O+ Connect Privacy Notice
Last updated: October 16, 2025
Effective date: October 16, 2025
Update summary:
1. General Terms: In Section 1.1 "Personal information directly obtained from you", we added a description of personal information collection on account sign-up and sign-in as well as Communication sharing. We also added Section 3 "How We Share, Transfer, or Publicly Disclose Your Personal Information", Section 5.4 "Right to erasure", and Section 6 "Third-Party Service Providers and Their Services".
2. Europe-Specific Privacy Notice (GDPR-Based Terms): In Section 2 "Scope of Personal Information We Process and the Purposes", we added a description of personal information collection on account sign-up and sign-in as well as Communication sharing. In Section 3 "Additional Information on How Your Personal Information Is Transferred Globally", we added information on the Data Subject Rights Platform. We added Section 4.3 "Right to erasure".
3. U.S. State-Specific Terms: We added Section 2 "Disclosure, Sale, and Sharing of Personal Information". In Section 3 "Additional Information on Your Rights Regarding Personal Information", we added content about "Right to erasure" and "Right to make requests under the Shine the Light law".
4. India-Specific Privacy Notice (DPDPA-Based Terms): In Section 2 "Data Subject Rights", we added content about "Right to rectification and erasure" and updated the description of "Right to redress for grievances".
5. Brazil-Specific Privacy Notice (LGPD-Based Terms): We updated the description of the Data Subject Rights Platform and the contact information of the DPO in Brazil.
Thank you for using O+ Connect. O+ Connect (the "App") is developed and operated by HEYTAP PTE. LTD. ("we", "us", or "our", registered at 138 Market Street #15-03 Capitagreen, Singapore 048946) to provide users ("you" or "your") with the feature of transferring images, videos, and documents between mobile terminals.
During your use of our accounts, websites, mobile apps, or other products or services, we may collect and use your personal information. In the O+ Connect Privacy Notice (this "Privacy Notice"), "personal information" or "personal data" refers to all information that can be used alone or in combination with other information to identify a natural person.
This Privacy Notice explains how we process your personal information, the purposes for which we collect, use, and disclose your personal information during your use of O+ Connect, your rights to your personal information, and the security measures we use to protect personal information.
Before using O+ Connect, please carefully read this Privacy Notice to understand our practices of collecting, using, and protecting personal information. By tapping "Agree" and launching O+ Connect, you acknowledge that you fully understand our collection and use of personal information and your rights as described below.
In principle, this Privacy Notice applies to all jurisdictions where we have declared the provision of services through the App. However, different jurisdictions may have different requirements regarding personal information protection. Therefore, in addition to the general terms, we make a disclosure in the form of appendices of specific terms to meet the special requirements of different jurisdictions. The appendices, along with the main part of this Privacy Notice, constitute our notification of personal information processing in specific jurisdictions. If you are in a region listed in one of the appendices, you should also read the appendix applicable to your region. Unless otherwise specified in the appendices, the general terms of this Privacy Notice shall prevail. The appendices, along with the main part of this Privacy Notice, constitute our notification of personal information processing in specific jurisdictions. If you are in a region listed in one of the appendices, you should also read the appendix applicable to your region. Unless otherwise specified in the appendices, the general terms of this Privacy Notice shall prevail. In case of any conflict or inconsistency between an appendix and the main part of this Privacy Notice, the appendix shall prevail.
The general terms of Part A apply to you, regardless of your location. Part B applies to users located in the European Union, Liechtenstein, Norway, Iceland, the United Kingdom, or Switzerland ("Europe"). Part C applies to users located in the United States. Part D applies to users located in India; Part E applies to users located in Brazil.
This Privacy Notice is divided into the following parts:
A. General Terms
1. How We Collect and Use Your Personal Information
2. How We Store and Retain Your Personal Information
3. How We Share, Transfer, or Publicly Disclose Your Personal Information
4. How We Protect Your Personal Information
5. How to Exercise Your Data Subject Rights
6. Third-Party Service Providers and Their Services
7. How We Protect Minors' Personal Information
8. How This Privacy Notice Is Updated
9. Contact Us
B. Europe-Specific Privacy Notice (GDPR-Based Terms)
1. Legal Bases for the Processing of Personal Information
2. Scope of Personal Information We Process and the Purposes
3. Additional Information on How Your Personal Data Is Transferred Globally
4. Additional Information on Your Rights Regarding Personal Data
5. Contact Us
C. U.S. State-Specific Terms
1. Categories of Personal Information We Process and Use of Personal Information
2. Disclosure, Sale, and Sharing of Personal Information
3. Additional Information on Your Rights Regarding Personal Data
4. Submitting a Request Through an Authorized Agent
D. India-Specific Privacy Notice (DPDPA-Based Terms)
1. Personal Data We Collect and the Purposes of Data Processing
2. Data Subject Rights
3. Processing of Personal Data of Children
E. Brazil-Specific Privacy Notice (LGPD-Based Terms)
4. Legal Bases for Processing Personal Information
5. How Your Personal Information Is Transferred Globally
6. Our Use of Cookies and Other Similar Technologies
7. Your Rights Regarding Personal Information
8. Contact Details of the Data Protection Officer
Body text
A. General Terms
1. How We Collect and Use Your Personal Information
The information we collect depends on the context of your interactions with us and the choices you make, including your privacy settings and the features or services you use. The features or services provided by the App may vary by country or region, the operating system or app versions in use, and the apps installed or downloaded on a device. Therefore, the features or services actually provided by the App, the processing of personal information, and the required app permissions are subject to the device you use.
