DATA PROTECTION POLICY
(Effective Date: May 23, 2018)
This Data Protection Policy is provided by O.Z. S.p.A., with registered office in Bassano del Grappa (VI), Via Bastion no. 49/4 (hereinafter, also, referred to as "O.Z.”) pursuant to article 4ff General Data Protection Regulation no. 679/2016/UE ("Regulation"), and to others laws, rules and regulations applicable to data protection, hereinafter, also, referred as “Applicable Privacy Rules” For the purposes of this Data Protection Policy, is the Controller.
O.Z. is committed to protecting the privacy of all data subjects. The purpose of this Data Protection Policy is to inform you about the types of information we gather about you, how we may use that information, and how we disclose it to third parties.
This Data Protection Policy applies to information about you that is collected by us as set forth herein, including Hisense Electric Co., Ltd., its affiliates, subsidiaries and/or parents (“Hisense", “we” or “us” or “our” or “ours”).
- IMPORTANT DEFINITIONS
“Adequate Jurisdiction” a jurisdiction that has been formally designated by the European Commission as providing an adequate level of protection for Personal Data.
“Controller” means the entity that decides how and why Personal Data are Processed.
“Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
“EEA” means the European Economic Area.
“Materials” collectively means any Content, Submitted Content (where applicable and as further defined herein), messaging, blogging, chatting, social networking, information, advertising and/or internet links, etc., accessible or delivered through the Site(s).
“Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
“Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Sensitive Personal Data” means personal data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that may be deemed to be sensitive under applicable law.
“Site(s)” means any website operated, or maintained, by us or on our behalf.
“Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission.
“Application(s)” means an embeddable, downloadable and/or executable software application owned by us or a third party and made available on the Site(s).
“Content” means all audio and visual elements and ideas offered by us or third parties, including but not limited to, data, movies, videos, photographs, software, games, designs, likenesses, artwork, images, music, sound, information and other materials, tangible and intangible, including derivative works, on all media and formats, existing or in future.
- COLLECTION OF PERSONAL DATA
Collection of Personal Data: We may collect Personal Data about you from the following sources:
- Data you provide: We may obtain your Personal Data when you provide it to us (e.g., where you contact customer service via email or telephone, or by any other means).
- Relationship data: We may collect or obtain your Personal Data in the ordinary course of our relationship with you (e.g., if you purchase a product from us).
- Data you make public: We may collect or obtain your Personal Data that you manifestly choose to make public, including via social media (e.g., we may collect information from your social media profile(s), if you make a public post about us).
- Site data: We may collect or obtain your Personal Data when you visit any of our Sites or use any features or resources available on or through a Site.
- Registration details: We may collect or obtain your Personal Data when you use, or register to use, any applications or services on the Site(s).
- Content and advertising information: If you choose to interact with any third party Content or advertising, we may receive Personal Data about you either directly, or from the relevant third party providing that Content.
- Third party information: We may collect or obtain your Personal Data from third parties who provide it to us, including third party providers of Content and advertising.
Creation of Personal Data: We may also create Personal Data about you, such as records of your communications with us, and details of your viewing history and your purchase history.
- CATEGORIES OF PERSONAL DATA WE MAY PROCESS
We may Process the following categories of Personal Data about you to the extent that such processing is strictly necessary in connection with the purposes of processing set out in this Data Protection Policy:
- Personal details: given name(s); preferred name; nickname and photograph.
- Demographic information: gender; date of birth/age; nationality; salutation; title; and language preferences.
- Contact details: address; telephone number; email address; and details of your public social media profile(s).
- Purchase details: records of purchases and prices, including purchases made via Smart Services.
- Payment details: invoice records; payment records; billing address; payment method; bank account number or credit card number; cardholder or accountholder name; card or account security details; card ‘valid from’ date; and card expiry date; payment amount; payment date; and records of cheques.
- Data relating to Site(s): Product details; IP address; language settings; dates and times; Site(s) and Application(s) usage statistics; Site(s) and Application(s) settings; dates and times of connecting to Site(s) and Application(s); location data, and other technical communications information; username; password; security login details; usage data; aggregate statistical information.
- Content and advertising data: records of your interactions with our online advertising and Content, records of advertising and Content displayed on pages or Application screens displayed to you, and any interaction you may have had with such Content or advertising.
