User Experience Improvement Program And Privacy Policy

About ZTE User Experience Improvement Program And Privacy Policy

Last updated in: March 14 of 2020

“User Experience Improvement Program” is provides by ZTE Corporation (herein after referred to as “We” or “ZTE”). It aims to improve user experience and provide you with improved products and services. We sincerely invite you to join User Experience Improvement Program (herein after referred to as “this Program”) to help us improve user experience of products and services. We understand the importance of personal information to you, and will make every effort to ensure the security and reliability of your personal information. We promise to take appropriate security measures to protect your personal information in accordance with well-established security standards in the industry.

Before you join this Program, please read User Experience Improvement Program Privacy Policy (herein after referred to as “this Policy”) carefully. By joining this Program, you understand and agree to the following terms in this Policy:

I. How do we collect and use your personal information?

Personal information refers to the information that is recorded electronically or in other ways and that can be used independently or in conjunction with other information to identify a specific natural person or reflect the activities of a specific natural person. ZTE will collect and use your personal information only for the following purposes described in this policy:

     Remote failure diagnosis and analysis

To diagnose and analyze failures, the following information needs to be collected:

  1. Device info:

    Router device manufacturer name, device type, model, software version, IMEI, SN, IMSI, ICCID, MSISDN, MAC address, IP address, WiFi SSID.IP address,

  1. Basic information of mobile network:

Including Public Land Mobile Network (PLMN) that you’re using, Cell ID, APN settings of the connected devices, the type of network that your device connected to, network connection status of your device, device’s signal strength, device’s roaming status, data usage of your device, WAN info.

  1. Basic information of device operation:

    Device up time, battery level, battery usage, battery enters long-time charging mode, Wi-Fi toggle switch, Wi-Fi SSID 24G parameters, number of Wi-Fi connections, Bandsteering is on or off, Guest SSID info, Wi-Fi settings, Wi-Fi connections, phone number, contacts, message content, email address, voice data, latitude and longitude, information of Router settings, domain name, firewall info, uplink/downlink speed, how many times the device disconnects from network a day, the time length that the device connects to the server which remotely manage terminal devices, at what time the terminal device connects to server, at what time the terminal device disconnects from server, the time length every time the device connects to server, the total time length the device connects to server.

  1. Abnorma data of device:

    Wi-Fi driver error, short range of Wi-Fi coverage, Wi-Fi password strength, data use exceeds the limit, version is too low, device unexpectedly disconnects from network, the field data generated when network is disconnected, device restarts unexpectedly.

  1. Error log:

     including abnormal data occurred when runnning system or device.

We will analyze collected data, discover possible issues, locate and fix issues, and improve user experience.

If you do not provide the information, you can still use your device. However, if there is a failure, we will not be able to remotely diagnose and analyze the failure, and give you a solution.

II. How do we share, transfer and disclose your personal information?

To ensure the security of your personal information, we shall follow the minimization principle and share, transfer, or disclose your personal information in accordance with applicable laws and requirements.

For the companies, organizations, and individuals that share personal information with us, we will take organizational and technical measures in accordance with the local laws and regulations, and require them to process personal information in accordance with our security standards, this policy, and related confidentiality and security measures.

  1. Sharing

We will not share your personal information with any company, organization, or individuals other than ZTE Corporation and its subsidiaries, except in the following cases:

(1) After obtaining your explicit consent, we will share your personal information with other parties.

(2) We may share your personal information in accordance with laws and regulations or mandatory requirements of government authorities.

(3) Share with authorized partners: Some of our services will be provided by authorized partners only for the purposes stated in this policy. We may share some of your personal information with our partners to provide better customer services and user experience.

We only share your personal information for legal, legitimate, necessary and specific purposes, and only share the personal information necessary for the provision of services. Our partners have no right to use the shared personal information for any other purpose.

We will sign strict confidentiality agreements with companies, organizations, and individuals with which we share personal information, and require them to process personal information in accordance with our instructions, this privacy policy, and any other relevant confidentiality and security measures.

  1. Transfer

We will not transfer your personal information to any company, organization or individual except in the following cases:

(1) Transfer with express consent: After obtaining your express consent, we will transfer your personal information to other parties.

(2) If personal information transfer is involved in a merger, acquisition, or bankruptcy liquidation, we will require new companies or organizations that hold your personal information to continue to be subject to this privacy policy. Otherwise, we will require the companies or organizations to re-request authorization from you.

  1. Public Disclosure

We will disclose your personal information only in the following cases:

(1) With your express consent.

(2) Disclosure based on law: We may disclose your personal information in case of law, legal procedure, litigation, or mandatory requirements of government authorities.

 

III. How do we protect your personal information?

  1. We have used the security protection measures that comply with industry standards to protect the personal information provided by you against unauthorized access, public disclosure, use, modification, damage or loss. We will take all reasonable and feasible measures to protect your personal information.

We provide the safe accessing mode of https for services. We use encryption technologies to ensure data confidentiality. We use trusted protection mechanisms to prevent data from being maliciously attacked. We will deploy access control mechanisms to ensure that only authorized personnel can access personal information. In addition, we will hold the training course on security and privacy protection to enhance employees’ awareness of the importance of personal information protection.

  1. Our data security capabilities:

We have been committed to protecting your personal information security.

We have taken various security measures, such as access control system, monitoring system, encryption, anonymization or pseudonymisation, employee training and so forth, to protect your personal information from unauthorized access, use, disclosure, modification, damage or loss and other forms of illegal processing.

We have developed a business continuity plan to ensure that services can be provided continuously. Our information security policies and procedures are designed in strict accordance with international standards, and reviewed and updated regularly, and the effectiveness of the security management architecture and measures is ensured through regular third party security audits. ZTE Corporation and some of its subsidiaries have passed the ISO 27001 information security certification, and can effectively protect your personal information. In case of personal information leakage, we will initiate an emergency plan, take effective measures to prevent the situation from getting worse, and notify the relevant supervisory authority and you in a timely manner.

  1. We will take all reasonable and feasible measures to ensure that irrelevant personal information is not collected. We will retain your personal information only for the period required to achieve the objectives specified in this policy, unless the retention period needs to be extended or is permitted by law.
  2. The Internet is not absolutely secure, and most communications, such as emails and instant messaging, are not encrypted. We strongly recommend that you do not send personal information through such means. Please use a complicated password to help us ensure the security of your account.
  3. We shall regularly update and publicize the contents related to reporting such as security risks ,personal information security impact assessmentsand so forth . If it is shown in the security assessment reports that your rights are affected, we will actively disclose security risks. You can obtain detailed report contents in the following way:

E-mail: [email protected]

  1. The Internet environment is not 100 percent secure. We will do our best to ensure or guarantee the security of any information you send us. If our physical, technical or management protection facilities are damaged, which results in unauthorized access, public disclosure, tampering or damage that affects your legal rights and interests, we shall assume the corresponding legal responsibilities.
  2. After an unfortunate personal information security incident occurs, complying with the requirements stipulated by law,we will inform you in a timely mannerof the basic situation and possible impact of the security incident, the measures we have taken or will take, suggestions for voluntarily preventing and reducing risks, and remedial measures for you. We will inform you of the incident by email, letter, telephone or pushing notification in a timely manner. If it is difficult to inform the subjects of personal information one by one, we will release the notice in a reasonable and effective manner.

In addition, we will actively report the handling of personal information security incidents in accordance with the requirements of the regulatory department.

IV. Data subject rights

In accordance with personal information protection laws, regulations, standards, and common practices in other countries and regions, we guarantee that you have the following rights over your personal information:

  1. Access to your personal information

You have the right to access your personal information, except for exceptions as required by laws and regulations. If you want to exercise data access rights, you can access the data by yourself in the following ways:

You can send an e-mail to [email protected]. We will respond to your access request within 15 days. As long as we do not need to make too many efforts, we will provide you with other personal information generated when you use our products or services.

  1. Correct your personal information

When you find that your personal information processed by us is incorrect, you have the right to request us to correct it. You can email [email protected] at any time and we will reply to your request within 15 days.

  1. Delete your personal information

You can submit a request for deleting personal information in the following cases:

(1) If our processing of personal information violates laws and regulations.

(2) If we collect or use your information without your consent.

(3) If our processing of personal information violates an agreement with you.

(4) If you no longer use our products or services, or your account is canceled.

(5) If we no longer provide products or services for you.

If we decide to respond to your deletion request, we will also notify the entities that obtain your personal information from us and require them to delete your personal information in a timely manner, unless otherwise specified in the laws and regulations, or these entities obtain your independent authorization. After you delete information from our service, we may not immediately delete the corresponding information in the backup system, but we will delete the information during the backup update.

    4. How to join or exit this Program

To join or exit this Program, please open the ZTELink app, and tap Advanced settings > User

Experience Improvement Program, or you may sign into WebUI and go to Settings > Advanced settings > User Experience Improvement Program, and then you can select or deselect the User Experience Improvement Program. If you deselect it, this setting will take effect immediately, and we will no loner collect your information.

  1. Personal information subjects obtain copies of personal information

You have the right to obtain a copy of your personal information. You can perform the following operations by yourself:

You can send an e-mail to [email protected]. We will respond to your access request within 15 days.

Under the prerequisite that the technology is feasible, for example, data interface matching, we can transmit the copy of your personal information directly to the third party specified by you.

  1. Restrain Automatic decision-making of the information system

In some business functions, we may make decisions only based on non-manual automatic decision-making mechanisms such as information systems and algorithms. If these decisions have a significant impact on your legal rights and interests, you have the right to ask us for an explanation, and we will provide appropriate relief method.

  1. Respond to your above requests

To ensure security, you may need to provide a written request or prove your identity in other ways. We may ask you to verify your identity before processing your request, and we will respond within 30 days.

In principle, we do not charge for your reasonable requests, but we will charge for repeated requests that exceed a reasonable limit. We may reject requests that repeat unreasonably, require excessive technical means (for example, development of a new system or a fundamental change of current practice), and bring risks to other people’s legitimate rights and interests or that are extremely impractical (for example, involving information stored on the backup tape).

We will not be able to respond to your request in accordance with laws and regulations if:

(1) The case is directly related to national security and national defense security.

(2) The case is directly related to public safety, public health, and major public interests.

(3) The case is directly related to any criminal investigation, prosecution, trial, and execution of a judgment .

(4) There is sufficient evidence that you have subjective malice or abuse of rights.

(5) Responding to your request will cause serious damage to the legal rights and interests of yours or other individuals’ and organizations’.

(6) Business secrets are involved.

V. How do we process the personal information of children?

Our products, websites, and services are mainly for adults. Without the consent of parents or guardians, children are not allowed to create their own user accounts.

If the personal information of children is collected with the consent of their parents, we will only use or disclose this information with the permit of law, the express consent of parents or guardians or the necessary protection of children.

Although local laws and customs define children differently, we regard anyone under 16 as a child.

If we find that we have collected personal information of children without obtaining confirmed parental consent, we will try to delete the information as soon as possible.

VI. How your personal information is transferred around the world?

ZTE will deploy servers for managing ZTE devices all over the world. In principle, the personal information we collect and generate in the People’s Republic of China will be stored within the territory of the People’s Republic of China. Servers of EU are deployed in Germany, and the personal information we collect and generate in EU area will be stored in the servers that are deployed in Germany.
Because we provide products or services through resources and servers around the world, this means that, with your authorization, your personal data may be transferred to an overseas jurisdiction of the country or area in which the products or services used by you are, or may be accessed from these jurisdictions. We will process the data that is transferred out of the European Union (if any) by signing the Standard Contractual Clauses approved by the European Commission. We will ensure that all cross-border transfers of your personal data will be carried out on the basis of your understanding and consent, and we will take measures, for example, signing data protection agreement or data transfer agreement, to ensure that cross-border transfers of your personal data comply with this policy and applicable local laws and requirements. You can contact us by sending an email to [email protected] to obtain corresponding data transfer agreement. We will implement security measures such as data de-identification to ensure the cross-border data transfer security.

VII. In what ways can you contact us?

If you have any questions about this Program and this Policy, please send an email to us at [email protected], which will be replied in a timely manner. Before sending email, you can visit ZTE official website and view Privacy Policy (http://www.zte.com.cn/china/Privacy-Policy).