Privacy Policy

Updated:Jul. 12th , 2023

ZTE Corporation and its subsidiaries (collectively, “ZTE”, “us”, “We” and “our”) respect your privacy and take the security of your personal information very seriously. We may collect and use your personal information when you use our products and/or services based on your consent, contract relationship, legitimate interest or other applicable legal ground. Privacy Policy for ZTE Terminal (hereinafter referred to as “this Policy”) describes how we collect, use, store, share and transfer your personal information, and the ways we provide for you to access, update, delete, and protect your personal information. 

If you have any questions, comments, or suggestions, please contact us through the following means:

Hotline:【001-877-817-1759】

E-mail: [email protected]

Company Name: ZTE Corporation

Registered Address: ZTE Building, No. 55, Hi-Tech Road South, Nanshan District, Shenzhen, P.R. China

ZTE understands the importance of personal information to you, and will make every effort to ensure the security and reliability of your personal information. We are committed to maintaining your trust in us and abiding by the following principles to protect your personal information: consistency of authority and responsibility, clear purpose, selection of consent, minimum sufficiency, security, subject participation,  openness and transparency. Meanwhile, ZTE promises to take appropriate security measures to protect your personal information in accordance with well-established security standards in the industry.

Please read and understand this Privacy Policy carefully before using our products or services.

 

This policy helps you understand the following:

I. How we collect and use your personal information

II. How we use cookies and similar technologies

III. How we share, transfer, and disclose your personal information

IV. How we protect your personal information

V. Your rights

VI. How we process the personal information of children

VII.How to transfer your personal information around the world

VIII.GDPR-Specific Provisions

IX.Notice to California Consumers

X.How to update this policy

XI.Contact us

 

I. How we collect and use your personal information

Personal information refers to the information that is recorded electronically or in other ways and that can be used independently or in conjunction with other information to identify a specific natural person or reflect the activities of a specific natural person. When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.

Personal Information Collected by ZTE:

1. Registration information.

You need to register an account to enjoy certain functions or services. When you register or log in with an account to shop online, we will ask you to provide relevant personal data. To complete the account creation, you need to provide the following information: e-mail address and password. If you forget the password, you can enter the email and reset the password through the connection in the email. You can view the basic information (email, default address, latest order) on the user info page and you can add, modify, or delete your addresses on the user address page..

The above information will be stored on Shopify's servers, European data will be stored in Ireland, and the rest will be stored in North America. The data will be retained until the personal account is cancelled.

2. Order information

If you order a product or paid service from us, we may ask for your name, shipping address, credit card number, email address, billing address to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations. Your bank information will improve our loss prevention and anti-fraud plans.You can view your order information (payment time, order number, purchase amount, delivery address, consignee, logistics information) on My Orders page.

The above information will be stored on Shopify's servers, European data will be stored in Ireland, and the rest will be stored in North America. The data will be retained until the personal account is cancelled.

3. Customer support information

To provide responses when you contact Customer Service, we may need information to verify your identify and the product you’re inquiring about. You need to provide:your name, e-mail address, phone number, contact subject and relevant information such as fault description necessary for the after-sales service.

The above information will be stored on Shopify's servers, European data will be stored in Ireland, and the rest will be stored in North America. The data will be retained until the personal account is cancelled.

4. Comment information

After purchasing our products or services, you may leave a message in the comment area. We will collect and display the message publicly in the comment area.

The above information will be stored on Shopify's servers, European data will be stored in Ireland, and the rest will be stored in North America. The data will be retained until the personal account is cancelled.

5. Mobile network information

We automatically receive the user's IP address to redirect to the local sub-site. We will also automatically collect your browser and operating system information to help us better provide the adapted pages.

The above information will not be stored.

6. Behavioral data

We collect the data include statistics on website visits, keyword search, the user access paths and real-time purchaseing updates based on user shopping behavior( add or delete items in shopping cart). ZTE will collect statistics information to understand the types of people who use our services and how people interact with our websites. By doing so, we can improve our services to better meet your requirements and continuously optimize our advertising algorithms and other marketing activities.

The above information will be stored on the servers of Shopify and related third party service providers, European data will be stored in Ireland, and the rest will be stored in North America. The above data will be retained for 2 to 4 weeks according to different application function.

