Midea Group (“Midea”, “we”, “us” or “our”) attaches great importance to the protection of users’ privacy and personal information. We collect and use your related information when you use our products and/or services. Protecting the personal privacy of every customer, vendor, and employee is a crucial part of gaining and keeping the trust of our stakeholders. We hope that the privacy policy outlined below serves as an indication of our commitment to protecting the security and privacy of your personal data.
Updated 1 March 2021
The key points of this privacy policy as follow:
1. Describe the detail in which we collect, process and protect your personal information so that you can get an overview of your personal information.
2. When you register your account and use our services, we will collect your [name, gender, age, personal photo or video, ID number, phone number, email address, authentication information, location information, device information, and log information] etc. which according to your consent and the necessity of provide our services to you .
3. We are the data controller with respect to processing your data. This means that we decide how your personal information is processed and for what purposes. We will process your personal information for the purposes and scope cover in this privacy policy and will only share your data with the listed data recipients;
4. We will not disclose your personal information to third parties, unless disclosure is required by law or to comply with a government agency or court orders, or only with your permission.
5. We will use, store and transmit ( “handling”) your personal information in accordance with information protection laws and regulations. For example,The General Data Protection Regulation 2016/679 (the “GDPR).
6. We attaches great importance to the protection of children’s personal information ,we will take many security measures that comply with legal and industry standards are in place to protect your data from unauthorized access, disclosure, use, modification, damage or loss.
7. You can access, correct, limit or delete your personal information through the channels listed in this privacy policy, or you may contact us to ask or appeal.
We hope that you read this privacy policy carefully. If you have any questions about this policy, you can contact us through the contact information published on the Comfee Website or in this statement.
If you are using our services, that means you agree to the content of this privacy policy. If you do not agree to any of this privacy policy, you should stop using our services immediately.
CONTENTS
1 WHAT PERSONAL INFORMATION WE COLLECT? 5
1.1 YOUR PERSONAL DATA – WHAT IS IT? 5
1.2 WHEN ARE YOUR PERSONAL DATA COLLECTED? 5
1.3 OUR COLLECTION OF PERSONAL INFORMATION 5
2 HOW DO WE PROCESS YOUR PERSONAL DATA? 6
2.1 WHAT ROLES DO WE PLAY IN PROCESSING YOUR DATA? 6
2.2 WHAT IS OUR LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA? 6
2.3 NECESSITY TO PROVIDE US DATA 6
2.4 WE USE YOUR PERSONAL INFORMATION FOR THE FOLLOWING PURPOSES: 6
3 COOKIES AND OTHER TECHNOLOGIES 7
3.1 COOKIE 7
3.2 WEB BEACONS AND PIXEL TAGS 7
3.3 GET YOUR DEVICE PERMISSIONS 7
4 HOW WE SHARE, TRANSFER OR MAKE AVAILABLE YOUR PERSONAL INFORMATION 7
4.1 WE MAY SHARE YOUR PERSONAL INFORMATION TO: 7
4.2 TRANSFER YOUR PERSONAL INFORMATION 8
4.3 PUBLIC DISCLOSURE 8
5 HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION? 8
6 CHILDREN UNDER 16(OR APPLICABLE AGE IN YOUR COUNTRY) 9
7 SECURITY 9
8 TRANSFER OF DATA ABROAD 9
9 PROFILING AND AUTOMATED DECISION MAKING 9
10 YOUR RIGHTS AND HOW WE RESPONDING TO YOUR REQUESTS 10
10.1 YOUR RIGHTS 10
10.2 RESPONDING TO YOUR REQUESTS 11
11 CHANGES TO THIS POLICY 11
12 CONTACT US 11
1 WHAT PERSONAL INFORMATION WE COLLECT?
1.1 Your personal information– what is it?
Personal information means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal information includes both general personal information and sensitive personal information. General information includes your name, email address, phone number, the IP address of your device, browser cookies, etc. Sensitive personal information includes your race or ethnicity, religious beliefs, union status, involvement and health data, genetic data, biometric data, etc.
In this privacy policy, we also use the word “data” to represent personal information.
