PRIVACY
STATEMENT
Protecting
the personal privacy of every customer, vendor, and employee is a crucial part
of gaining and keeping your trust in Haier. As a global operating organization,
we strive to provide a high level of privacy protection across all of our
businesses and services.
This
Privacy Statement (“Statement”) does not apply to third-party applications,
products, services, websites or social media features that may be accessed
through links that we provide on our Apps. Accessing those links may result in
the collection of information about you by a third party. We do not control or
endorse those third-party websites or their privacy practices. We encourage you
to review the privacy policies of such third parties before interacting with
them.
Please
read this Statement carefully. When using our services that link to or
reference this Statement, you agree to be bound by the terms and conditions of
this Statement.
Your
personal data – what is it?
Personal
Data shall mean data relates to a natural person who can be identified through
that data. Identification can be by the data alone or in conjunction with any
other data in the data controller’s possession or likely to come into such
possession. The processing of your personal data is governed by applicable
privacy laws.
What
roles do we play in processing your data?
We
are the data controller. Data controller means a person or a juristic person
having the power and duties to make decisions regarding the collection, use, or
disclosure of the Personal Data. This means that we decide how your personal
data is processed and for what purposes. We know that you care how data about
you is used and shared, and we appreciate your trust that we will do so
carefully and sensibly.
When
are your personal data collected?
Some
of your data can, in particular, be collected by us:
• whenever you register to use our online
services and become our customer;
• whenever you use our services and
products;
• whenever you contact us via the various channels we offer you.
Our
collection of personal data
The
personal data we collect include any and all data you provide to us when you
enter into contract with us, register an account with us, use our online
services or add information to your account, or give us in any other way. You
can choose not to provide data to us, but we may then not be able to service
you where such services require processing such data. We use the data that you
provide for purposes administering your use of our services, such as
communicating with you, responding to your requests, managing your account,
customizing your service experience with us and improving our products and
services. We may communicate with you by mail, email or telephone. We will send
you strictly service-related announcements or information on rare occasions
when it is necessary to do so.
The
data we collect and store include:
• When you register to be our user, we
collect data you entered, including phone number, password, and email address.
You can add other information to your profile, such as a nick name or
photographs.
• We use your information to ensure the
stability and security of the Platform, including by identifying and combating
technical or security issues (such as technical bugs, spam accounts, and
detecting abuse, fraud, and illegal activity).
• We collect information including your employee
ID, device model, operating system, IP address, system language, hardware
device, MAC address, device information, device type, and preference, etc.
• Other personal information: device usage
information, problem feedback, location, etc.
We
may also receive data about your location and your mobile device when you use
our online services. This includes a unique identifier for your device. We may
use this data to provide you with location-based personalized services. You can
turn off location services on your device.
All
the data we collect from you may be stored as log files in our server or as
augmented information associated with you or your devices. Your data is stored
in log files until the data is transferred to backup databases or related
texts. We routinely back-up a copy your data to prevent loss of your data in
case of a server breakdown or human error. However, all such copies of your
data in our backup database will be retained only for as long as our data
retention policy permits (see “How long do we keep your personal data?” below),
and will in any case be deleted immediately upon your request.
How
do we process your personal data?
We
comply with our obligations under applicable privacy laws by keeping personal
data up to date; by storing and destroying it securely; by collecting and
retaining only the necessary data that we need to service you; by protecting
personal data from loss, misuse, unauthorized access and disclosure and by
ensuring that appropriate technical measures are in place to protect personal
data.
The
processing operations we perform on your data cover automated and non-automated
means of collecting, recording, organizing, structuring, storing, altering,
retrieving, using, transmitting, disseminating or otherwise making available,
aligning or combining, restricting, and/or erasing your data.
·
To
design and deliver our services and activities to you.
·
To
conduct virtual meetings and teleconferences.
·
To
operate our Apps to provide you access to and use of our services.
·
To
provide services and products requested by you as described when we collect the
information.
·
To
contact you to conduct research about your opinions of current services and
products or of potential new services and products that may be offered by us.
·
To
share your contact details with our affiliate offices around the world within
our group companies, for the purposes of internal administration and
back-office support, to ensure our network security, and to prevent fraud.
·
To
maintain the integrity and safety of our data technology systems which store
and process your personal data.
·
To
provide anonymous reporting for internal and external customers.
·
To
provide you with location based personalized services (such as leave and back
home function).
·
To
enforce or defend our policies or contract with you.
·
To
detect and investigate data breaches, illegal activities, and fraud.
·
To
monitor the real-time status of applications, which can capture code errors,
performance issues, and other related data, therefore providing feedback to
developers for timely fixes and optimizations.
What
is our lawful basis for processing your personal data?
In
general, the lawful bases for us to process your personal data for the various
types of processing performed on your data (please refer to “How do we process
your personal data?” section of this Statement) is, as applicable, processing
based on your consent, as necessary for us to enter into and to perform our
contract with you, or as necessary to pursue the legitimate interest of our
company or of third parties.
We
will collect, process and use the personal data supplied by you only for the
purposes communicated to you and will not disclose your data to third parties
except under the circumstances of data disclosure described in the “Sharing
your personal data” section below.
Where
we talk about our legitimate interest or that of third parties, such legitimate
interest can include:
• Implementation and operation of a
group-wide organizational structure and group-wide information sharing;
• Right to freedom of expression or information,
including in the media and the arts;
• Prevention of fraud, misuse of company
IT systems, money laundering or any other activities required by the competent
authorities;
• Operation of a whistleblowing scheme;
• Physical security, IT and network
security;
• Internal investigations; and
• Proposed mergers and acquisitions
Necessity
to provide us data
You
are not under any obligation to provide us any personal data. As noted below,
the choice is yours. However, please note that without certain data from you,
we may not able to undertake some or all of our obligations to you under our
service contract with you, or adequately provide you with our full range of
services. If you would like to obtain more detail about this, please contact us
following the instructions in the “Whom should I contact” section below.
Sharing
your personal data
Your
personal data will be treated as strictly confidential and will be shared only
with the categories of data recipients listed below. We will only share your
data with third parties outside of our company with your consent, and you will
have an opportunity to choose for us not to share your data.
We
may disclose your personal data to:
• our affiliated entities within our
global group of companies worldwide and authorized employee to provide you
services such as employees can view your name and email information through
business cards, for internal administration purposes, to detect and deal with
data breaches, illegal activities, and fraud, and to maintain the integrity of
our information technology systems.
• third party service providers whom we
sub-contract to work on our behalf or for us and therefore may have access to
your data only for purposes of performing these tasks on our behalf and under
obligations similar to those described in this Statement, who perform functions
such as data processing, auditing, order fulfillment, managing and enhancing
customer data, providing customer service, conducting customer research or
satisfaction surveys, logistics support, marketing support, payment processing
and invoice collection support, informational systems technical support, to
help us provide, analyze, and improve our services such as data storage,
maintenance services, database management, web analytics, improvement of our
service features, and to assist us in detecting and dealing with data breaches,
illegal activities, and fraud.
• governments and/or government-affiliated
institutions, courts, or law enforcement agencies, to comply with our
obligations under relevant laws and regulations, enforce or defend our policies
or contract with you, respond to claims, or in response to a verified request
relating to a government or criminal investigation or suspected fraud or
illegal activity that may expose us, you, or any other of our customers to
legal liability; provided that, if any law enforcement agency requests your
data, we will attempt to redirect the law enforcement agency to request that
data directly from you, and in such event, we may provide your basic contact
information to the law enforcement agency.
• third parties involved in a legal
proceeding, if they provide us with a court order or substantially similar
legal procedure requiring us to do so.
We
may provide you with opportunities to connect with third party applications or
services. If you choose to use any such third party
applications or services, we may facilitate sharing of your information with
your consent. However, we do not control the applications or services of those
third parties or how they use your information, and your use of such
applications and services is not governed by this Statement. Please review the
terms and the privacy policies of those third parties before using their
applications or services.
We
will display your personal data and account activity in your profile page and
elsewhere on our service portals according to the preferences you set in your
account. You can review and revise your profile information at any time. Please
consider carefully what information you disclose in your profile page and your
desired level of anonymity. In your profile page, we will also display your
device information as well as provide the network connection information for
the devices to the applications that connect to your devices.
How
long do we keep your personal data?
We
keep your personal data for no longer than reasonably necessary for the given
purpose for which your data is processed. If you will provide us, or have
provided us, consent for us to process your data, we will process your data for
no longer than your consent is effective. Notwithstanding the above, we may
retain your personal data as required by applicable laws and regulations, as
necessary to assist with any government and judicial investigations, to
initiate or defend legal claims or for the purpose of civil, criminal or
administrative proceedings. If none of the above grounds for us to keep your
data apply, we will delete and dispose of your data in a secure manner
according to our data protection policy.
Privacy
of data subjects have limited or no legal capacity.
Our
products and services are not targeted to persons have limited or no legal
capacity. We do not knowingly collect or process personal data from persons
have limited or no legal capacity. Please note that if you are limited or no
legal capacity, you will need to provide us a written signed consent from your
parent or guardian indicating that your parent or guardian has consented for us
to process your data and send us the consent through contact information
provided from the section of “Whom should I contact?”
Your
rights and your personal data
Unless
subject to an exemption under applicable privacy laws, you have the following
rights with respect to your personal data:
• The right to request that we correct any
personal data if it is found to be inaccurate or out of date.
• The right to request to erase your
personal data where it is no longer necessary for us to retain such data,
except we are not obliged to do so if we need to retain such data in order to
comply with a legal obligation or to establish, exercise or defend legal
claims.
• The right to withdraw your consent to
the processing at any time, if and where we rely on your consent to process
your data.
• The right to restrict our processing of
your personal data where you believe such data to be inaccurate, our processing
is unlawful; or that we no longer need to process such data for a particular
purpose unless we are not able to delete the data due to a legal or other
obligation or because you do not wish for us to delete it.
• The right to object to us using your
personal data, where the legal justification for our processing of your
personal data is our legitimate interest. We will abide by your request unless
we have compelling legitimate grounds for the processing which override your
interests and rights, or if we need to continue to process the data for the
establishment, exercise or defense of legal claims.
• The right to lodge a complaint regarding
our processing of your data, with the competent authority where you reside or
in which your data is processed.
If
you would like to exercise any of the above rights, please do so by providing
your request to the contact window set forth in the “Whom should I contact”
section.
After
receiving your request, we will evaluate your request and inform you how we
intend to proceed on your request. Under certain circumstances in accordance
with applicable privacy laws and regulations, we may withhold access to your
data, or decline to modify, erase, or restrict the processing of your data.
Please
be advised that if you exercise the rights to erase data, restrict or object to
our processing, or to withdraw your consent, we may not be able to continue our
services to you if the necessary data is missing for processing.
Transfer,
Storage, and Processing of Data Abroad
As
noted in the “Sharing your personal data” section of this Statement, as a part
of a globally operating company, we may share your information with our
affiliate companies or third parties. Please refer to the “Sharing your
personal data” section of this
Please
be aware and acknowledge that when you use this application for cross-border
communication and collaboration needs overseas, your personal information and
corporate data will be stored in China. For data generated by overseas users,
we will evaluate and make every effort to ensure that your personal information
and corporate data are adequately protected in China in accordance with the
requirements of Chinese law, such as encrypting cross-border transmission of
information, encrypting storage of data generated overseas, and regularly
evaluating the security capabilities of audit recipients.
We
will take measures to ensure that data is processed as required by this Policy
and applicable laws, which includes when transferring the data subject’s
personal data from the EU to a country or region which has not yet been
acknowledged by the EU Commission as having an adequate level of data
protection, we may use a variety of legal mechanisms, such as signing standard
contractual clauses approved by the EU Commission, obtaining the consent to the
cross-border transfer of a data subject in the EU, or implementing security
measures like anonymizing personal data before cross-border data transfer.
In
making such data transfers, we make sure to protect your personal data by
applying the level of security required by applicable privacy laws. Where we
transfer your data to a country or jurisdiction that can not
guarantee the required level of protection as required by applicable privacy
laws, we have enhanced our IT security measures(such
as anonymizing personal data before cross-border data transfer) to increase the
protection of your personal data.
Further
processing
If
we wish to use your personal data for a new purpose not covered by this
Statement, then we will provide you with a new notice explaining this new use
prior to commencing such further processing for a new purpose, setting out the
relevant new purpose and processing conditions. In such case, we will find a
lawful basis for further processing, and whenever necessary we will seek your
prior written consent to such further processing.
Security
We
protect your data using technical measures to minimize the risks of misuse,
unauthorized access, unauthorized disclosure, loss or theft, and loss of
access. Some of the safeguards we use are data pseudonymization, data
encryption, firewalls, and data access authorization controls. We take our data
security very seriously. Therefore, the security mechanisms used to protect
your data are checked and updated regularly to provide effective protection
against abuse.
The
information we collect are usually encoded. Moreover, we have put in place
additional and comprehensive state-of-the-art security measures when your data
are accessed via the internet. Firewalls prevent unauthorized access.
For
your confidentiality and security, we use ID and password to secure your
personal information. It is important for you to protect your ID, password, or
any personal information. Do not disclose your personal information (especially
password) to anyone. When you are finished using our services, please do not
forget to log out from your account.
Despite
our best efforts, however, security cannot be absolutely guaranteed against all
threats. If you believe that the security of your data has been compromised, or
if you like more information on the measures we use to
protect your data, please contact us following the instructions in the “Whom
should I contact” section below.
What
are your choices?
You
have the choice to allow us to collect and process your data. The collection
and processing of your personal data is neither a statutory nor a contractual
requirement, although as noted above, we will be unable to provide you with
certain services without the data necessary for such services purposes.
You
can always choose not to provide your data to us, although we may need such
data to process your requests, in which case we will inform you of our
constraints.
In
summary, what we are allowed to do with your data is, with limited exceptions
under applicable privacy laws, up to you. However, in the event that you choose
for us not to further process your data, such choice may affect the delivery of
our obligations or services to you; in this situation, we will inform you of
our constraints.
Whom
should I contact?
If
you have any question about this Statement, or if you would like to exercise
any of your rights, or if you have any complaints that you would like to
discuss with us, please in the first instance send us signed and dated request,
you can contact our data protection officer in Singapore by e-mail to
qih@haiersingapore.com.