Privacy Policy

Our Privacy Policy was updated on Mar 30, 2021. We have revamped the Privacy Policy front and back so that from this date onwards, this Privacy Policy can provide privacy details on how we manage your personal data when you use Services and Products (defined below) provided by Beijing Smartmi Technology Co.,Ltd.

Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.

To give you an overview, this Privacy Policy is structured as follows:

 

SCOPE OF THE PRIVACY POLICY

 

This Privacy Policy sets out how Beijing Smartmi Technology Co.,Ltd. and its affiliated companies (“Smartmi”, “we”, “our” or “us”, at the end of this document, you will find the contact details of us) collect, use, disclose, process and protect your personal data that you give us when you use smart devices produced by us (“Product”) by connecting them to Smartmi Link App (“App”) or third-party platform (including Mi Home and Tuya, collectively referred to “apps” with the App). Should we ask you to provide certain information by which you can be identified when using the Product, it will only be used in accordance with this Privacy Policy and/or our terms and conditions for users. This Privacy Policy applies to you in case you:

  • you connect the Product to the apps and in case you are located in the European Union (“EU”).
  • you use our websites and online properties, including www.smartmiglobal.com, our Facebook Account, our Twitter Account (collectively, the “Sites”) and in case you are located in the EU.
  • you actively contact us by phone, email or other online means and you are located in the EU.

Should you be outside the European Union, please visit _https://www.smartmiglobal.com/pages/privacy-policy in order to access the relevant privacy policy for your country.

The Sites, Products and any services we provide in connection with one or more of the foregoing are collectively referred to as the “Services”.

The Privacy Policy is designed with you in mind, and it is important that you have a comprehensive understanding of our personal data collection and usage practices. In the case you connect the Products to third-party platform, the third-party’s processing of data that you provide to them doesn’t apply to this Privacy Policy. Please review the privacy policy of the relevant third party for further information on their privacy practices.

In this Privacy Policy, “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

WHAT INFORMATION IS COLLECTED BY US AND HOW DO WE USE IT

HOW THE PRODUCTS AND SERVICES WORK IN GENERAL

The below information is intended to give you a brief overview of how the Products and Services work in general and how this affects the processing of your personal data (for more detailed information on which personal data we process for which purposes in context with providing the services related to the Product please view sections “TYPES OF INFORMATION COLLECTED” and “HOW THE PERSONAL DATA IS USED” below):

  • You can connect your Product to the apps installed on your terminal device. With the App or third-party platform you can control the Product remotely. In the case that you connect your Product to the App, we will collect your data directly from you; in the case you connect your Product to third-party platform, we will collect your data from relevant third-party platform, so that we could process your data for the purpose described in sections “HOW THE PERSONAL DATA IS USED” below. 
  • If you would like to only control your Product offline, you do not need an internet connection and no personal data is transferred to us in order to enable its functions. However, personal data may be transmitted to us if the Product is connected to the App or third-party platform and if you request support or for checking whether updates for your devices/software are available.
  • You can visit our Sites to learn about the Product and latest news about us. You can also log in the Sites by using your Facebook account and get product coupons from E-mail.

 

 

WHAT INFORMATION IS COLLECTED BY US AND HOW DO WE USE IT 

 

TYPES OF INFORMATION COLLECTED

When using the Product by connecting to the apps, or use our Services, we collect the following types of personal data:

 

Categories of personal data processed Personal data included in the categories Sources of the data Obligation to provide the data Storage durationThere is no statutory or contractual obligation to provide the data. it is necessary to control the Product through the apps and if the data are not provided, a remote control from apps will not be possible.

Account information

(When users log in the apps or Sites)

Nickname, profile picture, location(request weather information), email address.

Relevant third-party when you connect the Product to third-party platform, or directly from users when you connect the Product to the App.

There is no statutory or contractual obligation to provide the data. it is necessary to control the Product through the apps and if the data are not provided, a remote control from apps will not be possible.

We store these data until the purposes of processing these data specified below have been achieved. This means that we delete this data once your account or such data is deleted by you.

Product information

(When connecting the Product to apps)

This includes the following general information about the Product: device name, device ID, device type, model name, firmware version of your device. Besides, Product information also include the specific types of information that each kind of device collects according to its function, please refer to [https://www.smartmiglobal.com/pages/privacy-policy] for more details.

Relevant third-party when you connect the Product to third-party platform, or directly from users when you connect the Product to the App.

There is no statutory or contractual obligation to provide the data. However, it is necessary to control the Product through the apps. If the data are not provided, the user may not enjoy the remote control function.

We store these data until the purposes of processing these data specified below have been achieved. This means that we delete this data once your account or such data is deleted by you.

Information related to the handheld device

(Only When connecting the Product to the App)

This includes the following information from the device(s) on which you installed App: IMEI number, Device ID, OAID, ANDROID_ID, version of your operating system, App version number, manufacturing information about your device, model name, network operator

Users

There is no statutory or contractual obligation to provide the data. However, it is necessary to control the Product through the apps. If the data are not provided, the user may not enjoy the remote control function.

We store these data until the purposes of processing these data specified below have been achieved. This means that we delete this data once your account or such data is deleted by you.

Product settings and usage information

(When connecting the Product to apps)

This includes the following general information: settings for time zone, location, Automation & Scene settings information (including automation and scene name, condition and action list, effective time period setting, execution result notification setting, settings that enable or disable automation),  consumables information (including usage time, remaining life of consumables).

Relevant third-party when you connect the Product to third-party platform, or directly from users when you connect the Product to the App.

There is no statutory or contractual obligation to provide the data. However, it is necessary to control the Product through the App. If the data are not provided, the user may not enjoy the remote control function.

We store these data until the purposes of processing these data specified below have been achieved. This means that we delete this data once your account or such data is deleted by you.

Log information

(When connecting the Product to apps)

1. IP address, network request information, temporary messaging history, standard system logs, and crash information.

2. Automation and scene execution logs, condition and action list.

3. Product log.

Relevant third-party when you connect the Product to third-party platform, or directly from users when you connect the Product to the App.

There is no statutory or contractual obligation to provide the data. However, it is necessary to control the Product through the apps. If the data are not provided, the user may not enjoy the remote control function.

We store these data until the purposes of processing these data specified below have been achieved. This means that we delete this data once your account or such data is deleted by you.

Network information

(When connecting the Product to apps)

Wi-Fi connection mode (LAN or remote), IP address, the name of the connected Wi-Fi network, Wi-Fi signal strength (i.e., RSSI), MAC address of the device

Relevant third-party when you connect the Product to third-party platform, or directly from users when you connect the Product to the App.

There is no statutory or contractual obligation to provide the data. However, it is necessary to control the Product through the App. If the data are not provided, the user may not enjoy the remote control function.

We store these data until the purposes of processing these data specified below have been achieved. This means that we delete this data once your account or such data is deleted by you.

Feedback information

(When connecting the Product to apps)

The code, type and time of device errors, contact information, feedback information, error logs.

Relevant third-party when you connect the Product to third-party platform, or directly from users when you connect the Product to the App.

There is no statutory or contractual obligation to provide the data. However, the data are necessary for troubleshooting and providing support to you. If the data are not provided, identifying and correcting faults in your Product may be affected and we cannot consider your feedback or provide support to you.

We store these data until the purposes of processing these data specified below have been achieved. This means that we delete this data once your account or such data is deleted by you.

HOW THE PERSONAL DATA IS USED

We process the above (categories of) personal data for the following purposes:

Purpose of processing the personal data Categories of personal data processed Legal basis and, where applicable, legitimate interests Recipient

Provide function and services of the Product to users.

This include performing Product function, allowing user to create an account and to log into the App in order to remotely control smart home devices, keeping the Product functioning properly, getting the Product connected to  user’s Account, executing automated workflows set by the user.

Account information,

Product information,

information related to the handheld device

Product settings and usage information,

Log information

Network information

Article 6 paragraph 1 point (b) of the GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract).

Tuya Inc.

(only applies to Account information and Product information)

Xiaomi Inc.

(only applies to Account information and Product information)

After-sales and customer support services upon the user’s request:

This includes communicating with user about their Product, customer inquiry support, troubleshooting and repairing

Account information

Product information,

information related to the handheld device

Product settings and usage information,

Log information

Feedback information

Article 6 paragraph 1 point (b) of the GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract).

/

INTERNATIONAL TRANSFERS & WITH WHOM WE SHARE YOUR INFORMATION 

 

We do not sell any personal data to third parties.

We disclose your personal data to certain third parties for certain purposes as described above. You should know that when we share your personal data with a third party service provider, we will contractually specify that the third party is subject to practices and obligations to comply with applicable local data protection laws. We will contractually ensure compliance by any third party service providers with the privacy standards that apply to them in your home jurisdiction.

Below you could find further information on the above mentioned recipients and on any transfers of your personal data out of the EU to us and to any recipients:

 

Recipient

Recipient’s role

Recipient’s location

Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations 

Processing by us, Smartmi, as a “controller”:

In order to provide our services to you, we generally automatically process all personal data which we receive from you on a server that is located in the EU. Therefore, under regular operations, none of your data will be transferred to our offices in China.

There is no adequacy decision by the EU Commission for China.

We only transfer personal data to China or access personal data from China to the extent you have given your express consent to the proposed data transfer (point (a) of Article 49 paragraph 1 of the GDPR) or this is necessary to perform the contract with you (point (b) of Article 49 paragraph 1 of the GDPR).

