when we collect the information.
·
To contact you to
conduct research about your opinions of current services and products or of
potential new services and products that may be offered by us.
·
To
share your contact details with our affiliate offices around the world within
our group companies, for the purposes of internal administration and
back-office support, to ensure our network security, and to prevent fraud.
·
To
maintain the integrity and safety of our data technology systems which store
and process your personal data.
·
To provide
anonymous reporting for internal and external customers.
·
To provide you
with location based personalized services (such as leave and back home function).
·
To enforce or defend our policies or contract with you.
·
To detect and investigate data breaches, illegal
activities, and fraud.
What is our lawful basis for processing
your personal data?
In general, the
lawful bases for us to process your personal data for the various types of
processing performed on your data (please refer to “How do we process
your personal data?” section of this Statement)
is, as
applicable, processing based
on your consent, as necessary for us to enter into and to perform our contract
with you, or as necessary to pursue the legitimate interest of our Company or of
third parties.
We
will collect, process and use the personal data supplied by you only for the
purposes communicated to you and will not disclose your data to third parties
except under the circumstances of data disclosure described in the “Sharing
your personal data” section below.
Where we talk about our
legitimate interest or that of third parties, such legitimate interest can
include:
·
Implementation and operation of a group-wide
organizational structure and group-wide information sharing;
·
Right to freedom of expression or information, including
in the media and the arts;
·
Prevention of fraud, misuse of company IT systems, or
money laundering;
·
Operation of a whistleblowing scheme;
·
Physical security, IT and network security;
·
Internal investigations; and
·
Proposed mergers and acquisitions
Necessity to provide us data
You
are not under any obligation to provide us any personal data. As noted
below, the choice is yours. However, please note that without certain data from
you, we may not able to undertake some or all of our obligations to you under our
service contract with you, or adequately provide you with our full range of
services. If you would like to obtain more detail about this, please
contact us following the instructions in the “Whom should I contact”
section below.
Sharing your personal data
Your
personal data will be treated as strictly confidential, and will be shared only
with the categories of data recipients listed below. We will only share
your data with third parties outside of the Company with your consent, and you
will have an opportunity to choose for us not to share your data.
We
may disclose your personal data to:
·
our affiliated
entities within our global group of companies worldwide and authorized employee
to provide you services such as facilitating order processing and shipping, for
internal administration purposes, to detect and deal with data breaches,
illegal activities, and fraud, and to maintain the integrity of our information
technology systems.
·
third party
service providers whom we sub-contract to work on our behalf or for us and
therefore may have access to your data only for purposes of performing these
tasks on our behalf and under obligations similar to those described in this
Statement, who perform functions such as data processing, auditing, order
fulfillment, managing and enhancing customer data, providing customer service,
conducting customer research or satisfaction surveys, logistics support,
marketing support, payment processing and invoice collection support,
informational systems technical support, to help us provide, analyze, and
improve our services such as data storage, maintenance services, database
management, web analytics, improvement of our service features, and to assist
us in detecting and dealing with data breaches, illegal activities, and fraud.
·
governments and/or
government-affiliated institutions, courts, or law enforcement agencies, to
comply with our obligations under relevant laws and regulations, enforce or
defend our policies or contract with you, respond to claims, or in response to
a verified request relating to a government or criminal investigation or
suspected fraud or illegal activity that may expose us, you, or any other of
our customers to legal liability; provided that, if any
law enforcement agency requests your data, we will attempt to redirect the law
enforcement agency to request that data directly from you, and in such event,
we may provide your basic contact information to the law enforcement agency.
·
third parties
involved in a legal proceeding, if they provide us with a court order or
substantially similar legal procedure requiring us to do so.
We may provide you
with opportunities to connect with third party applications or services. If you
choose to use any such third party applications or services, we may facilitate
sharing of your information with your consent. However, we do not control the applications
or services of those third parties or how they use your information, and your
use of such applications and services is not governed by this Statement. Please
review the terms and the privacy policies of those third parties before using
their applications or services.
We will display
your personal data and account activity in your profile page and elsewhere on
our service portals according to the preferences you set in your account. You
can review and revise your profile information at any time. Please consider
carefully what information you disclose in your profile page and your desired
level of anonymity. In your profile page, we will also display your
device information as well as provide the network connection information for
the devices to the applications that connect to your devices.
How long do we keep your personal data?
We keep your
personal data for no longer than reasonably necessary for the given purpose for
which your data is processed. If you will provide us, or have provided us,
consent for us to process your data, we will process your data for no longer
than your consent is effective. Notwithstanding the above, we may retain your
personal data as required by applicable laws and regulations, as necessary to assist
with any government and judicial investigations, to initiate or defend legal
claims or for the purpose of civil, criminal or administrative proceedings. If
none of the above grounds for us to keep your data apply, we will delete and
dispose of your data in a secure manner according to our data protection policy.
Privacy of data subjects under the age
of 16
Our products and
services are not targeted to persons under the age of 16. We do not knowingly
collect or process personal data from persons under the age of 16. Please note
that if you are under the age of 16, you will need to provide us a written
signed consent from your parent or guardian indicating that your parent or
guardian has consented for us to process your data and send us the consent
through contact information provided from the section of “Whom should I
contact?”
Your rights and your personal data
Unless subject to an
exemption under applicable privacy laws, you have the following rights with
respect to your personal data:
·
The right to request
a copy of your personal
data which we hold about
you.
·
The right to request that we correct
any personal data if it is found to be inaccurate
or out of date.
·
The right to request to erase your personal data
where it is no longer
necessary for us to retain such
data, except we are not obliged to do so if we need to retain such data
in order to comply with a legal obligation or to establish, exercise or defend
legal claims.
·
The right to withdraw your consent to
the processing at any time, if and where we rely on your consent to process
your data. This includes cases where you wish to opt
out from marketing communications that you receive from us.
·
The right to
request that we provide you with your data and where possible, to transmit that
data directly to another data controller, where the processing is based on your
consent or is necessary for the performance of a contract with you, and in
either case we process the data by automated means.
·
The right to restrict our processing of your
personal data where you believe such data to be inaccurate, our processing is
unlawful; or that we no longer need to process such data for a particular
purpose unless we are not able to delete the data due to a legal or other
obligation or because you do not wish for us to delete it.
·
The right to
object to us using your personal data, where the legal
justification for our processing of your personal data is our legitimate
interest. We will abide by your request unless we have compelling legitimate
grounds for the processing which override your interests and rights, or if we
need to continue to process the data for the establishment, exercise or defense
of legal claims.
·
The right to lodge a
complaint regarding our
processing of your data, with the competent authority where you reside or in which
your data is processed.
If you would like
to exercise any of the above rights, please do so by providing your request to
the contact window set forth in the “Whom should I contact” section.
After receiving
your request, we will evaluate your request and inform you how we intend to
proceed on your request. Under certain circumstances in accordance with applicable
privacy laws and regulations, we may withhold access to your data, or decline
to modify, erase, port, or restrict the processing of your data.
Please be advised
that if you exercise the rights to erase data, restrict or object to our
processing, or to withdraw your consent, we may not be able to continue our
services to you if the necessary data is missing for processing.