7. Subscription information

We collect your email address to send you the information (with your permission) about products and services you might be interested in, invite you to ZTE promotional activities and market surveys, or send marketing information to you.When you make a purchase, we may collect your purchase time and the purchase activity at the corresponding time to generate a tag for us to better understand your needs and send the related subscription emails. If you do not want to receive such information, you can opt out at any time.

The above information will be stored on the related email servers. The European data will be stored in Europe, and the rest will be stored in North America. The data will be retained until the user cancels the subscription or the personal account is cancelled.

If we want to use the information collected for specific purposes for other purposes, we will seek your approval in advance.

II. How we use Cookies and similar technologies

1. Cookie

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

We use the following cookies to optimize your experience on our Site and to provide our services.

Cookies Necessary for the Functioning of the Store

Name Function

  1. _ab Used in connection with access to admin.
  2. _secure_session_id Used in connection with navigation through a storefront.
  3. cart Used in connection with shopping cart.
  4. cart_sig Used in connection with checkout.
  5. cart_ts Used in connection with checkout.
  6. checkout_token Used in connection with checkout.
  7. secret Used in connection with checkout.
  8. secure_customer_sig Used in connection with customer login.
  9. storefront_digest Used in connection with customer login.
  10. _shopify_u Used to facilitate updating customer account information.

 

Reporting and Analytics

Name Function

  1. _tracking_consent Tracking preferences.
  2. _landing_page Track landing pages
  3. _orig_referrer Track landing pages
  4. _s Shopify analytics.
  5. _shopify_fs Shopify analytics.
  6. _shopify_s Shopify analytics.
  7. _shopify_sa_p Shopify analytics relating to marketing & referrals.
  8. _shopify_sa_t Shopify analytics relating to marketing & referrals.
  9. _shopify_y Shopify analytics.
  10. _y Shopify analytics.

Used to facilitate updating customer account information.

Additionally, we use pixels and tags from the following third parties, which may in turn place cookies. For example:

We use Google Analytics to help us understand how our customers use the Site.

Third Party:Google Analytics

Description:We use Google Analytics to help measure how users interact with our websites.

Privacy Policy:http://www.google.com/analytics/learn/privacy.html and https://www.google.com/policies/privacy/partners/.

Third Party:Google Optimize

Description:We use Google Optimize to to help us test improvements or changes to our websites.

Privacy Policy:https://policies.google.com/privacy

Third Party:Facebook Pixel

Description:We use Facebook Pixel to allow visitors to analyze advertising effects and optimize advertising delivery.

Privacy Policy:https://www.facebook.com/policy.php

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Sharing” section below.

2. Website beacons and pixel tags

In addition to Cookies, other similar third-part technologies such as website beacons (also called pixel tags) will also be used on our website. For example, the e-mail we send you may contain a click URL linked to the content of our website. If you click this link, we will trace this click to help us understand your product or service preference and improve customer services. A website beacon is usually a transparent image embedded in a website or email. With the pixel tags in an e-mail, we can learn whether the e-mail is opened. If you do not want your activities to be tracked in this way, you can unsubscribe from our mailing list at any time.

3. Do Not Track

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

III. How we share, transfer and disclose your personal information

To ensure the security of your personal information, we shall follow the minimization principle and share, transfer, or disclose your personal information in accordance with applicable laws and requirements.

For the companies, organizations, and individuals that share personal information with us, we will take organizational and technical measures in accordance with the local laws and regulations, and require them to process personal information in accordance with our security standards, this policy, and related confidentiality and security measures.

1. Sharing

We will share your information internally within our business, but only to those who need it to further provide Services or to help with your requests.

We will also share your information in the following cases:

(1) After obtaining your explicit consent, we will share your personal information with other parties.

(2) We may share your personal information in accordance with laws and regulations or mandatory requirements of government authorities.

(3) We may share your personal information with our affiliates. We only share necessary personal information, which is subject to the purposes stated in this privacy policy. If the affiliates want to change the processing purpose of personal information, they will ask for your consent again.

(4) Share with authorized partners: Some of our services will be provided by authorized partners only for the purposes stated in this policy. We may share some of your personal information with our partners to provide better customer services and user experience.

