The Privacy Statement was updated on MARCH 31, 2021.
This is a Privacy Statement for GD MIDEA AIR CONDITIONING EQUIPMENT Co., Ltd. (hereinafter referred to as MG, We and Our). The Privacy Statement applies to all types of products, applications, information systems, websites and other services provided by MG (all the above are referred to as services). MG respects protection of users' personal information and we believe protecting individual privacy of each customer, supplier and employee is key to win and maintain the trust from customers and investors. We hope to clarify how we are committed to protecting your personal information through the following Privacy Statement.
The key points of the Privacy Statement are as follows:
- The Privacy Statement explains the specifics of our collection, processing and protection of personal information so that you can understand your personal information.
- When you register your account and use our services, we will collect your personal information [such your as email address, device information and log information] based on your consent and our needs of service provision.
- We are the data controller of your information, which means we are granted the discretion to decide how to process your personal information and for what purposes. We will process your personal information for the purpose and scope set forth in this Privacy Statement and will only share your data with the listed data recipients.
- We will not disclose your personal information to the public or any third parties except as required by laws, regulations, legal proceedings, litigation or mandatory requirements of the government authorities, unless we have obtained your express consent.
- We will use, store and transmit (hereafter referred to as Process) your personal information in accordance with the strictest standards worldwide, including but not limited to GDPR and local laws in your area.
- We value your personal information security and will adopt security protection measures that meet legal and industry standards to protect your data from unauthorized access, disclosure, use, modification, damage or loss.
- You can access, correct, limit or delete your personal information through channels listed in the Privacy Statement, or you can contact us for enquiry or complaint.
We recommend that you read the Privacy Statement in its entirety. If you have any questions about the Privacy Statement, you can contact us via the email address provided.
By using or continuing to use our products and services, you agree to the content of the Privacy Statement. If you do not agree to any of the Privacy Statement, you should stop using our services immediately.
Table of Contents
1 Personal information We Collect. 4
1.1 Definition of Personal Information. 4
1.2 Timing of Personal Information Collection. 4
1.3 Scope of Personal Information Collection. 4
2 Personal information we deal with.. 5
2.1 Role we play in dealing with your information. 5
2.2 Legal foundation for our handling with your personal information. 5
2.3 Reasons for providing your personal information. 5
2.4 Purposes and methods of handling your information. 6
3.1 Cookie technology. 6
3.2 Web beacons and pixel beacons. 6
3.3 Device authorizations. 7
4 How we share, transfer or disclose your personal information.. 7
4.1 Sharing your information. 7
4.2 Transferring your information. 7
4.3 Disclosing your information. 7
5 Limitation period for saving your personal information.. 7
6 Are data subjects under the age of 16 allowed to accept our service? 8
7 Measures to protect your information.. 8
8 Storage of personal information.. 9
9 Cross-border transmission of personal information.. 9
10 User Portraits and Automated Decision.. 9
11 Your personal information rights and the method of exercising the rights. 9
11.1 The personal information rights you have. 9
11.2 Methods of exercising personal information rights. 10
11.3 Results of request. 10
11.4 Withdraw consent. 10
12 Change of Privacy Statement. 11
13 Our contact methods. 11
1 Personal information We Collect
1.1 Definition of Personal Information
Personal information refers to any information relating to an identified or identifiable natural person. In other words, personal information is any information that allows us to identify you directly or indirectly.
Personal information includes both general personal information and sensitive personal information. General personal information includes your name, email address, phone number, billing address, and the IP address and browser cookies of your device, etc. Sensitive personal information includes your race or ethnicity, religious belief, union status, sexual and health data, genetic data, biometric data, etc.
In the Privacy Statement, we also use "data" to represent personal information.
1.2 Timing of Personal Information Collection
We will collect your personal information under certain circumstances, such as:
- When you register as our user (whenever you log in or use it);
- When you use our services and products;
- When you use our various websites and applications;
- When you buy any of our products;
- When you participate in our user surveys;
- When you click on our ads or marketing information;
- When you fill out the form or contract sent to you by us;
- When you sign up or join our event;
- When you contact us via the contact information we have provided to you.
1.3 Scope of Personal Information Collection
We will use data that you provide to us explicitly under various circumstances. We will also collect personal information from your device or from the use of our services. The personal information we collect is as follows.
- When you register or log in, we will collect information you enter including the email address, password, etc. that you use in registration.
