Privacy Policy
PRIVACY POLICY
Our Privacy Policy was updated on July 22rd, 2021.
Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.
ABOUT US
Xiaomi Singapore Pte. Ltd., Xiaomi Technology Netherlands B.V., and its affiliated companies within the Xiaomi Group (hereinafter refer to as “Xiaomi”, “we”, “our” or “us”) take your privacy very seriously. This Privacy Policy is designed with your needs in mind, and it is important that you have a comprehensive understanding of our personal information collection and usage practices, while ensuring that ultimately, you have control of your personal information provided to Xiaomi.
ABOUT THIS PRIVACY POLICY
This Privacy Policy explains how Xiaomi collects, uses, discloses, processes and protects any personal information that you give us or that we collect from you. Should we ask you to provide certain information by which you can be identified when you use the services on our platform, it will only be used in accordance with this Privacy Policy and/or our terms and conditions for users. Under this Privacy Policy, “personal information” means information that can be used to directly or indirectly identify an individual, either from that information alone or from that information combined with other information Xiaomi has access to about that individual, except as otherwise specifically provided by applicable laws in your region. We will use your personal information strictly in accordance with this Privacy Policy.
HOW WE CAN HELP YOU
Ultimately, what we want is the best for all our users. Should you have any questions with our data handling practices as summarized in this Privacy Policy, please contact us at https://privacy.mi.com/support to address your specific concerns. We will be happy to hear from you.
1 What information is collected by us and how do we use it?
1.1 What information is collected by us
In order to provide our services to you, we will ask you to provide personal information that is necessary to provide those services to you. We will only collect the information that is necessary for its specified, concrete, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. You have the right to choose whether or not to provide the information we have requested, but in most cases, if you do not provide your personal information, we may not be able to provide you with our services or respond to your queries.
1.1.1 Information you provide to us
We may collect any personal information you provide to us, which is necessary for the service you choose. For example, you may provide your Mi Account information when you log in; you may provide us your email address if you wish to receive news or updates from us; you may provide us your mobile phone number, address, name, postal code, order, invoicing details if you use retailing services.
1.1.2 Information that we collect in your use of services
Device or SIM-related information. For example, GAID number, Android version, screen display information (screen height, screen width), device manufacturer details, network operator, connection type, basic hardware information.
Information related to your application usage, including application basic information, such as application version, application settings (region, language, time zone, and font) and application status record (e.g. downloading, installing, updating, deleting).
Information generated when you use a service, such as your messages and ratings in customer support services.
Location information.
Log information. Information related to your use of certain features, apps, and websites. For example, cookies and IP addresses.
1.1.3 Information from third-party sources
When permitted by law, we will collect information about you from third-party sources. For example,
we may also obtain certain information such as account IDs and nicknames from third-party social network services (e.g. when you use a social network account to sign in to our service);
information about you that others provided to us (e.g. your delivery address that other users may provide to us when they buy products for you).
1.1.4 Non-personally identifiable information
We may also collect other types of information which are not directly or indirectly linked to an individual and which may not be defined as personal information according to applicable local laws. Such information may include statistical data generated when you use a specific service (e.g. daily usage events, page access events, page access time events and session events); network monitoring data (e.g. request time, number of request or error request etc.); application crash events. The purpose for such collecting is to improve the services we provide to you. The type and amount of information collected depends on how you use our services.
Such data is not personal information as it cannot be used to identify you. However, if we combine non-personal information with personal information, such information will be treated as personal information.
1.2 How we use the personal information that we collect
The purpose of collecting personal information is to provide you with our services, and to ensure that we comply with applicable laws, regulations and other regulatory requirements. This involves:
Providing, processing, maintaining, improving and developing our services to you, such as delivery, after-sales, customer support.
Handling your questions or requests about our services, such as answering customer inquiries.
Conducting relevant promotional activities, such as providing marketing and promotional materials and updates. If you no longer wish to receive certain types of promotional materials, you may opt-out by the method provided in the message (such as the unsubscribe link at the bottom of the message) unless otherwise specified under applicable laws. Please also see “Your rights” below.
