Privacy Policy

Introduction

ZTE Corporation and its subsidiaries (collectively, "ZTE", "us", "we", or "our") respect your privacy. The security of your personal data is important to us. We may collect and use your personal data when you use our products and/or services based on applicable legal basis, including your consent, contractual relationship, and legitimate interests. We abide by the following privacy protection principles to provide secure and reliable services:

· Reasonable and necessary: To provide products or services, ZTE only collects necessary personal data within the minimum scope for the purpose of providing the products or services.

· Secure and reliable: ZTE will make every effort to ensure the security of your personal data through reasonable and effective information security technologies and management processes.

· Open and transparent: ZTE uses concise and plain language for you to clearly understand the purposes, methods, and scope of our processing of your personal data.

· Integrating privacy protection into product design: ZTE integrates privacy protection into every procedure of R&D and operation of products and services.

· Freedom of choice: ZTE provides convenient information management options, so that you can properly manage your personal data

ZTE Privacy Policy (hereinafter referred to as "this Policy") describes how the company collects, uses, stores, shares, and transfers your personal data, and how you can access, update, delete, and protect such data.

Please take a moment to familiarize with this Policy before providing personal data to ZTE.

This Policy helps you understand the following:
1. Personal Data We Process
2. Our Purposes and Legal Basis for Processing Your Personal Data
3. How We Protect and Retain Your Personal Data
4. How We Share, Transfer, and Disclose Your Personal Data
5. Your Rights
6. How We Use Cookies and Similar Technologies
7. Cross-Border Transfer of Your Personal Data
8. How We Protect Children's Personal Data
9. Updates to This Policy
10. Contact Us

ZTE provides a large variety of products and services, and this Policy may not address all possible data processing scenarios. ZTE may inform you of data processing scenarios related to specific products and services through corresponding privacy policies. Such privacy policies describe in detail how we process your data when you use these products or services. If there is any conflict between this Policy and the privacy policy for a specific product or service, the specific privacy policy shall prevail.

For any questions about this Policy, please contact us through the channel provided in Article 10 of this Policy.

1. Personal Data We Process

Personal data refers to any data that, either recorded electronically or otherwise, relates to an identified or identifiable natural person, and does not include anonymized data. ZTE may directly or indirectly collect such data when you use our products, services or websites, or when you interact with us. In accordance with the requirements of laws and regulations, we follow the principles of lawfulness, legitimacy, necessity, and integrity, collect only the personal data necessary for the implementation of product functions, and use the collected personal data for the explicit purposes only. The personal data that we process includes the following:

1.1 Personal data you provide when using our services
Account data such as the nickname, mobile phone number, email address and other personal data you provide when registering or using our products or services;
The name, telephone number, email address, device-related data, fault descriptions and other personal data that you submit when using our customer services or after-sales services;
To implement related functions of some of services, you may need to provide specific personal data. If you opt not to provide such personal data, other functions of the product or service will not be affected.

1.2 Data obtained when you use our products or services

1.2.1 Log data

When you use Location Based Services (LBS) (for example, use our service or product to locate family members or find your mobile phone), within the necessary scope, ZTE may collect the data of the actual location of your mobile device to track your whereabouts and provide the related function. If you do not provide such data, the function may not work properly.

1.2.2 Location data

When you use Location Based Services (LBS) (for example, use our service or product to locate family members or find your mobile phone), within the necessary scope, ZTE may collect the data of the actual location of your mobile device to track your whereabouts and provide the related function. If you do not provide such data, the function may not work properly.

1.2.3 Other related data

To provide better experience when using our products or services, ZTE may collect relevant personal data with your explicit consent. For example, when you enable some customized products or services, we will record some of your personal data when you access ZTE products or services through the information collection function of the products or websites. If you do not provide such data, the customized products or services may not be provided properly.

1.3 Data obtained from third parties

To the extent permitted by law, with your prior consent, ZTE may obtain the data that you generate or share when using the services of a third-party partner. For example, when you use a third-party account (such as Facebook, Twitter, or WeChat account) to log in to a service platform of ZTE, we will obtain the above authentication data from the third party. Your access tokens provided by third parties will be saved on our servers, and such access tokens can be shared among various services that you use to avoid logging in to third-party servers repeatedly.

For any of our products or services, if ZTE collects sensitive personal data, the company will process the data in accordance with the applicable laws and regulations, for example, by asking your explicit consent in advance.

2. Our Purposes and Legal Basis for Processing Your Personal Data

2.1 ZTE processes your personal data only for specific purposes, and only processes the personal data that is necessary for fulfilling such purposes. Based on your cooperation with ZTE, and the products and services we provide, we may process your personal data for the following purposes:

1) Provide services;

2) Meet your customized requirements;

3) Guarantee your safety;

4) Invite you to participate in the survey on our services;

5) Improve our services to provide better user experience;

6) Other purposes with your consent.