- When you use [bonded and controlled devices], we will collect the above information and information of [device model, IP address, location, device status], etc.;
- When you use [devices with camera surveillance systems], we will collect the above information and information of [images captured by the camera], etc.;
- When you download or use the app, we may read information about your mobile device based on the needs of the service, such as information of the hardware model, IMEI number or other unique device identifier, MAC address, IP address, operating system version and location. We may also read information about the use of your appliances through the Internet of Things (IoT) app, such as the device model, operating status, frequency of usage, and the use of cameras built into the device. We may also receive and record information about your conversations, audios, videos, pictures, etc. in voice interaction with IoT devices.
- When you use a product or service, we will automatically receive and record information about your browser and computer or App client, such as your IP address, browser type, language used, and access date and time, hardware and software feature information and web page records you need, based on the needs of the service.
- To help us understand the operation of M-smart App, we will use the mobile analysis software SDK based on the needs of the service. We may record information such as your frequency of usage data, corrupted data, overall usage data, performance data, etc. We will not associate information stored in the analysis software with any of your personal information.
- It is important to note that separate device information or service log information cannot identify a particular natural person. If we combine such non-personal information with other information to identify a particular natural person or use it in conjunction with personal information, such non-personal information will be treated as personal information during the period combined use, and we will anonymize and de-identify such information unless we have your authorization or unless otherwise stipulated.
As mentioned above, we will store your account information in the database so that you can get your personal data every time you visit our website and use our App or other services.
All data we collect about you may be stored in our server as log files which will be used for analysis and research. After being processed in the server, your data will be transmitted to the database.
We will back up data on a regular basis to prevent data loss due to server failure or human error. Subject to our data retention policy, we will retain all such data copies in the backup database and will delete them immediately at your request.
2 Personal information we deal with
2.1 Role we play in dealing with your information
We are the controller of your information, which means we are granted the discretion to decide which purpose we can use your information for. We understand your concern regarding how we use and share your data and thank you for your trust. We will use your data with caution for reasonable causes.
2.2 Legal foundation for our handling with your personal information
We will use and handle your data only under any of the following circumstances:
- When we have your consent (e.g. when you sign up);
- When it requested for the purpose of performing the contract we enter into with you;
- When it is legally obligated (e.g. to confirm your age to prevent us from collecting data from minors, or to keep records, or to perform duties required by the governmental authorities);
- When it is within our legal rights or interests (e.g. to implement our policies, to manage day-to-day business, to aggregate data anonymously for data analysis, to maintain information security, to prevent frauds, or, if necessary, to transfer the data to other BUs of our company).
2.3 Reasons for providing your personal information
Generally, your consent constitutes the legal foundation for us to handle your information. It is therefore necessary for you to agree with our user agreement and Privacy Statement for our agreement to be formulated and performed and our legal rights and interests to be protected.
You have the right to choose whether to provide the relevant data. We may not be able to undertake part or all of the obligations according to the service terms or provide our services without some of your information. If you wish to learn more, please contact our data protection office using the contact details under the last section of this Privacy Statement.
2.4 Purposes and methods of handling your information
We will use information provided by you and collected by us in the process of services to offer you our services. We will not use your data for any other purposes that does not fit the purposes for data collection that are detailed below.
We will use your information for the following purposes in the following manners:
- To verify your identity to prevent unauthorized access;
- To run our websites and Apps to allow access to our services for you;
- To offer our services or products according to the contract we enter into;
- To offer other services you request according to the requirements stated during data collection;
- To process transactions and communicate with you regarding the details of such transactions;
- To help track and fix any fault or error in the application;
- To conduct internal audit, data analysis or research to the end of improving our products and services through evaluating our efficiency;
- To share your information with our partners so that they can assist us in offering our products and services to you;
- To share your information with other branch institutions for internal management and background support;
- To maintain the integrity and security of the information system where we store and process your information;
- To scrutinize and investigate into data leaks, illegal activities and fraudulent behaviors;
- To comply with applicable laws and regulations or the demand for your information requested for litigation and other legal proceedings or imposed by governmental authorities.
3.1 Cookie technology
3.2 Web beacons and pixel beacons
We use web beacons and pixel beacons or other similar data tracking technologies besides Cookies. For instance, the emails we send you may include clickable URL links to the contents on our websites. If you click on such links, your clicks will be tracked for us to understand your preferences on our products and services, so that we can improve the customer service experience for you. Web beacons are usually transparent image objects embedded in websites or emails. We can be informed whether an email letter has been opened or not through such pixel beacons. If you wish not to be tracked through such means, you may unsubscribe from our mailing list at any time.
3.3 Device authorizations
We occasionally demand authorizations to access, including but not limited to, your storage, contacts, notifications, GPS locations, cameras, Bluetooth, NFC when providing services. You may deny the access to relevant personal information by turning off part or all of the authorizations in device settings. The authorization management process is different in different devices. Please refer to the relevant instructions for accessing the device settings and the system developer mode.
4 How we share, transfer or disclose your personal information
4.1 Sharing your information
Your personal information will be kept strictly confidential and will not be shared with any other company, organization, or individual, except in the following circumstances:
- When we have obtained your clear consent to share your information with a third party;
- When we share your information with authorized staff members or the branch institutions of our company across the world only in order to: provide further services; carry out internal management; scrutinize for or handle data leaks, illegal activities, or frauds; to maintain the integrity of the company's IT system. We share only necessary information with authorized staff member within the minimal scope, which are limited to the purposes stated in this Privacy Statement. We sign non-disclosure agreements (NDA) with the authorized staff members.
- When we share your information with a third-party service provider (or partner) for the benefit of offering or improving our services including but not limited to cloud services, video surveillance services, IT supports, custom services. We sign rigorous data handling agreements with all relevant third-party service providers (or partners) which requires them to take certain security measures in handling your information pursuant to the relevant laws and regulations and our requirements to safeguard your data security.
- When we disclose your information under the demands of the laws and regulations or government authorities.
4.2 Transferring your information
We will not transfer your information to any other company, organization, or individual except under any of the following circumstances:
- Transfer under clear consent: when we have obtained your clear consent, we will transfer your information to a third party.
4.3 Disclosing your information
We will only disclose your information under the following circumstances:
- When we have obtained your clear consent;
- When the law, legal proceedings including litigation, or government authorities, demand so;
5 Limitation period for saving your personal information
The limitation period for saving your personal information shall not exceed the period of reasonable need to process the specific purpose of the information. Where you shall or have consented to our processing of your personal information, we shall store and process the data until you withdraw the consent.
Whereas, we may postpone the retention of your information for research or statistics. If we delay the retention of your information for this purpose, we shall guarantee that your information shall be processed anonymously and no one shall be able to trace you through the information.
At the same time, in accordance with EU laws and regulations or requirements of members of the European Union, we may still retain your personal information to assist in any government and judicial investigations for the purpose of submitting or maintaining legal requests or civil, criminal or administrative procedures. If the above reasons fail to apply to the data we preserve, we shall delete and destroy your data in a secure manner in accordance with the relevant requirements.
6 Are data subjects under the age of 16 allowed to accept our service?
Our products and services shall be primarily for adults, yet, we shall be aware of the importance of taking extra precautions to guarantee the privacy and security of people under legal age who use the products and accept the services. Anyone who is under the age of 16 (or the age as required by the local law) shall be considered as a person under legal age by Midea.
We will only use or disclose the personal information of people under legal age collected with the consent of the guardian on the condition that the law permits, the guardian expressly consents or the protection of the people under legal age is necessary. At any time, the guardian who asks to access to, modify or delete personal information of the person under guardianship shall contact us as described in Section 13.
If we are found to collect personal information of people under legal age without firstly obtaining the consent of a verifiable guardian, we shall try to remove the relevant content as soon as possible.
7 Measures to protect your information
We pay high attention to and are committed to guaranteeing the security of your personal information. We have applied a range of techniques to guarantee the security of your personal information to minimize the risk of misuse, unauthorized access, unauthorized disclosure and inaccessibility. Security measures we have adopted include but are not limited to: data desensitization, data encryption, and authorization control of firewalls and data access.
At present, we have obtained the following professional certifications:
- ISO/IEC 27001 Information Security Management System Certification
- ePrivacy Privacy Certification.
In addition, we shall regularly check and update the security mechanisms used to protect data in order to provide effective protection against data misuse. If you believe that the security of your data has been compromised, or you would like to know more information about the measures we adopt to protect data, please contact the Data Protection Office through the contact method provided in the last section.
8 Storage of personal information
We shall select the corresponding server to store your data in accordance with the region or country in which you live. We currently set servers in Frankfurt, Germany and Oregon, the United States to store your personal information.
9 Cross-border transmission of personal information
We may transfer your data to our branches in other countries around the world depending on our global businesses. In the international data transmission, we shall ensure that your personal information is protected by applying the level of security required by the relevant laws and regulations. In case of transferring your data to countries/regions where this level of protection fail to be guaranteed, in order to protect your personal information, we have further strengthened IT security measures and signed the protection clause of standard data with the data transmission party, requiring it to assume corresponding responsibility.