Our authorized partners include the following 3 types:

1) Authorized partners of E-Commerce platform and Website operation service providers. 

Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).

We also share your information with our third-party website operation service providers to build and operate the websiteto and help us evaluate the effectiveness and coverage of our services.

2) Authorized partners of advertising and analyzing services.

We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners such as Google,Facebook and Mailchimp. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).

You can access the following URL to obtain the description of opting out of targeted advertising:

FACEBOOK - https://www.facebook.com/settings/?tab=ads

GOOGLE - https://www.google.com/settings/ads/anonymous

Members and Visitors who have opted in to Mailchimp marketing emails can opt out of receiving marketing emails from Mailchimp at any time by clicking the "unsubscribe" link at the bottom of the marketing messages.

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/..

3) Suppliers, service providers and other partners.

We send information to global suppliers, service providers and other partners that support our services. The support includes providing user data (email address and tag) import services, analyzing how our services are used, providing convenience for payment, providing logistics services,

In addition, our websites, products, and services may contain links to or the ability for you to access third-party websites, products, and services. We are not responsible for the privacy practices employed by those third parties, nor are we responsible for the information or content their products and services contain. This Privacy Statement applies solely to data collected by us through our products and services. We encourage you to read the privacy policies of any third party before proceeding to use their websites, products, or services.

2. Transfer

We will not transfer your personal information to any company, organization or individual except in the following cases:

(1) Transfer with express consent: After obtaining your express consent, we will transfer your personal information to other parties.

(2) If personal information transfer is involved in a merger, acquisition, or bankruptcy liquidation, we will require new companies or organizations that hold your personal information to continue to be subject to this privacy policy. Otherwise, we will require the companies or organizations to re-request authorization from you.

3. Public Disclosure

We will disclose your personal information only in the following cases:

(1) With your express consent.

(2) Disclosure based on law: We may disclose your personal information in case of law, legal procedure, litigation, mandatory requirements of government authorities.

IV. How we protect your personal information

1. We have taken the security protection measures that comply with industry standards to protect the personal information provided by you against unauthorized access, public disclosure, use, modification, damage or loss. We will take all reasonable and feasible measures to protect your personal information.

The website will meet PCI security requirements. In addition, we will do the following security protection

-Use https security protocol

-Development of ways to avoid XSS attacks

 

We use Shopify to power our online store. Shopify has obtained the SOC1/2/3 report (the industry-recognized cloud security authority certification, which can guarantee shopify's platform security). For shopping mall payment business, shopify has obtained PCI DSS payment security certification. If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

You can read more about Shopify Security Information here: https://www.shopify.com/security.

2. Our data security capabilities:

We have been committed to protecting your personal information security.

We have taken various security measures, such as access control system, monitoring system, encryption, anonymization or pseudonymisation, employee training and so forth, to protect your personal information from unauthorized access, use, disclosure, modification, damage or loss and other forms of illegal processing.

We have developed a business continuity plan to ensure that services can be provided continuously. Our information security policies and procedures are designed in strict accordance with international standards, and reviewed and updated regularly, and the effectiveness of the security management architecture and measures is ensured through regular third party security audits. ZTE Corporation and some of its subsidiaries have passed the ISO 27001 information security certification, and can effectively protect your personal information. In case of personal information leakage, we will initiate an emergency plan, take effective measures to prevent the situation from getting worse, and notify the relevant supervisory authority and you in a timely manner.

3. We will take all reasonable and feasible measures to ensure that irrelevant personal information is not collected. We will retain your personal information only for the period required to achieve the objectives specified in this policy, unless the retention period needs to be extended or is permitted by law.

4. The Internet is not absolutely secure, and most communications, such as emails and instant messaging, are not encrypted. We strongly recommend that you do not send personal information through such means. Please use a complicated password to help us ensure the security of your account.

5. We shall regularly update and publicize the contents related to reporting such as security risks , personal information security impact assessments and so forth . If we affect your personal information rights in security assessment reports, we will actively disclose security risks. You can obtain detailed report contents in the following way:

E-mail: [email protected]

6. The Internet environment is not 100 percent secure. We will do our best to ensure or guarantee the security of any information you send us. If our physical, technical or management protection facilities are damaged, which results in unauthorized access, public disclosure, tampering or damage that affects your legal rights and interests, we shall assume the corresponding legal responsibilities.

7. When personal information security incident occurs, we will inform you of the basic situation and possible impact of the security incident in a timely manner, the measures we have taken or will take, suggestions for voluntarily preventing and reducing risks, and remedial measures for you. We will inform you of the incident by email, letter, telephone or pushing notification in a timely manner. If it is difficult to inform the subjects of personal information one by one, we will release the notice in a reasonable and effective manner.

In addition, we will actively report the handling of personal information security incidents in accordance with the requirements of the regulatory department.

V. Your rights

In accordance with personal information protection laws, regulations, standards, and common practices in other countries and regions, we guarantee that you have the following rights over your personal information:

1. Access to your personal information

You have the right to access your personal information, except for exceptions as required by laws and regulations. If you want to exercise data access rights, you can access the data by yourself in the following ways:

If you want to access or edit your account's personal information and payment information, change your password, add security information, or close your account, you can access and update the details relating to the personal information in your account to perform such operations.

If you cannot access this personal information through these links/methods, or you want to access further personal information, you can send an e-mail to [email protected], or submit the request by login the data subject right response system: pdsr.zte.com.cn. We will respond to your access request within 30 days. As long as we do not need to make too many efforts, we will provide you with other personal information generated when you use our products or services.

2. Correct your personal information

When you find that your personal information processed by us is incorrect, you have the right to request us to correct it. You can apply for a correction through the methods listed in "(1) Access to your personal information". If you cannot correct this personal information through the above links, you can email [email protected] or submit the request by login the data subject right response system: pdsr.zte.com.cn at any time, we will reply to your request within 30 days.

3. Delete your personal information

You can submit a request for deleting personal information in the following cases:

(1) we violated laws and regulations.

(2) we did not obtain your consent.

(3) we violated an agreement with you.

(4) you will not use our products or services any longer, or your account is canceled.

(5) we do not provide products or services for you.

If we decide to respond to your deletion request, we will also notify the entities that obtain your personal information from us and require them to delete your personal information in a timely manner, unless required by other laws and regulations, or these entities obtain your independent authorization. After you delete information, we may not immediately delete the corresponding information in the backup system, but we will delete the information during the backup update.

4. Change the scope of your authorization

Each business function can be implemented only after some basic personal information (refer to the first part in this policy) is obtained. You may grant or withdraw your authorization at any time for the collection and use of additional personal information.

You can perform the following operations by yourself:

If you do not want to receive a commercial advertisement from us, you can cancel it by following the instructions in the “Sharing” section above at any time, such as canceling the advertisement notification authorization.

If you cannot access this personal information through these links/methods, you can send an e-mail to [email protected], or submit the request by login the data subject right response system: pdsr.zte.com.cn. We will respond to your access request within 30 days.

After you withdraw your consent, we will not process the corresponding personal information. However, your decision to withdraw your consent will not affect the previous processing of personal information based on your authorization.

5. Personal information subjects cancel accounts

If you wish to cancel the account, you can send an email to [email protected] for logout service. Cancellation may be prevented or delayed in certain circumstances, when this situation occurs, we will give you an explanation. After your account is canceled, we will stop providing you with products or services and delete your personal information as required by you, unless otherwise specified by laws and regulations.

6. Personal information subjects obtain copies of personal information

You have the right to obtain a copy of your personal information.

Under the prerequisite that the technology is feasible, for example, data interface matching, we can transmit the copy of your personal information directly to the third party specified by you.

7. Restrain Automatic decision-making of the information system

In some business functions, we may make decisions only based on non-manual automatic decision-making mechanisms such as information systems and algorithms. If these decisions have a significant impact on your legal rights and interests, you have the right to ask us for an explanation, and we will provide appropriate relief methods.

8. Respond to your above requests

To ensure security, you may need to provide a written request or prove your identity in other ways. We may ask you to verify your identity before processing your request, and we will respond within 30 days.