You are not obliged to provide personal information to us. If you choose not to provide the personal information necessary for the App to provide the required services, we may not be able to provide you with such services, nor will we be able to respond to or deal with any problems you may encounter. We collect personal information for the purpose of operating more efficiently and providing you with the best possible experience. The following describes in detail the categories of personal information we collect as well as how and why we collect and use such information.
We collect information about you in three primary ways:
• directly from you;
• automatically from your use of the App; and/or
• from third parties.
If the following clauses explicitly state that your relevant information is only kept locally, then the information is only collected and processed locally on your device and it will not be uploaded to our servers, which means such information is not bound by this Privacy Notice. This is to clear up any privacy concerns you may have and stay transparent about our processing of personal information.
Please note that if you provide other people's personal information to us, you must ensure that you have obtained their authorization.
1.1 Personal information directly obtained from you
(1) Device connection
In order to provide you with a device connection feature, you need to permit the App to use Bluetooth and access your location information and wireless data so that it can obtain information about nearby hotspots or Bluetooth information and initiate a request for connecting the source device to the destination device. You also need to permit the App to access your device type, name, model, and system version to check the feature compatibility. Such information will be processed only on your device/across your devices, and will not be uploaded to our servers. It will be deleted immediately after use, and will not be stored on your device.
(2) Data transfer
In order to provide you with the feature of transferring files between devices, the App may need to access your photos, audio, videos, documents, and archives to complete the data transfer. Such information will be processed only on your device/across your devices, and will not be uploaded to our servers. It will be deleted immediately after use, and will not be stored on your device.
(3) Device display name setting
The App allows you to set a device display name, making it easier for other devices to identify yours during searches. The changes you make to your device display name in the App will appear on your device/across your devices and be stored on your device. The display names are not uploaded to our servers.
(4) Account sign-up and sign-in
Currently, you can sign up for or sign in to the Platform with a HeyTap Account or OnePlus Account.
During the sign-up or sign-in process, you need to provide us with the information needed to fulfill legal obligations and perform the contract, including your phone number, email address, and account password or the SMS verification code, so that we can create an account for you and assist you in signing in to the account to use the Platform. For more details on the protection of personal information needed for account sign-up and sign-in, please refer to the HeyTap Account Privacy Notice.
To use O+ Connect, you can choose to register or sign in to a OnePlus Account. Once you have signed in to your OnePlus Account, regarding how your personal information about your OnePlus Account is collected and processed and how you can exercise your data subject rights about your OnePlus Account, please refer to the OnePlus Account Privacy Notice. Please note that the data generated during your use of O+ Connect with your OnePlus and HeyTap Accounts will not be combined.
(5) Communication sharing
When you link a device and use the Communication sharing feature, we need to collect the calls, SMS messages, and notifications you have chosen to share, so you can make or answer calls, receive or send SMS messages, and receive notifications across devices. Such information will be processed only on your device/across your devices, and will not be uploaded to our servers. It will be deleted immediately after use, and will not be stored on your device.
1.2 Cookies and other similar technologies
Currently, the App does not use cookies or any other similar technologies to collect or store user preferences or any information about you.
2. How We Store and Retain Your Personal Information
2.1 How long we store your personal information
Pursuant to laws and regulations, we will retain your personal information for the minimum period needed to provide you with the required products or services. We will delete or anonymize your personal information upon the expiration of the retention period or when it can be deleted, unless otherwise specified by applicable laws or regulations.
If we discontinue some or all of our products or services for any particular reason, we will promptly inform you and stop the collection and processing of your personal information in connection with such products or services. We will also delete or anonymize any such information in our possession unless otherwise specified by laws and regulations.
When you set a device display name in the App, we will process your device name and retain it until you stop using the App.
2.2 Where we store your personal information
As a company operating globally, we provide products and services through resources and servers around the world. For the purpose of ensuring the high quality of our services (such as ensuring a high processing speed) and subject to local data protection laws, we will store your personal data based on the region where your phone is purchased or configured. We have established data centers in France, the United States, Singapore, India, and Indonesia. This means that your personal information may be transferred to or accessed from a jurisdiction outside the country or region where you use the relevant products or services.
You understand that there are different risks under different data protection laws. We will take measures to ensure that the data collected by us is processed in accordance with this Privacy Notice and applicable laws and that, after being transferred across borders, your personal information is as equally protected as in the country or region where you use the relevant products or services. For example, we will obtain your consent to the cross-border transfer of your personal information or take security measures such as encryption, de-identification, or entering into a necessary data transfer/sharing agreement with the recipient of your data before transferring such data across borders.
3. How We Share, Transfer, or Publicly Disclose Your Personal Information
Where required by law, we may, from time to time, share, transfer, or disclose your personal information with or to any one or all of the following companies or organizations (such as sharing your personal information with our affiliates and strategic partners to jointly provide you with the required products or services). We will require such third parties to take appropriate confidentiality and security measures during their processing of your personal information by means of agreements or other appropriate measures.
(1) Our affiliates: In order for us to provide services to you, we may share your personal information with our affiliates. We will only share personal information that is necessary. If we or our affiliates change the use or processing of personal information, we will ask for your authorization again.
(2) Our authorized partners: Some of our services will be provided by our authorized partners only for the purposes stated in this Privacy Notice. We may share some of your personal information with our third-party partners so that they can provide services to you and improve your user experience based on your personal information.
(3) Any organization involved in a merger, acquisition, or bankruptcy liquidation: When we are in the process of a merger, acquisition, or bankruptcy liquidation, and if such process requires the transfer of your personal information, we will require the new company or organization that holds your personal information to continue to be bound by this Privacy Notice; otherwise, we will require this company or organization to obtain your authorization or consent again. If the process does not involve the transfer of personal information, we will adequately inform you and delete or anonymize all your personal information under our control.
(4) Any entity to which you authorize us to disclose your personal information; and/or
(5) Any entity to which we are legally required to disclose your personal information: For example, when we are required to comply with subpoenas or other legal procedures, litigations, or mandatory requirements of government authorities, we may disclose your personal information if we sincerely believe that disclosure is necessary to protect our rights, ensure your safety or the safety of others, investigate fraud, or respond to government requests.
4. How We Protect Your Personal Information
The security of your personal information is very important to us. We take appropriate technical, management, and physical security measures to protect your personal information against unauthorized access, theft, disclosure, modification, or loss. We regularly review our security measures to incorporate new technologies and approaches that are available.
5. How to Exercise Your Data Subject Rights
We respect your rights to your personal information, and we do our best to protect your rights. We provide a variety of secure and convenient ways for you to configure privacy settings and manage personal information, thus ensuring the security of your personal information. Please note that the operation paths may vary by device model, operating system version, and App version. In addition, we may adjust the operation paths from time to time to improve your user experience. Therefore, the operation paths described below are for your reference only. If you have any questions regarding the operation paths or means of exercising your rights, you may contact us as set forth under the "Contact Us" section of this Privacy Notice. Refer to the below for your rights to your personal information:
5.1 Right to be informed
We inform you of how we process and protect your personal information by publishing this Privacy Notice. We are committed to staying transparent about how we use your personal information. You can regularly check this Privacy Notice, receive emails and SMS messages that contain a description of the updates to this Privacy Notice, and contact us in the manner disclosed in this Privacy Notice to learn about our collection and use of your personal information. You can go to "Settings - Privacy Notice" of the App on your phone to view it.
5.2 Right of access
You can go to the relevant product or service pages to directly query or access your personal information, and learn how your personal information is collected and used. For example, you can go to "Settings - Name" of the App to view the device display name you set in the App.
5.3 Right to rectification
If you find that any of your personal information processed by us is inaccurate or incomplete, you have the right to request us to correct or complete it. You can correct and modify some of your personal information on the relevant product or service pages. For example, you can go to "Settings - Name" of the App to change or complete your device display name.
5.4 Right to erasure
You may choose to delete some of the personal information you have submitted to us. To clear such data from your device, please go to "Settings - App management - O+ Connect".
5.5 Right to change the scope of authorization or withdraw consent
The performance of each service function requires certain basic personal information (see the "How We Collect and Use Your Personal Information" section of this Privacy Notice). You can change the scope of the personal information you authorize us to collect or withdraw your authorization by deleting information, turning off app permissions, changing settings on the product or feature settings page, or deleting your account. Please refer to the following methods to withdraw consent for specific situations:
You can go to "Settings - Privacy & Security - Permission manager" to turn off relevant app permissions so as to withdraw your consent to our use of such app permissions.
You can go to "Settings" of the App and tap "Withdraw consent to Privacy Notice" to withdraw your consent to this Privacy Notice.
5.6 Right to get a copy of your personal information
You have the right to request that we provide a copy of the personal information you provided to us or transfer the copy to a third-party you designated. If you need a copy of your personal information, please contact us as set forth in "Contact Us" of this Privacy Notice and send us a request. We will provide you with a copy in a timely manner.
5.7 Right to lodge complaints
You have the right to lodge a complaint by contacting us as set forth in "Contact Us".
You have the right to lodge a complaint with the competent supervisory authority regarding our personal information protection practices or file a lawsuit in a court with jurisdiction. However, we hope that we have the opportunity to solve your concerns or issues before you contact relevant authorities, so please first contact us directly.
6. Third-Party Service Providers and Their Services
Some of our features or services may contain links to third-party websites, products, or services, such as the third-party apps and websites redirected when you tap a relevant widget in the App. This Privacy Notice does not apply to such third-party websites, products, or services.
After you are directed to such third-party websites, products, or services, please carefully read the privacy policies and related terms and conditions of the third-party website operators or service providers before you access specific functional modules or services.
7. How We Protect Minors' Personal Information
We greatly value our obligation and responsibility for protecting children's personal information. We strive to create a healthy cyber environment for minors and make extra efforts to protect children. We treat anyone under the age of 18 (or a similar minimum age of full legal capacity defined in the jurisdiction concerned) as a child. Most of the features and services provided by the App are intended for adults, not for children. We do not provide services directly to children. Please note that due to technical limitations and other objective factors, the App may not be able to actively identify the age of users.
In accordance with applicable laws and regulations, if you are a child, you must obtain the consent of your parent or another guardian before using the App, and be sure to carefully read this Privacy Notice together with them. If you are the guardian of a child, before assisting the child in using the App, you must carefully read both the Children's Privacy Statement (if any) and this Privacy Notice. Please note that children are not allowed to use the App without the consent of their parents or guardians.
We do not actively collect, store, use, transfer, or disclose children's personal information, let alone use their personal information for marketing purposes. If you are a child, or if you are a parent or guardian of a child, or if you otherwise find that any information we processed may contain the personal information of a child, please contact us as set forth in this Privacy Notice. We will do everything we can to delete the relevant data as soon as possible.
8. How This Privacy Notice Is Updated
We reserve the right to update or revise this Privacy Notice from time to time. We will notify you of any material changes to this Privacy Notice in a manner we deem appropriate, and we will indicate the "Last updated" date at the top of this Privacy Notice.
The latest version of this Privacy Notice applies to our processing of your personal information. This Privacy Notice shall enter into force as of the date it is updated.
9. Contact Us
If you have any questions, complaints, or suggestions regarding this Privacy Notice or our privacy practices, you may contact us or our data protection officer as set forth below. We will verify your identity and respond within the stipulated time limit in accordance with local laws and regulations. This time limit may be extended when necessary due to factors including the complexity of requests, large volumes of individual requests, and technical feasibility.
If you have any questions or concerns about this Privacy Notice or our privacy practices, please contact us using the information below:
HEYTAP PTE. LTD.
Company address: 138 Market Street #15-03 Capitagreen, Singapore 048946
Data Subject Rights Platform: https://brand.heytap.com/en/privacy-feedback.html
Name of the Data Protection Officer: Kenneth Kwek
Address of the Data Protection Officer: 7500A Beach Road, The Plaza, #09-324, Singapore 199591
B. Europe-Specific Privacy Notice (GDPR-Based Terms)
This part only applies to users located in the European Union, Liechtenstein, Norway, Iceland, the United Kingdom, or Switzerland ("Europe").
GDPR divides roles in personal data processing into data controller and data processor. A data controller refers to any natural person, legal person, public authority, institution, or group that, alone or together with others, determines the purposes and means of processing personal data. A data processor refers to any natural person, legal person, public authority, agency, or other body that processes personal data on behalf of a data controller. If you are a user located in Europe, HEYTAP PTE. LTD. acts as the "data controller" as defined in the European General Data Protection Regulation (GDPR) and is able to determine the purpose for which your personal information is collected and processed, and process your personal information in compliance with this Privacy Notice and applicable terms in the GDPR.
The personal information herein (also "personal data") refers to any information related to a natural person that has been identified or is identifiable. Personal data of special types refers to sensitive personal data that includes data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as data for unique identification of a natural person, such as genetic data, biometric data, health data, or data relating to sex life or sexual orientation.
1. Legal Bases for the Processing of Personal Information
The processing of your personal information described in "How We Collect and Use Your Personal Information" is lawful only if and to the extent that at least one of the following applies:
(1) We have obtained your express consent in advance, and you can withdraw your consent at any time;
(2) Information processing is necessary for us to enter into a contract or perform the contract concerning our products and/or services;
(3) The processing of relevant personal information is indispensable for fulfilling our legal obligations;
(4) Disclosing your personal information is necessary for the purpose of the legitimate interests pursued by us or a third-party. We will process your personal information on this lawful basis only after balancing our or the third-party's interests against your privacy rights.
2. Scope of Personal Information We Process and the Purposes
When you use O+ Connect, we may collect, use, or disclose your personal information for the purposes below:
| Intended feature and purpose | Personal information fields collected | Legal grounds |
| Device connection | Information about nearby hotspots or Bluetooth information, location, device type, name, model, and system version (the information above is processed only on your device/across your devices) | When we intend to use your personal information in scenarios where relevant local laws and regulations apply, we will obtain your consent so as to meet the requirements of the relevant laws and regulations. |
| Data transfer | Photos, audio, videos, documents, and archives (the information above is processed only on your device/across your devices) | |
| Device display name setting | Device display name (the information above is processed only on your device/across your devices) | |
| Account sign-up and sign-in | Phone number, email address, and account password or verification code | |
| Communication sharing | Calls, SMS messages, and notifications (the information above is processed only on your device/across your devices) |
3. Additional Information on How Your Personal Information Is Transferred Globally
In principle, personal information generated and collected in Europe will be stored in Europe. Where your personal information is transferred to a country or region outside the European Economic Area (EEA), we will take the necessary security measures. For example, we will ensure that:
• The recipient is located in a country covered by a European Commission adequacy decision;
• The recipient has signed a contract in accordance with the "Standard Contractual Clauses" issued by the European Commission, requiring them to protect your personal information; or
• In the absence of appropriate safeguards, we will obtain your express consent for the transfer of your personal information. In addition, we will use techniques such as encryption or de-identification to protect your personal information.
For more information about the safeguards relating to personal data transfers outside Europe, please submit your request through:
Data Subject Rights Platform: https://brand.heytap.com/en/privacy-feedback.html
4. Additional Information on Your Rights Regarding Personal Data
Subject to the legal requirements under the GDPR, you have the following rights:
4.1 Right of access
We inform you of how we process your personal information by publishing this Privacy Notice and, where required by laws and regulations, by posting a notice or contacting you by SMS or email. We are committed to staying transparent about how we use your personal information.
You can go to "Settings - Privacy Notice" of the App to view this Privacy Notice and learn about how we process your personal information.
4.2 Right to rectification
If you find that the personal data we process about you is inaccurate or incomplete, you are entitled to ask us to make rectifications without undue delay and to request the supplementation of your personal data where appropriate.
4.3 Right to erasure
You may choose to delete some of the personal information you have submitted to us. To clear such data from your device, please go to "Settings - App management - O+ Connect".
4.4 Right to restrict processing
In certain cases, for example, when you contest the accuracy of your personal data, you are entitled to request that we restrict the processing of your personal data so that we can verify its accuracy. We will keep enough data or process such data as is necessary to ensure that we will comply with your restriction requests in the future.
4.5 Right to object
You are entitled to object, on grounds relating to your particular situation, at any time to any processing based on your legitimate interests. Should you decide to object to the processing, we will stop processing the personal information concerning you, unless we can demonstrate compelling reasons for continued processing that override your interests, rights, and freedoms, or in the case that we establish, exercise, or defend our legal claims. You can object to direct marketing activities at any time for any reason.
4.6 Right to data portability
You are entitled to obtain a copy of your personal data in a structured, commonly used, and machine-readable format and transmit such data to another provider. In certain circumstances, you can transmit your personal data to any other provider.
4.7 Right to change the scope of authorization or withdraw consent
If we process your personal information based on your consent, you have the right to withdraw your consent at any time, and we will stop processing your personal information immediately. For example:
You can go to "Settings - Privacy & Security - Permission manager" to turn off relevant app permissions so as to withdraw your consent to our use of such app permissions.
You can go to "Settings" of the App and tap "Withdraw consent to Privacy Notice" to withdraw your consent to this Privacy Notice.
4.8 Right to lodge complaints
You have the right to lodge a complaint with the national data protection authority in your country about the ways we process your personal information. You can go to https://edpb.europa.eu/about-edpb/about-edpb/members_en to view information about the local data protection authority in your country or region.
We will respond to your complaint as soon as possible. In general, we will respond within one month following the receipt of your complaint. (If the complaint is overly complex or requires large amounts of personal information, we may extend this time limit by two months when necessary or permitted by law. If this is the case, we will notify you of the reason for the extension within the first month we receive your complaint.) If you are not satisfied with our response, you may file a lawsuit with the supervisory authority in your jurisdiction.
5. Contact Us
If you have any questions, suggestions, or complaints regarding this Privacy Notice or our privacy practices, you can contact us, our representative, or our data protection officer as set forth below:
https://brand.heytap.com/en/privacy-feedback.html
Users located in Europe may contact our European representative OROPE Germany GmbH. Please use the postal address below:
Postal address: Graf-Adolf-Platz 15, 40213, Düsseldorf, Germany
Users located in the UK may contact our UK representative Unumplus Limited. Please use the postal address below:
Postal address: 7 Albert Buildings, 49 Queen Victoria Street, London, United Kingdom, EC4N 4SA
C. United States-Specific Terms
This part applies to users located in the United States and provides supplementary provisions concerning personal information to meet the disclosure requirements under the laws of the aforementioned states.
1. Categories of Personal Information We Process and Use of Personal Information
In accordance with the aforementioned laws, we must provide the following information that we collect from the residents of the United States. The information we collect depends on the context of your interactions with us and the choices you make, including your privacy settings and the products and features you use.
The aforementioned categories of personal information may have been used (and may have been used in the twelve-month (12) period prior to the effective date of this Privacy Notice) for one or more of the purposes provided in our privacy notice, or for one or more of the following purposes.
We will not collect any personal information from other categories or (unless otherwise provided in the terms above or in this Privacy Notice) use the personal information we collect for materially different, irrelevant, or incompatible purposes without informing you.
In the United States, the features we provide are detailed in Section 1.1 in Part A "General Terms" of this document.
2. Disclosure, Sale, and Sharing of Personal Information
In accordance with the law in California, "sharing" refers to sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to a third-party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.
At present, we do not sell your personal information to or share your personal information with any third parties for commercial purposes (within the past 12 months). If we intend to sell your personal information in the future, we will notify you in advance in the form of this appendix, and respect your right to restrict and refuse such action.
3. Additional Information on Your Rights Regarding Personal Data
You may enjoy the following data privacy rights. Please note that these rights are not absolute and may be subject to conditions or limitations.
(1) Right to access and data portability: You have the right to know and access the categories and specific information we collect about you, the sources from which we collect such information, the purposes for our collection of such information, and the types of third parties with which the personal information is shared. Where technically feasible, we provide you with such personal data in a structured, commonly used, and machine-readable format so that you can transmit it to another entity.
(2) Right to request: You have the right to request information regarding our disclosure of personal data to third parties for business purposes.
(3) Right to rectification: You have the right to correct inaccurate personal data that we may hold about you.
(4) Right to erasure: You have the right to request the erasure of your personal data, except in cases where certain exceptions apply.
(5) Right to opt out: You have the right to opt out of the sale or sharing of your personal data with third parties.
(6) Right to limit the use of sensitive personal information: We do not use or collect sensitive personal information to infer user characteristics, so this right does not apply.
(7) Right to not be discriminated: You will not be discriminated against if you exercise any of the rights above.
Right to make requests under the Shine the Light law
The Shine the Light law (Cal. Civ. Code § 1798.83) allows residents of California who are also our service users to request: (1) the list of personal information categories we shared with third parties for direct marketing uses in the last calendar year; and (2) the identities of such third parties.
You may contact us as set forth below to exercise any of the rights above, or make a Shine the Light request:
Data Subject Rights Platform: https://brand.heytap.com/en/privacy-feedback.html You may sign in to the Platform to contact us.
We need to verify your identity before handling your request and confirm that you are a resident of the United States. To verify your identity, we usually match the personal information you provide in your request with the information we hold about you in our systems. This process may require us to request additional personal information from you, including, but not limited to, your email address, phone number, and/or the date of the last transaction made on our services.
In some cases, we may reject requests to exercise the rights described above, particularly if we are unable to verify your identity or locate your information in our systems. If we are unable to satisfy all or parts of your requests, we will explain the reasons for refusing to satisfy the requests.
In addition, we do not sell or share your personal information, so the right to opt out of the sale or sharing of personal information for targeted advertising does not apply in our case.
4. Submitting a Request Through an Authorized Agent
In some cases, to the extent that we can verify the permission given to an authorized agent to act on your behalf, you can designate an authorized agent (a term defined by the California Consumer Privacy Act of 2018) to act on your behalf to submit a request using the method set forth in this Privacy Notice.
For a request to know about or rectify personal information we hold about you, we need the following information for identity verification:
(1) An authorization letter from you or your authorized agent that is valid under California laws; or
(2) Sufficient proof that you have: 1) provided the authorized agent with a signed license to act on your behalf; and 2) verified your identity directly with us as set forth in this Privacy Notice; or directly confirmed with us that you have granted permission to your authorized agent to submit the request on your behalf.
For requests to opt out of "selling" or "sharing" personal information, we require a signed license certifying that the authorized agent has authorization to act on your behalf.
D. India-Specific Privacy Notice (DPDPA-Based Terms)
This appendix applies only to users located in India.
You understand that this appendix has been prepared in accordance with the Digital Personal Data Protection Act (DPDPA) of India and the relevant personal data protection laws. DPDPA defines two roles for data processing: data fiduciary and data processor. A data processor refers to any entity that, alone or together with others, determines the purposes and means of processing personal data (it is almost the same concept as the personal information processor in general terms). A data processor refers to any entity that processes personal data on behalf of a data fiduciary. (It is almost the same concept as the party that is entrusted to process personal information described in Part A "General Terms").
1. Personal Data We Collect and the Purposes of Data Processing
In India, we provide the feature of transferring images, videos, documents, and other data between mobile terminals.
We collect your personal data only for the purposes of providing O+ Connect related services and realizing relevant features. For more information, please refer to Section 1 "How We Collect and Use Your Personal Information" in Part A "General Terms".
Please note that the processing of your personal data is permitted without your consent in the following circumstances:
(1) Where you voluntarily provide the data to us for a specific purpose without giving an express representation that you object to our processing of such data;
(2) As necessary for the country and its agencies to provide or issue prescribed subsidies, benefits, services, certificates, and licenses to you;
(3) As necessary for the country or its agencies to perform their functions under the laws currently in force in India, or in the interests of safeguarding the sovereignty, integrity, and national security of India;
(4) As necessary for any person to fulfill any obligation under the laws currently in force in India to disclose any information to the country or its agencies;
(5) As necessary to comply with any judgment, ruling, or order issued under the law currently in force in India, or judgments, rulings, or orders in relation to contracts or civil claims under the law currently in force outside India;
(6) As necessary to take measures to provide medical treatment or health services to any individual in the event of an epidemic, disease outbreak, or any other threat to public health;
(7) As necessary to take measures to protect the safety of any individual or to provide assistance or services in the event of any disaster or public disorder.
2. Data Subject Rights
Under the DPDPA, you have the following rights as a data subject: You can exercise such rights in the ways described below. You can also directly submit a data subject rights request in the manner disclosed in the "Contact Us" section.
2.1 Right to be informed
You have the right to know about:
(1) The scope of personal data we are processing and the data processing activities we are carrying out. For details, please refer to Section 1 "How We Collect and Use Your Personal Information" in Part A "General Terms";
(2) All the data fiduciaries and processors that process your personal data and the categories of personal data we share;
(3) Information required to be disclosed by relevant laws and regulations.
2.2 Right to rectification and erasure
You have the right to correct, complete, and update your personal data; and delete your personal data.
2.3 Right to redress for grievances
If you believe that we have failed to meet our obligations regarding the processing of your personal data, you may contact us for redress and remediation. For details, refer to Section 5.3 "Right to rectification" and Section 5.5 "Right to lodge complaints" in Part A "General Terms". In general, we will respond to your data subject rights request within 15 workdays of the date we receive it. If you believe that we are unable to respond to your request, you may file a complaint with the Personal Data Protection Commission of India.
2.4 Right to withdraw consent
You have the right to withdraw your consent to our processing of your personal data. For details, please refer to Section 3.4 "Right to change the scope of authorization or withdraw consent" in Part A "General Terms".
After you withdraw your consent, we will cease to process your personal data accordingly. You understand that the withdrawal of consent does not affect the lawfulness of our processing of your personal data based on consent before its withdrawal.
2.5 Right to designate an authorized agent
If you are a child or a person with a disability, you have the right to designate an authorized agent to act on your behalf to exercise your rights as a data subject. When you use an authorized agent, we will take the necessary action to verify the identity of the agent for a qualification review.
3. Processing of Personal Data of Children
In principle, we do not provide our products and services to children. For details, please refer to Section 4 "How We Protect Minors' Personal Information" in Part A "General Terms".
Please note that in India, children refer to natural persons under the age of 18.
E. Brazil-Specific Privacy Notice (LGPD-Based Terms)
This appendix applies only to users located in Brazil.
1. Legal Bases for Processing Personal Information
The following are the legal bases for our processing of your personal data:
1.1 Consent
We may process your personal data after obtaining your consent. In particular, we may ask for your consent to participate in our promotional activities, such as sending you promotional messages, inviting you to participate in our "User Experience Program", and providing you with certain services and requiring your location information through these services. You have the right not to give consent, or to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of our use of your personal data before your withdrawal. If you have given consent to our use of your personal data, we will use it only for the purposes specified in the consent declaration. Please note that our processing is based on your consent. If you refuse to give consent or withdraw your consent, we may not be able to provide you with the services related thereto. In addition, your initial refusal or withdrawal of consent will not have any negative impact on you, unless otherwise notified.
1.2 Performing or entering into a contract with you
The legal bases apply in the following cases:
(1) To provide you with services, process your orders, or fulfill the contract between you and us;
(2) To activate the services you have purchased, warranty services, and specific software licenses, as well as to provide software update notices;
(3) To permit and manage your participation in our lucky draws, competitions, or other similar promotional activities;
(4) To diagnose product issues, repair customers' devices, and provide other customer care and support services.
