Privacy Policy

Introduction

Milesight Development Platform (also referred to as “we”, “us”, “our”, “Milesight”) recognizes that your privacy is important and we take it seriously. This privacy policy (this “Privacy Policy”) describes how we collect, store, share, and use the information you submit and entrust to us when you visit and access our products, services, websites, and mobile applications (the “Applications”) that we make available to you in connection with products and services or otherwise provided to you as a part of our Internet of Things solutions (collectively, the “Products” and the “Services,” respectively). We license access to the Services to you under our Terms of Service (our “Terms of Service”) available at the Terms of Service link that you may find on Milesight Development Platform account on IoT Developer Platform.

Before using Milesight Development Platform, please carefully read and understand this policy. By confirming your full understanding and agreement, you may proceed to use Milesight Development Platform. Once you start using Milesight Development Platform, it indicates that you fully understand and agree to this policy, and consent to us processing your relevant information in accordance with this policy. If you have any questions, opinions, or suggestions regarding the contents of this policy, you can contact us through the various contact methods provided in this policy.

Information We Collect

1. Information You Voluntarily Provide Us

• (1) Account Data: When you register an account with us, we may collect your name and contact details, such as your name, email address, company name, cell-phone number, register region, and login credentials.
• (2) Session Data: During your sessions of communications with our staff, such as consultations with our business team, or online interactions with the customer service team about our products or Services, we will collect your session records and relevant information, which is limited to the following: customized session ID, session time, your company name, as well as information you voluntarily provide. The purpose of such collection is to analyze your concerns raised during the session, so that we can enhance and improve our services and identify usage trends, or in order to address your problems. However, please be reminded that we will not collect any sensitive personal information related to your identity.
• (3) Name and Occupational Information in Communications with Us: When you visit our websites, fill out our online forms, or engage with our support team, we may collect your name and occupational information, such us your name, email address, and work/company information.

2. Information We Automatically Collect

When you use our Sites and Services, we may collect certain information, including Personal Data, about your use of the Sites and Services:

• (1) Usage Data: During your interaction with our Sites and Services, we may automatically collect usage data relating to visits, clicks, downloads, messages sent/received, and other usage of our Sites and Services.
  The major purpose of collecting and using such data is to improve the products or services we provide to you, and to collect different volumes of data because of the different types functions of the products or services.
• (2) Log Data: When you access or use our Sites and Services, any act you engage that may pose any risk to us will be recorded in form of log files. This may include without limitation, system logs, exception logs, or logs describing how your operations may pose risk to us. Logs may be uploaded to backend.

Please note that one cannot identify a specific individual by using device information or log information alone. However, if these types of non-personal information, combined with other information, may be used to identify a specific individual, such non-personal information will be treated as Personal Data. Unless we have obtained your consent or unless otherwise provided by data protection laws and regulations, we will aggregate and desensitize such non-personal information.

How We Use Your Information

The purposes and uses of collecting and using the information above are detailed in the following functional descriptions. Once personal information is leaked, illegally provided, or abused, it may pose risks to personal safety and property, and can easily result in damage to personal reputation, physical and mental health, or discriminatory treatment. Therefore, we will employ compliant technologies to encrypt the transmission and storage of sensitive information that you explicitly consent to and actively provide, in order to protect the security of your personal information.

We will not indirectly obtain your personal information through channels such as sharing, transferring, or collecting publicly available information. If, in the future, there is a need to indirectly obtain your personal information through other channels, we will only collect the minimum amount of information necessary to fulfill the business functions of the product or service. Before collecting and using the information, we will inform you clearly and seek your explicit consent. At the same time, we will ensure the legitimacy of the information sources before collection, and understand the scope of authorization and consent obtained by the personal information provider, including the purpose of use, authorized transfer, sharing, and public disclosure. If our processing activities of personal information exceed the scope of authorization and consent, we will obtain your explicit consent within a reasonable period after obtaining the personal information or prior to processing it.