With the development of business, the products and services ZTE provides may be adjusted or changed. When we need to use your personal data for purposes other than those you consented to, we will seek your consent in advance when you use such products or services. You may decide whether to give consent to such changes.

2.2 Pursuant to relevant laws and regulations, ZTE may collect and use your personal data without obtaining prior consent in the following situations:

1) Such collection and use are necessary for us to fulfill legal obligations or responsibilities;

2) Such collection and use are necessary for the conclusion and performance of your contract as a party;

3) To deal with public health emergencies, or, in case of emergency, to protect the health of natural persons and the safety of their property.

4) Processing of personal data that is publicly disclosed by you or other personal data that is already legally and publicly disclosed within a reasonable scope in accordance with the laws.

5) Other situations in which data processing is required by the applicable laws and regulations.

3. How We Protect and Retain your Personal Data

ZTE strictly abides by the "storage limitation", "data minimization", and "accuracy" principles for personal data protection. For the retention of personal data, ZTE takes appropriate security measures to retain your personal data in a secure manner.

ZTE takes appropriate physical, management, and technical measures, such as the establishment of the access control system and monitoring system, encryption, anonymization or pseudonymization, and employee training to protect your personal data against unauthorized access, use, disclosure, modification, damage, loss, or other forms of illegal processing. We have also developed a Business Continuity Plan (BCM) system to ensure business continuity. Our information security policies and procedures are designed in strict accordance with the international standards, and are reviewed and updated regularly. In addition, we invite third-parties to inspect our security measures to ensure that they meet the requirements for our business, technical changes, and supervision. ZTE headquarters in China and some of its subsidiaries have passed the ISO 27001 information security certification, and can effectively protect your personal data. ZTE terminal products, 5G products, core network products, digital technology products and human resource system have passed the ISO 27701 certification. As the world's first 5G products that pass the ISO 27701 certification, our 5G products indicate that ZTE is capable of providing global customers with secure and reliable 5G products and solutions that comply with relevant requirements, and delivering high-quality 5G networks.

ZTE retains your personal data only for the shortest time necessary for realizing the purposes stated in this Policy, and delete your personal data in a timely manner without violating the applicable laws and regulations upon completion of the relevant business. The data retention period may vary in different scenarios, and for different products and services. ZTE uses the following standards to determine the retention period:

1) Special requirements of the relevant laws and regulations in a specific field;

2) The time required to achieve data processing purposes in business activities;

3) The needs to carry out business activities or the duration of the cooperation between ZTE and the data subjects;

4) The products and services being provided;

5) Maintenance of the corresponding transaction and business records;

6) Implementation of related service agreements or this Policy;

7) Safeguarding of public interests;

8) Guarantee of personal or property safety or other legal rights of our customers, affiliates, other users, and employees.

ZTE stores your personal information properly in accordance with the requirements of the applicable laws and regulations, and take proper measures to ensure the data security.

4. How We Share, Transfer, and Disclose Your Personal Data

4.1 As a global company, ZTE may share your personal data inside the company if it is necessary to provide services in a timely manner. We will not share your personal data with other companies, organizations or individuals, except in the following cases:

1) Such sharing is necessary for us to fulfill legal obligations or responsibilities;

2) Such sharing is necessary for the conclusion and performance of your contract as a party;

3) Such sharing is intended to protect the health of natural persons and the safety of their property in case of public health emergencies, or other emergencies.

4.2 ZTE may also share necessary personal data with our business partners in accordance with the principle of minimization to provide the related services. We will require our business partners to strictly comply with our measures and requirements for data privacy protection to ensure your privacy security. If an authorized partner needs to use your personal data for an unauthorized purpose, it will seek your prior consent.

4.3 If personal data transfer is involved in a merger, acquisition, bankruptcy liquidation, asset transfer, and other similar transactions, ZTE will require the new companies, organizations, or individuals that will hold your personal data to continue complying with the requirements of this Policy, and inform you of the identity and the contact information of the recipient in a timely manner. If any new company, organization, or individual refuses to observe the requirements, we will require these companies or organizations to seek your prior consent.

ZTE signs strict data processing agreements with the companies, organizations, and individuals with which we share personal data, and requires them to process your personal data in accordance with our security standards, this Policy, and other relevant confidentiality and security measures.

If the country where the companies, organizations, and individuals with which we share, transfer or disclose your personal data are located does not have the data protection laws that have the same level of protection as the ones in the country where you are located (for instance, your personal data is transferred from the European Economic Area to a country that has no applicable data protection law), we will handle the related issues in accordance with Article 7 of this Policy to guarantee the legitimate transfer and security of your personal data.

5. Your rights

You have various legal rights regarding the personal data ZTE processes. These rights may vary in different countries or regions, but mainly include the following:

1) Know how ZTE processes your personal data and accesses the personal data we store;

2) Object to or restrict our processing of your personal data in special cases. Even if you object to or restrict our processing of your personal data, ZTE is still obliged to continue processing your personal data and reject your request where it is explicitly required under the applicable laws and regulations;

3) Correct the incomplete or inaccurate personal data about you that ZTE stores;

4) Query or copy your personal data;

5) Delete your personal data. Please note that where it is required by laws, ZTE is obliged to retain your personal data even if you require us to delete it;

6) In some cases, obtain your personal data in a structured, generic, machine-readable format and/or require us to transfer the data to a technically feasible third party. This right is only applicable to the personal data you provide.

7) Lodge complaints to the related regulators if there is any objection to our personal data processing activities or this Policy.

The way in which you exercise rights depends on the specific product or service you use. In addition, you may contact the Data Protection Compliance Dept. directly by visiting the Data subject rights response noticepage. ZTE will ensure the security of your personal data when you exercise the rights.

When you request the exercise of the above rights, ZTE may need you to file a written request and verify your identity to ensure the security of your personal data. We do not charge for requests, except for extra requirements. For any questions about accessing and managing personal data, please contact us through the channels provided in Article 10 of this Policy.

6. How We Use Cookies and Similar Technologies

Our web pages and specific products or services use cookies, website beacons, and other similar technologies to provide better experience and to improve our products or services. Separate cookie policies are formulated for our websites and specific products. If you want to learn more about information such as security of cookies, please refer to the Cookies Policy.

7. Cross-Border Transfers of Your Personal Data

ZTE is a global company. We usually process your personal data in the country or region where we provide you with our products or services. However, we may also transfer your personal data to other countries or regions that have different laws on the protection of personal data.

Wherever ZTE may transfer your personal data, we will, pursuant to applicable laws, take every reasonable and necessary measure to ensure your data security, inform you of the destination, recipient, and other related information in a timely manner, and take appropriate measures to comply with this Policy and applicable local laws. For instance, to transfer your personal data, we will seek prior consent or sign a necessary data transfer contract with the receiver.

8. How We Protect Children's Personal Data

ZTE attaches great importance to the protection of minors' personal data. In accordance with relevant laws and regulations, if you are a minor under the age of 18, you shall obtain the consent of your parents or legal guardians before using our services or products.

If you are a child under the age of 14, you shall obtain the consent of your parents or legal guardians before using related products or services, and complete the product or service registration process under the help of your parents or legal guardians, so that you may use the products or services provided by ZTE.

ZTE will not collect personal data from children under the age of 14 without the prior consent of their parents or guardians.

If children's personal data is collected with the prior consent of their parents or guardians, we will only use or disclose such data as permitted by laws, and with the explicit consent of the children's parents or guardians.

If we accidentally collect a child's personal data without the prior consent from the child's parents or guardians, the data will be deleted as soon as possible.

9. Updates to This Policy

With the gradual improvement of applicable laws and regulations and the continuous adjustment of business, ZTE may update this Policy from time to time. If this Policy is revised, we will release the latest version in a timely manner, and publish it in a noticeable place on our official website. For major changes, we will also provide more noticeable notifications.

For any changes to the purposes, methods, and types of personal data to be processed for specific products and services, we will seek your consent again prior to processing your data.

Major changes mentioned in this Policy include but are not limited to the following situations:

1) Major changes take place in our service model, such as in the purpose of processing personal data, the type of processed personal data, and the mode of using personal data;

2) Major changes take place in ownership structure and organizational structure, such as in owners caused by business adjustment, bankruptcy, or mergers and acquisitions;

3) Changes take place in the major parties with which personal data is shared, and to which personal data is transferred or disclosed;

4) Changes take place in your rights to participate in processing personal data and the way you exercise rights;

5) Changes take place in our department responsible for personal data security, our contacts, or the channel to lodge a complaint;

6) A major risk is indicated in the data security impact assessment report.

10. Contact Us

If you have any questions about this Policy, or have any requests or inquiries about your personal data, contact us at privacy@zte.com.cn or mail us through the following address: Data Protection Compliance Dept. of ZTE Corporation,No. 55, Hi-Tech Road South, Shenzhen, P.R. China (postcode: 518057).

If you are in the European Economic Area (EEA), contact our Data Protection Officer Marco Costantini either by calling +39 3701296535 or by sending an email to marco.costantini@zte.com.cn. We will respond to your request or inquiry within 30 days.

Download PDF