Version: 1.0
Update time:
Dreamsmart Infinity Hong Kong Limited. and its global affiliates (also referred to as “Dreamsmart”, “we”, “us”, or “our”) take your privacy seriously where we deal with your personal data. Personal data refers to any type of information that identifies you personally such as your name, contact details or data that can be linked with such information in order to identify you directly or indirectly (“Personal Information”).
This Privacy Policy describes our practices in connection with Personal Information that we collect from you in person and through your use of our websites (www.meizu.com/global).
Where there are local variations or additions concerning how we use your Personal Information collected from your home country, these are set out clearly in the (14. Country Specific Schedules) section of this Privacy Policy. Please treat these schedules as a part of this Privacy Policy.
QUICK GUIDE TO CONTENTS
1 HOW WE COLLECT AND USE YOUR PERSONAL INFORMATION
2 HOW WE SHARE YOUR PERSONAL INFORMATION
3 WHAT HAPPENS IF YOU DO NOT PROVIDE US WITH THE INFORMATION WE REQUEST?
4 DO WE MAKE AUTOMATED DECISIONS CONCERNING YOU?
5 DO WE TRANSFER YOUR PERSONAL INFORMATION?
6 HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
7 SECURITY
8 SENSITIVE PERSONAL INFORMATION
9 YOUR PRIVACY RIGHTS
10 CHILDREN
11 UPDATES TO THIS PRIVACY POLICY
12 CONTACTING US
13 CONFLICT
14 COUNTRY SPECIFIC SCHEDULES
1.HOW WE COLLECT AND USE YOUR PERSONAL INFORMATION
We receive Personal Information about you, either directly from you, from a third-party source or by automated collection when you use our smartphones, mobile apps and websites.
We use your Personal Information for various purposes (reasons) and our lawful basis (justification) for using your Personal Information is either “to provide a requested service or carry out a contract with you”; “where we have a legal obligation”; “ where you have given us your consent”; “where it is necessary for our legitimate interest” (this means that we have a business or commercial interest in using your Personal Information).
The tables below set out clearly how we collect and use your Personal Information. Where we have said that using or keeping your information is “necessary for our legitimate interest”, we have carried out an assessment to ensure this is not unfair to you.
Please bear in mind that if you choose not to provide information requested by us, or if you object to our use of your Personal Information where we have made it clear that this information is mandatory, we may not be able to provide you with the services you have requested or otherwise fulfil the purpose(s) for which we have asked for your Personal Information.
1.1 Personal Information that you provide to Dreamsmart
1.2 General Enquiries
1.3 Internal Business Processes
1.4 Automatically Collected Information
Please see the (14. Country Specific Schedules) of this Privacy Policy for information on how we use your Personal Information and the specific lawful basis (justification) for doing so in your country of residence.
2.HOW WE SHARE YOUR PERSONAL INFORMATION
We share and disclose, or may share or disclose your Personal Information for the following purposes:
(1) We share your Personal Information with affiliates for the purposes described in this Privacy Policy.
(2) We share your Personal Information with third parties who perform services on our behalf (and in some cases, our affiliates), to facilitate the services they provide to us. These can include consultants, providers of professional advisory services (lawyers and accountants), service providers involved in hosting, marketing technology, data analysis, payment processing, order fulfilment, infrastructure provision, IT services, customer service, email delivery, credit card processing, auditing and other similar services.
(3) We share your Personal Information if we have a duty to do so, in order to comply with (and/or where we reasonably believe we are under a duty to comply with) any legal or regulatory obligation, such as pursuant to court orders, enforcement action from regulators or law enforcement; or in order to enforce any agreement we have in place with you; or to protect the rights, property, safety, or security of us, our affiliates, you, other third parties, users of our products and services or the general public.
(4) We share your Personal Information in connection with sales or business transactions. We have a legitimate interest in disclosing or transferring your Personal Information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). Such third parties may include, for example, an acquiring entity and its advisors.
(5) We share your Personal Information to enforce our terms and conditions or any other contracts we have with you and to allow us to pursue available remedies or limit the damages that we may sustain in any action, such as pursuant to court orders and engaging debt collection agencies.
(6) We entrust the cloud service provider with the storage of your Personal Information.
(7) We do not sell your Personal Information, as "sale" is defined by California law.
3.WHAT HAPPENS IF YOU DO NOT PROVIDE US WITH THE INFORMATION WE REQUEST?
If you do not provide the Personal Information necessary or withdraw your consent for the processing of your Personal Information where this information is necessary for us to provide our products and services to you, we will not be able to provide those services to you.
4.DO WE MAKE AUTOMATED DECISIONS CONCERNING YOU?
No, we do not carry out automated decision making.
5.DO WE TRANSFER YOUR PERSONAL INFORMATION?
Please note that due to the global nature of our operations, the personal information you provide to us while interacting with us may be stored and processed in any country where we have facilities. These countries or regions may not provide the same level of personal information protection as your jurisdiction, and there may be different risks under different data protection laws. In such cases, we will take measures to ensure that the data we collect is processed in accordance with this policy and applicable laws. These measures include:
If the personal information of data subjects located in the European Union is transferred to countries or regions that are not recognized by the EU as having an equivalent level of data protection, we will use various legal mechanisms, such as signing standard contractual clauses approved by the European Commission, or seeking your consent for the cross-border transfer of personal data, or implementing data anonymization and other security measures before the cross-border data transfer. You can obtain a copy of the EU standard contractual clauses here.
Please refer to the (14. Country Specific Schedules) section of this Privacy Policy to learn how we protect your personal information when it is transferred from your country of residence to a location outside your country of residence.
6.HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
We will retain your Personal Information for as long as needed or permitted considering the purpose(s) for which it was obtained and consistent with applicable law.
The criteria we use to determine our retention periods include:
(1) Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period before we can delete them);
(2) Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations); and
(3) Any guidelines issued by relevant legal and data protection authorities.
7.SECURITY
We have in place security policies, rules and technical measures to protect your Personal Information from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss.
8.SENSITIVE PERSONAL INFORMATION
We ask that you not send us, and you not disclose to us, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, sexual orientation or sex life, political opinions, religion or philosophical beliefs, health related information, criminal background or trade union membership) on or through our products and services or otherwise unless we expressly request this information.
Please see the (14. Country Specific Schedules)of this Privacy Policy for Sensitive Personal Information specific to your country of residence.
9.YOUR PRIVACY RIGHTS
If you would like to exercise your rights in relation to your Personal Information (such as to access, review, correct, update, suppress, restrict, erasure or delete Personal Information), you may contact us at: dpo@global.xjmz.com. We will respond to your request consistent with applicable law.
In your request, please make clear what actions you are requesting we carry out with regards to your Personal Information and the specific information that your request concerns, so that we can action your request more readily. For your protection, we may only implement requests with respect to the Personal Information associated with the email address that you use to send us your request or we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and within any legally required time limits.
Please see the (14. Country Specific Schedules)of this Privacy Policy for information on specific data protection rights provided by your country of residence.
10.CHILDREN
Our products and services are not directed at children under the age of 18. We do not knowingly collect Personal Information from the children under the age of 18. If you have reason to believe that a child under the age of 18 has provided Personal Information to us through our products and services, please email us at dpo@global.xjmz.com. We will investigate any notification and if appropriate, delete the Personal Information from our systems.
Please see the (14. Country Specific Schedules) of this Privacy Policy for information regarding children’s Personal Information specific to your country of residence.
11.UPDATES TO THIS PRIVACY POLICY
We may change this Privacy Policy at any time. We will notify you of any significant changes where we have a relationship with you and otherwise post updated versions on our products and services from time to time. Please take a look at the “LAST UPDATED” legend at the top of this page to see when this Privacy Policy was last revised. Any changes to this Privacy Policy will become effective when we make the revised Privacy Policy available on or through our products and services.
12.CONTACTING US
If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us by email at dpo@global.xjmz.com.
We are located at the following address: 4th floor of Factory Building, No.2 Baisha Road, Tangjiawan Town, Zhuhai City, Guangdong Province, PRC.
Please note that email communications are not always secure, so please do not include credit card information or other sensitive information in your email messages to us.
13.CONFLICT
In the event any inconsistency between the English version of this Privacy Policy and the official language translation version in your jurisdiction, the English version shall prevail.
14.COUNTRY SPECIFIC SCHEDULES
I. United Kingdom and European Economic Area
Scope and Applicability of this Schedule
In addition to our Privacy Policy, this Schedule describes our practices in the United Kingdom (“UK”) and the European Economic Area (“EEA”) in connection with Personal Information that we collect from you in person and through your use of our products and services. The Privacy Policy shall be construed as part and integral part of this Schedule.
Transfers outside of the UK and EEA
Where UK and/or EU data protection laws apply, we only transfer your personal information to another entity in a country outside the UK or EEA (as applicable):
(a) if UK data protection laws apply, where the UK government has decided the particular country ensures an adequate level of protection of personal information (known as an “Adequacy Regulation”) further to Article 45 of the UK GDPR. A list of countries the UK currently has adequacy regulations in relation to is available here; and/or
(b) if EU data protection laws apply, where the European Commission has decided that the particular country ensures an adequate level of protection of personal information (known as an “Adequacy Decision”) further to Article 45 of the EU GDPR. A list of countries the European Commission has currently made adequacy decisions in relation to is available here; and/or
(c) if EU data protection laws apply, where your Personal Information is transferred to a country or region without an equivalent level of data protection recognized by the EU, we will use various legal mechanisms, such as signing standard contractual clauses approved by the European Commission or seeking your consent for the cross-border transfer of personal data, or implementing data anonymization and other security measures before the cross-border data transfer. You can obtain a copy of the EU standard contractual clauses at here; and/or
(d) if UK data protection laws apply, where your Personal Information is transferred to a country or region without an equivalent level of data protection recognized by the UK, we will use various legal mechanisms, such as signing standard contractual clauses approved by the UK or seeking your consent for the cross-border transfer of personal data, or implementing data anonymization and other security measures before the cross-border data transfer. You can obtain a copy of the UK standard contractual clauses at here; and/or
(e) where a specific exception applies under relevant data protection laws.
What Are Your UK And EEA Privacy Rights?
You have the following rights where UK or EU data protection laws apply (subject to certain conditions and limitations):
a) Access - the right to be provided with a copy of your personal information
b) Rectification - the right to require us to correct any mistakes in your personal information
c) Erasure - (also known as the right to be forgotten) - the right to require us to delete your personal information in certain situations
d) Restriction of processing - the right to require us to restrict processing of your personal information in certain circumstances, e.g. if you contest the accuracy of the data
e) Data portability - the right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
f) To object – (i) at any time to your personal information being processed for direct marketing (including profiling); and (ii) in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims
g) The right to withdraw consent - if you have provided us with a consent to use your personal information you have a right to withdraw that consent easily at any time. Withdrawing consent will not affect the lawfulness of our use of your personal information in reliance on that consent before it was withdrawn.
For more information on each of those rights, including the circumstances in which they apply, or if you would like to exercise any of these rights please see the “Contacting Us” section above.
We may need to request specific personal information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not shared with any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request.
Depending on whether UK and/or EU data protection laws apply you may have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues, and/or to the data protection supervisory authority in your jurisdiction.
We would, however, always appreciate the chance to deal with your concerns directly you approach a supervisory authority by contacting us on dpo@global.xjmz.com.
Contact details for the ICO are available here.
For a list of EEA data protection supervisory authorities and their contact details see here.