DATA PROTECTION POLICY
(Effective Date: January 1, 2019)
The Data Protection Policy set forth below (the “Data Protection Policy”) applies to your use of the Device, Application(s) and any Smart Services (as defined herein) accessible through the Device. This Data Protection Policy is provided by Hisense International Co., Ltd., its affiliates, subsidiaries and/or parents (referred to as "Hisense" or "we" or "us" or “our” or “ours”). For the purposes of this Data Protection Policy, we are the Controller.
Introduction
We are committed to protecting the privacy of all users of the Device. The purpose of this Data Protection Policy is to inform you about the types of information we gather about you, how we may use that information, and how we disclose it to third parties.
This Data Protection Policy does not apply to information that you provide directly to, or is collected by, third parties whose Smart Services you access via the Device, which are controlled by such third parties and whose use may be governed by a separate privacy policy and/or terms of use. You should review the applicable privacy policy and/or terms of use of any third party service providers whose Smart Services you access via the Device.
1. IMPORTANT DEFINITIONS
“Adequate Jurisdiction” means a jurisdiction providing an adequate level of protection for Personal Data.
“Application(s)” means an embeddable, downloadable and/or executable software application owned by us or a third party and made available on the Device.
“Content” means all Applications, audio and visual elements, and ideas offered by us or third parties, including but not limited to, data, movies, videos, photographs, software, games, designs, likenesses, artwork, images, music, sound, information and other materials, tangible and intangible, including derivative works, on all media and formats, existing or in future.
“Controller” means the entity that decides how and why Personal Data are Processed.
“Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
“Device” means this Hisense Smart TV.
“Materials” collectively means any Content, Submitted Content (where applicable and as further defined herein), messaging, blogging, chatting, social networking, information, advertising and/or internet links, etc., accessible or delivered through the Device.
“Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
“Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Sensitive Personal Data” means personal data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that may be deemed to be sensitive under applicable law.
“Site” means any website operated, or maintained, by us or on our behalf.
“Smart Services” means the access, procurement, disposal, sale, purchase, subscription, lease, rental, consultation or other use of Materials, and all other types of services or functions typically available from the Internet, offered by us or by third parties, through Application(s).
“Submitted Content” means any Content submitted, uploaded or posted by you, on behalf of you, or by other users, on or through your Device or the Smart Services.
2. COLLECTION OF PERSONAL DATA
Collection of Personal Data: We may collect Personal Data about you from the following sources:
· Data you provide: We may obtain your Personal Data when you provide it to us (e.g., where you contact customer service via email or telephone, or by any other means).
· Relationship data: We may collect or obtain your Personal Data in the ordinary course of our relationship with you (e.g., if you purchase a product or service from us, including any Smart Service).
· Data you make public: We may collect or obtain your Personal Data that you manifestly choose to make public, including via social media (e.g., we may collect information from your social media profile(s), if you make a public post about us).
· Smart Service data: We may collect or obtain your Personal Data when you download or use any Smart Services.
· Submitted Content: We may collect or obtain your Personal Data when you provide any Submitted Content.
· Site data: We may collect or obtain your Personal Data when you visit any of our Sites or use any features or resources available on or through a Site.
· Registration details: We may collect or obtain your Personal Data when you use, or register to use, any Smart Services.
· Content and advertising information: If you choose to interact with any third party Content or advertising in any Smart Services, we may receive Personal Data about you either directly, or from the relevant third party providing that Smart Service.
· Third party information: We may collect or obtain your Personal Data from third parties who provide it to us, including third party providers of Smart Services.
Creation of Personal Data: We may also create Personal Data about you, such as records of your communications with us, and details of your viewing history and your purchase history.
3. CATEGORIES OF PERSONAL DATA WE MAY PROCESS
We may Process the following categories of Personal Data about you to the extent that such processing is strictly necessary in connection with the purposes of processing set out in this Data Protection Policy:
· Personal details: given name(s); preferred name; nickname and photograph.
· Demographic information: gender; date of birth / age; nationality; salutation; title; and language preferences.
· Contact details: address; telephone number; email address; and details of your public social media profile(s).
· Purchase details: records of purchases and prices, including purchases made via Smart Services.
· Payment details: invoice records; payment records; billing address; payment method; bank account number or credit card number; cardholder or accountholder name; card or account security details; card ‘valid from’ date; and card expiry date; payment amount; payment date; and records of cheques.
· Data relating to Sites and Smart Services: Device details; settings; IP address; language settings; dates and times; Smart Service usage statistics; Smart Service settings; dates and times of connecting to a Smart Service; location data, and other technical communications information; username; password; security login details; usage data; aggregate statistical information.
· Content and advertising data: records of your interactions with our online advertising and Content, records of advertising and Content displayed on pages or Smart Service screens displayed to you, and any interaction you may have had with such Content or advertising.
· Views and opinions: any views and opinions that you choose to send to us (e.g., through surveys or polls, feedback forms, or ratings of Smart Services in third party Application stores) or publicly post about us on social media platforms.
· Non-Personal Data. When you use the Device, we may also collect certain information that, by itself or in combination with other such information, cannot be used to identify you individually, or contact you personally (“Non-Personal Data”). Non-Personal Data also includes technical information related to your use of the Device, including but not limited to Device performance information, Device usage information, Smart Service usage information, and/or other unidentifiable technical data involving your use of the Device. Non-Personal Data may also include certain data or information that you provide us through your use of the Device, such as query terms you enter into the search functions of the Device, page requests, Content or programming accessed or viewed, or data about specific services or applications accessed by you, the date and time of your request, etc.
· Amazon Alexa Service. This Device may ship with Amazon Alexa Service (“AAS”). AAS is set to “off” by default, meaning that AAS is disabled, and will not collect your Personal Data, unless and until you expressly opt-in. Subject to your prior, express opt-in, AAS may enable you to use voice commands and services to control the Device, and to receive other AAS-enabled devices connected to the same Hisense and Amazon accounts. We will not process your voice data. The only personal data we process in connection with AAS are login details for the relevant AAS and Hisense user accounts. For information about AAS and your rights, you should review the respective applicable third party terms of use and privacy policies, available as of the Effective Date of this Data Protection Policy at https://www.amazon.com/gp/help/customer/display.html?nodeId=201809740. If you enable this option, the Alexa service on your Device may interact with other devices that are connected to the Alexa service.
· Personal Data of Children Under Thirteen (13). We are committed to protecting the Personal Data of children, and recognize that parents, guardians, or other adults may purchase the Device for family use, including by minors. As such, Smart Services accessed through the Device are not intended for use by individuals under the age of thirteen (13) and we will not knowingly collect Personal Data from individuals under such age for any purpose, nor will we accept registration from such individuals. In some cases, particularly where information is collected electronically, we may not be able to determine whether information was collected from children under age thirteen (13), and we treat such information as though it were provided by an adult. If we learn that a child under the age of thirteen (13) has provided any Personal Data, we will use commercially reasonable efforts to delete such information. We encourage parents and legal guardians to participate in all online activities of their children and prevent them from disclosing any Personal Data to us via the Smart Services. WE EXPRESSLY DISCLAIM ANY RESPONSIBILITY OR LIABILITY FOR THE USE, OR MISUSE, OF SUCH FEATURES BY CHILDREN IN VIOLATION OF THIS DATA PROTECTION POLICY.
· Cookies and Other Tracking Technologies. At times, the Device or Smart Service(s) may use “cookies” or other technologies (such as browser cookies, flash cookies, and web beacons). A “cookie” is a small data file that is placed on the Device and stored locally on the Device. These technologies help us better understand user behavior, tell us about Smart Services that you have viewed or accessed and help us make your experience with the Device or Smart Service(s) more convenient and customized. Additionally, cookies and other technologies may be used to collect information about your online activities over time and across third party websites or other services. See Section 9 (b) of this Data Protection Policy: “YOUR RIGHTS AND CHOICES” for information on how you can disable these tracking technologies.
4. LEGAL BASIS FOR PROCESSING SENSITIVE PERSONAL DATA
In Processing your Personal Data in connection with the purposes set out in this Data Protection Policy, we may rely on one or more of the following legal bases, depending on the circumstances:
· Consent: We may Process your Personal Data where we have obtained your prior, express consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way);
· Contractual necessity: We may Process your Personal Data where the Processing is necessary in connection with any contract that you may enter into with us;
· Compliance with applicable law: We may Process your Personal Data where the Processing is required by applicable law;
· Vital interests: We may Process your Personal Data where the Processing is necessary to protect the vital interests of any individual; or
· Legitimate interests: We may Process your Personal Data where we have a legitimate interest in carrying out the Processing for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms.
