This is a Privacy Statement for Meco Innovations Technology, LLC . (hereinafter referred to as MG, We and Our). The Privacy Statement applies to all types of products, applications, information systems, websites and other services provided by MG (all the above are referred to as services). MG respects protection of users' personal information and we believe protecting individual privacy of each customer, supplier and employee is key to win and maintain the trust from customers and investors. We hope to clarify how we are committed to protecting your personal information through the following Privacy Statement.
The Privacy Statement was updated on July 20, 2021.
The key points of the Privacy Statement are as follows:
- The Privacy Statement explains the specifics of our collection, processing and protection of personal information so that you can understand your personal information.
- When you register your account and use our services, we will collect your personal information [such your as email address, device information and log information] based on your consent and our needs of service provision.
- We are the data controller of your information, which means we are granted the discretion to decide how to process your personal information and for what purposes. We will process your personal information for the purpose and scope set forth in this Privacy Statement and will only share your data with the listed data recipients.
- We will not disclose your personal information to the public or any third parties except as required by laws, regulations, legal proceedings, litigation or mandatory requirements of the government authorities, unless we have obtained your express consent.
- We will use, store and transmit (hereafter referred to as Process) your personal information in accordance with the strictest standards worldwide, including but not limited to CCPA and the relevant state’s legislation.
- We value your personal information security and will adopt security protection measures that meet legal and industry standards to protect your data from unauthorized access, disclosure, use, modification, damage or loss.
- You can access, correct, limit or delete your personal information through channels listed in the Privacy Statement, or you can contact us for enquiry or complaint.
We recommend that you read the Privacy Statement in its entirety. If you have any questions about the Privacy Statement, you can contact us via the email address provided.
By using or continuing to use our products and services, you agree to the content of the Privacy Statement. If you do not agree to any of the Privacy Statement, you should stop using our services immediately.
CCPA: The California Consumer Privacy Act of 2018, or CCPA, was enacted by the state of California on January 1, 2020 to strengthen Consumer Privacy and data security.
Personal Information: Any information relating to an identified or identifiable natural person (i.e. data subject). Identifiable information of a natural person refers to information that could directly or indirectly identify the natural person. The information includes the natural person's the name, ID number, GPS data, online identification information, etc., or one or more of his/her specific physical, physiological, genetic, spiritual, economic, cultural or social characteristics. Personal information includes both general personal information and sensitive personal information. General personal information includes your name, email address, phone number, billing address, and the IP address of your device, browser cookies, etc. Sensitive personal information includes your race or ethnicity, political opinions, religious beliefs, trade union status, and sexual and healthy data, genetic data, identifiable biometric data (such as fingerprints).
Processing: Any manipulation or a series of manipulations on personal data or a series of personal data (whether the manipulation is automated or not), such as data collecting, recording, combining, constructing, storing, adapting or modifying, restoring, using, disclosing, transmitting, communicating or reorganizing, deleting and reusing in other ways.
Data Controller: A natural or legal person, public institution, government agency, or other entity that can define the purpose or manner of personal data processing, either individually or collaboratively. If the manner of such processing is determined by the laws of the EU or Member States, the definition of the controller or the criteria for determining the controller shall be regulated by the laws of EU or Member State.
Data Processor: A natural or legal person, public institution, government agency, or other entity that processes personal data on behalf of the data controllers and in accordance with their instructions and requirements.
Table of Contents
Personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following:
- Identifiers such as real names, address, telephone number, postal address, email address, online identifier Internet Protocol address or other similar identifiers.
- Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Biometric information, including DNA, fingerprint, face, the data record for sleep and exercise, etc.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.
- Geolocation data
- Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, abilities.
The personal information do not include the consumer information that is deidentified or aggregate consumer information without the customer’s knowledge.
In this statement, we also will use “data” to represent the personal information.
We will collect your personal information under certain circumstances, such as:
- When you register as our user (whenever you log in or use it);
- When you use our services and products;
- When you use our various websites and applications;
- When you buy any of our products;
- When you participate in our user surveys;
- When you click on our ads or marketing information;
- When you fill out the form or contract sent to you by us;
- When you sign up or join our event;
- When you contact us via the contact information we have provided to you.
We will use data that you provide to us explicitly under various circumstances. We will also collect personal information from your device or from the use of our services. The personal information we collect is as follows.
- When you register or log in, we will collect information you enter including the email address, password, etc. that you use in registration.
- When you use [bonded and controlled devices], we will collect the above information and information of [device model, IP address, location, device status], etc.;
- When you use [devices with camera surveillance systems], we will collect the above information and information of [images captured by the camera], etc.;
- When you use a product or service, we will automatically receive and record information about your browser and computer or App client, such as your IP address, browser type, language used, and access date and time, hardware and software feature information and web page records you need, based on the needs of the service.
- To help us understand the operation of M-smart App, we will use the mobile analysis software SDK based on the needs of the service. We may record information such as your frequency of usage data, corrupted data, overall usage data, performance data, etc. We will not associate information stored in the analysis software with any of your personal information.
- It is important to note that separate device information or service log information cannot identify a particular natural person. If we combine such non-personal information with other information to identify a particular natural person or use it in conjunction with personal information, such non-personal information will be treated as personal information during the period combined use, and we will anonymize and de-identify such information unless we have your authorization or unless otherwise stipulated.
As mentioned above, we will store your account information in the database so that you can get your personal data every time you visit our website and use our App or other services.
All data we collect about you may be stored in our server as log files which will be used for analysis and research. After being processed in the server, your data will be transmitted to the database.
We will back up data on a regular basis to prevent data loss due to server failure or human error. Subject to our data retention policy, we will retain all such data copies in the backup database and will delete them immediately at your request.
We are the controller of your information, which means we are granted the discretion to decide which purpose we can use your information for. We understand your concern regarding how we use and share your data and thank you for your trust. We will use your data with caution for reasonable causes.
We will use and handle your data only under any of the following circumstances:
- When we have your consent (e.g. when you sign up);
- When it requested for the purpose of performing the contract we enter into with you (e.g. when you order our products);
- When it is legally obligated (e.g. to confirm your age to prevent us from collecting data from minors, or to keep records, or to perform duties required by the governmental authorities);
- In the light of our lawfully rights (e.g. to implement our policies, to manage day-to-day business, to aggregate data anonymously for data analysis, to maintain information security, to prevent frauds, or, if necessary, to transfer the data to other BUs of our company).
Generally, your consent or the necessity of performing the contract constitutes the legal foundation for us to handle your information. It is therefore necessary for you to agree with our user agreement and Privacy Statement for our agreement to be formulated and performed and our legal rights and interests to be protected.
You have the right to choose whether to provide the relevant data. We may not be able to undertake part or all of the obligations according to the service terms or provide our services without some of your information.
2.5 Purposes and methods of handling your information
We will use information provided by you and collected by us in the process of services to offer you our services. We will not use your data for any other purposes that does not fit the purposes for data collection that are detailed below.
We will use your information for the following purposes in the following manners:
- To offer our services or products according to the contract we enter into;
- To offer other services you request according to the requirements stated during data collection;
- To process transactions and communicate with you regarding the details of such transactions;
- To share your information with our partners so they can assist us in providing you with our services and products;
- To operate our website so that you can access and use our services;
- To help track and fix any fault or error in the application;
- To conduct internal audit, data analysis or research to the end of improving our products and services through evaluating our efficiency;
- To share your information with other branch institutions for internal management and background support;
- To maintain the integrity and security of the information system where we store and process your information;
- To scrutinize and investigate into data leaks, illegal activities and fraudulent behaviors;
- To comply with applicable laws and regulations or the demand for your information requested for litigation and other legal proceedings or imposed by governmental authorities.
We and third-party service providers use technologies such as cookies, labels and scripts to help us better understand user behavior (including for security and fraud prevention purposes), tell us what parts of our website our users have visited, measure and improve the effectiveness of advertising and web search.
- Absolutely necessary cookies: these must be set in order to provide you with the specific function or service you are accessing or requesting. For example, we need to use them to display the web site in the appropriate format and language.
- Other cookies: we use these cookies to understand how visitors interact with our website and online services, including to help us evaluate the effectiveness of advertising and web search. We also use these cookies to remember the choices you make as you browse, to provide you with a customized experience.
We use web beacons and pixel beacons or other similar data tracking technologies besides Cookies. For instance, the emails we send you may include clickable URL links to the contents on our websites. If you click on such links, your clicks will be tracked for us to understand your preferences on our products and services, so that we can improve the customer service experience for you. Web beacons are usually transparent image objects embedded in websites or emails. We can be informed whether an email letter has been opened or not through such pixel beacons. If you wish not to be tracked through such means, you may unsubscribe from our mailing list at any time.
4 How we share, transfer or disclose your personal information
Your personal information will be kept strictly confidential and will not be shared with any other company, organization, or individual, except in the following circumstances:
- When we have obtained your clear consent to share your information with a third party;
- When we share your information with authorized staff members or the branch institutions of our company across the world only in order to: provide further services; carry out internal management; scrutinize for or handle data leaks, illegal activities, or frauds; to maintain the integrity of the company's IT system. We share only necessary information with authorized staff member within the minimal scope, which are limited to the purposes stated in this Privacy Statement. We sign non-disclosure agreements (NDA) with the authorized staff members.
- When we share your information with a third-party service provider (or partner) for the benefit of offering or improving our services including but not limited to cloud services, IT supports, customer services. We sign rigorous data handling agreements with all relevant third-party service providers (or partners) which requires them to take certain security measures in handling your information pursuant to the relevant laws and regulations and our requirements to safeguard your data security. We notify that Shopify is the system service provider of this website. The website is built on the Shopify system. Midea does not collect and store data directly through its own system.
- When we disclose your information under the demands of the laws and regulations or government authorities.
We will not transfer your information to any other company, organization, or individual except under any of the following circumstances:
- Transfer under clear consent: when we have obtained your clear consent, we will transfer your information to a third party.
We will only disclose your information under the following circumstances:
- When we have obtained your clear consent;
- When the law, legal proceedings including litigation, or government authorities, demand so;
5 Limitation period for saving your personal information
The limitation period for saving your personal information shall not exceed the period of reasonable need to process the specific purpose of the information. Where you shall or have consented to our processing of your personal information, we shall store and process the data until you withdraw the consent.
Whereas, we may postpone the retention of your information for research or statistics. If we delay the retention of your information for this purpose, we shall guarantee that your information shall be processed anonymously and no one shall be able to trace you through the information.
At the same time, in accordance with EU laws and regulations or requirements of members of the European Union, we may still retain your personal information to assist in any government and judicial investigations for the purpose of submitting or maintaining legal requests or civil, criminal or administrative procedures. If the above reasons fail to apply to the data we preserve, we shall delete and destroy your data in a secure manner in accordance with the relevant requirements.
6 The data protection for children
Our products and services shall be primarily for adults, yet, we shall be aware of the importance of taking extra precautions to guarantee the privacy and security of people under legal age who use the products and accept the services. Anyone who is under the age of 13 (or the age as required by the relevant state) shall be considered as a person under legal age by Midea.
We will only use or disclose the personal information of people under legal age collected with the consent of the guardian on the condition that the law permits, the guardian expressly consents or the protection of the people under legal age is necessary. At any time, the guardian who asks to access to, modify or delete personal information of the person under guardianship shall contact us as described in Section 13.
If we are found to collect personal information of people under legal age without firstly obtaining the consent of a verifiable guardian, we shall try to remove the relevant content as soon as possible.
7 Measures to protect your information
We adhere to the recognized principles of critical data protection (fairness, purpose restriction, data quality, data retention, compliance with individual rights, security) and take reasonable measures to ensure the security of personal information. We have applied a range of techniques to guarantee the security of your personal information to minimize the risk of misuse, unauthorized access, unauthorized disclosure and inaccessibility. Security measures we have adopted include but are not limited to: data desensitization, data encryption, and authorization control of firewalls and data access.
At present, we have obtained the following professional certifications:
- ISO 27001 Information Security Management System Certification
- ISO/IEC 27001 Privacy Information Security Management System Certification
- ePrivacy Privacy Certification.
- TRUSTe Corporate Privacy System Certification
In addition, we shall regularly check and update the security mechanisms used to protect data in order to provide effective protection against data misuse. If you believe that the security of your data has been compromised, or you would like to know more information about the measures we adopt to protect data, please contact the Data Protection Office (MideaDPO@midea.com).
8 Storage of personal information
We shall select the corresponding server to store your data in accordance with the region or country in which you live. The data is stored in the Shopify database, Midea does not collect and store the data directly through its own system.
9 Cross-border transmission of personal information
We may transfer your data to our branches in other countries (including China) around the world depending on our global businesses. In the international data transmission, we shall ensure that your personal information is protected by applying the level of security required by the relevant laws and regulations.
10 User Portraits and Automated Decision
When using our service, we may extract your preferences based on your purchase information and service log information to provide you with more convenient and personalized information display, search and push services, indirect crowd portraits based on feature tags are produced for display, push messages and possible commercial advertisements.
11 Your personal information rights and the method of exercising the rights
If you provide us with your personal information through our service, your rights on the information shall include:
- Access: demand to provide a copy of the personal information we hold about you;
- Correct: if you found that the information contains errors or information expired, you can modify it on your home page or send us an email to request us to correct it;
- Logout and Cancel: demand to cancel your account or delete your personal information;
- Portability: demand to provide your data and, if possible, to transfer the data directly to another data controller;
- Restrict: demand to limit the processing for any dispute on the accuracy or legality of our processing of personal information; yet, the right on processing may cause you to be unable to accept our services normally;
- Refuse: oppose to use your personal information for user portraits and automatic decision-making, and oppose to send commercial information for direct marketing by using your personal information;
- Lodge a complaint: lodge a complaint on the processing of your data with the competent authority of your residence or the member of the European Union that processes your data;
- Agree to withdraw: withdraw the consent at any time when we rely on your consent to process the data.
If you wish to exercise any of the rights described in Article 11.1, you may send e-mail to our Data Protection Office for processing. Upon receiving your request, we shall make every effort to respond within one month of the request from the subject of personal information for the access. Your patience and understanding are highly appreciated. Given the complexity and quantity of requirements, if necessary, the period may be extended by another two months. In case of deferred response, we shall inform the subject of the personal information and the reasons for the delay. If the limitation period set in this paragraph conflicts with the local laws, the local laws shall prevail.
As we receive a large amount of commercial promotion e-mails every day, we shall not respond if we believe that your e-mails are not related to personal information.
After the request is made by the subject of personal information, the following results may occur:
(1) Request denied
In some cases, requests from personal information subjects shall be rejected, including but not limited to:
- The subject of personal information is not granted relevant rights by the local laws;
- The identity of the person making the request fails to be verified;
- The request made by the subject of personal information fails to be verified and is beyond scope, especially when the request is repeated;
- The disclosure of information is prone to harm the interests of the relevant parties if the information involved is related to the damage or compensation received in the dispute;
- The information shall be retained for statistics and research, and the results of statistics and research shall not reveal personal identities;
- Other legally prescribed circumstances.
If the access request of the subject of personal information is rejected, we shall formally explain the reason to the requester.
(2) Request accepted
If there is no circumstance as specified in (1), we shall process the request. If you really want the request to be accepted, please provide us with as much detailed information as possible when requesting, such as the request type and specific content, information about the holder (such as the name of the product and service you use), and time for generating or processing information (if the time could be as exact as possible, the request may be accepted).
You may change the scope of your authorization to continue to collect personal information or withdraw your authorization by deleting the configuration information, canceling the account number.
Please understand that the service of business function shall require some basic personal information (registration e-mail) to be completed, so if you withdraw your consent or authorization, we will stop providing the service corresponding to the withdrawal of consent or authorization. Yet, your decision to withdraw your consent or authorization shall not affect the processing of personal information previously based on your authorization.
12 Change of Privacy Statement
We shall reserve the right to modify the Privacy Statement. Without your express consent, we shall not reduce your rights in accordance with the protection policy of personal information. Any change to the Privacy Statement shall be posted on this page. For major changes, we shall provide more obvious notice (for certain services, we shall send an e-mail notification to state the specific changes to the Privacy Statement.)
Major changes referred to herein include but are not limited to:
- Our service model has changed significantly, such as the purpose of processing personal information, the type of personal information under processing, the way of using personal information, etc.;
- Our ownership structure, organizational structure, etc. have changed significantly. Such as owner change caused by business adjustments, bankruptcy mergers, etc.;
- Main subject change of public disclosure of personal information;
- Significant change of your right to participate in the processing of personal information and the corresponding exercising methods;
- Change of the department responsible for processing the security of personal information, or change of contact information and complaint receiving channels;
- A high risk as shown by assessment report of personal information security impact;
At the same time, we shall archive the former version of this Privacy Statement for your reference.
13 Our contact methods
If you have any questions about this Privacy Statement, or you wish to exercise any right, or you have any requests to discuss with us, please send an email to our Information Protection Office specially established at the following address: MideaDPO@midea.com. Upon receipt of your request, we have made every effort to ensure a response within one month of the request for access to the subject of your personal information. Thank you for your patience and understanding. This period may be extended for an additional 45 days if necessary, taking into account the complexity and quantity of the requirements. In the case of delayed provision of information, we will notify the personal information subject of the relevant circumstances and reasons for the delay. If the time limit set by this paragraph conflicts with the law of your locality, the Law of your locality shall prevail.
If you disagree with us about our processing of your personal information, you may submit a mediation request or other requests to data protection regulator where you are located.
If you have unresolved privacy or data use issues that we have not resolved to your satisfaction, please contact our U.S. third party dispute resolution provider: