COMFORT APPLICATION PRIVACY STATEMENT FOR EU AND UK USERS
Last Updated 10 December 2022
This Comfort Application Privacy Statement describes the personal information Haier (Singapore) Investment Holding Pte Ltd (“HSP”, “we”, “our”, or “us”) collects when you use the Comfort Application (the “Application”), how we use this information, with whom we share it, and the choices you have in connection with this.
The Data Controller, i.e., the party taking decisions on processing methods and purposes, is Haier (Singapore) Investment Holding Pte Ltd, with its registered office at 9 Raffles Place,, #18-02, Republic Plaza, Singapore, 048619, Singapore.
1. INFORMATION WE COLLECT AND USE
Through your use of the Application, HSP will collect personal information, which is information that identifies you directly or indirectly, as outlined below.
HSP is the data controller of your personal information, however to restrict data transfers it does not have access to your personal information.
A. Information Collected From You
As you use the Application, we collect personal information when you:
Register for the Application: When you register for the Application, we collect from you your personal identifiers (preferences, email address, country of residence, and information relating to your account login). You provide these personal identifiers by completing online forms during the Application setup process. The Application also creates a User ID to identify you as a registered user of the Application. We use these personal identifiers to manage your account, provide you the Application and allow you to connect your appliance to the Internet using the Application. The legal basis for this processing is performance of our contract with you. If you do not provide this information we would not be able to provide the services. We also ask whether you would like to provide your name, surname, address, telephone number. Your are not required to provide this information. If you do, we will use it to provide you secondary services not essential to the functioning of the App. The legal basis for processing is your consent. You may revoke your consent any anytime, with effect going forward, by removing this information from your account profile by using the settings in the Application.
B. Information Collected From Your Mobile Device and Smart Appliance
As you use the Application, we collect personal information when you:
Connect an Appliance: When you connect an appliance to the Application utilizing WiFi or Bluetooth (the “Connected Appliance”), we automatically collect, from the appliance, data related to the Connected Appliance (software version, product information, and appliance performance and diagnostics data) from your mobile device: data related to your mobile device (make, model, operating system, software version) as well as information about your WiFi network (MAC Address, IP Address). We use this information to allow you to control your Connected Appliances via the Application, to notify you if your Connected Appliance has an issue, and to determine the version of the Application you are using. The legal basis for this processing is performing the contract with you. If you do not provide this information we would not be able to provide the service. We also ask whether you would like to save your home network SSID and password so that you do not need to re-type it when adding a new Connected Appliance. Your are not required to save this information. If you do, it will be used only to autopopulate your login. The legal basis for processing is your consent. You may revoke your consent any anytime, with effect going forward, by changing your user settings.
Utilize a Connected Appliance in Conjunction with the Application: After you have registered your account and provisioned your Connected Appliance, we automatically collect the following information (the “Connected Appliance Data”) as you use your Connected Appliance in conjunction with the Application:
1. Real-time usage information for your Appliancethat depends on the type of Appliance, such as the (number of) times an Appliance is turned on or off, the type and/or number of cycles run by an Appliance, different modes used, and the date your Appliance was installed. This information is used to permit you to monitor and control your Connected Appliance. The legal basis for this processing is performance of our contract with you. If you do not provide this information we would not be able to provide the service.
2. Communication Information. We will collect information from your Appliance such as the Appliance’s IP address, MAC address, RFID and/or wifi connection. The legal basis for this processing is performance of our contract with you. If you do not provide this information we would not be able to provide the service.
3. Status and diagnostic information for your Appliances, specifically information that permits us to understand and alert you in the event there are issues that need to be repaired or corrected to keep your Connected Appliance operating as it should. The legal basis for this processing is performance of our contract with you. If you do not provide this information we would not be able to provide the service.
4. Alerts and tips for your Appliances, specifically information to provide with alerts and tips for your use of the Appliances The legal basis for this processing is performance of our contract with you. If you do not provide this information we would not be able to provide the service.
When you use Digital Assistants to Activate Interactive Functions: If you use a digital assistant (such as Google Assistant, Alexa or Siri) to activate the voice commands, we will collect and process the information set forth above, as conveyed by the digital assistant. Please bear in mind that the information conveyed by the digital assistant is subject to the relevant digital assistant provider’s privacy disclosures and terms. Please review them carefully.
HSP also uses your personal information collected for the above purposes to efficiently maintain our business, to comply with the law, and for other limited circumstances as described in HOW WE SHARE YOUR INFORMATION.
C. Information Collected Automatically From the Application via SDKs
In addition to the personal information identified above, when you use the Application, we and our third party providers collect via SDKs and similar tracking technologies certain information required to authenticate you and your network when you login and use the Application as well as information required to store your preferences for the operation of your Connected Applicance. This information is used to make the app work as you expect it to and to provide enhanced functionality as described below. Some of the SDKs we use will store and retrieve information on your device, like a cookie or other similar tracker would.
Essential SDKs. We use essential SDKs that are necessary for the Application to function. The legal basis for the placement of these essential SDKs is that they are necessary for our provision of the Application. If you do not provide this information we would not be able to provide the service.
For more information on SDKs and other trackers, see our SDK Notice.
2. HOW LONG WE RETAIN YOUR PERSONAL INFORMATION
We keep your personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) to provide you with services available on the App or with your appliance, (ii) for as long as we have an ongoing relationship with you (such as maintaining your online account or sending you a newsletter); (iii) as required by a legal obligation to which we are subject; or (iv) as is advisable in light of our legal position (such as in regard of applicable statutes of limitations, litigation, or regulatory investigations).
3. HOW WE SHARE YOUR INFORMATION
A. General Sharing
• With service providers: HSP will share your personal information with service providers that perform services on HSP’s behalf. Service providers include GE Appliances, Fisher & Paykel Appliances Limited (FPA), Salesforce and AWS.
• With our Application provider:HSP will share your personal information with GE Appliances, which administers the Application. GE Appliances occasionally transfers your personal information, on an as-needed basis, to its support staff in the US and its service provider in India to provide information technology services and troubleshooting. Comfort user account information (Device Id, User registration data (name, email, address, phone), user consent, and User ID) is stored on Salesforce servers located in Germany and France and managed by FPA as subprocessor. FPA will only access the information in New Zealand. New Zealand is recognized as an adequate jurisdiction under GDPR.
HSP engages its processor GE Appliances to collect and store Connected Appliance Data (ComfortApp User ID, MAC address, Device ID, customer usage) on AWS servers located in Ireland with access to GE Appliances on a restricted basis. A pseudonymized extract of this data (Device ID, SmartHQ User ID, MAC address) can be accessed by GE Appliances in the United States. This information is collected directly, through your use of the Comfort Application.
In addition, GE Appliances employees from the US and service providers in India can access your personal information and Connected Appliance information in these cloud instances for the purpose of providing technical support and troubleshooting.
The US and India have not been granted a recognition of adequacy for the protection of information by the EU as their legal regimes allow, in certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities to access your personal information. Some of these transfers are necessary for the provision of the Application and thus These transfers are carried out pursuant to the GDPR Article 49 derogation for contractual necessity.
• For legal purposes: HSP will share your personal information where legally required, in response to court orders, law enforcement or legal process; to establish, protect, or exercise our legal rights, as required to contracts; to defend against legal claims or demands; to detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person; or to comply with the requirements of any applicable law. The legal basis for this is our compliance with the law.
4. YOUR RIGHTS
The law affords you the right to check how your data are processed and, if applicable, to restrict their use. You may exercise these rights at any time and free of charge by contacting our company and writing to the addresses specified above.
Under The EU General Data Protection Regulation and UK GDPR, you have rights we need to make you aware of. The rights available to you depoend on our reason for processing your information.
- Right of Access. You have the right to ask us for information about the personal data we have about you as well as copies of it.
- Right to Rectification. You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Right to Erasure and Right to Restriction. You have the right to ask us to erase your personal information in certain circumstances. Where our processing is based on legitimate interest, you have the right to restrict the processing of personal data. You can do that by contacting email@example.com
- Right to Data Portability. Where we process your personal information based on the legitimate bases of your consent or the performance of a contract, you have the right to receive the personal data we hold in a commonly used format and send the data to another controller or use it for your personal purposes.
In the event of your death the above-mentioned rights regarding to your personal data may be exercised by those who have their own interest in doing so, or act to protect you as an agent, or for family reasons deserving of protection. You may expressly prohibit the exercise of certain rights listed above by those entitled by sending a written statement to HSP at the email address provided below. The statement may be revoked or modified later on using the same procedures.
Please note that requests to erase data are subject to current legal and regulatory obligations on the storage of documents.
To exercise your rights, you may send an email at any time to firstname.lastname@example.org or write to:
Haier Singapore Comfort App
c/- Fisher & Paykel Appliances Limited
P O Box 58550 Botany
f.a.o. Global Privacy Officer
4. INFORMATION SECURITY
HSP implements and maintains reasonable security measures to help protect the personal information that HSP collects and maintains in accordance with industry standards, including encryption, access controls and firewalls. These measures include cyber security policies, security incident response processes (PSIRT), penetration and vulnerability testing and annual maturity assessments. While there are adequate process and technical controls in place, howeverwe cannot guarantee that our security measures will prevent malicious attacks to our systems 100% of the time.
5. AGE RESTRICTION
The Application is not intended for individuals under the age of eighteen (18). If we realise that we have inadvertently obtained the personal data of a minor, we will immediately erase their personal data.