This policy is applicable to ZTE's overseas CPE products/services, including the routers, APPs, and services that display or mention this statement.

Last updated in: February 2020

If you have any questions, comments, or suggestions, please contact us via:
E-mail: privacy@zte.com.cn
Company name: ZTE Corporation
Registered address: No. 55 Hi-Tech South Road, Nanshan District, Shenzhen, the PRC

ZTE fully understands the importance of personal information to you, and will make every effort to ensure the security and reliability of your personal information. We are committed to maintaining your trust in us and abiding by the following principles to protect your personal information: the principle of consistency of authority and responsibility, the principle of clear purposes, the principle of selective consent, the principle of minimum availability, the principle of security guarantee, the principle of principal participation, and the principle of transparency. At the same time, ZTE promises that we will take appropriate security measures to protect your personal data in accordance with mature security standards in the industry.

Please read and understand this Privacy Policy carefully before using our products or services.

This policy helps you understand:

1. How do we collect and use your personal information?

2. How do we use cookies and similar technologies?

3. How do we share, transfer, and disclose your personal information?

4. How do we protect your personal information?

5. Your Rights.

6. How do we process children's personal information?

7. How do we transfer your personal information globally?

8. How do we update this policy?

9. How to contact us?

Ⅰ. How Do We Collect and Use Your Personal Information?

Personal information refers to various types of information recorded electronically or by other means that can identify the identity of a specific natural person or reflect the activity of a specific natural person, either alone or in combination with other information. Personal information will be directly or indirectly collected when you use our products, services, or websites, or interact with us. For example, you can directly provide information by calling our hotline, creating an APP account, or using our product-related services. ZTE will collect and use your personal information only for the following purposes described herein:

ⅰ. Providing You with Platform Account Services

1.Service Function One: Creating and Canceling Your Account

To create a ZTE CPE administrator account, you need to provide a valid E-mail, mobile number, and login password. The above information provided by you will continue to authorize us to use it during the period of service. When you cancel your account, we will stop using above information and delete the collected information or anonymize the information. The above information will be stored within the territory of the People's Republic of China or the country where the cloud service vendor is located.
Storage period of the above-mentioned personal information: from the date when the account is created to the time when the account is deregistered.

2.Service Function Two: Accessing and Using Your Account

You can use the created account to access the services provided by the platform. When using the services provided by the platform, you must enable the application storage permission of the mobile phone to store data generated by the product or service, including the APP account, password, and other data related to the product. If you disable this authorization, you will not be able to use your account.
Storage period of the above-mentioned personal information: from the date when the account is created to the time when the account is deregistered.

ⅱ. Providing Device Registration and Binding Services to You

1. Service Function One: Device Registration

When your device is registered on the platform, we will collect related product information including the device model, firmware version number, device SN, MAC address, network status, and IP address. Through collecting and recording the above information, we will provide you with device registration, product functions, and after-sales services.
Storage period of the above-mentioned information: from the date of device registration to device anonymization two years after the device offline.

2. Service Function Two: Device Binding

To facilitate the use of CPE devices, the platform provides the device binding service to associate your personal device with the platform account. When associating a device, your personal information will be processed as follows:
The platform will collect device information, including the device model, firmware version number, device SN, and device MAC address. In addition, during the process that you associate a device, your permission to access the camera is required to scan the QR code of the device so that the product information can be quickly obtained.

ⅲ. Providing CPE Use Services to you.

1.Service Function One: Device Use

For different device models or applications, when you use the related functions or services, we will collect the following information according to the product type for accurate matching of services:

1)Router products
    (1)Internet access configuration: When you configure Internet access parameters through the APP, the APP needs to collect your PPPoE account and password as the verification credentials for accessing the network.
    Storage period of the above-mentioned information: from the binding date to the time when the device is unbound.
    (2)Wireless configuration: When you perform a wireless configuration, it may ask your permission to access your mobile phone location to collect the wireless network information that your mobile phone can connect to, so that you can quickly configure the wireless network of the router. If you disallow it, you need to manually configure the wireless network.
    Storage period of the above-mentioned information: The information is not stored.
    (3)Status query: When you use the APP to query the real-time device status, we will obtain the host name and MAC address of the terminal connected to your device so that we can remotely check your device status.
    Storage period of the above-mentioned information: Users query the information in real time, and the information is not stored.

2)Home Gateway Products
    (1)Internet access configuration: When you configure Internet access parameters through the APP, the APP needs to collect your PPPoE account and password as the verification credentials for accessing the network.
    Storage period of the above-mentioned information: from the binding date to the time when the device is unbound.
    (2)Wireless configuration: When you perform a wireless configuration, it may ask your permission to access your mobile phone location to collect the wireless network information that your mobile phone can connect to, so that you can quickly configure the wireless network of the router. If you disallow it, you need to manually configure the wireless network.
    Storage period of the above-mentioned information: The information is not stored.
    (3)Status query: When you use the APP to query the real-time device status, we will obtain the host name and MAC address of the terminal connected to your device so that we can remotely check your device status.
    Storage period of the above-mentioned information: Users query the information in real time, and the information is not stored.

When we use your personal information for the purposes not specified herein or for the purposes without your prior consent, our products or services will ask for your permission in advance. For example, the updated information will be displayed through pop-up windows or in black fonts, and you can decide whether to agree with the change. You can cancel this consent at any time in accordance with the law, but this may restrict your use of products or services.

Ⅱ. How Do We Use Cookie and Similar Technologies

The platform does not record or track your behavior by using cookies or similar technologies.

Ⅲ. How Do We Share, Transfer, Make Public, and Disclose Your Personal Information?

1)Sharing
We will not share your personal information with companies, organizations, or individuals other than ZTE and our subsidiaries, except in the following cases:
1. Sharing with your explicit consent: After obtaining your explicit consent, we will share your personal information with other parties.
2. We may share your personal information in accordance with laws and regulations or mandatory requirements of the competent government authority.
We will sign strict confidentiality agreements with companies, organizations, and individuals with which we share the personal information, and require them to process the personal information in accordance with our instructions, this Privacy Policy, and any other relevant confidentiality and security measures.

2)Transferring
We will not transfer your personal information to any company, organization, or individual except in the following cases:
1. Transferring with your explicit consent: After obtaining your explicit consent, we will transfer your personal information to other parties.
2. If personal information transfer is involved in a merger, acquisition, or bankruptcy liquidation, we will require new companies or organizations that hold your personal information to continue to be subject to this Privacy Policy. Otherwise, we will require the companies or organizations to re-request your authorization.

2)Public disclosure
We will disclose your personal information only in the following cases:
1. With your explicit consent.
2. Disclosure based on law: We may disclose your personal information in case of mandatory requirements of laws, legal procedures, litigation, or competent government authorities.

Ⅳ. How Do We Protect Your Personal Information?

(1) We have used the security protection measures that comply with industry standards to protect the personal data provided by you against unauthorized access, public disclosure, use, modification, damage, or loss. We will take all reasonable and feasible measures to protect your personal data.
We will save your personal information under the circumstances permitted by laws, and delete your personal information in a timely manner without violating applicable laws and regulations when relevant service is completed. For example, we will delete all your registration information when you log out of an account.
Your personal information is generally stored in the place where your business is carried out, and may also be stored outside your country. This is related to the location of our data center. We will take measures to ensure that we handle the information we collect in accordance with this privacy statement and the applicable laws and regulations on the location of data storage. If permitted or required by law, we will inform you of the loss, misuse, or tampering of personal data that may pose significant risks to you, so that you can take appropriate measures to effectively protect your rights.

(2) Our Data Security Capabilities:
We have been committed to protecting your personal information security.
We take various security measures, such as access control system, monitoring system, encryption, anonymization or pseudonymisation, and employee training, to protect your personal information from unauthorized access, use, disclosure, modification, damage or loss and other forms of illegal processing.
We have developed a business continuity plan to ensure that services can be provided continuously. Our information security policies and procedures are designed in strict accordance with international standards, reviewed and updated regularly, and conducted third-party security audit regularly to ensure the effectiveness of the security management architecture and the measures. ZTE Corporation and some subsidiaries have passed the ISO 27001 information security certification, and can effectively protect your personal information. In case of personal information disclosure, we will initiate an emergency plan, take effective measures to prevent the disclosure, and notify you and the supervisory authority in a timely manner.

(3)We will take all reasonable and feasible measures to ensure that irrelevant personal information is not collected. We will retain your personal information only for the period required to achieve the objectives specified herein, unless an extension of the retention period is required or permitted by law.

(4) The Internet is not absolutely secure, and most communications methods such as email and instant messaging are not encrypted. We strongly recommend that you do not send personal information in this way. Please use a complex password to help us ensure the security of your account.

(5) We will regularly update and publicize security risks and personal information security influence assessment reports. If we affect your personal information rights in security assessment reports, we will actively disclose security risks. You can obtain detailed report contents via:
E-mail: Privacy@zte.com.cn

(6) The Internet is not 100 percent secure. We will do our best to ensure or guarantee the security of any information you send to us. If our physical, technical, or management protection facilities are damaged, which results in unauthorized access, public disclosure, tampering, or damage to your legal rights and interests, we will assume corresponding legal responsibilities.

(7)After an unfortunate personal information security incident occurs, we will inform you in a timely manner of the basic situation and possible impact of the security incident, the measures we have taken or will take, our suggestions for self-prevention and risk reduction, and remedial measures. We will inform you of the incident by email, correspondence, telephone, or push notice in a timely manner. If it is difficult to inform the subject of personal information one by one, we will release the notice in a reasonable and effective manner.

In addition, we will actively report the personal information security incidents and the handling in accordance with the requirements of the regulatory department.

Ⅴ. Your Rights

In accordance with personal information protection laws, regulations, standards, and common practices in other countries and regions, we guarantee that you have the following rights over your personal information:

(1) Accessing Your Personal Information

You have the right to access your personal information, except for exceptions as required by laws and regulations. You can exercise data access right through the following means:
Personal account information: If you want to access or edit the personal information of your account or change your password, you can access the related menus of the ZTE Smart Home APP.
Product information: You can perform the following operations to access personal information generated when you use the product:
1. Router products:
Wireless configuration information: Query related menu on the router device page.
Information generated by the Internet access configuration: Query related menu on the router device page.
Information generated by the status query function: Query the menu on the router device page.
2. Home gateway products:
Wireless configuration information: Query related menu on the gateway device page.
Information generated by the Internet access configuration: Query related menu on the gateway device page.
Information generated by the status query function: Query related menu on the gateway device page.

If you cannot access or edit these personal information through the above links/methods, you can send an e-mail to privacy@zte.com.cn. We will respond to your access request within 30 days. As long as it does not require excessive input from us, we will provide you with other personal information generated when you use our products or services.

(2) Correcting Your Personal Information

The personal information cannot be modified except for the user password. You can access the Settings menu of your mobile APP to change your password.
When you find that your personal information is incorrect, you have the right to request us to correct it. You can apply for a correction by the method listed in 1) Accessing Your Personal Information. If you cannot correct these personal information through the above link, you can send an e-mail to Privacy@zte.com.cn, and we will respond to your request within thirty (30) days.

If you cannot access or edit these personal information through the above links/methods, you can send an e-mail to privacy@zte.com.cn. We will respond to your access request within 30 days. As long as it does not require excessive input from us, we will provide you with other personal information generated when you use our products or services.

(3) Deleting Your Personal Information

The personal data generated during product use can be deleted by users via the APP. The platform will delete the corresponding data in accordance with the operation requests that you have executed.
You can submit a request for deleting personal information in the following cases:
1. If our handling of personal data violates laws and regulations.
2. If we collect or use your personal information without your permission.
3. If our handling of personal data violates the agreement with you.
4. If you no longer use our products or services, or you have canceled your account.
5. If we no longer provide products or services to you.
If we decide to respond to your deletion request, we will also notify the entities that obtain your personal information from us and require them to be deleted in a timely manner, unless otherwise specified in laws and regulations, or these entities obtain your independent authorization. After you delete information from our service, we may not immediately delete the information in the backup system, but will delete the information during the backup update.

(4) Changing the Scope of Your Authorization

Each service function requires some basic personal information (refer to Part I in this policy). You can always grant or withdraw your authorization for the collection and use of additional personal information, but this may limit your use of products or services.
You can perform the following operations to change the scope of your authorization:
1. When you bind a new device, you can scan the QR code by enabling the camera permission to obtain the device information quickly. If you disable the authorization, you need to enter the device information manually.
2. When you are performing wireless configuration of the device, you can scan the QR code by enabling the camera permission to obtain the device information quickly. If you disable this authorization, you need to enter the Wi-Fi account password manually.
If you cannot access this personal information through these links/methods, you can send an e-mail to privacy@zte.com.cn. We will respond to your access request within thirty (30) days.
After you withdraw your consent, we will not process the corresponding personal data. However, the decision to withdraw your consent will not affect the previous processing of personal data based on your authorization.

(5) Personal Information Subject Canceling an Account.

You can perform the following operations to cancel your previous account at any time:
1. Deregistration via the APP
2. Contact the customer service personnel to apply for deregistration.
Real-time processing is performed when a user logs out via the APP, and the processing result can be obtained immediately. To deregister manually, you need to submit personal materials for review, and the processing result will be fed back to you within 1-2 working days. When you apply for deregistering your account, it is required that no device is associated with your account. After deregistering your account, we will stop providing you with products or services and delete your personal information as required, unless otherwise specified by laws and regulations.

(6) Responding to Your Above Requests

To ensure security, you may need to provide a written request or other means to prove your identity. We may ask you to verify your identity before processing your request, and we will respond within thirty (30) days.
In principle, we do not charge for your reasonable requests, but we will charge for repeated requests that exceed the reasonable limit. We may reject requests that require unreasonable repetition, excessive technical means (for example, development of a new system or a fundamental change of current practice), risks to other people's legitimate rights and interests, or impractical (for example, involving the information stored on the backup tape).
We will not be able to respond to your request in accordance with laws and regulations in the following cases:
1. Your request is directly related to national security and national defense security.
2. Your request is directly related to public safety, public health, and major public interests.
3. Your request is directly related to criminal investigation, prosecution, trial, and execution of judgment.
4. There is sufficient evidence that you have subjective malice or abuse of rights.
5. Responding to your request will cause serious damage to the legal rights and interests of yours or other individuals and organizations.
6. Your request involves business secrets.

Ⅵ. How Do We Handle the Personal Data of Children?

Our products, websites, and services are mainly for adults. Without the consent of parents or guardians, children are not allowed to create their own user accounts.
If the parents agree to collect the personal information of a child, we will use or make public the information permitted by applicable law, with the explicit consent of the parents or guardians, or for the purpose of protecting the children.
Although local laws and customs define children differently, we regard anyone under 14 as a child.
If we find that we have collected personal data of children without obtaining parental consent in advance, we will try to delete the data as soon as possible.

Ⅶ. How Do We Transfer Your Personal Information Globally?

Our privacy policy may be changed.
Without your explicit consent, we will not reduce your rights stipulated herein.
We will release any changes to this policy on this page. For major changes, we will also provide more noticeable notifications (including notifications for some services, which will be sent via email to describe the specific changes in the Privacy Policy).
Major changes mentioned in this policy include but are not limited to:
1. Major changes in our service model. For example, the purpose of processing personal information, the type of processed personal information, and the mode of using the personal information.
2. Major changes in the ownership structure and organizational structure such as changes in owners caused by business adjustment or bankruptcy or mergers and acquisitions.
3. Changes in the major objects of personal information sharing, transfer, or public disclosure.
4. Major changes in your right to participate in the processing of personal information and the way you exercise it.
5. Changes in the responsible department, contact method, or complaint channel for personal information security.
6. The personal information security influence assessment report indicates a high risk.
We will also archive the old version of this policy for your reference.

Ⅷ. How Do We Update this Policy?

In principle, the personal data will be stored in the country where we collected and generated it. Because we provide products or services through the resources and servers around the world, this means that, with your authorization, your personal information may be transferred to an overseas jurisdiction in the country or area where you use the products or services, or may be accessed from these jurisdictions.
The jurisdictions might have different data protection laws or even no laws. In this case, we will ensure that your personal information is protected fairly. For example, we will ask your permission to the cross-border transfer of personal data, or implement security measures such as data de-identification before cross-border data transfer.

Ⅸ. How to Contact Us

We have established a Data Protection Compliance Department, a full-time personal information protection department. If you have any questions, comments or suggestions on this Privacy Policy, you can send an email to Privacy@zte.com.cn. We will reply within thirty (30) days.
In addition, you can send letters to Data Protection Compliance Department at the ZTE headquarter.
    To: ZTE Data Protection Compliance Department
    Address: Floor 26, ZTE R & D Building, No. 55 Hi-Tech South Road, Shenzhen, the PRC
    Zip code: 518057
If you are not satisfied with our reply, especially our personal data processing activities have harmed your legitimate rights and interests, you may consult the local personal information supervisory authority or the local government.