- Views and opinions: any views and opinions that you choose to send to us (e.g., through surveys or polls, feedback forms, or ratings of Applications in third party application stores) or publicly post about us on social media platforms.
- Non-Personal Data. When you use our products, we may also collect certain information that, by itself or in combination with other such information, cannot be used to identify you individually, or contact you personally (“Non-Personal Data”). Non-Personal Data also includes technical information related to your use of the Product, including but not limited to Product performance information, Product usage information, Site(s) and Application(s) usage information, and/or other unidentifiable technical data involving your use of our products. Non-Personal Data may also include certain data or information that you provide us through your use of our products, such as query terms, page requests, Content or programming accessed or viewed, or data about specific services or applications accessed by you, the date and time of your request.
- Personal Data of Children under sixteen (16). We are committed to protecting the Personal Data of children. We will not knowingly collect Personal Data from individuals under such age for any purpose, nor will we accept registration from such individuals. In some cases, particularly where information is collected electronically, we may not be able to determine whether information was collected from children under age sixteen (16), and we treat such information as though it were provided by an adult. If we learn that a child under the age of sixteen (16) has provided any Personal Data, we will use commercially reasonable efforts to delete such information. We encourage parents and legal guardians to participate in all online activities of their children and prevent them from providing any Personal Data to us. WE EXPRESSLY DISCLAIM ANY RESPONSIBILITY OR LIABILITY FOR THE USE, OR MISUSE, OF SUCH FEATURES BY CHILDREN IN VIOLATION OF THIS DATA PROTECTION POLICY.
- LEGAL BASIS FOR PROCESSING SENSITIVE PERSONAL DATA
In Processing your Personal Data in connection with the purposes set out in this Data Protection Policy, we may rely on one or more of the following legal bases, depending on the circumstances:
- Consent: We may Process your Personal Data where we have obtained your prior, express consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way);
- Contractual necessity: We may Process your Personal Data where the Processing is necessary in connection with any contract that you may enter into with us;
- Compliance with applicable law: We may Process your Personal Data where the Processing is required by applicable law;
- Vital interests: We may Process your Personal Data where the Processing is necessary to protect the vital interests of any individual; or
- Legitimate interests: We may Process your Personal Data where we have a legitimate interest in carrying out the Processing for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms.
- SENSITIVE PERSONAL DATA
We do not seek to collect or otherwise Process your Sensitive Personal Data in the ordinary course of our business. Where it becomes necessary to Process your Sensitive Personal Data for any reason, we rely on one of the following legal bases:
- Compliance with applicable law: We may Process your Sensitive Personal Data where the Processing is required or permitted by applicable law;
- Detection and prevention of crime: We may Process your Sensitive Personal Data where the Processing is necessary for the detection or prevention of crime (including the prevention of fraud);
- Establishment, exercise or defence of legal rights: We may Process your Sensitive Personal Data where the Processing is necessary for the establishment, exercise or defence of legal rights; or
- Consent: We may Process your Sensitive Personal Data where we have, in accordance with applicable law, obtained your prior, express consent prior to Processing your Sensitive Personal Data (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).
- HOW WE USE THE INFORMATION WE COLLECT
We may Process your Personal data for the following purposes:
- Provision of Site(s) and Application(s) to you: providing Site(s) and Application(s) to you; registering your account on the Device; providing you with other products and services that you have requested; providing you with promotional items at your request; and communicating with you in relation to those products and services; operating and managing Site(s) and Application(s); providing Content to you; displaying advertising and other information to you; communicating and interacting with you viaSite(s) and Application(s); and notifying you of changes to any Site(s) and Application(s).
- Communications with you: communicating with you via any means (including via email, telephone, text message, social media, post or in person) news items and other information in which you may be interested, subject to ensuring that such communications are provided to you in compliance with Applicable Privacy Rules; maintaining and updating your contact information where appropriate; and obtaining your prior, opt-in consent where required.
- Communications and IT operations: management of our communications systems; operation of IT security systems; and IT security audits.
- Health and safety: health and safety assessments and record keeping; and compliance with related legal obligations.
- Financial management: sales; finance; corporate audit; and vendor management.
- Surveys and polls: engaging with you for the purposes of obtaining your views on our products and services.
- Investigations: detecting, investigating and preventing breaches of policy, and criminal offences, in accordance with applicable law.
- Legal proceedings: establishing, exercising and defending legal rights.
- Legal compliance: compliance with our legal and regulatory obligations under applicable law.