In principle, we do not charge for your reasonable requests, but we will charge for repeated requests that exceed a reasonable limit. We may reject requests that repeat unreasonably, require excessive technical means (for example, development of a new system or a fundamental change of current practice), and bring risks to other people's legitimate rights and interests or that are extremely impractical (for example, involving information stored on the backup tape).

We will not be able to respond to your request in accordance with laws and regulations if:

(1) The case is directly related to national security and national defense security.

(2) The case is directly related to public safety, public health, and major public interests.

(3) The case is directly related to any criminal investigation, prosecution, trial, and execution of a judgment .

(4) There is sufficient evidence that you have subjective malice or abuse of rights.

(5) Responding to your request will cause serious damage to the legal rights and interests of yours or other individuals' and organizations'.

(6) Business secrets are involved.

VI. How we process the personal information of children

Our products, websites, and services are mainly for adults.We consider it the responsibility of the parent or guardian to supervise the child's use of our services. However, we do not offer services directly to a child or use personal data of children for the purposes of marketing.

If the personal information of children is collected with the consent of their parents, we will only use or disclose this information with the permit of law, the express consent of parents or guardians or the necessary protection of children.

Although local laws and customs define children differently, we regard anyone under 14 as a child.

If we find that we have collected personal information of children without obtaining confirmed parental consent, we will try to delete the information as soon as possible.

If you are a parent or guardian and you believe that the minor has provided ZTE with personal information, please contact us at [email protected] to ensure that the personal information is removed immediately.

VII. How to transfer your personal information around the world

ZTE authorize Shopify to processes and backs up your personal information. Currently, Shopify has data centers in the United States, Canada and Ireland. For the purposes described in the Privacy Policy, your information may be transferred to these data centers in accordance with applicable law. We may also transfer remotely access to your personal information from the People's Republic of China for the purpose of providing services such as shipping delivery, after-sales services, etc. Any such transfer of personal information shall take place only in accordance with applicable law.

We will take steps designed to comply with all applicable local laws when Processing personal information, including any local law conditions and restrictions on the transfer of  personal information. We may also protect your data through other legally valid methods, including international data transfer agreements.

 

VIII. GDPR-Specific Provisions

The following provisions only apply to you if you live in Europe.

1.Legal Bases for the Processing of Personal Data

Our processing of your personal data as described in the Section "How We Collect and Use Your Personal Data" is based on the following legal grounds:

1.1 Consent: We may process your personal data with your consent. In particular, we may ask for your consent to participate in promotional activities, such as to send you promotional messages or enable you to participate in the User Experience Program and certain Services, including services through which we collect location information. You have the right not to provide consent, or to withdraw it at any time. The withdrawal of your consent does not affect the lawfulness of our use of your personal data before your withdrawal. If you have granted us consent to use your personal data, we will use it only for the purposes specified in the consent declaration. Please note that to the extent our processing is based on your consent and you deny your consent or withdraw it, we may not be able to provide the service relating thereto. Besides from that, neither the initial denial nor a withdrawal will have any negative consequences for you.

1.2 Perform or enter into a contract with you:

We rely on this legal basis in particular in the following cases:

• to provide you with ZTE's Services, process your orders or fulfil the contract between you and ZTE;

• to activate Services you have purchased, your warranty service and specific software licenses and provide notifications for software updates;

• to allow and manage your participation in prize draws, contests or similar promotional activities held by us; and

• to diagnose product issues, repair customer equipment and provide other customer care and support Services.

1.3 Compliance with a legal obligation: ZTE may be obliged to process personal data to comply with our legal obligations, for example where ZTE is required to retain data for tax law or commercial purposes.

1.4 Legitimate interests: The processing of your personal data may also be necessary for ZTE's legitimate interests. In particular, such cases may include the following:

• to conduct customer surveys to enhance your user experience;

• to analyse the customer market on the basis of the country where you use our Services, including the number of users for product marketing and promotion;

• to analyse the efficiency of our business operations;

• to analyse error logs to improve phone quality and app functions;

• to provide you with personalised Services and to recommend and display content and advertisements tailored to you through our Services;

• to communicate with you and reply to your questions or comments submitted to us by any means;

• to ensure the functionality and safety of our Services;

• to verify your identity;

• to conduct internal auditing and to prevent and investigate fraud, cybersecurity threats or other improper use;

• to enhance and develop our Services, including relevant security features, so as to improve the product usage experience, user-friendliness, operational performance, functions and design;

• to pursue or defend against legal claims.

Your personal data will only be processed on the above grounds after we have appropriately assessed and balanced our interests against your right to privacy.

2. Additional Information on Your Rights Regarding Personal Data

Subject to the legal requirements under the GDPR, you have the following rights:

The right to access: You may request access to the personal data we hold about you.

The right to rectification: If you find that the personal data we process about you is inaccurate or incomplete, you are entitled to ask us to make rectifications without undue delay and to request the completion of your personal data where appropriate.

The right to erasure: You can submit a request to us to delete personal data, and we shall have the obligation to erase it without undue delay in some circumstances – for example, if we do not have a legal reason to continue to process the personal data to the extent required by applicable laws and regulations. Please note in so far as you delete all the data that is contained in your device, this does not mean that you have deleted all data that ZTE collects and processes about you. Therefore, we encourage you to contact us (please refer to the section "Contact Us" ) to request that your personal data is deleted.

The right to restriction of processing: You have the right, in certain circumstances, to request ZTE to temporarily restrict the processing of your personal data, such as where the accuracy of that personal data is contested by you, while we verify the accuracy of that personal data. We will keep just enough data, or process such data as is necessary to ensure that we comply with your restriction request in the future.

THE RIGHT TO OBJECT: You have the right to object to any processing justified by legitimate interests based on grounds relating to your particular situation at any time. Should you decide to object to the processing of your personal data, we will stop processing personal data that concerns you, unless we can demonstrate compelling reasons for continuing to process your personal data that override your interests, rights and freedoms, or in the case that we establish, exercise or defend our legal claims. You can object to direct marketing activities at any time for any reason whatsoever.

The right to data portability: You have the right to obtain a copy of your personal data in a structured, commonly-used and machine-readable format and transmit such data to another provider or have such data transmitted to another provider under certain circumstances.

The right to withdraw consent: If you have given us your consent to process your personal data but change your mind later, you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of our use of your personal data before your withdrawal. If you want to withdraw your consent with regard to receiving promotional communications, you can unsubscribe through the method described in each promotional message. If you withdraw your consent, we may no longer be able to provide you with the corresponding Service.

The right to lodge a complaint: You have the right to lodge a complaint with a competent supervisory authority about the way we handle or process your personal data, or file a lawsuit in a court with jurisdiction. Information about how to contact your local data protection supervisory authority is available here at https://edpb.europa.eu/about-edpb/board/members_en.

 

IX.Notice to California Consumers

California consumers have the privacy rights listed below. The rights listed below under the California Consumer Privacy Act and Shine the Light are not the same. To exercise your rights, you will need to follow the directions below that are specific to each law.

California Consumer Privacy Act (“CCPA”)

Please note that the CCPA provides certain exceptions with respect to the Personal Information that we collect in connection with providing products or services to other businesses. Similarly, it does not apply to information we collect in the context of a person’s role as a job applicant, employee or contractor of ZTE. With respect to the Personal Information collected in connection with the above individuals or circumstances, you may not have any or all of the privacy rights listed below.

Collection, Use and Disclosure of Personal Information in the Past 12 Months

The CCPA requires that we make certain disclosures about our general collection, use and disclosure of Personal Information over the past 12 months. Accordingly, in the past 12 months:

· We collected the categories of Personal Information detailed in the policy of how we collect and use your personal information above.

· We did not sell Personal Information, as we understand the term “sale” in the CCPA and its implementing regulations. 

· We disclosed to the entities described in the policy of how do we share, transfer, and disclose your personal information, the following categories of Personal Information: detailed in [the policy of how we share, transfer and disclose your personal information.

You have the right to request to know more specific disclosures about your personal information as detailed under “Request to Know” below.

California Privacy Rights

You have the following privacy rights under the CCPA:

· Request to know. You have the right to request to know the following information about our practices over the past 12 months: (i) the specific pieces of Personal Information we have collected about you; (ii) the categories of Personal Information we have collected about you; (iii) the categories of sources from which we collected Personal Information about you; (iv) the categories of third parties with which we share Personal Information; (v) the categories of your Personal Information that we sold or disclosed and for each category, the categories of th ird parties to which we sold or disclosed that particular category of Personal Information; and (vi) our business or commercial purpose for collecting or selling your Personal Information.

