DATA PROTECTION POLICY

Data controller of your personal data are companies:

  • ConnectLife, data technologies, LLC Partizanska cesta 12, 3320 Velenje, Slovenia, acting as core data controller of companies producing and/or trading appliances of the brands within companies of Hisense Europe Group (Hisense, Gorenje, Asko, ATAG, Pelgrim, Etna, Körting, Mora, Upo).
  • Hisense International (Thailand) Company Limited (Head Office)

(Both data controller hereinafter: Company)

We treat your personal data seriously and responsibly with respect of the provisions of the General Data Protection Regulation (GDPR) and other applicable regulations in the field of personal data protection. Besides respecting the GDPR and in relation to individuals from certain jurisdictions (California, Canada, Mexico) this Data Protection Policy respects also other possible relevant legislation. This document contains information on data processing activities we undertake related to personal data of users of our products, our customers, potential customers, and/or website users.

In addition to the data protection policy:
  • we adopted an internal procedure regarding the protection of personal data, in which the obligations of the Company and employees regarding the protection of personal data are determined.
  • we adopted the Cookie Policy, which regulates the protection of personal data of website users.
  • we have created a dedicated e-mail box where you can contact us regarding all questions about your personal data.
  • we regularly educate employees about the handling of personal data.
  • we regularly check personal data handling systems and propose improvements.

1. Who processes your personal data?

The controllers of your personal data are:

Company: ConnectLife, data technologies, LLC
Address: Partizanska cesta 12, 3320 Velenje, Slovenia

Company: Hisense International (Thailand) Company Limited (Head Office)
Address: 202 Le Concorde Tower Building, 14th Floor, Room 1401, Ratchadaphisek Road, Huai Khwang, Huai Khwang, Bangkok 10310
Phone: 02-0170077

A company ConnectLife, data technologies, LLC Partizanska cesta 12, 3320 Velenje, Slovenia, (hereinafter: Company), is acting as core data controller of companies producing and/or trading appliances of the brands within companies of Hisense Europe Group (Hisense, Gorenje, Asko, ATAG, Pelgrim, Etna, Körting, Mora, Upo).

A company ASKO Appliances (Aust.) Pty Ltd (ACN 007 007 329) is a company that locally offers products and appliances produced by companies of Hisense Europe Group.

Other companies within Hisense Europe Group may be processors of your personal data. As such the companies of Hisense Europe Group and distributors are collecting and in other way processing your personal data (based on agreement, legitimate interest or your consent) and their means of data processing (e.g. websites, CRM programs, online tools, etc) are for the purpose of this policy stated as our means. The list of other companies of Hisense Europe Group, distributors and their processors external contractors is available here (URL).

2. Method of obtaining data

We obtain your personal data based on using our websites or applications, through cookies and other online tools, by filling out forms on our website or in physical form, through telephone and electronic communication, through other written communication and/or through social networks.

3. Which of your personal data do we process and for what purpose?

In this section, we explain which data we process and for what purpose, depending on the individual activity:


3.1. Purchase on the Company's website or collection of the products ordered online

In order to purchase products via the Company's website or to collect products ordered online, we must collect and process some of your personal data (e.g. delivery address), as this is the only way we will be able to process your order.

To enable a purchase on the Company's website or collection of products ordered online, we will process the following data:
  • Customer ID,
  • Title (Mr / Mrs),
  • First name and last surname,
  • Language of communication,
  • invoicing address and delivery address (if the delivery option is selected),
  • e-mail address,
  • phone number,
  • order (number, value)
  • method of payment,
  • bank account number and/or credit card number,
  • product number
  • serial number of the product
  • purchase invoice
  • purchase history

The purpose and basis of the processing of the above data is to ensure the possibility of delivery or acceptance of the order, payment of the order, information about the status of your order and issuing an invoice for the completed purchase. By placing an order, you have made a purchase, which legally means that you have entered to a sales contract, and to fulfil our part of the obligations arising from the sales contract, we must process your personal data (processing is necessary for the performance of a contract), and at the same time, we are obliged by law to issue an invoice for the completed purchase (processing is necessary for compliance with a legal obligation).

Processing period: Data sent to the delivery service is stored for 1 year from the date of delivery of your order. Data related to the purchase itself is stored as long as you can exercise certain rights in connection with your purchase according to the competent law (period set forth in the law in which it is possible to lodge the claim with a competent court). In accordance with tax and accounting regulations, data for issuing invoices are kept for the period according to local legislation. 

What happens if you do not provide personal data? In the case of online shopping or collecting the products ordered online, we cannot carry out your purchase or collection of the products without obtaining above listed personal data. Still, you can buy and collect the products directly in our physical store or in the stores of contractual partners that enable the latter.


3.2. Customer support in troubleshooting and warranty claims

In order to provide customer support for troubleshooting and warranty claims, we need to collect and process some of your personal data, as this is the only way we can meet our legal obligations in this regard.

In order to provide customer support for troubleshooting and warranty claims, we will process the following data:
  • name and surname,
  • e-mail address,
  • phone number,
  • order number,
  • details of purchased products,
  • date of purchase,
  • address,
  • language of communication,
  • date of claim,
  • service history,
  • duration of warranty and extended warranty,
  • type of warranty,
  • warranty related only to specific parts of the product,
  • e-mail communication
  • chat transcript
  • video conference recording (in case of video conference)
  • pictures (in case user sends us pictures of the product)
  • in the case of a call to the call centre, a recording of the telephone call.

In case of acquiring your consent for use of Visual Remote Assistant we may also process data about session date and time, location and video received.

In case of acquiring your additional consent for data analysis related to the use of products through the Connectlife applications (as defined within this privacy policy) we may also process those data for the purpose of customer support for troubleshooting and warranty claims, where those data may be forwarded also to service organizations.

The purpose and basis of processing the above data is compliance with the legal provisions regarding the seller's warranty for the purchased products (processing is necessary for compliance with a legal obligation) and the fulfilment of the purchase agreement regarding the purchased products (processing is necessary for the performance of a contract). As defined above processing of personal data for use of Visual Remote Assistant and for data analysis may be performed only based on your consent.
 
Processing period: Data is kept for the duration of the possibility of asserting claims from the contract and from the warranty according to the competent law (period set forth in the law in which it is possible to lodge the claim with a competent court). Phone call recordings are kept for the period according to local legislation. Personal data for use of Visual Remote Assistant and for data analysis are stored until the consent is revoked where you can withdraw your consent at any time. The data will cease to be stored within 1 month of receiving the revocation of the consent.

What happens if you do not provide personal data? Non-providing the above listed personal data may affect provision and quality of customer support regarding the use of our products, or the way of resolving warranty claims. However, depending on the channel and reason of communication we may not need all above listed data.


3.3. Notification related to products back in stock

In the event when certain product is out of stock individual can insert his or her email in order to be notified when the product is back in stock. 

In order to notify individual about the availability of the product we will process the following data:
  • e-mail address.

The purpose and basis of the processing of your personal data is to notify you about the availability of the product. The processing of personal data is carried out only based on your consent.

Processing period: Until the consent is revoked where you can withdraw your consent at any time. The data will cease to be stored within 1 month of receiving the revocation of the consent or within 1 month after the notification about the availability of the product is sent to the individual. 

What happens if you do not provide personal data? In case of non-providing your e-mail address we cannot notify you about product back in stock, however for the same purpose you may check our website regularly.


3.4. User account on the Company's website or Connectlife mobile app

Any individual can create a user account on the website that is intended to monitor the progress of the order, view the purchase history or give an opinion about the product. Within the settings of the user account, it is also possible to express the will to receive marketing messages or to cancel receiving them. Same access data as for user account on a website can be used for a user account within Connectlife mobile app.

In order to create a user account, we will process the following data:
  • user ID
  • e-mail address
  • name and surname,
  • phone number,
  • address,
  • language of communication,
  • password,
  • food preferences,
  • service ticket and service history,
  • social network login (in case of establishing user account with social media account: e-mail address, first name, last name, language of communication, photo URL, provider, provider ID),
  • account information (login enabled, log, profile update, login location, account created, account access log)
  • password (last login, disable login).

The purpose and basis of the processing of your personal data is to ensure access to your account and user authentication. With the request to create a user account, a contractual relationship has been established, and in order to fulfil our part of the contractual obligations, we will process your personal data (processing is necessary for the performance of a contractcontractual processing). Some of the personal data (food preferences) are processed only in case you provide those data, based on your consent and are processed in order to notify you about our proposal for a meal. Some of the personal data (service ticket and service history) are processed in order to fulfil our obligations arising from the purchase agreement regarding the purchased products (processing is necessary for the performance of a contractcontractual processing).

Processing period: We keep your personal data until you delete your account or up to 3 years after the last login to the account. Data processed based on the contract are kept for the duration of the possibility of asserting claims from the contract according to the competent law (period set forth in the law in which it is possible to lodge the claim with a competent court). Personal data that are processed based on your consent are kept until the consent is revoked and you can withdraw your consent at any time. Those data will cease to be stored within 1 month of receiving the revocation of the consent, where in that time period you may still be recipient of our communication.

What happens if you do not provide personal data? It is not possible to create a user account without the above determined personal data. Still, you are not obliged to create a user account (i.e. to provide personal data for such a purpose) to purchase or use our products.


3.5. Registration of the product at our website and Connectlife mobile app

Any individual that bought any of our product can register the product at our website or through Connectlife mobile app within his or her user account. Based on registration the individual acquires simplified access to the instructions for use, our proposals for using the product, information related to warranty, for certain products additionally extended period of warranty and notifications about updates related to Connectlife appliances. For certain products and in limited period of time we occasionally offer also partially refund of the purchase price in case of registration of the product at our website or Connectlife mobile app.

In order to perform registration of the product, we will (besides the data stated in point 3.4.) process the following data:
  • product number,
  • serial number of the product,
  • date of purchase,
  • copy of the purchase invoice.
  • IBAN number (only for the purpose of partial refund of the purchase price)

The purpose and basis of the processing of your personal data is to enable extended warranty (only related to certain products), grant access to the instructions for use and our proposals for using the product. By registration of the product, you accept the rules of the registration that is legally treated as contractual relationship and in order to fulfil our part of the contractual obligations, we will process your personal data (processing is necessary for the performance of a contract).

Processing period: We keep your personal data until you delete your registration of the product, while we keep data related to the extended warranty for the duration of the possibility of asserting claims from the contract according to the competent law (period set forth in the law in which it is possible to lodge the claim with a competent court).

What happens if you do not provide personal data? Without above stated data you cannot register the product at our website or Connectlife mobile app. However, each product has at the time of the purchase attached instructions for use and information related to warranty.


3.6. Providing user’s reviews on the website and users feedback related to our product and services

In order to enable the possibility of providing user’s reviews (evaluations, opinions, ratings and comments) on the website, we must collect and process some of your personal data, as we want to share the experiences of actual customers and users with potential customers and users. We may share experiences of actual customers and users of certain product or service from one market also with potential customers and users in other market. The methods and conditions for giving opinions, ratings and comments on the website are specified in the Rules for posting reviews and commenting on products and services that are available here (URL).

In order to receive users feedback related to our product and services we may contact you after the product was delivered to you or the service was performed, where providing your feedback is voluntarily.

In order to provide user’s reviews (opinions, ratings and comments) or to acquire users feedback, we will process the following data:
  • name or chosen name or review as a guest,
  • e-mail address,
  • details of purchased products or service performed,
  • copy of the purchase invoice
  • rating or comment
  • review language
  • our response
  • sentiment analytics of user product reviews.

The purpose and basis of the processing of your personal data is to ensure that the user review of the individual product was given by the person who actually purchased or uses the individual product. The processing of personal data may be carried out based on your consent, while acquiring users feedback related to our product and services within 30 days after the delivery of the product or service performed is based on our legitimate interest which is in this case product improvement, quality assurance and customer satisfaction evaluation.

Processing period: Your personal data will be automatically deleted after 5 years after publishing the user’s review or acquiring user’s feedback. Your opinions, ratings and comments are visible on the website for 5 years after publishing on the website. However, your user review or user feedback will be deleted earlier in case of request for erasure or withdrawal of your consent to such data processing, where in those cases the data will cease to be stored within 1 month of receiving the revocation of the consent.

What happens if you do not provide personal data? You may provide user’s review also anonymously (without providing your personal data). However, without your personal data we may not ensure that opinions, ratings and comments are given only from actual purchasers and users.


3.7. Notifications, personalized offers via digital channels, Marketing and related services

For the purpose of marketing activities and providing information about our products (e.g. sending newsletters, personalized offers, invitations to participate in prize games etc) , we need your express consent (divided to specific purpose) and without the latter we will not contact you for the purpose above. As a channel of communication, we can in case of your consent use e-mail, social media or other instant messaging application. For personalized offer (where we can recommend content through ads and notifications) we may based on your consent for personalized offers also use profiling as described within this privacy policy. You can always revoke your given consent in your user account settings, by unsubscribing from receiving messages, by blocking us on social media or within instant messaging applications, by changing cookie settings, or by sending us a request to privacy@connectlife.io.

For the purpose of sending notifications, personalized offers via digital channels and related services, we may process the following data:
  • name and surname,
  • e-mail address,
  • phone number,
  • data related to prize games (model, serial number, purchase date, invoice)
  • location data of the user obtained from the user's mobile device (anonymously),
  • the individual's interests regarding viewing products on websites (anonymously),
  • contact information via instant messaging applications,
  • purchase history,
  • postal code,
  • data related to delivery, opening, clicking and unsubscriptions of our messages, (anonymously)
  • sentiment analytics of user product reviews.

The purpose and basis of the processing of your personal data is to enable the sending of marketing messages or to present a customized personalized offer based on your interests or to improve your user’s experience. The processing of personal data is carried out only based on your consent.

Processing period: Until the consent is revoked where you can withdraw your consent at any time. The data will cease to be stored within 1 month of receiving the revocation of the consent where in those time period you may still be recipient of our communication.

What happens if you do not provide personal data? You are not obliged to provide your personal data for marketing purposes (providing consent for personal data processing for these purposes is voluntarily). Still, in such a case we will not be able to notify you about our marketing activities, our products and create personalized  offers for you.


3.8. Information about your activities on our website

For the purpose of improving the functioning of the website, statistical reviews and personalized offers, we also monitor your activities on our website, whereby this data is in anonymized form.

For the purpose of monitoring the activity on our website, we process the following data:
  • user account designation,
  • purchase history,
  • device operating system,
  • used browser,
  • web address (URL address) of the initial page that you use to access to our website.

The purpose and basis of the processing is to improve the functioning of the website, statistical reviews. We use cookies and similar tracking technologies to track the activity on our site, where use of cookies is allowed only based on your consent. Based on the use of cookies we can use those data for personalized offers but only in case when we acquire additional consent for latter. You can always revoke your given consent in your user account settings, by changing cookie settings or by sending us a request to privacy@connectlife.io.
 
Processing period: Your personal data acquired by cookies will be automatically deleted after the duration of specific cookies (as defined in cookie policy), while your data used for personalized offers will be deleted in case of revocation of the consent where in those time period you may still be recipient of our communication.

What happens if you do not provide personal data? In case of non-providing above stated data (by consent to cookie policy) we cannot track your activity on our website, improve functionality of our website and prepare personalized offer for you.


3.9. Processing of personal data via social networks, instant messaging applications and chat rooms

The company may have established profiles on social networks (e.g. LinkedIn, Instagram, Facebook, TikTok, Twitter,  etc.) or may use instant messaging applications (e.g. WhatsApp, FB Messenger, Viber, etc.) for communication. Social networks and instant messaging applications allow us to promote our products and services or provide customer support. When doing the latter, we can also select categories of individuals on the social network to which we want our promotionsad to refer (in case of specific consent acquired). As such, the Company may be responsible for the protection of personal data that users share with the Company through the aforementioned media, and at the same time, the provider of the individual media is also responsible for the data processing it performs on such media, so users are advised to familiarize themselves with the privacy policy of the individual media.

In the case of visiting the Company's profile on an individual social network or establishing communication via instant messaging applications, we can process the following data:
  • if you like, share a post, mark the Company's profile or comment, we receive access to your public profile and the content of your post,
  • if you send us a private message on a social network or through an instant messaging application, we obtain information about your public profile, or your contact information and information about the content of the sent message.

When communicating via social networks, instant messaging applications and chat rooms, we will process the following data about you:
  • the public profile of the individual on the social network and the content of the publication,
  • contact information of the individual in the instant messaging application,
  • other data that you will provide to us during the communication.

The purpose and basis of the processing of your personal data is the promotion of the Company's products and the establishment of communication with users of social networks or instant messaging applications. We may contact you only based on your consent, but we can respond to your inquiry based on our legitimate interest, which is satisfying the needs of customers by providing information related to our products. 

Processing period: Your personal data kept by us will be automatically deleted after 1 year since the communication occurred or earlier in case of withdrawing your consent. In case of withdrawing the consent, the data will cease to be stored within 1 month of receiving the revocation of the consent where in those time period we may still process your personal data.

What happens if you do not provide personal data? Without providing your personal data you cannot communicate with us through the aforementioned media, and we cannot respond to your inquiries. 


3.10. Use of products through the Connectlife applications and Data Analysis

In order to enable all the functions of smart devices to users, to understand the needs of users and to determine the efficiency and usage of the device, we collect and process some of your personal data and data about the operation of each device. Use of products through the Connectlife applications is possible only in case of user registration and conclusion of a license agreement.

For user registration and the conclusion of the license agreement, we will process the following personal data:
  • title (mr, mrs),
  • name and surname,
  • language of communication,
  • address,
  • phone number,
  • e-mail address.

During the usage of the device, we will perform data analysis related to the usage, where those data will be processed in anonymous way and without any link to an identified or identifiable natural person. For this purpose, we will anonymously process following data:
  • appliance’s data (brand, model, serial number),
  • installation date of the device,
  • data on pairing the device with our cloud (appliance paired, pairing type and timestamp)
  • operation of the appliance (commands sent to appliance, appliance settings, status and statistics, notifications, appliance alarms and errors, service ticket requests, timer and automation)
  • data detected by the device's sensors and which are important for the operation of the device (e.g. data regarding technical performance, data related to possible error messages, temperature, humidity, air quality, etc.),
  • booking log (for public laundry)
  • food images from appliance and time-lapse videos
  • user behaviour analytics,
  • device booking,
  • resource (water, electricity) consumption,
  • food and drink storage and preferences.

Only in case when we will acquire your explicit consent, we may link data acquired by data analysis to identified natural person. Such data may be forwarded to service providers for the purpose of customer support for troubleshooting and warranty claims. In case of acquiring your additional consent, we may use those data also for personalized offer where we can recommend content through ads and notifications.

In order to connect the appliance to the cloud via local WIFI users have to insert also data about Service Set IDentifier (SSID) and a password. However, those data are used only for pairing the appliance with Wi-Fi module and are not collected, stored or in any other way processed by us.

The purpose and basis of the processing of your personal data is to ensure the possibility of using all the functions of smart devices and to analyse usage of our appliances. By the request for user registration and the conclusion of the license agreement the contractual relationship is established and in order to fulfil our part of the contractual obligations, we must process your personal data for contractual purposes, while processing your personal data related to usage of our appliance and processing your personal data for personalized offer is based on your consent. You can always revoke your given consent in your user account settings, or by sending us a request to privacy@connectlife.io.

Processing period: Data related to user registration and the conclusion of the license agreement are stored as long as you can exercise certain rights in connection with our contractual obligations (period set forth in the law in which it is possible to lodge the claim with a competent court after the expiry of the license agreement). Data related to the usage of our appliance are stored until the consent is revoked where you can withdraw your consent at any time or until you delete your account where you can delete it at any time. The data will cease to be stored within 1 month of receiving the revocation of the consent or within 1 month since account deletion (as the case may be), where in those time period you may still be recipient of our communication. 

What happens if you do not provide personal data? It is not possible to register a user of the Connectlife application and conclude a license agreement without above stated personal data.


3.11. Cookies and other online tools

If you visit our web page, we may store cookies on your device. For more information on cookies used on our webpage, please see the Cookie Policy.

In addition to cookies, we also use other online tools from the following providers:

Google, namely:
  • Google Marketing Platform for the purpose of obtaining data related to website traffic (e.g. number of visitors, pages visited by visitors, time spent by visitors on the website);
  • Google Maps for the purpose of using the mapping service Google Maps via API in order to facilitate the location of places specified by the individual on the website;
  • Google Tag Manager for the purpose of managing website tags through the user interface and integration of program codes on our websites;
  • Google Ads for the purpose of placing advertisements, remarketing and tracking conversions;
  • Google Optimize for the purpose of A/B testing and website testing;
  • Site Kit for the purpose of improving and monetizing our content on the web page;
  • Youtube for the purpose of establishing a connection with YouTube servers, where the use of plugins from YouTube is required;
  • Google Analytics for the purpose of collecting data from websites and apps to create reports that provide business insights;
  • Google Search Console in order to show the performance of websites on Google Search and how Google sees our website
  • Looker Studio for the purpose of turning data into informative, easy to read, easy to share, and fully customizable dashboards and reports.

The listed online tools are operated by Google Ireland Limited, whereby certain information about an individual's use of the website may also be transferred to a server in the USA, so we suggest that you also familiarize with their privacy policy, which is available here: LINK. If you are a Google Account holder and have consented to the customization of ads, we may also obtain reports on the effectiveness of our advertising measures (including cross-device reports), demographic information and interests of individuals, as well as cross-device online advertising functions.

Meta, namely:
  • Meta business suite as a social media management tool for Facebook and Instagram for the purpose of creating and scheduling content to responding to engagement to analyzing insights
  • Meta pixel for the purpose of placing advertisements, remarketing and tracking conversions.

The listed online tools are operated by Facebook Ireland Limited, with registered office at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02 X525, Ireland; whereby certain information about an individual's use of the website may also be transferred to a server in the USA, so we suggest that you also familiarize with their privacy policy, which is available here: LINK. If you are a Facebook or Instagram account holder and have consented to the customization of ads, we may also obtain reports on the effectiveness of our advertising measures (including cross-device reports), demographic information and interests of individuals, as well as cross-device online advertising functions.


3.12. Remarketing, tracking and similar technologies

We and our third-party service providers use cookies to inform, optimize and serve ads based on your past visits to our web page or our mobile apps in order to advertise on third-party websites to you. For this purpose we use:
  • Google Ads, provided by Google and you can opt-out of this by visiting the Google Ads Settings page: https://adssettings.google.com/authenticated, and
  • Facebook Retargeting, provided by Meta and you can opt-out this by visiting the Facebook site where you have to log in and go to Settings > Ads > Ad Settings. On the app, go to Setting & Privacy > Settings > Ad > Ad Preferences > Ad Settings. Then choose the Not Allowed

To see how our web page and mobile app is performing we use conversion beacons, tags, scripts and pixels, that perform a short line of code to tell us when you have clicked on a particular button or reached a particular page. The use of these technologies allows us to record that a particular device, browser, or application has visited a particular webpage. 

If you enable location-based services on your computer or mobile device in connection with your use of the web page or mobile app, you expressly consent to us collecting the geolocation (which may include specific longitude and latitude) of your device. This information will be used as set forth in this Data Protection Policy, including to provide specific advertising content or messages based on your location.

We and our third-party service providers may use the information that we collect about you (information from our web page or mobile app, through your device(s), or from a third party) to help us and our third-party service providers identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.). We, and our third-party service providers also may use the cross-device use and other information we learn about you to serve targeted advertising on your devices and to send you emails. These third-party cookies and other technologies are governed by each third party’s specific privacy policy, not this one.


4. Collection of children’s personal data

We are committed to protect the personal data of children and recognize that parents or legal guardians may use our services or purchase our products for family use, including by minors. As such, our services and products are not intended for use by individuals under the local adult legal age minimum, and we will not knowingly collect personal data from individuals under such age for any purpose, nor will we accept registration from such individuals. In some cases, particularly where information is collected electronically, we may not be able to determine whether information was collected from children under local legal age, and we treat such information as though it were provided by an adult. If we learn that a child under the local legal age has provided any personal data, we will use commercially reasonable efforts to delete such information immediately.

5. Profiling

Profiling means any form of automated processing of personal data that involves the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyze or predict the personal taste, interests, behavior or location of that individual.

The company performs profiling if you have given your consent for personalized direct marketing. Profiling is carried out using various methods of statistics, mathematics or predictive analysis, which allows us to predict your needs and prepare suitable offers based on this. As part of profiling, we analyze your demographic data, such as location, and data on purchases and device usage, on the basis of which we place you in an individual profile and only send you offers that we believe match your needs and habits.

6. The existence of automated decision-making

We do not process your personal data using means for automated decision-making that could have legal consequences for you.

7. How do we protect your personal data?

In order to protect your personal data, we have introduced a number of technical and organizational measures, namely:
  • Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services
  • Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  • Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing
  • Measures for user identification and authorisation
  • Measures for the protection of data during transmission
  • Measures for the protection of data during storage
  • Measures for ensuring physical security of locations at which personal data are processed
  • Measures for ensuring events logging
  • Measures for internal IT and IT security governance and management
  • Measures for ensuring data minimisation, data quality and limited data retention
  • Measures for allowing data portability and ensuring erasure

8. Who processes your personal data and with whom do we share it?

Your data are processed either within internal software programs (e.g. SAG and Hisense CRM) or with use of tools provided by external providers (SAP CDC, Hybris, Salesforce, Mailchimp, SiteKit).

Other related entities of Hisense may have access to your personal data, as individual companies are sellers or manufacturers of the product you purchased, and individual companies provide adequate support for the Company's operations. Related entities of Hisense seated outside of EU/EEA appointed company VERDATA Datenschutz GmbH & Co. KG, Roemerstr. 12, D – 40476 Duesseldorf, Germany as their representative according to Article 27 of GDPR. Access to your personal data may have in particular the following related entities of company Hisense:
  • Hisense Gorenje Europe, poslovne storitve, d.o.o., Hrvaška ulica 4, 1000 Ljubljana 
  • Gorenje, d.o.o., Partizanska cesta 12, 3320 Velenje
  • Hisense Home Appliance Group Co., Ltd. Qingdao Branch, F3, Building 3, Section C, Hisense R&D Centre, 399, Songling Road, Qingdao, Shandong, China.

The Company may also transfer personal data to external contractors (mainly for the purpose of ensuring payments, transportation and other matters related to your order etc.). In such a case the Company undertakes to enter into an agreement with the external contractors that ensures adequate security of your personal data, and the external contractors can process your data only for the purpose for which they were obtained.

Your personal data may also be the subject of transfer to external contractors in third countries. In this case the Company will ensure adequate safeguards if the external contractors are seated or provide services relevant to the protection of personal data in a third country that does not offer the same level of data protection as GDPR and undertake other obligations set forth by the GDPR regarding such kind of transfer.

In particular, we may transfer your personal data to other companies in the Hisense group and our distributors that sell our products and services at certain markets or provide other services in relation to business support, complaints of ordered goods or customer support. List of our companies in certain countries and their external contractors that may have access to the personal data of users from certain market is listed in the Appendix [URL].

We may transfer your personal data acquired based on your consent according to this data protection policy to advertising and social networks, in particular to:
  • Google Ireland Limited (registered number: 368047), with registered office at Gordon House, Barrow Street, Dublin 4, Ireland; the company's privacy policy is available here: LINK
  • Facebook Ireland Limited, with registered office at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02 X525, Ireland; the company's privacy policy is available here: LINK
  • Pinterest, Inc., with registered office at 505 Brannan Street San Francisco, CA 94107 United States, the company's privacy policy is available here: LINK
  • LinkedIn as a tool provided by Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA, LinkedIn's privacy policy is available here: LINK

To process personal data, we also use the services of other external contractors. External contractors include:

- cloud computing service providers and other technology support providers such as
  • Microsoft Azure, provided by Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA, the company's privacy policy is available here: LINK
  • SAP Hybris provided by SAP SE, Dietmar-Hopp-Allee 16, 69190 Walldorf/Germany, the company's privacy policy is available here: LINK SAP America, Inc., 3999 West Chester Pike, Newtown Square, PA 19073, USA, the company's privacy policy is available here: LINK
  • Salesforce Marketing Cloud and Salesforce Service Cloud provided by Salesforce, Inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States, the company's privacy policy is available here: LINK
  • Cloudera provided by Cloudera, Inc., 5470 Great America Parkway, Santa Clara, CA 95054, USA, the company's privacy policy is available here: LINK
  • Tuya IoT platform provided by Tuya Global Inc., 3979 Freedom Circle, Suite 340, Santa Clara, CA 95054, the company's privacy policy is available here: LINK
  • DigitalOcean, 101 6th Ave New York, NY 10013, the company's privacy policy is available here: LINK
  • Cloudflare France SAS, 6 place de la Madeleine, 75008 Paris, the company's privacy policy is available here: LINK
  • Amazon Web Services, Inc., 410 Terry Avenue North Seattle, WA 98109 United States, the company's privacy policy is available here: LINK

- marketing tools providers that help us optimize the web and personalize content and offers for you, such as:
  • AV STUDIO d.o.o., Koroška cesta 55, 3320 Velenje, the company's privacy policy is available here: LINK
  • Agilcon, d.o.o., Letališka cesta 32, 1000 Ljubljana, the company's privacy policy is available here: LINK
  • ZenLab d.o.o., Polule 77C, 3000 Celje, the company's privacy policy is available here: LINK
  • Columbus Global Lautrupvang 6, Ballerup, Denmark 2750, the company's privacy policy is available here: LINK
  • Sprinklr, Inc. 29 West 35th Street, New York, NY 10001, USA, the company's privacy policy is available here: LINK
  • Freshworks Technologies B.V. Stationsplein 32, 3511 ED Utrecht, the company's privacy policy is available here: LINK
  • "eXpoint" SIA, rīvības street 76-34, Riga, LV-1001, the company's privacy policy is available here: LINK
  • Mailchimp as a tool provided by Intuit Inc., 2700 Coast Avenue, Mountain View, CA 94043, the company's privacy policy is available here: LINK
  • 24TTL B.V., Amsterdam, Noord-Holland, The Netherlands, the company's privacy policy is available here: LINK
  • eStoreMedia sp. z o.o., Aleja Komisji Edukacji Narodowej 18, 02-722 Warszawa, Poland, the company's privacy policy is available here: LINK
  • SiteOne Landscape Supply, Inc, 300 Colonial Center Parkway Suite 600 Roswell, GA 30076 United States, the company's privacy policy is available here: LINK
  • Campaign Monitor Holdings Pty Ltd, 5 STAPLETON AVE SUTHERLAND NSW C3 2232, the company's privacy policy is available here: LINK
  • Splunk Inc., 270 BRANNAN STREET SAN FRANCISCO CA 94107, the company's privacy policy is available here: LINK
  • Twilio Inc., 101 Spear Street, Ste 500, San Francisco, CA 94105, the company's privacy policy is available here: LINK

- call centres and providers of tools for managing and recording telephone calls, especially:
  • Hisense Europe Customer Care Centar, Strahinjića bana 9, 11000 Beograd, Serbia;
  • 3CX, 4010 Boy Scout Boulevard, Suite 325, 33607, Tampa, Florida, USA, the company's privacy policy is available here: LINK
  • Diabolocom SAS, 20, rue de Paix - 75002 Paris, France, the company's privacy policy is available here: LINK
  • Cisco Systems, Inc., 170 West Tasman, Dr.San Jose, CA 95134 USA, the company's privacy policy is available here: LINK.

- external service providers for the maintenance and repair of our devices;

- processors of external communication, especially communication via SMS messages and chat rooms, especially:
  • LiveChat, Inc. (101 Arch Street, 8th Floor, Boston MA 02110, United States of America, the company's privacy policy is available here: LINK
  • Jivochat as a tool provided by Lucas Loureiro Carvalho Suporte Tecnico ME., the Rua Neves Armond, 140, Sala 301, Praia Do Suá. Vitória, ES/Brazil, the company's privacy policy is available here: LINK
  • TargetFirst, 23 rue de la Croix Lormel, 22190 PLERIN, the company's privacy policy is available here: LINK

- companies that prepare surveys for us regarding user satisfaction with our products and services, especially:
  • Trustpilot A/S, Pilestraede 58, 5th floor, DK-1112 Copenhagen K, the company's privacy policy is available here: LINK.
  • Bazaarvoice, Inc., 10901 Stonelake Blvd, Austin, TX 78759, the company's privacy policy is available here: LINK
  • Reevoo, 2nd Floor Walbrook Wharf, 78-83 Upper Thames Street, London EC4R 3TD, the company's privacy policy is available here: LINK
  • Momentive Europe UC, 2 Shelbourne Buildings, Second Floor, Shelbourne Rd Ballsbridge, Dublin 4, Ireland, the company's privacy policy is available here: LINK

From time to time, the company organizes prize games and similar promotional campaigns together with third parties, to whom it may also provide individual personal data, whereby you will be informed of this prior to the collection of personal data.

9. Where do we store your data?

Your data are stored within company internal server units and workstations (also using cloud technologies) and in the data lake system (a data lake is a centralized repository that allows you to store structured and unstructured data at any scale).

10. California privacy rights

If a California resident wishes to make any of the requests described below, such as access and deletion, he or she may contact us by contacting our Data Protection Officer (defined in section below). You may be able to exercise some of the below rights, such as access and deletion, by using the management features available in your account. You may authorize an agent to make such a request on your behalf. We will seek to verify your identity and your agent’s authority when we receive an individual rights request from you or on your behalf to ensure the security of your personal data and may need to collect additional personal data to do so.

California residents have the right to request the deletion of personal data as prescribed in Section 1798.105(a) of the CCPA and CPRA. We may not delete some or all personal data if such personal data is necessary for us, or our service providers or affiliates, to:
  • complete the transaction for which the personal data was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of our ongoing business relationship with the consumer, or otherwise perform a contract between us and the consumer,
  • detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity,
  • debug to identify and repair errors that impair existing intended functionality,
  • exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law, 
  • comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code,
  • enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with us,
  • comply with a legal obligation, or
  • otherwise use the consumer’s personal data, internally, in a lawful manner that is compatible with the context in which the consumer provided the personal data.

You may request to receive details about how we collect, use, and share your personal data.  Specifically, you may request to receive the specific pieces of information that we have collected about you by contacting our Data Protection Officer (defined in section below). If you do so, we may need to collect additional personal data and other information, including name, email address, zip code, product purchase location, phone number (which you may choose not to provide), product model number and serial number to verify your identity. The same process applies to requests for the deletion of personal data described above. 

You may also request to receive:
  • the categories of personal data that we have collected about you, 
  • the categories of personal data that we have disclosed for a business purpose, 
  • the categories of sources from which we collected the personal data,
  • our purposes for collecting that personal data, and 
  • the categories of parties with whom we share your personal data.

You have a right to direct us not to sell your personal data. In the preceding twelve months we have not sold your personal data, as that term is generally understood, but we recognize that the CCPA/CPRA defines personal data as a “personal information” in such a way that making available identifiers linked to you for a benefit may be considered a “sale.” 
 
If you would like to exercise that right in relation to our use of cookies, software development kits, or other tracking technologies, please click “Do Not Sell My personal data” within the settings menu of web page or device.  Alternatively, you may direct us to not to sell your personal data by contacting our Data Protection Officer (defined in section below). 
 
We do not discriminate against you for exercising any CCPA rights, such as the access and deletion rights described above. If we choose to offer a product enhancement or financial incentive that is contingent on you sharing personal data, we will first notify you and obtain your opt-in permission and ensure that the value provided to us by that collection is reasonably related to the value of the product enhancement or financial incentive.

11. Canada privacy rights

We will obtain your consent to collect, use or disclose personal data except where we ‎are ‎‎authorized or required by law to do so without consent. For example, we may collect, use or ‎disclose ‎‎personal data without your knowledge or consent where: the information is ‎publicly available, as ‎‎defined by statute or regulation; we are obtaining legal advice; or we ‎reasonably expect that obtaining ‎‎consent would compromise an investigation or proceeding. ‎Other exceptions may apply.‎

Your consent can be express, implied or given through an authorized representative.‎ Consent may be provided orally, in writing, electronically, through inaction (such as when you ‎do not ‎‎notify us that you do not wish your personal data collected/used/disclosed for ‎various purposes ‎‎after you have received notice of those purposes) or otherwise.‎

You may withdraw consent at any time, subject to legal, contractual and other restrictions, ‎provided that ‎‎you give us reasonable notice of your withdrawal of consent. If you notify us that ‎you withdraw consent, ‎‎we will inform you of the likely consequences of that withdrawal, which ‎may include our inability to ‎‎provide certain services for which that information is necessary.‎

We will not collect personal data indiscriminately but will limit collection of ‎personal ‎data to ‎that which is reasonable and necessary.  We will also collect ‎personal ‎data as authorized by law.

Your personal data will only be used or disclosed for the purposes set out above ‎and as ‎authorized ‎by law.‎

We will keep your personal data for as long as necessary in connection with the ‎‎‎purposes ‎identified above or as permitted or required by law. You must notify us if you no ‎‎longer want us to retain ‎your information.‎

We will destroy, erase or make anonymous documents or other records containing personal data ‎‎as soon as it is reasonable to assume that the original purpose is no longer being ‎‎served by retaining ‎the ‎information and retention is no longer necessary for a legal or business ‎‎purpose. We will take due ‎care ‎when destroying personal data so as to prevent ‎‎unauthorized access to the information.‎

Our service providers may be located outside of the country in which you are located, and our ‎servers ‎‎are currently located in the European Union. You therefore acknowledge that ‎your personal data may be processed and stored in foreign jurisdictions and that ‎governments, courts, law ‎‎enforcement or government or regulatory agencies in other jurisdiction may be able to ‎‎access or obtain disclosure of your personal data ‎under a lawful order or otherwise through the ‎‎laws of the applicable jurisdiction, irrespective of ‎the safeguards we have put in place for the protection of ‎‎your personal data.‎

You may modify personal data that you have submitted by logging into your account and updating your profile information or by contacting our Data Protection Officer (defined in section below).

Also, upon written request and authentication of identity, we will provide you with your other ‎personal data under our control, information about the ways in which that information is ‎being used and ‎a ‎description of the individuals and organizations to whom that information has ‎been disclosed. We ‎will ‎make the information available within 30 days or provide written ‎notice where additional time is ‎‎required to fulfil the request.‎

In some situations, we may not be able to provide access to certain personal data. This ‎may be ‎‎the case where, for example, disclosure would reveal personal data about ‎another individual, the personal data is protected by solicitor/client privilege, the ‎information was collected for the ‎‎purpose of an investigation or where disclosure of the ‎information would reveal confidential ‎commercial ‎information that, if disclosed, could harm ‎our competitive position. We may also be ‎prevented by law ‎from providing access to certain ‎personal data. When an access request is ‎refused, we will notify ‎you in writing, ‎document the reasons for refusal and outline further steps which ‎are available to you.‎

Requests to modify any information, may be submitted to our Data Protection Officer (defined in section below). Please allow up to thirty (30) days for us to process and respond to your request.

You may request deletion of your personal data by us, however, we may be required (by law or otherwise) to keep this information and not delete it. After we delete personal data, we may retain de-identified information, and will continue to use the information as permitted under this Data Privacy Policy.

We will make a reasonable effort to ensure that personal data we are using or disclosing ‎is ‎‎accurate and complete. In most cases, we rely on you to ensure that your information is ‎current, ‎‎complete and accurate.‎

If you demonstrate the inaccuracy or incompleteness of personal data, we will amend ‎the ‎‎information as required. If appropriate, we will send the amended information to third ‎parties to whom ‎‎the information has been disclosed. When a challenge regarding the accuracy ‎of personal data ‎is ‎not resolved to your satisfaction, we will annotate the personal data under its control with a ‎note ‎that the correction was requested but not made.‎

We may send periodic promotional emails to you. You may opt-out of promotional emails by following the opt-out instructions contained in the email. Please note that it may take up to 10 business days for us to process opt-out requests.  If you opt-out of receiving promotional emails, we may still send you emails about your account or any services you have requested or received from us.

You may also withdraw your consent to our collections, uses and disclosures of your ‎information at any ‎‎time, subject to legal, contractual and other restrictions, provided that you ‎give reasonable notice of ‎‎withdrawal of consent to us.  On receipt of notice of withdrawal of ‎consent, we will inform you of the ‎‎likely consequences of the withdrawal of consent, which ‎may include our inability to provide certain ‎‎services for which that information is necessary.‎

12. Mexico privacy rights

You have the right to (i) access your personal data; (ii) rectify your personal data, if they are inaccurate or incomplete; (iii) cancel your personal data; and (iv) oppose the use of your personal data for specific purposes (hereinafter jointly, the “ARCO Rights“). In case you wish to exercise any of the ARCO Rights, please send an email to our Data Protection Officer (defined in section below), which must contain, at least, the following information:
  • Full name and email address or address, in order to communicate the response to your request.
  • The documents that prove your identity, or if applicable, that of your legal representative.
  • A clear description of the personal data with respect to which you seek to exercise any of the ARCO Rights.
  • Any other element or document that facilitates the location of personal data.

If required, we may request additional information. The response to your request will be communicated to you within the following 15 (fifteen) business days and, if it is appropriate, it will be implemented within a maximum period of 20 (twenty) business days.

You can revoke the consent that, in your case, you have given us for the processing of your personal data. However, it is important that you bear in mind that not in all cases we will be able to respond to your request or terminate the use immediately, since it is possible that due to some legal obligation, we will need to continue processing your personal data. Likewise, you should consider that for certain purposes, the revocation of your consent will imply that we cannot continue to provide the service you requested, or the conclusion of your relationship with us. 

To revoke your consent, you must submit your request to our Data Protection Officer (defined in section below).

To know the procedure and requirements for the revocation of consent, you can contact our Data Protection Officer (defined in section below).

In order for you to limit the use and disclosure of your Personal Data, we offer you the following means:

Your registration in the Public Registry to Avoid Advertising (Registro Público para Evitar Publicidad), which is in charge of the Federal Consumer Prosecutor’s Office (Procuraduría Federal del Consumidor), so that your personal data is not used to receive advertising or promotions from goods or services companies. For more information about this registry, you can consult the PROFECO Internet portal, or you can contact it directly.

Your registration in our exclusion list, so that your personal data is not processed for marketing, advertising or commercial prospecting purposes by us. For more information, you can contact our Data Protection Officer (defined in section below).

If you consider that your right to the protection of personal data has been damaged by any conduct or omission on the part of the us, or you presume any violation of the provisions set forth in the Law, its Regulations and other applicable regulations, you may file your disagreement or complaint before the National Institute of Transparency, Access to Information and Protection of Personal Data (INAI).

13. Do not track settings

Certain country/state/province laws require that we indicate whether we honor "Do Not Track" settings in your browser concerning targeted advertising. We adhere to the standards set out in this Data Protection Policy and do not monitor or follow any Do Not Track browser requests.

14. What are your rights and how to exercise them

You can exercise the following rights regarding your personal data we process:
  • Right of access – enables you to obtain the information as to whether your personal data is being processed and regarding the procedures and methods of personal data processing,
  • Right to rectification – in case you notice that your data is not accurate, you have the right to complete incomplete or to correct the incorrect data,
  • Right to erasure – allows you to request the erasure of your personal data that we process. We will do this in accordance with the GDPR and in the event that there are no other restrictions preventing us from doing so,
  • Right to restrict processing - allows you to restrict processing, while you dispute the accuracy of the data, object to deletion, as the purpose of the processing for which the data was collected is no longer relevant, and you want further storage due to legitimate interests, or if you have submitted a request to determine the legal reasons for processing,
  • Right to data portability – allows you to receive a copy of the provided personal data in a structured, commonly used hardware format, and to transmit data to another controller, if the requirements set forth by the GDPR are met,
  • Right to object - enables objection in case of data collection and processing for the purposes of direct marketing or related profiling,
  • Right to review automated decision-making - in the event that a decision that is reflected in our mutual relationship is based on automated decision-making, you can use the right to implement a new, non-automated decision,
  • Right to withdraw consent – in the event that the processing is based on the given consent, you have the right to revoke the consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

If you wish to use any of the above rights, you can do so by notifying us at the e-mail address privacy@connectlife.io.

In addition to the above rights, you also have the right to lodge the complaint with the supervisory authority. In the event that your rights regarding the processing of personal data have been violated, you can file a complaint with the competent authority:
  • For company ConnectLife, data technologies, LLC: Information Commissioner of the Republic of Slovenia, by mail to the address: Dunajska 22, 1000 Ljubljana or via e -mail to the address: gp.ip@ip-rs.si

15. Data Protection Officer

In all matters related to the processing of your personal data, our data protection officer is at your disposal and can be contacted at the e-mail address: privacy@connectlife.io.

Share

Twitter
Linkedin