The purposes and uses of collecting and using your information are detailed as follows:

(1) Enable Core Features of the Milesight Development Platform

Core features refer to the essential functionalities that support the normal operation and provision of services of Milesight Development Platform. If you do not agree to the collection and use of personal information necessary for providing you with services, you will be unable to use Milesight Development Platform.

Information collected through account registration: When you register a Milesight Development Platform account, we collect your name, email address, and password. This information is collected to assist you in completing the registration process and to protect the security of Milesight Development Platform account. If you refuse to provide this information, you may not be able to successfully register a Milesight Development Platform account. You also have the option to add a profile picture, company name, or phone number to Milesight Development Platform account. You can modify your profile picture, name, company name, password, and mobile phone number through "My Account."

When you delete your Milesight Development Platform account, we will cease using and delete the aforementioned information or anonymize your personal information unless otherwise required by applicable laws and regulations.

(2) Provide Security Assurance, Resolve Technical Issues, and Handle Your Inquiries about Devices and Services

Provide security assurance, resolve technical issues, and address your inquiries about devices and services. In order to safeguard the security of accounts and devices, handle your inquiries regarding Milesight Development Platform and services, continuously improve our products, eliminate and reduce product crashes, as well as provide you with better product functionality and services, we may collect the following information through the browser's public interfaces: unique identifiers, browser type and settings, device type and settings, operating system, and application version number. We may also collect relevant information about your interactions with Milesight Development Platform services, including IP addresses, crash reports, system activities, and the dates, times, and referral URLs of corresponding requests, for the purpose of troubleshooting crashes and optimizing Milesight Development Platform functionality. This information does not involve your personal identity-related information.

Ensure the security of services. To enhance the security of your use of our services, as well as the services provided by our affiliated companies and partners, protect you or others from harm to personal and property safety, better prevent phishing websites, fraud, network vulnerabilities, computer viruses, network attacks, and intrusions, and accurately identify violations of laws, regulations, or Milesight's related agreements and rules. We may use or integrate Milesight Development Platform account information, smart hardware information, app usage information, as well as information authorized by you or obtained in accordance with the law from our affiliated companies and partners, for the purposes of identity verification, detection and prevention of security incidents, and to take necessary record-keeping, auditing, analysis, and disposal measures in accordance with the law.

(3) Exceptions to Obtaining Authorized Consent

In accordance with relevant laws, regulations, national standards, and industry guidelines, your personal information may be processed without obtaining your authorized consent in the following circumstances:

• Related to national security and defense;
• Related to public safety, public health, and significant public interests;
• Related to criminal investigations, prosecutions, trials, and enforcement of judgments;
• Necessary to protect the vital legitimate rights and interests of individuals or others when it is difficult to obtain your consent;
• The personal information collected is publicly disclosed in accordance with the law or voluntarily made public by you;
• Personal information collected from legally disclosed information sources, such as lawful news reports, government information disclosure channels, etc.;
• Necessary for entering into and fulfilling contracts at your request;
• Necessary for ensuring the secure and stable operation of the provided products or services, such as detecting and resolving product or service malfunctions;
• Necessary for lawful news reporting;
• Necessary for statistical or academic research conducted by academic research institutions based on public interest, provided that the results are de-identified when disclosing the research or describing the results to external parties;
• Other circumstances as stipulated by laws and regulations.

Cookies and Similar Tools

When you visit the Sites and Services, we and service providers on our behalf may send one or more “cookies” which are small data files, to your devices to uniquely identify your browser and let us help you log in faster and enhance your navigation through the Sites. Cookies help us measure, for example, the total number of visitors to our Sites, the number of visitors to each page of our Sites, how our users use and interact with the Services, and the domain names of our visitors” Internet service providers. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. If you do not want cookies to be installed on your device, there is a simple procedure in most browsers that allows you to decline the use of cookies. Please be aware that some features of the Sites and Services will not function properly if the ability of your device to accept cookies is disabled.

We may also use web beacons to track usage patterns of users of the Services. Additionally, we may use HTML-based emails sent to our users to track which emails are opened by recipients. The information is used to enable more accurate reporting and make the Services better for you.

