Privacy Policy

Updated: January of 2024

Effective Date: January of 2024

 

This privacy policy (hereinafter referred to as “this policy”) applies only to nubiacanada.com (hereinafter referred to as “the website” or “we”).

ZTE Canada is authorized to manage this website. If you have any questions, comments, or suggestions, please contact us through the following means:

E-mail: Privacy@ztecanada.com

Company Name: ZTE Canada Inc.

Registered Address: 125 Commerce Valley Dr. W #502, Thornhill, ON L3T 7W4, CANADA

We understand the importance of personal data to you and will make every effort to ensure the security and reliability of your personal data. We promise to take appropriate security measures to protect your personal data in accordance with well-established security standards in the industry. The website does not collecting any personal data or using cookie to track your browsing behaviors. We list our general privacy policy as our statement to protect you while you are using our website or purchasing our products.

Please read and understand this Privacy Policy carefully before using our products or services.

This policy helps you understand the following:

  1. How we collect and use your personal data
  2. How we share, transfer, and disclose your personal data

III. How we protect your personal data

  1. Your Rights
  2. How we process the personal data of children
  3. How do we store your personal data

VII. How to update this policy

VIII. Contact us


I. How we collect and use your personal data

Personal data refers to the information that is recorded electronically or in other ways related to identified or identifiable natural persons, excluding the information after anonymization. Sensitive personal data refers to the personal data that may cause violation of personal dignity or damage to personal and property safety once it is disclosed or illegally used. It includes information such as biological identification, religious belief, specific identity, health care, financial accounts, traces, and personal data of minors under a certain age. (In this Policy, sensitive personal data involved will be highlighted in bold). We will collect and use your personal data only for the following purposes described in this policy:

Our website only displays brand images and content statically and does not collect any visitors' personal information.

If we want to use the information for other purposes not specified in this policy, we will seek your approval in advance. If we want to use the information collected for specific purposes for other purposes, we will seek your approval in advance.

If we need to process your sensitive personal data, we will elaborate on the necessity of processing the information and the impact on your rights and interests in accordance with the requirements of applicable laws and regulations and obtain your separate consent if necessary.

II. How we share, transfer and disclose your personal data

To ensure the security of your personal data, we shall follow the minimization principle and share, transfer, or disclose your personal data in accordance with applicable laws and requirements.

For the companies, organizations, and individuals that share personal data with us, we will take organizational and technical measures in accordance with the local laws and regulations and require them to process personal data in accordance with our security standards, this policy, and related confidentiality and security measures.

  1. Sharing

We will not share your personal data with any company, organization, or individuals, except in the following cases:

(1) After obtaining your separate consent, we will share your personal data with other parties.

(2) We may share your personal data in accordance with laws and regulations or mandatory requirements of government authorities.

We will sign strict confidentiality agreements with companies, organizations, and individuals with which we share personal data, and require them to process personal data in accordance with our instructions, this privacy policy, and any other relevant confidentiality and security measures.

  1. Transfer

We will not transfer your personal data to any company, organization or individual except in the following cases:

(1) Transfer with separate consent: After obtaining your separate consent, we will transfer your personal data to other parties.

(2) If personal data transfer is involved in a merger, division, dissolution, or bankruptcy, we will inform you of the name and contact information of the receiving party in a timely manner, and require the receiving party that hold your personal data to continue to be subject to this privacy policy. Otherwise, we will require the receiving party to re-request authorization from you.

  1. Public Disclosure

We will disclose your personal data only in the following cases:

(1) With your separate consent.

(2) Disclosure based on law: We may disclose your personal data in case of law, legal procedure, litigation, or mandatory requirements of government authorities.

III. How we protect your personal data

  1. We have taken the security protection measures that comply with industry standards to protect the personal data provided by you against unauthorized access, disclosure, tampering and loss. We will take all reasonable and feasible measures to protect your personal data.

We use encryption technologies to ensure data confidentiality. We use trusted protection mechanisms to prevent data from being maliciously attacked. We will deploy access control mechanisms to ensure that only authorized personnel can access personal data. In addition, we will hold a training course on security and privacy protection to enhance employees' awareness of the importance of personal data protection.

  1. We have obtained the following certifications:

Our headquarters in China and some of its subsidiaries have passed the ISO/IEC 27001:2013 information security certification and can effectively protect your personal data. Our terminal products, 5G products, core network products, digital technology products and human resource system have passed the ISO/IEC 27701:2019 privacy information management system certification. As the world's first 5G products that pass the ISO 27701 certification, our 5G products indicate that we are capable of providing global customers with secure and reliable 5G products and solutions that comply with relevant requirements and delivering high-quality 5G networks.

