ZTE SCP Product Privacy Policy V1.2
Last updated on: June 1, 2022
Effective from: June 30, 2022
What's new:
1. Added contents about personal information processing.
This Policy applies only to ZTE’s Smart Cloud Platform (SCP) products and services, as well as the third-party applications or services connected to them, that display or refer to this Policy. ZTE’s SCP products and services include routers, Optical Network Units (ONUs), the ZLife app, and services. If a third-party application or service has its own privacy policy, that policy takes precedence. For contents not covered by the privacy policy of the third-party application or service, this Policy shall be applied.
If you have any questions, comments or suggestions, please contact us through the following means:
E-mail: Privacy@zte.com.cn
Company name: ZTE Corporation
Registered address: No. 55, Hi-tech Road South, Shenzhen, P.R. China
ZTE is well aware of the importance of personal information to you, and does everything we can to ensure the security and reliability of your personal information. We are committed to maintaining your trust in us and abide by the following principles to protect your personal information: the principle of consistent rights and responsibilities, the principle of clear purposes, the principle of choice and consent, the principle of minimum sufficiency, the principle of ensuring security, the principle of subject participation, the principle of openness and transparency, etc. We adopt appropriate security protection measures to protect your personal information in accordance with the mature security standards of the industry.
Please read carefully this Policy before using our products or services.
This Policy will help you understand the following contents:
|
1. |
How we collect and use your personal data. |
|
2. |
How we use cookies and similar technologies. |
|
3. |
How we share, transfer and disclose your personal data. |
|
4. |
How we protect your personal data. |
|
5. |
How you can exercise your rights. |
|
6. |
How we process children's personal data. |
|
7. |
How your personal data is transferred globally. |
|
8. |
How this Policy is updated. |
|
9. |
How you can contact us. |
I. How We Collect and Use Your Personal Data
Personal data refers to various information recorded electronically or in other ways that is related to an identified or identifiable natural person. Personal data does not include anonymized information. Sensitive personal information refers to personal information that, once leaked or used illegally, may harm the dignity or endanger the personal or property safety of a natural person. Such data includes biometric information, financial accounts opened with specific identities, and itineraries, as well as personal information of children under a certain age. (In this Policy, sensitive personal information will be marked in bold.) ZTE will collect and use your personal information only for the purposes described in this Policy.
Basic Function 1: Creating an Account and Associating Your Device with It
You can use the ZLife app only after registering an account in the app. To create and use the ZLife account, you need to provide your personal e-mail account.
To better use your device, you need to associate it with the ZLife account. When the device is associated, the ZLife app will collect information related to it, including its model, SN, and online status.
The above information will be sent to and saved on the SCP server in Hong Kong. The personal data mentioned above is encrypted and used for real-time exchange, but will not be stored.
Basic Function 2: Logging the Device into and Associating It with the ZLife App
When the device logs into and associate with the ZLife app, we will collect the web login account and password so that you can log in automatically the next time when you use the app.
The above personal data is stored from when the account is created to when the account is cancelled.
Basic Function 3: Network Settings
Wi-Fi settings: When you use the ZLife app to configure the Wi-Fi of your device, we need to collect your SSID and password. The personal data mentioned above is encrypted and used for real-time exchange, but will not be stored.
WAN connection settings: When you use the ZLife app to configure the WAN connection of your device, we need to collect your PPPoE account information. The personal data mentioned above is encrypted and used for real-time exchange, but will not be stored.
QR code scanning: When you use the ZLife app to scan the QR code of the device, we need the camera permission. You can grant the camera permission and then use this function to scan the QR code.
Automatic Wi-Fi connection: When you use the automatic Wi-Fi connection function of the ZLife app (for example, Wi-Fi is automatically connected after the QR code is scanned or after the SSID and password are changed), we need the location permission of your device. You can use this function after granting the location permission. During this process, we will not collect any location information.
Basic Function 4: Device Information Display
For the general router information display function of the ZLife app, we need to collect the MAC address, external IP address, Sequence Number (SN), and SSID. The above personal data is stored from when the account is created to when the account is cancelled.
For the ZLife app to display the information of the devices connected to the router, we need to collect their intranet IP addresses, MAC addresses, device names, Internet traffic volumes, Internet access durations, and Internet access rates. The above personal data is stored from when the account is created to when the account is cancelled.
Optional Function 1: Parental Controls
When you use the parental controls function of the ZLife app, we need to collect the MAC address, intranet IP address, and URL configuration rule of the devices connected to the router. The above personal data is stored from when the account is created to when the account is cancelled.
