PRIVACY POLICY

Update!

Our Privacy Policy was updated on 24th Apr, 2020. We have revamped the Privacy Policy front and back so that from this date onwards, this Privacy Policy can provide privacy details on how we manage your personal information for our products and services, unless a separate privacy policy is provided for the specific products or service provided by Lumi United Technology Co., Ltd.

Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.

The terms of this Privacy Policy that are or may be material to your rights and interests have been marked in bold, and please pay specific attention to them.

OUR COMMITMENT TO YOU

This Privacy Policy sets out how Lumi United Technology Co., Ltd. ("Lumi", "we", "our" or "us") collect, use, disclose, process and protect any information that you give us when you use Aqara Home. Should we ask you to provide certain information by which you can be identified when using Aqara Home, it will only be used in accordance with this Privacy Policy and/or our terms and conditions for users.

The Privacy Policy is designed with you in mind, and it is important that you have a comprehensive understanding of our personal data collection and usage practices, as well as full confidence that ultimately, you have control of any personal data provided to Lumi.

In this Privacy Policy, "personal data" means data or information that can be used to identify an individual, either from that data/information alone or from that data/information combined with other data/information Lumi has access about that individual, such as your nickname, address, phone number, email address, and information generated during the operation of smart devices connected to the Aqara Home platform.

By using or connecting smart device to Aqara Home App, you are deemed to have read, acknowledged and accepted all the provisions stated here in the Privacy Policy, including any changes we may make from time to time. In order to comply with applicable laws, including local data protection legislation (e.g. General Data Protection Regulation (“GDPR”) in Europe Union (“EU”)), we will specifically seek prior explicit consent to the particular processing (e.g. automated individual decision-making) of special categories of personal data. We are committed to protecting the privacy, confidentiality and security of your personal data by complying with applicable laws, including your local data protection legislation. We are equally committed to ensuring that all our employees and agents uphold these obligations.

Ultimately, what we want is the best for all our users. Should you have any concerns with our data handling practice as summarized in this Privacy Policy, please contact our Data Protection Officer at privacy@lumiunited.com to address your specific concerns. We will be happy to address them directly.

WHAT INFORMATION IS COLLECTED AND HOW WE CAN USE IT

TYPES OF INFORMATION COLLECTED

In order to provide our services to you, we will ask you to provide personal information that is necessary to provide those services to you. If you do not provide your personal information, we may not be able to provide you with our products or services.

We will only collect the information that is necessary for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. We may collect the following types of information (which may or may not be personal data):

Information you provide to us or upload(including your contact details): we may collect personal information you provide to us, like your name, email address, Aqara Home account information (e.g. your security related information, name), or data you may sync with the device you use to access the Aqara portal, information used to create your account or related to your account setup on the Aqara portal.

Information related to the handheld device terminal : we may collect information related to the operation of the Aqara Home handheld device terminal. For example, IMEI number, DeviceID, OAID,ANDROID_ID,the version of your operating system, manufacturing information about your device, model name, and network operator. We may also collect information about the device associated with your account. For example, MAC address, DID, network status of the device (IP/network signal), and the version of your firmware.

Information we designate that is about you : We may collect and use content such as information related to your Aqara Home account.

Location information (only for specific services/functionalities): various types of information on your location. For example, region, country code, city code, mobile network code,mobile country code, cell identity, district name, longitude and latitude information, time zone settings, language settings.

Log information : information related to your use of certain functions, apps and websites. For example, cookies and other anonymous identifier technologies, IP address, network request information, temporary messaging history, standard system logs, and crash information.

Account credentials : information related to your account credentials. For example, password, verification code, etc.

Automation & Scene settings information. We may collect information related to your automation and scene settings, including automation and scene name, automation and scene execution logs, condition and action list, effective time period setting, execution result notification setting, settings that enable or disable automation.

Feedback information. We may collect the feedback information that you provide, including feedback content, contact information and error logs.

You can use the Aqara app to connect to the sub-devices or triple press the Hub button to add the sub-devices. In order to ensure the smooth operation of the device and provide you with device services, after the device connects to the app or hub, it means that you agree to the information collected by the device, and we will collect data about the device，【Aqara Hub will collect your network information, automation setting, Information collected by Hub function, Information collected by sub-device, ect.】，For details of the collected information, please refer to the privacy description of the corresponding device in the Aqara app. If you do not want us to collect information about your sub-device, you can log in to the Aqara app at any time to enter the interface page of the corresponding sub-device to cancel the authorization.

For specific device-related information that we collect, please refer to the corresponding privacy policy for specific device.

HOW THE PERSONAL DATA IS USED

Personal data is collected for providing services and / or products to you, and legal compliance on our part under applicable laws. You hereby consent that we may process and disclose personal information to our affiliated companies (which are in the communications, social media, technology and cloud businesses), Third Party Service Providers (defined below) for the purposes stated in this Privacy Policy.

Generally, we may use your personal data for the following purposes:

(a)Providing, processing and maintaining our goods and/or services to you, including after-sales and customer support and for services on your device or through our websites.

(b)Communicating with you about your device, service or any general queries, such as updates, customer inquiry support, information about our events, notices.

(c)To keep our internal records regarding billing, accounting and your use of the App.

(d)To improve and develop our goods and services.

(e)Storing and maintaining information about you for our business operations or legal obligations.

Specifically, for information we collected when you use smart devices, we use such information for the following specific purposes:

(f)To keep the device functioning properly: We may collect device information and device settings information to ensure the proper functioning of the device. Your timing settings will be used to determine when the device will work/stop working. We will collect the firmware version of your device to identify it and provide firmware updates. Your charging protection settings and maximum power limit setting will promote the safety when you use the device.

(g)To get the device connected: Your device can be connected to any Zigbee gateway, which enables you to remotely view and control your device. For example, you can know the device on/off status, and cut off the power if necessary. For the purpose thereof, we need to collect the network information.

(h)To display the energy consumption: We may collect the energy consumed and display it by day and month so that you can have a better understanding thereof.

(i)To execute the automated workflow: We may collect the automation and scene settings information and have your device operated as the workflow suggests.

COOKIES AND OTHER TECHNOLOGIES (only when browsing www.aqara.com)

•What information is collected and how we can use them: Technologies such as cookies, tags, and scripts are used by LUMI and our Third Party Service Providers. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the website and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

•Log Files: As true of most websites, we gather certain information and store it in log files. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do not link this automatically collected data to other information we gather about you.

•Advertising: We partner with our Third Party Service Providers to either display advertising on our website or to manage our advertising on other sites. Our Third Party Service Provider may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests. We will obtain your prior explicit consent and involve a clear affirmative action before providing this advertising service to you. If you wish to not have this information used for the purpose of serving you interest-based ads, you may send your request to aiot-service@aqara.com.

•Mobile Analytics: Within some of our mobile applications we use mobile analytics software to allow us to better understand the functionality of our Mobile Software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where crashes occur within the application. We do not link the information we store within the analytics software to any personal data you submit within the mobile application.

•Local Storage – HTML5/Flash: We use Local Storage Objects (LSOs) such as HTML5 or Flash to store content and preferences. Third parties with whom we partner to provide certain features on our Sites or to display advertising based upon your web browsing activity also use HTML5 or Flash cookies to collect and store information. Various browsers may offer their own management tool for removing HTML5 LSOs.

WITH WHOM WE SHARE YOUR INFORMATION

We do not sell any personal data to third parties.

We may disclose your personal data on occasion to third parties (as described below) in order to provide the products or services that you have requested.

Disclosure may be made to Third Party Service Providers and affiliated companies listed in this section below. In each case described in this section, you can be assured that Lumi will only share your personal data in accordance with your consent. Your consent to Lumi will engage sub-processors for the processing of your personal data. You should know that when Lumi shares your personal data with a Third Party Service Provider under any circumstance described in this section, Lumi will contractually specify that the third party is subject to practices and obligations to comply with applicable local data protection laws. Lumi will contractually ensure compliance by any Third Party Service Providers with the privacy standards that apply to them in your home jurisdiction.

SHARING WITH THIRD PARTY SERVICE PROVIDERS

In order to conduct business operations smoothly in providing you with the full capabilities of our products and services, we may disclose your personal data from time to time to our third party service providers, including our mailing houses, delivery service providers, data storage facilities, customer service providers, and Lumi’s representatives. Such third party services providers are all located in the EU and therefore we will not transmit your personal data to third countries outside the EU. Such Third Party Service Providers would receive and process your personal data on Lumi’s behalf or for one or more of the purposes listed above. If you no longer wish to allow us to share this information, please contact us at aiot-service@aqara.com.

SHARING WITH OTHERS

Lumi may disclose your personal data without further consent when required under applicable law.

INFORMATION NOT REQUIRING CONSENT

We may share anonymized information and statistics in aggregate form with third parties for business purposes, for example with advertisers on our website, we may share them trends about the general use of our services, such as the number of customers in certain demographic groups who purchased certain products or who carried out certain transactions.

For the avoidance of doubt, Lumi may collect, use or disclose your personal data without your consent if it is and only to the extent it is allowed explicitly under local data protection laws. Such disclosure may be brought about by the necessity to protect our rights, ensure the safety of you and other people, and comply with the requirements of the local government to facilitate the investigations of illegal activities.

SECURITY SAFEGUARDS

LUMI’S SECURITY MEASURES

We are committed to ensuring that your personal data is secure. In order to prevent unauthorized access, disclosure or other similar risks, we have put in place reasonable physical, electronic and managerial procedures to safeguard and secure the information we collect from your using of Aqara Home. We will use all reasonable efforts to safeguard your personal data, including but not limited to:

We are committed to ensuring that your personal data is secure. In order to prevent unauthorized access, disclosure or other similar risks, we have put in place reasonable physical, electronic and managerial procedures to safeguard and secure the information we collect from your using of Aqara Home. We will use all reasonable efforts to safeguard your personal data, including but not limited to:

•All your personal data is stored in a pseudonymized and encrypted manner on secure servers that are protected in controlled facilities.

•We classify your data based on importance and sensitivity, and ensure that your personal data has the highest security level.

•We have establish access control system to make sure that any employee of us who has access to personal data does not process them except on our instruction.

•We make sure that our employees and Third Party Service Providers who access the information to help provide you with our products and services are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet such obligations. .

•We will regularly back up database to ensure that we can restore the availability and access to the personal data in a timely manner in the event of physical or technical incident.

•We have special access controls for cloud based data storage as well.

•We have taken data protection impact assessment (DPIA) to recognize and control the risks of processing data, and take reasonable measures to lower the risks.

•We will regularly conduct regularly test, assessment and evaluation on the effectiveness of aforementioned technical and organizational measures to ensure the security of the data processing.

All in all, we take the above measures and other technical means to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.

We will take all practicable steps to safeguard your personal data. However, you should be aware that the use of the Internet is not entirely secure, and for this reason we cannot guarantee the security or integrity of any personal data which is transferred from you or to you via the Internet.

WHAT YOU CAN DO

•You can play your part in safeguarding your personal data by not disclosing your login password or account information to anybody unless such person is duly authorized by you. Whenever you log in as a Aqara Home user, particularly on somebody else's computer or on public Internet terminals, you should always log out at the end of your session.

•Lumi cannot be held responsible for lapses in security caused by third party accesses to your personal data as a result of your failure to keep your personal data private. Notwithstanding the foregoing, you must notify us immediately if there is any unauthorized use of your account by any other Internet user or any other breach of security.

•Your assistance will help us protect the privacy of your personal data.

RETENTION AND STORAGE POLICY

Personal data will be held for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. We shall cease to retain personal data, or remove the means by which the personal data can be associated with particular individuals, as soon as it is reasonable to assume that the purpose for which that personal data was collected is no longer being served by retention of the personal data. If further processing is for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes according to the applicable laws, the data can be further retained by Lumi even if the further processing is incompatible with original purposes.

User can delete these logs by the “Clear Logs” function, such as: device logs, automation logs, scene execution logs, home alert logs, messages received by the message center, and other logs. You can also delete all his data recorded on the server and all account information by canceling the account.

All your personal data we collected will be stored and processed in Frankfurt, Germany, where our server are located. Generally, we will not transfer your personal data outside the EU. If we need to transfer your personal data outside the EU, We will only do so when such transfer is in accordance with applicable laws concerning data or privacy protection. We take steps to ensure that the data we collect under this Policy is processed pursuant to the terms thereof and the requirements of applicable law.

ACCESSING OTHER FEATURES ON YOUR DEVICE

Our application may need to access certain features on your device, such as IP address, GPS location, Bluetooth and WLAN access, based on your specific permissions for software installation and / or use authorizatio. If you refuse to grant us the corresponding permissions during installation and / or use, we will not access your corresponding information above.

YOU HAVE CONTROL OVER YOUR PERSONAL DATA!

CONTROLLING SETTINGS

Lumi recognizes that privacy concerns differ from person to person. Therefore, we provide examples of ways Lumi makes available for you to choose to restrict or withdraw the consent of the collection, use, disclosure or processing of your personal data and control your privacy settings:

•Bind/Unbind devices;

•Log in and out of the Aqara Home;

•Perform factory reset to erase the data on local device and on the server.

If you have previously agreed to us using your personal data for the above mentioned purposes, you may change your mind at any time by writing or emailing us at aiot-service@aqara.com.

YOUR RIGHTS TO CONTROL OR PROTECT YOUR PERSONAL DATA

•You have the right to request access to and/or correction of your personal data that we hold about you. You can access and correct your account information and some device-related information on the App. When you update some of your personal data, you will be asked to verify your identity before we proceed with your request, so that we can ensure the security of your Aqara Home Account and device. Once we obtain sufficient information to accommodate your request for access to or correction of your personal data, we shall proceed to respond to your request within any timeframe set out under your applicable data protection laws.

•A copy of your personal data collected and processed by us will be provided to you upon your request free of charge. For any extra request of the same information, we may charge a reasonable fee based on actual administrative costs according to the applicable laws.

If you would like to request access to your personal data held by us or if you believe any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the email address below. Email: aiot-service@aqara.com

•You have the right to obtain from us the erasure of your personal data. You can erase your account information, device information, device operation information on the App. In particular, you can cancel your user account in the App to erase the above information once and for all. For other data that you request to erase, we shall consider the grounds regarding your erasure request and take reasonable steps, including technical measures, to erase your personal data without undue delay, if the grounds apply to GDPR.

•You have the right to obtain from us the restriction of processing your personal data. We shall consider the grounds regarding your restriction request. If the grounds apply to GDPR, we shall only process your personal data under applicable circumstances in GDPR and inform you before the restriction of processing is lifted.

•You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

•You may at any time refuse us to use your personal information for direct marketing purposes, including data portraits related to such direct marketing.

•You have the right to receive your personal data in a structured, commonly used and machine-readable format and transmit the information to another data controller.

•You have the right to lodge a complaint with a supervisory authority.

You may exert your above-mentioned rights by contacting us at aiot-service@aqara.com, and we will respond to your request within timeframe set out under your applicable data protection laws.

WITHDRAWAL OF CONSENT

You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or control by submitting a request. This may be done by sending e-mail to aiot-service@aqara.com. We will process your request within a reasonable time from when the request was made, and thereafter not collect, use and/or disclose your personal data as per your request.

Please recognize that your withdrawal of consent could result in certain legal consequences. Depending on the extent of your withdrawal of consent for us to process your personal data, it may mean that you will not be able to enjoy our services.

MISCELLANEOUS

MINORS

We consider it the responsibility of parents to monitor their children’s use of our products and services. Nevertheless, it is our policy not to require personal data from minors or offer to send any promotional materials to persons in that category.

Lumi does not seek or intend to seek to receive any personal data from minors. Should a parent or guardian have reasons to believe that a minor has provided Lumi with personal data without their prior consent, please contact us to ensure that the personal data is removed and the minor unsubscribes from any of the applicable Lumi services.

ORDER OF PRECEDENCE

If you have agreed to our applicable User Agreements, in the event of inconsistency between such User Agreements and this Privacy Policy, such User Agreements shall prevail.

UPDATES TO THE PRIVACY POLICY

We keep our Privacy Policy under regular review and may update this privacy policy to reflect changes to our information practices. If we make material changes to our Privacy Policy, we will notify you by email (sent to the e-mail address specified in your account) or post the changes on all the Lumi websites or through our software, so that you may be aware of the information we collect and how we use it. Such changes to our Privacy Policy shall apply from the effective date as set out in the notice or on the website. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of products and services on the websites, mobile phones and/or any other device will be taken as acceptance of the updated Privacy Policy. We will seek your fresh consent before we collect more personal data from you or when we wish to use or disclose your personal data for new purposes.

DATA PROTECTION OFFICER AND REPRESENTATIVE

Lumi set up a Data Protection Officer (DPO) in charge the data protection, and the contact of DPO is aiot-service@aqara.com

We appointed GDPR-Rep.eu as representative according to Art 27 GDPR. If you want to make use of your GDPR data privacy rights, please visit: https://gdpr-rep.eu/q/13345230

Contact GDPR-Rep.eu

GDPR-Rep.eu

Maetzler Rechtsanwalts GmbH & Co KG

Attorneys at Law

c/o Lumi United Technology Co.,Ltd

Schellinggasse 3/10, 1010 Vienna, Austria

Please add the following subject to all correspondence:

GDPR-REP ID: 13345230

CONTACT US

If you have any comments or questions about this Privacy Policy or any questions relating to Lumi’s collection, use or disclosure of your personal data, please contact us at the address below referencing "Privacy Policy":

Lumi United Technology Co., Ltd

8th Floor 801-806, Jinqi Zhigu Building, Liuxian Street, Nanshan, Shenzhen, China Email: aiot-service@aqara.com

Thank you for taking the time to understand our Privacy Policy!