Zhejiang Deye Environment Appliance Co., Ltd. (referred to in this Policy as “Deye”, “we”, “our” or “us”) takes your privacy and personal data protection very seriously. This Privacy Policy explains how we collect, use, disclose, process and protect personal information that you provide to us, or that we collect from you, when you use the services on our platform. 

We value transparency in the way we handle personal information. If you have any questions, concerns or requests regarding our data processing practices or this Privacy Policy, you may contact us using the details provided in the “Contact Us” section of this Privacy Policy. We are committed to responding to your inquiries and assisting you in exercising your rights under applicable data protection laws.

1. Information We Collect

We collect, process and use personal information from and about you, including when you create an account and interact with us to make use of our apps and websites.

We collect the following information from Users:

1.1 Information you provide us

In each of the following scenarios, you need to provide us the necessary information, so that we can provide the service which you request in that scenario. If you refuse to provide such necessary personal data, we will not be able to provide the relevant services to you.

· Personal Account. If you create an account, you should provide us the necessary information so that we could provide the services to you. This includes your username, your email address; your password; your display language; and third-party single sign-in information (if you choose this sign-in method). In addition to the necessary account information, you can also provide an avatar and nickname associated with your account. This information is optional and can be customized based on your preferences and needs. 

· Smart Device Configuration. In order to provide smart device monitoring and management services, you may configure your smart devices via the App to connect your devices to our apps. During the device configuration process, we will collect your Wi-Fi information (including network name (SSID), received signal strength indicator (RSSI), and IP address) or Bluetooth information (including Bluetooth device ID and MAC address). This information is used to enable your smart device to access your Wi-Fi network and connect to our apps. During the configuration process, we will also collect the device nickname you create to facilitate easier management and operation of your smart devices.

· Wi-Fi Setup Information. You can use our "Save Wi-Fi Password" feature to allow your Devices to connect automatically to your Wi-Fi network. If you use this feature, we will store your Wi-Fi network name (SSID) and password. This information is encrypted using industry-standard algorithms and will not be used for any other purpose. If you choose not to use this feature, your Devices will need to reselect the Wi-Fi network and re-enter the password each time they connect.

· Monitoring and Management of Devices. When you monitor and manage smart devices via our apps, we will collect the device serial number (SN), real-time operational data, historical operational data, as well as environmental humidity data and related historical data. We will also collect your operation instructions and usage actions to enable remote control of your smart devices. If you create scheduled operations or automation rules linked to external environmental conditions, we will collect the relevant scheduled or automated instructions in order to execute device operations according to your settings. You may independently decide whether to use remote control functions and whether to add, modify or delete scheduled or automated instructions.

· Smart Device Data Analysis. During your use of our apps, we will continuously analyze real-time and/or historical operational data generated by your smart devices. If abnormal operation is detected, we may notify you via push notifications, email, SMS or other means. Such notifications constitute part of the core services of our apps. If you no longer wish to receive such notifications, you may opt out in accordance with the instructions provided in the notification. We may anonymize operational data generated by smart devices and use the anonymized data to analyze device performance and improve our products and services.

· Authorized Viewing and Management of Smart Devices. You may authorize other users  to view or manage your smart devices, or you may act as an authorized user to view or manage devices owned by others. When establishing such an authorization relationship, both parties are responsible for independently verifying each other’s identity and entering into relevant agreements.In such authorization scenarios, if you provide your personal data to the other party, that party acts as an independent data controller. If you provide personal data relating to another individual, you must obtain that individual’s prior explicit consent.

· Functions Necessary to Ensure Information Security. In order to fulfil network security obligations, enhance system security, protect users and third parties from personal or property damage, and prevent fraud, security vulnerabilities and cyberattacks, we may analyze account information, personal device information, smart device information, service logs, and data lawfully obtained from third parties. This is done to assess potential account, network security, data security or personal data protection risks and to take necessary recording, auditing and remedial measures in accordance with applicable laws.

To enhance your user experience on our platform, we may use your personal data for the following optional features.

· In the basic settings, you may optionally provide a profile picture, nickname, gender and date of birth to allow other users to better understand you.

· You may authorize access to your device’s location services during app operation, in order to display local weather and humidity information and enable automation features (where supported by device firmware). Refusing or withdrawing this authorization will not affect core device monitoring and management functions.

· You may authorize access to your device’s camera to identify device models, scan QR codes to associate devices, or set a profile picture.

· You may authorize access to your device’s storage or photo gallery to set a profile picture, submit feedback, or scan QR code images.

· You may authorize access to your device’s phone function to enable quick calls to Deye customer service.

· You may authorize access to your device's Bluetooth or Wi-Fi for device setup. This is solely to assist with network configuration. Please note that if you use an Apple device and configure via Wi-Fi, the operating system may require you to enable "Precise Location" permissions. We would like to clarify that we do not collect, store, or use your precise geographical location information.

· You may withdraw previously granted permissions at any time via the “My – Privacy Settings” page, your device’s system permission settings, or similar interfaces. After withdrawal, we will no longer process the related personal data, without affecting any processing activities carried out prior to withdrawal.

1.2 Information we collect when you use our Services

When you use our services, we collect information about how you use our Services.

· Device Information.We collect information about and from the devices you use to access our apps and websites, which includes: (1) Information about your devices, such as device model, operating system, browser information, Unique Device Identifier (a string that the manufacturer assigns to your device to uniquely identify the device), and other information about your device. (2) Information about your connection to us, such as your IP address, network connection status and type, network condition and related information.

· Log Information. When you use our apps and websites, we collect operation logs, service logs, service failure information and other activity logs, even if you have not created an account or are signed out. These includes: IP address and related information; device IDs and operation system information; browser information; pages visited. We also collect the Mobile/Web application performance data, crash data and the source of Mobile Application in order to ensure the information security and improve the system performance.

· Interactions with third-parties. When you authorize the Maintenance Service Provider to access, manage and monitor your devices, we collect the interaction information in order to provide Maintenance Service Provider with the necessary data to fulfil their obligations.

1.3 Information we receive from third parties

We may obtain account information that you have authorized third parties to share and, upon your consent to this Privacy Policy, link your third-party account with your account. This enables you to log in to and use our services via third-party accounts. We will collect and use such personal data in accordance with agreements with third parties, after providing adequate notice to you and verifying the lawful source of the data, and in compliance with applicable laws. For example:

During account registration or login, you may choose one-click login via Google authorization. With your consent, we will obtain certain personal data from third parties in accordance with our agreements with them. You may review the categories of personal data obtained, purposes of use and third-party processing rules in the relevant third-party information sharing lists.

2. How We Use the Information

2.1 Operate and improve our Services

We use the information we collect to provide you the services. In order to use our apps and websites, you should create an account and provide the Personal Account information. In order to use the device management and monitoring services, you should provide the necessary device Information. We use your device information to provide you the better user experience when you use mobile or web application.

2.2 Ensure security

We use information we collect to ensure the security of our users, services, and your account. This includes verifying your identity, ensuring secure login, preventing unauthorized use, and detecting illegal activities. In the event of a security incident, we may utilize your information to assess the situation and conduct thorough investigations.

2.3 Communicate with you about our Services

We use information we collect to communicate with you, including our service updates, term of service updates, privacy policy updates, and other module and firmware updates.

We use information about you and your use of the Services for marketing, promotional activities, and business development. We may use your contact details and usage information to send promotional emails we believe are relevant to you. You can opt out of marketing communications at any time by following the unsubscribe instructions included in our emails.

2.4 Research

We use the information you provide to us including survey, service testing and troubleshooting information that could help us to improve the services wo provide to you.

3. What is Purpose and Legal Basis

The purposes and legal basis upon which we process your personal information include:

We may process your personal information based on our legitimate interests, but we will always carefully consider your rights and interests. We will not proceed with such processing if we believe that your interests or fundamental rights and freedoms related to your personal information would be prejudiced.

You have the right to object to the processing of your personal information when it is carried out for our legitimate interests. If you object, we will assess the situation and cease processing your personal information unless there are compelling legitimate grounds that override your rights.

4. How We Share Information

4.1 Share upon your decision

With your explicit consent or at your request, we will share your personal information within the scope of your consent or request with specific third parties designated by you.

4.2 Share with third parties

We may share your information with our service providers that perform functions and provide services on our behalf, including Amazon Web Services who provide the infrastructure cloud service to us. Before engaging third parties to assist us in performing functions and providing services, we have established pre-assessment procedures to verify the quality and suitability of these third parties. We carefully evaluate their data protection practices and compliance with applicable privacy laws.

4.3 Integrations with third-party

We integrate third-party Software Development Kit (SDK) in our mobile application to enhance the functionality, provide the better experiences and collect analytics data. These third-party SDK service providers act as the data controller or data processor in the respective scenarios:

4.4 When required by law

We may preserve, use, disclose, or share your information if we believe it is reasonably necessary to comply with applicable law, protect the safety and integrity of our Services, protect your and our rights or property.

4.5 With our Affiliates

We may share information amongst our affiliates to provide our Services.

4.6 Sale of Personal Information

We do not sell your personal information to third parties.

5. How and How Long We Store Information

All your personal information is stored on secure servers, and protected in controlled facilities. 

We may share your information with our affiliate companies or third parties. Where such entities are located in other countries and jurisdictions, we will therefore be transferring your personal data outside the country or jurisdiction where your personal data was collected. In making such data transfers, we make sure to protect your personal data by applying the level of security required by applicable privacy laws. Where we transfer your data to a country or jurisdiction that cannot guarantee the required level of protection as required by applicable privacy laws, we have enhanced our IT security measures to increase the protection of your personal data.

We ensure that all data transfers and access are protected by legally recognized security measures. For this purpose, we primarily rely on the following mechanisms:

– Standard Contractual Clauses (SCCs): We have adopted the Standard Contractual Clauses approved by the European Commission, as well as similar clauses under Brazil’s General Data Protection Law (LGPD), to regulate data transfers and access to locations such as China.

– Adequacy Decisions: For data transfers originating from regions deemed to provide an adequate level of protection, such as the European Economic Area (EEA), we adhere to the corresponding legal frameworks.

– Supplementary Safeguards: We implement supplementary measures, including technical encryption and access auditing, to further enhance the level of protection.

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

– Your account information and other related information will be retained for the duration of your account until you choose to deregister or until your account is terminated for any other reason.

– To comply with legal requirements and ensure safety and security, we may retain certain information for longer periods than stated in this policy.

– Once the specified retention periods expire, we will delete or anonymize your personal information, unless otherwise required by laws and regulations.

6. Security Measures and Device Permissions

We recognize the importance of protecting and managing your personal information and take all necessary steps to safeguard your personal information. We use a variety of security, organizational and technical measures designed to help protect your personal information from unauthorized access, use, disclosure, alteration or destruction consistent with applicable data protection and privacy laws and regulations.

However, you are also responsible for maintaining the security of your account in your possession or control. We recommend that you do not divulge your password to anyone. Our staff will never ask you for your password in an unsolicited phone call or in an unsolicited email. If you share a computer with others, you should not choose to save your account information on that shared computer.

When you use our mobile application, we may need to activate some device permissions, including Storage/Photo, Camera, Location, Bluetooth and Wi-Fi.

You have the option to disable these permissions within the mobile application's System Settings or the device's Settings, thereby preventing us from collecting the corresponding personal information. Please note that the process for displaying and disabling permissions may vary depending on your specific device. We recommend referring to your device's system description or instructions for guidance on managing permissions.

7. Your Rights and Options

You have the following data subject rights and options regarding your personal data:

· Right to Access: You have the right to request a copy of your personal information. We will need to verify your identity before taking any action.

· Right to Rectification: If the personal information we hold is incorrect, you have the right to request its amendment.

· Right to Erasure: You have the right to request the deletion of your personal information that we hold. However, there may be legal and regulatory reasons that prevent us from deleting your data.

· Right to Withdraw Consent: You can withdraw your consent to the processing of your personal information at any time (if we process your personal information based on your consent). Please note that withdrawing consent may impact our ability to provide certain services to you, but it does not affect the lawfulness of our processing prior to the withdrawal.

· Right to Data Portability: You have the right to receive certain personal information you have provided to us in a machine-readable format, or to have it transmitted to a third party with your explicit authorization.

· Right to Restrict Processing: Under certain conditions listed in our policies, you can restrict the processing of your personal information.

· Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to processing of Personal Data concerning you which is based on a task carried out in the public interest or on a legitimate interest.

· Right to Lodge a Complaint: If your privacy rights are violated or you have suffered as a result of unlawful processing of your personal information, you have the right to lodge a complaint with the relevant supervisory authority.

To exercise your rights, we may need to request specific information to confirm your identity and ensure your right to access your personal information or exercise any other rights. This is a security measure to protect your information. We may also contact you for further details related to your request. To exercise your rights, please contact us using the details provided in the "Contact Us" section below. Please note that we may need to verify your identity before proceeding with your request. We aim to respond to your request within 30 days, and if more time is required, we will inform you and keep you updated.

8. How We Use Cookies and Similar Technologies

8.1 Use of Cookies

To personalize your online experience and provide you with enhanced accessibility, we may place one or more small data files called cookies on your computer or mobile device. The cookies sent to you are unique and can only be read by the web server in the domain that issued the cookie to you. We use cookies to simplify your repeated login process, store your preferences or information such as pages you have visited, provide preference settings, help optimize your user experience, assist in determining your login status, and ensure account or data security.

We do not use cookies for any purposes other than those described in this Privacy Policy. You can manage or delete cookies based on your preferences, or you can clear all cookies saved on your computer through your browser settings.

8.2 Use of Web Beacons and Similar Technologies

In addition to cookies, we may also use other similar technologies on our website, such as web beacons. We typically include electronic tags on our web pages. We use web beacons in the following ways: to count the number of user visits and to identify registered users of the Deye in conjunction with cookies.

9. Children Policy

Our apps and websites is not directed toward individuals under the age defined by applicable local laws (generally under 13 or 16 depending on jurisdiction). Deye does not knowingly collect personal information from Minors. If we become aware that Minors have provided personal information through our Services, we will take immediate steps to remove such information from our systems. Parents or legal guardians are responsible for ensuring that Minors under their supervision do not use our Services or submit any personal information.

10. Policy Update

We reserve the right to change, amend, or revise this Privacy Policy periodically. We will make efforts to notify you of any significant or material changes. You can access the latest version of this Privacy Policy on our website and mobile application at any time. We encourage you to regularly review the Privacy Policy to stay informed about any updates before using the Cloud Services mentioned in this Policy.

If you do not agree with any of the changes and no longer wish to use our Services, you have the option to close your Account. By continuing to use our Services after receiving notice of changes or when changes are published on our Services, you indicate your acceptance of the changes and consent to the modified version of this Privacy Policy.

11. Contact Us

If you have questions or requests about the privacy issues relating to the processing of your personal information, you can contact us at the address below.

Zhejiang Deye Environment Appliance Co., Ltd.

Email:  dy@deye.com.cn

Address: No. 899, Waitang Road, Haiyan County, Jiaxing City, Zhejiang, China

Thank you for taking the time to read our Privacy Policy!

[END]