BroadLink Smart Platform Privacy Policy

1. Hangzhou BroadLink Technology Co., Ltd, its affiliates and subsidiaries (“we”, “us”, “our”, “BroadLink”) recognizes that your privacy is important, and we take it seriously. This Privacy Policy describes how we process personal data and protection information privacy during your use of the following services, products and related mobile applications (“Products”).

1.1.BroadLink smart life mobile applications

In this Privacy Policy, “Personal Data” means information that can be used to identify an individual, either from that information alone, or from that information and other information we have access to about that individual. “Smart Devices” refers to those nonstandard computing devices produced or manufactured by hardware manufacturers, with human-machine interface and the ability to transmit data that connect wirelessly to a network, including smart home appliances, smart wearable devices, smart air cleaning devices, etc. “Apps” refers to those mobile applications developed by BroadLink and used to help users to remotely control smart devices and connect to BroadLink IOT platform. This Privacy Policy also covers our processing of information collected on behalf of and under the direction of our Clients through OEM branded Apps and BroadLink APIs. The processing of such information is limited to the purpose of providing the service for which our Clients has engaged us and BroadLink has no direct relationship with the individuals whose Personal Data it processes. If you are a customer of our Clients and would no longer like to be contacted by one of our Clients that use our service, please contact the Client that you interact with directly.

What Personal Data Do We Collect?

1.3. In order to provide you with our services, we may request you to provide personal data required for this kind of services. We may be unable to provide you with our products and services if you refuse to provide your personal data.

2. Information You Voluntarily Provide Us

Account or Profile Data: When you register an account with us, we may collect your name and contact details, such as your name, email address, mailing address, phone number, username, and login credentials. During your interaction with our products, we may further collect your information such as nickname, avatar, country code, language preference or time zone in your account. Feedback: When you use our feedback and advice features in our products, we may collect your email address, mobile phone number and feedback content for our further processing of your issue and device troubleshooting.

3. Information We Collect Automatically

3.1. Account Information: Your account nickname, avatar, mobile phone number and email address; Facebook authorized login account (limited to ihc / ihc for EU); Google authorized login account, etc.

3.2. Device Information: When you interact with our products, we automatically collect device information, such as positioning permission (required for obtaining Wi-Fi SSIDs during device setup for Android 6.0 and above versions), the MAC address of your devices, IP address, wireless connection information, operating system type and version, App version, push notification identifier, log file and mobile network information.

3.3. Usage Data: During your interaction with our Sites and Services, we automatically collect usage data relating to visits, clicks, downloads, messages sent/received, and other usage of our Sites and Services.

3.4. Log information: When you use our App, the system and abnormity logs might be uploaded.

3.5. Location Information: We may collect information about your real-time precise or non-precise geo-location when you interact with our Products and Services (e.g. sweeping robot and weather service).

3.6. Home name, home location (specified manually), room info, home background picture and local electricity tariff.

3.7. Normally generated data during use: scene info, trigger info and remote panel info.

3.8. Smart device related information:

3.8.1. Basic information of smart devices: When you use Smart Devices that are connected to our Products or Services, we may collect basic information related to smart devices, such as device name, device ID, online status, activated time, firmware version and updates information.

3.8.2. Information reported by smart devices: We may collect the information reported by smart devices according to the types of smart devices you selected to be connected to our Products or Services. For example, the smart weighing scale or fitness tracker may report your height, weight, blood flow meter (BFM), body mass index (BMI) and skeletal muscle mass (SMM); the smart camera may collect pictures and videos it takes.

3.9. We do not collect your data which may reveal personal race or its source, political opinion, religion/philosophical belief, labor union membership, personal gene identification, biological data, or data related to heath, sexual life or sexual orientation. We do not collect personal data of users under age of 16 without permission from their legal guardians. If you are under age of 16, you need to get permission from your parent or other legal guardian before using the App and products.

4. Purposes and Legal Basis for Processing Personal Data

4.1. The purpose for which we may process information about you are as follows:

1) Provide You Services: We process your account and profile data, device information, usage data, location information, and Smart Device related information to provide you with our Products and Services that you have requested or purchased.

The legal basis for this processing is to perform our contract with you according to our Terms of Use.

2) Improve Our Services: We process your device information, usage data, location information and Smart Device related information to ensure the functions and safety of our Products, to develop and improve our Products and Services, to analyze the efficiency of our operations, and to prevent and trace fraudulent or inappropriate usage. The legal basis for this processing is to perform our contract with you according to our Terms of Use.

3) Non-marketing Communication: We process your personal data to send you important information regarding the Services, changes to our terms, conditions, and policies and/or other administrative information. Because this information may be important, you may not opt-out of receiving such communications. The legal basis for this processing is to perform our contract with you according to our Terms of Use.

4) Marketing Communication: We may process your personal data to provide marketing and promotional materials to you on our Products and Services. If we do so, each communication we send you will contain instructions permitting you to opt-out of receiving future communications of that nature. The legal basis for this processing is your consent. Additionally, if you consent to participate in our lottery, contest or other promotions, we may use your personal data to manage such activities.

5) Personalization: We may process your account and profile data, usage data, device information to personalize product design and to provide you with services tailored for you, such as recommending and displaying information and advertisements regarding products suited to you, and to invite you to participate in surveys relating to your use of our Products.

The legal basis for this processing is your consent.

4.2. Legal Compliance: We may process your personal data as we believe to be necessary or appropriate: a) to comply with applicable laws and regulations; b) to comply with legal process; c) to respond to requests from public and government authorities; d) to enforce our terms and conditions; e) to protect our operations, business and systems; f) to protect our rights, privacy, safety or property, and/or that of other users, including you; and g) to allow us to pursue available remedies or limit the damages that we may sustain.

5. Who Do We Share Personal Data with?

5.1. At BroadLink, we only share personal data in ways that we tell you about. We may share your Personal Data with the following recipients:

To our third-party service providers who perform certain business-related functions for us, such as website hosting, data analysis, payment and credit card processing, infrastructure provision, IT services, customer support service, e-mail delivery services, and other similar services to enable them to provide services to us.

5.2. To our customers and other business partners who provide you, directly or indirectly, with your Smart Devices, and/or networks and systems through which you access and use our Sites and Services.

5.3. To an affiliate or other third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including without limitation in connection with any bankruptcy or similar proceedings). In such an event, you will be notified via email and/or a prominent notice on our website of any change in ownership, incompatible new uses of your personal information, and choices you may have regarding your personal information.

5.4. As we believe to be necessary or appropriate: a) to comply with applicable laws and regulations; b) to comply with legal process; c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; d) to enforce our terms and conditions; e) to protect our operations, business and systems; f) to protect our rights, privacy, safety or property, and/or that of other users, including you; and g) to allow us to pursue available remedies or limit the damages that we may sustain.

To subsidiaries or affiliates within our corporate family, to carry out regular business activities.

Except for the third parties described above, to third parties only with your consent.

6. Transfer of Information Collected

6.1. To facilitate our operation, we may transfer, store and process your Personal Data in jurisdictions other than where you live. Laws in these countries may differ from the laws applicable to your country of residence. When we do so, we will ensure that an adequate level of protection is provided for the information by using the following approach: An agreement based on approved EU standard contractual clauses per GDPR Art. 46. For more information, see here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

If you would like further detail on the safeguards we have in place, you can contact us directly as described in this Privacy Policy.

6.2. If you are using Products in EU region, all your personal data will be preferred to be stored inside EU region. However, in order to improve the user experience of Products you have, we will transfer the uploaded data with your consent to the servers in whitelisted countries and regions (US, Canada, Switzerland, New Zealand) which are recognized by EU, China, Japan or Russia. The risk of data privacy protection exists when data is transferred to countries and regions outside EU. You acknowledge this and agree with the data transfer across EU and other regions.

7. Your Rights Relating to Your Personal Data

7.1. We respect your rights and control over your personal data. You may exercise any of the following rights:

1) Manually delete data in our Products (currently only available in ihc / ihc for EU / BroadLink App);

2) If you have any doubts, please send us email to dpo@broadlink.com.cn for help.

7.2. You do not have to pay a fee and we will aim to respond you within 30 days. If you decide to email us, in your request, please make clear what information you would like to have changed, whether you would like to have your personal information deleted from our database or otherwise let us know what limitations you would like to put on our use of your personal information. Please note that we may ask you to verify your identity before taking further action on your request, for security purposes.

7.3. You may:

1) Request access to the personal data that we process about you as you have the rights to know the condition of data collection including data uploading to cloud with your consent; 2) Request that we correct inaccurate or incomplete personal information about you; 3) Request deletion of personal data about you and erasing data backup on cloud. When you delete your personal data, your account linking with Alexa/Google platform will be also canceled and all your personal data on cloud will be deleted synchronously; 4) Request transfer of personal information to you or a third party where we process the data based on your consent or a contract with you, and where our processing is automated; and 5) Opt-out or object to our use of personal data about you where our use is based on your consent or our legitimate interests.

6) You can delete your account. Your data backup on cloud will be also deleted when your account is deleted. You have the rights to delete your account and all data under this account manually at any time.

8. Information Security Safeguards

8.1. We use commercially reasonable physical, administrative, and technical safeguards to preserve the integrity and security of your personal information. BroadLink provides various security strategies to effectively ensure data security of user and device. As for device access, BroadLink proprietary algorithms are employed to ensure data isolation, access authentication, applying for authorization. As for data communication, communication using security algorithms and transmission encryption protocols and commercial level information encryption transmission based on dynamic keys are supported. As for data processing, strict data filtering and validation and complete data audit are applied. As for data storage, all confidential information of users will be safely encrypted for storage. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), you must immediately notify us of the problem by dpo@broadlink.com.cn

8.2. We will irregularly improve data protection measures including but not limited to measures such as data encryption, physical measures and data authentication. We will selectively notify you according to situations.

8.3. We assigned a data protection officer (DPO) whose email address is dpo@broadlink.com.cn .

8.4. In case of your personal data leak, we will report the situation of personal data leak to EU or regulatory organization in your country in 72 hours, take remedy measures first time and report to you and regulatory organization in EU with remedy measures. In case we failed to report to regulatory organization in 72 hours, we will explain the reason for the delay of reporting in subsequent report.

8.5. Information Retention Period

We process your personal data for the minimum period necessary for the purposes set out in this Privacy Notice, unless there is a specific legal requirement for us to keep the data for a longer retention period. We determine the appropriate retention period based on the amount, nature, and sensitivity of your personal data, and after the retention period ends, we will destruct your personal data. When we are unable to do so for technical reasons, we will ensure that appropriate measures are put in place to prevent any further such use of your personal data.

9. Dispute Resolution

9.1. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact Hangzhou Arbitration Commission in China for arbitration (The website is http://www.hzhac.org).

10. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes, we will notify you by email (send to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

11. Contact Us

If you have any questions about our practices or this Privacy Policy, please contact us as follows:

Hangzhou BroadLink Technology Co., Ltd. Add: Building C, AI Industrial Park, 57 Jiang’er Road, Binjiang District, Hangzhou, P.R. China Email: dpo@broadlink.com.cn

For European Union data subject, you have the right to lodge a complaint with a supervisory authority concerning BroadLink’s data processing activities. For questions, or to exercise your rights as an EU data subject, please contact our EU Representative here: Email: dpo@broadlink.com.cn