5. SENSITIVE PERSONAL DATA
We do not seek to collect or otherwise Process your Sensitive Personal Data in the ordinary course of our business. Where it becomes necessary to Process your Sensitive Personal Data for any reason, we rely on one of the following legal bases:
· Compliance with applicable law: We may Process your Sensitive Personal Data where the Processing is required or permitted by applicable law;
· Detection and prevention of crime: We may Process your Sensitive Personal Data where the Processing is necessary for the detection or prevention of crime (including the prevention of fraud);
· Establishment, exercise or defence of legal rights: We may Process your Sensitive Personal Data where the Processing is necessary for the establishment, exercise or defence of legal rights; or
· Consent: We may Process your Sensitive Personal Data where we have, in accordance with applicable law, obtained your prior, express consent prior to Processing your Sensitive Personal Data (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).
6. HOW WE USE THE INFORMATION WE COLLECT
We may Process your Personal data for the following purposes:
· Provision of Sites Smart Services to you: providing Sites and Smart Services to you; registering your account on the Device; providing you with details of, and access to, third party Smart Services; providing you with other products and services that you have requested; providing you with promotional items at your request; and communicating with you in relation to those products and services; operating and managing Sites and Smart Services; providing Content to you; displaying advertising and other information to you; communicating and interacting with you via Sites and Smart Services; and notifying you of changes to any Sites and Smart Services.
· Operation of the Device: providing and maintaining services in connection with the Device; providing remote control functionality via other devices; administering the Device (including Processing any searches or requests for certain Materials, recommending Materials, providing blogs, open forums, discussion pages or personalized features).
· Communications with you: communicating with you via any means (including via email, telephone, text message, social media, post or in person) news items and other information in which you may be interested, subject to ensuring that such communications are provided to you in compliance with applicable law; offering you customised Content suggestions; maintaining and updating your contact information where appropriate; and obtaining your prior, opt-in consent where required.
· Communications and IT operations: management of our communications systems; operation of IT security systems; and IT security audits.
· Health and safety: health and safety assessments and record keeping; and compliance with related legal obligations.
· Financial management: sales; finance; corporate audit; and vendor management.
· Surveys and polls: engaging with you for the purposes of obtaining your views on our products and services.
· Investigations: detecting, investigating and preventing breaches of policy, and criminal offences, in accordance with applicable law.
· Legal proceedings: establishing, exercising and defending legal rights.
· Legal compliance: compliance with our legal and regulatory obligations under applicable law.
· Improving our Sites and Smart Services: identifying issues with Sites and Smart Services; planning improvements to Sites and Smart Services; and creating new Sites and Smart Services.
· Non-Personal Data. We may use Non-Personal Data for our internal purposes, such as to offer Device-specific viewing recommendations, to understand aggregate usage patterns, to administer the Device, or to provide you with improved features (such as AAS). We reserve the right to use or disclose aggregate and/or Device-specific Non-Personal Data in any way we see fit, including for our and our partners' marketing and advertising purposes and to other third parties (such as Amazon), and you acknowledge and consent to such. We may also use diagnostic data (which does not identify you and does not contain Personal Data) for the purposes of improving the Smart Services.
· Combinations of Information. We may combine Personal Data and Non-Personal Data collected with other data in order to provide and improve services provided in connection with the Device and the Smart Services. We may also, from time to time, transfer or merge any Personal Data collected off-line to our online databases or store off-line information in an electronic format. We may also combine Personal Data we collect online with information available from other sources, including information received from our affiliates, marketing companies, or advertisers. If we combine any Non-Personal Data with Personal Data, the combined information will be treated as Personal Data under this Data Protection Policy for as long as it remains combined.
7. HOW WE SHARE AND DISCLOSE INFORMATION
There are times where we may share the information described in this Data Protection Policy, and this section describes how we may share such information. We will only disclose your Personal Data to the extent that such disclosure is necessary: (i) to provide you with Smart Services you have requested; (ii) for compliance with applicable law; (iii) to establish, exercise or defend our legal rights; or (iv) to the extent necessary in connection with the sale or reorganization of any relevant portion of our business.
· Personal Data and Non-Personal Data. We may share Personal Data and Non-Personal Data as follows:
o With our and our affiliates staff, employees, contractors, agents, to help us provide or improve the services in connection with the Device and/or the Smart Services.
o With our professional advisors.
o With third parties and their advisors in connection with a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Hisense’s assets, financing, sale of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
o When required to or are permitted to do so by applicable law or regulation.
o With any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security.
o With any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights.
o With legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation.
o With carefully selected third parties, including suppliers or commercial partners as necessary to provide a service to us or to perform a function on our behalf in connection with the Device and/or the Smart Services. For any disclosure of your Personal Data by us to a carefully selected third party or to any third party referred to in this Data Protection Policy, we will comply with data protection law by ensuring that there are arrangements in place to ensure that the third party keeps your data secure, does not use your Personal Data for any purposes other than the purposes we specify and in accordance with the purposes outlined in this Data Protection Policy.
o With other third parties solely at your direction and with your express consent, and only for purposes that you request.