Providing personalized services and content. We may recommend personalized products, services and activities, based on information you generate when using our services, such as purchase history, website browsing history, and searching history. You have the right to opt-out from receiving personalized recommendations and to object to profiling, including that carried out for direct marketing purposes, at any time. To do so, you can turn it on or off at any time within the phone settings or contact us at https://privacy.mi.com/support. Please also see “Your rights” below.
Internal purposes ssuch as data analysis, research, and development of statistical information related to the use of our services for improvement. For example, machine learning or model algorithm training is performed after de-identification processing
Storing and maintaining information related to you for our business operations (such as business statistics) or for fulfilling our legal obligations.
Other purposes with your consent.
Here are more detailed examples on how we use your information (which may include personal information):
Processing your purchase order. Information related to e-commerce orders is used for processing the purchase order and related after-sales services, including customer support and re-delivery. In addition, the order number will be used to cross-check the order with the delivery partner as well as to record delivery of the parcel. Recipient information, including name, address, phone number and postal code will be used for delivery purposes. Your email address is used to send you parcel tracking information. A list of purchased items is used for printing an invoice and enables the customer to see which items are in the parcel.
Collecting user feedback. The feedback you choose to provide is valuable in helping Xiaomi make improvements to our services. In order to follow up on the feedback you have chosen to provide, Xiaomi may correspond with you using the personal information that you have provided and keep records of this correspondence for problem solving and service improvement.
Sending notices. From time to time, we may use your personal information to send important notices, such as notices about purchases and changes to our terms, conditions, and policies. Since such information is critical to your interaction with Xiaomi, it is not recommended that you refuse to receive such information.
We may combine this information with other information (including information across different services or devices such as computers, mobile phones, and other connected devices) to provide and improve our services, and content. For example, we may use your Mi Account details in all services you use that require a Mi Account. Furthermore, in order to improve your experience and our services, while complying with relevant laws and regulations or with your consent, we may sort out information from different services or equipment from you or related to you to form a label, to provide suggestions, customized content, and personalized features. For example, using your search history in the browser to recommend products or services which you would be interested on mi.com. And according to the reasons for the aforementioned combination and the requirements of applicable laws, we will provide you with specific control mechanisms for such combination. You have the right to opt-out of receiving direct marketing from us and automated decision-making, etc. In order to exercise these rights, you can contact us at https://privacy.mi.com/support or refer to the control mechanisms described in the separate privacy policy for each product. Please also see “Your rights” below.
2 Cookies and other technologies
Technologies such as cookies, tags, and scripts are used by Xiaomi and our third party service providers and business partners (for more information see “How we share, transfer, and publicly disclose your personal information” below). These technologies are used in analyzing trends, administering the site, tracking users’ movements around the website and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis. These technologies help us better understand users’ behavior, tell us which parts of our websites people have visited, as well as facilitate and measure the effectiveness of web searches. We treat information collected by cookies and other technologies as non personal information, except where Internet Protocol (IP) addresses or similar identifiers are considered personal information by local laws.
Log files: As true of most websites, we gather certain information and store it in log files. This information may include Internet Protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do not link this automatically collected data to other information we gather about you.
Mobile analytics: Within some of our mobile applications we use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where crashes occur within the application. We do not link the information we store within the analytics software to any personal information you submit within the mobile application.
Local storage – HTML5/Flash: We use Local Storage Objects (LSOs) such as HTML5 or Flash to store content and preferences. Third parties with whom we partner to provide certain features on our sites also use HTML5 or Flash cookies to collect and store information. Various browsers may offer their own management tool for removing HTML5 LSOs. To manage flash cookies, please click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html .
3 How we share, transfer, and publicly disclose your personal information
3.1 Sharing
We do not sell any personal information to third parties. We may sometimes share your personal information with third parties (as described below) in order to provide or improve our services, including offering services based on your requirements. If you no longer wish to allow us sharing this information, please contact us at https://privacy.mi.com/support.
3.1.1 Sharing that you actively choose or request
With your explicit consent or at your request, we will share your personal information within the scope of your consent/request with specific third parties designated by you.
3.1.2 Sharing information with our group
In order to successfully conduct business operations and to provide you with all the functions of our services, we may share your personal information from time to time to other Xiaomi affiliates.
3.1.3 Sharing with our group’s ecosystem companies
Xiaomi works together with a group of companies forming the Mi Ecosystem. The Mi Ecosystem companies are independent entities, invested and incubated by Xiaomi, and are experts in their fields. Xiaomi may disclose your personal information to the Mi Ecosystem companies to provide you with and improve the existing products and services (both hardware and software) from the Mi Ecosystem companies. Some of these products or services will still be under the Xiaomi brand, while others may use their own brand. The Mi Ecosystem companies may share information with Xiaomi from time to time in relation to products or services under the Xiaomi brand with Xiaomi to provide hardware and software services, bringing better features and user experience. Xiaomi will take appropriate management and technical measures to ensure the security of your personal information processing, including but not limited to the encryption of your personal information.
3.1.4 Sharing with third party service providers and business partners
To help us provide you with services described in this Privacy Policy, we may, where necessary, share your personal information with our third party service providers and business partners. This includes our delivery service providers, data centers, data storage facilities, customer service providers and marketing service providers and other business partners. These third parties may process your personal information on Xiaomi’s behalf or for one or more of the purposes of this Privacy Policy. We guarantee that the sharing of personal information necessary for providing services to you is solely for legitimate, legal, necessary, specific, and explicit purposes. Xiaomi will conduct due diligence and have contracts in place to ensure that third-party service providers comply with the applicable privacy laws in your jurisdiction. There may be occasions that third-party service providers have their sub-processors.
To provide performance measurement, analysis, and other business services, we may also share information (non-personal information) with third parties in aggregated form. We use the information we have to help our business partners evaluate the effectiveness and coverage of their services, and understand the types of people who use their services and how people interact with their websites, apps, and services. We may also share general usage trends of our services with them, such as the number of customers in a particular group of people who purchase certain products or engage in certain transactions.
3.1.5 Other
In accordance with legal requirements, legal procedures, litigation and/or requests from public agencies and government agencies, Xiaomi may need to disclose your personal information. If the disclosure is necessary or appropriate for national security, law enforcement, or other matters of public importance, we may also disclose information about you.
In order to enforce our terms or protect our business, rights, assets or services, or to protect users, or if the disclosure is reasonably necessary for the following purposes (detecting, preventing and resolving fraud, unauthorized use of the service, violations of our terms or policies, or other harmful or illegal activities), we may also disclose information about you. (There may be occasions when Xiaomi may collect, use or disclose your personal information without your consent if it is and only to the extent it is permitted under applicable data protection laws). This may include providing your personal information to public or government agencies; communicating with third-party partners about the reliability of your account to prevent fraud, violations, and other harmful behaviors.
In addition, we may share your personal information with:
our accountants, auditors, lawyers, or similar advisers when we ask them to provide us with professional advice; and
investors and other relevant third parties in the event of an actual or potential sale or other corporate transaction related to an entity in the Xiaomi Group; and
any other third parties, if authorized by you to do so in relation to a specific disclosure.
3.2 Transfer
Xiaomi will not transfer your information to any subject except in the following cases:
Where we have obtained your explicit consent;
If Xiaomi is involved in the merger, acquisition, or sale of all or part of its assets, we will notify you of any changes in the ownership, use, and any choice of your personal information you possibly possess by email and/or by posting a prominent notice on our websites.
3.3 Public disclosure
In addition to releasing the winner's mobile phone number or Mi Account ID or user name when publishing the winner list in de-identifiable form, Xiaomi will only publicly disclose your personal information under the following circumstances:
Where we have obtained your explicit consent;
Public disclosure based on law or reasonable grounds: including laws and regulations, legal procedures, litigation, or at the request of the competent government departments.
4 How we store and protect your personal information
4.1 Xiaomi’s security safeguards
We are committed to keeping your personal information secure. In order to prevent unauthorized access, disclosure or other similar risks, we have put in place all legally required physical, electronic and managerial procedures to safeguard and secure the information we collect on your mobile device and on Xiaomi websites. We will ensure that we safeguard your personal information in accordance with applicable law.