You may exercise your right to request to know twice a year, free of charge. If we are unable to fulfill your request to know, we will let you know the reason why. Please note, in response to a request to know, we are prohibited from disclosing your Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an account password, security questions or answers, unique biometric data generated from measurements or technical analysis of human characteristics.

· Request to delete. You have the right to request that we delete the Personal Information that we have collected from you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected. If we deny your request to delete, we will let you know the reason why.

· Right to opt-out of the sale of your Personal Information. You have the right to opt out of the sale of your Personal Information. While we never exchange personal information for money or other consideration, the CCPA’s definition of “sale” is very broad and may include the use of services to deliver interest-based ads to you. We do not knowingly sell the Personal Information of minors under 13 years old without consent from the minor’s parent or guardian. We do not knowingly sell the Personal Information of minors between 13 and 16 years old without the minor’s own consent. If you do not affirmatively opt out, and you are not a minor, your Personal Information may be sold as disclosed in this privacy policy.  

· Right to non-discrimination. If you choose to exercise any of these rights, we will not discriminate against you in any way. If you exercise certain rights, understand that you may be unable to use or access certain features of the app.

To make a request to know or a request to delete, contact us at 001-877-817-1759 or send an e-mail to [email protected]. If you are an authorized agent making a request on behalf of a California resident, contact us at 001-877-817-1759 or send an e-mail to [email protected].

To opt-out of the sale of your Personal Information, contact us at 001-877-817-1759 or send an e-mail to [email protected]. If you are an authorized agent making a request on behalf of a California resident, contact us at 001-877-817-1759 or send an e-mail to [email protected].

We will take steps to verify your identity before processing your request to know or request to delete. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Information. If you have an account with us, we will use our existing account authentication practices to verify your identity. If you do not have an account with us, we may request additional information about you so that we can verify your identity. We will only use the Personal Information you provide to verify your identity and to process your request, unless you initially provided the information for another purpose.

You may use an authorized agent to submit a request to know or a request to delete. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.

Shine the Light

California consumers may also request information from us once per calendar year about any Personal Information shared with third parties for the third party’s own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information, please send an e-mail to [email protected] or contact us at 001-877-817-1759. Your inquiry must specify “Shine the Light Request” in the subject line of the email or the first line of the letter, and include your name, street address, city, state and ZIP code.

X.How to update this policy

Our privacy policy may change.

Without your express consent, we will not reduce your rights under this privacy policy.

We will release any changes to this policy on this page. For major changes, we will also provide more noticeable notifications (including notifications for some services, which will be sent via email to describe the specific changes in the privacy policy).

Major changes mentioned in this policy include but are not limited to the following situations:

1. Our service model has significantly changed. For example, the purpose of processing personal information, the type of processed personal information, and the mode of using the personal information.

2. Major changes have taken place in the ownership structure and organizational structure. Such as changes in owners caused by business adjustment or bankruptcy or mergers and acquisitions.

3. The major objects of personal information sharing, transfer, or public disclosure are changed.

4. Your right to participate in the processing of personal information and the way you exercise it have changed significantly.

5. Our responsible department for personal information security, contact method, or complaint channel have changed.

6. The personal information security impact assessment report indicates a high risk.

We will also archive the old version of this policy for your reference.

XI.Contact us

We have established a special personal information protection department – Data Protection Compliance Dept.. If you have any questions, comments, or suggestions on this privacy policy, please feel free to send an email to us at [email protected], which will be replied within 30 days.

In addition, you can send letters to the Data Protection Compliance Dept. of ZTE headquarters.

To: Data Protection Compliance Dept. of ZTE Corporation

Address: 26/F, R&D Building, No. 55, Hi-Tech Road South, Shenzhen, China (Post Code: 518057)

If you are unsatisfied with our response, especially when our personal information processing activities have damaged your legal rights and interests, you can seek solutions through the local data protection agency.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

For contact information about personal information supervisory authority in other areas, you can consult the local government. For the contact information of the European Union data protection agency, please refer to: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

TRUSTe