The Huawei Consumer Business Privacy Statement was updated on
March 27, 2020.
Huawei Device Co., Ltd. and its global affiliates (collectively, "Huawei", "we", "us", and "our") respect your privacy. Therefore, we have developed a Privacy Statement (hereinafter referred to as "this Statement") that covers how we collect, use, disclose, protect, store and transfer your personal data. Please take a moment to read and understand our privacy statement and let us know if you have any questions.
Personal data means any electronic or other information which alone or jointly with other information can be used to identify a natural person or make him/her identifiable. This Statement explains how Huawei processes your personal data, but does not cover all processing scenarios as you will be informed in specific processing activity. Therefore, before using a specific product or service, it is recommended that you read the privacy notice or supplementary statement released by Huawei for that product or service to understand how it processes your personal data, how you can exercise your data subject rights, and how to contact the data controller.
This Statement applies only to Huawei personal and home products, including feature phones, smartphones, laptops, tablets, wearable devices, mobile broadband devices, smart household appliances, accessories, computer applications, mobile services, software, toolkits, websites, and services that display or mention this Statement.
A. Personal Data Collected by Huawei
Before using Huawei products or services, you may need to provide personal data. You do not have to provide your personal data to Huawei, but in some cases, the non-provision of certain personal data will cause the inability to provide you with some related products or services.
Huawei will collect and use your personal data for the purposes stated in this Statement. Here are some examples of personal data we may collect:
1. Personal data that you provide to Huawei
You need to register a Huawei ID to enjoy certain functions or services. When you register a Huawei ID or log in with a Huawei ID to shop online, download software, or purchase services, we will ask you to provide relevant personal data, such as your name, email address, mobile number, order information, shipping address, and payment mode.
Huawei may provide you with cloud storage services where you can sync and backup some of your files, pictures and data.
Some Huawei products allow you to communicate and share information with others. When you use a Huawei product to share things with your family and friends, you may need to create a Huawei ID that includes certain information which will be made public, including a nickname and avatar. Huawei may collect information related to those people, such as their names, email addresses, and phone numbers. Huawei will take appropriate and necessary measures to ensure the security of the information that you provide. You must ensure that the people, whose information you provide, have consented to you providing their information to Huawei.
To meet some jurisdictions' requirements on real-name authentication of accounts, prevention of electronic game addiction, or Internet payment, Huawei might ask you to provide a proof of identity issued by the government or relevant card information that can identify you.
2. Information that Huawei collects in your use of services
Huawei will collect data about your device and how you and your device exchange information with Huawei products and services. This type of information includes:
(1) Device and application information, such as the device name, device identification code (IMEI, ESN, MEID, and SN), device activation time, hardware model, OS version, application version, software identification code, and device and application settings (such as region, language, time zone, and font size).
(2) Mobile network information, such as the public land mobile network (PLMN) provider ID and Internet Protocol (IP) address.
(3) Log information. When you use Huawei services or view Huawei-provided content, Huawei will automatically collect and log some information, such as the time of access, access count, IP address, and information about incidents (such as errors, crashes, restarts, and upgrades).
(4) Location information. Huawei will collect, use, and process the approximate or precise location of your device when you access some location-based services (for example, when you search, use navigation software, or view the weather of a specific location). Location information can be obtained based on the GPS, WLAN, and service provider network ID. We will ask you to choose the applications for which you want to enable location services. In the device settings menu, you can disable the location permissions of specific services to reject sharing your location information.
(5) Information you store on Huawei servers. For example, the information you upload to the cloud will be stored on Huawei servers for rapid access and sharing between devices. We will not view the information you store on Huawei servers.
3. Information from third-party sources
When permitted by law, Huawei will collect information about you from public and commercial sources. Huawei may also obtain certain information from third-party social network services, such as the time when you use a social network account to log in to a Huawei website.
4. Collection and use of non-identifiable data
Non-identifiable data refers to data that cannot be used to identify an individual. Examples of non-identifiable data include statistics on website visits, application downloads, and product sales volume. Huawei will collect statistics information to understand how users use our products and services. By doing so, we can improve our services to better meet your requirements.
We keep your personal data and non-identifiable data separate, and use each independently. Circumstances may arise where Huawei collects, uses, discloses, and transfers non-identifiable data for other purposes at our own discretion.
B. How Huawei Uses Your Personal Data
Huawei may use your personal data for the following purposes:
(1) Register and activate Huawei personal and home products that you have purchased.
(2) Register a Huawei ID so that you can enjoy a wider range of functions and mobile services.
(3) Deliver, activate, or verify the products and services you have requested, or perform changes and provide technical support and after-sales services for the foregoing products and services based on your requirements.
(4) Send you OS or application updates and installation notifications.
(5) Provide personalised user experience and content.
(6) Send you information about products and services you might be interested in, invite you to Huawei promotional activities and market surveys, or send marketing information to you. If you do not want to receive such information, you can opt out at any time.
(7) Carry out internal auditing, data analysis, and research; analyse business operation efficiency and measure market shares; and improve Huawei's products and services.
(8) Synchronise, share, and store the data you have uploaded or downloaded, as well as the data needed for the upload and download operations.
(9) Improve our loss prevention and anti-fraud programmes.
(10) Process pursuant to laws and regulations, e.g. tax, authority requests.
(11) Other purposes within specific services or with your consent.
We do not share personal data with other companies, organisations and individuals unless one of the following circumstances applies:
(1) Sharing with consent: After obtaining your consent, Huawei will share the information that you have authorised with specified third parties or categories of third parties.
(2) Sharing pursuant to laws and regulations: Huawei may share your information as required by laws and regulations, for resolving legal disputes, or as required by administrative or judiciary authorities pursuant to law.
(3) Sharing with Huawei affiliates: Your information may be shared within Huawei's affiliates only for explicit, and legitimate purposes, and the sharing is limited only to information required by services. For example, we verify the global uniqueness of accounts before allowing them to be registered.
(4) Sharing with business partners: Some products and/or services are provided to you directly by our partners. Huawei also may share your information with them, they may use your information to provide you with products and/or services you request (e.g., products sold by third-party seller through Huawei’s e-commerce platform, video content provided by other companies through Huawei’s applications), make predictions about your interests and may provide you with advertisements, promotional materials and other materials
(5) Sharing with service providers: Huawei also may disclose your information to companies that provide services for or on behalf of us. Examples of these service providers include companies that provide hotline services, send email, or provide technical support on behalf of Huawei. The service providers can use your information only for the purpose of providing services to you on behalf of Huawei.
(6) Huawei will share your information when there is a reasonable requirement to do so, for example, to meet request of applicable law, regulation, legal process or enforceable government.
In scenarios 3 to 6, Huawei will ensure that the lawfulness of this sharing and sign stringent non-disclosure agreements (NDAs) and/or data processing clauses with the companies, organisations, and individuals with whom personal data is shared, requiring them to comply with this Statement and take appropriate confidentiality and security measures when processing personal data.
Huawei attaches great importance to the security of your personal data and has adopted standard industry practices to protect your personal data and prevent it from unauthorised access, disclosure, use, modification, damage, or loss. To this end, Huawei takes the following measures:
(1) We take reasonable and feasible measures to ensure that the personal data collected is minimal and relevant to what is necessary in relation to the purposes for which they are processed. We retain your personal data for no longer than is necessary for the purposes stated in this Statement and privacy notice of specific product or service, unless extending the retention period is required or permitted by law.
(2) We use a range of technologies such as cryptographic technologies to ensure the confidentiality of data in transmission. We implement trusted protection mechanisms to protect data and data storage servers from attacks.
(3) We deploy access control mechanisms to ensure that only authorised personnel can access your personal data. In addition, we control the number of authorised personnel and implement hierarchical permission management on them based on service requirements and personnel levels.
(4) We strictly select business partners and service providers and incorporate personal data protection requirements into commercial contracts, audits, and appraisal activities.
(5) We hold security and privacy protection training courses, tests, and publicity activities to raise employees' personal data protection awareness.
Huawei is committed to protecting your personal data. Nevertheless, no security measure is perfect and no product, service, website, data transfer, computing system, or network connection is absolutely secure.
To cope with possible risks, such as personal data leakage, damage, and loss, Huawei has developed several mechanisms and control measures, clearly defined the rating standards of security incidents and vulnerabilities and corresponding processing procedures, and established a dedicated Security Advisory and Security Notice page. Huawei has established a dedicated emergency response team to implement security planning, loss reduction, analysis, locating, and remediation, and to perform tracking operations with related departments based on security incident handling regulations and requirements.
If any personal data incident occurs, Huawei will notify you, pursuant to relevant legal and regulatory requirements, of the basic information about the security incident and its possible impact, measures that Huawei has taken or will take, suggestions about active defense and risk mitigation, and remedial measures. The notification may take the form of an email, text message, push notification, etc. If it is difficult to notify data subjects one by one, we will take appropriate and effective measures to release a Security Notice. In addition, we will also report the handling status of personal data security incidents as required by supervisory authorities.
A. Access, rectification, deletion, data portability, restriction of processing, objection to processing.
Legislation in some countries and regions to which Huawei provides products and services or from where Huawei processes personal data, provides that data subjects the rights request (hereinafter referred to as "requests") in regards to the accessing, rectifying, deleting or erasure, porting, restricting, and objecting, the processing of related personal data by Huawei retains. In addition you will have the right to data portability.
1. Requesting modes and channels
Data subjects' requests must be submitted in accordance with Huawei designated privacy channels. The requests are valid even when the requester does not specify the laws on which the requests are based.
Data subjects' requests may be initiated through the official website of Huawei Consumer BG, HiCare app or Huawei ID app. If a data subject initiates a request via a hotline, email, online customer service, service centre, or another channel, we will instruct the data subject to officially raise the request through one of the aforementioned channels to facilitate communication and feedback of progress and results. The dedicated request channels for data subjects are intended to protect data subjects' lawful interests, ensure Huawei's normal operation, and prevent the right to request from being misused or fraudulently used.
2. Validity of requests
Most laws require data subjects to comply with specific requirements when they initiate requests. This Statement requires data subjects to:
(1) Submit requests through dedicated request channels provided by Huawei (namely, the official website of Huawei Consumer BG, HiCare app, and Huawei ID app).
(2) Provide sufficient information for Huawei to verify their identities (to ensure those who initiate the requests are the data subjects themselves or those authorised by them).
(3) Ensure that their requests are specific and feasible.
There are some circumstances, provided by laws and regulations, in which Huawei may not have to comply with the request in full or at all.
B. Consent withdrawal
You can change the authorised personal data collection scope or withdraw your consent without affecting the lawfulness of the processing activities based on the consent and prior to such withdraw.
Your rights can be exercised by deleting information, disabling related functions, or setting privacy options on your Huawei product. Huawei will release the methods for withdrawing consent for specific products and services in the privacy notice or supplementary statement of those products and services or upon request according to section A above.
C. Delete a HUAWEI ID
You can delete your account in HUAWEI ID-related products. After you delete your account, we will stop providing products and services, and delete your personal data unless otherwise stipulated by law. Your account cannot be restored after deletion. You need to register a new HUAWEI ID if you want to use related Huawei products or services again. You can delete your HUAWEI ID in the settings of a device, app, or website on which you have logged in with your HUAWEI ID.
Huawei's personal and home products are intended for adults. However, for the use of Huawei products and services by children, we are fully aware of the importance of taking extra preventive measures to protect privacy and security. Huawei identifies whether data subjects are children based on the age of majority defined by laws of the local countries and regions.
When children's personal data is collected based on the consent of the holders of parental responsibility, we will only use or disclose the information as permitted by law, explicitly consented to by the holders of parental responsibility, or required for protecting the children. Holders of parental responsibility who need to access, modify, or delete the personal data of their children and people under guardianship can contact us via the channels provided in "IV. How Huawei Protects Your Personal Data."
If Huawei accidentally collects children's personal data without obtaining consent from provable holders of parental responsibility, Huawei will delete the information as soon as possible after becoming aware of it.
Huawei websites, application software, products, and services may contain links to third-party websites, products, and services. Huawei products and services may also use or provide products or services from third parties, for example, third-party apps released on Huawei app store HiApp.
All links to third-party websites, products, and services are provided for users' convenience only. You need to determine your interaction with such links on your own. Before submitting your personal data to third parties, please read and refer to these third parties' privacy policies.
Our products and services are delivered through resources and servers located in different places, to offer our products and services, we may need to transfer your personal data among several countries. Authorised Huawei personnel and third parties acting on our behalf may access, use and process personal data collected from you in a country/region that is different from the country/region where you entered the personal data, which may have less stringent data protection laws. When we transfer your personal data to other countries/regions, we will protect that the personal data as described in this statement or as otherwise disclosed to you at the time the data is collected (e.g. via privacy notice or supplementary statement of specific product or service).
Huawei has implemented global privacy practices for processing personal data protected under various data protection laws. Huawei transfers personal data between the countries in which we operate in accordance with the standards and conditions of applicable data protection laws, including standards and conditions related to security and processing.
With respect to personal data coming from the EU or Switzerland, we comply with applicable legal requirements providing adequate safeguards for the transfer of personal data to countries outside of the European Economic Area ("EEA") or Switzerland. We use a variety of legal mechanisms, such as standard contractual clauses to implement the cross-border transfer of your personal data; or implement security measures like anonymisation on the data before the cross border data transfer.
If you use the Huawei Mobile Services (HMS) in a country or region listed in Part 2 of Annex A, Aspiegel Limited incorporated in Ireland is the data controller. If you use the HMS in a country or region listed in Part 3 of Annex A, Huawei Services (Hong Kong) Co., Limited is the data controller. For details, refer to the local privacy statement of the HMS.
The Huawei online stores in each jurisdiction outside the Chinese mainland have their own legal entity, which is responsible for the personal data collected within its jurisdiction. For more details about the data controller, please refer to the privacy statement on the local online store.
Huawei reserves the right to update this Statement at any time.
Should this Statement be revised from time to time, Huawei will release the change notice via various channels, for example, posting the latest version on our official website: http://consumer.huawei.com.
"Major changes" in this Statement include but are not limited to:
(1) Major changes in our service modes, for example, purposes of personal data processing, types of processed personal data, and ways of using personal data
(2) Major changes in our ownership structure, organisational structure, etc., for example, ownership changes caused by business adjustment, bankruptcy, or acquisition
(3) Changes in the main objects of personal data sharing, transfer, or disclosure
(4) Major changes in your rights regarding personal data processing and the ways in which you can enjoy those rights
(5) Changes of Huawei departments, contacts, and complaint channels responsible for the security of personal data processing
(6) High risks identified in personal data security impact assessment reports
We have set up a dedicated personal data protection department (or data protection officer). If you have any questions, comments, or suggestions, please contact us by visiting the contact us page or submitting them to our global offices. To obtain the complete list of Huawei offices, please visit the global offices page.
If you want to exercise your privacy rights, or have any privacy issues for which you need to lodge a privacy complaint with our Data Protection Officer (DPO), or want to consult our DPO regarding general data protection, please visit our Data Subject Right Portal.
Note: Due to differences in local laws and languages, the local versions of Huawei Consumer Business Privacy Statement may be different from this version. In the case of any conflicts, the local versions shall prevail.
Copyright ©2020 Huawei Device Co., Ltd. All rights reserved.