Data controller means the legal entity (alone or jointly with others) determining the purposes and means of the processing of personal data. vivo is the data controller, if not otherwise determined by law.
Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; You (user or visitor of the Services) are the data subject.
International transfer means transmission of personal data to the territory of a foreign state, public authority of a foreign state, foreign individual or foreign legal entity.
vivo will process your personal data only where there are legal grounds to do so. Those grounds include the following:
(a) Consent: You have provided your consent to the processing of your personal data.
(b) Legal obligations: The processing of your personal data is required or authorized by applicable laws, or relates to suspected unlawful activity, serious misconduct, legal proceedings or law enforcement.
(c) Legitimate interests: The processing of your personal data is necessary for the purposes of our legitimate interests. We believe that our processing of your personal data is within our legitimate interests and within your reasonable expectations in a number of situations, including but not limited to:
· To help us understand our customers better and provide improved, more relevant services to them;
· To ensure that our Services run smoothly;
· To help us keep our systems secure and prevent unauthorized access or cyber-attacks;
· To anonymize personal data (e.g. for research and statistical purposes) and
· To drive commercial value for the benefit of our shareholders, where not outweighed by any potential prejudice to you.
In the after-sales service, we collect the following information
(a) Registration and account information: In an after-sales scenario, we usually need to identify who you are, so we need to get your account information to link you to your question. We may collect your information you submit when registering a vivo account, such as name, age, gender, physical address, email address, phone number, and other relevant information. If you need to purchase products or services through your account, information related to payment will be required, e.g. payment method, bank account, etc. When you need to activate or extend the warranty period or use other value added services, you may use the E-warranty card function and may be asked to provide your name, contact information, gender, age, and date of birth.
(b) Purchasing of products and services and customer service: We may collect information from you during your purchasing of products and services online, such as ordering, shipping, return/change, refund, reviewing and invoicing information in relation to products and services provided online. We may also collect information from you in the course of providing customer service to you in relation to the products and services provided online. The information collected includes personal data and other information such as video and sound, telecommunication information (contact information, etc.), financial payment information (expiration date of bank card, etc.), personal financial information (bank account, etc.).
(c) Mobile information and device data information: We may collect additional information from you if you access our Services through a mobile device, e.g., country or region code of your device, IMEI (International Mobile Equipment Identity), eMMC ID (embedded multimedia card), GAID (Google Advertising ID), GUID (Globally Unique Identifier), UFS ID (universal flash storage), SIM and IMSI (International Mobile Subscriber Identity), or other unique identifier of the device, device module, version of or other information about your device’s operating system, CPU information, storage condition, configuration and parameter of screen, IP address, MAC address, mobile carrier, postal code, language and other settings, location or GPS/geo-location, applications information, and other information that may relate to the mobile device you use.
(d) Information to respond to your requests: In the after-sales Hotline Service, we may collect and use your user name, user's mobile phone, customer address, reason for purchase, user ID, order information, account information, installment payment/loan information, user account information, consumption records (in the case of software fraud), child information (in the case of minor consumer complaints), to identify and answer your questions.
You may give us your personal data and financial and payment information so we can respond to your questions and requests (in relation to registration and your account, or otherwise).
In order to facilitate your exercise of the rights under the data protection legislation, we provide a Privacy Support portal on our official website. When you make a complaint through the portal, we will collect and store your application records and the information related to the complaints that you submit to us through the support portal.
(e) Voice recording in Hotline service: In the hotline service, we may record the call and collect your voice information so that we can record and solve your problem. We will do such record after obtaining your explicit consent.
(f) Technical usage information: When you visit or After-sales Service website, we collect usage information sent to us by your computer, mobile, or other access device that tells us the number of visitors to the Services and when and how you are using the Services (“usage information”), such as the time and duration of your use of the Services and logs that may refer to you use of or the error in your use of the Services. We use tracking technologies (including e.g. unique device identifiers, referrer URL and location from your devices) when you use certain applications or features. To learn more about how we use tracking technologies and cookies, see Section 11 of this Privacy Policy.
(g) Other Information: When you use some of the after-sales services that may require specific use of your information, we will specify such information in separate terms, agreements, or privacy policies and will collect, process, use, or transfer such information according thereto and get your consent where appropriate.
vivo will process your personal data to fulfill the following purposes:
(a) Operate our Services: We process collected personal data to (i) provide, maintain, improve, protect, and develop all of our After-sales services; (ii) send notices to you of updates of after-sales related software and policies or other information that we believe may be important to you; (iv) interact with you about your device, services, or any of your questions and requests; (vii) improve our loss prevention and anti-fraud programs related to After-sales issues.
(b) Understand your problems: We will collect relevant information to understand the generation and development of your problems, and do the corresponding technical analysis to accurately identify your problems in order to solve them in a targeted manner, and further to improve accuracy and relevancy of results provided by our services.
(c) Respond to your request: In the after-sales Hotline Service, we may collect and use the rights request records and information in the application form to identify and respond to your claim.
(d) Customer research: We may use information (including your personal information) to research to understand how you use our products/services and determine your customer preferences, in order to enhance our after-sales service.
(e) Product quality improvement: We may use information for quality analysis, to trace the problems that occur on your device and prevent them from appearing again, so as to provide you with a better experience.
(f) Account management: We may use information (including your personal information) to register and close your account, maintain and update our records, and similar activities in connection with our Services.
We may not be able to do these things without your personal data. For example, we may not be able to communicate with you and deal with your enquiries.
We will carry out the following operations on your personal data with the use of non-automatic means of processing: collection, recording, systematization, accumulation, storage, alteration (update, modification), retrieval, use, transfer (provision, access), depersonalization, blocking, and deletion (destruction) of personal data. Normally, we will not use automatic means like “profiling” in our data processing. If we need to do such automatic processing in other circumstances, we will do so after getting your explicit consent.
We are required to ensure such processing is subject to suitable safeguards, including reasonable steps to ensure personal data is accurate, complete, up-to-date and relevant, and your rights to access and correct personal data about you.
We process your personal data for as long as is necessary to fulfill the purpose of its processing. In After-sales Service, we will store your information for 5 years so that we can provide you with continuous after-sales service. We will terminate processing of your personal data if you cancel your account and withdraw your consent, unless we are entitled (or obliged) to continue processing your personal data on other legal grounds.
When it is no longer necessary to retain your personal data, we will delete the personal data that we hold about you from our systems, unless the personal data is required to be stored for longer periods (e.g. for archiving purposes in the public interest, or for scientific or historical research purposes). While we will endeavor to permanently erase your personal data once it reaches the end of its retention period, some of your personal data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, such data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.
Personal data may be shared with:
(a) vivo Affiliated Entities. We may share the personal data we collect about you with the vivo group companies and their and our affiliates and subsidiaries. vivo affiliated entities may process personal data on the same bases as described in this Privacy Policy.
(b) Authorized Partners. We may disclose your personal data to authorized partners of vivo, including as follows: distributors and sales partners, advertisement companies, research companies, third party data service providers (i.e. our data processors), consignment suppliers, logistics companies, online service suppliers, proxy agencies, e-commerce platforms, third party application services, professional advisers (e.g. lawyers, accountants and auditors), insurers and investigators. We will list the registered information and the data interaction details of related third parties in the Privacy Terms of specific service. We require authorized partners to comply with this Privacy Policy and to take necessary and reasonable measures to protect your information. vivo will never allow any authorized third party to use your personal data for any other purpose other than this Privacy Policy.
(c) Legal and law enforcement. We are required to disclose your personal data by local judicial or governmental authorities, agencies or as mandated under applicable laws.
(d) Change of control – New Owners. In the event of any actual or prospective merger, restructuring or bankruptcy, vivo may also provide your personal data to related third parties without further consent from you.
When sharing your personal data with vivo Affiliated Entities, Authorized Partners and New Owners, we require that they securely store the personal data we provide to them and all such entities are contractually bound by us to keep the personal data confidential.
Being a data subject, you have other rights with respect to your personal data in accordance with the data protection legislation. You can access your personal data, require its rectification, blocking, or deletion by sending your request to https://www.vivo.com/eu/about-vivo/privacy-support as set out in Contact Us Section of this Privacy Policy. We shall at no time however be responsible/ liable for the authenticity/ veracity of the information you provide. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
You have the following rights in relation to your personal data:
A. Right to object
This right enables you to object to us processing your personal data where we do so for one of the following reasons:
· because it is in our legitimate interests to do so;
· to enable us to perform a task in the public interest or exercise official authority;
· to send you direct marketing materials; or
· for scientific, historical, research, or statistical purposes.
B. Right to withdraw consent
Where we have obtained your consent to process your personal data for certain activities (for example, for marketing), you may withdraw this consent at any time and we will cease to use your personal data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your personal data for that purpose, in which case we will inform you of this basis.
You have the right to withdraw your consent to the processing of your personal data any time with effectiveness for the future. To do this, please send your withdrawal request to us. Your personal data will be deleted within a reasonable time period after receipt of your withdrawal. We draw your attention to the fact that we may continue processing your personal data if we are entitled (or obliged) to continue processing your personal data on other legal grounds.
C. Data subject access requests
You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. Additionally, you have the right to access the following information:
· the purposes of the processing of your personal data;
· the categories of personal data concerned;
· the recipients or categories of recipient of the personal data;
· the envisaged period for which the personal data will be stored, or the criteria used to determine that period;
· the existence of the right to request from us rectification or erasure of personal data, restriction of processing of personal data concerning you, or to object to such processing;
· the right to lodge a complaint with a supervisory authority;
· where the personal data are not collected from you, any available information as to their source;
· the existence of automated decision-making, including profiling;
· if personal data are transferred to a third country or to an international organisation, the appropriate safeguards pursuant to the related terms of applicable legislation relating to the transfer.
If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
D. Right to erasure
You have the right to request that we "erase" your personal data in certain circumstances. Normally, this right exists where:
· It is no longer necessary for us to process your personal data;
· You have withdrawn your consent to us using your personal data, and there is no other valid reason for us to continue;
· The personal data has been processed unlawfully;
· It is necessary for the personal data to be erased in order for us to comply with our obligations under law; or
· You object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so. When complying with a valid request for the erasure of personal data we will take all reasonably practicable steps to delete the relevant personal data.
E. Right to restrict processing
You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
F. Right to rectification
You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
G. Right of data portability
You have the right to transfer your personal data between service providers, provided that: 1) the personal data is processed by automated means; 2) the personal data has been provided to us by data subjects; and 3) the basis for processing is consent, or that the data are being processed to fulfil a contract or steps preparatory to a contract. In effect, this means that you are able to transfer the details we hold about you to another third party. To allow you to do so, we will provide you with your personal data in a commonly used machine-readable format so that you can transfer the personal data. Alternatively, we may directly transfer the personal data for you.
H. Right to complain
You have the right to lodge a complaint with the relevant supervisory authority.
Please be aware that we will obtain and retain information about the exercises of your rights, for example, your consent to and your withdrawal of consent to certain privacy terms subject hereto, and your request to delete the data we collect from you under this Privacy Policy.
Our Services may contain links to other third party websites, products and services, or use or offer products or services from third parties. Information collected by third parties is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties. We are not responsible for the privacy practices or the content of these third party sites.
vivo takes security measures to protect your information, including but not limited to technical and physical measures. However, please note that although we have implemented these measures, there is no security measure that can guarantee the absolute safety and security of your information. If you believe that your login credentials have been compromised, please contact us at once.
When you use some vivo products, services, or applications, the personal data you share is visible to other users and in some cases search engines and the public and can be read, collected, used and retained by those other parties. You are responsible for the personal data you choose to share or submit in these instances. It is your responsibility to make sure that your personal data is accurate.
Below are some examples of data security measures we undertake:
(a) Ensuring the security of the premises where the information systems used to process personal data are located. Such security shall prevent any uncontrolled access to such premises by persons having no rights to access such premises.
(b) Using technical means to protect the information including but not limited to encryption and anonymization techniques.
(c) Approving the list of persons who are authorized to access the information systems where the personal data are processed.
(d) Appointing a data protection officer.
(e) Identifying threats to the security of personal data while they are being processed in our information systems.
(f) Assessing the effectiveness of measures taken to ensure the security of personal data.
(g) Detecting instances of unauthorized access to personal data and taking appropriate measures to mitigate the effects of such unauthorized access.
(h) Taking all practicable measures to restore personal data which have been modified or destroyed as a result of unauthorized access.
(i) Monitoring measures taken to ensure the security of personal data and the level of protection of personal data information systems.
(j) Establishing rules for access to personal data being processed in our information systems and recording all processing actions performed on personal data contained in our information systems.
Please note that we hold personal information electronically and in hard copy form, both at our own premises and with the assistance of our service providers.
Our Services are not knowingly offered to or intended for minors as defined by applicable laws (the age varies from 13 to 18 years in different countries). We do not knowingly collect personal data from or about minors via our Services. We will only use or disclose minor’s information, if (a) legally permissible; (b) the parent or other legal representative of the minor has provided consent; or (c) there are other legal grounds as per applicable data protection laws. If we accidentally, by fraud or deception collect a minor's personal data without verified prior consent from the minor's parents and we get aware or are notified of this, as we will, where required by law to do so, immediately obtain the appropriate parental consent to use that information or, if we are unable to obtain such parental consent, we will delete the data as soon as possible from our servers. If you believe a minor has provided personal data to us without parental/legal guardian consent, please Contact Us.
Unless we otherwise notify you, your personal data we collect from you will be stored in our servers located in Germany.
As we operate internationally, your personal data may be processed in different countries or regions around the world where data protection and privacy regulations may not offer the same level of protection as your country. For example, to provide you with complete after-sale services, your data may be transferred to our server located in China.
We want to make sure that your personal data is stored and transferred in a way which is secure. Where we transfer your personal data outside your country and where the country or territory in question does not maintain adequate data protection standards, we will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy. For example, this could be:
· By way of a data transfer agreement with a third party, incorporating standard contractual clauses to ensure that the third party protects your personal data; or
· Where it is necessary for the conclusion or performance of a contract between ourselves and you, or between ourselves and a third party and the transfer is in your interests for the purposes of that contract; or
· Where you have consented to the data transfer.
We will obtain your consent to international transfer to outside your country separately.
From time to time, we may update this Privacy Policy. In the event of any material changes to our Privacy Policy, you will be notified via e-mail or other available approaches. Please follow our most updated Privacy Policy at https://www.vivo.com/eu/about-vivo/privacy-policy.
If you have any questions about the way we handle your personal data which have not been answered in this Privacy Policy, you may email us at https://www.vivo.com/eu/about-vivo/privacy-support.