  1. Our data security capabilities:

We have been committed to protecting your personal data security.

We have taken various security measures, such as access control system, monitoring system, encryption, anonymization or pseudonymization, employee training and so forth, to protect your personal data from unauthorized access, disclosure, tampering or loss and other forms of illegal processing.

We have developed a business continuity plan to ensure that services can be provided continuously. Our information security policies and procedures are designed in strict accordance with international standards, and reviewed and updated regularly, and the effectiveness of the security management architecture and measures is ensured through regular third-party security audits. In case of personal data leakage, we will initiate an emergency plan, take effective measures to prevent the situation from getting worse, and notify the relevant supervisory authority and you in a timely manner.

  1. We will take all reasonable and feasible measures to ensure that irrelevant personal data is not collected. We will retain your personal data only for the period required to achieve the objectives specified in this policy unless the retention period needs to be extended or is permitted by law.
  2. The Internet is not absolutely secure, and most communications, such as emails and instant messaging, are not encrypted. We strongly recommend that you do not send personal data through such means. Please use a complicated password to help us ensure the security of your account.
  3. The Internet environment is not 100 percent secure. We will do our best to ensure or guarantee the security of any information you send us. If our physical, technical or management protection facilities are damaged, which results in unauthorized access, disclosure, tampering or loss of your personal data that affects your legal rights and interests, we shall assume the corresponding legal responsibilities.
  4. If personal data security incident occurs, we will inform you of the basic situation and possible impact of the security incident in a timely manner, the remedial measures we have taken or will take, measures that you can take to mitigate risks., remedial measures for you and our contact methods. We will inform you of the incident by email, letter, telephone, or notification in a timely manner. If it is difficult to inform the subjects of personal data one by one, we will release the notice in a reasonable and effective manner.

In addition, we will actively report the handling of personal data security incidents in accordance with the requirements of the regulatory department.

IV. Your rights

In accordance with personal data protection laws, regulations, standards, and common practices in other countries and regions, we guarantee that you have the following rights over your personal data:

  1. Access to your personal data

You have the right to access your personal data, except for exceptions as required by laws and regulations.

The website does not collect any visitors' personal information, so we cannot provide you with the way to access to your personal data.

  1. Correct and supplement your personal data

When you find that your personal data processed by us is incorrect, you have the right to correct and supplement your personal data.

The website does not collect any visitors' personal information, so we cannot provide you with the way to correct and supplement your personal data.

  1. Delete your personal data

You can delete your personal data in the following cases:

(1) we violated laws and regulations.

(2) we violated this policy.

(3) the purposes for which the personal data is processed as stipulated in this policy are achieved or cannot be achieved, or the personal data is no longer necessary for the purposes.

(4) you will not use our products or services any longer, or your account is canceled.

(5) you changed the scope of authorization that we have no right to process your personal data.

(6) we do not provide products or services for you, or the storage period expires.

Once you have deleted your personal data, we will also notify the entities that obtain your personal data from us and require them to delete your personal data in a timely manner, unless required by other laws and regulations, or these entities obtain your independent authorization. After your personal data is deleted, due to the limitations of applicable laws and regulations and safety technologies, we may not immediately delete the corresponding information in the backup system, but we will securely store your personal data, restrict further processing of it, and delete it during the backup update.

  1. Change the scope of your authorization

The website does not collect any visitors' personal information, and we cannot provide you the way to change your authorization.

Please understand that each business function can be implemented only after some basic personal data is obtained. When you withdraw your permission or authorization, we cannot provide you with the corresponding service. If the information is necessary for us to fulfill our obligations under laws and regulations or to provide major services, we may not be able to respond to your request or the normal use of our services will be affected. After you withdraw your consent, we will not process the corresponding personal data. However, your decision to withdraw your consent will not affect the previous processing of personal data based on your authorization.

  1. Cancel your accounts.

There is no need to register an account to use this website, so there is no way to register or cancel an account in the application.

  1. Copy and transfer your personal data.

You have the right to obtain a copy of your personal data.

The website does not collect any visitors' personal information, so we cannot provide you the way to copy or transfer your personal data.

  1. Restrain automatic decision-making of the information system

In some business functions, we may make decisions only based on non-manual automatic decision-making mechanisms such as information systems and algorithms. If these decisions have a significant impact on your legal rights and interests, you have the right to ask us for an explanation, and we will provide appropriate relief methods.

  1. Respond to your above requests

If your request cannot be implemented through these links/methods, you can send an e-mail to Privacy@ztecanada.com. We will respond to your access request within 30 days.

To ensure security, you may need to provide a written request or prove your identity in other ways. We may ask you to verify your identity before processing your request, and we will respond within 30 days.

In principle, we do not charge for your reasonable requests, but we will charge for repeated requests that exceed a reasonable limit. We may reject requests that repeat unreasonably, require excessive technical means (for example, development of a new system or a fundamental change of current practice), and bring risks to other people's legitimate rights and interests or that are extremely impractical (for example, involving information stored on the backup tape).

We will not be able to respond to your request in accordance with laws and regulations if:

(1) The case is directly related to national security and national defense security.

(2) The case is directly related to public safety, public health, and major public interests.

(3) The case is directly related to any criminal investigation, prosecution, trial, and execution of a judgment.

(4) There is sufficient evidence that you have subjective malice or abuse of rights.

(5) Responding to your request will cause serious damage to the legal rights and interests of yours or other individuals' and organizations'.

(6) Business secrets are involved.

V. How we process the personal data of minors

Our website and services are for adults. If you are a minor, please invite your parents or other guardians to read this policy carefully and create your own user account or provide information to us with the consent of your parents or guardians.

Although local laws and customs define children differently, we regard anyone under 14 as a child. For the children's personal data collected with the consent of their parents or guardians, we will only use or disclose it as permitted by laws or with the express consent of the parents or guardians of laws or when it is necessary to protect the children. If we find that we have collected children's personal data without obtaining the consent of verifiable parents or guardians, we will try to delete the information as soon as possible.

VI. How do we store your personal data

1.Storage location and cross-border transfer of personal data

In principle, your personal data will be stored within the territory of . Because we provide products or services through resources and servers around the world, this means that, to the extent permitted by applicable laws and regulations and required for providing services,, your personal data may be transferred to an overseas jurisdiction of the country or area in which the products or services used by you are, or may be accessed from these jurisdictions. In this case, we will obtain your authorization and approval, inform you of the related information of the overseas recipient, and complete the cross-border transmission in accordance with the relevant laws and regulations on personal data protection.

2.personal data Storage Period

Unless otherwise specified in this Policy, we will retain your personal data within the period required to achieve the purposes described in this policy, unless as required by law that retention period need to be extended or be permitted by law. The data storage period may vary with different scenarios and products and services. The criteria for determining the retention period (the longer one prevails) include: the time when personal data needs to be retained for the purpose of the service which including the provision of products and services, maintenance of corresponding transaction and service records, control and improvement of product and service performance and quality, the guarantee of system, product and service security and respond to possible user queries or complaints; whether users agree to a longer retention period; and whether there are special requirements for keeping information such as laws and contracts.

After the storage period expires, we will delete your personal data or anonymize it according to the requirements of applicable laws and regulations.

VII. How to update this policy

Our privacy policy may change from time to time.

Without your express consent, we will not reduce your rights under this privacy policy.

We will release any changes to this policy on this page. For major changes, we will also provide more noticeable notifications (including notifications for some services, which will be sent via email to describe the specific changes in the privacy policy) and get your approval again in accordance with the requirements of applicable laws and regulations.

Major changes mentioned in this policy include but are not limited to the following situations:

  1. Our service model has significantly changed. For example, the purpose of processing personal data, the type of processed personal data, and the mode of using the personal data.
  2. Major changes have taken place in the ownership structure and organizational structure. Such as changes in owners caused by business adjustment or bankruptcy or mergers and acquisitions.
  3. The major objects of personal data sharing, transfer, or public disclosure are changed.
  4. Your right to participate in the processing of personal data and the way you exercise it have changed significantly.
  5. Our responsible department for personal data security, contact method, or complaint channel have changed.
  6. The personal data security impact assessment report indicates a high risk.

We will also archive the old version of this policy for your reference.

VIII. Contact us

We have established a special personal data protection department – Data Protection Compliance Dept.. If you have any questions, comments, or suggestions on this privacy policy, please feel free to send an email to us at Privacy@ztecanada.com, which will be replied within 30 days.

If you are unsatisfied with our response, especially when our personal data processing activities have damaged your legal rights and interests, you can seek solutions through the local data protection agency.