1.3 Compliance with legal obligations
We may be obliged to process your personal data in order to fulfill our legal obligations, such as when we are required to retain personal data for compliance with tax laws or for business purposes.
1.4 Legitimate interests
The processing of your personal data may also be necessary for our legitimate interests. Such data processing may include the following cases:
(1) To conduct customer surveys to enhance your user experience;
(2) To analyze the customer market on the basis of the country where you use our services, including accessing user numbers for product marketing and promotion;
(3) To analyze the efficiency of our business operations;
(4) To analyze error logs to improve our phone quality and app features;
(5) To provide you with personalized services and recommend and display the content and ads tailored for you through our services;
(6) To communicate with you, and address feedback or comments you submit through any channel;
(7) To ensure the functionality and safety of our services;
(8) To verify your identity;
(9) To conduct internal audits to prevent and investigate fraud, cybersecurity threats, or other improper uses of your personal information;
(10) To improve and develop our services, including relevant security features, in order to enhance the user experience, user-friendliness, operation performance, functionality, and design of our products;
(11) To litigate or contest legal proceedings.
We will process your personal data for the reasons mentioned above only after evaluating and balancing our interests with your privacy rights. In particular cases, we may also process your personal data based on other legal grounds provided by applicable laws.
2. How Your Personal Information Is Transferred Globally
Should your personal data be transferred to jurisdictions outside Brazil, we will ensure that appropriate safeguards are put in place. For example:
(1) The recipient of your personal data is located in a country that the Brazilian National Data Protection Authority (ANPD) has, through an adequacy decision, recognized as providing adequate protection (if applicable);
(2) The recipient has signed a contract based on ANPD-approved standard contractual clauses (if applicable), requiring them to protect your personal information; or
(3) In the absence of the safeguards above, we will ask for your express consent to cross-border transfers of your personal data, or we will take other recognized measures to protect your personal information properly.
For more information on transferring your personal data outside Europe or Brazil, please submit a request through our Data Subject Rights Platform (https://brand.heytap.com/en/privacy-feedback.html).
3. Our Use of Cookies and Other Similar Technologies
If you wish to obtain detailed information on our use of cookies and other similar technologies, please read our cookie policy.
4. Your Rights Regarding Personal Information
In accordance with the LGPD, you have the following rights:
(1) Right of access: You can request access to your personal data that we hold about you.
(2) Right to rectification: If you find that the personal data we process about you is inaccurate or incomplete, you are entitled to request that we correct it without delay and, where appropriate, complete your personal data.
(3) Right to restrict processing: In certain cases, for example, when you contest the accuracy of your personal data, you are entitled to request that we restrict the processing of your personal data so that we can verify its accuracy. During this period, we will merely keep the necessary data or process such data required for our future response to your restriction request.
(4) Right to object: You are entitled to object, on grounds relating to your particular situation, at any time to any processing based on your legitimate interests. Should you decide to object to the processing, we will stop processing the personal data concerning you, unless we can demonstrate compelling reasons for continued processing that override your interests, rights, and freedom, or the processing serves to establish, exercise, or defend our legal claims. You are also entitled to object at any time to our processing of your personal information for direct marketing purposes.
(5) Right to data portability: You are entitled to obtain a copy of your personal data in a structured, commonly used, and machine-readable format. In certain circumstances, you can transmit your personal data to any other provider.
(6) Right to withdraw consent: If you have given consent to our processing of your personal information but later changed your mind, you are entitled to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of our use of your personal information before your withdrawal. If you wish to withdraw your consent to receiving promotional messages, you can unsubscribe through the method described in each promotional message. If you withdraw your consent, we will no longer be able to provide you with related services.
(7) Right to lodge complaints: You are entitled to lodge a complaint with the competent authority or to file a lawsuit regarding our processing of your personal data. Relevant information can be obtained from the local data protection supervisory authority.
(8) Right to request anonymization: In some cases, you are entitled to request anonymization of your personal data, whereby your data will be transformed to prevent identification. This right aims to reinforce the protection of your privacy.
(9) Right to obtain information about companies sharing your personal data: You are entitled to request details about the companies and third parties that have obtained your personal data. This guarantees clarity about the sharing and usage of your data.
(10) Right to know possibilities and consequences of consent withdrawal: You are entitled to be informed about the impacts of withdrawing consent on data processing, including potential impacts on your access to certain services or features.
5. Contact Details of the Data Protection Officer
You can submit your request through our Data Subject Rights Platform, or you can contact our Data Protection Officer:
Data Protection Officer/DPO in Brazil
Name: JULIANA MANTUANO DE MENESES
Contact information: https://brand.heytap.com/en/privacy-feedback.html