1.2 When are your personal information collected?
Some of your data can in particular, be collected by us:
• whenever you become our customer or employee;
• whenever you register to use our online services (each time you log in or each time you use them);
• whenever you fill in forms and contracts that we send to you;
• whenever you use our services and products;
• whenever you subscribe to our newsletters, reply to our invitations (conferences, etc.);
• whenever you contact us via the various channels we offer you;
1.3 Our collection of personal information
We use the data you provide to us in different situations. We also collect personal information from you when you use our services. The personal information we collect includes:
• When you register or log in, we collect the information you entered, such as [email address, phone number, and password], etc.
• When you use [Binding and Control Device], we collect not only the above information, but also the [device model, wireless network ID and password, IP address, location information, device status information], etc.
• When you use [Device with video surveillance], we collect not only the above information, but also the [image information captured by video surveillance], etc.
• When you [Purchase products in our online store], we collect the information you provide to us which includes [name, phone number, shipping address, bank account number or payment information], etc.
• When you [visit our website], the information we collect still includes [your device and system information, browser type and version number, cookies, access behavior data], etc.
We store your account information in the database so that you can get your personal data every time you visit our website, use our app or use other services.
All of the data we collected from you are stored in the servers. These log files will be used for analysis, research, audit and other purpose. After processed by the server, your data will be transferred to database.
We regularly back up data to prevent data loss due to server failure or human error. Subject to our data retention policy, we’ll retain all copies of the data in the backup database and will immediately delete them when required.
2 HOW DO WE PROCESS YOUR PERSONAL DATA?
2.1 What roles do we play in processing your data?
We are the data controller with respect to processing your data (contact details below). This means that we decide how your personal data is processed and for what purposes. We know that you care how data about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly.
2.2 What is our lawful basis for processing your personal information?
We use and process your data only under the following circumstances:
• Processing based on your explicit consent (e.g., when you sign up for an app account);
• Processing as necessary for us to enter into and to perform our contract with you(e.g., when you purchase our products);
• Based on legal responsibilities (e.g., confirm your age to confirm that we have not collected personal information from children);
• Processing is necessary for our legitimate interests of transmitting your data for internal administrative purposes within our group companies, to ensure our network security, to prevent fraud, and we have determined that such use of your data is not overridden by considerations of your interests, rights or freedoms;
• For the purpose of performing public interest or exercising our official duties (e.g., when you are punished for a criminal offence, we will transmit the data to the appropriate inspection authority when necessary).
2.3 Necessity to provide us data
You are not under any obligation to provide us any personal information. As noted below, the choice is yours. However, please note that without certain data from you, we may not able to undertake some or all of our obligations to you under the contract, or adequately provide you with our full range of services. If you would like to obtain more detail about this, please contact us following the instructions in the Contact Us section below.
2.4 We use your personal information for the following purposes:
We use the data you provide to us, so that we can serve you. We never use your data for any other purpose that not covered by this Privacy Policy.
We use your personal data for the following purposes:
• Verify your identity to prevent unauthorized access;
• To deliver our services to you under our contract with you.
• To operate our website to provide you access to and use of our services.
• To comply with our obligations under applicable laws regarding processing employment and social security data of employees, including notifying the relevant supervisory authorities of your data.
• To customize, measure, and improve our services and our advertising based on your service or advertising preferences.
• To provide other services requested by you as described when we collect the information.
• To contact you to conduct research about your opinions of current services and products or of potential new services and products that may be offered by us.
• To inform you of our news, events, and activities.
• To deliver targeted marketing, service updates, and promotional offers based on your communication preferences.
• To share your contact details with our affiliate offices around the world within our group companies, for the purposes of internal administration and back-office support.
• To maintain the integrity and safety of our data technology systems which store and process your personal data.
• To share your contact details with our logistics partner, so that they can deliver our products to you.
• To provide you with location based services (such as advertising, search results, and other personalized content).
• To enforce or defend our policies or contract with you.
• To detect and investigate data breaches, illegal activities, and fraud.
3 COOKIES AND OTHER TECHNOLOGIES
3.1 Cookies
Cookies are small data files placed on your devices (computer or phones), that allows us record certain information, in order to store your references and your login status, or recognize your browser used.
We never use your Cookie for other purposes not covered by this Privacy Policy. You can choose to refuse or delete cookies at your own discretion.
3.2 Web Beacons and Pixel Tags
Except for Cookie, we also use other similar technologies such as web beacons and pixel tags on our website. For example, an email we send to you may contain a click URL that links to our site. If you click on the link, we will track this click to help us understand your product and service preferences so as to improve our services. A web beacon is usually a transparent image that is embedded in a website or email. With the pixel tags in the email, we can recognize if the email is open. If you don’t want your event to be tracked this way, you can unsubscribe at any time.