We honor do-not-track signals or similar technologies that our systems detect and identify. We do not track, plant cookies, or use advertising when such do-not-track (DNT) browser mechanism is in place on your device.

Sharing, Transferring, and Publicly Disclosing of Your Information

(1) Sharing of Your Information

At Milesight, we only share Personal Data in ways that we tell you about. Without your consent, we will not disclose your Personal Data to third-party companies, organizations, or individuals except in the following cases:

• To our customers and other business partners who provide you, directly or indirectly, with your devices, and/or networks and systems through which you access and use our Sites and Services.
• To subsidiaries or affiliates within our corporate family for purpose of regular business activities based on our instructions and in compliance with applicable law, this Privacy Policy and other appropriate confidentiality and security measures.
• To an affiliate or other third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including without limitation in connection with any bankruptcy or similar proceedings). In such an event, you will be notified via email and/or a prominent notice on our website of any change in ownership, and choices you may have regarding your Personal Data.
• As we believe in good faith that access to, or use, preservation, or disclosure of the information is reasonably necessary or appropriate to:
  • (a) Comply with applicable law, regulation, legal process, or lawful governmental request;
  • (b) Enforce our Terms of Use and other agreements, policies, and standards, including investigation of any potential violation thereof
  • (c) Protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law.
  • (d) Perform risk management, screening and checks for unlawful, fraudulent, deceptive or malicious activities.

We have strict data protection agreements with the companies, organizations, and individuals with whom we share personal information, requiring them to handle personal information according to our instructions, this policy, and any other relevant confidentiality and security measures.

(2) Transferring of Your Information

We will not transfer your personal information to any other company, organization, or individual, except under the following circumstances:

• In the event of corporate development such as mergers, acquisitions, asset transfers, or similar transactions involving our company or affiliated companies. If the transfer of your personal information is involved in such transactions, we will require the new holders of your personal information to continue to be bound by this policy. Otherwise, we will require the new holders to obtain your authorization and consent again.
• To meet the legal requirements of laws, regulations, legal procedures, mandatory government requests, or judicial orders.
• Transfer with your explicit consent, meaning that after obtaining your explicit consent, we will transfer the personal information we have collected from you to other parties.

(3) Publicly Disclosing of Your Information

We will only disclose your personal information in the following circumstances:

• With your explicit consent.
• In cases where legal requirements, legal procedures, litigation, or government authorities require mandatory disclosure, we may publicly disclose your personal information.
• Within the scope permitted by laws and regulations, it may be necessary to disclose your personal information to protect the interests of Milesight, Milesight's affiliated companies or partners, you, or other Milesight users or the public from harm to their interests, property, or safety.
• Other circumstances stipulated by laws and regulations. According to legal provisions, sharing and transferring de-identified personal information, ensuring that the data recipient cannot reconstruct and reidentify the individual to whom the personal information belongs, does not qualify as sharing, transferring, or publicly disclosing personal information. Notice and consent are not required separately for the storage and processing of such data.

Security

The security of your personal information is important to us. We follow generally accepted industry standards to protect the information transmitted to us, both during transmission and after our receipt. However, note that no method of transmission or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security to your data. If you have any questions about the security of the Services, please contact us at iot.support@milesight.com.

The Following Applies to Individuals Whose Personal Data Falls Under the Jurisdictions Subject to the E.U.'s General Data Protection Regulation (GDPR): Milesight is the Data Controller and Dealer for your personal data. Your consent to our use of the personal data provides Milesight with a lawful basis for such use. We will retain the personal data indefinitely unless you instruct us to delete it or we inform you otherwise. If you feel that there is a problem with how the personal data has been handled, you have the right to register a complaint with a supervisory authority.

We have implemented industry standard security measures to protect the personal information you provide us, in order to prevent unauthorized access, disclosure, use, modification, damage, or loss of data. We will take all reasonable and feasible measures to protect your personal information.

We attach great importance to the security of your personal information and will make every effort to implement reasonable security measures. Currently, Milesight has passed the national public security department's information system security level testing and obtained the "National Information Security Level Protection Level 3 Certification" issued and approved by the public security authorities. At the same time, Milesight has also obtained the ISO 27001 information security management system certification from international authorities.

If you register a Milesight Development Platform account, we may analyze information such as your login time, IP address, and login frequency to ensure proper risk management. For data exchange between your browser and Milesight Development Platform, we use our customized encryption scheme and HTTPS double encryption to ensure the security of data transmission.

We deploy access control mechanisms on the server side and follow the principle of granting minimum necessary authorization to personnel who may come into contact with your personal information. We regularly review the list of authorized personnel and access records.

The server systems where we store your personal information are secured and run on hardened operating systems. We conduct account audits and monitoring of server operations. If any security issues are detected in the publicly announced server operating systems, Milesight will promptly perform server security upgrades to ensure the security of all Milesight server systems and applications.

We regularly provide training to our employees on personal information protection laws and regulations to strengthen their awareness of protecting your personal information.

In the event that our physical, technical, or managerial security measures are compromised, we will promptly activate emergency plans to prevent the escalation of security incidents. We will report to the competent authorities according to legal requirements and inform you in a timely manner about the basic situation of the security incident, potential impacts, measures already taken, or to be taken, through reasonable and effective means such as notifications or announcements.

Location of Information

Milesight operates globally, and Personal Data may be transferred and processed outside of the country or region where it was initially collected. Also, the applicable laws in the countries and regions where we operate may differ from the laws applicable to your country of residence. Under the Personal Data protection framework and in order to facilitate our operation, we may transfer, store and process your Personal Data in jurisdictions other than where you live.

We protect Personal Data in accordance with this Privacy Policy wherever it is processed and take appropriate contractual or other steps to protect it under applicable laws.

The European Commission has determined that certain countries outside of the European Economic Area (EEA), the UK or Switzerland can provide adequate protection of Personal Data. Where Personal Data of users in the EEA, Switzerland, or the UK is being transferred to a recipient located in a country outside the EEA, Switzerland, or the UK which has not been recognized as having an adequate level of data protection, we ensure that the transfer is governed by the European Commission's standard contractual clauses. You can review the agreement on the basis of approved EU standard contractual clauses per GDPR Art. 46.

If you would like further details on the safeguards we have in place under the data transfer, you can contact us directly as described in this Privacy Policy.

Your Rights in Managing Personal Information

During your use of Milesight Development Platform, you have the following rights to access and manage your personal information:

(1) Accessing and Correcting Your Personal Information

You can access your personal information through the specific paths and methods described in the "How We Collect and Use Your Personal Information" section of this policy.

If you are unable to correct your personal information through the above methods, you can also contact us using the contact information provided in this policy to request corrections.

(2) Deleting Your Personal Information

You have the right to request Milesight to delete your personal information under the following circumstances:

• We collected your personal information without obtaining your consent.
• Our processing of your personal information violates legal and regulatory requirements.
• We have violated our agreement with you regarding the use and processing of your personal information.
• You have canceled your Milesight account, uninstalled our products, or ceased using our services.
• We have ceased to provide services to you.
• If you withdraw your consent, but the withdrawal does not affect our processing of personal information based on your consent.

You can contact us using the means provided in Section nine of this policy to request the deletion of your personal information, and we will respond within 15 working days. After deleting your personal information from our servers, we may not immediately delete the corresponding data from backup systems but will do so when updating backup information.

When you make a request to delete information, we may ask for additional information to verify your identity and ensure that the request is made by you.

(3) Deactivating Your Personal Account

You can delete your Milesight Development Platform account at any time by accessing and logging into Milesight Development Platform account through the browser ("My Account -> Manage -> Delete" - https://account.milesight.com/account). Please note that if you choose to deactivate your Milesight account, it will become unusable, related account information will be cleared, and you will no longer be able to access the features and services of Milesight's products through your Milesight account (but it will not affect your use of services and functions that do not require account login).

After deactivating Milesight Development Platform account, except in cases where legal and regulatory requirements necessitate the retention of relevant information, we will cease to provide corresponding products or services to you and promptly delete or anonymize your personal information.

(4) Copying Your Personal Information

If you wish to copy your personal information, you can make a request by contacting us using the contact information provided in this policy.

(5) Limitations on Your Rights in Managing Personal Information

Please understand that we may be unable to accommodate your request in certain situations, including:

• Situations related to our fulfillment of legal and regulatory obligations.
• Situations directly related to national security and defense.
• Situations directly related to public safety, public health, or significant public interests.
• Situations directly related to criminal investigations, prosecutions, trials, and enforcement of judgments.
• Situations involving your subjective malice or abuse of rights.
• Situations that may significantly affect the legitimate rights and interests of other individuals, organizations, or yourself in terms of life, property, etc.
• Situations that may cause serious harm to your or other individuals' or organizations' legitimate rights and interests.
• Situations involving our commercial secrets or third-party commercial secrets.

Children's Personal Information

Protecting the privacy of young children is especially important to us. The Services are not directed to individuals under the age of thirteen (13) (or such other age provided by applicable law in your country/region of residence), and we request that these individuals do not provide any Personal Data to us. We do not knowingly collect Personal Data from any child unless we first obtain permission from that child's parent or legal guardian. If we become aware that we have collected Personal Data from any child without permission from that child's parent or legal guardian, we will take steps to remove that information.

Retention of Personal Information

‍We will store your personal data as long as necessary to provide the functionality of the Services. For example, we may store your personal data as long as your personal data is posted on or connected with any Events that you have attended, and/or as long as the Client is using such data for their own business purposes. We may also store your personal data as long as required by law.

Your Choice

We respect your rights and control over your Personal Data. You may exercise any of the following rights by:

a) Forward your privacy request through online communication by emailing us at iot.support@milesight.com.

You do not have to pay a fee for executing your personal rights. According to different data protection laws, your request of personal rights will be handled within 15 business days, or within 30 calendar days due to different response requirement. In your request, please make clear what information you would like to have changed, whether you would like to have your Personal Data deleted from our database or otherwise let us know what limitations you would like to put on our use of your Personal Data. Please note that we may ask you to verify your identity before taking further action on your request, for security purposes.

You may:

• Request access to the Personal Data that we process about you;
• Request that we correct inaccurate or incomplete Personal Data about you;
• Request deletion of Personal Data about you;
• Request restrictions, temporarily or permanently, on our processing of some or all Personal Data about you;
• Request transfer of Personal Data to you or a third party where we process the data based on your consent or a contract with you, and where our processing is automated;
• Opt-out or object to our use of Personal Data about you where our use is based on your consent or our legitimate interests.

You may opt-out from receiving marketing-related emails or other communications from us on a going-forward basis by emailing iot.support@milesight.com. We will comply with your opt-out request as soon as reasonably practicable. Please also note that if you do opt-out of receiving marketing-related messages from us, we may still send you important administrative messages, and you cannot opt-out from receiving administrative messages.

European Users Data Protection Law

If you are a resident of the European Union ("EU") or Switzerland, you are entitled to certain protections under the EU's General Data Protection Regulation ("GDPR") and/or other applicable laws (collectively, the "Data Protection Laws"), and this section applies to your use of the Services. As used in this section, the terms "processing," "processor," "controller" and "personal data" have the meaning given to them in the Data Protection Laws.

Additional Information on for Certain Jurisdiction

For users that are residing outside of California and Europe, we will apply the same protections described in this policy. We also comply certain legal frameworks relating to the transfer of data.

Notification on Modifications

Milesight reserves the right, in its sole discretion, to modify, amend or supplement this Privacy Policy at any time, with or without notice, by posting such modifications, amendments, and/or supplements here. If you continue to use the Services after any such modifications, amendments or supplements are made, you are then accepting and agreeing to be bound by them.

Scope of Personal Information Protection Policy

This policy applies only to this specific product. Other products and services offered by Milesight will have their own personal information protection policies specific to those products or services. It is important to note that this policy does not apply in the following situations:

• When Milesight products (or services) are embedded within third-party products (or services), and the information collected by those third-party products (or services).
• When third-party services, advertisements, or other companies, organizations, or individuals collect information accessed through Milesight products (or services).

We would like to remind you that when using third-party products and/or services, please carefully read the relevant user agreements and personal information protection policies presented by those third parties. Safeguard and exercise caution when providing your personal information to them.

Changes and Revisions to the Personal Information Protection Policy

This policy may be subject to changes. We will not limit your rights under this policy without your explicit consent.

For significant changes to this policy, we will provide prominent notice (such as timely notifications in the form of pop-ups when you log in or during Milesight Development Platform upgrades or updates).

• Significant changes referred to in this policy include, but are not limited to:
• Significant changes in our service model, such as the purposes for processing personal information, types of processed personal information, or methods of using personal information.
• Significant changes in control, such as changes in ownership resulting from mergers or reorganizations.
• Major changes in the main entities with whom we share, transfer, or publicly disclose personal information.
• Significant changes in your rights and their exercise regarding the processing of personal information.
• Changes in the department responsible for the security of personal information handling, contact information, or complaint channels.
• When the personal information security impact assessment report indicates a high risk.

Contact Us

If you have any questions about our practices or this Privacy Policy, please contact us as follows:

Xiamen Milesight IoT Co., Ltd.

Postal Mailing Address: Building C09, Software Park Phase III, Xiamen 361024, Fujian, China

Email to Milesight at: iot.support@milesight.com.

Posted on 27 Dec 2023

Appendix One: Definitions

Personal Information: Refers to various information recorded electronically or by other means that can individually identify a specific natural person or reflect specific activities of a natural person. Personal information includes: basic information (including personal name, date of birth, gender, address, personal phone number, email); personal identification information (such as ID card, military officer card, passport, driver's license, etc.); personal biometric information (including voiceprint, fingerprints, facial features, etc.); network identity information (including system accounts, IP addresses, etc.); personal property information (including bank accounts, transaction and consumption records, virtual asset information such as game redemption codes); personal communication information (including contents of the address book); personal internet browsing records (including website browsing history, software usage records, click records, etc.); personal device information (including hardware model, device MAC address, software list, unique device identifiers such as IMEI/IDFA/AndroidID/OPENUDID/GUID/SIM card IMSI information, etc., which describe the basic information of personal devices used on a regular basis); personal location information (including travel trajectories, precise location information, accommodation information, latitude and longitude, etc.).

Sensitive Personal Information: Refers to personal information that, once disclosed, illegally provided, or abused, may endanger personal safety, property security, cause harm to reputation, mental and physical health, or lead to discriminatory treatment. Sensitive personal information includes: personal property information (including bank accounts, transaction and consumption records, virtual asset information such as game redemption codes); personal biometric information (including voiceprint, fingerprints, facial features, etc.); personal identification information (such as ID card, military officer card, passport, driver's license, etc.); other information (including address book, travel trajectories, web browsing records, accommodation information, precise location information).

De-identification: The process of using technological means to render personal information unable to be identified without additional information.

Anonymization: The process of using technological means to render personal information unable to be identified and ensuring that the processed information cannot be restored.

Personal Information Deletion: The act of removing personal information from systems involved in daily business functions, making it unsearchable and inaccessible.

Children: Refers to individuals under the age of thirteen.

Processing: Activities involving the collection, storage, use, processing, transmission, provision, disclosure, etc. of personal information.

Appendix Two: Third-Party Services and Shared Information Explanation

To ensure the secure and stable operation of relevant functions and applications of this product, we may use third-party services to achieve these purposes.

Explanation of Third-Party Data Processing Entities: Third-party data processors are used to provide better product services, and these subprocessors provide sufficient protection for personal data and comply with applicable data protection laws. The list of subprocessors is as follows: