Privacy Policy

Update!

Our Privacy Policy was updated on January 22nd, 2024 and took effect on January 22nd, 2024. We have revamped the Privacy Policy front and back so that from this date onwards, this Privacy Policy can provide even more privacy details on how we manage your personal data when you use Aqara Home App provided by Lumi United Technology Co., Ltd. and its affiliates (Include but not limited to Shenzhen Aqara Software Service Co. , Ltd.,)(hereinafter referred to as "Lumi Company","we","us" or "our").

Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.

To give you an overview, this Privacy Policy is structured as follows:

SCOPE OF THE PRIVACY POLICY & OUR COMMITMENT TO YOU

WHAT INFORMATION IS COLLECTED BY US AND HOW DO WE USE IT

HOW AQARA HOME AND AQARA HUB WORK IN GENERAL
TYPES OF INFORMATION COLLECTED
HOW THE PERSONAL DATA IS USED

INERNATIONAL TRANSFERS & WITH WHOM WE SHARE YOUR INFORMATION

RETENTION AND STORAGE POLICY

ACCESSING OTHER FEATURES ON YOUR DEVICE

YOU HAVE CONTROL OVER YOUR PERSONAL DATA!
CONTROLLING SETTINGS
YOUR RIGHTS TO CONTROL OR PROTECT YOUR PERSONAL DATA

MISCELLANEOUS

MINORS
UPDATES TO THE PRIVACY POLICY

DATA PROTECTION OFFICER & REPRESENTATIVE

CONTACT US

SCOPE OF THE PRIVACY POLICY & OUR COMMITMENT TO YOU

This Privacy Policy sets out how Lumi United Technology Co., Ltd. ("Lumi Company", "we", "our" or "us"; at the end of this document, you will find the contact details of us, of our representative in the European Union and of our data protection officer) collects, uses, discloses and otherwise processes your personal data in connection with your use of Aqara Home App (hereafter referred to as the "Aqara Home" or "App"), including the use of a hub and sub-devices (e.g. Aqara Hub and Aqara Controllers and Sensors) if controlled with Aqara Home:

This Privacy Policy only applies to your use of smart home devices (e.g. Aqara Hub or any sub-devices, such as controller or sensors) in case you control these devices with Aqara Home and in case you are located in the European Union. Should you be outside the European Union, please visit Privacy Policy in order to access the relevant privacy policy for your country.
This Privacy Policy does not apply to your use of Aqara Devices that you control with third party apps, such as Apple Home Kit or Mi Home. In that case, Lumi Companydoes not receive any personal data from you because your Aqara Devices will communicate directly with the relevant third party app. Please review the privacy policy of the relevant third party for further information on their privacy practices.

The Privacy Policy is designed with you in mind, and it is important that you have a comprehensive understanding of our personal data collection and usage practices.

In this Privacy Policy, "personal data" means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

In order to comply with applicable laws, including local data protection legislation (including the General Data Protection Regulation (" GDPR") in the European Union (" EU") and any EU member state data protection law), to the extent required, we will specifically seek prior consent to the particular processing. We are committed to protecting the privacy, confidentiality and security of your personal data by complying with applicable laws, including your local data protection legislation. We are equally committed to ensuring that all our employees and agents uphold these obligations.

If you have purchased a device that we have not launched in the European Union (" EU"), you should go to the Aqara Home app and switch the device location to the place where the device was purchased to view the information collection of the device.

WHAT INFORMATION IS COLLECTED BY US AND HOW DO WE USE IT

HOW AQARA HOME AND AQARA HUB WORK IN GENERAL

The below information is intended to give you a brief overview of how Aqara Home and Aqara Hub work in general and how this affects the processing of your personal data (or more detailed information on which personal data we process for which purposes in context with providing the Aqara Home services please view sections " TYPES OF INFORMATION COLLECTED" and "HOW THE PERSONAL DATA IS USED "below):

You can connect smart home sub-devices (e.g. our controllers or sensors, such as smart light bulbs or water leak sensors) to your Aqara Hub. With Aqara Home you can control the Aqara Hub and any connected sub-devices.
If you would like to only control your smart home devices from within your home network, you do not need an internet connection and no personal data is transferred to us in order to enable these smart home functions. However, personal data may be transmitted to us if you are connected to the internet and if you request support or for checking whether updates for your devices/software are available.
You may also control your smart home devices remotely (i.e. from outside your home network). This means that you can, for example, turn off your lights or check your home temperature (depending on the integrated sub-devices) while you are still at work or on vacation. In that case, Aqara Home and the Aqara Hub both communicate with our EU-based servers and transfer personal data on your use of these products in order to provide these remote control functions.

TYPES OF INFORMATION COLLECTED

When using Aqara Home and a hub (e.g. Aqara Hub) which is connected to an Aqara Home Account, we collect the following types of personal data:

Categories of personal data processed：Account information. Personal data included in the categories：Account name, email address, profile photo. Sources of the data: Users (actively provided) .

Obligation to provide the data: There is no statutory or contractual obligation to provide the data, but the data is necessary for entering into a usage agreement and if the data are not provided, your account registration cannot be completed.

Storage duration: We store these data until you delete your account. This means that we delete this data once your account is deleted. Within Aqara Home you have the possibility to delete your account at any time.
Categories of personal data processed：Information related to the handheld device.Personal data included in the categories：This includes the following information from the device(s) on which you installed Aqara Home:IMEI number, Device ID, OAID (anonymous device identifier), ANDROID_ID, version of your operating system, Aqara Home version number, model name. Sources of the data: Users (obtained from User's handheld device)

Obligation to provide the data: Provision of the data is not required by law or contract. The data subject is not obliged to provide the data. However, the data are necessary for troubleshooting and providing services to you. If the data are not provided, identifying and correcting faults in your App may be affected and you may not enjoy the relevant services.

Storage duration: We store these data until the purposes of processing these data specified below have been achieved. This means that we delete this data once your account is deleted. Within Aqara Home you have the possibility to delete your account at any time.
Categories of personal data processed：Location information (We do not use or collect your precise geographic locationunless your separate consent is sought) Personal data included in the categories：This includes the following location information of the device(s) on which you installed Aqara Home: region, country code, city code, mobile network code, mobile country code, cell identity, district name, longitude and latitude information, time zone settings, language settings. We obtain this information to assign a server when you register an account, and to automatically set your time zone. The frequency of collecting such information depends on that of your request for changing locations. Sources of the data: Users (obtained from User's handheld device or actively provided by users)

Obligation to provide the data:Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.However, the data are necessary for assigning a server and setting users' time zone. If the data are not provided, the user may not enjoy the relevant services.

Storage duration: We store these data until the purposes of processing these data specified below have been achieved. This means that we delete this data once your account is deleted. Within Aqara Home you have the possibility to delete your account at any time.
Categories of personal data processed: Log information. Personal data included in the categories：1.IP address, network request information, temporary messaging history, standard system logs, and crash information. 2.Automation and scene execution logs. 3.Device log.Sources of the data: Users (obtained from User's handheld device or actively provided by users) .

Obligation to provide the data:rovision of the data is not required by law or contract. The data subject is not obliged to provide the data.However, the data are necessary for users to query the history of device operation, automation and scene execution. If the data are not provided, you may not enjoy the above-mentioned services. Besides, in case that users report a fault or require our support, if the data are not provided, troubleshooting will be affected.

Storage duration: We store these data for one year. In case that you delete your log information with Aqaea Home or you delete your account, we will also delete these data. Within Aqara Home you have the possibility to delete your account and log information at any time.
Categories of personal data processed: Account credentials.Personal data included in the categories：password, verification code. Sources of the data: Users (actively provided)

Obligation to provide the data: Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.However, it is necessary to enjoy the service provided by Lumi Company. If the data are not provided, users may not use their account.

