Privacy Policy

1. Data Backup

We may store your account information in our database so that you can access your personal data each time you visit our website and use our Application or other services.

Your data will be stored on our servers in the form of log files and used for analysis and research purposes. After being processed on the server, your data will be transferred to the database.

We will regularly back up data to prevent data loss caused by server failures or human error, and we will delete such data immediately upon your request.

2. Data Processing

2.1 Our Role

We are the controller of your information.

2.2 Purpose of Data Processing

We process your data for one or more of the following purposes:

• When we have your consent;

• In accordance with Clause 3, Article 21 of the Law on Information Technology, which states that “Organizations and individuals have the right to collect, process, and use personal information of others without the consent of the data subject in cases where such personal information is used for the following purposes:”

+ To enter into, amend, or perform contracts for the use of information, products, or services in the online environment;

+ To calculate prices and fees for the use of information, products, and services in the online environment;

+ To fulfill other obligations as required by law.

Therefore, it is necessary to specify the cases in which information may be collected without the individual’s consent in accordance with applicable laws and regulations.

to analyze data, maintain information security, or prevent fraud, or, where necessary, to transfer data to other BUs within our company.

+ Scope of user data to be collected by the system.

2.3 Reasons for Providing Your Personal Information

In general, your consent forms the legal basis for our processing of your information. Therefore, you are required to agree to our User Agreement and Privacy Policy in order for our agreement to be established and performed, and for our legitimate rights and interests to be protected.

You have the right to choose whether or not to provide the relevant data. We may not be able to perform some or all of our obligations under the terms of service or provide our services without certain information from you. If you would like to learn more, please contact our data protection office using the contact details provided in the final section of this Privacy Policy.

2.4 Purpose and Methods

We will use the information you provide and the information we collect during the provision of our services to deliver our services to you. We will not use your data for any purposes other than those consistent with the purposes of data collection as detailed below.

We will use your information for the following purposes and in the following manner:

• To verify your identity and prevent unauthorized access;

• To provide our services or products in accordance with the contracts we have entered into;

• To provide other services that you request, in accordance with the requirements stated during the data collection process;

• To process transactions and communicate with you regarding the details of those transactions;

• To help monitor and resolve any errors or issues in the application;

• To conduct internal audits, data analysis, or research for the purpose of improving our products and services by evaluating our performance;

• To share your information with our partners so that they can assist us in providing our products and services to you;

• To share your information with other affiliated entities for internal management and platform support;

• To maintain the integrity and security of the information systems where we store and process your information;

• To review and investigate data breaches, illegal activities, and fraudulent behavior;

• To comply with applicable laws and regulations, or to respond to your information requirements arising from litigation and other legal proceedings, or as imposed by government authorities.

3. Device Authorization

Sometimes we may request authorization to access certain features when providing services, including but not limited to storage, contacts, notifications, GPS location, camera, Bluetooth, and NFC. You may refuse access to the relevant personal information by disabling some or all permissions in your device settings. Authorization management procedures may vary across different devices. Please refer to the relevant instructions to access device settings and system developer modes.

4. Sharing, Transfer, or Disclosure of Your Information

4.1 Sharing Your Information

Your personal information will be kept strictly confidential and will not be shared with any other company, organization, or individual, except in the following cases:

• When we obtain your explicit consent to share your information with third parties.

4.2 Transfer of Your Information

We will not transfer your information to any other company, organization, or individual except in the following cases:

• Transfer with explicit consent: when we obtain your explicit consent, we will transfer your information to a third party.

• In the event of a merger, acquisition, or bankruptcy liquidation, we will require the new company or organization that comes to own your personal information to continue to be bound by this Privacy Policy. Otherwise, we will require such company or organization to obtain your renewed consent.

4.3 Disclosure of Your Information

We will only disclose your information in the following cases:

• When we obtain your explicit consent;

• When required by law, legal proceedings (including litigation), or by government authorities.

5. Data Retention Period for Your Information

We will continue to retain your information for as long as necessary for the purposes set out in this Privacy Policy and for any additional period required or permitted by law, unless and until you withdraw your consent.

During this time, we may retain your information for research or statistical purposes; however, your information will be anonymized so that it can no longer be used to identify you.

At the same time, in accordance with the laws of the country in which you reside, we may retain your personal information to support any government or judicial investigations for the purpose of initiating or maintaining legal claims or civil, criminal, or administrative proceedings. If none of the above reasons apply to the data we retain, we will securely delete and destroy your data in accordance with relevant requirements.

6. Protection of Information of Minors

Our products and services are primarily intended for adults; however, we recognize the importance of taking additional precautions to protect the privacy and security of minors who use our products and services. We consider anyone under the age of 16 (or the age required by applicable local laws) to be a minor.

We will only use or disclose personal information of minors collected with the consent of a legal guardian, where permitted by law, with the explicit consent of the guardian, or where it is necessary to protect the minor. At any time, if a guardian requests access to, modification of, or deletion of the personal information of the minor under their guardianship, they may contact us as described in Section 13.

If we discover that we have collected personal information of a minor without first obtaining verifiable consent from a legal guardian, we will endeavor to delete the relevant information as soon as possible.

7. Information Security Measures

We adhere to internationally recognized key data protection principles (fairness, purpose limitation, data quality, data retention, compliance with individual rights, and security) and take reasonable measures to ensure the confidentiality of your personal information. We have implemented a range of technical measures to safeguard your personal information in order to reduce the risk of misuse, unauthorized access, unauthorized disclosure, and loss of availability. The security measures we have adopted include, but are not limited to, data anonymization, data encryption, firewall protection, and access authorization controls.

We will continue to retain your information for as long as necessary for the purposes set out in this Privacy Policy and for any additional period required or permitted by law, unless and until you withdraw your consent.

During this period, we may retain your information for research or statistical purposes; however, your information will be anonymized so that it cannot be used to identify you.

At the same time, in accordance with the laws of the country in which you reside, we may retain your personal information to support any government or judicial investigations for the purpose of initiating or maintaining legal claims or civil, criminal, or administrative proceedings. If none of the above reasons apply to the data we retain, we will securely delete and destroy your data in accordance with relevant requirements.

In addition, we regularly review and update the security mechanisms used to protect data in order to provide effective protection against data misuse. If you believe that the security of your data has been compromised, or if you would like to learn more about the measures we take to protect data, please contact the Data Protection Office using the contact details provided in the final section.

8. Storage of Personal Information

As our business operates globally, and based on considerations of data storage security, we will centrally store all information we collect from you on our servers located in Germany and the United States and/or in any other countries designated by us, which will be updated and reflected in this Agreement from time to time.

9. Cross-Border Transfer of Personal Information

We are a multinational company, and the scope of responsibility of our teams involved in data processing may span across the globe or multiple countries/regions. As a result, these teams may be located anywhere in the world where we conduct business, including outside the EU, in countries that may not provide the same level of personal information protection as your country. We may also transfer data outside the EU, including to China.

By using or participating in our services and/or providing your information to us, you agree that we may collect, transfer, store, and process your information outside the country/region in which you reside in accordance with this Privacy Policy. We will make our best efforts to ensure compliance with applicable legal requirements to the extent permitted by existing technology, for example, by implementing standard contractual clauses.

All data we collect is used for user and product analysis after undergoing the necessary confidentiality processing in order to provide you with better services. In such cases, we will take appropriate measures to protect your information.

10. User Profiling and Automated Decision-Making

In order to provide you with more convenient and personalized display, search, and information push services when you use our services, we may extract your preferences based on your purchase information and service log information, and create indirect user profiles based on feature tags to display and push information and possible commercial advertisements.

We may analyze processed data that cannot identify you in order to improve our products and services.

We will not use your data to carry out any fully automated decision-making.

11. Personal Information Rights and Their Exercise

11.1 Your Personal Information Rights

• Access: request access to a copy of the personal information we hold about you;

• Rectification: request correction of inaccurate or outdated information;

• Deletion and Account Cancellation: request deletion of your personal information or cancellation of your account;

• Data Portability: request that your data be provided to you and, where possible, transferred directly to another data controller;

• Restriction: request restriction of processing where there is a dispute regarding the accuracy or legality of our processing of your personal information; however, restricting processing may result in you being unable to use our services normally.

• Objection: object to the use of your personal information for user profiling and automated decision-making, and object to the sending of commercial information for direct marketing purposes using your personal information.

• Complaint: lodge a complaint regarding the processing of your data with the competent authority in your place of residence or with the relevant authority within the European Union responsible for data protection.

• Withdrawal of Consent: withdraw your consent at any time where we rely on your consent to process your data.

11.2 Methods for Exercising Your Personal Information Rights

We will safeguard your rights to access and correct your personal information. If you wish to exercise any of the rights described in Section 11.1, you may send an email to our Data Protection Office for processing.

As we receive a large volume of commercial promotional emails on a daily basis, we may not respond if we believe that your email is not related to personal information matters.

11.3 Outcomes of Requests

After a request is submitted by a personal information subject, the following outcomes may occur:

(1) Request Rejected

In certain circumstances, requests from personal information subjects may be rejected, including but not limited to the following cases:

• The personal information subject does not have the relevant rights under the laws of the country in which you reside;

• The identity of the requester cannot be verified;

• The request from the personal information subject cannot be verified or falls outside the permitted scope, especially where requests are repetitive;

• Disclosure of the information may harm the interests of relevant parties, such as where the information relates to damages or compensation received in a dispute;

• The information is retained for statistical or research purposes, and the statistical or research results do not disclose personal identities;

• Other circumstances as stipulated by applicable laws and regulations.

If an access request from a personal information subject is rejected, we will formally explain the reasons for the rejection to the requester.

(2) Request Accepted

If none of the circumstances listed in (1) apply, we will process the request. To facilitate acceptance of your request, please provide as much detailed information as possible when submitting your request, such as the type of request and specific details, information about the data subject (e.g., the products and services you use), and the time period during which the information was generated or processed (the more accurate the time frame, the more likely the request can be processed).

11.4 Withdrawal of Consent

You may change the scope of your authorization to continue the collection of personal information or withdraw your authorization by deleting configuration information, removing associated device bindings, and canceling your account.

Please understand that certain functional business services require the completion of basic personal information (such as a registered email address). Therefore, if you withdraw your consent or authorization, we will stop providing the corresponding services associated with the withdrawn consent or authorization. However, your decision to withdraw consent or authorization will not affect the processing of personal information carried out prior to the withdrawal based on your consent.

12. Changes to the Privacy Policy

We reserve the right to amend this Privacy Policy. Without your explicit consent, we will not reduce your rights under this Privacy Policy. Any changes to the Privacy Policy will be published on this page. For significant changes, we will provide more prominent notice (for certain services, we may send email notifications outlining the specific changes to the Privacy Policy).

Significant changes include, but are not limited to, the following:

• Major changes to our service model, such as the purposes of processing personal information, the types of personal information processed, and how personal information is used;

• Major changes to ownership structure, organizational structure, etc., such as changes in ownership due to business adjustments, mergers, or bankruptcy.

• Changes to the primary subject of personal information disclosure;

• Significant changes to the rights related to participation in the processing of personal information and the corresponding methods of exercising those rights;

• Changes to the department responsible for personal information security processing, or changes to contact information and complaint handling channels;

• High risks identified in personal information protection impact assessment reports.

At the same time, we will retain previous versions of this Privacy Policy for your reference.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise any of your rights, or have any requests you would like to discuss with us, please email our dedicated Data Protection Office at: MideaDPO@midea.com.

Upon receiving your request, we will make our best efforts to respond within one month from the date the personal information subject submits the request for access. Your patience and understanding are appreciated. Due to the complexity and volume of requests, the response time may be extended by an additional 45 days where necessary. In the event of a delayed response, we will inform the personal information subject of the delay and the reasons for it. If the time limits specified in this section conflict with applicable local laws, the local laws shall prevail.

If you do not agree with how we process your personal information, you may submit a mediation request or other requests to the data protection regulatory authority in your place of establishment.

- The transfer of this data will be carried out with the user’s consent.

- This data transfer is intended to serve one of the purposes stated in Section 2.4.

Reason: According to regulations, the consent of the data subject must be obtained, and the data may only be used for the purposes to which the data subject has consented.