Furthermore, as we offer our services to you in the EU, we are directly bound to the strict GDPR-requirements (point (a) of Article 3 paragraph (2) of the GDPR) and will ensure protection of your personal data according to GDPR-standards.

Tuya Inc.

Controller

Please refer to Tuya’s Privacy Policy for the collection and use of users' personal information

People’s Republic of China

The server that receive and store user’s personal information is located within the EU . 

Agreement on the basis of approved EU standard contractual clauses per GDPR Art. 46.

Not applicable because there is no transfer to third countries outside the EU.

Xiaomi Inc.

Controller

People’s Republic of China

The server that receive

and store user’s personal

information is located within

the EU.

Not applicable because there is no transfer to third countries outside the EU.

RETENTION POLICY

 

Personal data will be held for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. We shall cease to retain personal data, or remove the means by which the personal data can be associated with particular individuals, as soon as it is reasonable to assume that the purpose for which that personal data was collected is no longer being served by retention of the personal data. If further processing is for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes according to the applicable laws, the data can be further retained by Smartmi even if the further processing is incompatible with original purposes.

In the section “TYPES OF INFORMATION COLLECTED” above, we inform you in detail about the storage duration of each category of your personal data which we process.

All the personal data except [device use time, filter remaining] information on the Product will be erased when you reset your Product to factory default settings. To implement a hard-reset function, [you can press “mode switch” button and “power” button at the same time for 10 seconds]  Beware that hard-reset can’t be undone, so you have to make sure that you don’t need the information any more. You can also delete all of your data recorded on the server and all account information by revoking your authorization on the App.

 

YOU HAVE CONTROL OVER YOUR INFORMATION

 

CONTROLLING SETTINGS

Smartmi recognizes that privacy concerns differ from person to person. Therefore, we provide examples of ways Smartmi makes available for you to choose to restrict the collection, use, disclosure or processing of your personal data and control your privacy settings:

  • Bind/Unbind Product to Account of apps;
  • Log in and out of the Account;
  • Perform factory reset to erase the data on the Product.

If you have previously agreed to us using your personal data for the abovementioned purposes, you may change your mind at any time by writing or emailing us at [privacy@smartmiglobal.com].

YOUR RIGHTS TO CONTROL OR PROTECT YOUR PERSONAL DATA

  • Right of access

As a data subject, you have a right to obtain access and information under the conditions provided in Article 15 of the GDPR.

This means in particular that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Article 15 paragraph 1 of the GDPR. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed (Article 15 paragraph 1 points (a), (b) and (c) of the GDPR).

You can find the full extent of your right to access and information in Article 15 of the GDPR, which can be accessed using the following link: https://gdpr.eu/tag/gdpr/

Note: You can access your account information and some Product-related information yourself in the apps. For any further access requests, please contact us at [privacy@smartmiglobal.com].

  • Right to rectification

As a data subject, you have the right to rectification under the conditions provided in Article 16 of the GDPR.

This means in particular that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data.

You can find the full extent of your right to rectification in Article 16 of the GDPR, which can be accessed using the following link: https://gdpr.eu/tag/gdpr/

Note: You can correct your account information and some device-related information yourself in the apps. For any further correction requests, please contact us at [privacy@smartmiglobal.com].

  • Right to erasure (“right to be forgotten”)

As a data subject, you have a right to erasure (“right to be forgotten”) under the conditions provided in Article 17 of the GDPR.

This means that you have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Article 17 paragraph 1 of the GDPR applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Article 17 paragraph 1 point (a) of the GDPR).

If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Article 17 paragraph 2 of the GDPR). 

The right to erasure (“right to be forgotten”) does not apply if the processing is necessary for one of the reasons listed in Article 17 paragraph 3 of the GDPR. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (Article 17 paragraph 3 points (b) and (e) of the GDPR).

You can find the full extent of your right to erasure (“right to be forgotten”) in Article 17 of the GDPR, which can be accessed using the following link: https://gdpr.eu/tag/gdpr/

  • Right to restriction of processing 

As a data subject, you have a right to restriction of processing under the conditions provided in Article 18 of the GDPR.

This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Article 18 paragraph 1 of the GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (Article 18 paragraph 1 point (a) of the GDPR).

Restriction means that stored personal data are marked with the goal of restricting their future processing (Article 4 paragraph 3 of the GDPR).

You can find the full extent of your right to restriction of processing in Article 18 of the GDPR, which can be accessed using the following link: https://gdpr.eu/tag/gdpr/

  • Right to data portability

As a data subject, you have a right to data portability under the conditions provided in Article 20 of the GDPR.

