Privacy Policy

APP Privacy Policy

Updated on: 2022-6-14

Effective on: 2022-6-14

This privacy policy (hereinafter referred to as "this Policy") applies only to the Support Website products (and all third-party applications or services accessed by them) of ZTE Corporation (hereinafter referred to as "ZTE" or "we"). If a third-party application or service has a separate privacy policy, the privacy policy of the application or service shall prevail. For the contents that are not covered by the privacy policy of the application or service, this privacy policy shall prevail.

If you have any questions, comments, or suggestions, please contact us through the following means:

E-mail: Privacy@zte.com.cn

Company Name: ZTE Corporation

Registered Address: No. 55, Hi-Tech Road South, Shenzhen, P.R. China

ZTE understands the importance of personal information to you, and will make every effort to ensure the security of your personal information. ZTE promises to take appropriate measures to protect your personal information in accordance with well-established security standards in the industry.

Please read and understand this Privacy Policy carefully before using our products or services.

This policy helps you understand the following:

1. How we collect and use your personal information

2. How we use cookies and similar technologies

3. How we share, transfer, and disclose your personal information

4. How we protect your personal information.

5. Your rights

6. How we process the personal information of children

7. How we store your personal information

8. How this policy is updated

9. How to contact us

I. How we collect and use your personal information

Personal information refers to the information that is recorded electronically or in other ways and related to identified or identifiable natural persons, excluding the information after anonymization. Sensitive personal information refers to the personal information that may cause a violation of personal dignity or damage to personal and property safety once it is disclosed or illegally used. It includes information such as biological identification, religious belief, specific identity, health care, financial accounts, traces, and personal information of minors under a certain age (In this Policy, sensitive personal information involved will be highlighted in bold). ZTE will collect and use your personal information only for the following purposes described in this policy:

i. Scenarios in which we need your authorization to process your personal information.

To provide you with the basic functions of our products and/or services, you need to authorize us to collect and use necessary information. If you refuse to provide the information, you may not use our products and/or services properly.

1. Manage your account;

To effectively manage the accounts, for non-ZTE employees, we collect your information such as name, country (province), company name, e-mail address, phone number, and username from the ZTE User Center. As for the accounts of ZTE employees, we collect your employee ID, name, e-mail address, and department information from the HRM system of ZTE.

We can provide you with better services and experience, if additional information, such as the gender, email and detailed address, can be provided. If the above information cannot be provided, we may not be able to provide you with certain services.

We will have access to the above data provided by you while you are using our services. When you deregister your account, we will stop using the collected information, and delete your personal data or anonymize it. The above information will be stored in the People's Republic of China. If cross-border transfer is required, we will ask for your consent.

Personal information retention period:

As for the accounts of non-ZTE employees:

1) If your account on iSupport has not been used for twelve months, the account status becomes inactive. If it is not activated within five years, the personal data related to the account, including your username, name, phone number, e-mail address, company name, and country (province) will be deleted.

2) If your account is disabled, and if it is not enabled within five years, the personal data related to the account, including your username, name, phone number, e-mail address, company name, and country (province), will be deleted.

3) If you decide to deregister your account, as long as all service requests submitted by the account are completed, the personal data related to the account, including your username, name, phone number, e-mail address, company name, and country (province), will be deleted immediately after the account is deregistered.

As for the accounts of ZTE employees:

During the period of employment, your username, name, phone number, e-mail address, and department information will be stored in our system. After your resignation, all such information will be automatically deleted from the system.

2. Personal data collection during your submission of service requests, suggestions, or complaints

When you submit any technical support request to us, we will collect your name, e-mail address, phone number, company name, faulty device information, and fault description. When you give us any suggestion, we will collect your name, phone number, and e-mail address. When you lodge any complaint, we will collect your personal data such as province, city, company name, name, phone number, and e-mail address. When you apply for spare parts, we will collect your name, phone number, e-mail address, area information, and delivery address. The above information is necessary for us to provide after-sales services for you.

3. Personal data collection during customer service consultation online

We will record the contents of your messages. These contents will be retained for at least five years.

4. Collection and analysis of data related to your access to ZTE's services to improve ZTE's products and services

By using the data collection function of products, we record data related to your access to ZTE's services, including the access time, search and query history, network ID, and IP address. Pursuant to relevant laws and regulations, we may also obtain your personal data from lawful public and commercial sources for the purpose of providing customized services.

If we want to (1) use the collected data for purposes not specified in this Policy; (2) or put the data collected for a specific purpose into other uses, we will ask for your consent in advance.

ii. Scenarios in which you can choose whether to provide information as required

To improve your experience with our products and/or services, we may collect and use your personal information to provide the extended functions. If you do not provide your personal information, you can still use our products and/or services, but you may not use these extended functions as follows.

When you select the subscription service, we provide you with information subscription, product documents, and new document push services.

When you select the subscription service through My Subscription > My Space, you need to provide your username and e-mail address.

When you cancel the subscription service through My Subscription > My Space, the push service will be stopped.

II. How we use Cookies and similar technologies

1. Cookie

To ensure the proper operation of our products and/or services, we store small data files called a Cookie on your computer or mobile device. Cookies usually include identifiers, site names, some numbers, and characters. With the help of a Cookie, we can store data such as your preferences and goods in your shopping baskets. We will not use a Cookie for any purpose other than those described in this Policy. You can manage or delete a Cookie in accordance with your preference. You can clear all cookies stored on your computer. Most web browsers have the function of preventing cookies. If you do this, you need to change the user settings each time you visit our website.

2. SDK

To ensure the stable operation and function implementation of our products and/or services, and enable you to enjoy and use more services and functions, our products and/or services will embed the SDKs or other similar applications of authorized partners. For details about the SDKs of our access to authorized partners, refer to the Third-party SDKs List.

We will perform strict security checks on the API and SDK of the authorized partner that obtained relevant information. We will agree with the authorized partners on strict data protection measures to make sure that they will process personal information in accordance with this Policy and any other related confidentiality and security measures.

III. How we share, transfer, and disclose your personal information

To ensure the security of your personal information, we shall follow the minimization principle and share, transfer, or disclose your personal information in accordance with applicable laws and requirements.

For the companies, organizations, and individuals that share personal information with us, we will take organizational and technical measures in accordance with the local laws and regulations, and require them to process personal information in accordance with our security standards, this Policy, and related confidentiality and security measures.

1. Sharing

We will not share your personal information with any company, organization, or individuals other than ZTE Corporation (including its subsidiaries), except in the following cases:

(1) After obtaining your separate consent, we may share your personal information with other parties.

(2) We may share your personal information in accordance with the laws and regulations or mandatory requirements of government authorities.

(3) Share with authorized partners: Part of our services will be provided by authorized partners only for the purposes stated in this Policy. We may share some of your personal data with our partners to provide better services and user experience.

For example, we need to share your personal data such as name, address, and phone number with a logistics service provider before sending spare parts. We may also need to provide your personal data like your name, contact number, and e-mail address for technical personnel of our partners to contact you and provide you with technical support services. We only share your necessary personal data for legitimate, proper, necessary, specific, and explicit purposes. Our partners have no right to use the shared personal data for any other purposes.

We will sign strict confidentiality agreements with companies, organizations, and individuals with which we share personal information, and require them to process personal information in accordance with our instructions, this Policy, and any other relevant confidentiality and security measures.

2. Transfer

We will not transfer your personal information to any company, organization, or individual except in the following cases:

(1) Transfer with separate consent: After obtaining your separate consent, we may transfer your personal information to other parties.

(2) If personal information transfer is involved in a merger, division, dissolution, or bankruptcy, we will inform you of the name and contact information of the receiving party in a timely manner, and require the receiving party that holds your personal information to continue to be subject to this Policy. Otherwise, we will require the receiving party to re-request authorization from you.

3. Public Disclosure

We will disclose your personal information only in the following cases:

(1) With your separate consent.

(2) Disclosure based on law: We may disclose your personal information in case of law, legal procedure, litigation, or mandatory requirements of government authorities.

IV. How we protect your personal information

1. We have taken the security protection measures that comply with industry standards to protect the personal information provided by you against unauthorized access, disclosure, tampering, and loss. We will take all reasonable and feasible measures to protect your personal information.