· Voice Services Data. Your voice data are only processed via the Device when you expressly opt-in to AAS. As described in this Data Protection Policy, once you opt-in to AAS, your voice data will be transmitted to Amazon for processing, to enable the following AAS features and services:
o for Basic Voice Services: natural language processing to enable you to control the Device and certain features with your voice; and
o for Advanced Voice Services: natural language processing to enable you to control the Device and certain features with your voice, as well as for accessing and controlling other AAS enabled and compatible devices connected to the same AAS account;
o We will not process your voice data. The only personal data we process in connection with AAS are login details for the relevant AAS and Hisense user accounts. Amazon may process your voice in accordance with the terms and policies that Amazon presents to you when you launch AAS for the first time. We encourage you to review that information carefully. For information about AAS and your rights, you should review the respective applicable third party terms of use and privacy policies, available as of the Effective Date of this Data Protection Policy at https://www.amazon.com/gp/help/customer/display.html?nodeId=201809740.
8. THIRD PARTY MATERIALS AND ADVERTISEMENTS
Third parties who offer Materials on the Device may collect Personal Data or Non-Personal Data when you access their Materials. We are not responsible for the data collection and privacy practices employed by such third parties or their services, and they may be collecting data about you and may be sharing it with us and/or others. These third parties and their services may also track you across sites and time, serve you their own advertisements (including interest-based advertisements) and may or may not have their own published privacy policies.
In addition, when you are using the Device you may be directed to other services that are operated and controlled by third parties that we do not control. For example, if you browse the Internet and “click” on a link on a website, the link may take you to a different website. We encourage you to note when you access a new website or Smart Service and to review the privacy policies of all third party locations and exercise caution in connection with them. We are not responsible for the availability, completeness or accuracy of such third parties’ policies or notices.
9. YOUR CHOICES REGARDING DATA COLLECTION AND CHANGING PREFERENCS
a. AMAZON ALEXA SERVICE
AAS is provided by Amazon.com, Inc. or its affiliates. You may visit www.amazon.com/gp/help/customer/display.html?nodeId=201809740 for further information regarding AAS, including the applicable Terms of Use and Privacy Notice.
b. YOUR RIGHTS AND CHOICES
Data accuracy
We take every reasonable step to ensure that:
· your Personal Data that we Process are accurate and, where necessary, kept up to date; and
· any of your Personal Data that we Process that are inaccurate (having regard to the purposes for which they are Processed) are erased or rectified without delay.
From time to time we may ask you to confirm the accuracy of your Personal Data.
Data minimization
We take every reasonable step to ensure that your Personal Data that we Process are limited to the Personal Data reasonably necessary in connection with the purposes set out in this Data Protection Policy.
Data retention
We take every reasonable step to ensure that your Personal Data are only Processed for the minimum period necessary for the purposes set out in this Data Protection Policy.
The criteria for determining the duration for which we will keep your Personal Data are as follows: we will retain copies of your Personal Data in a form that permits identification only for as long as is necessary in connection with the purposes set out in this Data Protection Policy, unless applicable law requires a longer retention period. In particular, we may retain your Personal Data for the duration of any period necessary to establish, exercise or defend any legal rights.
Your rights
Subject to applicable law, you may have a number of rights regarding the Processing of your Personal Data of which we are a Controller, including:
· the right not to provide your Personal Data to us (however, please note that we may be unable to provide you with the full benefit of any Sites and Smart Services you request, if you do not provide us with your Personal Data – e.g., we may not be able to Process your orders without the necessary details);
· the right to request access to, or copies of, your Personal Data, together with information regarding the nature, Processing and disclosure of those Personal Data;
· the right to request rectification of any inaccuracies in your Personal Data;
· the right to request, on legitimate grounds:
o erasure of your Personal Data; or
o restriction of Processing of your Personal Data;
· the right to object, on legitimate grounds, to the Processing of your Personal Data by us or on our behalf;
· the right to have certain Personal Data transferred to another Controller, in a structured, commonly used and machine-readable format, to the extent applicable;
· where we Process your Personal Data on the basis of your consent, the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Data in reliance upon any other available legal bases); and
· the right to lodge complaints with a Data Protection Authority regarding the Processing of your Personal Data by us or on our behalf.
