Xiaomi Mi Fit app ToS, privacy section (2016-Jan)

1. Types of Personal Data Collected
2.  
3. In order to provide our services to you, we will ask you to provide necessary personal data that is required to provide those services. If you do not provide your personal data, we may not be able to provide you with our products or services.Set up and log in of Mi Account. Personal data that are collected for creating a Mi Account may include your email address or mobile phone number, device related information (e.g. IMEI number) and various location related information (e.g. location area code, mobile network and country codes).Purchasing your Xiaomi products. When you make purchases through the Xiaomi e-commerce website, we may collect your Mi Account ID (or mobile phone number or email addressed used to create your Mi Account), name, phone number, delivery address and order details, etc. Xiaomi provides logistics services to deliver the products purchased on the e-commerce website. Xiaomi has an after sales system to handle after sales related matters as well as an after sales centre for walk-in support services for users. When you use these services, we may also collect the order number, invoice date, list of purchased items and your contact details in order to process the services.Activating Mi Fit. When you activate the Mi Fit, we may collect your age, height, weight and gender. We may also collect other details you provide as part of your profile such as your birthday, picture and signature.Sync Mi Band data. When you synchronise the Mi Band data, e.g. to Mi Fit Cloud Service, we may collect data relating to your activities and functionalities of Mi Fit, such as those obtained from our sensors and features on Mi Fit, your sleeping patterns, movement data, heart rate data, and smart alarm related information.Sync Mi Scale data. When you synchronise the Mi Scale data, e.g. to Mi Fit Cloud Service, we may collect data relating to your weight and functionalities of Mi Scale.Sharing your content. When you share content or send information to family and friends, we may collect personal information of those people, such as their names, email addresses, telephone numbers, and mailing addresses (if we need to send a product to them). You hereby represent and warrant that you have obtained necessary consent for use of third parties’ personal data if you choose to provide them to us. When you share content or invite users to use Mi Fit, please note that other users may see personal data you share.Processing the services. In providing the above services, we may also collect data in relation to your device, including your Mi Fit ID, firmware version, device OS version, model and system, and visiting IP and time.
4.  
5. How the Personal Data is used
6.  
7. To provide you with our products and services, processing your orders, performing contractual obligations between you and us, to ensure the functions and safety of our products, to verify your identity, to prevent and trace fraudulent or inappropriate usageTo develop our products and services, together with general and statistical informationTo communicate with you, including providing you with notifications on products and services that are updated or launchedTo provide marketing and promotional materials to you on our products and services (please note that you may unsubscribe anytime)To personalise product design and to provide you with services tailored for you, for example, recommending and displaying information and advertisements regarding products suited to you, and to invite you to participate in surveys relating to your use of Mi FitTo conduct investigations regarding our products and servicesIf you participate in our lottery, contest or other promotions, we may use your personal data to manage such activitiesTo provide maintenance services, monitor software licenses, to improve our products or analyse the efficiency of our operations
8.  
9. Other Information
10.  
11. We use statistical data that does not specifically identify you (non-personal data) to help in our operations and improve our products and services and provide a better user experience for you. Here are some of the non-personal data we may collect and how we use them:
12.  
13. When you create a Mi Account, download our software, register in our e-commerce website, participate in online surveys or interact with us in other ways, we may collect your language preferences, postal code, area code number and time zone in which you use our products and services, and your profession.When you opt-in to participate in our User Experience Improvement Program, we may gather statistics relating to your use of our products functions, on an anonymous basis. This may include information relating to your use of our official website, products and services. If there is an abnormal shutdown or breakdown, we may collect information relating to your mobile device to diagnose the problem.When you use our services or functions that are based on location information, e.g. carry out a location search, take advantage of advertising, use weather functions, access information based on maps, etc., we may collect your geographical information.When you use our website, online services, interactive applications, email messages and advertising, we may use cookies and other technical elements (e.g. pixel labels) to collect and store non-personal data. These enable us to provide you with a better experience and improve our overall service quality, e.g. in saving your preferred language settings, sending emails in a readable format, to determine whether the emails have been opened or not, etc.When you use the Internet browser in using our products and services, we may collect log information, e.g. IP address, browser type, language, reference source, operating system, date and time marking and click rate data.When you first use and activate your Mi Band or Mi Scale, the device’s unique identification code and approximate geographical information may be collected.
14.  
15. You have control over your information!
16.  
17. We recognise that privacy concerns differ from person to person. Therefore, we provide examples of ways we make available for you to choose to restrict the collection, use, disclosure or processing of your personal data and control your privacy settings, such as controlling the settings under the User Experience Improvement Program, Location Access functions, and your Mi Account.
18.  
19. More details may be found by visiting the MIUI Security Centre under the “Permissions” section. If you have previously agreed to us using your personal data for the abovementioned purposes, you may change your mind at any time by writing or emailing us atdataprotectionSG@xiaomi.com [A1] .
20.  
21. Access, Updating or Correcting Your Personal Data
22.  
23. You have the right to request access and/or correction or any other personal data that we hold about you. When you update your personal data, you will be asked to verify your identity before we proceed with your request. Once we obtain sufficient information to accommodate your request for access or correction of your personal data, we shall process in accordance with the laws of your country. While we try our utmost in acceding to your requests, unreasonably repetitive or unrealistic requests or those that put others’ privacy at risk may be declined.We normally provide such services for free but reserve the right to charge a reasonable fee.If you believe any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the email address below. Email: dataprotectionSG@xiaomi.com[A2] .For details relating to the personal data in your Mi Account, you may also access and change them at account.xiaomi.com.
