Quectel Privacy Agreement

Revision date: [August 30, 2021] Effective date: [October 20, 2021]

We are Quectel Wireless Solutions Co., Ltd (hereinafter referred to as “we”). This Privacy Agreement applies to the Quectel Forums Service (collectively called “Forums”) provided to you. We would like to clarify to you how we are committed to protecting your personal information through the Privacy Agreement. However, this agreement may not cover all the possible data processing scenarios, and information about the collection of certain data may be released in the form of notifications when the data is being collected. Meanwhile, this Privacy Agreement is not intended to explain how third parties define or use personal data. We recommend that you read the privacy policies of the third parties to understand your privacy right before interacting with them.

Please take the time to read this Privacy Agreement and familiarize yourself with our practices regarding user privacy. By any means you confirm your acceptance of this Agreement or your use of our service, such as by ticking online, you have fully read, understood and agreed to be bound by this Agreement, which shall have legal effect between you and us. If you have any questions, you can contact us at quecteldpo@quectel.com.

By reading this Agreement, you will learn that:

  1. Collection of Personal Information
  2. Data Processing
  3. Sharing, Transfer and Public Disclosure of Personal Information
  4. Time Limit for Storage of Personal Information
  5. Protection of Children’s Personal Information
  6. Personal Information Protection Measures
  7. Storage of Personal Information
  8. Cross-border Transmission of Personal Information
  9. Cookies and Other Technologies
  10. The Right to Personal Information and Its Exercise
  11. Change of Privacy Agreement
  12. Contact Us

1 Collection of Personal Information

1.1 Definition of Personal Information

Any information that we believe can directly identify you is personal information. In particular, individual device information and service log information cannot identify you, that is, they are non-personal information. However, if we combine this kind of information with other information to indirectly identify you by inference, such information will be considered as your personal information during the combined use period. In this Privacy Agreement, we also use the term “data” to represent personal information.

1.2 Collection Scenarios of Personal Information

We will collect your personal information in the following scenarios:

  • When you register as one of our users.

1.3 Scope of Information Collection

When collecting your personal information, we will comply with the requirements of laws and regulations and the rationality and necessity principles, that is, we will strive to only collect the data we need. The scope of the information collected will depend on how you interact with us, including:

  • When you register or log in Forums, we will collect the email address, user name, password, phone number and public network IP that you use for registration.
  • Additional information that you expressly agree to provide to us.

2 Data Processing

2.1 Our Role

We are the controller of your data.

2.2 Legal Basis

We will process your data on an appropriate legal basis in compliance with the requirements of applicable law, including:

  • With your express consent;
  • Fulfill the contract with you;
  • Data processing necessary to protect the vital interests of you or other natural persons. For example, keeping information safe or preventing fraud;
  • Based on our legitimate interests. For example, we will transmit data to other departments of our company to fulfill marketing purpose, implement company policies, manage daily affairs and use data in a summary manner for data analysis;
  • Based on legal liability or duties involving the public interest.

2.3 The Right Not to Provide Personal Information

You have the right to choose not to provide the personal data we request. However, if you choose not to provide your data, in many cases we may not be able to provide you with our products or services in accordance with the Terms of Service or respond to your request.

2.4 Purpose and Way

We will use your personal information for the following purposes in the following ways:

  • Verify your identity to prevent unauthorized access;
  • Provide you with our services and products in accordance with our contract with you;
  • Provide other services that you request as stated when we collect information;
  • Share your information with our authorized partners so that they can assist us in providing you with our services and products;
  • Process transactions and communicate with you about these transactions;
  • Help track and correct errors and bugs in the program;
  • For internal management and back office support, share your personal information with our worldwide branches when necessary to fulfill the service functions;
  • Detect and investigate the information disclosure, illegal activities and fraud;
  • Maintain the integrity and security of our technical data system for storing and processing your personal information;
  • Conduct internal audit, data analysis and research to analyze business operation efficiency to improve our services;
  • Provide relevant information in accordance with requirements of legal procedures, lawsuits or competent government authorities in compliance with applicable laws and regulations.

3 Sharing, Transfer and Public Disclosure of Personal Information

3.1 Sharing of Personal Information

We will keep your information strictly confidential and do not share your information with any company, organization or individual, except in the following cases:

  • We will share your personal information with other parties after obtaining your explicit consent.
  • Share your personal information with our employees and our global affiliates when necessary for implementing service functions, generally for the following purposes: provide you with further services, internal management needs, detect and process data leakage, illegal activities and fraud, maintain the integrity of the company’s information technology system and so on. We will only share necessary personal information with our employees to a minimum extent and will be bound by this Privacy Agreement. We will sign confidentiality agreements with the authorized employees.
  • Share your personal information with our third party service providers (or partners) to assist us in providing or improving our services, including but not limited to IoT platform service, video surveillance service, information system technical support and customer service. We will only share your personal information for legitimate, proper, necessary, specific and clear purposes and will only share the personal information necessary for providing services. Our third party service providers are not authorized to use the shared personal information for any other purpose. We will sign strict data processing agreements with all the third-party service providers (or partners) involved, requiring them to take certain security measures to process your personal information and ensure the security of your personal information in accordance with relevant laws and regulations and our requirements.

3.2 Transfer of Personal Information

We will not transfer your personal information to any company, organization or individual, except in the following cases:

  • We will transfer your personal information to other parties after obtaining your explicit consent.
  • In the event of a merger, an acquisition or liquidation, we will require the new company and organization that hold your personal information to remain subject to this Agreement, otherwise we will require the company and organization to obtain your consent again.

3.3 Public Disclosure of Personal Information

We will only publicly disclose your personal information under the following circumstances:

  • We will publicly disclose your personal information with your express consent or with your unsolicited choice;
  • Provide your personal information to the relevant authorities in accordance with laws and regulations or as required by government authorities. If we receive any judicial or other documents such as government subpoenas, search warrants or orders, we will immediately report them to our Data Protection Office and respond to the relevant authorities after Data Protection Office’s review. If our review determines that the relevant authorities have jurisdiction and that there is no other law prohibiting us from doing so, we will disclose the requested information to the judiciary or the government and limit the disclosure to the extent expressly required by the order or warranty.

3.4 Exceptions to Prior Authorization for Sharing, Transfer or Disclosure of Personal Information

In accordance with relevant laws and regulations, we may share, transfer or publicly disclose your information without your consent under the following circumstances:

  • Related to national security and national defense security;
  • Related to public safety, public health and major public interests;
  • Related to judicial or administrative enforcement, such as crime investigation, prosecution, trial and judgment enforcement;
  • It is difficult to obtain your own consent in order to protect your or other individuals’ personal life, property, and other important legitimate rights and interests;
  • Personal information that you disclose to the public;
  • Where personal information is collected from legally and publicly disclosed information, such as legal news reports, government information disclosure and other channels.

4 Time Limit for Storage of Personal Information

We retain personal information based on collection purposes or in compliance with applicable laws. After completing the collection purpose of personal information, we will stop retaining the data or desensitize and de-identify it. If for the purpose of public interest, scientific research, historical research or statistics, we will continue to retain relevant data based on applicable law, even if further data processing is not related to the original collection purposes.

5 Protection of Children’s Personal Information

Forums is primarily intended for adults, but for children who use Forums, we take additional procedures and measures to help keep their personal data safe. We consider minors under the age of 14 (or the age specified by local law) as children.

In cases where personal data of a child is collected with parental consent, we will only use or disclose such data where it is permitted by law, with the express consent of the parent or guardian, or where it is necessary to protect the child. If we find that we have collected personal information of a minor without the prior consent of a verifiable guardian, we will try to delete the relevant content as soon as possible.

6 Personal Information Protection Measures

We comply with the recognized key data protection principles (fairness, purpose limitations, data quality, data retention, compliance with individual rights, security) and take reasonable measures to ensure the security of personal information. We have applied a series of technical measures to protect the security of your personal information and minimize the risk of misuse, unauthorized access, unauthorized disclosure and inaccessibility. The security measures we use include but are not limited to: data desensitization, data encryption, firewalls and data access authorization control.

Currently we have obtained the following professional certification:

  • ISO 27001 Information Security Management System Certification

We also regularly review and update the security mechanisms used to protect data to provide effective protection against data misuse. If you believe that the security of your data has been compromised, or if you would like more information about our data protection measures, you can email our Data Protection Office at quecteldpo@quectel.com.

7 Storage of Personal Information

In order to fulfill our contract with you, we will access and process your personal information through our servers. Our servers are located in Japan.

8 Cross-border Transmission of Personal Information

We are a multinational company and the teams responsible for performing data processing work may have global or multi-country/multi-region responsibilities. Therefore, these teams may be located anywhere in the world where we operate our business, including countries outside the European Union that use different personal information protection standards than your country. We may also transmit the data to regions outside the European Union, including Japan.
By using or joining the service and/or providing us with your information, you agree that we collect, transmit, store and process your information outside your country of residence in accordance with this Privacy Agreement, and we will do our best to ensure that our collection, transmission, storage and processing of your data comply with requirements of the applicable law to the extent permitted by existing technology, such as enforcing standard contract terms.

9 Cookies and Other Technologies

We and third party service providers use technologies such as cookies, tags and scripts that help us better understand users’ behavior (including for security and fraud prevention purposes) and tell us what parts of our sites users visit to measure and improve the effectiveness of advertising and web search.

  • Necessary cookies: These cookies must be set to provide specific features or services that you access or request. For example, we need to use them to display websites in the proper format and language.
  • Other cookies: We use these cookies to understand how visitors interact with our websites and online services, which helps us evaluate the effectiveness of advertising and web search. We also use these cookies to record the choices you make when browsing to provide you with a customized experience.

If you do not want us to use cookies, you can consult your browser provider to learn how to disable cookies. However, if you choose to disable all cookies, certain features of our website will become unavailable.

10 The Right to Personal Information and Its Exercise

10.1 Your Right to Personal Information

  • Right of Access: You have the right to request a copy of the personal information that we hold about you;
  • Right of Correction: You have the right to request us to correct the information that is incorrect or out of date;
  • Right of Cancellation and Deletion: We regularly back up our data to prevent data loss due to server failure or human error, and you have the right to request us to cancel your account or delete your personal information held by us at any time;
  • Right of Carrying: You have the right to request us to provide you with your data and transfer it directly to a data controller where possible;
  • Right of Restricted Processing: If you think that the accuracy or legality of our processing of personal information is controversial, you have the right to request us to restrict the processing of personal information, but your right to restrict processing may prevent you from using our services properly;
  • Right of Rejection: You have the right to object to us using your personal information for user profiling and automatic decision-making, that is, you can object to us using your personal information to send commercial messages for direct marketing;
  • Right of Petition: You have the right to lodge a complaint about our processing of your data with the competent authorities of the member countries where you live or where your data is being processed;
  • Withdrawal of Consent: You can submit a request to withdraw your consent, including the collection, use and/or disclosure of your personal information that we hold or control. Please note that depending on the extent to which you authorize us to process information, this may result in you not being able to use some or all of our products or services.

10.2 The Way to Exercise the Right to Personal Information

We will protect your right to access and correct your personal information. If you would like to exercise any right stated in Article 10.1, please email us at quecteldpo@quectel.com.

We will ask for verification of your identity before we process your request. Once we have sufficient information to process your request, we will respond to your request within the time required by applicable Data Protection Law. Please also understand that we will not reply to your email if we believe that it is irrelevant to your request for personal information rights.

10.3 Request Result

After the personal information subject make a request, the following results may occur:
(1) Request is denied
Request from personal information subject will be denied in some cases including but not limited to:

  • When the personal information subject is not entitled to relevant rights under the laws of your location;
  • When the identity of the person making the request cannot be verified;
  • Requests from the personal information subject cannot be verified or go beyond the scope, especially if the requests are repeated;
  • If the information involved is related to compensation to be made or obtained in a dispute, the disclosure of the information is likely to harm the interests of the parties concerned;
  • If the information is retained only for statistical and research purposes and the publication of statistical and research results will not disclose the identity of the individual;
  • Other circumstances as prescribed by laws.

If the access request from the personal information subject is denied, we will formally explain the reason to the requester.

(2) Request is successful
When the case in (1) does not occur, we will satisfy the request of the personal information subject. To increase the likelihood of a successful request, please provide as much detailed information as possible when making the request, such as the category and specific content of the request, information about the information holder (such as the name of the product and service you are using) and the time range within which the information is generated or processed (the smaller the time range, the greater the likelihood of success).

10.4 Withdrawal of Consent

You can change the extent to which you authorize us to continue collecting personal information or withdraw your authorization by deleting configuration information, deleting bound devices, or canceling your account.

Please understand that some basic personal information (registered email address) is required to complete the service function. After you withdraw your consent or authorization, we cannot continue to provide you with the corresponding service, and will no longer process your corresponding personal information. However, your decision to withdraw your consent or authorization will not affect the processing of personal information previously performed based on your authorization.

11 Change of Privacy Agreement

We reserve the right to modify this Privacy Agreement. We will not reduce your rights under this Privacy Agreement without your express consent. We will post any changes to this Agreement on this page. We may also provide more prominent notice of important changes (including for certain services, we will email you a notification of specific changes to our personal information protection policy).

Important changes referred to in this Agreement include but are not limited to:

  • Significant changes to our service mode, such as the purpose of processing personal information, the type of personal information to be processed and the way to use personal information;
  • Significant changes to our ownership structure, organizational structure and others, such as owner change caused by business adjustment, bankruptcy, merger and acquisition;
  • Changes in the main objects of public disclosure of personal information;
  • Changes of your right to participate in the processing of personal information and the way you exercise the right;
  • When there is a change in our responsible department for the security of personal information, contact details and complaint channels;
  • When the personal information security impact assessment report indicates a high risk.

We will also archive the old version of this Privacy Agreement for your review. In order for you to receive timely notifications, we recommend that you notify us when your contact details are updated. By continuing to use our service after the update of this Agreement takes effect, you have fully read, understood and accepted the updated Agreement and are willing to be bound by the updated Agreement. We encourage you to read this Agreement each time you use our service.

12 Contact Us

If you have any questions about this Privacy Agreement, or if you would like to exercise any rights, please email our specially established Data Protection Office at quecteldpo@quectel.com. Upon receipt of your request, we will make every effort to ensure that we respond to your request within one month. Thank you for your patience and understanding. Given the complexity and number of requirements, this period may be extended for an additional 45 days if necessary. In the case of delay in providing information, we will notify the personal information subject of the circumstances and the reason for the delay. If the time limit set in this paragraph conflicts with the law of your location, the law of the place where you are located shall prevail. If you disagree with our handling of your personal information, you may submit a mediation request or other claim to your local data protection regulator.

Thank you for taking the time to read our privacy agreement!