Midea | EU Data Act Information Notice

 

EU Data Act Notice

This notice explains how Midea Europe GmbH ("Midea", "we", "us") makes data generated by connected products and related digital services available to users and, where requested by users, to third parties, in accordance with Regulation (EU) 2023/2854 (EU Data Act).

This notice is intended as general information for users of our connected products and related services in the European Union. Product-specific information may also be provided in the relevant product documentation, application interface, terms of use, privacy notice or other pre-contractual information made available to the user.

1. Scope of this notice

This notice applies to connected products and related digital services made available by Midea in the European Union, to the extent such products or services generate or collect data that falls within the scope of the EU Data Act.

The specific data available for access or export may vary depending on the product category, model, software version, app version, territory and technical configuration. Data availability may also depend on whether the product is connected, activated, registered, paired with an app, and used in a way that generates the relevant data.

2. Data covered

The EU Data Act concerns product data and related service data generated by the use of connected products and related services. Depending on the relevant product and service, such data may include readily available data concerning product operation, status, settings, connectivity, diagnostic information, sensor values or user-submitted logs.

By way of example, and where technically available for the relevant product or application, data categories may include:

  • basic device and connectivity data: such as device identifier, device category, serial number, MAC address, activation status, activation time, Wi-Fi version or firmware version;
  • sensor or operational data: such as product-specific sensor values, operating status, error codes or performance-related data generated during use;
  • user operation or log data: such as logs or diagnostic files where such data are generated, stored and made available, including logs uploaded by the user where applicable; and
  • related service data: such as data generated through the use of the relevant application or digital service where this is connected to the operation or functionality of the product.

This notice does not create access to data that is not generated, not retained, not technically available, not readily available to Midea, or not required to be made available under applicable law.

3. Relationship with data protection law

Where the requested data include personal data, the processing of such personal data remains subject to applicable data protection law, including the GDPR. This means that we may need to verify the identity and authority of the requester, assess the legal basis for disclosure, and apply appropriate security and confidentiality measures before providing access or transmission.

This Data Act Notice should be read together with our applicable privacy notice, which explains how personal data are processed, the purposes of processing, legal bases, retention periods, recipients and data protection rights.

4. User access to data

Users may request access to data generated by their use of a connected product or related service, to the extent such data are readily available to Midea and fall within the scope of the EU Data Act.

Where available for the relevant product or application, access may be provided through an in-app export function, user account function, dedicated online route or another communication channel made available by Midea. The data will generally be provided in a commonly used and machine-readable format, subject to product-specific technical availability and applicable legal requirements.

Midea will seek to make the access route clear, reasonably easy to use and proportionate to the nature of the relevant data and product. Security checks may be required to protect the user, other individuals, the product, Midea systems and third-party rights.

5. User-initiated sharing with third parties

Users may request that data falling within the scope of the EU Data Act be made available to a third party chosen by the user, subject to applicable legal requirements, technical feasibility, security requirements and verification of the user’s request or authorisation.

Where a user requests transmission to a third party, Midea may require sufficient information to identify the user, the relevant product, the data requested, the third-party recipient and the scope of the user’s authorisation. Midea may refuse, suspend or limit a transmission where this is required or permitted by applicable law, including for security, confidentiality, trade secret, personal data protection, abuse prevention or third-party rights reasons.

6. Requests by business customers or third parties

Business customers, service providers, repair partners or other third parties do not receive unrestricted direct access to connected product data merely by virtue of their commercial relationship with Midea. Where a third party requests data, Midea will assess whether the request is based on a valid user instruction, authorisation or other applicable legal basis.

Where the requirements for making data available to a third party are met, any business-to-business data provision may be subject to fair, reasonable, non-discriminatory and transparent terms, as applicable under the EU Data Act.

7. Limitations and safeguards

Data access or sharing may be subject to limitations and safeguards required or permitted by applicable law. These may include, without limitation:

  • verification of the requester’s identity, authority and entitlement to receive the data;
  • protection of personal data, privacy and confidentiality;
  • protection of trade secrets, cybersecurity, product safety, system integrity and anti-abuse controls;
  • limitations where disclosure could adversely affect the rights and freedoms of others;
  • technical limitations where data are not generated, not retained, not readily available or not reasonably separable from other protected information; and
  • application of lawful contractual and operational conditions for third-party or business-to-business data sharing.

8. How to submit a request

Users should first use the data access or export function made available in the relevant application or user account, where such function is available for the relevant product.

If no app-based route is available, or if a third party or business customer wishes to submit a request for verification, please contact us at:

DSB-Midea_Europe@intersoft-consulting.de

A request should, where possible, include the requester’s name and contact details, product model, serial number or other product identifier, app/account details, country, requested data categories, requested format, intended recipient and evidence of user authorisation where a third party requests data on behalf of a user.

9. Response handling

Midea will review requests and process them in accordance with applicable law. The time needed to process a request may depend on the product, data category, verification requirements, technical complexity, security review and whether third-party rights or personal data are involved.

Where a request is incomplete or unclear, Midea may request additional information before processing it. Where a request cannot be fulfilled in whole or in part, Midea will seek to explain the relevant reason where required by applicable law.

10. Updates to this notice

Midea may update this notice from time to time to reflect product developments, application updates, legal or regulatory guidance, technical implementation measures or changes in available data categories. The latest version will be made available through the relevant website, application or other appropriate communication channel.