This does not affect your statutory rights.
If you would like to exercise any of these rights, please contact us via the after-sales service center written in the warranty card inside the box of each Device or (if you are EU-resident) via our EU Representative (see “contact us”). Please note that:
· we may require proof of your identity before we can give effect to these rights; and
· where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.
If we receive a valid request to give effect to any of these rights, we will make reasonable efforts to do so within one (1) month or, to the extent permitted by applicable law, as soon as reasonably practicable. If you request removal of your Personal Data, you acknowledge that your Personal Data may continue to exist in a non-erasable form that will be difficult or impossible for us to locate, and for archival file purposes, we reserve the right to retain any information removed from, or changed in our active databases for non-commercial purposes including for dispute resolution, improving the Smart Services, troubleshooting problems, and enforcing the EULA and this Data Protection Policy.
The rights set out above not apply to our collection of Non-Personal Data. We reserve the right to refuse to Process data removal requests that are impractical or jeopardize the privacy of others. The refusal to Process Personal Data removal shall be justified under the applicable legislation.
All users of the Device are required to provide true, current, complete and accurate Personal Data when prompted, and we will reject and delete any entry that we believe in good faith to be incorrect, false, falsified, or fraudulent, or inconsistent with or in violation of the Data Protection Policy.
Cookies
If you want to clear cookie data stored on the Device, please go to “Home”, select “Settings”, select “Support”, select the “Restore to Factory Default” option, and select “OK”.
10. SECURITY OF THE INFORMATION WE COLLECT
We take the security of your Personal Data seriously. We maintain physical, administrative, technical and organizational safeguards designed to maintain the confidentiality and security of your Personal Data. Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted through use of the Device and the Smart Services. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures for the Device or the Smart Services.
11. BULLETIN BOARDS AND OTHER PUBLIC AREAS
We may offer bulletin boards or other public functions on the Device and/or Smart Services, and any posting by you in these areas is considered public information that is available to other users. We do not control, and are not responsible for, the actions of other users of the Device and/or Smart Services with respect to any information you post in public areas. In addition, information that you submit to public areas may be collected and used by others to send you unsolicited messages and for other purposes. Any posting in bulletin boards and public areas on the Device are governed by the EULA for the Device or the terms and conditions of the applicable third parties web sites. Portions of your user profile may also be available to other users, and you should take care to not use Personal Data in your user name or other information that might be publicly available to other users.
12. INTERNATIONAL TRANSFER OF INFORMATION
We may transfer and store Personal Data you provide to us in connection with your use of the Device on servers located in countries outside of your jurisdiction. We may also transfer Personal Data we collect from you to the People's Republic of China or to other countries outside of your jurisdiction to Hisense or to the third parties referred to in this Data Protection Policy, to the extent that such transfers are necessary for the purposes of fulfilling our obligations under this Data Protection Policy or the EULA.
13. DATA PROTECTION POLICY VERSIONS AND CHANGES
We reserve the right to change this Data Protection Policy at any time or for any reason, and will post any changes to this Data Protection Policy within a reasonable period after they go into effect. This Data Protection Policy will remain in full force and effect as long as you are a user of the Device, even if your use of or participation in any particular service, feature, function or promotional activity terminates, expires, ceases, is suspended or deactivated for any reason.
CONTACT US
Please direct any additional questions you may have regarding this Data Protection Policy to gjyxinfo@hisense.com, or – if you are resident in the European Union to our
EU-Representative:
VERDATA Datenschutz GmbH & Co. KG
Roemerstr. 12
D – 40476 Duesseldorf
Email: hisense.representative@verdata.de
or to the Customer Services below via phone, email or regular mail if you are located in that country or region.
HISENSE USA Corporation
ATTN: Customer Service Director
7310 McGinnis Ferry Road, Suwanee, GA, 30024
Phone: 1-678-318-9060
Fax: 1-678-318-9079
Email: customercare@hisense-usa.com
Hisense Canada Co., Ltd.
ATTN: Customer Service
2283 Argentia Rd., Unit 16, Mississauga ON, Canada L5N 5Z2
Phone: 1-855-344-7367
Fax: 905-812-9902
Email: canadasupport@hisense.com
HISENSE MEXICO, S. DE R.L. DE C.V.
Atención al Cliente
Miguel de Cervantes Saavedra Número 301
Torre Norte, Piso 2.Col. Ampliación Granada
Miguel Hidalgo, Ciudad de México, CP 11510
Phone: 01 800 008 8880
Email: servicio@hisense.com.mx