Optional Function 2: Guest Wi-Fi
When you use the ZLife app to configure the guest Wi-Fi function, we need to collect the visitor's SSID, password, and access duration. The above personal data is stored from when the account is created to when the account is cancelled.
ZTE will not process your personal information to generate new personal information. When using your personal information for purposes not specified in this Policy, or for purposes contrary to the purposes approved by you in advance, we will seek your prior consent. For example, we will display an update by means of pop-ups or bold fonts, and you may choose to accept or reject the update. You can revoke your consent at any time in accordance with the law, but this may restrict your use of the functions or services.
You are fully aware that, in accordance with applicable laws, we do not need your permission to collect and use personal information under the following circumstances:
|
(1) |
Any data processing related to national security or national defense. |
|
(2) |
Any data processing related to public security, public health, or major public interests. |
|
(3) |
Any data processing related to criminal investigation, prosecution, trial, enforcement of judgments, or other legal processes. |
|
(4) |
Any information processing that is critical for protecting vital interests of the subject of personal information or other individuals. |
|
(5) |
Any data processing necessary for lawful news reports. |
|
(6) |
Any data processing necessary for maintaining the safe and stable operation of the products and/or services provided, such as for discovering and handling products and/or service failures. |
|
(7) |
Any data processing necessary for us to comply with the applicable laws and regulations. |
II. How We Use Cookies and Similar Technologies
(I) Cookies
The ZTE SCP and the ZLife app will not use cookies and similar technologies to record or track your behavior information.
III. How We Share, Transfer and Disclose Your Personal Data
In order to ensure the security of your personal information, we will follow the principle of minimization when sharing, transferring or disclosing your personal information.
For companies, organizations and individuals with whom we share personal information, we will take organizational and technical measures in accordance with the local laws and regulations. In addition, we will require them to process your personal information in strict compliance with our security standards, this Policy, and related confidentiality and security regulations.
(I) Sharing
We will not share your personal information with any company, organization or individual other than ZTE Corporation and its subsidiaries, except under the following circumstances:
|
1. |
After obtaining your express consent, we will share your personal data with other parties. |
|
2. |
We may share your personal data in accordance with laws and regulations or mandatory requirements of regulatory authorities. |
We will sign strict confidentiality agreements with all the companies, organizations and individuals with whom we share your personal data. In addition, we will require them to process your personal data in strict compliance with our management requirements, this Policy, and any other related confidentiality and security measures.
(II) Transfer
We will not transfer your personal data to any company, organization or individual, except under the following circumstances:
|
1. |
After obtaining your express consent, we will transfer your personal data to other parties. |
|
2. |
In case of a merger, acquisition, or bankruptcy liquidation, if personal data transfer is involved, we will require the new company or organization that holds your personal data to continue to be subject to this Policy. Otherwise, we will require the company or organization to re-request your permission. |
(III) Public disclosure
We will disclose your personal data only under the following circumstances:
|
1. |
After we obtain your express consent. |
|
2. |
As required by laws, legal procedures, litigations or regulatory authorities. |
IV. How We Protect Your Personal Data
(I) We have used security protection measures in line with industry standards to protect your personal information against unauthorized access, leakage, tampering, and loss. We will take reasonable and feasible measures to protect your personal information.
(II) Our data security capabilities:
We are always committed to protecting the security of your personal information.
We protect your personal information against unauthorized access, leakage, tampering, loss, and other forms of illegal processing by taking various security measures, such as installing access control systems and monitoring systems; performing data encryption, anonymization and pseudonymization; and conducting employee trainings.
We have developed a business continuity plan to ensure that services can be continuously provided. Our information security policies and procedures are designed strictly in accordance with international standards, reviewed and updated regularly, and regularly audited by third parties to ensure the effectiveness of the security management architecture and security measures. ZTE Corporation and some of its subsidiaries have passed the ISO27001 information security certification and is able to protect your personal information. In the event of personal information leakage, we will activate an emergency response plan, take effective measures to prevent the situation from escalating, and notify relevant regulatory authorities and you in a timely manner.
(III) We will take reasonable and feasible measures to ensure that irrelevant personal information is not collected. We will only retain your personal information for the period required to achieve the purposes stated in this Policy, unless it is necessary to extend the retention period or the extension is permitted by law.
(IV) The Internet is not absolutely secure, and most communications such as email and instant messaging are not encrypted. It is strongly recommended that you do not send personal information through these methods. Please use a complex password to help us keep your account secure.
(V) We will regularly update and disclose relevant contents of such reports as security risk reports and personal information protection impact assessment reports. If our personal information protection impact assessment reports are to affect your personal information-related rights, we will proactively disclose the security risks. To obtain the full reports, you can contact us through the following means:
E-mail: Privacy@zte.com.cn
(VI) The Internet environment is not 100% secure, and we will do our best to ensure the security of any information you send to us. If our physical, technical, or management and protection facilities are damaged, resulting in unauthorized access, leakage, tampering or loss to your personal information, and damage to your legitimate rights and interests, we will assume the corresponding legal responsibilities.
(VII) In the event of a personal information security incident, we will promptly inform you of the following information in accordance with laws and regulations: the basic information and possible impacts of the incident, the remedial measures that we have taken or will take, the mitigating measures you can take on your own, remedies for you, and our contact information. We will promptly inform you of the incident by email, letter, phone call, push notification, etc. If it is difficult to inform the subjects of personal information one by one, we will release an announcement in a reasonable and effective manner.
In addition, we will proactively report the handling of personal information security incidents in accordance with the requirements of the regulatory authorities.
V. Your Rights
In accordance with the laws, regulations and standards generally adopted in the industry as well as the common practices of specific countries and regions related to the protection of personal information, we guarantee that you exercise the following rights with respect to your personal information:
(I) Accessing your personal information
You have the right to access your personal data, unless otherwise prohibited by laws and regulations. If you want to exercise your right to access data, you can access the following information through the ZLife Lite app or by other means:
(1) Personal account
(2) Device information
(3) Other personal data: data generated during the use of the ZLife app, such as Internet settings.
Personal data you cannot access: For some of your personal data, we cannot provide access services. Such data is mainly your device information collected to improve user experience and ensure transaction security, as well as your personal data generated when you use additional functions. The above information will be used within the scope of your authorization, and you cannot access it. You can send an email to privacy@zte.com.cn, and we will respond to your request as soon as possible within the time limit specified by laws and regulations.
(II) Modifying and supplementing your personal information
By accessing the ZLife app, you can modify your personal data such as the username and password of your account as well as the Internet settings.
Personal data you cannot modify: For some of your personal data, we cannot provide modification services. Such data is mainly your device information collected to improve user experience and ensure transaction security, as well as your personal data generated when you use additional functions. The above information will be used within the scope of your authorization, and you cannot modify it. You can send an email to SmartZTE@zte.com.cn, and we will respond to your request as soon as possible within the time limit specified by laws and regulations.
(III) Deleting your personal information
You can delete your personal information if:
|
1. |
The ways we process personal information violate relevant laws and regulations. |
|
2. |
2. The ways we process personal information violate this Policy. |
|
3. |
The personal information processing purposes specified in this Policy have been achieved or cannot be achieved, or the relevant personal information is no longer necessary for achieving the processing purposes. |
|
4. |
You no longer use our products or services, or you have cancelled your account. |
|
5. |
You have changed the scope of your authorization; therefore, we no longer have the right to process your information. |
|
6. |
We no longer provide you with products or services, or the information retention period has expired. |
You can delete your personal information in the following way:
You can use the ZLife app to delete the personal information generated during the use of ZTE SCP products and services. The ZTE SCP will delete the corresponding data according to your request.
Once you successfully delete your personal information, we will also notify the entities that receive your personal information from us and request them to remove your information in a timely manner, unless such circumstances are otherwise governed by laws and regulations or those entities have been granted a separate authorization from you. After you delete the information on you own or with our assistance, due to the limitations of applicable laws and regulations and security technologies, we may not immediately delete the corresponding information from our backup system. We will store your personal information securely and limit its further processing, and delete it when the backup is updated.
(IV) Changing the scope of your authorization
The performance of every service function requires some basic personal data (see Chapter I “How We Collect and Use Your Personal Data”). You can always grant or revoke your authorization for the collection and use of your personal data, but revoking your authorization may restrict your use of functions or services.
You can perform the following operations to change the scope of your authorization:
The ZLife app obtains the camera and location permissions of the mobile phone to ensure that the functions of the app are properly performed. You can disable the permissions in "Settings - Privacy" in your mobile phone, but this will affect the related functions of the app. Different mobile phone models have different settings paths. Please check the user guide of your mobile phone.
If you cannot revoke your authorization in this way, you can send an e-mail to SmartZTE@zte.com.cn. We will respond to your request as soon as possible within the time limit specified by laws and regulations.
Please understand that fulfilling every service function requires some basic personal information. After you revoke your authorization, we will be unable to continue to provide you with the services corresponding to your revoked authorization. If the information is necessary for us to perform our obligations under laws and regulations or to provide our main services, revoking your authorization for the information may make us unable to respond to your requests or may affect your use of our services. After you revoke your authorization, we will no longer process the corresponding personal information, but your decision to revoke your authorization will not affect the previous processing of your personal information performed on the basis of your authorization.
(V) Canceling your account
You can cancel your account through the cancellation function of the ZLife app. When your account is canceled, your registration information will be deleted. After your account is canceled, the ZLife app will stop providing services to you and delete your personal information, unless otherwise specified by laws and regulations.
(VI) Responding to your requests
If your request cannot be fulfilled through the above methods, you can send an e-mail to privacy@zte.com.cn or request a response from our data subject rights response system at pdsr.zte.com.cn. We will respond to your request within 30 days.
To ensure the security of your personal data, you may be required to submit a written request or otherwise prove your identity. We may ask you to verify your identity before we can process your request. We will reply within 30 days.
For your reasonable requests, we do not charge fees, but for repeated requests that exceed reasonable limits, we may charge a certain cost depending on the circumstances. We may reject requests that are unreasonably repeated, require many technical measures such as developing new systems or fundamentally changing current practices, bring risks to other people's legitimate rights and interests, or are very impractical (for example, the request involves information stored on backup tapes).
In accordance with laws and regulations, we will not be able to respond to your request under the following circumstances:
|
1. |
The personal information is directly related to national security or national defense. |
|
2. |
The personal information is directly related to public security, public health, or major public interests. |
|
3. |
The personal information is directed related to criminal investigation, prosecution, trial, enforcement of judgments, etc. |
|
4. |
There is sufficient evidence that you have subjective malice or are abusing your rights. |
|
5. |
Responding to your request will cause serious damage to the legal rights and interests of you, other individuals or organizations. |
|
6. |
The personal information involves business secrets. |
VI. How We Process Children's Personal Data
Our products and services are mainly for adults. If you are a child, please ask your parents or guardians to read this Policy carefully, and create your own user account or provide information to us with the consent of your parents or guardians.
Although local laws and customs have different definitions of children, we consider anyone under the age of 14 to be a child. After children's personal information is collected with the consent of parents or guardians, we will use or disclose the information only with the express consent of parents or guardians or when the information is needed to protect children. If we find that children's personal information has been collected without prior verifiable consent of parents or guardians, we will delete the relevant data as soon as possible.
VII. How Your Personal Data Is Transferred Globally
When you register an account in the ZLife app and bind a device to the account, we will collect your personal e-mail account and device information including the model, SN, and online status of the device. These information will be stored on the SCP server in Hong Kong. In such cases, we will take appropriate security measures to ensure that your personal data is protected. For example, we will implement security measures such as risk assessment and data de-identification before cross-border data transfer.
VIII. How This Policy is Updated
We may update this Policy from time to time.
We will not reduce your rights under this Policy without your express consent.
We will post any changes to this Policy on this page. For major changes, we will also provide more noticeable notifications. (For certain services, we will send notifications by email to explain the specific changes to the Privacy Policy.) After that, we will obtain your consent again in accordance with applicable laws and regulations .
The major changes referred to in this Policy include but are not limited to:
|
1. |
Our service model has undergone major changes, such as changes to the purpose of processing personal information, to the type of personal information processed, and to how personal information is processed. |
|
2. |
Our ownership structure, organizational structure, etc. have undergone major changes, such as ownership changes caused by business adjustments, bankruptcies and mergers. |
|
3. |
The major objects of the sharing, transfer, or disclosure of personal information have changed. |
|
4. |
Your right to participate in the processing of personal information and the way you exercise the right have undergone major changes. |
|
5. |
Our department responsible for handling personal information security, our relevant contact information, and our relevant complaint channels have changed. |
|
6. |
The personal information security impact assessment report indicates that there is a high risk. |
We will also archive the old versions of this Policy for your reference.
IX. How You Can Contact Us
We have established the Data Protection Compliance Dept. for the sole purpose of protecting personal information. If you have any questions, comments or suggestions about this Policy, please send an email to Privacy@zte.com.cn. We will reply within 15 days.
In addition, you can send a letter to the Data Protection Compliance Dept.
Recipient: Data Protection Compliance Dept.
Address: No. 55, Hi-tech Road South, Shenzhen, P.R. China
Postcode: 518057
If you are not satisfied with our reply, especially if our processing of your personal information has harmed your legitimate rights and interests, you can also contact your local authorities responsible for data protection or seek legal redress.