For example, SSL encryption is used for protecting the data exchange (for example, credit card information) between your browser and a "service". We also provide the safe browsing mode of https for the support.zte.com.cn website. We use encryption technologies to ensure data confidentiality. We use trusted protection mechanisms to prevent data from being maliciously attacked. We will deploy access control mechanisms to ensure that only authorized personnel can access personal information. In addition, we will hold the training course on security and privacy protection to enhance employees' awareness of the importance of personal information protection.

2. Our data security capabilities:

We have been committed to protecting your personal information security.

We have taken various security measures, such as access control system, monitoring system, encryption, anonymization or pseudonymisation, employee training and so forth, to protect your personal information from unauthorized access, disclosure, tampering or loss, and other forms of illegal processing.

We have developed a business continuity plan to ensure that services can be provided continuously. Our information security policies and procedures are designed in strict accordance with international standards, and reviewed and updated regularly, and the effectiveness of the security management architecture and measures is ensured through regular third party security audits. ZTE Corporation and some of its subsidiaries have passed the ISO 27001 information security certification, and can effectively protect your personal information. In case of personal information leakage, we will initiate an emergency plan, take effective measures to prevent the situation from getting worse, and notify the relevant supervisory authority and you in a timely manner.

3. We will take all reasonable and feasible measures to ensure that irrelevant personal information is not collected. We will retain your personal information only for the period required to achieve the objectives specified in this policy, unless the retention period needs to be extended or is permitted by law.

4. The Internet is not absolutely secure, and most communication technologies, such as emails and instant messaging, are not encrypted. We strongly recommend that you do not send personal information through such means. Please use a complicated password to help us ensure the security of your account.

5. We shall regularly update and publicize the contents related to reporting such as security risks, personal information protection impact assessments and so forth. If we affect your personal information rights in protection impact assessment reports, we will actively disclose security risks. You can obtain detailed report contents in the following way:

E-mail: Privacy@zte.com.cn

6. The Internet environment is not 100 percent secure. We will do our best to ensure or guarantee the security of any information you send us. If our physical, technical, or management protection facilities are damaged, which results in unauthorized access, disclosure, tampering, or loss of your personal information that affects your legal rights and interests, we shall assume the corresponding legal responsibilities.

7. If a personal information security incident occurs, we will inform you of the basic situation and possible impact of the security incident in a timely manner, the remedial measures we have taken or will take, measures that you can take to mitigate risks, remedial measures for you, and our contact information. We will inform you of the incident by email, letter, telephone, or notification in a timely manner. If it is difficult to inform the subjects of personal information individually, we will release the notice in a reasonable and effective manner.

In addition, we will actively report the handling of personal information security incidents in accordance with the requirements of the regulatory department.

V. Your rights

In accordance with personal information protection laws, regulations, standards, and common practices in other countries and regions, we guarantee that you have the following rights over your personal information:

1. Access to your personal information

You have the right to access your personal data, except for some cases as required by the laws and regulations. If you want to exercise your data access rights, you can access your personal data in the following ways:

Account information: You may access or edit any personal data related to your account, change your password, or cancel your account through the following path: Home Page > My Space > My Information (https://support.zte.com.cn).

If you cannot access your personal data through the above link/method, you can contact us through privacy@zte.com.cn, or submit a request through the Data Subject Rights Response system (pdsr.zte.com.cn) at any time. We will respond to your request within 15 working days. In addition, we will provide you with other personal data generated when you use our products or services, as long as it does not take a huge effort.

2. Correct and supplement your personal information

When you find that your personal information processed by us is incorrect, you have the right to correct and supplement your personal information. You can apply for a correction through the following path: Home Page > My Space > My Information (https://support.zte.com.cn).

If you cannot correct your personal data through the above link, you can contact us through privacy@zte.com.cn or submit a request through the Data Subject Rights Response system (pdsr.zte.com.cn) at any time. We will respond to your request within 15 working days.

3. Delete your personal information

You can delete your personal information in the following cases:

(1) We violate laws and regulations when processing your personal information.

(2) We violate this Policy when processing your personal information.

(3) The purposes for which the personal information is processed as stipulated in this Policy are achieved or cannot be achieved, or the personal information is no longer necessary for the purposes.

(4) You will not use our products or services any longer, or your account is canceled.

(5) You have changed the scope of authorization that we have no right to process your personal information.

(6) We no longer provide products or services for you, or the storage period expires.

You can clear or delete the information through the following path: Home Page > My Space > My Information (https://support.zte.com.cn).For the information that cannot be cleared or deleted, please contact us via privacy@zte.com.cn.

Once you have deleted your personal information, we will also notify the entities that obtain your personal information from us and require them to delete your personal information in a timely manner, unless required by other laws and regulations, or these entities obtain your independent authorization. After your personal information is deleted, due to the limitations of applicable laws and regulations and safety technologies, we may not immediately delete the corresponding information in the backup system, but we will securely store your personal information, restrict further processing of it, and delete it during the backup update.

4. Change the scope of your authorization

You can change the scope of your authorization by yourself via the following path: Homepage > My Space > My Information > Update My Information > Privacy Policy (https://support.zte.com.cn).

You can cancel the subscription via the following path: Home Page > My Space > My Subscription (https://support.zte.com.cn), and we will stop the push service.

If you cannot access the personal information through the above links/methods, you may send an email to privacy@zte.com.cn or through the data subject right response system to request a response (path: pdsr.zte.com.cn), and we will respond to your access request within 15 working days.

Please understand that each business function can be implemented only after some basic personal information is obtained. When you withdraw your permission or authorization, we may not be able to provide you with the corresponding service. If the information is necessary for us to fulfill our obligations under laws and regulations or to provide major services, we may not be able to respond to your request or the normal use of our services will be affected. After you withdraw your consent, we will not process the corresponding personal information. However, your decision to withdraw your consent will not affect the previous processing of personal information based on your authorization.

5. Cancel your accounts

You can cancel your previous account by yourself at any time via the following path:

Home Page > My Space > My Information > Account Setting > Delete Account (https://support.zte.com.cn).

After your account is canceled, we will stop providing you with products or services and delete your personal information as required by you, unless otherwise specified by laws and regulations.

6. Copy and transfer your personal information

You have the right to access a copy of your personal information by yourself via the following path:

Home Page > My Space > Personal Information > Personal Data Modification > Export.

7.Restrain automatic decision-making of the information system

In some business functions, we may make decisions only through non-manual automatic decision-making mechanisms based on information systems and algorithms. If these decisions significantly affect your legitimate rights and interests, you have the right to ask us for an explanation. We will also provide appropriate relief methods. You may send an email to 800@zte.com.cn (China) or support@zte.com.cn (international).

8. Respond to your above requests

If your request cannot be implemented through these links/methods, you can send an e-mail to Privacy@zte.com.cn, or submit the request by log in to the data subject right response system: pdsr.zte.com.cn. We will respond to your access request within 15 working days.

To ensure security, you may need to provide a written request or prove your identity in other ways. We may ask you to verify your identity before processing your request, and we will respond within 15 working days.

In principle, we do not charge for your reasonable requests, but we will charge for repeated requests that exceed a reasonable limit. We may reject requests that repeat unreasonably, require excessive technical means (for example, development of a new system or a fundamental change of current practice), and bring risks to other people's legitimate rights and interests, or requests that are extremely impractical (for example, involving information stored on the backup tape).

We will not be able to respond to your request in accordance with laws and regulations if:

(1) The case is directly related to national security and national defense security.

(2) The case is directly related to public safety, public health, and major public interests.

(3) The case is directly related to any criminal investigation, prosecution, trial, and execution of a judgment.

(4) There is sufficient evidence that you have subjective malice or abuse of rights.

(5) Responding to your request will cause serious damage to the legal rights and interests of yours or other individuals' and organizations'.

(6) Business secrets are involved.

VI. How we process the personal information of minors

Our products, websites, and services are for adults. If you are a minor, please invite your parents or other guardians to read this policy carefully, and create your own user account or provide information to us with the consent of your parents or guardians.

Although local laws and customs define children differently, we regard anyone under 14 as a child. For the children's personal information collected with the consent of their parents or guardians, we will only use or disclose it as permitted by laws or with the express consent of the parents or guardians of laws or when it is necessary to protect the children. If we find that we have collected children's personal information without obtaining the consent of verifiable parents or guardians, we will try to delete the information as soon as possible.