10 User Portraits and Automated Decision
We currently shall not conduct any form of user portrait activity - a technology automatically processing your personal information, including using your personal information to construct a description of your characteristics, to evaluate or to predict relevant matters related to you. We currently shall not use your data to conduct any fully automated decision – an automated decision made through a technology without human involvement.
But we may analyze processed data that fail to identify you to improve our products and services, such as anonymized user portrait analysis.
11 Your personal information rights and the method of exercising the rights
11.1The personal information rights you have
If you provide us with your personal information through our service, your rights on the information shall include:
- Access: demand to provide a copy of the personal information we hold about you;
- Correct: demand to correct the information containing errors or the expired information;
- Logout and Cancel: demand to cancel your account or delete your personal information;
- Carry: demand to provide your data and, if possible, to transfer the data directly to another data controller;
- Restrict: demand to limit the processing for any dispute on the accuracy or legality of our processing of personal information; yet, the right on processing may cause you to be unable to accept our services normally;
- Refuse: oppose to use your personal information for user portraits and automatic decision-making, and oppose to send commercial information for direct marketing by using your personal information;
- Lodge a complaint: lodge a complaint on the processing of your data with the competent authority of your residence or the member of the European Union that processes your data;
- Agree to withdraw: withdraw the consent at any time when we rely on your consent to process the data.
11.2 Methods of exercising personal information rights
If you wish to exercise any of the rights described in Article 11.1, you may send e-mail to our Data Protection Office for processing. Upon receiving your request, we shall make every effort to respond within one month of the request from the subject of personal information for the access. Your patience and understanding are highly appreciated. Given the complexity and quantity of requirements, if necessary, the period may be extended by another two months. In case of deferred response, we shall inform the subject of the personal information and the reasons for the delay. If the limitation period set in this paragraph conflicts with the local laws, the local laws shall prevail.
As we receive a large amount of commercial promotion e-mails every day, we shall not respond if we believe that your e-mails are not related to personal information.
11.3 Results of request
After the request is made by the subject of personal information, the following results may occur:
(1) Request denied
In some cases, requests from personal information subjects shall be rejected, including but not limited to:
- The subject of personal information is not granted relevant rights by the local laws;
- The identity of the person making the request fails to be verified;
- The request made by the subject of personal information fails to be verified and is beyond scope, especially when the request is repeated;
- The disclosure of information is prone to harm the interests of the relevant parties if the information involved is related to the damage or compensation received in the dispute;
- The information shall be retained for statistics and research, and the results of statistics and research shall not reveal personal identities;
- Other legally prescribed circumstances.
If the access request of the subject of personal information is rejected, we shall formally explain the reason to the requester.
(2) Request accepted
If there is no circumstance as specified in (1), we shall process the request. If you really want the request to be accepted, please provide us with as much detailed information as possible when requesting, such as the request type and specific content, information about the holder (such as the name of the product and service you use), and time for generating or processing information (if the time could be as exact as possible, the request may be accepted).
11.4 Withdraw consent
You may change the scope of your authorization to continue to collect personal information or withdraw your authorization by deleting the configuration information, removing binding the associated device, and canceling the account number.
Please understand that the service of business function shall require some basic personal information (registration e-mail) to be completed, so if you withdraw your consent or authorization, we will stop providing the service corresponding to the withdrawal of consent or authorization. Yet, your decision to withdraw your consent or authorization shall not affect the processing of personal information previously based on your authorization.
12 Change of Privacy Statement
We shall reserve the right to modify the Privacy Statement. Without your express consent, we shall not reduce your rights in accordance with the protection policy of personal information. Any change to the Privacy Statement shall be posted on this page. For major changes, we shall provide more obvious notice (for certain services, we shall send an e-mail notification to state the specific changes to the Privacy Statement.)
Major changes referred to herein include but are not limited to:
- Our service model has changed significantly, such as the purpose of processing personal information, the type of personal information under processing, the way of using personal information, etc.;
- Our ownership structure, organizational structure, etc. have changed significantly. Such as owner change caused by business adjustments, bankruptcy mergers, etc.;
- Main subject change of public disclosure of personal information;
- Significant change of your right to participate in the processing of personal information and the corresponding exercising methods;
- Change of the department responsible for processing the security of personal information, or change of contact information and complaint receiving channels;
- A high risk as shown by assessment report of personal information security impact;
At the same time, we shall archive the former version of this Privacy Statement for your reference.
13 Our contact methods
If you have any questions about this Privacy Statement, or you wish to exercise any right, or you have any requests to discuss with us, please send an email to our Information Protection Office specially established at the following address:
If you disagree with us about our processing of your personal information, you may submit a mediation request or other requests to data protection regulator where you are located.