Storage duration: We store these data until the purposes of processing these data specified below have been achieved. This means that we delete this data once your account is deleted. Within Aqara Home you have the possibility to delete your account at any time.
Categories of personal data processed: Information collected related to the Software Value-Added Services provided by us (include Software Value-Added Services information, Ordering Information, Automatic renewal information and information needed for invoices issuing). Personal data included in the categories：1.Software Value-Added Services information include the following information:Account informationdevice IDpackage typeservice validity period and days. 2.Ordering Information include the following information:Order numberpayment timepayment amountpayment currency.3.Automatic renewal information include the following information: Activation statusrenewal amountrenewal datepayment method.4.If you need us to send invoices related to Software Value-Added Services, you also need to provide us with the consignee's name, address, telephone number, fax number and email address for receiving the invoice. Sources of the data: Users (obtained from User's handheld device or actively provided by users)

Obligation to provide the data: Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

Storage duration: We store these data until the purposes of processing these data specified below have been achieved. This means that we delete this data once your account is deleted. Within Aqara Home you have the possibility to delete your account at any time.
Categories of personal data processed: Automation & Scene settings information.Personal data included in the categories：automation and scene name, condition and action list, effective time period setting, execution result notification setting, settings that enable or disable automation. Sources of the data: Users (actively provided)

Obligation to provide the data: Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.If the data are not provided, you cannot use the automation & scene setting related services.

Storage duration: We store these data for one year. In case that you delete a setting or you account is deleted, these data will also be deleted.You can amend or delete these setting in Aqara Home and may also delete your entire account in Aqara Home.
Categories of personal data processed: Feedback information.Personal data included in the categories：feedback content, contact information, error logs.Sources of the data: Users (actively provided).

Obligation to provide the data: Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.If the data are not provided, we cannot consider your feedback or provide support to you.

Storage duration: We store these data until the purposes of processing these data specified below have been achieved. You can request us to delete such information by contacting us.
Categories of personal data processed: Device information.Personal data included in the categories：This includes the following information from the hub(s) connected to your Aqara Home Account:Hub network information (wi-fi name, RSSI, IP address, MAC address, Android ID), device ID, firmware version number, model, manufacturer, setup information associated with automation and scenarios under the hub.This includes the following information from sub-devices connected to the above hub(s):Sub-device signal strength, manufacturer, device ID, firmware version, setup information associated with automation and scene under sub-device. Sources of the data: Users (obtained from User's hub)

Obligation to provide the data: Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.However, the data are necessary for displaying device information in the App. If the data are not provided, users cannot connect these sub-devices to the App, and thus cannot use, access or control the sub-devices through the App.

Storage duration:We store relevant data until you reset certain devices from the App or delete your account. After unbinding certain devices from the App or deleting your account, the relevant data stored in devices cannot be accessed by Lumi Company, users can delete such data by resetting the devices.
Categories of personal data processed: Sub-device information.Introduction: You can use Aqara Home to connect new sub-devices to your hub (e.g. Aqara Hub). Alternatively, you may triple press the Hub button on your Aqara Hub to add a new sub-device.Such sub-devices will also collect certain information and transmit this to the hub (e.g. our temperature sensor constantly sends the room temperature to the hub). For details of the information collected by sub-devices, please refer to the the data-collected description of the corresponding sub-device in Aqara Home (Please go to the "Device Privacy Policy" in the settings item of the device details page to view it,you may find an overview of the data-collected descriptions for each sub-device).If you do not want us to collect information about your sub-device, you can log in to Aqara Home at any time to enter the interface page of the corresponding sub-device to cancel the authorization. In case you cancel the authorization, you are not able to control the corresponding sub-device in Aqara Home.
Personalized service (recommended automation) based on device information, automation and scene setting information: in order to provide you with personalized smart home products and automation services that can better meet your personal needs and improve your smart home user experience, we will provide you with personalized recommendations and displays of smart home products, services or other information based on the following necessary information: automation and scene names, execution log, conditions and operation lists, valid time period settings, execution result notification settings, and settings to enable or disable automation. Relevant information about the devices you are using, which includes device model, device settings, MAC address and IMEI, Android ID, device identification code, device environment, device models, Model information, device ID, SN number, hardware version number, firmware version number, and location information assigned by the device. Based on your information above, we will use big data and algorithms to conduct comprehensive statistics and analysis in order to understand your needs and preferences, and recommend or display products, services or other information that may be of your interest. If you are not interested in the personalized recommended products, services or other information or do not want us to provide you with personalized recommendation services, you can turn off personalized recommendation service in "Personalized Recommendation Management" interface in settings. Once it is turned off, content that may be of your interest will not be recommended to you.
Categories of personal data processed: Device diagnosis service.Introduction：We provide you with the "Device diagnosis service" based on service authorization: If there's any problem with your Aqara smart device or Aqara Home application, you may contact our customer service and report the problem. If necessary, we will deliver the "Device diagnosis service" to you. After obtaining your authorization, we will get related account information of the device, device identification information and log data, so as to improve user experience of the smart device. "Device diagnosis service" is the service of remote device diagnosis and analysis provided by us for you. We attach great importance to your personal information and privacy protection. We will provide related safety protection measures for your personal information according to legal requirements and mature safety standards of the industry. Specifically, we need to collect the following information of yours:

(1) Account information: Including the information of the registered account; (2) Device information: Including device identifier, device list, hardware information of the device, device use information, device operation log, system log; (3) Linkage information: Scene list, condition set list, linkage execution log; (4) Application information: Including application software information, application use information; (5) Network information: Including network information of the application software and smart device. We will analyze the collected data, find faults and repair. We will find the experience problem and improve it, and enhance product quality. If your data authorization expires, we will stop inquiring and analyzing your data. If you do not provide this type of information, we cannot acquire your fault and experience problems on your smart device, nor analyze and give solutions.

We will analyze the collected data, find faults and repair. We will find the experience problem and improve it, and enhance product quality. If your data authorization expires, we will stop inquiring and analyzing your data. If you do not provide this type of information, we cannot acquire your fault and experience problems on your smart device, nor analyze and give solutions.
Categories of personal data processed: Advertising and Marketing Services. When you use our services, in order to maintain, improve, optimize our products and/or services and enhance user experience, we will provide you with commercial electronic information ("advertising") as needed, including:

Aqara Advertisements: We will process the information you provide us, including the terminal device information of your client terminal device (client type, client version number, device model, operating system version number, operating system language, operating system type, Device manufacturer, device screen width, device screen height, device screen density, device screen orientation), client device identification code (Android ID, IDFA, OAID), location information (province/city/district), network information (network connection method, operator) or used in combination with other information to promote Aqara's own products and business advertising; this information is necessary to implement this function. If you disagree with the collection and use of this data, you may not be able to use this function.

The advertising marketing service is optional. If you do not use it, it will not affect your use of Aqara account or other services. You can unsubscribe from ads by following the prompts when browsing emails or text messages. In addition, we also provide you with the option to unsubscribe from advertising. You can manage advertising information through [Aqara Home App→Profile→Settings→Account and Security→Ad Notifications] or tap here.

INFORMATION COLLECTED BY THE THIRD PARTIES

Please be aware that in order to realize the relevant functions and ensure the safety and stability of the service, we have accessed the software tool development kit (SDK) provided by a third party, and we will conduct strict security monitoring on the SDK obtained by the partner to protect the data security.

In the following table, we list the types of third-party SDKs accessed in the Aqara Home app, as well as the types of personal information you collect and the purpose of use:

Name of the third party SDK	Information collection types	Information collection/purpose of use	Operating systems
Shangyun(CS2 Network)	Camera device ID, network information (IP, current network type and name)	It is used to set up the p2p connection of the camera after the camera device is added	Andriod and iOS
Facebook open-source framework	Device information (including device model, device identifier (AndroidID/ IDFA/ OPENUDID/ GUID/ OAID)	It is used to log in Facebook	Andriod and iOS
Sensors Data	IP address, sensor list, acceleration sensor, device information (device version, device manufacturer, device model information), device identification information (hardware serial number, IMEI, MAC address, IMSI information, IDFA, AndroidID), device status information, Install application package name information, network information (WIFI parameter ssid), operator information, location information, IDFV, OAID, VAID, UUID, IMSI	It is used to initialize the SDK for data collection after the user agrees to the Privacy	Andriod and iOS
Application performance monitoring full-link version App monitoring SDK	(1) Device information: device ID, device model, operating system, system time zone, screen resolution, disk usage, memory usage, number of running threads, CPU information (frequency, model, architecture), mobile device country code (MCC) ), Mobile Device Network Coding (MNC), device dpi; Android ID, device brand, operating system api version, user agent, battery power, network traffic, device abi, ROM; (2) Application information: application version, application package Name, process startup time, crash time, crashed thread name, active page name, all thread stacks of the current process, application service log information, application file name, application file size, disk size; fd list; (3) system and network Identification information: user ID, IP address, operator information, network access mode.	Use automation programs and algorithms to identify devices, obtain device status (online, offline, and network environment), perform device count statistics, and debug single device problems.	Andriod and iOS
International translation platform SDK	(1) Device information: device brand, device model, operating system; (2) Application information: application package name; (3) System or network identification information: network access mode (WIFI status); (4) Personal location information: System country/region information.	Obtain the i18n copy configured by the customer on the translation platform. This parameter will be used by the server to configure the grayscale dimension selection for grayscale delivery.	Andriod and iOS
AndroidX Webkit（chromium）	SSID, BSSID, MAC address, WIFI information, AndroidX Webkit (chromium) needs to monitor the WIFI switch and signal status, and will obtain WIFI information, MAC address, SSID, installed APP information, and sensor information multiple times.	AndroidX auxiliary development tools provided by Google, based on the WebKit browser engine, provide web browsing services	Andriod
GeTui	Device ID, device model, app version number, system version number, device platform, device manufacturer, network information and position-related information, application list information	It is used to provide the message pushing service for models of the iOS system	iOS
Ali Mobile PUSH (EMAS)	Device identification information ( operating system, device model, IP, operator information)	It is used to recognize the pushing device and push messages to the single device	Andriod
Xiaomi PUSH	Device identification information (IMEI) [targeting at the following versions of Android Q], OAID, Android ID and MAC address), setting information of the notification bar, network status information (IP, current network type and name)	It is used to provide the message pushing service for the mobile terminal of Mi brand	Andriod
OPPO PUSH	Device-related information (such as IMEI [targeting at the following versions of Android Q], Android ID), application list	It is used to provide the message pushing service for the mobile terminal of OPPO brand	Andriod
vivo PUSH	Device-related information (such as IMEI [targeting at the following versions of Android Q], Android ID), application list	It is used to provide the message pushing service for the mobile terminal of vivo brand	Andriod
FCM PUSH	List of applications in operation	It is used to receive the message pushing service when the overseas device is used in the overseas region, including APNS push	Andriod

HOW THE PERSONAL DATA IS USED

We process the above (categories of) personal data for the following purposes:

Purpose of processing the personal data：Providing services to users under user's Aqara Home Account:This includes allowing user to create an account and to log into the App in order to remotely control smart home devices, allowing users to change their account information such as user name or profile, keeping the devices functioning properly, getting the device connected to hub and user's Aqara Home Account, executing automated workflows set by the user, allowing users to query the history of device operation, Automation & Scene execution, allowing users to query device information, assigning servers when users register an account, automatically setting time zone for users.Categories of personal data processed：Account information, Location information, Log information, Account credentials, Automation & Scene settings information, Device information, Sub-device information. Legal basis and, where applicable, legitimate interests：Article 6 paragraph 1 point (b) of the GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data.subject prior to entering into a contract).Recipient： Tencent cloud computing (Beijing) co., LTD
Purpose of processing the personal data：After-sales and customer support services upon the user's request:This includes communicating with user about their devices, customer inquiry support.Categories of personal data processed： Account information, Information related to the handheld device, Log information, Feedback information, Device information.Categories of personal data processed：Article 6 paragraph 1 point (b) of the GDPR (performance of a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract).Recipient： Freshworks Inc.(only applies to feedback information)Tencent cloud computing (Beijing) co., LTD

No automated decision-making takes place for any of the above processing activities.

INERNATIONAL TRANSFERS & WITH WHOM WE SHARE YOUR INFORMATION

We disclose your personal data to certain third parties for certain purposes, as described above. You should know that when Lumi Company shares your personal data with a Third Party Service Provider, Lumi Company will contractually specify that the third party is subject to practices and obligations to comply with applicable local data protection laws. Lumi Company will contractually ensure compliance by any Third Party Service Providers with the privacy standards that apply to them in your home jurisdiction.

Below you find further information on the above mentioned recipients and on any transfers of your personal data out of the EU to us and to any recipients:

Recipient	Recipient's role	Recipient's location	Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organisations
Lumi Company	Controller	In order to provide our services to you, we generally automatically process all personal data which we receive from you on a server that is located in the EU (Frankfurt, Germany). Therefore, under regular operations, none of your personal data will be transferred to our offices in China. However, in case there is a technical problem that requires human intervention or in case you contact us for feedback or support, we will access the personal data necessary for the relevant purpose from our offices in China.	There is no adequacy decision by the EU Commission for China. We only transfer personal data to China or access personal data from China to the extent you have given your express consent to the proposed data transfer (point (a) of Article 49 paragraph 1 of the GDPR) or this is necessary to perform the contract with you (point (b) of Article 49 paragraph 1 of the GDPR). Furthermore, as we offer our services to you in the EU, we are directly bound to the strict GDPR-requirements (point (a) of Article 3 paragraph (2) of the GDPR) and will ensure protection of your personal data according to GDPR-standards.
Freshworks Inc.	Processor	USA	Freshworks Inc. is certified under the EU-U.S. Privacy Shield:https://www.privacyshield.gov/participant?id=a2zt0000000GnbQAAS&status=ActiveAn adequacy decision by the EU Commission exists for the EU-U.S. Privacy Shield:http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016D1250
Tencent cloud computing (Beijing) co., LTD	Processor	People's Republic of ChinaThe server is located within the EU and Tencent can only access your data from within the EU. Any access by Tencent from China or anywhere else outside the EU is technically blocked.	Not applicable because there is no transfer to third countries outside the EU.

RETENTION AND STORAGE POLICY

Personal data will be held for as long as it is necessary to fulfill the purpose for which it was collected, or as required or permitted by applicable laws. We shall cease to retain personal data, or remove the means by which the personal data can be associated with particular individuals, as soon as it is reasonable to assume that the purpose for which that personal data was collected is no longer being served by retention of the personal data.

In the section " TYPES OF INFORMATION COLLECTED" above, we inform you in detail about the storage duration of each category of your personal data which we process.

User can delete logs by the "Clear Logs" function in Aqara Home, such as: device logs, automation logs, scene execution logs, home alert logs, messages received by the message center, and other logs. You can also delete all of your data recorded on the server and all account information by canceling the account via Aqara Home.

ACCESSING OTHER FEATURES ON YOUR DEVICE (" app permissions")

For the purposes set out above, Aqara Home may need to access certain features on your device, such as IP address, GPS location, Bluetooth and WLAN access, based on your specific use of Aqara Home. If you refuse to grant us the corresponding app permissions during installation and / or use, we will not be able to access your corresponding information above and will not be able to render the services for which the relevant information is required.

YOU HAVE CONTROL OVER YOUR PERSONAL DATA!

CONTROLLING SETTINGS

Lumi Companyrecognizes that privacy concerns differ from person to person. Therefore, we provide examples of ways Lumi Companymakes available for you to choose to restrict or withdraw the consent of the collection, use, disclosure or processing of your personal data and control your privacy settings:

Bind/Unbind devices;
Log in and out of the Aqara Home;
Perform factory reset to erase the data on local device and on the server.

If you have previously agreed to us using your personal data for the above mentioned purposes, you may change your mind at any time by writing or emailing us at aiot-service@aqara.com.

YOUR RIGHTS TO CONTROL OR PROTECT YOUR PERSONAL DATA

Right of access

As a data subject, you have a right to obtain access and information under the conditions provided in Article 15 of the GDPR.

This means in particular that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Article 15 paragraph 1 of the GDPR. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed (Article 15 paragraph 1 points (a), (b) and (c) of the GDPR).

You can find the full extent of your right to access and information in Article 15 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

Note: You can access your account information and some device-related information yourself in the App. For any further access requests, please contact us at aiot-service@aqara.com.

Right to rectification

As a data subject, you have the right to rectification under the conditions provided in Article 16 of the GDPR.

This means in particular that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data.

You can find the full extent of your right to rectification in Article 16 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

Note: You can correct your account information and some device-related information yourself in the App. When you update some of your personal data, you will be asked to verify your identity before we proceed with your request, so that we can ensure the security of your Aqara Home Account and device. For any further correction requests, please contact us at aiot-service@aqara.com.

Right to erasure ("right to be forgotten")

As a data subject, you have a right to erasure ("right to be forgotten") under the conditions provided in Article 17 of the GDPR.

This means that you have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Article 17 paragraph 1 of the GDPR applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Article 17 paragraph 1 point (a) of the GDPR).

If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Article 17 paragraph 2 of the GDPR).

The right to erasure ("right to be forgotten") does not apply if the processing is necessary for one of the reasons listed in Article 17 paragraph 3 of the GDPR. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (Article 17 paragraph 3 points (b) and (e) of the GDPR).

You can find the full extent of your right to erasure ("right to be forgotten") in Article 17 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

Right to restriction of processing

As a data subject, you have a right to restriction of processing under the conditions provided in Article 18 of the GDPR.

This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Article 18 paragraph 1 of the GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (Article 18 paragraph 1 point (a) of the GDPR).

Restriction means that stored personal data are marked with the goal of restricting their future processing (Article 4 paragraph 3 of the GDPR).

You can find the full extent of your right to restriction of processing in Article 18 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

Right to data portability

As a data subject, you have a right to data portability under the conditions provided in Article 20 of the GDPR.

This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the GDPR or on a contract pursuant to Article 6 paragraph 1 point (b) of the GDPR and the processing is carried out by automated means (Article 20 paragraph 1 of the GDPR).

You can find information as to whether an instance of processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the GDPR or on a contract pursuant to Article 6 paragraph 1 point (b) of the GDPR in the information regarding the legal basis of processing in Section " HOW THE PERSONAL DATA IS USED" of this Privacy Policy.

In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Article 20 paragraph 2 of the GDPR).

You can find the full extent of your right to data portability in Article 20 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

Right to object

As a data subject, you have a right to object under the conditions provided in Article 21 of the GDPR.

At the latest in our first communication with you, we expressly inform you of your right, as a data subject, to object.

More detailed information on this is given below:

Right to object on grounds relating to the particular situation of the data subject

As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 paragraph 1 point (e) or (f), including profiling based on those provisions.

You can find information as to whether an instance of processing is based on Article 6 paragraph 1 point (e) or (f) of the GDPR in the information regarding the legal basis of processing in Section " HOW THE PERSONAL DATA IS USED" of this Privacy Policy.

In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to object to direct marketing

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You can find information as to whether and to what extent personal data are processed for direct marketing purposes in the information regarding the legal basis of processing in Section "HOW THE PERSONAL DATA IS USED" of this Privacy Policy.

If you object to processing for direct marketing purposes, we no longer process your personal data for these purposes.

You can find the full extent of your right to objection in Article 21 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

Right to withdraw consent

Where an instance of processing is based on consent pursuant to Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the GDPR, as a data subject, you have the right, pursuant to Article 7 paragraph 3 of the GDPR, to withdraw your consent at any time. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.

You can find information as to whether an instance of processing is based on Article 6 paragraph 1 point (a) or Article 9 paragraph 2 point (a) of the GDPR in the information regarding the legal basis of processing in Section "HOW THE PERSONAL DATA IS USED"of this Privacy Policy.

Right to lodge a complaint with a supervisory authority

As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in Article 77 of the GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

You may find the contact details of your local supervisory authority in EU member states on the website of the European DataProtection Board: https://edpb.europa.eu/about-edpb/board/members_en

You may exert your above-mentioned rights by contacting us at privacy@lumiunited.com, and we will respond to your request within timeframe set out under your applicable data protection laws.

MISCELLANEOUS

MINORS

Our services are restricted to individuals who are 18 years of age or older. We do not permit individuals under the age of 18 on our platform.We consider it the responsibility of parents to monitor their children's use of our products and services. Nevertheless, it is our policy not to require personal data from minors or offer to send any promotional materials to persons in that category.

Lumi Company does not seek or intend to seek to receive any personal data from minors. Should a parent or guardian have reasons to believe that a minor has provided Lumi Company with personal data without their prior consent, please contact us to ensure that the personal data is removed and the minor unsubscribes from any of the applicable Lumi Company's services.

UPDATES TO THE PRIVACY POLICY

We keep our Privacy Policy under regular review and may update this Privacy Policy to reflect changes to our information practices. If we make material changes to our Privacy Policy, we will notify you by email (sent to the e-mail address specified in your account) and post the changes on all the Lumi Company's websites or through our software, so that you may be aware of the information we collect and how we use it. Such changes to our Privacy Policy shall apply from the effective date as set out in the notice or on the website.

DATA PROTECTION OFFICER & REPRESENTATIVE

You can contact our Data Protection Officer (DPO) at:

Lumi United Technology Co., Ltd

c/o Data Protection Officer

Room 801-804, Building 1, Chongwen Park, Nanshan iPark, No. 3370, Liuxian Avenue, Fuguang Community, Taoyuan Residential District,Nanshan, Shenzhen, China

Email: privacy@lumiunited.com

We also appointed a representative in the EU according to Art 27 GDPR. You can contact our representative at:

GDPR-Rep.eu

Maetzler Rechtsanwalts GmbH & Co KG

c/o Lumi United Technology Co., Ltd

Schellinggasse 3/10,1010 Vienna, Austria

Please add the following subject to all correspondence: "GDPR-REP ID: 13345230"

https://gdpr-rep.eu/q/13345230

CONTACT US

If you have any comments or questions about this Privacy Policy or any questions relating to Lumi Company's collection, use or disclosure of your personal data, please contact us at the address below referencing "Privacy Policy":

Lumi United Technology Co., Ltd

Room 801-804, Building 1, Chongwen Park, Nanshan iPark, No. 3370, Liuxian Avenue, Fuguang Community, Taoyuan Residential District, Nanshan District, Shenzhen，China

Email: privacy@lumiunited.com

Thank you for taking the time to understand our Privacy Policy!