Tuya Smart Construction Privacy Policy

Effective date: 2020-04-25

Last updated: 2020-03-25

Tuya Inc., its affiliates and subsidiaries (“we”, “us”, “our”, “Tuya”) are committed to protecting your privacy. This Tuya Smart Construction (Mobile) Privacy Policy (“Policy”) describes our practices in connection with information privacy on Personal Data we process through your individual use of the following services, products, and related mobile applications (collectively, the “Products”):

• Tuya Smart Construction Application

The application provides a smart solution for managing your construction matters. When you interact with our Products, please carefully read through the Privacy Policy and understand our purposes and practices of collection, processing of your Personal Data, including how we use, store, share and transfer Personal Data. In the Policy you will also find how to execute your rights of access, update, delete or protect your Personal Data.

If you have any questions raised from reading the Policy, please don’t hesitate to contact us.

Definitions

In the Privacy Policy,

[Personal Data] means information that can be used to identify an individual, either from that information alone, or from that information and other information we have access to about that individual.

[Smart Devices] refers to those nonstandard computing devices produced or manufactured by hardware manufacturers, with human-machine interface and the ability to transmit data that connect wirelessly to a network, including: smart home appliances, smart wearable devices, smart air cleaning devices, etc.

[Applications or Apps] refers to those mobile applications developed by Tuya that provide end users remote control to Smart Devices and with the ability to connect to Tuya SaaS Platform.

For other branded mobile applications powered by Tuya, our Clients control all the Personal Data collected through our Products. We collect the information under the direction of our Clients and the processing of such information shall be limited to the purpose of providing the service for which our Clients has engaged us. If you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that use our service, please contact the Client that you interact with directly.

What Personal Data do We Collect

In order to provide our services to you, we will ask you to provide necessary Personal Data that is required to provide those services. If you do not provide your Personal Data, we may not be able to provide part of the function of the services or even not able to provide our products or services.

1. Information You Voluntarily Provide Us.

• Account or Profile Data: When you register an account with us, we may collect your name and contact details, such as your email address, phone number, user name, and log-in credentials. During your interaction with our Products, we may further collect your nickname, profile picture, country code, language preference or time zone information into your account.

• Feedback: When using feedback and suggestion features in our Products, we will collect your email address, mobile phone number and your feedback content to address your problems and solve device failures on a timely basis.

2. Information We Collect Automatically

• Device Information: When you interact with our Product, we automatically collect device information, such as the MAC address of your devices, IP address, wireless connection information, operating system type and version, application version number, push notification identifier, log files, and mobile network information.

• Usage Data: During your interaction with our Sites and Services, we automatically collect usage data relating to visits, clicks, downloads, messages sent/received, and other usage of our Sites and Services.

• Log Information: When you use our app, the system and exception log may be uploaded.

• Location Information: We may collect information about your real-time precise or non-precise geo-location when you use our specific Products or Services, such as robot cleaner and weather service.

3. Smart Devices Related Information

• Basic Information of Smart Devices: When you connect your Smart Devices with our Products or Services, we may collect basic information about your Smart Devices such as device name, device ID, online status, activation time, firmware version, and upgrade information.

• Information Reported by Smart Devices: Depending on the different Smart Devices you elect to connect with our Products or Services, we may collect different information reported by your Smart Devices. For example, smart weights or fitness trackers may report your height, weight, body fat mass (BFM), BMI and skeletal muscle mass (SMM); smart cameras may report images or videos captured by it.

Purposes and Legal Basis for Processing Personal Data

The purposes for which we may process your personal data about you are as follows:

• Provide You Services: We process your account and profile data(including information about the Construction services), device information, usage data, location information, and Smart Device related information to provide you with our Products and Services that you have requested or purchased. The legal basis for this processing is to perform our contract with you according to our Terms of Use.;

• Improve Our Services: We process your device information, usage data, location information and Smart Device related information to ensure the functions and safety of our Products, to develop and improve our Products and Services, to analyze the efficiency of our operations, and to prevent and trace fraudulent or inappropriate usage. The legal basis for this processing is to perform our contract with you according to our Terms of Use;

• Non-marketing Communication: We process your Personal Data to send you important information regarding the Services, changes to our terms, conditions, and policies and/or other administrative information. Because this information may be important, you may not opt-out of receiving such communications. The legal basis for this processing is to perform our contract with you according to our Terms of Use;

• Marketing Communication: We may process your Personal Data to provide marketing and promotional materials to you on our Products and Services. If we do so, each communication we send you will contain instructions permitting you to opt-out of receiving future communications of that nature. The legal basis for this processing is your consent. Additionally, if you consent to participate in our lottery, contest or other promotions, we may use your Personal Data to manage such activities;

• Personalization: We may process your account and profile data, usage data, device information to personalize product design and to provide you with services tailored for you, such as recommending and displaying information and advertisements regarding products suited to you, and to invite you to participate in surveys relating to your use of our Products. The legal basis for this processing is your consent;

• Legal Compliance: We may process your Personal Data as we believe to be necessary or appropriate: (a) to comply with applicable laws and regulations; (b) to comply with legal process; (c) to respond to requests from public and government authorities (d) to enforce our terms and conditions; (e) to protect our operations, business and systems; (f) to protect our rights, privacy, safety or property, and/or that of other users, including you; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

If there is any change in the purposes for processing your personal data, we will inform such changes to you via email (specified in your account)and/or a prominent notice on our website of such changes of purposes, and choices you may have regarding your Personal Data.

Who do We Share Personal Data with?

At Tuya, we only share Personal Data in ways that we tell you about. We do not sell your Personal Data to third parties and we limit disclosure of your Personal Data as listed below:

• To our third-party service providers who perform certain business-related functions for us, such as website hosting, data analysis, payment and credit card processing, infrastructure provision, IT services, customer support service, e-mail delivery services, and other similar services to enable them to provide services to us.

• To our customers and other business partners who provide you, directly or indirectly, with your Smart Devices, and/or networks and systems through which you access and use our Sites and Services.

• To an affiliate or other third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including without limitation in connection with any bankruptcy or similar proceedings). In such an event, you will be notified via email and/or a prominent notice on our website of any change in ownership, incompatible new uses of your Personal Data, and choices you may have regarding your Personal Data.

• As we believe to be necessary or appropriate: (a) to comply with applicable laws and regulations; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations, business and systems; (f) to protect our rights, privacy, safety or property, and/or that of other users, including you; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

• To subsidiaries or affiliates within our corporate family, to carry out regular business activities.

• Except for the third parties described above, to third parties only with your consent.

Security Measures

We use commercially reasonable physical, administrative, and technical safeguards to preserve the integrity and security of your Personal Data, including but not limited to the following security measures: establishing strict internal data management systems and processes, encryption of Personal Data (including transmission, storage and processing), desensitization of the data, segregation of employees roles and duties, conducting security and privacy awareness training for our internal employees, access control and monitoring, etc., to prevent leakage, illegal usage, unauthorized access or infringement of Personal Data.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), you could immediately notify us of the problem by emailing privacy@tuya.com.

If a security incident affects the security of your account or Personal Data, we will promptly notify you through the email address, phone number, or Notification Center, etc., that you provided to us, and keep you informed of any suggestions to reduce or prevent related risks. When necessary, we will immediately take appropriate remedial measures in accordance with internal security response plan and report to the relevant authorities accordingly.

International Transfer of Information Collected

To facilitate our operation, we may transfer, store and process your Personal Data in jurisdictions other than where you live. Laws in these countries may differ from the laws applicable to your country of residence. When we do so, we will ensure that an adequate level of protection is provided for the information by using the following approach:

• an agreement on the basis of approved EU standard contractual clauses per GDPR Art. 46. For more information, see here[1] .

If you would like further detail on the safeguards we have in place, you can contact us directly as described in this Privacy Policy.

Your Rights Relating to Personal Data

We respect your rights and control over your Personal Data. You may exercise any of the following rights:

Via the SaaS platform to provide your feedback;

By emailing us at privacy@tuya.com.

You do not have to pay a fee for executing your personal rights. Due to different data protection laws, if you dominate in China, we will aim to respond you within 15 business days. If you located outside of Mainland China, we will respond you within 30 calendar days.

If you decide to email us, please make clear what information you would like to have changed in your request, whether you would like to have your Personal Data deleted from our database or otherwise let us know what limitations you would like to put on our use of your Personal Data. Please note that we may ask you to verify your identity before taking further action on your request, for security purposes.

You may:

Request access to the Personal Data that we process about you;

Request that we correct inaccurate or incomplete Personal Data about you;

Request deletion of Personal Data about you;

Request restrictions, temporarily or permanently, on our processing of some or all Personal Data about you;

Request transfer of Personal Data to you or a third party where we process the data based on your consent or a contract with you, and where our processing is automated;

Opt-out or object to our use of Personal Data about you where our use is based on your consent or our legitimate interests.

About Delete of the Account: You can find the Delete function through Account and Security.

Children’s Privacy

Protecting the privacy of young children is especially important to us. The Services are not directed to individuals under the age of thirteen (13) or other age limit set out in different jurisdictions (for example eighteen (18)), and we request that these individuals do not provide any Personal Data to us. We do not knowingly collect Personal Data from anyone under the age of thirteen (13) unless we first obtain permission from that child’s parent or legal guardian. If we become aware that we have collected Personal Data from anyone under the age of thirteen (13) without permission from that child’s parent or legal guardian, we will take steps to remove that information.

Data Retention

We process your Personal Data for the minimum period necessary for the purposes set out in this Privacy Policy, unless there is a specific legal requirement for us to keep the data for a longer retention period. We determine the appropriate retention period based on the amount, nature, and sensitivity of your Personal Data, and after the retention period ends, we will destruct your Personal Data. When we are unable to do so for technical reasons, we will ensure that appropriate measures are put in place to prevent any further such use of your Personal Data.

Dispute Resolution

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Changes to the Privacy Policy

We may update this Privacy Policy to reflect changes to our information practices, but at least on an annual basis. Without your explicit consent, we will not undermine your privacy rights under this Privacy Policy. For any regular updates, we will provide such information in the Policy page, or Notification Center in the Application, or other appropriate channels. We encourage you to periodically review this page for the latest information on our privacy practices.

If we make any material changes we will notify you by channels that you can easily access to, for instance, email or SMS (send to the email address specified in your account) or by means of a notice on this website prior to the change becoming effective.

Contact Us

If you have any questions about our practices or this Privacy Policy, please contact us as follows:

Tuya Inc.

Postal Mailing Address: 75 E Santa Clara St, 6th Floor, San Jose, CA 95113 or 5, 7, 8 and 7-12th Floor, Huace Business Builing A, Wuchanggang Road, Xihu District, Hangzhou, China.

Service Center: 400-881-8611 or service@tuya.com;

Privacy Office: privacy@tuya.com.