Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in member states of the European Union and other provisions related to data protection is Gree ELECTRIC APPLIANCES, INC. OF ZHUHAI, West Jinji Rd, Qianshan, Zhuhai (postdcode:519070), Tel: 0086-75-8614 883.
Our representative for the purposes of Article 27 GDPR is Ana Liang, Gree Spain Corporation, SLUC/ Puente de Trabajo 10, Local 608020 Barcelona Spain, Tel: 0034-933070293, Email: firstname.lastname@example.org. In case of questions on how your personal data is processed by the Product, you may also contact our data protection coordinator via e-mail (email@example.com) or at our address listed above.
l What information do we collect and How can we use it?
7.1 Collecting and using personal information
For the purpose of providing our services to you, we will ask you to provide personal information which is necessary for us to provide you our services. Personal information is defined in data privacy laws applicable in your country. If you are not willing to provide your personal information, we are not possible to provide our services to you.
The information is only collected for legitimate purposes. We may collect the following types of information:
7.1.1 Types of personal information
- When you create an account, we will ask you to provide the following personal information: your name, e-mail address, password, user address (optional)
- During the use of the Product and services, further data will be collected, which may under specific circumstances constitute personal information: (a) status of the air conditioner (e.g. the temperature and wind speed setting status, data collected by sensor in the equipment of indoor temperature and humidity); (b) information of equipment fault; (c) user feedback; (d) information of your mobile device; (e) network location of your mobile device, which only includes the country name.
7.1.2 Purposes of collection and processing, legal basis of processing
Your personal information will primarily be processed to fulfil this Agreement with you:
- Set up and manage your user account;
- Provide you the services and the Product.
For any other purposes, we will obtain your explicit consent in advance.
The personal information we collect may also be used to communicate with you, e.g., we will send you a notice when TOSOT 's products or services are updated and released for the first time. Where required under applicable laws, this will only be done with your prior consent.
We consider it to be our legitimate interest to process your personal information to implement personalized product design and provide you with more personalized services, e.g., recommend and display to you the contents and advertisements specially provided to you, or study our services.
Your mobile phone user identification information and unique identifier and location information of mobile device can be used to activate your warranty service and specific software license. This personal information is also used to perform our contract with you.
With your consent, you may be take part in surveys.
We consider it to be our legitimate interest to process your personal information to improve our products and analyze the efficiency of our business operation. However, we will not use the information to track your location.
7.2 Your rights under privacy laws
You have various rights under data privacy laws in your country. These may include (as relevant): the right to request access to the personal information we hold about you; the right to rectification including to require us to correct inaccurate personal information; the right to request restriction of processing concerning you or to object to processing of your personal information, the right to request the erasure of your personal information where it is no longer necessary for us to retain it; the right to data portability including to obtain personal information in a commonly used machine readable format in certain circumstances such as where our processing of it is based on a consent; the right object to automated decision making including profiling (if any) that has a legal or significant effect on you as an individual; and the right to withdraw your consent to any processing for which you have previously given that consent.
l With whom we share your information?
7.3 Data security
We endeavor to protect your personal information from the unlawful and unauthorized access, tampering, divulgence, accidental loss of, damage or destruction of your personal information. We maintain physical, electronic and procedural safeguards to protect the confidentiality, integrity and availability of your personal information. Therefore, we specially take the following measures:
(1) We will review the information collection, storage and processing methods (including physical security measures) to avoid unauthorized access to all the systems.
(2) We only allow TOSOT employees who need to know the information to help us process personal information and the persons who are entitled to come into contact with the service company to get personal information, and they need to strictly fulfill the obligation of maintaining confidentiality of the contract. If they fail to fulfill these obligations, they may have to assume legal responsibility or terminate their relationships with TOSOT .
(3) Your information security is important to us. Therefore, we will continue to strive to protect your personal information security, and implement security measures such as storage and transmission security encryption to prevent your information from being illegally acquired, used or disclosed. Meanwhile, only the User has the right to access certain specific contents of the encrypted data.
7.6 Children: We require that children under the age of 13 use the Product or service under the permission and guidance of legal guardians.
7.7 The protection of user privacy is a basic policy of TOSOT . TOSOT promises that it will not make public the registration information of a single user and the user's non-public content stored in TOSOT network when using network services or provide it to a third party, except for the following circumstances:
7.7.1 Clear authorization is obtained from the User in advance;
7.7.2 According to the requirements of the relevant laws and regulations;
7.7.3 According to requirements of the relevant government authorities;
7.7.4 According to investigation requirements of the public security organ, procuratorate and court;
7.7.5 To safeguard the interests of the public;
7.7.6 To safeguard the legitimate rights and interests of TOSOT .
7.8 Recipients or categories of recipients of the personal data: TOSOT cooperates with third party service providers who provide related network services (e.g. hosting) to the User. In this case, if the third party agrees to undertake the same responsibility for protecting user privacy as TOSOT , TOSOT shall have the right to provide the User's registration information to the third party. We will therefore check any third party that we use to ensure that they can provide sufficient guarantees regarding the confidentiality and security of your data. We will have written contracts with them which provide assurances regarding the protections that they will give to your data and their compliance with our data security standards and international transfer restrictions.
The third parties are located outside the EU, namely in the USA and China. We have put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights, e.g. we establish an adequate level of data protection through EU Standard Contractual Clauses based on the EU commission’s model clauses.
7.9 On an aggregate and anonymized basis (i.e. under the premise of not disclosing the privacy information of a single user), TOSOT has the right to analyze the entire user database and make commercial use of the user database. Again, this will not identify you.
7.10 Privacy protection principles: TOSOT has established the following four privacy protection principles to guide us on how to deal with issues involving user privacy and user information in the Product:
(1) Use the information we collect to provide the User with valuable products and services.
(2) Develop products that conform to privacy standards and privacy practices (privacy by design and by default).
(3) Make personal information collection transparent and invite an authoritative third party to conduct supervision.
(4) Make the utmost efforts to protect the information we have.
7.11 Duration of storage: We will keep your personal information for as long as we need it to fulfil the purposes for which it was collected (see above) and in order to comply with legal and regulatory requirements. This may mean that some information is held for longer than other information. If you would like further information about our data retention practices, please contact us.
7.12 Provision of Personal Information / Automated decision making. Please note that the personal information we collect from you is necessary to providing the services and the features of the Product. Failure to provide such data may not enable us to provide our services to you. We do not use automatic decision-making or profiling.
7.13 Data protection authoriry: If you consider that we are in breach of our obligations under data protection laws, you may lodge a complaint with the competent data protection authority, which may be the supervisory authority in your country of residence, place of work or of an alleged infringement of data protection laws.