VII. How do we store your personal information

1. Storage location and cross-border transfer of personal information

In principle, the personal information we collect and generate in the People's Republic of China will be stored within the territory of the People's Republic of China. Because we provide products or services through resources and servers around the world, this means that, to the extent permitted by applicable laws and regulations and required for providing services, your personal information may be transferred to an overseas jurisdiction of the country or area in which the products or services used by you are, or may be accessed from these jurisdictions. In this case, we will obtain your authorization and approval, inform you of the related information of the overseas recipient, and complete the cross-border transmission in accordance with the relevant laws and regulations on personal information protection.

There may be different data protection laws or even no laws in such jurisdictions. In such cases, we will ensure that your personal information is protected properly as it is protected in the People's Republic of China. For example, we will ask you to agree the cross-border transfer of personal information, or implement security measures such as data de-identification before cross-border data transfer.

2. Personal Information Storage Period

Unless otherwise specified in this Policy, we will retain your personal information within the period required to achieve the purposes described in this Policy, unless as required by law that the retention period needs to be extended or be permitted by law. The data retention period may vary with different scenarios, products, and services. The criteria for determining the retention period (the longer one prevails) include: the time when personal information needs to be retained for the purpose of the service which including the provision of products and services, maintenance of corresponding transaction and service records, control and improvement of product and service performance and quality, the guarantee of system, product and service security and respond to possible user queries or complaints; whether users agree to a longer retention period; and whether there are special requirements for keeping information such as laws and contracts.

After the retention period expires, we will delete your personal information or anonymize it in accordance with the requirements of applicable laws and regulations.

VIII. How this policy is updated

Our privacy policy may be revised from time to time.

Without your explicit consent, we will not reduce your rights under this Policy.

We will release any changes to this policy on this page. For major changes, we will also provide more noticeable notifications (including notifications for some services, which will be sent via email to describe the specific changes in the privacy policy), and get your approval again in accordance with the requirements of applicable laws and regulations.

Major changes mentioned in this Policy include but are not limited to the following situations:

1. Our service model has significantly changed. For example, the purpose of processing personal information, the type of processed personal information, and the mode of using the personal information.

2. Major changes have taken place in the ownership structure and organizational structure. Such as changes in owners caused by business adjustment or bankruptcy or mergers and acquisitions.

3. The major objects of personal information sharing, transfer, or public disclosure are changed.

4. Your right to participate in the processing of personal information and the way you exercise it have changed significantly.

5. Our responsible department for personal information security, contact method, or complaint channel have changed.

6. The personal information security impact assessment report indicates a high risk.

We will also archive the old version of this policy for your reference.

IX. How to contact us

We have established a special personal information protection department – Data Protection Compliance Dept. If you have any questions, comments, or suggestions on this Policy, please feel free to send an email to us at Privacy @zte.com.cn, which will be replied within 15 working days.

In addition, you can send letters to the Data Protection Compliance Dept. of ZTE headquarters

To: Data Protection Compliance Dept. of ZTE Corporation

Address: 26/F, R&D Building, No. 55, Hi-Tech Road South, Shenzhen, China (Post Code: 518017)

If you are unsatisfied with our response, especially when our personal information processing activities have damaged your legal rights and interests, you can seek solutions through the local data protection agency.

Attachment I

Third-Party SDK List

To ensure the implementation of related functions of document sharing and the secure and stable operation, we will access the Software Development Kit (SDK) provided by a third-party partner to achieve the above purposes.

We will perform strict security check on the third-party SDK and require the third-party partner to take strict measures to protect your personal data. When new service requirements are met and service function changes, we may adjust the third-party SDK that we access, and explain to you in a timely manner the latest situation of third-party SDK access. Note that the personal information type may be changed due to version upgrade or policy adjustment of the third-party SDK. For details, refer to the official description publicized by the third-party SDK.

Name of SDK	Functions	Client	Personal Information Obtained	Privacy Policy
TencentSDK	The Document Module provides the sharing function to share with QQ	Android	No	https://privacy.qq.com/policy/tencent-privacypolicy
		IOS	No
WeChatSDK	The Document Module provides the sharing function to share with WeChat	Android	No	https://www.wechat.com/zh_cn/privacy_policy.html
		IOS	No

APP Privacy Policy

Prompt