Transfer, Storage, and Processing of Data
Abroad
As noted in the “Sharing
your personal data” section of this Statement, as a part of a globally
operating company, we may share your information with our affiliate companies
or third parties. Please refer to the “Sharing your personal
data” section of this Statement for the recipients of your data and the
reasons for our provision of your data to them. Where such entities are located
in other countries and jurisdictions, we will therefore be transferring your
personal data outside of the European Economic Area. In making such
data transfers, we make sure to protect your personal data by applying the
level of security required by applicable privacy laws. Where we transfer
your data to a country or jurisdiction that cannot guarantee the required level
of protection as required by applicable privacy laws, we have enhanced our IT
security measures and have entered into Standard Contractual Clauses with the
transferee to require security obligations on the transferee, both of which are
intended to increase the protection of your personal data. Standard Contractual
Clauses are one of a number of "appropriate safeguards" under the
applicable privacy laws that enable the transfer of personal data concerning data
subjects within the European Economic Area to jurisdictions that have not been
designated by the European Commission as possessing an adequate level of data protection.
You may request a copy of such Standard Contractual Clauses from us, or inquire
about transfers of your information, by providing your request to the contact
window set forth in the “Whom should I contact” section.
Further processing
If we wish to use
your personal data for a new purpose not covered by this Statement, then we
will provide you with a new notice explaining this new use prior to commencing such
further processing for a new purpose, setting out the relevant new purpose and
processing conditions. In such case, we will find a lawful basis for
further processing, and whenever necessary we will seek your prior written consent
to such further processing.
Security
We protect your data
using technical measures to minimize the risks of misuse, unauthorized access, unauthorized
disclosure, loss or theft, and loss of access. Some of the safeguards we use
are data pseudonymization, data encryption, firewalls, and data access
authorization controls. We take our data security very seriously. Therefore,
the security mechanisms used to protect your data are checked and updated
regularly to provide effective protection against abuse.
The information we
collect are usually encoded. Moreover, we have put in place additional and
comprehensive state-of-the-art security measures when your data are accessed
via the internet. Firewalls prevent unauthorized access. Diverse encryption and
identification layers protect your data from intrusion or disclosure to third
parties during data transfer. Moreover, an electronic identifier is generated
during data transfer to safeguard your information.
For your
confidentiality and security, we use ID and password to secure your personal
information. It is important for you to protect your ID, password, or any
personal information. Do not disclose your personal information (especially
password) to anyone. When you are finished using our services, please do not
forget to log out from your account.
Despite our best
efforts, however, security cannot be absolutely guaranteed against all threats.
If you believe that the security of your data has been compromised, or if you
like more information on the measures we use to protect your data, please
contact us following the instructions in the “Whom should I contact”
section below.
What are your choices?
You have the choice
to allow us to collect and process your data. The collection and
processing of your personal data is neither a statutory nor a contractual
requirement, although as noted above, we will be unable to provide you with
certain services without the data necessary for such services purposes.
You can always
choose not to provide your data to us, although we may need such data to
process your requests, in which case we will inform you of our constraints.
To the extent that you
have consented to our processing of your data, you can choose to discontinue
our processing at any time.
You can choose to
request from us a copy of the personal data we store and process regarding
you.
You can choose to add
or update data that you have provided to us.
You can choose to
erase your data, or you may choose to restrict our processing of your data
instead.
You can choose to
port your data to a third party under conditions stated above.
You can choose to
object to our processing of your data.
Your choice or
request on any aspects of data processing listed above can be communicated to
us using the channels set forth in the “Whom should I contact” section
of this Statement.
In summary,
what we are allowed to do with your data is, with limited exceptions under applicable
privacy laws, up to you. However, in the event that you choose for us not to
further process your data, such choice may affect the delivery of our
obligations or services to you; in this situation, we will inform you of our
constraints.
Whom should I contact?
If you have any
question about this Statement, or if you would like to exercise any of your
rights, or if you have any complaints that you would like to discuss with us,
please in the first instance send us signed and dated request, together with a
copy of your identity card. Please be as accurate as possible:
by post to
Qingdao Haier
Technology Co., Ltd.
Information
Security Manager
or
In case of
disagreements relating to our processing of your personal data, you can submit
a request for mediation or other administrative action to the data protection
supervisory authority with the competent authority where you reside or in which
your data is processed. Please click here for a list of local data
protection authorities in EEA countries:
http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.