Version:v20231229

Xiaomi Privacy Policy

Our Privacy Policy was updated on January 15, 2021.

Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.

About us

Xiaomi Singapore Pte. Ltd., Xiaomi Technology Netherlands B.V., and all affiliated companies under the Xiaomi Group (click here for a detailed list), collectively referred to hereinafter as "Xiaomi", "we", "our", or "us", take your privacy seriously. This Privacy Policy is designed with your needs in mind, and it is important that you have a comprehensive understanding of our personal information collection and usage practices, while ensuring that ultimately, you have control of your personal information provided to Xiaomi.

About this Privacy Policy

Except for specific Xiaomi products or services providing an independent privacy policy, this Privacy Policy applies to all Xiaomi devices, websites, or applications that reference or link to this Privacy Policy. This Privacy Policy explains how Xiaomi collects, uses, discloses, processes, and protects any personal information that you give us or that we collect from you, when you use our products and services accessed from websites (https://www.mi.com, https://en.miui.com, https://account.xiaomi.com), and our applications that we offer on our mobile devices. If a Xiaomi product provides a separate privacy policy, the separate privacy policy will receive priority application, while anything that is not specifically covered shall be subject to the terms of this Privacy Policy. Furthermore, how specific products and services collect and process your personal information may also vary depending on the model, service version, or region. You should refer to the separate privacy policy for further details.

Under this Privacy Policy, "personal information" means information that can be used to directly or indirectly identify an individual, either from that information alone or from that information combined with other information Xiaomi has access to about that individual, except as otherwise specifically provided by applicable laws in your region. We will use your personal information strictly in accordance with this Privacy Policy. Where the context requires, personal information shall also include sensitive personal data or information, as may be categorized under applicable law.

How we can help you

Ultimately, what we want is the best for all our users. Should you have any questions about our data handling practices regarding personal information as summarized in this Privacy Policy, please contact us via https://privacy.mi.com/support to address your specific concerns. We will be happy to hear from you. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Please see "Contact us" below.

TRUSTe

1. What information we collect and how we use it

1.1 What information we collect

We will ask you to provide personal information that is necessary for us to provide our services to you. We will only collect the information that is necessary for specified, concrete, explicit, and legitimate purposes and shall ensure that the information is not further processed in a manner that is incompatible with those purposes. You have the right to choose whether or not to provide the information we have requested, but in most cases, if you do not provide your personal information, we may not be able to provide you with our products or services or respond to your queries.

Depending on the service you choose, we may collect the following types of information:

1.1.1 Information you provide to us

We may collect any personal information you provide to us, which is necessary for the service you choose. For example, you may provide your name, mobile phone number, email address, delivery address, order information, invoicing details, bank account number, account holder name, credit card number, and other information if you use mi.com retailing services; you may sync materials or data if you use Xiaomi Cloud services; you may provide your gender, security-related information, and other information if you create an account; you may provide us your nickname, email address, photos, videos or other needed information if you enter into promotional activities; you may provide your name, mobile phone number, and address if you engage with us, our content, or our marketing, or win a prize.

1.1.2 Information that we collect during your use of services

• Device or SIM-related information. For example, IMEI/OAID, GAID number, IMSI number, MAC address, serial number, system version and type, ROM version, Android version, Android ID, Space ID, SIM card operator and its location area, screen display information, device keypad information, device manufacturer details and model name, device activation time, network operator, connection type, basic hardware information, sales channel and usage information (such as CPU, storage, battery usage, screen resolution and device temperature, camera lens model, number of times the screen was woken or unlocked).

• Information specific to you that may be assigned by third party service providers and our business partners: We may collect and use information such as your advertising ID assigned by third party service providers and business partners.

• Information related to your app usage, including unique identifiers for an app (e.g. VAID, OAID, AAID, Instance ID) and basic app information, such as app list, app ID information, SDK version, system update settings, app settings (region, language, time zone, font), the time the app enters/exits the foreground, and app status record (e.g. downloading, installing, updating, deleting).

• Information generated when you use a Xiaomi system service, such as your badges, ratings, sign-in information, and browsing history in Xiaomi Community; your messages in Xiaomi Community (only visible to the sender and receiver); your audio playback history and search queries in music services; your likes, comments, favorites, shares, and search queries in themes services; system language, country and region, network status, and list of apps in App Vault; your usage information, including region, IP, relevant content provider, wallpaper changing frequency, image views, image browsing mode, image browsing duration, clicks and exposure of articles, and subscriptions in Wallpaper Carousel.

• Location information (only for specific services/features): various types of information on your precise or approximate location if you use location-related services (navigation, weather, Find device, etc.). This information might include region, country code, city code, mobile network code, mobile country code, cell identity, longitude and latitude information, time zone settings, and language settings. You can restrict individual apps' access to location information at any time in Settings > Apps > Permissions > Permissions > Location.

• Log information: information related to your use of certain features, apps, and websites. This might include cookies and other identifier technologies, IP addresses, network request information, temporary message history, standard system logs, crash information, and log information generated by using a service (such as registration time, access time, activity time, etc.).

• Other information: environmental characteristics value (ECV) (i.e. value generated from Xiaomi Account ID, device ID, connected Wi-Fi ID, and location information).

1.1.3 Information from third-party sources

When permitted by law, we will collect information about you from third-party sources. For example:

• For certain services that might include account and financial transactions, with your authorization, we may validate the information provided by you (such as phone number) through legitimate third-party sources for security and fraud prevention purposes;

• Advertising model optimization is performed through designated unique identifiers (such as IMEI/OAID/GAID obtained from advertisers) and, under certain circumstances, partial conversion performance data (such as clicks) corresponding to your use of advertising services will also be used to provide advertising services.

• We may also obtain certain information such as account ID, nickname, profile photo, and email address from third-party social network services (e.g. when you use a social network account to sign in to a Xiaomi service).

• Information about you that others provide to us, such as your delivery address that another user may provide to us when they buy products for you via mi.com services.

1.1.4 Non-personally identifiable information

We may also collect other types of information which are not directly or indirectly linked to an individual and which may not be defined as personal information according to applicable local laws. Such information is called non-personally identifiable information. We may collect, use, transfer, and disclose non-personally identifiable information. Here are some examples of information that we collect and how we may use it in a non-personally identifiable aggregated format:

• This information may include statistical data generated when you use a specific service (e.g. non-identifiable device-related information, daily usage, page visits, page access duration, and session events);

• Network monitoring data (e.g. request time, number of requests or error requests, etc.);

• App crash events (e.g. the logs automatically generated after an app crashes).

The purpose of such collection is to improve the services we provide to you. The type and amount of information collected depends on how you use our products and/or services.

We aggregate this information to provide you with more useful information and understand which parts of our websites, products, and services you are most interested in. For example, we may need to know the number of users who are active in a day, but don't need to know who is active in that day, and thus aggregated data is enough for statistical analysis. We will endeavor to isolate your personal data from non-personally identifiable information and ensure that the two types of data are used separately. However, if we combine non-personally identifiable information with personal information, such combined information will be treated as personal information for as long as it remains combined.

1.2 How we use the personal information that we collect

The purpose of collecting personal information is to provide you with products and/or services, and to ensure that we comply with applicable laws, regulations and other regulatory requirements. This involves:

• Providing, processing, maintaining, improving, and developing our products and/or services to you, such as delivery, activation, verification, after-sales support, customer support, and advertising.

• Implementing and maintaining security safeguards for the purpose of preventing loss and fraud, such as identifying users and verifying user identity. We use your information for anti-fraud purposes only when the following two conditions are met: it is necessary, and the data used for evaluation is in accordance with the legitimate interests of Xiaomi to protect users and services.

• Handling your questions or requests about devices and services, such as answering customer inquiries, sending system and app notifications, and managing your involvement in events and promotions (e.g. sweepstakes).

• Conducting relevant promotional activities, such as providing marketing and promotional materials and updates. If you no longer wish to receive certain types of promotional materials, you may opt out by the method provided in the message (such as the unsubscribe link at the bottom of the message) unless otherwise specified under applicable laws. Please also see "Your rights" below.

• Internal purposes, such as data analysis, research, and development of statistical information related to the use of our products or services to improve our products or services. For example, machine learning or model algorithm training is performed after de-identification processing.

• Optimizing the performance of your device, such as analyzing the memory usage or the CPU utilization of your apps.

• Storing and maintaining information related to you for our business operations (such as business statistics) or for fulfilling our legal obligations.

• Processing based on the legitimate interests of Xiaomi (in applicable jurisdictions, for example under GDPR). Legitimate interests include enabling us to more effectively manage and operate our business and provide our products and services; protecting the security of our businesses, systems, products, services, and customers (including for loss prevention and anti-fraud purposes); internal management; complying with internal policies and processes; and other legitimate interests described in this policy.

For example, to ensure the security of our services, and to help us further understand the performance of our apps, we may record relevant information, such as the frequency of your usage, crash log information, overall usage, performance data, and app source. To prevent unauthorized vendors from unlocking devices, we may collect the Xiaomi Account ID, serial number and IP address of the operated computer and the serial number and device info of your mobile device.

• Providing services locally on terminal devices that do not require communication with our servers, such as using Notes on your device.

• Other purposes with your consent.

Here are more detailed examples on how we use your information (which may include personal information):

• Activating and registering your purchased Xiaomi products or services for you.

• Creating and maintaining your Xiaomi Account. Personal information collected when you create a Xiaomi Account on our websites or through our mobile devices is used to create the personal Xiaomi Account and profile page for you.

• Processing your purchase order. Information related to e-commerce orders is used for processing the purchase order and related after-sales services, including customer support and re-delivery. In addition, the order number will be used to cross-check the order with the delivery partner as well as to record the delivery of the parcel. Recipient information, including name, address, phone number, and postal code will be used for delivery purposes. Your email address is used to send you parcel tracking information. A list of purchased items is used for printing an invoice and enables the customer to see which items are in the parcel.

• Participating in Xiaomi Community. Personal information related to Xiaomi Community or other Xiaomi internet platforms may be used for profile page display, interaction with other users, and participating in Xiaomi Community.

• Providing system services. The following information is used to activate system services: device or SIM card-related information including GAID number, IMEI number, IMSI number, phone number, device ID, device operating system, MAC address, device type, system and performance information, and location information including mobile country code, mobile network code, location area code, and cell identity.

• Diagnosing activation failures. Location-related information is used to access SIM card activation failure (e.g. Short Message Service (SMS) gateways and network failures) to identify the network operator of the service, and to notify the network operator of that failure.

• Providing other system services. Information collected when you use a Xiaomi system service is used to perform the functions of that service and provide service optimization, such as downloading, updating, registering, executing, or optimizing activities related to system services. For example, personal information collected by Themes may provide personalized theme recommendation services based on your downloading and browsing history.

• Finding your device. If your device is lost or stolen, Xiaomi's Find device feature can help you find and secure it. You can locate your device on a map using its location information, erase data remotely, or lock the device. When using the Find device feature, location information is captured from the device; in some situations, this information is obtained from cell towers or Wi-Fi hotspots. You can turn this feature on or off at any time in Settings > Xiaomi Account > Xiaomi Cloud > Find device.

• Recording location information in photos. You can record your location information while taking a photo. This information will be visible within your photo folders and the location will be saved in the metadata of your photos. If you do not wish to have your location recorded while taking a photo, you can turn this off at any time within the camera settings of the device.

• Providing messaging features (e.g. Mi Talk, Mi Message). If you download and use Mi Talk, information collected by Mi Talk may be used for activating this service and identifying the user and message recipient. In addition, chat history is stored for the convenience of re-loading chat history after a user has re-installed the app and for synchronization across devices. Information such as the sender's and recipient's phone numbers and Mi Message IDs may be used for Mi Message in order to activate the service and enable its basic functionality, including routing of messages.

• Providing location-based services. In the course of using Xiaomi system services, location information may also be used by us or third party service providers and business partners (for more information see "How we share, transfer, and publicly disclose your personal information" below) to provide you with the service and provide accurate details about that location (such as weather details) as part of the Android platform for the best possible user experience. You may turn off location services in Settings or turn off the use of location services for individual apps at any time.

• Improving user experience through data, hardware, and software analysis. Some opt-in features, such as the User Experience Program, allow Xiaomi to analyze data about how users use the mobile phone, Xiaomi system services, and other services provided by Xiaomi, so as to improve user experience, such as sending crash reports. Xiaomi shall also conduct hardware and software analysis to further improve user experience.

• Providing the Security feature. Information collected may be used for security and system upkeep features in the Security app, such as Security scan, Battery saver, Blocklist, Cleaner, etc. Some of these features are operated by third party service providers and/or our business partners (for more information see "How we share, transfer, and publicly disclose your personal information" below). Information which is not personal information, like virus definition lists, is used for Security scan functions.

• Providing push service. Xiaomi Account ID, GAID, FCM token, Android ID, and Space ID (only on Xiaomi devices with Second space feature turned on) will also be used to provide the Xiaomi push service and Xiaomi notification services to evaluate advertising performance and send notifications from the system about software updates or new product announcements, including information about sales and promotions. To provide the above service to you, relevant app information (app version ID, app package name), and relevant device information (model, brand) will also be collected. We may use your personal information for the purpose of sending you push messages (whether by messaging within our services, by email, or by other means) that offer or advertise our products and services and/or the products and services of selected third parties. This is only done with your consent, where required under applicable laws. You may opt out from receiving marketing information from us and third parties at any time by changing your preferences in Settings, or managing your preferences through the third-party app/website that uses Xiaomi push. Please also see "Your rights" below.

• Verifying user identity. Xiaomi uses ECV to verify user identity and avoid unauthorized sign-in.

• Collecting user feedback. The feedback you choose to provide is valuable in helping Xiaomi make improvements to our services. In order to follow up on the feedback you have chosen to provide, Xiaomi may correspond with you using the personal information that you have provided and keep records of this correspondence for problem solving and service improvement.

• Sending notices. From time to time, we may use your personal information to send important notices, such as notices about purchases and changes to our terms, conditions, and policies. Since such information is critical to your interaction with Xiaomi, we strongly recommend agreeing to the receipt of these notices.

• Conducting promotional activities. If you enter into a sweepstake, contest, or similar promotion through Xiaomi's social media platforms, we may use the personal information you provide to send you prizes.

• Providing personalized services and content, including ads. To protect your privacy, we use a unique identifier rather than your name, email, or other information by which you can be directly identified, to provide you with personalized products, services, and activities, including advertising.

We may combine this information with other information (including information across different services or devices such as computers, mobile phones, smart TVs, and other connected devices) to provide and improve our products, services, content, and advertising.

For example, we may use your Xiaomi Account details in all services you use that require a Xiaomi Account. Furthermore, in order to improve your experience and our services, while complying with relevant laws and regulations and (where required) with your consent, we may sort out information from different products, services, or equipment from you or related to you to form a label, which will be used to provide suggestions, customized content, and personalized features.