For example, when you access your Mi Account, you can choose to use our two-step verification program for better security. When you send or receive data from your Xiaomi device to our servers, we make sure they are encrypted using Transport Layer Security (“TLS”) and other algorithms.
All your personal information is stored on secure servers, and protected in controlled facilities. We classify your information based on importance and sensitivity, and ensure that your personal information has the required level of security. We have special access controls for cloud-based data storage, and we regularly review our information collection, storage and processing practices, including physical security measures, to guard against any unauthorized access and use.
We conduct due diligence on business partners and third party service providers to make sure that they are able to protect your personal information. We also check that appropriate security standards are maintained by these third parties by putting in place appropriate contractual restrictions, and where necessary, carrying out audits and assessments. In addition, our employees and those of our business partners and third party service providers who access your personal information are subject to enforceable contractual obligations of confidentiality.
We conduct security and privacy protection training courses and tests to enhance our employees' awareness of the importance of protecting personal information. We will take all practicable and legally required steps to safeguard your personal information. However, you should be aware that the use of the Internet is not entirely secure, and for this reason we cannot guarantee the security or integrity of any personal information when transferred from you or to you via the Internet.
We handle personal data breaches as required by applicable data protection law which includes, where required, notifying the breach to the relevant data protection supervisory authority and data subjects.
4.2 What you can do
You can set a unique password for Xiaomi by not disclosing your sign-in password or account information to anybody (unless such person is duly authorized by you) to avoid password leaks to other websites which may harm your account security at Xiaomi. Whenever possible, please do not disclose the verification code you received to anyone (including those who claim to be Xiaomi customer service). Whenever you sign in as a Mi Account user on Xiaomi websites, particularly on somebody else's computer or on public Internet terminals, you should always sign out at the end of your session. Xiaomi cannot be held responsible for lapses in security caused by third party accessing your personal information as a result of your failure to keep your personal information private. Notwithstanding the foregoing, you must notify us immediately if there is any unauthorized use of your account by any other Internet user or any other breach of security.
Your assistance will help us protect the privacy of your personal information.
4.3 Accessing other features on your device
Our applications may access certain features on your device. This information is used to allow the applications to run on your device and allow you to interact with the applications. At any time you can revoke your permissions by turning them off at the device level or by contacting us at https://privacy.mi.com/support.
4.4 Retention policy
We retain personal information for the period necessary for the purpose of the information collection described in this Privacy Policy, or as required by applicable laws. We will cease to retain and delete or anonymize personal information once the purpose of collection is fulfilled, or after we confirm your request for erasure, or after we terminate the operation of the corresponding service. An exception to this is personal information that we are processing for public interest, scientific, historical research, or statistical purposes. Xiaomi will continue to retain this type of information for longer than its standard retention period, where permitted based on applicable laws or your request, even if further data processing is not related to the original purpose of collection.
5 Your rights
Controlling your personal information
5.1 Controlling settings
Xiaomi recognizes that privacy concerns differ from person to person. Therefore, we provide examples of ways Xiaomi makes available to you to restrict the collection, use, disclosure or processing of your personal information and control your privacy settings, such as sign in or out of the Mi Account.
If you have previously agreed to us using your personal information for the aforementioned purposes, you may change your mind at any time by contacting us at https://privacy.mi.com/support
5.2 Your rights to your personal information
Depending on applicable laws and regulations, you have the right to access, rectification, and erasure of any other personal information that we hold about you (hereinafter referred to as the request).
You may also access and update the details relating to the personal information in your Mi Account at https://account.xiaomi.com or by logging into your account on your device. For additional information, please write to us or contact us at https://privacy.mi.com/support.
This Privacy Policy requires that your request satisfy applicable laws and regulations and the following conditions:
(1) Through Xiaomi's exclusive request channel and for the protection of your information security, your request should be in writing (unless the local law explicitly recognizes the oral request);
(2) Provide sufficient information to enable Xiaomi to verify your identity and ensure that you are the data subject or a person legally authorized to act on the data subject’s behalf.
Once we obtain sufficient information to confirm that your request can be processed, we shall proceed to respond to your request within any timeframe set out under your applicable data protection laws.
In detail:
You have the right to be provided with clear, transparent and easily understandable information about how we use your personal information and your rights. This is why we are providing you with the information in this Privacy Policy.
Based on the requirements of applicable laws, a copy of your personal data collected and processed by us will be provided to you upon your request free of charge. For any extra requests for relevant information, we may charge a reasonable fee based on actual administrative costs according to the applicable laws.
If any information we are holding on you is incorrect or incomplete, you are entitled to have your personal information corrected or completed based on the purpose of use.
Based on the requirements of applicable laws, you have the right to request the deletion or removal of your personal information where there is no compelling reason for us to keep using it. We shall consider the grounds regarding your erasure request and take reasonable steps, including technical measures. If the right is upheld, we may not be able to immediately remove the information from the backup system due to applicable law and/or technical limitations. If this is the case, we will securely store your personal information and isolate it from any further processing until the backup can be deleted or be made anonymous.
You have the right to object to certain types of processing, including processing for direct marketing, and under certain circumstances where the legal basis for processing is our legitimate interests. Particularly under the laws of some jurisdictions:
You have the right to obtain from us the restriction of processing your personal information. We shall consider the grounds regarding your restriction request. If the grounds apply to GDPR, we shall only process your personal information under applicable circumstances in GDPR and inform you before the restriction of processing is lifted.
You have the right not to be subject to a decision based solely on automated processing, which produces legal effects concerning you or similarly significantly affects you.
You have the right to apply for your personal information in a structured, commonly used format and transmit the information to another data controller. We have the right to refuse to process requests that are frivolous, requests that damage others' right of privacy, extremely unrealistic requests, requests that require disproportionate technical work, and requests not required under local law, information that have been made public, information given under confidential conditions. If we believe that certain aspects of the request to delete or access the information may result in our inability to legally use the information for the aforementioned anti-fraud and security purposes, it may also be rejected.
5.3 Withdrawal of consent
You may withdraw your consent previously provided to us for a particular purpose by submitting a request, including collecting, using, and/or disclosing your personal information in our possession or control. Based on the specific service you are using, you can visit the Mi Account management center at https://account.xiaomi.com/pass/del or contact us at https://privacy.mi.com/support. We will process your request within a reasonable time from when the request was made, and thereafter not collect, use and/or disclose your personal information as per your request. Depending on the extent of your withdrawal of consent, please note that you may not be able to continue receiving the full benefit of Xiaomi’s products and services. The withdrawal of your consent or authorization will not affect the validity of our processing carried out on the basis of the consent up until the point of withdrawal.
5.4 Cancelling a service or account
If you wish to cancel a specific product or service, you can contact us at https://privacy.mi.com/support for logout service.
If you wish to cancel the Mi Account, please note that the cancellation will prevent you from using the full range of Xiaomi products and services. Cancellation may be prevented or delayed in certain circumstances.
6 How your personal information is transferred globally
Xiaomi processes and backs up personal information through a global operating and control infrastructure. Currently, Xiaomi has data centers in India, the United States, Germany, Russia, and Singapore. For the purposes described in the Privacy Policy, your information may be transferred to these data centers in accordance with applicable law.
We may also transfer your personal information to third-party service providers and business partners and your data may therefore also be transmitted to other countries or regions. The jurisdiction in which these global facilities are located may or may not protect personal information to the same standards as in your jurisdiction. There are different risks under different data protection laws and that we may transfer and store your personal information to overseas facilities. However, this does not change our commitment to comply with this Privacy Policy and to protect your personal information.
In particular,
The personal information we collect and generate in our operations in Russia is processed and stored in data centers located in Russia, except for cross-border transmissions permitted under Russian law.
The personal information we collect and generate in operations in India is stored in data centers located in India.
If we need to transfer personal information outside of your jurisdiction, whether to our affiliates or third-party service providers, we will comply with related applicable laws. We ensure that all such transfers meet the requirements of applicable local data protection laws by implementing uniform safeguards. You can find out about the safeguards that we have in place by contacting us at https://privacy.mi.com/support.
If you use our services in the area of the European Economic Area (EEA), Xiaomi Technology Netherlands B.V. will act as the data controller and Xiaomi Singapore Pte. Ltd. will be responsible for the data processing. Contact details can be found in the "Contact us" section.
If Xiaomi shares personal data originating by you in the EEA to a Xiaomi Group entity or a third party service provider outside the EEA, we will do so on the basis of EU standard contractual clauses or any other safeguards provided for in the GDPR.
7 Protection of minors
We consider it the responsibility of the parent or guardian to supervise the child's use of our services. However, we do not offer services directly to a child or use personal data of children for the purposes of marketing. If you are a parent or guardian and you believe that the minor has provided Xiaomi with personal information, please contact us at https://privacy.mi.com/support to ensure that the personal information is removed immediately and that the minor is unsubscribed from any of the applicable Xiaomi services.
8 Do I have to agree to any third party terms and conditions?
Our Privacy Policy does not apply to products or services offered by a third party. Depending on the service you use, it may incorporate a third parties’ products or services such as payment processing etc. Some of these will be provided in the form of links to third parties’ websites, and some will be accessed in the form of SDKs, APIs, etc. Your information may also be collected when you use these services. For this reason, we strongly suggest that you take the time to read the third party’s privacy policy just like you read ours. We are not responsible for and cannot control how third parties use personal information which they collect from you. Our Privacy Policy does not apply to other sites linked from our services. The following are the examples of when third party terms and privacy policies may apply when you use the specific services listed above:
When you use a third party check-out service provider to finalize and pay for your order, the personal information that you provide during check out is handled in accordance with the third party’s privacy policy.
9 How we update this Privacy Policy
We review the Privacy Policy periodically based on changes in business and technology, and we may update this Privacy Policy. If we make a material change to this Privacy Policy, we will notify you via your registered contact information such as email (sent to the email address specified in your account) or publish on Xiaomi websites or notify you via mobile devices so that you can learn about the information we collect and how we use it. Such changes to Privacy Policy will apply from the effective date specified in the notice or website. We encourage you to check this page regularly for the latest information on our privacy practices. Your continued use of the services on the website, mobile and/or any other device will be deemed acknowledgement of the updated Privacy Policy. We will ask for your explicit consent when we collect additional personal information from you or when we use or disclose your personal information for new purposes.
10 Other
10.1 Single sign-on
Depending on your jurisdiction, you may be able to log in to our website using a variety of login provided by OAuth services. These services will authenticate your identity, provide you the option to share certain personal information (such as your name and email address) with us, and to pre-populate our sign-up form. The OAuth services allow you to choose whether or not to post information about your personal activities on this website to your profile page to share with others within your network.
11 Contact us
If you have any comments or questions about this Privacy Policy or any questions relating to Xiaomi’s collection, use, or disclosure of your personal information, please contact us at the address below referencing “Privacy Policy”. When we receive privacy or personal information questions about access/download requests, we have a professional team to solve your problems. If your question itself involves a significant issue, we may ask you for more information. If you are not satisfied with the response you received, you can hand over the complaint to the relevant regulatory authority in your jurisdiction. If you consult us, we will provide information on the relevant complaint channels that may be applicable based on your actual situation.
Xiaomi Communications Co., Ltd.
#019, 9th Floor, Building 6, 33 Xi'erqi Middle Road, Haidian District, Beijing, China, 100085
Xiaomi Singapore Pte. Ltd. 20 Cross Street, China Court #02-12 Singapore 048422
Xiaomi Technology India Private Limited Building Orchid, Block E, Embassy Tech Village, Outer Ring Road, Devarabisanahalli, Bengaluru, Karnataka – 560103, India
For users in the European Economic Area (EEA):
Xiaomi Technology Netherlands B.V. Room 04-106, Wework Strawinskylaan 4117 4th Floor, Atrium North Tower Amsterdam, 1017XD
Contact Form: https://privacy.mi.com/support
Thank you for taking the time to read our Privacy Policy!
What’s new to you
We have made several updates as follows:
We updated the types of information we collect, including the information provided by third-party service providers, information generated from your usage of services, and information you provide to us.
We described how your information will be used in more detail, including specific methods and scenarios.
The new version of our privacy policy will contain more detailed descriptions of how we share, transfer, and publicly disclose your personal information.