3.3 Get your device permissions
When you use our services, we may require that you allow us to access to your geographic location (location information), camera (camera), photo album (image gallery), microphone, NFC, and address book. You can check the opening status of your above-mentioned permissions item by “Setting-Privacy” for IOS Users and “Setting-App Permission “ for Android Users, and you can make them available or unavailable at any time (we will guide you in your device system). If you make them [unavailable], we will no longer continue to collect and use the personal information, nor can we provide you with the above-mentioned features corresponding to those authorizations. However, your decision to close will not affect the processing of personal information previously conducted.
4 HOW WE SHARE, TRANSFER OR MAKE AVAILABLE YOUR PERSONAL INFORMATION
Your personal information will be treated as strictly confidential, and will be shared only with the categories of data recipients listed below. We will only share your data with third parties outside of the Company with your consent, and you will have an opportunity to choose for us not to share your data.
4.1 We may share your personal information to:
• Our affiliated entities within our global group of companies worldwide to provide you services such as facilitating order processing and shipping, for internal administration purposes, to detect and deal with data breaches, illegal activities, and fraud, and to maintain the integrity of our information technology systems.
• Third party service providers whom we sub-contract to help us to provide our services to you, such as assisting us to provide logistics support, marketing support, payment processing and invoice collection support, informational systems technical support, and to assist us in detecting and dealing with data breaches, illegal activities, and fraud.
• Government, courts, or law enforcement agencies, to comply with our obligations under relevant laws and regulations of the European Union or a member state of the European Union, enforce or defend our policies or contract with you, respond to claims, or in response to a verified request relating to a government or criminal investigation or suspected fraud or illegal activity that may expose us, you, or any other of our customers to legal liability; provided that, if any non-European Union or non-European Union member state law enforcement agency requests your data, we will attempt to redirect the law enforcement agency to request that data directly from you, and in such event, we may provide your basic contact information to the law enforcement agency.
• Third parties involved in a legal proceeding, if they provide us with a court order or substantially similar legal procedure requiring us to do so.
4.2 Transfer your personal information
We will transfer your personal information only under the following conditions:
• After obtaining your explicit consent;
• We will transfer your personal information to companies, organizations or individuals, for mergers, acquisitions, asset transfer, or similar transactions; if personal information is involved in the transfer. We will require companies and organizations to hold your personal information to be bound by the Policy. Otherwise, we will require them to ask for your permission again.
4.3 Public disclosure
We will make available your personal information to the public only under the following conditions to the extent that security measures generally accepted in the industry have been taken:
• At your request, and limited to the personal information you designate in the manner you have requested;
• As required by laws and regulations, mandatory administrative enforcement or judicial orders, we may publicly disclose your personal information of the required type in a manner requested. Subject to laws and regulations, when we are requested to disclose, we will require the corresponding legal documents, such as summons or investigation letters. We firmly believe that the information required to be provided by us shall be as transparent as possible to the extent permitted by laws. All requests have been carefully reviewed to ensure that they are legal and we will only disclose the data that the law enforcement agencies have legal right to obtain for specific purposes. As permitted by laws and regulations, we will disclose documents under the protection of encryption keys.
5 HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
We keep your personal information for no longer than reasonably necessary for the given purpose for which your data is processed. If you will provide us, or have provided us, consent for us to process your data, we will process your data for no longer than your consent is effective.
However, for research or statistical purposes, we may postpone deletion your information. But we will process your information anonymously so that others cannot track you personally.
Notwithstanding the above, we may retain your personal information as required by the laws and regulations of the European Union or a member state of the European Union, as necessary to assist with any government and judicial investigations, to initiate or defend legal claims or for the purpose of civil, criminal or administrative proceedings. If none of the above grounds for us to keep your data apply, we will delete and dispose of your data in a secure manner according to our data protection policy.
6 CHILDREN UNDER 16(OR APPLICABLE AGE IN YOUR COUNTRY)
Our products and services are not targeted to persons under the age of 16. We do not knowingly collect or process personal data from persons under the age of 16. Please note that if you are under the age of 16, you will need to provide us a written signed consent from your parent or guardian indicating that your parent or guardian has consented for us to process your data. You can contact our DPO through MideaDPO@midea.com to get the consent template.
