SPA LINK Privacy Policy
This policy applies only to products or services of SPA LINK App provided by SHANGHAI SUNSHINE DEVELOPMENT CO.,LTD. and its affiliates (hereinafter referred to as "Sunshine", "we", "our" or "us"), including the collection, use, disclosure, processing and protection of your information provided to us through the SPA LINK App in connection with our products and services.
If we ask you to provide certain information in order to verify your identity when using our products and services, we will use your personal information strictly in accordance with this Privacy Policy and Teams of Use.
Last update date: November 13th, 2023
Content version number: v1.12
We have updated our Privacy Policy, effective from June 10, 2022, to provide details about how we manage your personal information when using our products and services. Please read this Privacy Policy carefully, if you have any questions, comments or suggestions, please contact us at info@sunshine-shanghai.com.
This policy will help you understand the following contents:
Ⅰ. Rules for the collection and use of your personal information
Ⅱ. How we protect your personal information
Ⅲ. Your rights
Ⅳ. How your personal information is transferred globally
Ⅴ. How we process children's personal information
Ⅵ. Retention period of personal information
Ⅶ. How we update this Privacy Policy
Ⅷ. How to contact us
With profound understanding of the importance of personal information to you, Sunshine will make every effort to prevent your personal information from being leaked, damaged or lost. We are committed to maintaining your trust in us and abiding by the following principles to protect your personal information: the principle of consistency of rights and responsibilities, the principle of explicit purpose, the principle of consent, the principle of minimum sufficiency, the principle of security, the principle of subject participation and the principle of publicity and transparency, etc. Furthermore, Sunshine promises to take appropriate security measures to protect your personal information in accordance with the mature security standards in the industry.
Please read and understand this Privacy Policy carefully before using our products or services.
Ⅰ. Rules for the collection and use of your personal information
1. Definitions
In this Privacy Policy, some technical terms are defined as follows:
User personal information: refers to all kinds of information recorded in the electronic form or other forms, which can be used to identify a specific natural person or reflect the activities of a specific natural person, either independently or in combinations with other information that Sunshine can access, hereinafter referred to as "personal information".
Smart terminal: refers to products manufactured by hardware manufacturers, with Internet access function, data transmission capability and human-computer interaction interface, including smart home appliances, smart wearables and smart air purification devices. This refers particularly to the smart terminal that you purchase and use.
Application: refers to the mobile application (including the mobile client and mini program) developed by Sunshine, which can help users to control smart devices remotely and connect to Sunshine IoT platform.
2. What personal information we collect about you
We may collect some information related to you so that we can realize the functions of App. When you use the functions like login, adding devices and device control, we only collect the following types of personal information you provide to us:
(1) Personal account information
Scope of collection: We will obtain your mobile phone number or email address.
Purpose of collection: To create an SPA LINK App account.
(2) Handheld terminal or SIM card related information
Scope of collection: We will collect the information related to handheld terminals which you use SPA LINK App on, including device serial number, device MAC, software installation list, unique device identification code (such as IMEI/IMSI/OAID/Android ID/OPENUDID/GUID/ SIM card IMSI information], mobile phone model name, system version, system language, device manufacturer details, network operator details, address book, App running process information.
Purpose of collection: WiFi distribution network, adding devices through NFC and other services based on consumer's choice and consent.
(3) Smart terminal information
Scope of collection: We will collect the device information of relevant smart terminals bound to your account, such as MAC address, device ID (DID), serial number, device IMEI, SIM card IMSI information, time zone, network status (IP/ network signal), firmware version, App running process information.
Purpose of collection: To provide services including device connectivity, device control, device synchronization and device linkage.
(4) Login information
Scope of Collection: We will obtain the information about your other mobile applications and websites, such as cookies and other anonymous identifier technologies, IP address, network request information, temporary message history, standard system logs and system crash information, etc.
Purpose of collection: Third-party platform login, third-party authorized login and other services based on the choice and consent of consumers
(5) Account Credentials
Scope of Collection: We will obtain the information about your account credentials, such as passwords, password security questions and answers, etc.
Purpose of collection: To provide password resetting function.
There are 4 types of personal information in total.
3.You may choose to provide us with the following information or allow us to collect:
(1) Some personal account information:
Scope of collection: some of your SPA LINK App account information, such as your name, gender, avatar, address and other relevant setting information, and the information you provide when submitting user feedback and suggestions, including your email/mobile phone number, feedback content, problem log, etc.
Purpose of collection: To provide the services including account setting function, account information synchronization and feedback handling.
(2) Location information (only for specific services/functions)
Scope of collection: different types of information related to your location, such as area and country codes, city codes, mobile network codes, mobile device country codes, cell identification codes, area names, latitude and longitude information, time zone setting, and language setting.
Purpose of collection: To provide weather service, home address location setting service, and Geo-fencing service.
There are 2 types of personal information in total.
It is not necessary to operate the application with this information, but it plays an important role in improving service quality, using specific service/function, developing new product/service, etc. We may not force you to provide this information, and your withdrawal of consent will not have negative effect on the use of the main functions of this application.
4. When you use the following App functions, our App will apply to you for the following system permissions related to your personal information:
(1) Microphone permission: The functions of voice control and lighting equipment rhythm according to the ambient sound in the application will obtain sound information through the microphone of your mobile phone for analysis. All the original sound information will be processed on your mobile device and will not be stored and upload to external server.
(2) Camera permission: Scanning QR code, changing avatar, changing wallpaper and other functions in the app will be processed through the image captured by your phone's camera. We will erase the EXIF information of the avatar and wallpaper image and upload it to the server for storage. Next time you change your avatar, wallpaper, or log out of your account, the last saved information will be deleted.
(3) Permission to access albums: The functions such as changing avatars and changing wallpapers in the application will obtain image information from the album of your mobile phone for processing. We will erase the EXIF information of the avatars and wallpaper images you select and upload them to the server for saving. Next time you change your avatar, wallpaper, or log out of your account, the last saved information will be deleted.
(4) Permission to use geographic location: Editing home location information, scene geo-fencing and other functions in the app will request the geographic location information of your mobile phone and upload it to the server for storage. Next time you update home location information or edit a scene, it will be updated once and delete the last saved information.
(5) Permission to access the address book: The emergency contact function set in the app will request the address book information of your mobile phone for quick filling. The contact you selected will be uploaded to the server for storage. Next time you update the emergency contact information or when you log out of the account, the last saved information will be deleted.
(6) Bluetooth permission: The functions such as discovering Bluetooth devices, networking Bluetooth devices, obtaining Bluetooth device status, and controlling Bluetooth devices in the app will request the Bluetooth permission function of your mobile phone. We will only use Bluetooth in these functions to communicate.
(7) Storage permission: In order to ensure the stable operation of the application, we need the permission to read/write the storage of your device, and read/write necessary information such as pictures, files, crash log information, etc. in the storage space of your device, providing you with the ability to publish information or record crash log information locally.
There are 7 system permissions in total.
If you do not authorize, we will not be able to provide the application functions. In addition to the above permissions, you can choose whether to grant additional system permissions to the App.
5. Third-party SDK directory (third-party shared information list)
We will strictly test the access to the third-party SDK, and promptly and publicly explain the latest situation of the access to the SDK. For details, please refer to the official privacy policy of the third-party SDK.
Push Type
Jiguang Push SDK
Company: Shenzhen Hexun Huagu Information Technology Co., Ltd
Function: Message push
Type of personal data collected: System notification permissions, running process information, self start, association start, BSSID personal information.
Purpose of use: We use Jiguang Push as the push engine for cloud-to-end notification functionality in our app. Jiguang Push's automatic startup and association startup are used to improve the message delivery rate and provide timely message reminders for you. We will default to turning on the association startup function to maintain the app's activity. If you do not want to enable this function, we recommend that you manually turn it off. The general path for turning it off is: Settings - Applications - Application Startup Management - Select the "SPA LINK" application - Turn off the association startup function.
The Link of Privacy Policy: https://www.jiguang.cn/en/license/privacy
Weather Type
QWeather (API)
Company: Hefeng Internet Technology (Beijing) Co., Ltd.
Function: Home page weather display, Automatic scene
Type of personal data collected: Location Information
Purpose of use: We use QWeather to provide users with weather services, including local weather service display, and changes in weather conditions to trigger device linkage and other functions.
The Link of Privacy Policy: https://www.qweather.com/en/terms/privacy
Basic Function Types
Log monitoring SDK
Function: Exception collection
Type of personal data collected: Error log information, temperature sensor information (including obtaining the current battery temperature and battery power of the user's mobile phone), model information (including screen size, model, model, system and resolution).
Purpose of use: It is used to locate the model and situation of user problems, collect abnormal logs, monitor errors and extract all useful information for analysis, and no longer rely on user feedback to locate problems.
The purpose of collecting user behavior data is to improve the user experience, use the best hardware assistance and third-party company products, and provide users with high-quality services.We will take all reasonable and essential measures to ensure the security storage of your data. In addition, we limit access to user behavior data to only those employees, vendors and other third parties with a business need. They will only statistically analyze user behavior data under our guidance and they are bound by a duty of confidentiality.Please note that when using our App, you have read, understood and agreed to accept the data collection, and this regulation is valid throughout your use of the App. If you do not agree to these terms, you shall immediately stop the use of the App and services.
6. How we use your personal information
For the necessary personal information, we will use it to provide the main functions of the application, including
(1) Creating your SPA LINK account: Your personal information will be collected and used to establish your personal account and profile page when you create an account through the website or the mobile device.
(2) Device access: When the device operates through the App, the authenticity of the device needs to be verified. Therefore, we will need to verify the legal identity of the device by verifying the MAC and DID information. In addition, when the device needs to connect to the network, it needs corresponding network settings through the App. In this process, you need to enter the Wi-Fi name and password. This information is only used for the device to configure the network. The Wi-Fi and password data you fill in will be encrypted and stored locally on the device and will not be uploaded to the server. You can enter the device at any time to delete the information. At the same time, we need to select the optimal networking method for the device by judging IP and network signals to ensure the stability of the device's networking.
(3) Device status display: It allows you to view the device status remotely, so that you can always check the operation of the device.
(4) Device Control: It allows you to control the device remotely.
(5) Setting up automated tasks: the event information reported by your device (the information comes from the device you added, the specific information that can be set depends on the scope of your privacy authorization for the device, and each added device will provide the device provider's privacy policy, the relevant terms are up to you to approve), can be used to create your own automated tasks.
We will also use the above information to maintain and improve the functions of this application, and develop new business functions, etc.
For non-essential personal information, we will use it for the following purposes, including:
(1) Providing push service: Account and IMEI number will also be used to provide push service and to send device notifications to users. You can turn this function off at any time by changing your preferences under "Message Settings".
(2) Providing location-based services: When using SPA LINK App and the smart terminals connected to SPA LINK App, we will use the location information to determine the time zone of the device to ensure accurate display of the time on the device and logging in to the service area. According to your choice, you can turn on the corresponding device in advance and other experiences. You can turn off this function at any time by going into your device settings or by stopping using the App.
(3) Sending notifications: We will use your personal information to send important notifications from time to time, such as notifications about the abnormal operating status of the device, your customized device push notifications (specifically depending on your purchase of added devices), our Terms, Conditions and Policy Changes.
(4) Collecting users' feedback: The feedback you choose to provide is extremely valuable in helping SPA LINK App improve our services. In order to track the feedback you submit, SPA LINK App will use the personal information you provide to contact you and keep records.
7. How we entrust the processing, sharing, transfer and public disclosure of your personal information
(1) Entrusted processing
Some specific modules or functions in this application are provided by external suppliers. We use services provided by external service providers to realize our business functions.
For companies, organizations and individuals we entrust to process personal information, we will require them to process personal information in accordance with our requirements, this Privacy Policy and any other relevant confidentiality and security measures.
(2) Sharing
We will not share your personal information with any company, organization or individual other than Sunshine unless we obtain your explicit consent.
(3) Transfer
We will not transfer your personal information to any company, organization or individual except in the following circumstance:
a. Transfer with your explicit consent: After obtaining your explicit consent, we will transfer your personal information to another party;
b. When any merger, acquisition or bankruptcy liquidation is involved, we will require the new company or organization holding your personal information to continue to be bound by this Privacy Policy in case of any transfer of personal information; otherwise we will require such company or organization to re-seek your authorization or consent.
(4) Public disclosure
In order to provide products or services you have required, we will publicly disclose your personal information to third parties (defined as follows) only in the following circumstances:
a. Depending on the circumstances, we may provide some personal information to partners who cooperate with Sunshine to provide products and services or help Sunshine to market to customers. We will only share personal information with third parties for the purpose of providing or improving our products, services and advertising; we will not share personal information with third parties for their sales purposes, and will not sell personal information. We are obliged to require the above-mentioned partners to strictly abide by the requirements of the confidentiality agreement and privacy policy.
b. We may provide our partners with statistical information about your use of smart terminals in due time. The above statistical information does not involve your name, account number, password, phone number, email and other personal information.
c. If our partners expressly state to you the information collected and the purpose of use of the information in accordance with the law, and have obtained your consent, we may disclose your personal information to the third party according to your permission. For the security of your personal information, we will desensitize or obfuscate your personal information before disclosing it to third parties.
d. In accordance with the legal requirements of government departments, we will disclose your personal information as necessary.
e. We may disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions, protect our operations or users, or involve a significant public interest.
f. In the event of a reorganization, merger or sale, we may transfer all personal information we collect to the relevant third party.
In the various situations described in this section, you can rest assured that Sunshine will only share your personal information according to your authorization. Your authorization to Sunshine will include various sub-processors that process your personal information. You shall understand that in any circumstance described below, when Sunshine share your personal information with third-party service providers, Sunshine will contractually stipulate the practices and obligations of the third parties and comply with applicable local data protection laws. Sunshine contractually guarantees that third-party service providers comply with the privacy standards applicable to them in your jurisdiction.
Ⅱ. How we protect your personal information
1. We have used industry-standard security measures to protect the personal information you provide to prevent unauthorized access, public disclosure, use, modification, damage or loss of the data. We will take all reasonable and feasible measures to protect your personal information.
2. We have taken the following measures: In order to prevent unauthorized access, disclosure or other similar risks, we have put in place reasonable physical, technical and managerial procedures to safeguard and secure the information we collect from your use of SPA LINK App. We will take all reasonable measures to safeguard your personal information.
3. Our data security capabilities: ensuring that all your personal information is stored on secure servers that are protected in controlled facilities. We classify your data based on importance and sensitivity, and ensure that your personal information has the highest security level. We make sure that our employees and Third Party Service Providers who access the information to help provide you with our products and services are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet such obligations. We have special access controls for cloud based data storage as well. All in all, we regularly review our information collection, storage and processing practices, including physical security measures, to guard against any unauthorized access and use.
4. We will take all reasonable and feasible measures to ensure that irrelevant personal information is not collected or used. We will only retain your personal information for as long as it is necessary to achieve the purposes described in this policy, unless a longer retention period is required or permitted by law.
5. The Internet environment is not 100% secure, and we will try our best to ensure or guarantee the security of any information you send to us. However, you should be aware that using the Internet is not always secure, and we cannot guarantee the security or integrity of any personal information when it is transmitted in both directions over the Internet. If our physical, technical or management protection facilities are damaged, resulting in unauthorized access, public disclosure, tampering or destruction of information, resulting in damage to your legitimate rights and interests, we will take appropriate measures for personal data leakage, such as reporting the leakage phenomenon to relevant regulatory agencies, and actively reporting the handling of personal information security incidents.