Personalized ads would, for example, be provided based on your activities, usage, and preferences related to our apps and services. We create profiles by analyzing the aforementioned information and building segments (groups with specific shared characteristics) and by putting your personal information in one or more segments. Targeted advertising is only done with your consent, where required under applicable laws. You have the right to opt out from receiving personalized advertisements and to object to profiling, including that carried out for direct marketing purposes, at any time.

According to the reasons for the aforementioned combination and the requirements of applicable laws, we will provide you with specific control mechanisms for such segmentation and personalization. You have the right to opt out of receiving direct marketing from us and automated decision-making. In order to exercise these rights, you can turn these features on or off at any time in Settings > Passwords & security > Privacy > Ad services or Settings > Passwords & security > System security > Ad services, or you can contact us via https://privacy.mi.com/support, or refer to the control mechanisms described in the separate privacy policy for each product. Please also see "Your rights" below.

2. How we use cookies and other technologies

Technologies such as cookies, web beacons, and pixel tags are used by Xiaomi and our third party service providers and business partners (for more information see "How we share, transfer, and publicly disclose your personal information" below). These technologies are used for analyzing trends, administering the site, tracking users' movements around the website, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis. These technologies help us better understand users' behavior, tell us which parts of our websites people have visited, and facilitate and measure the effectiveness of advertisements and web searches.

• Log files: As true of most websites, we gather certain information and store it in log files. This information may include IP address, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do not link this automatically collected data to other information we gather about you.

• Local storage – HTML5/Flash: We use Local Storage Objects (LSOs) such as HTML5 or Flash to store content and preferences. Third parties with whom we partner to provide certain features on our sites or to display advertising based upon your web browsing activity also use HTML5 or Flash cookies to collect and store information. Various browsers may offer their own management tool for removing HTML5 LSOs. You can click here to manage your Flash Cookies.

• Advertising cookies: We partner with our third party service providers and business partners (for more information see "How we share, transfer, and publicly disclose your personal information" below) to either display advertising on our website or to manage our advertising on other sites. Our third party service providers and business partners may use advertising cookies to collect information about your online activities and interests and provide you with advertisements that correlate most highly to your profile and interests. We will obtain your prior explicit consent and involve a clear affirmative action before providing this advertising service to you. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt out by changing your cookie settings. http://preferences-mgr.truste.com.

• Mobile analytics: Within some of our mobile apps we use analytics cookies to collect information about how visitors use our website. These cookies collect information such as how often you use the app, the events that occur within the app, aggregated usage, performance data, and where crashes occur within the app. We do not link the information we store within the analytics software to any personal information you submit within the app.

3. How we share, transfer, and publicly disclose your personal information

3.1 Sharing

We do not sell any personal information to third parties.

We may sometimes share your personal information with third parties (as described below) in order to provide or improve our products or services, including offering products or services based on your requirements. Further information about data sharing is set out below.

3.1.1 Sharing that you actively choose or request

With your consent or at your request, we will share your personal information within the scope of your consent/request with specific third parties designated by you, such as when you use the Xiaomi Account to sign in to a third-party website or app.

3.1.2 Sharing information with our group

In order to successfully conduct business operations and to provide you with all the features of our products or services, we may share your personal information from time to time with other Xiaomi affiliates.

3.1.3 Sharing with our group's ecosystem companies

Xiaomi works together with a group of companies forming the Xiaomi Ecosystem. Xiaomi Ecosystem companies are independent entities, invested in and incubated by Xiaomi, and are experts in their fields. Xiaomi may disclose your personal information to Ecosystem companies to provide you with and improve the existing products and services (both hardware and software) from Ecosystem companies. Some of these products or services will still be under the Xiaomi brand, while others may use their own brand. Ecosystem companies may share information with Xiaomi from time to time in relation to products or services under the Xiaomi brand with Xiaomi to provide hardware and software services, bringing better features and user experience. Xiaomi will take appropriate management and technical measures to ensure the security of your personal information processing, including but not limited to the encryption of your personal information.

3.1.4 Sharing with third-party service providers and business partners

To help us provide you with the products and services described in this Privacy Policy, we may, where necessary, share your personal information with our third-party service providers and business partners.

This includes our delivery service providers, data centers, data storage facilities, customer service providers, advertising and marketing service providers, and other business partners. These third parties may process your personal information on Xiaomi's behalf or for one or more of the purposes of this Privacy Policy. We are committed to ensuring that the sharing of personal information necessary for providing services to you is solely for legitimate, legal, necessary, specific, and explicit purposes. Xiaomi will conduct due diligence and have contracts in place to ensure that third-party service providers comply with the applicable privacy laws in your jurisdiction. There may be occasions that third-party service providers have their sub-processors.

To provide performance measurement, analysis, and other business services, we may also share information (non-personal information) with third parties (such as advertisers on our websites) in aggregated form. We use the information we have to help advertisers and other business partners evaluate the effectiveness and coverage of their advertising and services, and understand the types of people who use their services and how people interact with their websites, apps, and services. We may also share general usage trends of our services with them, such as the number of customers in a particular group of people who purchase certain products or engage in certain transactions.

3.1.5 Other

In accordance with legal requirements, legal procedures, litigation, and/or requests from public agencies and government agencies, Xiaomi may need to disclose your personal information. If the disclosure is necessary or appropriate for national security, law enforcement, or other matters of public importance, we may also disclose information about you.

In order to enforce our terms or protect our business, rights, assets, or products, or to protect users, or if the disclosure is reasonably necessary for the following purposes (detecting, preventing, or resolving fraud, unauthorized use of the product, violations of our terms or policies, or other harmful or illegal activities), we may also disclose information about you. Xiaomi may collect, use, or disclose your personal information if it is and only to the extent it is permitted under applicable data protection laws. This may include providing your personal information to public or government agencies, or communicating with third-party partners about the reliability of your account to prevent fraud, violations, and other harmful behaviors.

In addition, we may share your personal information with:

• Our accountants, auditors, lawyers, or similar advisers when we ask them to provide us with professional advice;

• Investors and other relevant third parties in the event of an actual or potential sale or other corporate transaction related to an entity in the Xiaomi Group; and

• Other third parties as detailed in this Privacy Policy or otherwise notified to you, including if authorized by you to do so in relation to a specific disclosure.

3.2 Transfer

Xiaomi will not transfer your information to any subject except in the following cases:

• Where we have obtained your explicit consent;

• If Xiaomi is involved in the merger, acquisition, or sale of all or part of its assets that may affect your personal information, we will notify you of any changes in the ownership, use, and any choice you may have regarding your personal information by email and/or by posting a prominent notice on our websites or by other appropriate means;

• In the circumstances explained in this Privacy Policy or by otherwise notifying you.

3.3 Public disclosure

Xiaomi may publicly disclose your personal information under the following circumstances:

• Where we need to announce a winner of a promotion, competition, or sweepstake, in which case we only publish limited information;

• Where we have obtained your explicit consent, or you have disclosed the information via our services such as on social media pages or public forums; and

• Public disclosure based on law or reasonable grounds: including laws and regulations, legal procedures, litigation, or at the request of the competent government departments.

4. How we store and protect your personal information

4.1 Xiaomi's security safeguards

We are committed to keeping your personal information secure. In order to prevent unauthorized access, disclosure, or other similar risks, we have put in place all legally required physical, electronic, and managerial procedures to safeguard and secure the information we collect on your mobile device and on Xiaomi websites. We will ensure that we safeguard your personal information in accordance with applicable laws.

For example, when you access your Xiaomi Account, you can choose to use our two-step verification program for better security, and we highly recommend that you do so. When your personal information is being transmitted between your Xiaomi device and our servers, we make sure the data is encrypted by using Transport Layer Security (TLS) and appropriate encryption algorithms.

All your personal information is stored on secure servers and protected in controlled facilities. We classify your information based on importance and sensitivity and ensure that your personal information has the required level of security. We have special access controls for cloud-based data storage, and we regularly review our information collection, storage, and processing practices, including physical security measures, to guard against any unauthorized access and use.

We conduct due diligence on business partners and third-party service providers to make sure that they are able to protect your personal information. We also check that appropriate security standards are maintained by these third parties by putting in place appropriate contractual restrictions, and where necessary, carrying out audits and assessments. In addition, our employees and those of our business partners and third-party service providers who access your personal information are subject to enforceable contractual obligations of confidentiality.

We conduct security and privacy protection training courses and tests to enhance our employees' awareness of the importance of protecting personal information. We will take all practicable and legally required steps to safeguard your personal information. However, you should be aware that the use of the Internet is not entirely secure, and for this reason, we cannot guarantee the security or integrity of any personal information when transferred from you or to you via the Internet.

We handle personal data breaches as required by applicable data protection law which includes, where required, notifying the breach to the relevant data protection supervisory authority and data subjects.

Our information security policies and procedures are designed with reference to international standards, and regularly pass third-party audits to verify their effectiveness. The Xiaomi information system has obtained ISO/IEC 27001:2013 certification for information security management systems (ISMS). The Xiaomi e-commerce and Mi Home/Xiaomi Home IoT platform have obtained ISO/IEC 27701:2019 certification for personal information management systems (PIMS). The Xiaomi operating system has obtained ISO/IEC 27018:2019 certification for public cloud personal information protection.

4.2 What you can do

You can set a unique password for Xiaomi services and not disclose your password or account information to anybody (unless such a person is duly authorized by you) to avoid password leaks to other websites which may harm your account security at Xiaomi. Whenever possible, do not disclose the verification codes you receive to anyone (including those who claim to be Xiaomi customer service). Whenever you sign in as a Xiaomi Account user on Xiaomi websites, particularly on somebody else's computer or on public Internet terminals, you should always sign out at the end of your session.

Xiaomi cannot be held responsible for lapses in security caused by a third party accessing your personal information as a result of your failure to keep your personal information private. Notwithstanding the foregoing, you must notify us immediately if there is any unauthorized use of your account by any other Internet user or any other breach of security. Your assistance will help us protect the privacy of your personal information.

4.3 Accessing other features on your device

Our apps may access certain features on your device such as enabling email to use contacts, SMS storage, and Wi-Fi network status. This information is used to allow the apps to run on your device and allow you to interact with them. You can turn off these features at any time on your device or by contacting us at https://privacy.mi.com/support.

4.4 Retention policy

We retain personal information for the period necessary for the purpose of the information collection described in this Privacy Policy or any separate privacy policy provided for a specific product or service, or as required by applicable laws. Detailed retention periods are specified in the specific service or related product page. We will cease to retain and delete or anonymize personal information once the purpose of collection is fulfilled, or after we confirm your request for erasure, or after we terminate the operation of the corresponding product or service. Where possible, we have indicated how long we typically retain identified categories, types, or items of personal data. When deciding on these retention periods, we took into account the following criteria:

• The amount, nature, and sensitivity of the personal information;

• The risk of harm from unauthorized use or disclosure;

• The purposes for which we process the personal information and how long we need the particular data to achieve these purposes;

• For how long the personal information is likely to remain accurate and up to date;

• For how long the personal information might be relevant to possible future legal claims; and

• Any applicable legal, accounting, reporting, or regulatory requirements that specify how long certain records must be kept.

Depending on your jurisdiction, there may be an exception to this for personal information that we are processing for public interest, scientific, historical research, or statistical purposes. Xiaomi may continue to retain this type of information for longer than its standard retention period, where necessary and permitted based on applicable laws or your request, even if further data processing is not related to the original purpose of collection.

5. Your rights

You have the ability to control your personal information.

5.1 Controlling settings

Xiaomi recognizes that privacy concerns differ from person to person. Therefore, we provide examples of ways Xiaomi makes available to you to restrict the collection, use, disclosure, or processing of your personal information and control your privacy settings:

• Turn the User Experience Program and location access feature on or off;

• Sign in or out of the Xiaomi Account;

• Turn Xiaomi Cloud sync on or off;

• Delete any information stored in Xiaomi Cloud on https://i.mi.com.

• Turn on or off other services and features which deal with sensitive or personal information. You may obtain more details related to your device's security status in the Security app as well.

If you previously agreed to us using your personal information for the purposes stated above, you can contact us on https://privacy.mi.com/support to change your preferences.

5.2 Your rights to your personal information

Depending on applicable laws and regulations, you may have the right to access, rectification, erasure (and certain other rights) in relation to personal information that we hold about you (hereinafter referred to as the request). These rights will be subject to specific exclusions and exceptions under applicable laws.

You may also access and update the details relating to the personal information in your Xiaomi Account at https://account.xiaomi.com or by signing in to your account on your device. For additional information, please contact us on https://privacy.mi.com/support.

It will help us to process your request most efficiently if it meets the following conditions:

(1) The request is submitted through Xiaomi's exclusive request channel detailed above and for the protection of your information security, your request should be in writing (unless the local law explicitly recognizes the oral request);

(2) You provide sufficient information to enable Xiaomi to verify your identity and ensure that you are the data subject or legally authorized to act on the data subject's behalf.

Once we obtain sufficient information to confirm that your request can be processed, we shall proceed to respond to your request within any timeframe set out under your applicable data protection laws.

In detail:

• You have the right to be provided with clear, transparent and easily understandable information about how we use your personal information and your rights. This is why we are providing you with the information in this Privacy Policy.

• Based on the requirements of applicable laws, a copy of your personal information collected and processed by us will be provided to you upon your request free of charge. For any extra requests for relevant information, we may charge a reasonable fee based on actual administrative costs according to and if permitted by the applicable laws.

• If any information we are holding on you is incorrect or incomplete, you are entitled to have your personal information corrected or completed based on the purpose of use.

• Based on the requirements of applicable laws, you have the right to request the deletion or removal of your personal information where there is no compelling reason for us to keep using it. We shall consider the grounds regarding your erasure request and take reasonable steps, including technical measures. Please note that we may not be able to immediately remove the information from the backup system due to applicable law and/or technological limitations. If this is the case, we will securely store your personal information and isolate it from any further processing until the backup can be deleted or be made anonymous.

• You have the right to object to certain types of processing, including processing for direct marketing (including where profiling is used), and under certain circumstances where the legal basis for processing (including profiling) is in our legitimate interests.

Particularly under the laws of some jurisdictions:

• You have the right to request us to restrict the processing of your personal information. We shall consider the grounds regarding your restriction request. If the grounds apply under the GDPR, we shall only process your personal information under applicable circumstances under the GDPR and inform you before the restriction of processing is lifted.

• You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

• You have the right to apply for your personal information in a structured, commonly used format and transmit the information to another data controller (data portability).

We have the right to refuse to process requests or only comply in part with requests where an exemption applies or we are otherwise entitled to do so under applicable laws, such as if the request is manifestly unfounded or manifestly excessive or it would require the disclosure of information about third parties. In some circumstances, we may charge a fee, where permitted under applicable laws. If we believe that certain aspects of a request to delete the information may result in our inability to legally use the information for the establishment, exercise, or defense of legal claims or reasons permitted by applicable law, it may also be rejected.

5.3 Withdrawal of consent

You may withdraw your consent previously provided to us for a particular purpose by submitting a request, including collecting, using, and/or disclosing your personal information in our possession or control. Based on the specific service you are using, you can contact us on https://privacy.mi.com/support. We will process your request within a reasonable time from when the request was made, and thereafter not collect, use, and/or disclose your personal information as per your request.

Depending on the extent of your withdrawal of consent, please note that you may not be able to continue receiving the full benefit of Xiaomi's products and services. The withdrawal of your consent or authorization will not affect the validity of our processing carried out on the basis of the consent up until the point of withdrawal.

5.4 Canceling a service or account

If you wish to cancel a specific product or service, you can contact us via https://privacy.mi.com/support.

If you wish to cancel the Xiaomi Account, please note that the cancellation will prevent you from using the full range of Xiaomi products and services. Cancellation may be prevented or delayed in certain circumstances. For example, if there still exist monies outstanding on your account such as unpaid Mi Music membership, paid themes in Themes, or unpaid loans in Mi Finance, etc., we cannot immediately support your request.

When you sign in to Xiaomi through a third-party account, you need to apply for cancellation of the account from the third party.

6. How your personal information is transferred globally

Xiaomi processes and backs up personal information through a global operating and control infrastructure. Currently, Xiaomi has data centers in China, India, the United States, Germany, Russia, and Singapore. For the purposes described in this Privacy Policy, your information may be transferred to these data centers in accordance with applicable law.

We may also transfer your personal information to third-party service providers and business partners and your data may therefore also be transmitted to other countries or regions. The jurisdiction in which these global facilities are located may or may not protect personal information to the same standards as in your jurisdiction. There are different risks under different data protection laws. However, this does not change our commitment to comply with this Privacy Policy and to protect your personal information.

In particular,

• The personal information that we collect and generate in operations on the Chinese mainland is stored in data centers located on the Chinese mainland, except for cross-border transmissions as permitted by applicable law.

• The personal information we collect and generate in our operations in Russia is processed and stored in data centers located in Russia, except for cross-border transmissions permitted under Russian law.

• The personal information we collect and generate in operations in India is stored in data centers located in India.

If we need to transfer personal information outside of your jurisdiction, whether to our affiliates or third-party service providers, we will comply with related applicable laws. We ensure that all such transfers meet the requirements of applicable local data protection laws by implementing uniform safeguards. You can contact us on https://privacy.mi.com/support to learn more about our security mechanisms.

If you use our products and services in the area of the European Economic Area (EEA), Xiaomi Technology Netherlands B.V. will act as the data controller and Xiaomi Singapore Pte. Ltd. will be responsible for the data processing. Contact details can be found in the "Contact us" section.

If Xiaomi shares personal data originating from you in the EEA to a Xiaomi Group entity or a third party service provider outside the EEA, we will do so on the basis of EU standard contractual clauses or any other safeguards provided for in the GDPR. You can contact us on https://privacy.mi.com/support to learn more about our security mechanisms or request a copy of our standard contractual clauses.

7. Protection of minors

We consider it the responsibility of the parent or guardian to supervise the child's use of our products or services. However, we do not offer services directly to children or use personal information of children for the purposes of marketing.

If you are a parent or guardian and you believe that a minor has provided Xiaomi with personal information, please contact us via https://privacy.mi.com/support to ensure that the personal information is removed immediately and that the minor is unsubscribed from any applicable Xiaomi services.

8. Third-party websites and services

Our Privacy Policy does not apply to products or services offered by a third party. Depending on the Xiaomi product or service you use, it may incorporate third parties' products or services involving voice support, camera processing, video playback, system cleaning and security-related services, gaming, statistics, social media interaction, payment processing, map navigation, sharing, push, information filtering, input methods, etc. Some of these will be provided in the form of links to third parties' websites, and some will be accessed in the form of SDKs, APIs, etc. Your information may also be collected when you use these products or services. For this reason, we strongly suggest that you take the time to read the third party's privacy policy just like you read ours. We are not responsible for and cannot control how third parties use personal information which they collect from you. Our Privacy Policy does not apply to other sites linked from our services.

The following are examples of what third-party terms and privacy policies may apply when you use the specific products listed above:

When you use a third-party check-out service provider to finalize and pay for your order, the personal information that you provide during check out is handled in accordance with the third party's privacy policy.

When you use the Security scan feature in the Security app, one of the following will apply, depending on your choice of service:

• Avast's Privacy and Information Security Policy: https://www.avast.com/privacy-policy

• Antiy Mobile Security AVL SDK's Privacy Policy: https://www.avlsec.com/en/privacy-policy

• Tencent's Privacy Policy: https://privacy.qq.com/

When you use the Cleaner feature in the Security app, Tencent's Privacy Policy applies: https://privacy.qq.com

When you use the advertising services in several specific system apps, one of the following will apply, depending on your choice of service:

• Google's Privacy Policy: https://www.google.com/policies/privacy

• Facebook's Privacy Policy: https://www.facebook.com/about/privacy/update?ref=old_policy

When you use the Google Input Method, the Google Privacy Policy applies: https://policies.google.com/privacy

When we analyze statistics, monitor the app crash rate, and provide cloud control capabilities, we use Google Analytics for Firebase or Firebase Analytics provided by Google, Inc. You can read more about the Google Firebase Privacy Policy: https://policies.google.com/privacy and https://www.google.com/policies/privacy/partners.

To serve ads in any Xiaomi system apps, the third-party advertising partners may collect data generated from your online activities, such as your ad clicks and content views, or other activities across websites or apps.

• Google's Privacy Policy: https://www.google.com/policies/privacy

• Facebook's Privacy Policy: https://www.facebook.com/about/privacy/update?ref=old_policy

• Unity's Privacy Policy: https://unity3d.com/legal/privacy-policy

• Vungle's Privacy Policy: https://vungle.com/privacy/

• ironSource's Privacy Policy: https://developers.ironsrc.com/ironsource-mobile/air/ironsource-mobile-privacy-policy/

• AppLovin's Privacy Policy: https://www.applovin.com/privacy/

• Chartboost's Privacy Policy: https://answers.chartboost.com/en-us/articles/200780269

• Mopub's Privacy Policy: https://www.mopub.com/legal/privacy/

• Mytarget's Privacy Policy: https://legal.my.com/us/mail/privacy_nonEU/

• Yandex's Privacy Policy: https://yandex.com/legal/privacy/

• Tapjoy's Privacy Policy: https://www.tapjoy.com/legal/advertisers/privacy-policy/

• AdColony's Privacy Policy: https://www.adcolony.com/privacy-policy/

We may collect and share your information with third-party attribution companies in accordance with our advertising partners' instructions to generate reports for our advertising partners, including the metrics of your interaction with our ads (if any). Depending on the system apps you use, the third-party attribution companies may include:

• Adjust's Privacy Policy: https://www.adjust.com/terms/privacy-policy/

• Appsflyer's Privacy Policy: https://www.appsflyer.com/privacy-policy/

• Affise's Privacy Policy: https://affise.com/privacy-policy/

• Miaozhen's Privacy Policy: https://www.miaozhen.com/en/privacy

• Nielsen's Privacy Policy: https://www.nielsen.com/cn/en/legal/privacy-policy/

9. How we update this Privacy Policy

We review this Privacy Policy periodically based on changes in business, technology, applicable law, and best practices, and we may update this Privacy Policy. If we make a material change to this Privacy Policy, we will notify you via your registered contact information such as email (sent to the email address specified in your account), publish on Xiaomi websites, or notify you via mobile devices so that you can learn about the information we collect and how we use it. Such changes to the Privacy Policy will apply from the effective date specified in the notice or website. We encourage you to check this page regularly for the latest information on our privacy practices. Your continued use of the products and services on the website, mobile, and/or any other device will be subject to the updated Privacy Policy. Where required by applicable laws, we will ask for your explicit consent when we collect additional personal information from you or when we use or disclose your personal information for new purposes.

10. Contact us

If you have any comments or questions about this Privacy Policy or any questions relating to Xiaomi's collection, use, or disclosure of your personal information, contact us via https://privacy.mi.com/support or at the address below. When we receive privacy or personal information requests about accessing or downloading personal information, we have a professional team to solve your problems. If your question itself involves a significant issue, we may ask you for more information.

If you are not satisfied with the response you received from us in relation to your personal information, you can hand over the complaint to the relevant data protection regulatory authorities in your jurisdiction. If you consult us, we will provide information on the relevant complaint channels that may be applicable based on your actual situation.

Xiaomi Communications Co., Ltd. #019, 9th Floor, Building 6, 33 Xi'erqi Middle Road, Haidian District, Beijing, China 100085

Xiaomi Singapore Pte. Ltd. 20 Cross Street, China Court #02-12 Singapore 048422

For users in India:

Xiaomi Technology India Private Limited Building Orchid, Block E, Embassy Tech Village, Outer Ring Road, Devarabisanahalli, Bengaluru, Karnataka - 560103, India

Any discrepancies and grievances with respect to processing of sensitive personal data or information shall be informed to the designated Grievance Officer as mentioned below:

Name: Vishwanath C

Telephone: 080 6885 6286, Mon-Sat 9 AM to 6 PM

Email: grievance.officer@xiaomi.com

For users in the European Economic Area (EEA):

Xiaomi Technology Netherlands B.V. Prinses Beatrixlaan 582, The Hague 2595BM Netherlands

Thank you for taking the time to read our Privacy Policy!

What's new to you

We have made several updates as follows:

• We have updated some of our contact details.

• We have updated some of the information that is collected by us and by third parties.

• We have more clearly set out how we use non-personally identifiable information.

• We have updated how we use your personal information, including setting out in more detail when we process personal information based on our legitimate interests and in relation to your use of push services.

• We have provided further detail about data retention.

• We have more clearly set out your rights to your personal information.