[Shenzhen Topband Software Technology Co., Ltd.](hereinafter referred to as “we”, “us”) has made great efforts to protect your personal data. We collect and process your personal data fully complying with the requirements of EU General Data Protection Regulation and within the scope stated in the Privacy Policy (hereinafter referred to as “this Policy”) when providing you with [ISmart Light](hereinafter referred to as “this application”).

Please read and understand this Policy before submitting your personal data to us. Please note that this Policy applies only and exclusively to this application. Please refer to other privacy policies if you use our other products and services.

This Policy will help you understand the following content:

1.Who we are

2.What personal data we collect

3.What is our legal basis for processing your personal data

4.How we manage your personal data

5.How we entrust a third party to process, share, transfer and disclose your personal data

6.How your personal data is transferred outside EU/EEA

7.What rights you have

8.How we protect children’s personal data

9.How to update this Policy

10.How to contact us


1.Who we are

Our company, [Shenzhen Topband Software Technology Co., Ltd.] ,is registered at[B302-306, 400-401, 411-412 Room, Research Institute of Tsinghua University, Nanshan High tech Industrial Park, Shenzhen City].  As the controller determining the personal data processing activity, we have full rights to this application and will be responsible for all matters related to this application.

2.What personal data we collect

To provide you with better service and realize the basic functions of this application, we collect the following personal data for each function:

 ● In order to enable your account’s registration and verification, we need to collect your user name, password, e-mail address and phone number, password, email address, phone number. And if you authorize login to this application with a third party account, we will obtain from such third party your account information (such as portrait, nickname, region, etc.) which may be bound with your ISmart Light account for quick login. We will ensure compliance with applicable data protection laws and regulations, as well as agreements, policies or documentations agreed with such third party regarding sharing personal information , in processing your Personal Data;

 ● In order to enable your using of the device and ensure the normal operation, we need to collect your IP address, city, time zone, device information (including but not limited to WIFI box number, WIFI box mac address, SSID, boiler model, boiler ID, etc.) and real-time data of the device (including but not limited to software version, time, temperature, fault code, etc.);

 ● In order to enable your reporting device fault to us and our pushing device fault information to you where necessary, we need to collect your e-mail address and IMIE.

 ● Use our specific products or services: if you use our weather or daylight-saving time service, we may collect your city and time zone information; If you use the function of device adding, family sharing and avatar switching, we need to obtain your camera permission. And the device adding function also needs to obtain your location permission in order to get Wi-Fi information according to your city and time zone. And the avatar switching function also needs to obtain your storage permission in order to read your local photos.

When we use SDK push function, we will collect your process information and Android ID. When we use Autonavi for location, we will obtain your Android ID, IMEI and Mac address of the device.

3. Description of iSmart Light permission invocation

In addition, the following device permissions may be triggered when you use iSmart Light. In order to enable you to better manage your information, we will inform you of the purpose of using the permission when applying for the permission to use the product and the possible impact on your use of the service if you do not enable the permission. Please check carefully. Before using a specific function, you can decide whether to grant the following permissions. In addition, you can change the authorization status at any time on the permission setting page of the device or the Mys-Setting-System Permission Management page of Mijia application.

Details of related functions and call permissions are listed below for your reference:

1. Read and write external storage space (Android version) : Used to read and write photos and files on the device in functions such as scanning and user feedback.

2. Location rights (Android and iOS versions) : Used to determine the region, manage the home location, automate smart devices, discover nearby smart devices, and discover the WLAN list.

3. Camera permission (Android, iOS version) : Used to scan the QR code for device installation, account login and other functions.

4. Enable the WLAN permission (Android or iOS version) : This permission is used to connect to the WIFI generated by the device for device communication.

5. Enable Bluetooth permission (Android, iOS version) : When connecting to the device quickly, connect the Bluetooth signal sent by the device for device communication; For smart devices connected via Bluetooth, Bluetooth permissions are also required for communication.

4.What is our legal basis for processing your personal data

We collect and process your personal data within the scope necessary for realizing the above functions. We conduct such personal data processing activities in order to fulfill our obligations under the smart hardware devices purchase agreement and to provide you with the smart home and related services (including this application). Therefore we rely on the necessity of performing the contract as the legal basis for such data processing activities.When you use our specific products or services, the legal basis for such processing is your consent.

5.How we manage your personal data

5.1 Storage of your personal data

Your personal data will be stored properly on [AWS] in [Frankfurt] for . We will remind user who has not logged in this application for one year continuously by E-mail, if the user does not respond, the corresponding data will be destroyed after one month.

5.2 Security of your personal data

The server we use has the industry-leading security capacities to protect your personal data. In addition, by strengthening the administrative and technical safeguards (such as the access control system, encryption and security training on employees) of personal data, we will endeavor to protect your personal data from unauthorized access, use, disclosure, modification, damage, loss and any other forms of unlawful processing.