24.  
25. Withdrawal of Consent
26.  
27. You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or control by submitting a request. This may be done by accessing your Xiaomi Account management centre at account.xiaomi.com. We will process your request within a reasonable time from when the request was made, and thereafter not collect, use and/or disclose your personal data as per your request.Please recognise that your withdrawal of consent could result in certain legal consequences. Depending on the extent of your withdrawal of consent for us to process your personal data, it may mean that you will not be able to enjoy Xiaomi’s products and services.
28.  
29. Who do we share your information with?
30.  
31. Unless we tell you in this privacy policy, we will keep your personal information confidential. We may disclose your personal data on occasion to third parties in order to provide the products or services that you have requested. Some of these third parties may be located outside your home country.
32.  
33. Disclosure may include the scenarios listed in this section below. In each case described in this section, you can be assured that Xiaomi will only share your personal data in accordance with your consent. You should know that when Xiaomi shares your personal data with a third party under any circumstance described in this section, Xiaomi will ensure that the third party is subject to practices and obligations to comply with the relevant data protection and privacy laws of your country. Xiaomi will contractually ensure compliance by any foreign Third Party Service Providers with the privacy standards that apply in your home jurisdiction.
34.  
35. Disclosure to Xiaomi group companies and Third Party Service Providers
36.  
37. In order to conduct business operations smoothly, the Xiaomi entity which collects your personal data may disclose your personal data from time to time to other Xiaomi group companies (in communications, social media, technology or cloud business), or our third party service providers which are our mailing houses, delivery service providers, telecommunications companies, data centres, data storage facilities, and customer service providers, agents, related corporations, and/or other third parties (together “Third Party Service Providers”). Such Third Party Service Providers would be processing your personal data on Xiaomi’s behalf or for one or more of the purposes listed above.Personal data will only be shared by Xiaomi to provide or improve our products or services and will not be shared for use for marketing purposes.
38.  
39. Disclosure to Others
40.  
41. Xiaomi may disclose your personal data without further consent if required or permitted by law in the following cases:
42.  
43. cases in which the disclosure is required or authorized based on the applicable laws and/or regulations;cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of the individual or another individual;cases in which the disclosure is necessary for the prevention of crime or legal proceedings;cases in which the purpose of such disclosure is clearly in the individual’s interests, and if consent cannot be obtained in a timely way;cases in which the disclosure is necessary for any investigation or proceedings;cases in which the disclosure is to any officer of a prescribed law enforcement agency upon production of written authorisation signed by the head or director of that law enforcement agency, or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer; and/orcases in which the disclosure is to a public agency and such disclosure is necessary in the public interest.
44.  
45. Information Not Requiring Consent
46.  
47. We may share anonymised information and statistics in aggregate form with third parties for business purposes, for example with advertisers on our website, or we may tell our business partners the number of customers in certain demographic groups who purchased certain products or who carried out certain transactions.For the avoidance of doubt, in the event that we are permitted by law to collect, use or disclose your personal data without your consent, such permission granted by the law shall continue to apply.
48.  
49. Information Safety Safeguards
50.  
51. We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access, disclosure or other similar risks, we have put in place reasonable physical, electronic and managerial procedures to safeguard and secure the information we collect. We have put in place the following security procedures and technical and organisational measures to safeguard your personal data:
52.  
53. Your personal data is stored on secure servers that are protected in controlled facilities.All data saved in the back-end is classified into different levels based on the importance and sensitivity of the data, e.g. whether the data contains personal data.In the data centers, clusters that contain sensitive data are grouped together in the network topology, and will be placed in rooms with additional physical security protection.Data exchanged between Xiaomi devices and servers are encrypted using Secure Sockets Layer (“SSL”).There is an optional two-step verification process when users access their Mi Account.There is regular review of information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.Access is restricted to Xiaomi employees and Third Party Service Providers who need to know that the information in order to process it, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet such obligations.There are also access controls for all server clusters used for cloud-based data storage and process.Most data used for Xiaomi’s products and/or services is stored in a storage system. By using column family based access control mechanism, Xiaomi employees are only allowed access to the data column families they are granted access to.Please note also that for the above, Xiaomi may use overseas facilities operated and controlled by Xiaomi to process or back up your personal data. Currently, Xiaomi has data centres in Beijing and Singapore. As a result, we may transfer to and store your personal data at our overseas facilities. However, this does not change any of our commitments to safeguard your personal data in accordance with this Privacy Policy.
54.  
55.  
56. Information safety is very important to us. We will take all practicable steps to safeguard your personal data. Through our protective measures above, especially encrypted storage and transmission, your data is as secure as it can be. Certain details of encrypted data cannot be accessed by anyone except by you.
57.  
58. When this Privacy Policy applies
59.  
60. Our Privacy Policy does not apply to products and services offered by a third party. Xiaomi products and services may include third party’s products or services. When you use such products or services, they may collect your information too. For this reason, we strongly suggest you to read the third party’s privacy policy as you have taken time to read ours. We are not responsible for and cannot control how third parties use personal data which they collect from you. Our Privacy Policy does not apply to other sites linked from our services.