- Improving our Site(s) and Application(s): identifying issues with Site(s) and Application(s); planning improvements to Site(s) and applications; and creating new Site(s) and applications.
- Non-Personal Data. We may use Non-Personal Data for our internal purposes, such as to offer Product-specific viewing recommendations, to understand aggregate usage patterns, or to provide you with improved features. We reserve the right to use or disclose aggregate Non-Personal Data in any way we see fit, including for our and our partners' marketing and advertising purposes and to other third parties, and you acknowledge and consent to such. We may also use diagnostic data (which does not identify you and does not contain Personal Data) for the purposes of improving the Site(s) and applications.
- Combinations of Information. We may combine Personal Data and Non-Personal Data collected with other data in order to provide and improve services provided in connection with our products. We may also, from time to time, transfer or merge any Personal Data collected off-line to our online databases or store off-line information in an electronic format. We may also combine Personal Data we collect online with information available from other sources, including information received from our affiliates, marketing companies, or advertisers. If we combine any Non-Personal Data with Personal Data, the combined information will be treated as Personal Data under this Data Protection Policy for as long as it remains combined.
- HOW WE SHARE AND DISCLOSE INFORMATION
There are times where we may share the information described in this Data Protection Policy, and this section describes how we may share such information. We will only disclose your Personal Data to the extent that such disclosure is necessary: (i) to provide you with products and services you have requested; (ii) for compliance with applicable law; (iii) to establish, exercise or defend our legal rights; or (iv) to the extent necessary in connection with the sale or reorganization of any relevant portion of our business.
- Personal Data and Non-Personal Data. We may share Personal Data and Non-Personal Data as follows:
- With our and our affiliates staff, employees, contractors, agents, to help us provide or improve the services in connection with our products.
- With our professional advisors.
- With third parties and their advisors in connection with a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of O.Z.’s assets, financing, sale of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
- When required to or are permitted to do so by applicable law or regulation.
- With any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security.
- With any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights.
- With legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation.
- With carefully selected third-parties, including suppliers or commercial partners as necessary to provide a service to us or to perform a function on our behalf in connection with the Site(s), product and/or service. For any disclosure of your Personal Data by us to a carefully selected third party or to any third party referred to in this Data Protection Policy, we will comply with data protection law by ensuring that there are arrangements in place to ensure that the third party keeps your data secure, does not use your Personal Data for any purposes other than the purposes we specify and in accordance with the purposes outlined in this Data Protection Policy.
- With other third-parties solely at your direction and with your express consent, and only for purposes that you request.
- THIRD PARTY MATERIALS, APPLICATIONS, AND ADVERTISEMENTS
Third parties who offer Applications or Materials on the Product may collect Personal or Non-Personal Data when you access their Application(s) and Materials. We are not responsible for the data collection and privacy practices employed by such third parties or their services, and they may be collecting data about you and may be sharing it with us and/or others. These third parties and their services may also track you across sites and time, serve you their own advertisements (including interest-based advertisements) and may or may not have their own published privacy policies.
In addition, when you are using the Product you may be directed to other services that are operated and controlled by third parties that we do not control. For example, if you browse the Internet and “click” on a link on a website, the link may take you to a different website. We encourage you to note when you access a new website or application and to review the privacy policies of all third-party locations and exercise caution in connection with them. We are not responsible for the availability, completeness or accuracy of such third parties’ policies or notices.
- YOUR CHOICES REGARDING DATA COLLECTION AND CHANGING PREFERENCES: YOUR RIGHTS AND CHOICES
We take every reasonable step to ensure that:
- your Personal Data that we Process are accurate and, where necessary, kept up to date; and
- any of your Personal Data that we Process that are inaccurate (having regard to the purposes for which they are Processed) are erased or rectified without delay.
From time to time we may ask you to confirm the accuracy of your Personal Data.
We take every reasonable step to ensure that your Personal Data that we Process are limited to the Personal Data reasonably necessary in connection with the purposes set out in this Data Protection Policy.
We take every reasonable step to ensure that your Personal Data are only Processed for the minimum period necessary for the purposes set out in this Data Protection Policy.
The criteria for determining the duration for which we will keep your Personal Data are as follows: we will retain copies of your Personal Data in a form that permits identification only for as long as is necessary in connection with the purposes set out in this Data Protection Policy, unless applicable privacy rules requires a longer retention period. In particular, we may retain your Personal Data for the duration of any period necessary to establish, exercise or defend any legal rights.
Subject to applicable privacy rules, you may have a number of rights regarding the Processing of your Personal Data of which we are a Controller, including:
- the right not to provide your Personal Data to us (however, please note that we may be unable to provide you with the products and services you request, if you do not provide us with your Personal Data – e.g., we may not be able to Process your orders without the necessary details);
- the right to request access to, or copies of, your Personal Data, together with information regarding the nature, Processing and disclosure of those Personal Data;
- the right to request rectification of any inaccuracies in your Personal Data;
- the right to request, on legitimate grounds:
- erasure of your Personal Data; or
- restriction of Processing of your Personal Data;
- the right to object, on legitimate grounds, to the Processing of your Personal Data by us or on our behalf;
- the right to have certain Personal Data transferred to another Controller, in a structured, commonly used and machine-readable format, to the extent applicable;
- where we Process your Personal Data on the basis of your consent, the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Data in reliance upon any other available legal bases); and
- the right to lodge complaints with a Data Protection Authority regarding the Processing of your Personal Data by us or on our behalf.
This does not affect your statutory rights.
If you would like to exercise any of these rights, please contact us at the following email address email@example.com. Please note that:
- we may require proof of your identity before we can give effect to these rights; and
- where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.
If we receive a valid request to give effect to any of these rights, we will make reasonable efforts to do so within one (1) month or, to the extent permitted by applicable privacy rules, as soon as reasonably practicable. If you request removal of your Personal Data, you acknowledge that your Personal Data may continue to exist in a non-erasable form that will be difficult or impossible for us to locate, and for archival file purposes, we reserve the right to retain any information removed from, or changed in our active databases for non-commercial purposes including for dispute resolution, improving the Site(s), troubleshooting problems, and enforcing the EULA and this Data Protection Policy.
The rights set out above not apply to our collection of Non-Personal Data. We reserve the right to refuse to Process data removal requests that are impractical or jeopardize the privacy of others. The refusal to Process Personal Data removal shall be justified under the applicable legislation.
All users of the Product(s) are required to provide true, current, complete and accurate Personal Data when prompted, and we will reject and delete any entry that we believe in good faith to be incorrect, false, falsified, or fraudulent, or inconsistent with or in violation of the Data Protection Policy.
- SECURITY OF THE INFORMATION WE COLLECT
We take the security of your Personal Data seriously. We maintain physical, administrative, technical and organizational safeguards designed to maintain the confidentiality and security of your Personal Data. Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted through use of the Site(s). Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures for the Site(s).
- BULLETIN BOARDS AND OTHER PUBLIC AREAS
We may offer bulletin boards or other public functions on the Site(s), and any posting by you in these areas is considered public information that is available to other users. We do not control, and are not responsible for, the actions of other users of the Site(s) with respect to any information you post in public areas. In addition, information that you submit to public areas may be collected and used by others to send you unsolicited messages and for other purposes. Any posting in bulletin boards and public areas on the Site(s) are governed by the terms and conditions of the applicable third parties web sites. Portions of your user profile may also be available to other users, and you should take care to not use Personal Data in your user name or other information that might be publicly available to other users.
- INTERNATIONAL TRANSFER OF INFORMATION
We may transfer and store Personal Data you provide to us in connection with your use of the Device on servers located in countries outside of your jurisdiction. We may also transfer Personal Data we collect from you to the People's Republic of China or to other countries outside of your jurisdiction to the extent that such transfers are necessary for the purposes of fulfilling our obligations under this Data Protection Policy.
Where we transfer your Personal Data from the EEA to recipients located outside the EEA who are not in Adequate Jurisdictions, we do so on the basis of Standard Contractual Clauses. You may request a copy of our Standard Contractual Clauses using the contact details provided on the warranty card inside the box of each your Device.
- DATA PROTECTION POLICY VERSIONS AND CHANGES
We reserve the right to change this Data Protection Policy at any time or for any reason, and will post any changes to this Data Protection Policy within a reasonable period after they go into effect. This Data Protection Policy will remain in full force and effect as long as you are a user of the Site(s) and Application(s), even if your use of or participation in any particular service, feature, function or promotional activity terminates, expires, ceases, is suspended or deactivated for any reason.
Please direct any additional questions you may have regarding this Data Protection Policy to email address firstname.lastname@example.org.