6. In the event of an unfortunate personal information security incident, we will promptly inform you, in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, the suggestions you can independently prevent and reduce the risk, and the remedial measures for you, etc. We will promptly notify you of the relevant information by email, letter, telephone, push notification, etc. When it is difficult to inform the subject of personal information one by one, we will release an announcement in a reasonable and effective manner.
Ⅲ. Your rights
In accordance with relevant Chinese laws, regulations and standards and the prevailing practices of other countries and regions, we will guarantee that you can exercise the following rights to your own personal information:
1. Access your personal information
You are authorized to access your personal information, except for some circumstances stipulated by laws and regulations. If you want to exercise your right of data access, you may do so in this following manner:
Visiting [SPA LINK App] - [My] - [Settings] - [Account Information].
2. Correct your personal information
When you discover any error with respect to your personal information processed by us, you are entitled to require us to make correction. You can raise a correction application by using the manner listed in "(1) Access your personal information".
When you update your personal information, you will be asked to verify your identity before we proceed with your request. Once we obtain sufficient information to accommodate your request for access to or correction of your personal information, we shall proceed to respond to your request within any time frame set out under your applicable data protection laws.
If you would like to request access to your personal data held by us or if you believe any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the email address below. Email: info@sunshine-shanghai.com.
3. Delete your personal information
Under the following circumstances, you can request us to delete your personal information:
(1) If our processing of personal information violates any law or regulation;
(2) If we collect or use your personal information without your consent;
(3) If our processing of personal information breaches our agreement with you;
(4) If you no longer use our products or services, or you cancel your account;
(5) If we no longer provide products or services to you.
4. Cancel your account by the subject of personal information
You can cancel your previously registered account at any time by yourself in the following manner:
Canceling the account in [SPA LINK App] - [My] - [More] - [Cancel Account].
The deletion of your personal information includes:
(1) User Account Information
(2) User Device Information
(3) Device Data Information
(4) Picture/Video Captured by the Camera
(5) Feedback
(6) Device Grouping Information
(7) User Scenario (Linkage) Information
If we decide to respond to your deletion request, we will also make every effort to notify any entities receiving your personal information from us and require such entities to delete your personal information in time unless laws and regulations otherwise provide or such entities obtain your independent authorization.
When you delete information from our services, we may not immediately delete corresponding information from our backup system, but we will delete such information when our backup system is updated.
If your client version is lower than 1.4, you can contact us at info@sunshine-shanghai.com to deactivate your personal account.
5. Other Instructions
(1) If you are a Europe Union user under the General Data Protection Regulation (GDPR), you have the right to obtain from us the erasure of your personal information. If the grounds apply to GDPR, we shall consider the grounds regarding your erasure request and take reasonable steps including technical measures.
(2) If you are a Europe Union user under GDPR, you have the right to obtain from us the restriction of processing your personal information. We shall consider the grounds regarding your restriction request. If the grounds apply to GDPR, we shall only process your personal information under applicable circumstances in GDPR and inform you before the restriction of processing is lifted.
(3) If you are a Europe Union user under GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
(4) If you are a Europe Union user under GDPR, you have the right to receive your personal information in a structured, commonly used format and transmit the information to another data controller.
6. In the following situations, we will not be able to respond to your request:
(1) In connection with the fulfillment of the obligations of the personal information controller under the laws and regulations;
(2) Directly related to national security and national defense security
(3) Directly related to public safety, public health, or significant public interests;
(4) Directly related to criminal investigation, prosecution, judicial trial, enforcement of judgments, etc.;
(5) There is sufficient evidence that you have subjective malice or abuse of rights;
(6) For the purpose of safeguarding the life, property and other significant legitimate rights and interests of the subject of the personal information or other individuals but where it is difficult to obtain your own authorized consent;
(7) Respond to your request which may result in serious damage to the legitimate rights and interests of you or other individuals or organizations;
(8) Any commercial secret is involved.
Ⅳ. How your personal information is transferred globally
This Privacy Policy is formulated in accordance with the laws of the People's Republic of China, and is governed by the laws of the People's Republic of China.
In principle, the personal information we collect and generate within the territory of People's Republic of China will be stored in the territory of the People's Republic of China.
Since we provide products or services through resources and servers across the world, which means that upon your authorization and consent, your personal information may be transferred to the foreign jurisdiction of the country/region in which you use the product or service, or be accessed from these jurisdictions.
Such jurisdictions may have different data protection laws or even don't have relevant laws. In such cases, we will ensure that your personal information is adequately and equally protected within the territory of the People's Republic of China. For example, we will ask you for permission to transfer personal information across borders or to implement security measures such as data de-identification before cross-border data transfers.
Ⅴ. How we process children's personal information
Our products, websites and services are mainly oriented toward adults. Children are not allowed to create their own user accounts without the consent of their parents or guardians.
If children’s personal information is collected with the consent of their parents, we will use or publicly disclose such information only to the extent permitted by law, expressly agreed by their parents or guardians or necessary for protection of such children.
Notwithstanding the difference in definitions of children according to local laws and customs, we treat any person aged below 14 as a child.
If we discover that we have collected children's personal information without the demonstrable consent of their parents, we will seek to delete relevant data as soon as practicable.
Ⅵ. Retention period of personal information
We retain your personal information for the period necessary for the purpose of the information collection described in this Privacy Policy, or as required or permitted by applicable laws.
We shall cease to retain personal information, or remove the means by which the personal information can be associated with particular individuals, as soon as it is reasonable to assume that the purpose for which that personal information was collected is no longer being served by retention of the personal information.
If further data processing is for public interest purposes, scientific or historical research purposes or statistical purposes according to the applicable laws, the data can be further retained by Sunshine even if the further data processing is incompatible with original purposes.
Ⅶ. How we update this Privacy Policy
We may conduct periodic reviews of this Privacy Policy and update this Privacy Policy to reflect changes in our information practices.
We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any policy changes on this page.
For material changes, we will also provide a more conspicuous notice (including for some services, we will notify you through emails, notifications on SPA LINK App or mobile devices), so that you can understand what information we collect and how we use it.
The material changes referred to in this policy include, but are not limited to:
1. Material change occurs to our service model. For example, the purpose of processing personal information, the type of processed personal information, the manner of use of personal information;
2. Material change occurs to our ownership structure or organizational structure. For example, owners' change arising from business adjustment or bankruptcy merger and acquisition;
3. Change occurs to major subjects of sharing, transfer or public disclosure of personal information;
4. Material change occurs to your right to participate in the processing of personal information and the manner of exercise of such right;
5. Change occurs to our department responsible for handling the security of personal information, our contact information and our complaint channel;
6. A report on the security impact assessment of personal information shows that there is high risk.
These policy changes will take effect as of the commencement date specified on the notification or website. We encourage you to periodically review this page for the latest information on our privacy practices.
Your continued use of the products and services on the website, mobile phone and/or any other device will be subject to the updated Privacy Policy. We will ask for your consent again when we collect more personal information from you or when we wish to use or disclose your personal information for new purposes.
If you are an Europe Union user under GDPR, Sunshine will provide:
A systematic approach to managing personal data related to our employees, management processes and information systems by applying risk management tools. According to the GDPR, Sunshine will use the following methods:
Establishing a Data Protection Officer(DPO) who is responsible for data protection. The contact information of the DPO is dpo@sunshine-shanghai.com.
Establishing the process such as the Data Protection Impact Assessment (DPIA).
Order of Precedence
If you have agreed to the applicable User Agreements, in the event of inconsistency between such User Agreements and this Privacy Policy, such User Agreements shall prevail.
Ⅷ. How to contact us
If you have any questions, comments or suggestions about this privacy policy, please contact us in the following manner:
Email: info@sunshine-shanghai.com