Contents and summary
Scope and consent
We collect the following information when you use the Site.
(a) Account creation, registration and purchase of products and services: When you create a vivo account or other account available at vivo, you may voluntarily give us your personal data, such as your name, phone number, email/mailing address and/or other necessary information as applicable.
(b) Information to respond to your requests: When you ask us to contact you, you may need to provide us with your information so that we can respond effectively to your enquiries.
(c) E-warranty card information: When you need to activate or extend a warranty period, you may need to provide us with your name and contact information.
(d) Log information: We only process the log information that is essential for dealing with after-sales related issues. In this case, we will obtain your consent in advance.
Uses and retention
We use information collected from you to provide products and/or services, operate our business and protect you from fraud.
You can control how and when you want to receive notifications from vivo.
Disclosure of information
We may share your personal data and other information we collect from you with the following entities: (1) vivo and our affiliated entities; (2) authorised partners of vivo (including our service providers and contractors); (3) other entities with your consent; (4) law enforcement and other regulatory authorities; (5) if there is a change of control of vivo, other relevant entities; (6) advertising networks; (7) companies in the mobile app industry; (8) data analytics companies.
We are not responsible for the privacy practices of third-party websites that are linked to our Services.
We protect your personal data using security measures.
The Services are not intended for children.
We store and process your personal data around the world.
Notification Regarding Updates
1. Terms and definitions
Data controller means the legal entity (alone or jointly with others) determining the purposes and means of the processing of personal data. vivo is the data controller, if not otherwise determined by law.
Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; You (user or visitor of the Services) are the data subject.
International transfer means transmission of personal data from the territory where your personal data is collected to the territory of a foreign state, public authority of a foreign state, foreign individual or foreign legal entity.
2. Legal grounds for the processing of personal data
vivo will process your personal data only where there are legal grounds to do so. Those grounds include the following:
(a) Consent: You have provided your consent to the processing of your personal data.
(b) Legal obligations: The processing of your personal data is required or authorised by applicable laws, or relates to suspected unlawful activity, serious misconduct, legal proceedings or law enforcement.
(c) Legitimate interests: The processing of your personal data is necessary for the purposes of our legitimate interests. We believe that our processing of your personal data is within our legitimate interests and within your reasonable expectations in a number of situations, including but not limited to:
·To help us understand our customers better and provide improved, more relevant services to them;
·To ensure that our Services run smoothly;
·To help us keep our systems secure and prevent unauthorised access or cyber attacks;
·To de-identify personal data (for example, for research and statistical purposes); and
·To drive commercial value for the benefit of our shareholders, where not outweighed by any potential prejudice to you.
(d) Other circumstances stipulated by applicable laws.
3. Information we collect
(a) Registration and account information: You may use our Services without telling us who you are or revealing any personal data about yourself. If you choose to register for an account (vivo account or other account available at vivo) with us, we require you to create a username and password. You will be asked to give us your personal data during the registration and such personal data is not anonymous to us. When you register an account or otherwise engage with our Services, you may provide personal data such as name, age, gender, email address, phone number and other relevant information. We may request you to provide identity information for verification purposes if so required or authorised by applicable laws. If you need to purchase products or services through your account, information related to payment will be required. When you need to activate or extend the warranty period or use other value-added services, you may use the E-warranty card function and may be asked to provide your name and contact information.
(b) Information to respond to your requests: You may give us your personal data so we can respond to your questions and requests (in relation to registration and your account, or otherwise).
(c) Information for customer service: We may collect information from you in the course of providing customer service to you in relation to the products and services we provided. The information collected includes personal identity information and contact information.
(d) Information from other sources: The information we collect may be combined with information from outside records (for example, demographic information, navigation information and additional contact information) that we have acquired in accordance with the law, from sources such as publicly available information and social media. vivo will process your personal data in this way only where there are legal grounds to do so.
(e) Mobile information and device data information: We may collect additional information from you if you access our Services through a mobile device, for example, country or region code of your device, IMEI (International Mobile Equipment Identity), eMMC ID (embedded multimedia card), GAID (Google Advertising ID), UFS ID (universal flash storage), SIM and IMSI (International Mobile Subscriber Identity) or other unique identifier of the device, device module, version of or other information about your device's operating system, CPU information, storage condition, configuration and parameters of the screen, IP address, MAC address, mobile carrier, postcode, language and other settings, location or GPS/geo-location, app information and other information that may relate to the mobile device you use.
(f) Log information: We may log information on your device that tells us the number of visitors to the Services and when and how you are using the Services ("usage information"), such as the time and duration of your use of the Services. We only process the above log information that is essential for dealing with after-sales related issues. In this case, we will obtain your consent in advance.
(g) Other information: When you use some of the Services and such Services may require specific use of your information, we will specify such information in separate terms, agreements or privacy policies and will collect, process, use or transfer such information according thereto and get your consent where appropriate.
We do not ask you for sensitive personal data, i.e. personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, criminal records, or trade union or professional association membership, genetic data and biometric data for the purpose of uniquely identifying a natural person, and data concerning health or data concerning a natural person's sex life or sexual orientation. However, you may voluntarily provide sensitive personal data in the use of our services (for example, by including it in SMS messages you send). If we need to collect or process sensitive personal data (such as facial feature, fingerprint feature, voice recording, heart rate, step count, etc.) in other circumstances, we will do so with your consent or where we are otherwise required or permitted by law.
4. Purposes of processing of personal data
vivo may process your personal data to fulfil the following purposes:
(a) Operate our Services: We process collected personal data to (i) provide, maintain, improve, protect and develop all of our services, products, content and advertisements; (ii) send notices to you of our software updates, updated policies or other information that we believe may be important to you; (iii) perform analytics on the use of our services and products to optimise resources and their management; (iv) interact with you about your device, services or to respond to your inquiries; (v) administer promotional activities, such as sweepstakes, contests or other similar events; (vi) conduct after-sales and customer support activities.
(b) Analyse and aggregate usage information: We use aggregate usage information about our users, and usage information to analyse the Services and prepare aggregated reports to, for example, provide better products and services to our customers.
(c) Understand how you use our products: We may use information to understand how you use our Services.
(d) Marketing: We will only send you marketing, advertising or promotional materials where you have previously provided explicit opt-in consent to receipt of such communications. We will ensure that each electronic marketing communication contains a link allowing you to unsubscribe from such communications.
(e) Sales and customer service: We may use information (including your personal data) for ordering, shipping, return/change, refund, reviewing and invoicing purposes in relation to products and services.
(f) Account management: We may use information (including your personal data) to register and close your account, maintain and update our records, and similar activities in connection with our Services.
5. Ways of processing of personal data
We will carry out the following operations on your personal data: collection, recording, systematisation, accumulation, storage, alteration (update and modification), retrieval, use, transfer (provision and access), depersonalisation, blocking and deletion (destruction) of personal data. Normally, we will not use automatic means such as "profiling" as part of our data processing. If we need to do such automatic processing in other circumstances, we will do so after getting your explicit consent.
We are required to ensure such processing is subject to suitable safeguards, including reasonable steps to ensure personal data is accurate, complete, up to date and relevant, and your rights to access and correct personal data about you.
(a) The duration for which the personal data is used to provide you with a service;
(b) Your request, or obligations under a contract with you;
(c) Regulatory or legal obligation.
When it is no longer necessary to retain your personal data, or if deletion is requested, we will delete related personal data that we hold about you from our systems within the shortest possible period permissible under law. However, we may continue processing your personal data if we have other legal grounds (e.g. for archiving purposes in the public interest, or for scientific or historical research purposes) or if we are obliged to maintain necessary records for legal, financial, compliance or other reporting obligations.
7. How vivo shares your personal data
Personal data may be shared with:
(c) Legal compliance. We are required to disclose your personal data by local judicial or governmental authorities, agencies or as mandated under applicable laws.
(d) Change of control – new owners. In the event of any actual or prospective merger, restructuring or bankruptcy, vivo may also provide your personal data to related third parties.
When sharing your personal data with vivo affiliated entities, authorised partners and new owners, we require that they securely store the personal data we provide to them, and all such entities are contractually bound by us to keep the personal data confidential.
8. Your rights
You have the following rights in relation to your personal data:
A. Right to object
·This right enables you to object to us processing your personal data where we do so for one of the following reasons:
·because it is in our legitimate interests to do so;
·to enable us to perform a task in the public interest or exercise official authority;
·to send you direct marketing materials; or
·for scientific, historical, research or statistical purposes.
B. Right to withdraw consent
Where we have obtained your consent to process your personal data for certain activities (for example, for marketing), you may withdraw this consent at any time and we will cease to use your personal data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your personal data for that purpose, in which case we will inform you of this basis.
You have the right to withdraw your consent to the processing of your personal data any time with effectiveness for the future. To do this, please send your withdrawal request to https://www.vivo.com/eu/about-vivo/privacy-support. Your personal data will be deleted within a reasonable time period after receipt of your withdrawal. However, under certain circumstances, we may continue processing your personal data if we have other legal grounds or we are obliged to continue processing your personal data.
C. Data subject access requests
You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. Additionally, you have the right to access the following information:
·the purposes of the processing of your personal data;
·the categories of personal data concerned;
·the recipients or categories of recipient of the personal data;
·the envisaged period for which the personal data will be stored, or the criteria used to determine that period;
·the existence of the right to request from us rectification or erasure of personal data, restriction of processing of personal data concerning you, or to object to such processing;
·the right to lodge a complaint with a supervisory authority;
·where the personal data is not collected from you, any available information as to their source;
·the existence of automated decision-making, including profiling;
·if personal data is transferred to a third country or to an international organisation, the appropriate safeguards relating to the transfer.
If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost.
D. Right to erasure
You have the right to request that we "erase" your personal data in certain circumstances. Normally, this right exists where:
·It is no longer necessary for us to process your personal data;
·You have withdrawn your consent for us to use your personal data, and there is no other valid reason for us to continue;
·The personal data has been processed unlawfully;
·It is necessary for the personal data to be erased in order for us to comply with our obligations under law; or
·You object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so. When complying with a valid request for the erasure of personal data we will take all reasonably practicable steps to delete the relevant personal data.
E. Right to restrict processing
You have the right to request that we restrict our processing of your personal data in certain circumstances, for example, if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
F. Right to rectification
You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
G. Right to data portability
You have the right to transfer your personal data between service providers, provided that: 1) the personal data is processed by automated means; 2) the personal data has been provided to us by data subjects; and 3) the basis for processing is consent, or that the data is being processed to fulfil a contract or steps preparatory to a contract. In effect, this means that you are able to transfer the details we hold about you to another third party. To allow you to do so, we will provide you with your personal data in a commonly used machine-readable format so that you can transfer the personal data. Alternatively, we may directly transfer the personal data for you.
H. Right to complain
You have the right to lodge a complaint with the relevant supervisory authority.
Please refer to our separate Cookies policy for information about how we use certain technologies to enhance your online experience and customise our service to you.
10. Third-party links
Our Services may contain links to other third-party websites, products and services, or use or offer products or services from third parties. Information collected by third parties is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties. We are not responsible for the privacy practices or the content of these third-party sites.
vivo has implemented commercially reasonable security measures to protect your personal data against loss, misuse, unauthorised access, alteration, disclosure or destruction, including but not limited to administrative, technical and physical measures. However, please note that although we have implemented these measures, there is no security measure that can guarantee the absolute safety and security of your information. If you believe that your sign-in credentials have been compromised, please contact us at once.
When you use some vivo products, services or apps, the personal data you share is visible to other users and in some cases search engines and the public, and it can be read, collected, used and retained by those other parties. You are responsible for the personal data you choose to share or submit in these instances. It is your responsibility to make sure that your personal data is accurate.
Below are some examples of data security measures we undertake:
(a) Ensuring the security of the premises where the information systems used to process personal data are located. Such security shall prevent any uncontrolled access to such premises by persons having no rights to access such premises.
(b) Using technical means to protect the information, including but not limited to encryption and de-identification techniques.
(c) Approving the list of persons who are authorised to access the information systems where the personal data is processed.
(d) Appointing a data protection officer.
(e) Identifying threats to the security of personal data while it is being processed in our information systems.
(f) Assessing the effectiveness of measures taken to ensure the security of personal data.
(g) Detecting instances of unauthorised access to personal data and taking appropriate measures to mitigate the effects of such unauthorised access.
(h) Taking all practicable measures to restore personal data which has been modified or destroyed as a result of unauthorised access.
(i) Monitoring measures taken to ensure the security of personal data and the level of protection of personal data information systems.
(j) Establishing rules for access to personal data being processed in our information systems and recording all processing actions performed on personal data contained in our information systems.
Please note that we hold personal data electronically and in hard copy form, both at our own premises and with the assistance of our service providers.
12. Minors' privacy
The Services are not intended for minors as defined by applicable laws. We do not knowingly collect personal data via our Services about minors. We will only use or disclose minors' information if (a) legally permissible; (b) the parent or other legal representative of the minor has provided consent; or (c) there are other legal grounds as per applicable data protection laws. If we accidentally collect a child's personal data without verified prior consent from the child's parents, we will attempt to delete the data as soon as possible. If you believe a minor has provided personal data to us without parental/legal guardian consent, please contact us.
13. Storage and international transfer
To provide the same level of data protection as that of the user's country/region and respond to users' requests more efficiently, the location where data is stored varies for users in different countries/regions. For users in the European Economic Area, Turkey, Colombia, Peru, Australia, Andorra, Albania, Bosnia and Herzegovina, Macedonia, Monaco, Montenegro, Serbia, Croatia, the United Kingdom and Switzerland, your personal data will be stored on our server located in Germany; for users in Russia, India and Kazakhstan, your personal data will be stored on our server located in your country; for users in other countries/regions, your personal data will be stored in our server located in Singapore.
·By way of a data transfer agreement with a third party, incorporating standard contractual clauses to ensure that the third party protects your personal data; or
·Where it is necessary for the conclusion or performance of a contract between ourselves and you, or between ourselves and a third party, and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer your data to a benefits provider based outside your country); or
·Where you have consented to the data transfer.
We will obtain your consent separately before transferring your data to the country/region which does not offer the same level of protection as in your country.
14. Notification regarding updates
15. Contact us
If you have an unresolved privacy or data use concern that we have not addressed to your satisfaction, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
(a) vivo Mobile Communication Co., Ltd.
No.168 Jinghai East Rd., Chang'an, Dongguan, Guangdong, China.
(b) Data Protection Officer
(c) For European Economic Area residents, you can also contact our authorised data protection representative:
vivo Tech GmbH
Speditionstraße 21, 40221 Düsseldorf, Germany