Huawei Device Co., Ltd. and its global affiliates (collectively, "Huawei", "we", "us", or "our") respect your privacy. We hereby develop this Privacy Statement (referred to as "this Statement") to help you understand how we collect, use, disclose, protect, store, and transmit your personal data. Please take a moment to read this Statement carefully and contact us if you have any questions.
This Statement applies to Huawei products and services that display or mention this Statement, including feature phones, smartphones, laptops / tablets, Huawei Vision, wearable devices, mobile broadband devices, home routers, smart household appliances, accessories, PC apps, mobile Internet apps (referred to as "apps"), software, toolkits, websites, and services.
Besides this Statement, we recommend that you carefully read Huawei's privacy statement or supplementary notice (referred to as the "Product Privacy Notice") specific to the product or service to be used. The Product Privacy Notice is an important part of this Statement. It provides basic information, such as how each product or service processes your personal data, how to exercise your data subject rights, who are data controllers, and how to contact the controllers. The Product Privacy Notice shall prevail in the event of any conflict with this Statement. For other parts, this Statement shall prevail.
1. How Huawei Collects Your Personal Data
Personal information refers to any type of information recorded electronically or otherwise relating to an identified or identifiable natural person, excluding information that has been anonymised. We may collect your personal data when you use our products or services or interact with us. Different types of data will be collected, depending on the service you use and your interactions with us. In some cases, you can choose not to provide such data, but this may prevent us from providing you with corresponding products or services, or may mean that we cannot respond to or resolve any issues you have raised.
When providing you with related products or services, we may also collect and summarise statistics, such as website visits, app downloads, and product sales volume, to understand how our products and services are used. For the purposes of this Statement, the preceding statistics are regarded as non-personal data. We will try our best to isolate your personal data from non-personal data and use them separately. The personal data mixed with non-personal data will still be treated as personal data.
We will collect and use your personal data only for the purposes described in this Statement and Product Privacy Notice. The following are some examples of personal data we may collect:
(1) Personal data that you provide to Huawei
You need to register a HUAWEI ID to enjoy certain functions or services. When you register a HUAWEI ID or log in to your HUAWEI ID to shop online, download software, or purchase services, we may ask you to provide relevant personal data, such as your name, email address, mobile number, order information, shipping address, and payment method.
Some Huawei products allow you to communicate and share information with others. When you use a Huawei product to share contents with your family and friends, you may need to create an open HUAWEI ID profile, which includes your nickname and avatar. We may also collect information about your family and friends, such as their names, email addresses, and phone numbers. We will take appropriate and necessary measures to ensure their communications security.
In order to meet the requirements of certain jurisdictions for real-name account registration, game addiction prevention systems, and Internet payment as well as other requirements, we may ask you to provide identity proofs issued by local governments, or relevant card information that can authenticate your identity.
(2) Information that Huawei collects when you use services
When you use our products and services, we will collect your device information and how you and your device interact with our products and services. Such information includes:
a. Device and app information, such as the device name, device identifier, device activation time, hardware model, operating system version, app version, software identifier, and device and app settings (such as region, language, time zone, and font size).
b. Mobile network information, such as the public land mobile network (PLMN) provider ID, geographical location (cell ID of the area where the device is located), and Internet protocol (IP) address.
c. Log information. When you use Huawei services or view Huawei-provided content, we will automatically collect and log some information, such as the time of access, access count, IP address, and event information (such as errors, crashes, restarts, and updates).
d. Location information. When you access certain location-based services (such as perform searches, use navigation software, or view the weather for a specific location), we will collect, use, and process the approximate or precise location of your device. Such information may be obtained through the GPS, Wi-Fi, or service provider network ID. We will ask you to select the apps for which you want to enable location services. You can refuse to share your location by disabling the corresponding permission in your device settings.
e. Information stored in the cloud. For example, the information you upload to the cloud will be stored on our servers for rapid access and sharing between devices. No one has access to such information without your permission.
(3) Information from third-party sources
When permitted by local laws, we may also obtain other information about you, your device, or service usage from public or legitimate commercial sources. For example, we obtain your information from the third party when you log in to our website through a third-party social media account, or when your contact information is uploaded by others who use our communication services.
2. How Huawei Uses Your Personal Data
We use your personal data only on a legal basis. According to applicable local laws, we may use your personal data for the following purposes under one of the legal bases: your consent; necessary to perform / enter into a contract between you and Huawei; necessary to protect the legitimate interests of you or others; necessary to fulfil legal obligations; and necessary to protect the legitimate interests of enterprises:
(1) Register and activate our products or services that you have purchased;
(2) Register your HUAWEI ID so that you can enjoy a wider range of functions;
(3) Deliver, activate, or verify the products and services you have requested, or perform changes and provide technical support and after-sales services for such offerings at your request;
(4) Notify you of operating system or app updates and installations;
(5) Provide individualized user experience and content;
(6) After obtaining your consent or receiving your request, send you information about products and services you might be interested in, invite you to our promotional activities and market surveys, or send marketing information to you;
(7) Carry out internal audit, data analysis, and research; analyse business operation efficiency and measure market shares; and improve our products and services;
(8) Troubleshoot problems after you send error details to us;
(9) Synchronise and store the data you have uploaded or downloaded, as well as the data needed for upload and download operations;
(10) Improve our loss prevention and anti-fraud programs;
(11) Comply with applicable local laws / regulations, for example, fulfil e-commerce platform management obligations, or comply with legal government requirements;
(12) Other purposes described in the Product Privacy Notice.
We may use cookies, pixel tags, web beacons, and other local storage technologies on its websites, mobile apps, online services, emails, and advertisements. The information collected through cookies and similar technologies is regarded as non-personal data. However, if local laws treat IP addresses or similar identifiers as personal data, we will also treat them as personal data. In some cases, we mix the non-personal data collected by using these technologies with the personal data we hold. For the purposes of this Statement, we will regard the mixed data as personal data.
A cookie is a text file created by a web server and stored on a computer or mobile device. The content of a cookie can only be retrieved or read by the server that created the cookie. Cookies are unique to the browser or mobile application you are using. They usually contain identifiers, site names, numbers, and characters.
Cookies are sometimes stored on computers or mobile devices to improve user experience, including:
(1) Necessary cookies:
− Login and verification. When you use your HUAWEI ID to log in to a website, cookies can help you navigate from page to page, without having to re-log in on each page.
− Storage of your preferences and settings. Websites can use cookies to save personal settings, such as the language, font size, shopping basket, and other browsing preferences on your computers or mobile devices.
(2) Analysis cookies: Statistical analysis. With cookies, we can collect information about your use of our websites and other apps, including recording a single visit (using a session cookie) or multiple visits (using a persistent cookie).
(3) Advertisement cookies: Interest-based advertisement. With cookies, we can collect information about your online activities, discover your interests, and deliver highly relevant advertisements to you.
You can manage or delete cookies based on your own preferences. You can clear all cookies stored on your computer, and most web browsers provide the option to block cookies. For details about how to change the browser settings, contact the browser provider.
If you clear cookies, you will need to change your settings every time you visit our websites. Please note that some of our services may require the use of cookies. In this case, disabling cookies may affect all or part of the services provided.
In addition to cookies, we may also use other similar technologies on our websites, such as web beacons and pixel tags. A web beacon is typically an electronic image embedded into a website or email to identify your device cookies when you access the website or email. Pixel tags enable us to send emails in a way that is readable to you and find out whether an email has been opened.
We and our third-party partners use such technologies for a variety of purposes, including analysing service usage (in conjunction with cookies) and providing more satisfactory content and advertisements to you. For example, an email sent to you by us may contain a click-through URL which links to our website. If you click the URL, we will track your visit to help us understand your preferences for products and services and improve customer services.
Many web browsers provide the Do Not Track feature that can send Do Not Track requests to websites. Major Internet standardisation organisations have not established policies to specify how websites should deal with these requests.
Currently, we do not allow you to change the cookie processing ways based on the Do Not Track settings or other similar features you have selected.
1. Entrusting
In some cases, we may entrust other companies to process your personal data on behalf of us. For example, we may entrust another company for hotline support, sending emails, and providing technical support. Such companies may only use your personal data to provide services on behalf of us.
We will enter into a strict entrusting agreement or personal data processing terms with the entrusted party. The entrusted party is obligated to process related personal data in accordance with this Statement and our instructions, and take relevant confidentiality and security measures to ensure personal data security.
2. Sharing
Sharing refers to the process in which we provide personal data to other personal data processors, and both parties can independently determine the data processing purposes and methods. We will not share your personal data with external parties, except in the following cases:
(1) Sharing with your consent: After obtaining your consent, we will share your authorised personal data with third parties designated by you.
(2) Sharing under statutory circumstances: We may share your personal data in accordance with laws / regulations, litigation resolution requirements, or legal requirements of administrative and judicial authorities.
(3) Sharing with our affiliates: Your data may be shared with our affiliates. We will share your data with our affiliates only for specific, definite, and legitimate purposes. We will only share data necessary for providing services. For example, in order to avoid repeated registration of HUAWEI IDs, we need to verify the global uniqueness of the account to be registered.
(4) Sharing with business partners: To ensure the quality of services provided to you, we may share your order, account, device, and location information with our third-party partners. However, we will only share your personal data for legitimate, appropriate, necessary, specific, and definite purposes. Our partners include:
a. Third-party sellers and developers: Some of our products or services are directly provided to you by third parties. In this case, we will share transaction-related information with third parties to fulfil the requirements for products or services you have purchased. For example, when you purchase products from third-party developers in HUAWEI AppGallery, we will share necessary information with them to complete the transaction.
b. Providers of goods or technical services: We may share your personal data with third parties that support our features and functions, including third parties that supply or provide infrastructure technology services, logistics and distribution services, payment services, and data processing services. We share such data for the purpose of implementing the functionality of our products and services. For example, we will share your order information with the logistics service provider to arrange delivery, or your order number and purchase amount with a third-party payment agency to confirm your payment instructions and complete the transaction.
We will perform security assessment on the sharing behaviour and personal data receivers, and sign a data protection agreement or strict non-disclosure agreement with them, requiring them to abide by this Statement and take appropriate confidentiality and security measures when processing your personal data.
3. Transfer
If personal data transfer is involved due to merger & acquisition, division, dissolution, or bankruptcy, we will send prior notifications to you to specify the receivers' names and contact information, and require them to abide by this Statement when processing your personal data. The receiver who attempts to change the original processing purpose or method shall obtain your consent again.
4. Public Disclosure
We will disclose your personal data only in the following cases:
(1) After obtaining your consent;
(2) On legal or reasonable grounds: We may disclose your information when required by laws, legal procedures, litigation, or public and government authorities.
The security of your personal data is important to us. We have adopted standard industry practices to protect your personal data from unauthorised access / disclosure / use / modification, damage, or loss. To this end, we take the following measures:
1. We take all reasonable and feasible measures to ensure that the personal data collected is minimal and relevant to what is necessary in relation to the purposes for which they are processed. We will retain your personal data for no longer than is necessary for the purposes stated in this Statement, unless otherwise extending the retention period is required or permitted by law.
2. We use cryptographic technologies to ensure the confidentiality of data transmission and storage, and implement trusted protection mechanisms to protect data and data storage servers from attacks.
3. We deploy access control mechanisms to permit only authorised access to your personal data. In addition, we limit the number of authorised personnel and implement hierarchical permission management based on service requirements and personnel levels. Access to personal data will be logged and reviewed by authorised personnel on a regular basis.
4. We carefully select business partners and service providers and incorporate personal data protection requirements into commercial contracts, audits, and appraisal activities.
5. We organise security and privacy protection training courses, tests, and publicity activities to raise employees' personal data protection awareness.
We are fully committed to protecting your personal data. Nevertheless, no security measure is perfect, and no product, service, website, data transmission, computer system, or network connection is absolutely secure.
In response to possible risks, such as personal data leakage, damage, and loss, we have developed several mechanisms and control measures, clearly defined the rating standards of security incidents and vulnerabilities and the corresponding handling procedures, and established a dedicated Security Advisory and Security Notice page. We have also established a dedicated security emergency response team to implement security contingency plans, loss reduction, analysis, locating, and remediation, and to perform backtracking / countering operations with related departments in accordance with security incident handling regulations and requirements.
If any personal data security incident occurs, we will notify you, pursuant to local legal requirements, of the basic information about the security incident and its possible impact, measures that we have taken or will take, suggestions about active defence and risk mitigation, and remedial measures. The notification may take the form of an email, text message, push notification, etc. When it is difficult to inform data subjects individually, we will take appropriate and effective measures to release a Security Notice. In addition, we will also report the handling status of personal data security incidents as required by supervisory authorities.
1. Personal Data Subjects' Rights, Such as Access, Correction, and Deletion
Legislation in certain countries and regions where we provide products and services stipulates that data subjects have rights to access, correct, and delete personal data, and restrict personal data processing. According to local laws, personal data subjects or their agents can submit requests for exercising data subjects' rights (referred to as "requests") to us.
(1) Requesting methods and channels
Data subjects' requests must be submitted in writing. The requests are equally valid even if the requester does not specify the laws on which the requests are based. In general, verbal requests are not valid unless otherwise permitted by local laws.
Data subjects' requests can be submitted through the official website of Huawei Consumer BG, My HUAWEI app, or HUAWEI ID Privacy centre. If a data subject initiates a request via a hotline, email, online customer service, service centre, or other channels, we will instruct the data subject to raise an official request through one of the aforementioned channels to facilitate progress communication and result feedback. We have established the dedicated channels to protect their legitimate interests, ensure our business operation, and prevent their rights from being misused or fraudulently used.
(2) Validity of requests
Most laws require data subjects to comply with specific requirements when they initiate requests. This Statement requires data subjects to:
a. Submit requests through dedicated request channels (namely, official website of Huawei Consumer BG, My HUAWEI app, or HUAWEI ID Privacy centre).
b. Provide sufficient information for Huawei to verify their identities (to ensure those who initiate the requests are the data subjects themselves or those authorised by them).
c. Ensure that their requests are specific and feasible.
(3) Request processing period
We will make every effort to respond within one month upon receiving a request to access personal data. This period may be extended if necessary, depending on the number of requests and their complexity. If the request period is to be extended, we will notify the data subject of the situation and reason for delay. In the event of any time conflict between this section and local laws / regulations, the latter shall prevail.
(4) Request results
After a request is submitted, the following may occur:
a. The request is rejected.
Requests from data subjects may be declined in the following situations, including but not limited to:
(a) Local laws do not grant relevant rights to data subjects;
(b) The identity of the requester cannot be verified;
(c) The request cannot be verified or is out of scope, especially when requests are sent repeatedly;
(d) The requested information is related to the compensation that we will make or receive as a result of an ongoing dispute, and the disclosure of such information is likely to damage our interests;
(e) The retained information is used for statistical and research purposes only, and the publication of statistics and research results does not reveal personal identities;
(f) Other situations stipulated by laws.
If we decline a request from a data subject, we will provide the requester with a formal explanation.
b. The request is accepted.
If none of the situations described in (1) occurs, we will honor the request of the data subject. To increase the likelihood that the request will be accepted, please provide as detailed information as possible when submitting your request, such as the request type, specific content, information about the information holder (such as the account name you use for our products and services), and time frame in which the information was generated or processed (requests within a shorter period of time have a higher likelihood of being accepted).
(5) Special notes
a. Only legal guardians or legally authorised persons have the right to access the personal data of others.
b. Most laws / regulations specify the circumstances under which an organisation may not provide data to data subjects. These cases include scenarios when providing data may undermine ongoing efforts against terrorism; when the data subject has made repeated requests, or when obtaining and providing such information would consume disproportionate resources.
c. Typically, we will not provide the following information:
(a) Information about others: Requests from data subjects may involve other individuals besides the data subject. We will not provide such information, unless authorised by the relevant individuals.
(b) Repeated requests: If the data subject initiates the same or similar requests related to one data subject for multiple times, and the data has not changed since the last time we provided the data, we will not provide a copy of the data in most cases. Additionally, we have no obligation to provide information that has been publicly available.
(c) Confidential opinions: We are not obligated to provide the requested information if such information is a confidential opinion.
(d) Special documents: We will not disclose any special information in response to requests for accessing personal data. Typically, special information includes any confidential documents (such as attorney / client communication), and information that obtains or expresses a corresponding legal opinion (irrespective of whether it is related to the lawsuit itself or related to information from court proceedings).
2. Withdrawal of Consent
If allowed by applicable laws, you have the right to withdraw your consent at any time when we process your personal data based on your consent. However, the withdrawal of consent shall not affect the lawfulness and effectiveness of your personal data processing based on your consent before the withdrawal is made, or affect any data processing based on another justification other than your consent.
For details about how to withdraw your consent for a specific product or service, see the Product Privacy Notice.
We attach great importance to the protection of minors' personal data. We will provide services and protection for minors in strict accordance with national laws / regulations. Parents or other guardians should also take appropriate measures to protect minors, including monitoring their use of products or services.
We treat anyone under the age of 14 (or the age stipulated by local laws) as a child. Children are not allowed to create their own HUAWEI IDs without the consent of their parents or other guardians. We will strictly restrict the entrusted processing, sharing, transfer, and public disclosure of children's personal data in accordance with laws / regulations. If the guardian needs to access, correct, or delete the personal data of the person under guardianship at any time, please contact us according to Chapter 10 "How to Contact Us." If we find that we have collected children's personal data without obtaining the prior consent from authenticated parents or other guardians, we will manage to delete the data as soon as possible.
To ensure smooth user experience, Huawei websites, apps, products, and services may contain links to third-party websites, products, and services. Huawei's products and services may also use or provide products or services from third parties, such as third-party apps available on HUAWEI AppGallery. Huawei does not have control over third-party websites, products, and services, but you can choose whether to access these links.
Huawei also has no control over the privacy or data protection policies of third parties, as such third parties are not bound by this Statement. Before submitting personal data to third parties, please read and refer to their privacy or data protection policies.
Huawei is a multinational company. As such, the personal data we collect may be processed or accessed in countries or regions where you use our products or services, or other countries or regions where we or our affiliates, subsidiaries, service providers, or business partners are located. These countries / regions may have different data protection laws. In such circumstances, Huawei takes measures to ensure that data is processed as required by this Statement and applicable laws.
Personal data collected and generated during our operations in the People's Republic of China will be stored in China. If specific products / services involve cross-border transfer of personal data, we will provide personal data to the receiving party outside China after fulfilling legal obligations (for example, after passing regulatory security assessment).
Huawei reserves the right to update this Statement at any time. This Statement may be updated from time to time. For the latest version, please visit our official website (http://consumer.huawei.com). If major changes are made to this Statement, we may notify you through different channels, for example, posting a notice on our website or sending you direct notification.
We have a department (or specialists) dedicated to personal data protection. If you have any questions, comments, or suggestions, please contact us via the online customer service, Privacy Questions page, or our global offices. For a complete list of our offices, please visit the Contact Huawei page.
Generally, we will give an initial reply within three working days and answer your questions within the time frame specified by laws / regulations. If you are not satisfied with our reply, especially if you feel that our personal data processing has violated your legal rights and interests, you can submit complaints or report to local privacy protection regulators.
Note: Due to differences in local laws and languages, the local versions of the Huawei Consumer Business Privacy Statement may differ from this version. In case of any conflicts, the local versions shall prevail.
Copyright © Huawei Device Co., Ltd. 2023 All rights reserved.
Last updated: December, 2023