PRIVACY POLICY


At TCL Communication Limited ("we", "us", "our"), we regularly collect and use information that could identify an individual ("personal data"), in particular about your purchase or use of our products, services, mobile and software applications and websites ("you", "your"). The protection of your personal data is very important to us, and we understand our responsibilities to handle your personal data with care, to keep it secure and to comply with legal requirements.
The purpose of this privacy policy is to provide a clear explanation of when, why and how we collect and use personal data ("Policy"). We have designed it to be as user friendly as possible, and have labelled sections to make it easy for you to find the information that may be most relevant to you and to allow you to click on a topic to find out more.
Please read this Policy carefully. This Policy is not intended to override the terms of any contract that you have with us or any rights you might have available under applicable data protection laws.
We may make changes to this Policy from time to time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business. We will notify you about significant changes by sending a message to your mobile phone or by prominently posting a notice on our website http://www.tclcom.com/wearables/ . We encourage you to regularly check and review this policy so that you will always know what information we collect, how we use it, and who we share it with.
This Privacy Policy was updated on March 30, 2018.

Contents


1. WHO IS RESPONSIBLE FOR LOOKING AFTER YOUR PERSONAL DATA?
2. WHAT PERSONAL DATA DO WE COLLECT?
3. WHEN DO WE COLLECT YOUR PERSONAL DATA?
4. WHAT PURPOSES DO WE USE YOUR PERSONAL DATA FOR?
5. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
6. DIRECT MARKETING
7. INTERNATIONAL TRANSFERS
8. PROFILING
9. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
10. WHAT ARE YOUR RIGHTS?
11. HOW WE PROTECT YOUR PERSONAL DATA?
12. CONTACT AND COMPLAINTS
APPENDIX 1 - LEGAL BASIS FOR PROCESSING

1. WHO is responsible for looking after your personal data?


TCL Communication Limited ("TCT") is a Hong Kong based telecommunication company focusing on global scale smart product manufacture and internet application services, with a registered office at 5/F Building 22E Science Park East Avenue Hong Kong.
As TCT is the company which was originally responsible for collecting information about you, it will be the data controller. You should be aware that although TCT may be principally responsible for looking after your personal data, information may be held in databases which can be accessed by other TCT group companies.

2. WHAT personal data do we collect?


Personal data we collect include:

For more information on what information we collect, please read Appendix 1 of the Policy.

3. WHEN do we collect your personal data?


We will collect information from you directly when you use your device, when you upgrade your device, when you register an account on your device, on our app store or on our website, when you sign up for marketing materials, when you purchase or use our products and services, or where you contact us with questions, complaints or suggestions or provide us with any feedback.
We may collect information about you indirectly from other sources and combine that with information we collect through our services where this is necessary to help manage our relationship with you. These other sources may include third party software applications and social media platforms such as Facebook, Google+ and Twitter.
We will not knowingly collect any personal data about children under 13 without making it clear that such information should only be provided with parental consent, if this is required by applicable laws. TCT will only use the personal data of children as far as is permitted by law where the required parental or guardian consent has been obtained.

4.What PURPOSES do we USE your personal data for?


We will use your personal data
We have to establish a legal ground to use your personal data, so we will make sure that we only use your personal data for the purposes set out in this Section 4 and in Appendix 1 where we are satisfied that:

In order for us to provide you with our services when you use certain applications, we may collect special categories of data from you. For our collection or use of your special categories of data, we will establish an additional lawful ground to those set out above which will allow us to use that information. This additional exemption will typically be:

PLEASE NOTE: If we have previously advised that we are relying on consent as the basis of our processing activities, going forward we will not be relying on that legal basis except where this has been explicitly set out to you.
PLEASE NOTE: If you provide your explicit consent to allow us to process your special categories of data, you may withdraw your consent to such processing at any time. However, you should be aware that if you choose to do so we may be unable to continue to provide certain services to you. If you choose to withdraw your consent we will tell you more about the possible consequences.

5. Who do we SHARE your personal data with?


We may share your data with other TCT group companies in or outside Europe. We may sign data transfer agreements with our group companies if we transfer your personal data outside Europe. A list of the TCT group companies is available at http://www.tclcom.com/wearables/ . We may also share your data with third parties, to help manage our business and deliver services. These third parties may from time to time need to have access to your personal data. These third parties may include:

Also, if we were to sell part of our businesses we would need to transfer your personal data to the purchaser.

6. Direct Marketing


We may use your personal data to send you direct marketing communications about our products and services or our related services including our latest product announcements and upcoming events. This may be in the form of email, post, SMS, telephone or targeted online advertisements. We limit direct marketing to a reasonable and proportionate level, and to send you communications which we think will be interesting and relevant to you, based on the information we have about you.
For the purposes of GDPR our processing of your personal data for direct marketing purposes is based on our legitimate interests as further detailed in Appendix 1, but where opt-in consent is required by the relevant European laws such as the Privacy and Electronic Communications Regulations, we may ask you for your consent. You have a right to stop receiving direct marketing at any time. You can do this by following the opt-out links in electronic communications (such as emails), or by contacting us using the details in Section 12.
We also use your personal data for customising or personalising ads, offers and content made available to you based on your usage of our mobile applications, websites, platforms or services, and analysing the performance of those ads, offers and content, as well as your interaction with them. We may also recommend content to you based on information we have collected about you and your viewing habits. This constitutes 'profiling' in respect of which more information is provided at Section 8 of this Policy.

7. International Transfers


We may transfer your personal data to TCT group companies or service providers that are located outside of Europe. We may also share your personal data overseas, for example if we receive a legal or regulatory request from a foreign law enforcement body. We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests:

You have the right to ask us for more information about the safeguards we have put in place as mentioned above. Contact us as set out in Section 12 if you would like further information or to request a copy where the safeguard is documented (which may be redacted to ensure confidentiality).

8. Profiling


'Automated decision making' refers to a decision which is taken though the automated processing of your personal data alone. This means processing using, for example, software code or an algorithm, which does not involve any human intervention. As profiling uses automated processing, it is sometimes connected with automated decision making. Not all profiling results in automated decision making, but it can do.
If you are a consumer that has signed up to receive marketing updates, we may use profiling to ensure that marketing materials are tailored to your preferences and to what we think you will be interested in. This does not have any significant effect, or a legal effect on you. In certain circumstances it may be possible to infer certain information about you from the result of profiling, which may include special categories of data. We will not however conduct profiling based on your special categories of data unless we have obtained your explicit consent to do so.
PLEASE NOTE: You have certain rights in respect of automated decision making, including profiling where that decision has significant effects on you, including where it produces a legal effect on you. See Section 10.

9. How long do we keep your personal data?


We will retain your personal data for as long as is reasonably necessary for the purposes listed in Section 4 of this Policy. In some circumstances we may retain your personal data for longer periods of time, for example where we are required to do so to meet legal, regulatory, tax or accounting requirements.
In specific circumstances we may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your personal data or dealings. We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.

10. What are your rights?


You have a number of rights in relation to your personal data. In summary, you may request access to your data, rectification of any mistakes in our files, erasure of records where no longer required, restriction on the processing of your data, objection to the processing of your data, data portability and various information in relation to any automated decision making and profiling or the basis for international transfers. You also have the right to complain to your supervisory authority (further details of which are set out in Section 12 below).
Those underlined are defined in more detail as follows:
Access
You can ask us to:
Rectification
You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it.
Erasure
You can ask us to erase your personal data, but only where:

We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary: for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances where we would deny that request.
Restriction
You can ask us to restrict (i.e. keep but not use) your personal data, but only where:

We can continue to use your personal data following a request for restriction, where:

Portability
You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it 'ported' directly to another data controller, but in each case only where: the processing is based on your consent or the performance of a contract with you; and the processing is carried out by automated means.
Objection
You can object to any processing of your personal data which has our 'legitimate interests' as its legal basis (see Appendix 1 for further details), if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights.
Automated Decision Making
You can ask not to be subject to a decision which is based solely on automated processing (see Section 8), but only where that decision:

In such situations, you can obtain human intervention in the decision making, and we will ensure measures are in place to allow you to express your point of view, and/or contest the automated decision. Your right to obtain human intervention or to contest a decision does not apply where the decision which is made following automated decision making:
To exercise your rights you may contact us as set out in Section 12. PLEASE NOTE the following if you do wish to exercise these rights:

11. How we PROTECT your personal data?


We endeavour to protect us and you from unauthorised access to or unauthorised alteration, disclosure or destruction of personal data that we hold.
In particular:

You are responsible for the personal data that you choose to share, disclose or submit voluntarily while using our website or devices and which can be viewed by members of third party applications or sites such as chat applications or messengers.

12. Contact and complaints


The primary point of contact for all issues arising from this Policy, including requests to exercise data subject rights, is our data protection officer. In order for us to facilitate your enquiries, requests or complaint, please contact our data protection officer:
(i) privacy.europe@tcl.com (for customers located in Europe); privacy.na@tcl.com (for customers located in the United States); or
(ii) privacy@tcl.com (for customers located in any other countries).
If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time. For example, in the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/). We do ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

APPENDIX 1 - LEGAL BASIS FOR PROCESSING


Setting up an account (e.g. app store, website)

Providing client care and support and providing product warranty

Synchronising data
Marketing, profiling and generating reports

Processing transactions and sending related information (e.g. confirmation, invoices)

System upgrades, bug fixing and sending notifications (e.g. software updates, technical updates, security alerts and support and administrative messages)
Product analysis, development, improvement and testing

Sale or reorganisation of our business

Monitor and detect fraud

Comply with legal and regulatory obligations