7 SECURITY
We protect your data using technical measures to minimize the risks of misuse, unauthorized access, unauthorized disclosure, and loss of access. Some of the safeguards we use are data pseudonymization, data encryption, firewalls, and data access authorization controls. We take our data security very seriously. Therefore the security mechanisms used to protect your data are checked and updated regularly to provide effective protection against abuse.
We have obtained the following certifications:
ISO27000 certification
ISO/IEC 27018 certification
If you believe that the security of your data has been compromised, or if you like more information on the measures we use to protect your data, please contact us following the instructions in the Contact Us section below.
8 TRANSFER OF DATA ABROAD
As a globally operating company, we must be able to transmit your data to other countries within our global group of companies, for the reasons set forth above. We will be transferring your personal data to the countries and jurisdictions which are not member states of the European Union. In making such international data transfers outside the European Union, we make sure to protect your personal data by applying the level of security required by European Union legislation. Where we transfer your data outside the European Union to a country that cannot guarantee this level of protection, we have enhanced our IT security measures and have entered into standard data protection clauses adopted by the European Commission with the transferee to require security obligations on the transferee, both of which are intended to increase the protection of my personal data.
9 PROFILING AND AUTOMATED DECISION MAKING
We currently do not carry out any form of profiling, which is an automated processing of personal data consisting of using your personal data to build a profile on you and evaluate certain personal aspects concerning you, or to analyze or predict aspects concerning you. Nor do we currently do not use your data to perform any fully automated decision-making that involves making decisions by solely technological means without human involvement. If and when we decide to undertake any profiling or fully automated decision-making using your data, we will provide you with a prior explanation about what we intend to do with your data and obtain your explicit written consent for us to do so, and we will prior to such processing implement appropriate measures to safeguard your rights, freedoms and legitimate interests.
10 YOUR RIGHTS AND HOW WE RESPONDING TO YOUR REQUESTS
10.1 Your rights
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
• The right to request a copy of your personal data which we hold about you;
• The right to request that we correct any personal data if it is found to be inaccurate or out of date;
• The right to request to erase your personal data where it is no longer necessary for us to retain such data;
• The right to withdraw your consent to the processing at any time, where we rely on your consent to process your data;
• The right to request that we provide you with your data and where possible, to transmit that data directly to another data controller, where the processing is based on your consent or is necessary for the performance of a contract with you, and in either case we process the data by automated means;
• The right, where there is a dispute in relation to the accuracy or the lawfulness of our processing of your personal data, to request that a restriction is placed on further processing of your data;
• The right to object to us using your personal data to engage in direct marketing; The right to lodge a complaint regarding our processing of your data, with the competent authority of the European Union member state where you reside or in which your data is processed.
10.2 Responding to your requests
If you would like to exercise any of the above rights, you are entitled to submit the above requests by contacting us through MideaDPO@midea.com. After receiving your request, we will evaluate your request and inform you how we intend to proceed on your request. Under certain circumstances in accordance with the GDPR and applicable European Union or European Union member state laws and regulations, we may withhold access to your data, or decline to modify, erase, port, or restrict the processing of your data.
11 CHANGES TO THIS POLICY
We change this Privacy Policy from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We always indicate the date when the last changes were published and we offer access to archived versions for your review. If changes are significant, we’ll provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes).
For the purpose of the Policy, significant changes include but are not limited to:
• significant changes in our service model, for example, the purpose of processing personal information, the types of personal information handled, the manner to use personal information, etc.;
• major changes in ownership structure, organizational structure, and so on, such as changes in owner as a result of business adjustment, bankruptcy, mergers and other similar transactions;
• changes in the main objects of personal information sharing, transfer or public disclosure;
• major changes in your rights to participate in the processing of personal information and the way to exercise them;
• any changes in the departments in charge of handling personal information security, contact information, and reporting channels;
• there is a high risk indicated in the personal information security impact assessment report.
12 CONTACT US
If you have any question about this Privacy Policy, or if you would like to exercise any of your rights, or if you have any complaints that you would like to discuss with us, please in the first instance send us your request by e-mail to MideaDPO@midea.com.
In general, we will respond within one month (30 days).
In case of disagreements relating to our processing of your personal information, you can submit a request for mediation or other administrative action to the data protection supervisory authority.