The network environment is not absolutely secure. In the event of a personal data security incident, we will fulfill our notification obligations, which may include informing you of the basic circumstances and possible impact of the security incident, the actions we have taken or will take, and recommendations that you can take precautions and reduce risk on your own initiative. We will endeavor to inform you in a timely manner by telephone, email, notification, etc., and we may make an announcement on this website under certain circumstances.

If you know or have reason to believe that your personal data has been lost, stolen, misappropriated or otherwise infringed, or if there is any actual or suspected embezzlement of your personal data, please contact us.

6.How we entrust a third party to process, share, transfer and disclose your personal data

In principle, we transfer your personal data to third parties only with the notification and your authorization. In order to ensure the security of your personal data, we will follow the principle of minimization and comply with applicable legal requirements when sharing, transferring or disclosing your personal data with the following third-parties:

Service providers: such as companies that support our IT, help us process we hold and provide us with underlying cloud service. We have signed data processing agreements with related service providers to ensure the lawful and secure personal data processing.

API/SDK providers: In order to enable your normal use of this application, we will embed SDK or other similar applications of authorized partners in this application.

- When pushing notification to your mobile phone, Alibaba Cloud Push SDK or Google Push SDK will collect your device Token , mobile phone system and mobile phone model.

Purpose: to push device change information and users operation information.

- In order to enable your better use of this application, Gaode Map SDK will collect the location information of your device and home.

Purpose: to set up your home location information.

We will conduct security checks on the Application Programming Interfaces (API) and Software Development Kit (SDK) collecting personal data and agree with the authorized partners on strict data protection measures to ensure that the partners collect and process your personal data in accordance with our agreements and this Policy.

Government or regulators: on the basis of ensuring the security and legality of the disclosure, we may also disclose your minimal and necessary personal data to the law enforcement agencies/governmental authorities, if we believe that such disclosure of your personal data complies with any applicable law or responds to related legal process, after checking with specific law enforcement authorities on the basis of the disclosure.

Business transfer: for the transfer of your personal data during merger, acquisition, bankruptcy liquidation, asset transfer, or other similar transactions, we will require the new company or organization possessing your personal data to be bound continuously by the requirements, commitments and safeguards described in this Policy. For instance, the new company or organization should not use your personal data beyond the said purposes. Otherwise, we will require the new company or organization to reapply for corresponding authorization from you.

7.How your personal data is transferred outside EU/EEA

In order to normally operate and maintain this application, the service providers we entrusted needs to access your personal data remotely from countries or territories outside EU/EEA (including China) where the data protection laws in effect are not as stringent as those in EU/EEA. To fully secure your personal data, we have signed the cross-border data transfer Standard Contractual Clauses (SCC) as the transfer mechanism. You can contact us to obtain the corresponding data transfer agreement text.

8.What rights you have

You are entitled by law to the following rights in respect of your personal data:

INFORMATION AND ACCESS: You have the right to be provided with certain information about our processing of your personal data and access to that data.

RECTIFICATION: If your personal data changes, we encourage you to inform us of the change. You have the right to require inaccurate or incomplete personal data to be updated or corrected.

ERASURE: You have the right to require that your data be erased in certain circumstances where it is no longer necessary for us to process this data in relation to the purposes for which we collected or processed the data.

DATA PORTABILITY: You may have the right to have the data transferred to you or another controller in a structured, commonly used and machine-readable format, where this is technically feasible.

RIGHT TO RESTRICTION OF PROCESSING: You have the right to restrict our processing of your personal data while your request for data rectification or objection to personal data processing is being considered, if we no longer need to process your data but you need that data in connection with a legal claim, or if our processing is unlawful but you do not want us to erase the data. If this right applies, we will continue to store your data but will only further process it with your consent, for the establishment, exercise or defence of legal claims, to protect the rights of another person, or for reasons of important public interest.

RIGHT TO COMPLAINTS: If you have any objection to our data processing activities and this Policy, you have the right to lodge a complaint with the regulatory authorities in your country or region.

9.How we protect children’s personal data

Our products and service are primarily aimed at adults. We do not knowingly collect personal data of children under 14 without the parents or guardian’s consent. Where the parents or guardian consent to collect and process children’s data, we will only use or disclose these data within the scope of parents or guardian’s explicit consent and strictly complying with GDPR. If we find that we have collected a child’s personal data without prior verifiable consent of his/her parents or guardian, we will take measures to delete related personal data as soon as possible.

10.How to update this Policy

We may update this Policy from time to time. If this Policy is revised, we will promptly release the latest revised version of this Policy in prominent positions of this website for your awareness. If there is any major change to this Policy, we will notify you of such change in a more prominent way by means of email, text message or website pop-ups.

11.How to contact us

If you have any opinion, suggestion or question about this Policy, or have any request or query for your personal data, please contact us in the following manner. In principle we will reply within 30 days.

Contact Information: