You are not obliged to provide to us your personal data. However, we may be unable to provide you with certain products and/or services if you decline to provide such data.
What Personal Data do We Collect
1. Information You Voluntarily Provide Us.
• Account or Profile Data: When you register an account with us, we may collect your name and contact details, such as your name, email address, mailing address, phone number, user name, and login credentials.
• Session data: During your session of consultation or interaction with our business staff about products or services through the IM system, we will collect your session records and relevant information, which is limited to the following: customized session ID, session time, and your company name. The purpose of such collection is to analyze your concerns raised during consultation, so that we can enhance and improve our IM services and identify usage trends. However, please be reminded that we will not collect any sensitive personal information related to your identity.
• Name and Role Details: When you visit our websites, fill out our online forms, or engage with our support team, we may collect your name and role related information, such us your name, email address, and work/company information.
• Job Application Information: When you apply to work for us, we may collect your education and professional experience related information, such as school attended, course of study, academic degree obtained, grades, employment history, professional certification/licenses received.
2. Information We Collect Automatically.
When you use our Sites and Services, we may collect certain information, including Personal Data, about your use of the Sites and Services:
• Device Information: When you interact with our Sites and Services through hardware, we automatically collect device information, such as the unique device ID number of your device (“UDID”), the MAC address of your devices, IP address, wireless connection information, operating system type and version, browser type and version, push notification identifier, and mobile network information.
• Usage Data: During your interaction with our Sites and Services, we automatically collect usage data relating to visits, clicks, downloads, messages sent/received, and other usage of our Sites and Services.
• Location Information: We may collect information about your real-time precise or non-precise geo-location when you interact with our Sites and Services through your devices.
3. Cookies and Similar Tracking Technologies
We may also use web beacons to track usage patterns of users of the Services. Additionally, we may use HTML-based emails sent to our users to track which emails are opened by recipients. The information is used to enable more accurate reporting and make the Services better for you.
We honor do-not-track signals or similar technologies that our systems detect and identify. We do not track, plant cookies, or use advertising when such do-not-track (DNT) browser mechanism is in place on your Device.
Purpose and Legal Basis for Processing Personal Data
The purpose for which we may process information about you are as follows:
• Marketing Communication: We process your Personal Data to inform you about services that we believe may be of interest to you. If we do so, each communication we send you will contain instructions permitting you to opt-out of receiving future communications of that nature. The legal basis for this processing is your consent.
• Legal Compliance: We may process your Personal Data as we believe to be necessary or appropriate: (a) to comply with applicable laws and regulations; (b) to comply with legal process; (c) to respond to requests from public and government authorities (d) to enforce our terms and conditions; (e) to protect our operations, business and systems; (f) to protect our rights, privacy, safety or property, and/or that of other users, including you; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
If there is any change in the purposes for processing your personal data, we will inform such change to you via email and/or a prominent notice on our website of such changes of purposes, and choices you may have regarding your Personal Data.
Who do We Share Personal Data with?
At Tuya, we only share Personal Data in ways that we tell you about. We do not sell your Personal Data to third parties and we limit disclosure of your Personal Data as listed below:
• To our third-party service providers who perform certain business-related functions for us, such as website hosting, data analysis, payment and credit card processing, infrastructure provision, IT services, customer support service, e-mail delivery services, and other similar services to enable them to provide services to us.
• To our customers and other business partners who provide you, directly or indirectly, with your Smart Devices, and/or networks and systems through which you access and use our Sites and Services.
• To an affiliate or other third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including without limitation in connection with any bankruptcy or similar proceedings). In such an event, you will be notified via email and/or a prominent notice on our website of any change in ownership, incompatible new uses of your Personal Data, and choices you may have regarding your Personal Data.
• As we believe to be necessary or appropriate: (a) to comply with applicable laws and regulations; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations, business and systems; (f) to protect our rights, privacy, safety or property, and/or that of other users, including you; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
• To subsidiaries or affiliates within our corporate family, to carry out regular business activities.
• Except for the third parties described above, to third parties only with your consent.
International Transfer of Information Collected
To facilitate our operation, we may transfer, store and process your Personal Data in jurisdictions other than where you live. Laws in these countries may differ from the laws applicable to your country of residence. When we do so, we will ensure that an adequate level of protection is provided for the information by using the following approach:
• an agreement on the basis of approved EU standard contractual clauses per GDPR Art. 46. For more information, see here.
We use commercially reasonable physical, administrative, and technical safeguards to preserve the integrity and security of your Personal Data. Tuya provides various security strategies to effectively ensure data security of user and device. As for device access, Tuya proprietary algorithms are employed to ensure data isolation, access authentication, applying for authorization. As for data communication, communication using security algorithms and transmission encryption protocols and commercial level information encryption transmission based on dynamic keys are supported. As for data processing, strict data filtering and validation and complete data audit are applied. As for data storage, all confidential information of users will be safely encrypted for storage. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), you could immediately notify us of the problem by emailing firstname.lastname@example.org in accordance with the section below.
Data Subject Rights
We respect your rights and control over your Personal Data. You may exercise any of the following rights by:
You do not have to pay a fee for executing your personal rights. According to different data protection laws, your request of personal rights will be handled within 15 business days, or within 30 calendar days due to different response requirement.
In your request, please make clear what information you would like to have changed, whether you would like to have your Personal Data deleted from our database or otherwise let us know what limitations you would like to put on our use of your Personal Data. Please note that we may ask you to verify your identity before taking further action on your request, for security purposes.
• Request access to the Personal Data that we process about you;
• Request that we correct inaccurate or incomplete Personal Data about you;
• Request deletion of Personal Data about you;
• Request restrictions, temporarily or permanently, on our processing of some or all Personal Data about you;
• Request transfer of Personal Data to you or a third party where we process the data based on your consent or a contract with you, and where our processing is automated;
• Opt-out or object to our use of Personal Data about you where our use is based on your consent or our legitimate interests.
Your California Privacy Rights
California Civil Code Section 1798.83 permits users of the Software that are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please contact us in accordance with the “email@example.com” section below. We do not disclose Personal Data to third parties for their direct marketing purposes without your consent.Visit our Statement on Do Not Sell Your Personal Data page for more information.
Protecting the privacy of young children is especially important to us. The Services are not directed to individuals under the age of thirteen (13), and we request that these individuals do not provide any Personal Data to us. We do not knowingly collect Personal Data from anyone under the age of thirteen (13) unless we first obtain permission from that child’s parent or legal guardian. If we become aware that we have collected Personal Data from anyone under the age of thirteen (13) without permission from that child’s parent or legal guardian, we will take steps to remove that information.