BroadLink Smart Platform Privacy Policy

1. Hangzhou BroadLink Technology Co., Ltd, its affiliates and subsidiaries (“we”, “us”, “our”, “BroadLink”) recognizes that your privacy is important, and we take it seriously. This Privacy Policy describes how we process personal data and protection information privacy during your use of the following services, products and related mobile applications (“Products”).

1.1.BroadLink smart life mobile applications

In this Privacy Policy, “Personal Data” means information that can be used to identify an individual, either from that information alone, or from that information and other information we have access to about that individual. “Smart Devices” refers to those nonstandard computing devices produced or manufactured by hardware manufacturers, with human-machine interface and the ability to transmit data that connect wirelessly to a network, including smart home appliances, smart wearable devices, smart air cleaning devices, etc. “Apps” refers to those mobile applications developed by BroadLink and used to help users to remotely control smart devices and connect to BroadLink IOT platform. This Privacy Policy also covers our processing of information collected on behalf of and under the direction of our Clients through OEM branded Apps and BroadLink APIs. The processing of such information is limited to the purpose of providing the service for which our Clients has engaged us and BroadLink has no direct relationship with the individuals whose Personal Data it processes. If you are a customer of our Clients and would no longer like to be contacted by one of our Clients that use our service, please contact the Client that you interact with directly.

What Personal Data Do We Collect?

1.3. In order to provide you with our services, we may request you to provide personal data required for this kind of services. We may be unable to provide you with our products and services if you refuse to provide your personal data.

2. Information You Voluntarily Provide Us

Account or Profile Data: When you register an account with us, we may collect your name and contact details, such as your name, email address, mailing address, phone number, username, and login credentials. During your interaction with our products, we may further collect your information such as nickname, avatar, country code, language preference or time zone in your account. Feedback: When you use our feedback and advice features in our products, we may collect your email address, mobile phone number and feedback content for our further processing of your issue and device troubleshooting.

3. Information We Collect Automatically

3.1. Account Information: Your account nickname, avatar, mobile phone number and email address; Facebook authorized login account (limited to ihc / ihc for EU); Google authorized login account, etc.

3.2. Device Information: When you interact with our products, we automatically collect device information, such as positioning permission (required for obtaining Wi-Fi SSIDs during device setup for Android 6.0 and above versions), the MAC address of your devices, IP address, wireless connection information, operating system type and version, App version, push notification identifier, log file and mobile network information.

3.3. Usage Data: During your interaction with our Sites and Services, we automatically collect usage data relating to visits, clicks, downloads, messages sent/received, and other usage of our Sites and Services.

3.4. Log information: When you use our App, the system and abnormity logs might be uploaded.

3.5. Location Information: We may collect information about your real-time precise or non-precise geo-location when you interact with our Products and Services (e.g. sweeping robot and weather service).

3.6. Home name, home location (specified manually), room info, home background picture and local electricity tariff.

3.7. Normally generated data during use: scene info, trigger info and remote panel info.

3.8. Smart device related information:

3.8.1. Basic information of smart devices: When you use Smart Devices that are connected to our Products or Services, we may collect basic information related to smart devices, such as device name, device ID, online status, activated time, firmware version and updates information.

3.8.2. Information reported by smart devices: We may collect the information reported by smart devices according to the types of smart devices you selected to be connected to our Products or Services. For example, the smart weighing scale or fitness tracker may report your height, weight, blood flow meter (BFM), body mass index (BMI) and skeletal muscle mass (SMM); the smart camera may collect pictures and videos it takes.

3.9. We do not collect your data which may reveal personal race or its source, political opinion, religion/philosophical belief, labor union membership, personal gene identification, biological data, or data related to heath, sexual life or sexual orientation. We do not collect personal data of users under age of 16 without permission from their legal guardians. If you are under age of 16, you need to get permission from your parent or other legal guardian before using the App and products.

4. Purposes and Legal Basis for Processing Personal Data

4.1. The purpose for which we may process information about you are as follows:

1) Provide You Services: We process your account and profile data, device information, usage data, location information, and Smart Device related information to provide you with our Products and Services that you have requested or purchased.

The legal basis for this processing is to perform our contract with you according to our Terms of Use.

2) Improve Our Services: We process your device information, usage data, location information and Smart Device related information to ensure the functions and safety of our Products, to develop and improve our Products and Services, to analyze the efficiency of our operations, and to prevent and trace fraudulent or inappropriate usage. The legal basis for this processing is to perform our contract with you according to our Terms of Use.

3) Non-marketing Communication: We process your personal data to send you important information regarding the Services, changes to our terms, conditions, and policies and/or other administrative information. Because this information may be important, you may not opt-out of receiving such communications. The legal basis for this processing is to perform our contract with you according to our Terms of Use.

4) Marketing Communication: We may process your personal data to provide marketing and promotional materials to you on our Products and Services. If we do so, each communication we send you will contain instructions permitting you to opt-out of receiving future communications of that nature. The legal basis for this processing is your consent. Additionally, if you consent to participate in our lottery, contest or other promotions, we may use your personal data to manage such activities.

5) Personalization: We may process your account and profile data, usage data, device information to personalize product design and to provide you with services tailored for you, such as recommending and displaying information and advertisements regarding products suited to you, and to invite you to participate in surveys relating to your use of our Products.

The legal basis for this processing is your consent.

4.2. Legal Compliance: We may process your personal data as we believe to be necessary or appropriate: a) to comply with applicable laws and regulations; b) to comply with legal process; c) to respond to requests from public and government authorities; d) to enforce our terms and conditions; e) to protect our operations, business and systems; f) to protect our rights, privacy, safety or property, and/or that of other users, including you; and g) to allow us to pursue available remedies or limit the damages that we may sustain.

5. Who Do We Share Personal Data with?

5.1. At BroadLink, we only share personal data in ways that we tell you about. We may share your Personal Data with the following recipients:

To our third-party service providers who perform certain business-related functions for us, such as website hosting, data analysis, payment and credit card processing, infrastructure provision, IT services, customer support service, e-mail delivery services, and other similar services to enable them to provide services to us.

5.2. To our customers and other business partners who provide you, directly or indirectly, with your Smart Devices, and/or networks and systems through which you access and use our Sites and Services.

5.3. To an affiliate or other third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including without limitation in connection with any bankruptcy or similar proceedings). In such an event, you will be notified via email and/or a prominent notice on our website of any change in ownership, incompatible new uses of your personal information, and choices you may have regarding your personal information.

5.4. As we believe to be necessary or appropriate: a) to comply with applicable laws and regulations; b) to comply with legal process; c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; d) to enforce our terms and conditions; e) to protect our operations, business and systems; f) to protect our rights, privacy, safety or property, and/or that of other users, including you; and g) to allow us to pursue available remedies or limit the damages that we may sustain.

To subsidiaries or affiliates within our corporate family, to carry out regular business activities.

Except for the third parties described above, to third parties only with your consent.

6. Transfer of Information Collected

6.1. To facilitate our operation, we may transfer, store and process your Personal Data in jurisdictions other than where you live. Laws in these countries may differ from the laws applicable to your country of residence. When we do so, we will ensure that an adequate level of protection is provided for the information by using the following approach: An agreement based on approved EU standard contractual clauses per GDPR Art. 46. For more information, see here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

If you would like further detail on the safeguards we have in place, you can contact us directly as described in this Privacy Policy.

6.2. If you are using Products in EU region, all your personal data will be preferred to be stored inside EU region. However, in order to improve the user experience of Products you have, we will transfer the uploaded data with your consent to the servers in whitelisted countries and regions (US, Canada, Switzerland, New Zealand) which are recognized by EU, China, Japan or Russia. The risk of data privacy protection exists when data is transferred to countries and regions outside EU. You acknowledge this and agree with the data transfer across EU and other regions.

7. Your Rights Relating to Your Personal Data

7.1. We respect your rights and control over your personal data. You may exercise any of the following rights:

1) Manually delete data in our Products (currently only available in ihc / ihc for EU / BroadLink App);

2) If you have any doubts, please send us email to dpo@broadlink.com.cn for help.

7.2. You do not have to pay a fee and we will aim to respond you within 30 days. If you decide to email us, in your request, please make clear what information you would like to have changed, whether you would like to have your personal information deleted from our database or otherwise let us know what limitations you would like to put on our use of your personal information. Please note that we may ask you to verify your identity before taking further action on your request, for security purposes.

7.3. You may:

1) Request access to the personal data that we process about you as you have the rights to know the condition of data collection including data uploading to cloud with your consent; 2) Request that we correct inaccurate or incomplete personal information about you; 3) Request deletion of personal data about you and erasing data backup on cloud. When you delete your personal data, your account linking with Alexa/Google platform will be also canceled and all your personal data on cloud will be deleted synchronously; 4) Request transfer of personal information to you or a third party where we process the data based on your consent or a contract with you, and where our processing is automated; and 5) Opt-out or object to our use of personal data about you where our use is based on your consent or our legitimate interests.

6) You can delete your account. Your data backup on cloud will be also deleted when your account is deleted. You have the rights to delete your account and all data under this account manually at any time.

8. Information Security Safeguards

8.1. We use commercially reasonable physical, administrative, and technical safeguards to preserve the integrity and security of your personal information. BroadLink provides various security strategies to effectively ensure data security of user and device. As for device access, BroadLink proprietary algorithms are employed to ensure data isolation, access authentication, applying for authorization. As for data communication, communication using security algorithms and transmission encryption protocols and commercial level information encryption transmission based on dynamic keys are supported. As for data processing, strict data filtering and validation and complete data audit are applied. As for data storage, all confidential information of users will be safely encrypted for storage. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), you must immediately notify us of the problem by dpo@broadlink.com.cn

8.2. We will irregularly improve data protection measures including but not limited to measures such as data encryption, physical measures and data authentication. We will selectively notify you according to situations.

8.3. We assigned a data protection officer (DPO) whose email address is dpo@broadlink.com.cn .

8.4. In case of your personal data leak, we will report the situation of personal data leak to EU or regulatory organization in your country in 72 hours, take remedy measures first time and report to you and regulatory organization in EU with remedy measures. In case we failed to report to regulatory organization in 72 hours, we will explain the reason for the delay of reporting in subsequent report.

8.5. Information Retention Period

We process your personal data for the minimum period necessary for the purposes set out in this Privacy Notice, unless there is a specific legal requirement for us to keep the data for a longer retention period. We determine the appropriate retention period based on the amount, nature, and sensitivity of your personal data, and after the retention period ends, we will destruct your personal data. When we are unable to do so for technical reasons, we will ensure that appropriate measures are put in place to prevent any further such use of your personal data.

9. Dispute Resolution

9.1. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact Hangzhou Arbitration Commission in China for arbitration (The website is http://www.hzhac.org).

10. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes, we will notify you by email (send to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

11. Contact Us

If you have any questions about our practices or this Privacy Policy, please contact us as follows:

Hangzhou BroadLink Technology Co., Ltd. Add: Building C, AI Industrial Park, 57 Jiang’er Road, Binjiang District, Hangzhou, P.R. China Email: dpo@broadlink.com.cn

For European Union data subject, you have the right to lodge a complaint with a supervisory authority concerning BroadLink’s data processing activities. For questions, or to exercise your rights as an EU data subject, please contact our EU Representative here: Email: dpo@broadlink.com.cn

博联智能隐私政策

1.杭州博联智能科技股份有限公司及其附属公司(以下合称为“我们”或“博联”)致力于保护您的个人隐私。本隐私政策(下称“本政策”)阐述了在您使用下列服务、产品和相关移动应用程序(统称为“产品”)期间,我们如何处理个人数据并保障信息隐私。

1.1博联智能手机应用程序和智能生活移动应用程序

在本政策中,“个人数据”是指单独使用或者结合其他信息使用能够识别个人身份的信息。“智能设备”是指硬件制造商生产或制造的,具有人机界面并且可以通过无线网络传输数据的非标准计算设备,包括智能家用电器、智能可穿戴设备、智能空气净化设备等。“应用程序”是指由博联开发的移动应用程序,能够帮助终端用户远程控制智能设备并连接至博联物联网(IoT)平台。

1.2对于由博联提供支持服务的其他品牌商的移动应用程序,将由我们的客户决定要通过我们的产品收集哪些个人数据。我们根据客户的要求收集信息,此类信息的处理仅限于提供客户与我们约定的服务。如果您是我们客户的用户,并且您不希望使用我们服务的客户联系您,请直接联系该客户并告知您的诉求。 我们收集哪些个人数据

1.3为了向您提供我们的服务,我们会要求您提供此类服务所必须的个人数据。如果您不提供个人数据,我们可能无法为您提供我们的产品或服务。

2、  您自愿向我们提供的信息

帐户或个人资料数据:当您注册我们的帐户时,我们可能会收集您的姓名和联系方式,如您的电子邮件地址、电话号码、用户名和登录凭据。在您与我们的产品交互期间,我们可能会进一步收集您帐户中的昵称、头像、国家代码、语言偏好或时区信息等。 反馈:当您使用我们产品中的反馈和建议功能时,我们会收集您的电子邮件地址、手机号码和反馈内容,以便及时处理您的问题和设备故障。

3、  我们自动收集的信息

3.1账户信息:您的用户昵称、头像、手机号码以及邮箱地址;Facebook(限于IHC APP及IHC for EU APP)授权登录账户名;Google授权登陆账户名等。

3.2设备信息:当您与我们的产品交互时,我们会自动收集设备信息,如定位权限:设备配网时候需要Android6.0以上获取设备WiFI信息(包括附近WiFI列表)的定位权限、设备的MAC地址、IP地址、无线连接信息、操作系统类型和版本、应用程序版本号、推送通知标识符、日志文件和移动网络信息。

3.3使用数据:在您与我们的网站和服务交互期间,我们会自动收集与访问、点击、下载、发送/接收消息和其他使用我们的网站和服务相关的使用数据。

3.4日志信息:当您使用我们的应用程序时,系统和异常日志可能会被上传。

3.5位置信息:当您使用我们的特定产品或服务(例如扫地机器人和天气服务)时,我们可能会收集有关您的实时精确或非精确地理定位信息。

3.6家庭名称、家庭所在地区(由您手动设置)、房间信息、家庭背景图片、当地电价。

3.7用户使用功能时正常产生的数据:场景信息、联动信息、遥控面板信息。

3.8智能设备相关信息:

3.8.1智能设备基本信息:当您使用与我们的产品或服务连接的智能设备时,我们可能会收集有关智能设备的基本信息,如设备名称、设备ID、在线状态、激活时间、固件版本和升级信息等。

3.8.2智能设备报告的信息:根据您选择与我们的产品或服务连接的不同智能设备,我们可能会收集您的智能设备报告的信息。例如,智能体重秤或健身追踪器可能会报告您的身高、体重、体脂含量(BFM)、体重指数(BMI)和骨骼肌含量(SMM);智能摄像头可能会收集其拍摄的图像或视频。

3.9我们不收集您的个人种族或民族起源、政治观点、宗教、哲学信仰、工会组织成员的数据、个人基因书别数据或涉及健康、性生活或性取向的数据。我们不会在未经儿童的监护人许可的情况下收集16周岁以下用户的数据,若您是16周岁以下的儿童,请您必须获得您父母或您监护人的许可后才能使用我们的产品和服务。

4.处理个人数据的目的和法律依据

4.1我们处理您信息的目的如下:

(1)为您提供服务:我们处理您的帐户和个人资料数据、设备信息、使用数据、位置信息和智能设备相关信息,以提供您请求或购买的产品和服务。此类处理的法律依据是根据我们的使用条款履行我们与您的合同。

(2)改善我们的服务:我们处理您的设备信息、使用数据、位置信息和智能设备相关信息,以确保我们产品的功能和安全性,开发和改进我们的产品和服务,分析我们的运营效率,并防止和跟踪欺诈或不当使用行为。此类处理的法律依据是根据我们的使用条款履行我们与您的合同。

(3)非营销通信:我们处理您的个人数据,旨在向您发送与服务、条款/条件和政策变更和/或其他管理信息相关的重要信息。由于此类信息较为重要,您可能无法选择不接收此类邮件。此类处理的法律依据是根据我们的使用条款履行我们与您的合同。

(4)营销通信:我们可能会处理您的个人数据,以向您提供与我们产品和服务相关的营销和促销资料。在上述情况中,我们向您发送的每封邮件均含有允许您选择不再接收此类邮件的指示信息。此类处理的法律依据是基于您的同意。另外,如果您同意参加我们的抽奖、竞赛或其他促销活动,我们可能会使用您的个人数据来管理此类活动。

(5)个性化服务:我们可能会处理您的帐户和个人资料数据、使用数据、设备信息,以设计个性化的产品并为您提供量身定制的服务(例如推荐和显示适合您的产品信息和广告),以及邀请您参与您使用的产品的用户调查。此类处理的法律依据是基于您的同意。

4.2合规:我们会在我们认为必要或适当的情况下处理您的个人数据:(a)遵守适用的法律法规;(b)遵守法律程序;(c)响应公共机构和政府当局的要求;(d)履行我们的条款和条件;(e)保护我们的运营、业务和系统;(f)保护我们和/或包括您在内的其他用户的权利、隐私、安全或财产;以及(g)寻求可用的补救措施或限制我们可能需要提供的损害赔偿。

5.我们与谁共享您的个人数据?

5.1博联仅以您知晓的方式共享您的个人数据。我们可能会与下列参与者共享您的个人数据: 向为我们提供某些业务相关服务的第三方服务提供商披露您的个人数据,例如网站托管、数据分析、支付和信用卡处理、基础设施供应、IT服务、客户支持服务、电子邮件发送服务以及其他类似服务,从而确保他们能够为我们提供服务。

5.2向直接或间接为您提供智能设备和/或您用来访问和使用我们网站和服务的网络和系统的客户以及其他业务合作伙伴披露您的个人数据。

5.3当发生重组、合并、出售、合资、让渡、转让或其他处置我们所有或部分业务、资产或股票(包括但不限于与任何破产或类似程序相关的上述情况)的情况时,向附属公司或其他第三方披露您的个人数据。在这种情况下,您将通过电子邮件和/或我们的网站收到关于所有权变更、个人数据新的使用方式不兼容以及有关个人数据选择的明确通知。

5.4在我们认为必要或适当的情况下:(a)遵守适用的法律法规;(b)遵守法律程序;(c)响应公共机构和政府当局的要求,包括您居住的国家/地区以外的公共机构和政府当局;(d)履行我们的条款和条件;(e)保护我们的运营、业务和系统;(f)保护我们和/或包括您在内的其他用户的权利、隐私、安全或财产;以及(g)寻求可用的补救措施或限制我们可能需要提供的损害赔偿。 向公司旗下的子公司或附属公司披露您的个人数据,以定期开展业务活动。 除上述第三方以外,我们仅在您同意的情况下向其他第三方披露您的个人数据。

6.所收集信息的国际转移

6.1为了方便我们的操作,我们可能会在您居住的地方以外的司法管辖区转移、存储和处理您的个人数据。这些国家可能设有不同的数据保护法。在此类情况下,我们会通过以下一种或多种方式确保您的信息得到充分的保护: 根据GDPR第46条批准的“欧盟标准合同条款”达成的协议。有关更多信息,请访问:https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en. 如果您想进一步了解我们的安全保障措施,您可以通过本政策直接联系我们。

6.2如果您使用地在欧盟境内,您所有的用户数据优先保留在欧盟境内,但是为了改善您所使用产品的体验,我司会将经您同意上传后的数据传输至欧盟认定的白名单国家和地区(美国、加拿大、瑞士、新西兰)或者中国大陆、日本、俄罗斯的服务器。数据传输出欧盟外的国家和地区,存在一定的数据隐私保护的风险,关于这点,您知晓并且同意数据跨欧盟传输。

7.与个人数据有关的权利

7.1我们尊重您的权利,同时也会掌握您的个人数据。您可以行使下列任何一项权利:

(1)通过我们产品(目前仅限于IHC APP for EU及BroadLink APP)中手动进行删除数据操作;

(2)如您有疑问,请发送邮件至dpo@broadlink.com.cn寻求帮助。

7.2您无需支付任何费用,我们将在30天之内作出答复。如果您决定通过电子邮件向我们发送请求,请说明您希望更改哪些信息,您是否希望将您的个人数据从我们的数据库中删除,或者您希望我们在使用您的个人数据时受到哪些限制。请注意,出于安全考虑,我们可能会在进一步处理您的请求之前要求您核实身份。

7.3您可以:

(1)要求访问我们处理的与您相关的个人数据,您有权知晓被收集的数据情形,包括经您同意上传至云端的数据情形;

(2)要求我们纠正与您相关的不准确或不完整的个人数据;

(3)要求删除您的个人数据;及销毁云端备份的数据,销毁操作将默认取消与Alexa/Google平台的互联互通,则云端数据全部同步删除;

(4)要求我们基于您的同意或与您签订的合同处理您的数据,以及我们自动处理您的数据时,向您本人或第三方传输个人数据;

(5)当我们基于您的同意或我们的正当利益使用您的个人数据时,选择反对或拒绝我们使用您的个人数据;

(6)您可以注销账号,注销账号后您云端的备份数据将被同时删除。您拥有随时手动销毁账户以及账户下所有数据的权利。

8.安全保障措施

8.1我们采取商业上合理的物理、管理和技术保障措施,以维护您的个人数据的完整性和安全性。博联提供多种安全保障策略,以有效确保用户和设备的数据安全。在设备访问方面,我们采用博联专有算法保障数据隔离、访问认证和授权申请。在数据通信方面,支持使用安全算法和传输加密协议以及基于动态密钥的商业级信息加密传输进行通信。在数据处理方面,采用严格的数据过滤和验证以及完整的数据审核流程。在数据存储方面,用户的所有机密信息将进行安全的加密处理以便存储。如果您出于任何原因认为您与我们的交互不再安全(例如,您认为您的博联帐户的安全性已经受损),请您发送电子邮件至dpo@broadlink.com.cn立即告知我们。

8.2我们会不定期提升数据的安全保障措施,包括且不限于数据加密、物理措施、数据认证等手段。我们会根据情况需要选择通知您。

8.3我们设置数据保护官(DPO) ,其联络邮箱为dpo@broadlink.com.cn

8.4若发生您的数据泄露的情况,我们会在72小时内向欧盟或您所在国监管机构报告个人数据的泄露情况,第一时间采取相应的补救措施,并将补救措施向您及欧盟监管机构汇报。若我们未能在72小时内报告监管机构,则我们的后续报告会说明迟延报告的理由。

8.5数据保留期限

我们将在达成本政策所述目的的最短期限内处理您的个人数据,除非根据特定法律要求需要保留较长时间。我们将根据个人数据的数量、性质和敏感性决定适当的保留期限,在保留期限结束后,我们将销毁您的个人数据。如果我们出于技术原因无法销毁数据,我们将采取适当措施防止您的个人数据被进一步使用。

9.争议解决

9.1如果您有未解决的隐私或数据使用问题且我们未能提供令您满意的解决方案,请联系中国杭州仲裁委员会进行仲裁,网址:http://www.hzhac.org

10.关于政策变更的声明

我们可能会根据信息实践的变化对本政策进行更新。如果我们作出任何重大变更,我们将通过电子邮件(发送至您帐户中指定的电子邮件地址)通知您,或于变更生效前在移动应用程序上发布通知。我们建议您定期浏览本页面,以获取有关隐私做法的最新信息。

11.联系我们

如果您对我们的做法或本政策存在任何疑问,请通过以下方式联系我们: 杭州博联智能科技股份有限公司 通讯地址:浙江省杭州市滨江区江二路57号杭州人工智能产业园C幢 电子邮箱:dpo@broadlink.com.cn 对于欧盟数据主体,您有权向监管机构投诉博联的数据处理活动。如有疑问,或需要行使您作为欧盟数据主体的权利,请联系我们的欧盟代表: 电子邮箱:dpo@broadlink.com.cn