This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the GDPR or on a contract pursuant to Article 6 paragraph 1 point (b) of the GDPR and the processing is carried out by automated means (Article 20 paragraph 1 of the GDPR).

You can find information as to whether an instance of processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the GDPR or on a contract pursuant to Article 6 paragraph 1 point (b) of the GDPR in the information regarding the legal basis of processing in Section “HOW THE PERSONAL DATA IS USED” of this Privacy Policy.

In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Article 20 paragraph 2 of the GDPR).

You can find the full extent of your right to data portability in Article 20 of the GDPR, which can be accessed using the following link: https://gdpr.eu/tag/gdpr/

  • Right to object 

As a data subject, you have a right to object under the conditions provided in Article 21 of the GDPR.

At the latest in our first communication with you, we expressly inform you of your right, as a data subject, to object.

More detailed information on this is given below:

    • Right to object on grounds relating to the particular situation of the data subject

As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 paragraph 1 point (e) or (f), including profiling based on those provisions.

You can find information as to whether an instance of processing is based on Article 6 paragraph 1 point (e) or (f) of the GDPR in the information regarding the legal basis of processing in Section “HOW THE PERSONAL DATA IS USED” of this Privacy Policy.

In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

    • Right to object to direct marketing

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You can find information as to whether and to what extent personal data are processed for direct marketing purposes in the information regarding the legal basis of processing in Section “HOW THE PERSONAL DATA IS USED” of this Privacy Policy.

If you object to processing for direct marketing purposes, we no longer process your personal data for these purposes.

You can find the full extent of your right to objection in Article 21 of the GDPR, which can be accessed using the following link: https://gdpr.eu/tag/gdpr/

  • Right to withdraw consent

Where an instance of processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the GDPR, as a data subject, you have the right, pursuant to Article 7 paragraph 3 of the GDPR, to withdraw your consent at any time. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.

You can find information as to whether an instance of processing is based on Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the GDPR in the information regarding the legal basis of processing in Section “HOW THE PERSONAL DATA IS USED” of this Privacy Policy.

  • Right to lodge a complaint with a supervisory authority

As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in Article 77 of the GDPR, which can be accessed using the following link: https://gdpr.eu/tag/gdpr/

You may find the contact details of your local supervisory authority in EU member states on the website of the European Data Protection Board: https://edpb.europa.eu/about-edpb/board/members_en

You may exert your above-mentioned rights by contacting us at [privacy@smartmiglobal.com] and we will respond to your request within timeframe set out under your applicable data protection laws. 

 

MISCELLANEOUS

 

MINORS

We consider it the responsibility of parents to monitor their children’s use of our products and services. Nevertheless, it is our policy not to require personal data from minors or offer to send any promotional materials to persons in that category.

Smartmi does not seek or intend to seek to receive any personal data from minors. Should a parent or guardian have reasons to believe that a minor has provided Smartmi with personal data without their prior consent, please contact us to ensure that the personal data is removed and the minor unsubscribes from any of the applicable our services.

UPDATES TO THE PRIVACY POLICY

We keep our Privacy Policy under regular review and may update this Privacy Policy to reflect changes to our data practices. If we make material changes to our Privacy Policy, we will notify you by email (sent to the e-mail address specified in your account) or post the changes on all the Smartmi official websites or through the App, so that you may be aware of the information we collect and how we use it. Such changes to our Privacy Policy shall apply from the effective date as set out in the notice or on the website. We encourage you to periodically review this page for the latest information on our privacy practices.

 

DO I HAVE TO AGREE TO ANY THIRD PARTY TERMS AND CONDITIONS?

 

Our Privacy Policy does not apply to products and services offered by a third party. Product and Service of Smartmi may include third parties’ products, services and links to third parties’ websites. When you use such products or services, they may collect your information too. For this reason, we strongly suggest that you read the third party’s privacy policy as you have taken time to read ours. We are not responsible for and cannot control how third parties use personal data which they collect from you. Our Privacy Policy does not apply to other sites linked from our services.

 

DATA PROTECTION OFFICER & REPRESENTATIVE

 

We have set up a Data Protection Officer (DPO) in charge the data protection, and the contact of DPO is [liupengfei@smartmiglobal.com]; 

We also appointed a representative in the EU, and the contact of the representative is [representative.smartmi@herrero.es]

 

CONTACT US 

 

If you have any comments or questions about this Privacy Policy or any questions relating to Smartmi’s collection, use or disclosure of your personal data, please contact us at the address below referencing “Privacy Policy”:

Beijing Smartmi Technology Co.,Ltd.

Address: Room 6, Building A, shunshijiaye pioneer park, No.66 Zhufang road, Haidian distr, Beijing, China

Email: privacy@smartmiglobal.com

 

Privacy policy/EU GDPR in other languages: