Privacy Policy

 

This Privacy Policy applies to the iBUILDING official website services (hereinafter referred to as the "Services") provided to you by Shanghai Meikong Smart Building Co., Ltd. and its subsidiaries）。 We will collect your personal information when appropriate and necessary in accordance with laws and regulations. We will do our best to protect your information from leakage, damage or loss through reasonable and effective information security technology and management processes and corresponding security protection measures. We want to clarify how we are committed to protecting your personal information through the following Privacy Policy.

This Privacy Policy explains when, how and why your personal information is processed on the Website, including iBUILDING and its information introduction subpages, and the information submitted through these pages, and sets out your choices and rights regarding this information. Please read this Privacy Policy carefully as it is important to understand how we collect and use your information and how you can control it.

 

As mentioned above, this Privacy Policy applies only to the iBUILDING official website (including iBUILDING and its information subpages, as well as information submitted through these pages). If you use any product or service operated by iBUILDING or its affiliates and would like to know how the data is handled, please refer to the privacy policy of that product or service. This Privacy Policy also does not apply to any products or services accessed through the iBUILDING official website subdomain.

This Privacy Policy is updated at least every 12 months. The Privacy Statement was updated on September 11, 2023 (V1).

Please read this Privacy Policy in its entirety. If you have any questions about this Privacy Policy, you can contact us at the email address provided in this Privacy Policy.

By using or continuing to use our products and services, you agree to the contents of this Privacy Policy. If you do not agree with any of this Privacy Policy, please stop using our services immediately.

 

1 Collection of personal information

1.1 Definition of Personal Information

Personal information refers to various types of information relating to an identified or identifiable natural person. In other words, personal information refers to various pieces of information that allow us to directly or indirectly identify you.

In our Privacy Policy, we also use "data" to refer to personal information.

1.2 Circumstances of Personal Information Collection

We collect your personal information in the following circumstances:

·           When you register as a user of us;

·           When you use our services and products.

1.3 Scope of Personal Information Collected

We process various types of personal information, including data that you explicitly provide to us, your device data, and personal information generated by your use of our services. Specifically:

·       When you register or log in, you have the option to fill in your personal information in the profile section, including your nickname, profile picture, address, and bio. This information is your "Account Information".

·       When you use our products or services, we automatically receive and record information about your browser, computer, or device, such as your IP address, browser type, language used, date and time of access, SSID, IMEI, Hardware and software feature information and the web history you need.

·       To help us understand the operation of web-based selection tools, we may record relevant information such as your usage frequency data, damage data, overall usage data, performance data, etc. However, we do not associate the information stored in the analytics software with any of your personal information.

·       It should be noted that device information or service log information alone cannot identify a specific natural person. If we combine such non-personal information with other information to identify a specific natural person or combine it with personal information, such non-personal information will be treated as personal information during the combined use period, and we will de-identify such information unless we obtain your authorization or otherwise require by law.

·           As described above, we store your account information in a database so that your personal data is immediately available every time you visit our website or other services.

We store your data as log files on our servers for analysis and research. After being processed by the server, your data is transferred to the database.

We regularly back up our data to prevent data loss due to server failures or human error. We will also delete the data immediately upon your deletion request.

2 Data processing

2.1 Our Role

We are the processor of your data.

2.2 Legal basis

We process your data for one or more of the following purposes:

·           When a processing request is made on the express instructions or requirements of the data controller;

·           When we obtain your explicit consent;

·           To perform a contract we have entered into with you;

·           when we are obliged by law to do so;

·           When we process within the scope of our legitimate interests. For example, we transfer data to other business units of our company to enforce our policies, administer day-to-day business, aggregate data for data analysis, maintain information security, or prevent fraud.

2.3 Reasons for providing your personal information

In general, your consent forms the legal basis for our processing of your information. Therefore, in order to reach an agreement with you, perform the agreement, and safeguard the legitimate rights and interests of all parties, it is necessary for you to agree to our User Agreement and Privacy Policy.

You have the right to choose whether or not to provide the relevant data. However, without some of your information, we may not be able to obligate you in part or in whole under the Terms of Service or provide you with our services. If you would like more information, please contact our Data Protection Office using the contact details in the last section of this Privacy Policy.

2.4 Purpose and method

We use the information you provide to us and the information we collect in the course of our services to provide you with our services. We will not use your data for any other purpose that is incompatible with the purposes for which it was collected.

We use your information for the following purposes as expressly specified by the Data Controller in the following ways:

·           Verify your identity to prevent unauthorized access;

·           To provide our services or products under our contract with you;

·           To provide other services you have requested as requested during the data collection process;

·           processing transactions and communicating with you about the details of such transactions;

·           Help track and fix any glitches or errors in the application;

·           conducting internal audits, data analysis or research to improve our products and services by evaluating our efficiency;

·           Share your information with our partners so that they can help us provide our products and services to you;

·           Sharing your information with other global branches for internal management and back-office support;

·           maintain the integrity and security of our information systems in which we store and process your information;

·           reviewing and investigating data breaches, illegal activities, and fraud;

·           To comply with applicable laws and regulations, or as required by litigation and other legal proceedings or mandated by government authorities.

3. Sharing, transfer, and disclosure of personal information

3.1 Sharing of Personal Information

We will keep your personal information strictly confidential. We do not share your personal information with any other companies, organizations, and individuals except in the following circumstances:

·           Sharing with explicit consent: We share your information with third parties with your explicit consent.

·           Sharing with our employees and global branches: Your information is generally shared with our employees and global branches to provide further services, conduct internal administration, review or deal with data breaches, illegal activity or fraud, and maintain the integrity of the company's IT systems. We only share necessary information with our employees to the smallest extent and comply with this Privacy Policy. We also sign confidentiality agreements with authorized employees.

·           Sharing with Third-Party Service Providers (or Partners): We share your personal information with third-party service providers (or partners) to provide or improve our services (including but not limited to cloud services, IT support, and providing customer service). However, we will sign strict data processing agreements with all relevant third-party service providers (or partners), requiring them to take certain security measures when processing your information in accordance with relevant laws and regulations and our requirements to protect your data security.

·           Disclosure required by law, regulation or government authority: We disclose your information in accordance with laws and regulations or government authorities.

3.2 Transfer of Personal Information

We will not transfer your personal information to any other company, organization or individual other than affiliates, except in the following circumstances:

·           Transfer with explicit consent: After obtaining your explicit consent, we transfer your personal information to third parties.

·           In the event of a merger, acquisition, or bankruptcy liquidation, if the transfer of personal information is involved, we will require the new company or organization holding your personal information to continue to be bound by this Privacy Policy, otherwise we will require the company or organization to re-solicit your authorization and consent.

3.3 Disclosure of Personal Information

We will only disclose your personal information if:

·           Disclosure with your explicit consent;

·           Disclosure Based on Legal Requirements: We may disclose your personal information in cases of law, legal process, litigation, or mandatory requirements from government authorities.

4. Retention period of personal information

We will continue to retain your personal information for as long as necessary for the purposes set out in this Privacy Policy and for any additional period required or permitted by law until you withdraw your consent.

However, we may delay retaining your information for research or statistical purposes, but we will desensitize your information to ensure that the information does not identify you.

At the same time, we may retain your personal information to assist in any governmental and judicial investigation to file or maintain legal requests or civil, criminal, or administrative proceedings, in accordance with the laws of your country. If the above reasons do not apply to the data we hold, we will securely delete and destroy your data in accordance with the relevant requirements.

5 Protection of minors' information

Our products and services are primarily intended for adults, but we understand that it is crucial to take extra precautions to ensure the privacy and safety of minors who may use our products and services. We consider anyone under the age of 16 (or the age required by local law) to be a minor.

We will only use or disclose the personal information of minors collected with the consent of guardians when permitted by law, with the explicit consent of guardians, or when necessary to protect minors. Guardians may request access, correction or deletion of the minor's personal information at any time by contacting us in accordance with Article 13.

If we are found to have collected personal information from minors without verifiable guardian consent, we will delete the content as soon as possible.

6 Personal Information Protection Measures

We adhere to recognized key data protection principles (fairness, purpose limitation, data quality, data retention, compliance with individual rights and security) and take reasonable steps to keep your personal information secure. We employ a range of technologies to protect the security of your personal information to minimize the risk of misuse, unauthorized access, unauthorized disclosure, and inaccessibility. The security measures we take include, but are not limited to, data desensitization, data encryption, firewalls, and data access authorization controls.

In addition, we regularly review and update the security mechanisms used to protect data to provide effective protection against data misuse. If you believe that the security of your data has been compromised, or if you would like more information about the measures we are taking to protect your data, please contact the Data Protection Office using the contact details in the last section of this Privacy Policy.

7 Storage of Personal Information

As we provide services globally, all the data we collect about you will be stored simultaneously on servers in Germany, regardless of your country of location, for data storage security reasons.

8 Cross-border Transfers of Personal Information

We are a multinational company, and the scope of responsibility of the team responsible for data processing may cover the world or multiple countries. As a result, these teams may be located anywhere in the world where we operate, including countries outside the EU. These countries may not pursue the same standards of personal information protection as your country. We may also transfer data to countries or regions outside the European Union, including China. By using or joining our Services and/or providing us with your information, you consent to our presence in your country of residence in accordance with this Privacy PolicyCollect, transfer, store, and process your information outside the region. We will make every effort to ensure that they comply with applicable legal requirements, such as enforcing standard contractual clauses, to the extent permitted by prior art. All your data we collect will be used for user and product analysis after being treated with the necessary confidentiality in order to provide you with a better service. However, in this case, we will take steps to protect your information appropriately.

9 User Profiles and Automated Decision-Making

When you use our services, in order to provide you with more convenient information display, search and push services that meet your personalized needs, we may extract your preference characteristics based on your purchase information and service log information, and generate indirect crowd portraits based on feature tags for display, push information and possible commercial advertisements.

We may analyze the information that is processed to identify you in order to improve our products and services.

We do not use your data for any fully automated decision-making.

10 Rights to personal information and their exercise

10.1 Your Right to Personal Information

·           Right of access: You have the right to request a copy of the personal information we hold about you;

·           Right to rectification: You have the right to request that we correct information that contains errors or is out of date;

·           Right to erasure: You have the right to request that we cancel your account or delete the personal information we hold about you;

·           Right to data portability: You have the right to request that we provide you with your data and, where possible, to transfer it directly to the data controller;

·           Right to restrict processing: If you dispute the accuracy or lawfulness of our processing of personal information, you have the right to ask us to restrict processing; However, your right to restrict processing may result in you not being able to use our services normally;

·           Right to object: You have the right to object to our use of your personal information for user profiling and automated decision-making, or to send commercial information for direct marketing;

·           Right to lodge a complaint: You have the right to lodge a complaint against the processing of your data with the competent authority in your location or the Member State that processes your data;

·           Right to withdraw consent: If we rely on your consent to process your personal information, you have the right to withdraw your consent at any time.

10.2 How to exercise your personal information rights

We will protect your right to access and correct your personal information. If you wish to exercise any of the rights described in Article 11.1, you can do so by sending an email to our Data Protection Office.

Due to the high volume of commercial promotional emails we receive every day, we will not respond to your email if we believe it is not related to personal information.

10.3 Results of Requests

After the personal information subject makes a request, the following results may occur:

(1) The request is rejected

In some cases, requests made by personal data subjects will be rejected, including but not limited to:

·           When the laws of your location do not grant the personal information subject relevant rights;

·           When the identity of the person making the request cannot be verified;

·           The request made by the personal information subject cannot be verified or exceeds the scope, especially if the request is repeated;

·           If the information involved is related to the compensation we want to make or receive in the dispute, the disclosure of the information is likely to harm the interests of the relevant parties;

·           When the information is retained only for statistical research purposes and the publication of statistical research results does not disclose personal identities;

·           Other circumstances stipulated by law.

If we deny a request for access from a personal information subject, we will formally explain the reasons to the requestor.

(2) The request is successful

If the situation in (1) does not occur, we will handle requests from personal information subjects. To better ensure that your request is successfully accepted, please provide as much detail as possible when making your request, such as the type and specific content of the request, information about the data holder (such as the name of the product or service you use), and the time frame within which the information is generated or processed (the smaller the time frame, the more likely it is to succeed).

10.4 Withdrawal of Consent

You can change the scope of our authorization to continue collecting personal information, or withdraw your authorization by sending an email requesting deletion of configuration information, unlinking your device, or canceling your account.

However, please note that each business function requires some basic personal information (such as registering email) to complete, and if you withdraw your consent or authorization, we will not be able to continue to provide you with corresponding services. However, your decision to withdraw your consent or authorization will not affect the processing of personal information based on your authorization.

11 Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any changes to this Privacy Policy on this page. We also provide more prominent notice of material changes (including, for some services, we send an email notification explaining the specific changes to this Privacy Policy).

Material changes to this policy include, but are not limited to:

·           Material changes in our service model (such as the purpose of processing personal information, the types of personal information processed, and the use of personal information, etc.);

·           Material changes in our ownership structure and organizational structure (e.g. changes in ownership due to business restructuring, bankruptcy and mergers and acquisitions, etc.);

·           Major changes in the objects of public disclosure of personal information;

·           Your rights to participate in the processing of personal information and the way you exercise it have materially changed;

·           We are responsible for handling the security of personal information, and there are changes in contact information, contact information, and complaint channels.

·           When the personal information security impact assessment report indicates that there is a high risk.

At the same time, we will archive the previous version of this Privacy Policy for your reference.

12 Contact us

If you have any questions about this Privacy Policy or if you would like to exercise any of your rights, please send an email to our Data Protection Office at the following email address: Support@hvacssp.comUpon receipt of your request, we will make every effort to respond within one month of receiving the request from the subject requesting access to personal information. Thank you very much for your patience and understanding. Given the complexity and volume of the requirements, this period may be extended by an additional 45 days as needed. If there is a delay in responding, we will inform the personal data subject and explain the reason for the delay. In the event of a conflict between the limitation period set forth in this paragraph and local law, local law shall prevail. If you do not consent to our processing of your personal information, you may submit a mediation request or other request to your data protection supervisory authority.

 

Old Versions:

1st edition: September 11, 2023.