Privacy Agreement
The Privacy Agreement applies to HolaBrain mobile application services (“the Services”)
provided to you. We will collect personal information from you as appropriate and necessary in accordance with laws and regulations.
We will do our best to protect your information from disclosure, damage, or missing
through reasonable and effective information security techniques and management processes and corresponding security protection measures. We hope to clarify how we are committed to protecting your personal
information through the following Privacy Agreement.
The Privacy Agreement is updated at least every 12 months. The Privacy
Statement was updated on
November
15
, 2023 (V4)
Please read the Privacy Agreement in its entirety. If you have any questions about the Privacy Agreement, you can contact us via the email address provided herein.
By using or continuing to use our products and services, you agree to the
content of the Privacy Agreement. If you do not agree to any of the Privacy Agreement, please stop using our services immediately.
Personal information refers to any information relating to an identified or
identifiable natural person. In other words, personal information is any information that allows us to
identify you directly or indirectly.
In the Privacy Agreement, we also use "data" to represent personal information.
We will collect your personal information under the following circumstances:
·
When you register as our user;
·
When you buy any of our products;
·
When you sign up for or join our events;
·
When you use our services and products;
The purpose of collecting your personal information is to provide you with
products and/or services and to ensure that we comply with relevant applicable laws, regulations and
other normative documents. You have the right to choose whether to provide the information, but in most
cases, if you do not provide the information, we may not be able to provide you with the corresponding
services or respond to the problems you encounter.
These services include:
·
When you register or log in with your mobile phone number or email address, we will collect
your phone number, email address, and password that you use in registration. If you refuse to provide
such
information, you will not be able to use the registration and login services.
·
When you have registered successfully, you can optionally enter your
personal information in the profile section of the App, including your nickname and upload a picture
as your avatar. Such information is your account information. The account information you add will
help us provide you with better services. You will still be able to use the basic functions when you
refuse to provide such additional information.
·
When you download or use the App, we may collect internet or other electronic network activity information and read information about your mobile device,
i
ncluding hardware device identification number (IMSI, IMEI, MEID, device hardware serial number,
SIM card ID, OAID, Mac address, Android ID or other unique device identifiers), IP address, phone model,
system version information, system language, country or region of your phone, the version number of the
app store, phone screen size and resolution, CPU and display device information, and device settings for
accessing services. We may also read information about the use of your appliances through the Internet
of Things (IoT) App,
including
the device model, operating status, frequency of usage, and the use of cameras built into
some devices.
·
To detect smart devices and connect to WLAN, we need permission to access your phone location,
and get the WLAN list and the WLAN name and WLAN password you entered. Such information is only used
locally and will not be uploaded to the server.
·
When you use bonded and controlled devices, we will collect the information of device
name,
device
model,
device
version,
device identifier
(SN),
device
MAC
address,
IP address, system status information, operating system information, personalized device
parameters, business events and device operation records. The purpose of collecting such information is
to bind smart devices, control and manage devices, set device attributes and parameters, view device
working status and history, carry out statistics, review and research on devices and service and
operation status, and improve the quality and services of smart devices.
·
With your consent, we collect geolocation data, specifically, your current location information;
however, we do not track your whereabouts. The location service can directly obtain your location
information to provide you with services, such as weather service, intelligent scene service, and
services of detecting nearby smart devices and WLAN lists. The device will save Wi-Fi SSID and password
when connected to a home Wi-Fi router, and such information will not be uploaded to the
clouds.
·
When you use
the
APP
to associate services with third-party
APP
(IFTTT, Amazon Alexa, Google Assistant, Yandex), we will collect your user ID or
user name and send
them
to the third-party
APP.
·
When you use an IoT device with a built-in camera and voice function, we may collect your voices, videos and pictures when
you use the relevant functions. If you do not provide such information, you will not be able to use the
built-in camera and voice functions of home appliances. You can view the real-time and historical video
footage captured by the camera through the software, or save the video locally. In order to enable the
said function, we will send all videos captured by the camera to your App in an encrypted manner. We will neither store your video footage on our server nor use it for
any other purpose or share it with any third party without your consent.
·
When you use a product or service, we will automatically receive and record information about
your browser and computer or App client, such as your IP address, browser type, language used, and
access date and time, hardware and software feature information and web page records you
need.
·
When you use our after-sales service, we may also collect the name, phone number, email address,
home address, product information (SN, product category, model), purchase time, problem description,
pictures and videos of the problem you provide, warranty card number, place of purchase, and date of
purchase. We collect such personal information to ensure that when you request repair service in the
future, our after-sales engineer can provide you with on-site service and solve the problems you
encounter according the information you provide. If you do not provide such information, we will not be
able to effectively locate and solve the problems you have reported.
·
To help us understand and analyze the operation of the App, we will use the mobile analysis software SDK. We may record
relevant information such as your event log, frequency of usage data, corrupted data, overall usage
data, performance data, etc. We will not associate information stored in the analysis software with any
of your personal information.
·
It is important to note that separate device information or service log information cannot
identify a particular natural person. If we combine such non-personal information with other information
to identify a particular natural person or use it in conjunction with personal information, such
non-personal information will be treated as personal information during the period combined use, and we
will de-identify such information unless we have your authorization or unless otherwise stipulated by
law.
As mentioned above, we will store your account information in the database so
that you can get your personal data immediately every time you visit our website and use our
A
PP
or other services.
Your data will be stored in our server as log files and used for analysis and research. After being processed in the server, your
data will be transmitted to the database.
We will back up data on a regular basis to prevent data loss due to server
failure or human error, and will delete them immediately at your request.
1.3.2
Circumstances where you can choose whether to authorize us to collect and use your personal
information
For you to enjoy better control, management, etc. of a smart device, we may collect and use your
personal information in the following additional functions. If you do not provide such personal
information, you can still use the basic services but you may not be able to use the additional
functions that can bring you convenience. Also, you can go
to
the permission settings page of the device to change permissions at any time.
The following are the details of the relevant functions and call permissions listed for your
reference:
Read and write external storage (for Android): I
t is for
read
ing
and writ
ing
photos and files on the device in functions such as scanning and user feedback.
Location permission (for Android and iOS): It is for weather service provision, locating, home
location management, smart device automation, detecting nearby smart devices, and detecting nearby WLAN
lists.
Camera permission (for Android and iOS): It is for scanning QR codes to add devices, upload
images, and more.
P
hone-reading p
ermission (
for
Android): It is for generat
ing
the device's identifier locally on the client
end
.
WLAN-enabling permission (for Android and iOS): It is for connecting to
the
Wi-Fi from the device for communication
with the
device
in
quick device
connection
.
Bluetooth-enabling permission (for Android and iOS): It is for connecting to the Bluetooth of the
device for communication with the device in quick device connection. For a smart device connected via
Bluetooth, Bluetooth permission is required for communication.
Album permission (for Android and iOS): It is for reading and writing photos and videos on the
device in functions such as scanning and user feedback.
When we provide APP development services and operate the APP, we are the
joint controller of your data generated when you use and register the APP. The other party who entrusts us with APP development is the other joint
controller of your data.
We process your data for the following one or more purposes:
·
When it requested as per the explicit instructions or requirements of the data
controller;
·
When we have your explicit consent;
·
For the purpose of marketing;
·
For the purpose of performing the contract we enter into with you;
·
When it is legally obligated;
·
When it is within our legitimate rights or interests. For example, to implement our policies, manage day-to-day business, aggregate data for
data analysis, maintain information security, or prevent frauds, we transfer the data to other business units of our Company.
Generally, your consent constitutes the legal foundation for us to process your
information. It is therefore necessary for you to agree with our User Agreement and Privacy Agreement in order to reach and fulfil our agreement with you and safeguard the
legitimate interests of all parties.
You have the right to choose whether to provide the relevant data. We may not be
able to undertake part or all of the obligations according to the service terms or provide our services
without some of your information. If you wish to learn more, please contact our Data Protection Office
using the contact details under the last section of this Privacy Agreement.
We will use information provided by you and collected by us in the process of
services to offer you our services. We will not use your data for any other purposes that do not fit the
purposes for data collection.
We will use your information for the following purposes expressly stated by the
data controller in the following manners:
·
To verify your identity to prevent unauthorized access;
·
To offer our services or products according to the contract we enter into with
you;
·
To offer other services you request according to the requirements stated during
data collection;
·
To process transactions and communicate with you regarding the details of such
transactions;
·
To help track and fix any fault or error in the application;
·
To conduct internal audit, data analysis or research to the end of improving our
products and services through evaluating our efficiency;
·
To share your information with our partners so that they can assist us in
offering our products and services to you;
·
To share your information with other global branch institutions for internal
management and background support;
·
To maintain the integrity and security of the information system in which we
store and process your information;
·
To scrutinize and investigate data leaks, illegal activities and fraudulent
behaviors;
·
To comply with applicable laws and regulations or the demand for your
information requested for litigation and other legal proceedings, or imposed by governmental
authorities.
When providing services we may occasionally require authorizations to access,
including but not limited to, your storage, contacts, notifications, GPS locations, cameras, Bluetooth,
and NFC. You may choose to switch off part of or all authorizations in device settings at any time to
refuse the collection of corresponding personal information. In different devices, the relevant
authorization display method and switch-off method may be different. For details, please refer to the
device and the system developer instructions or guides.
Your personal information will be kept strictly confidential and will not be
shared with any other company, organization, or individual, except in the following
circumstances:
·
When we have obtained your explicit consent to share your information with a
third party.
·
When we share your information with our staff members and global branches
generally in order to: provide further services; develop other associated services managed by Midea; carry out internal
management; scrutinize or handle data leaks, illegal activities, or frauds; or maintain the integrity of the company’s IT system. We share only necessary information with our staff members within the minimal scope, and are subject to this Privacy Agreement. We sign non-disclosure agreements (NDAs) with the authorized staff members.
·
When we share your personal information with a third-party service provider (or partner) for the
benefit of offering or improving our services including but not limited to cloud services, video
surveillance services, IT supports, and providing customer services. We sign rigorous data handling
agreements with all relevant third-party service providers (or partners) which require them to take
certain security measures in handling your information pursuant to the relevant laws and regulations and
our requirements to safeguard your data security.
·
We will disclose your information under the demands of laws and regulations or
government authorities.
We will not transfer your personal information to any other company,
organization, or individual except under any of the following circumstances:
·
Transfer under explicit consent: when we have obtained your explicit consent, we
will transfer your personal information to a third party.
·
In the case of merger, acquisition or bankrupt liquidation, we will demand the
new company or organization now in possession of your personal information to continue to be bound by
the Privacy Agreement, otherwise we will demand such company or organization to obtain your new
consent.
We will only disclose your personal information under any of the following
circumstances:
·
When we have obtained your explicit consent;
·
Based on legal disclosure, we may disclose your personal information
in the case of law and legal procedures, litigation, or mandatory requirements of government authorities.
We will continue to save your personal information so long as required for purposes specified in this Privacy
Agreement, and within any additional period as required or permitted by law, until you withdraw the consent.
Whereas, we may postpone the retention of your information for the purpose of
research or statistics, but we will desensitize your information to ensure the relevant information
will not be able to identify you.
At the same time, in accordance with the law of the country in which you live, we may retain your personal information to assist in any government and
judicial investigations for the purpose of submitting or maintaining legal requests or civil, criminal
or administrative procedures. If the above reasons fail to apply to the data we preserve, we shall
delete and destroy your data securely in accordance with relevant requirements.
Our products and services are primarily for adults, yet, we are aware of the
importance of taking extra precautions to guarantee the privacy and security of minors who may use our
products and services. We consider anyone under the age of 16 (or the age as required by local law) to be a
minor.
We will only use or disclose the personal information of minors collected with
the consent of their guardian on the condition that the law permits, the guardian expressly consents or
for the necessary protection of the minor. At any time, the guardian may request access to, modify or
delete personal information of the minor by contacting us as described in Section 13.
If we are found to collect personal information of minors without the consent of
a verifiable guardian, we shall attempt to remove the relevant content as soon as possible.
We adhere to recognized key data protection principles (fairness, purpose
limitation, data quality, data retention, compliance with individual rights, and security), and take
reasonable measures to guarantee the security of your personal information. We have applied a range of
techniques to guarantee the security of your personal information and done the utmost to minimize the
risk of misuse, unauthorized access, unauthorized disclosure and inaccessibility. Security measures we
have adopted include but are not limited to: data desensitization, data encryption, firewall, and
authorization control of data access.
In addition, we shall regularly check and update the security mechanisms used to
protect data in order to provide effective protection against data misuse. If you believe that the
security of your data has been compromised, or you would like to know more information about the
measures we adopt to protect data, please contact the Data Protection Office using the contact details under
the last section of the Privacy Agreement.
As we provide services globally, based on data storage security considerations,
all of your data we collect, regardless of the country you are located in,
will be stored synchronously in European and American servers.
In addition, the personal information collected and generated by us in our
operations in Russia is processed and stored in Russian data centers, except for cross-border
transfers permitted in accordance with relevant Russian laws;
We are a multinational company and the responsibility range of our teams
responsible for data processing may cover the world or a variety of countries/regions. Therefore, these
teams may be located anywhere in the world where we conduct business, including countries outside the EU
and
the United States that may not pursue the same standards for personal information protection as your
country. We may also transmit data outside the EU
and
the United States, including China. By using or joining our services and/or providing us with your
information, you agree that we will collect, transmit, store and process your information outside the
country/region you live in accordance with this Privacy Policy. We will make every effort to ensure that
they comply with applicable legal requirements to the extent permitted by existing technology, for
example, by executing standard contract terms. All of your data that we collect is used for user and
product analysis after necessary confidential processing to provide you with better services. But in
this case, we will take steps to protect your information appropriately.
To provide you with more convenient and personalized information display,
search, and push services when you use our services, we may extract your preferences based on your purchase information and service
log information, and produce an indirect portrait based on feature labels for display, information push,
and possible commercial advertising.
We may analyze processed data that fail to identify you to improve our
products and services.
We will not use your data to conduct any fully automated decision.
·
Access: request to provide a copy of the personal information we hold about
you;
·
Rectification: request to correct the information containing errors or the
expired information;
·
Erasure: request to cancel your account or delete your personal information we
hold;
·
Data Portability: request to provide your data and, if possible, to transfer the
data directly to data controller;
·
Restriction of Processing: request to restrict processing should you dispute the
accuracy or legality of our processing of personal information; however, your right to restrict
processing may cause you to be unable to use our services as normal;
·
Refusal: refuse the use of your personal information for user portraits and
automatic decision-making, and refuse the use of your personal information to send commercial
information for direct marketing;
·
Complaint Filing: file a complaint on the processing of your data with the
competent authority of your place residence or the member state that processes your data;
·
Consent Withdrawal: withdraw consent at any time on which we rely to process the
data.
We will protect your right to access and rectify your personal information.
If you wish to exercise any of the rights described in Article 11.1, you may
e-mail to our Data Protection Office for processing.
As we receive a large amount of commercial promotion e-mails every day, we shall
not respond if we believe that your e-mails are not related to personal information.
After the request is made by the subject of personal information, the following
results may occur:
(1) Request denied
In some cases, requests from personal information subjects shall be rejected,
including but not limited to:
·
The subject of personal information is not granted relevant rights by
laws of where you are located;
·
The identity of the person making the request fails to be verified;
·
The request made by the subject of personal information fails to be verified or
is beyond scope, especially when the request is repeated;
·
The disclosure of information is prone to harm the interests of the relevant
parties if the information involved is related to the damage or compensation received in the
dispute;
·
The information shall only be retained for statistics and research, and the
results of statistics and research shall not reveal personal identities;
·
Other legally prescribed circumstances.
If the access request of the subject of personal information is rejected, we
shall formally explain the reason to the requester.
(2) Request accepted
If there is no circumstance as specified in (1), we shall process the request.
In order to better ensure the successful acceptance of requests, please provide us with as much detailed
information as possible when requesting, such as the request type and specific content, information
about the holder (such as the name of the product and service you used), and time range of information
generation or processing (where the time range is as exact as possible, the request has a larger chance
of acceptance).
You may change the scope of your authorization to continue to collect personal
information or withdraw your authorization by deleting the configuration information, unbinding the
associated device, or canceling the account number.
Please understand that the service of business function shall require some basic
personal information (registration e-mail), so if you withdraw your consent or authorization, we will
stop providing the service corresponding to the withdrawal of consent or authorization. Yet, your
decision to withdraw your consent or authorization shall not affect the processing of personal
information previously based on your authorization.
We shall reserve the right to modify the Privacy Agreement. Without your express consent, we shall not reduce your rights in
accordance with the Privacy Agreement. Any change to the Privacy Agreement shall be posted on this page. For major changes, we shall provide more
obvious notice (for certain services, we shall send an e-mail notification to state the specific changes
to the Privacy Agreement).
Major changes referred to herein include but are not limited to:
·
Major change of our service model, such as the purpose of processing personal information,
and the type of personal information under processing, the way of using personal
information;
·
Major change of our ownership structure, organizational structure, etc., such as owner change caused by business adjustments, bankruptcy mergers,
etc.;
·
Major subject change of public disclosure of personal information;
·
Major change of your right to participate in the processing of personal
information and the corresponding exercising methods;
·
Change of the department responsible for processing the security of personal
information, or change of contact information and complaint receiving channels;
·
A high risk shown in the assessment report of personal information security impact.
At the same time, we shall archive the former version of this Privacy
Agreement for your reference.
If you have any questions about this Privacy Agreement or you wish to exercise any right, please send an email to our dedicated
Data Protection Office at the following address: MideaDPO@midea.com.
Upon receiving your request, we shall make every effort to respond within
one month of the request from the subject of personal information access request. Your patience
and
understanding are highly appreciated. Given the complexity and quantity of requirements, the period may be extended
for another 45 days as necessary. In case of deferred response, we shall inform the subject of the personal
information of relevant situations and the reasons for the delay. If the limitation period set
in this
paragraph conflicts with the local laws, the local laws shall prevail. If you disagree with us about our processing of your personal information, you
may submit a mediation request or other requests to data protection regulator where you are located.