Effective as of: 2023-12-13
Scope
Tuya Global Inc., its affiliates and subsidiaries (“we”, “us”, “our”,
“Tuya”) recognizes that your privacy is important and we take it seriously.
This Privacy Policy describes how we collect, receive, use, store, share,
transfer and process your information, as well as your rights in determining
what we do with the information that we collect or hold about you when you
access or use (a) our websites and online properties, including www.tuya.com and our career portal
(collectively, the “Sites”), (b) our Cloud-based IoT Platform, including iot.tuya.com or developer.tuya.com and any dashboards or portals that we make available to our
customers, users and others (collectively, the “IoT Platform”) and (c) the Tuya
Smart Cloud. The Sites, the IoT Platform and any services we provide in
connection with one or more of the foregoing are collectively referred to as
the “Services.” If you are a customer located in the European Economic Area (“EEA”) or
the United Kingdom (“UK”), the following corporate affiliate of Tuya may also
process your personal data, including for purpose of provision of our products,
services and support:
Tuya GmbH, registered address:
Peter-Müller-Straße 16/16a, 40468 Düsseldorf, Germany.
This Privacy Policy also covers our processing of information collected
on behalf of and under the direction of our Clients through OEM branded Mobile
Applications and Tuya APIs. The processing of such information is limited to
the purpose of providing the service for which our Clients has engaged us and
Tuya has no direct relationship with the individuals whose Personal Data it
processes. If you are a customer of our Clients and would no longer like to be
contacted by one of our Clients that use our service, please contact the Client
that you interact with directly.
The Services may contain links to other websites or online services that
are operated and maintained by third parties and that are not under the control
of or maintained by us. This Privacy Policy does not apply to how third parties
collect, use, disclose or retain information. We encourage you to review the
privacy policies of these third-party websites or services.
If you have any questions or concerns regarding the data protection
practices, please do not hesitate to contact:
Tuya Customer Service Department: dial 1-844-672-5646; email to service@tuya.com or , You are not obliged to provide to us your Personal Data (as defined
below). However, we may be unable to provide you with certain products and/or
Services if you decline to provide such data.
Definitions
In this Privacy Policy,
Personal Data means, unless otherwise provided by applicable laws in your
region of residence, information that can be used to identify a particular
individual, either by that information alone, or in combination with other
information.
User Data refers to the data submitted by users or collected by Tuya in
order to provide its services, such as user name, contact information, etc.,
when user registers for an account on Tuya's website, interfaces with Tuya's
products or services. For clarity, User Data includes, but is not limited to,
Personal Data.
Smart Devices refers to those nonstandard computing devices produced or
manufactured by hardware manufacturers, with human-machine interface and the
ability to transmit data that connect wirelessly to a network, including: smart
home appliances, smart wearable devices, smart air cleaning devices, etc.
What Personal Data Do We Collect
1. Information You Voluntarily Provide Us.
• Account Data: When you register an account with us, we may collect your
name and contact details, such as your name, email address, mailing address,
phone number, user name, and login credentials.
• Transactional And Purchase/Payment Details: If you purchase Tuya’s
Services, either online or offline, we may collect your records/dates of
purchases, invoice information, billing address, payment method, or bank
account, account holder information, and debit card numbers for the business
partnership.
• Session Data: During your sessions of communications with our staff,
such as consultations with our business team, or online interactions with the
customer service team about our products or Services, we will collect your
session records and relevant information, which is limited to the following:
customized session ID, session time, your company name, as well as information
you voluntarily provide. The purpose of such collection is to analyze your
concerns raised during the session, so that we can enhance and improve our
services and identify usage trends, or in order to address your problems.
However, please be reminded that we will not collect any sensitive personal
information related to your identity.
• Name and Occupational Information in Communications with Us: When you
visit our websites, fill out our online forms, or engage with our support team,
we may collect your name and occupational information, such us your name, email
address, and work/company information.
• Job Application Information: When you apply to work for us, we may
collect your education and professional experience related information, such as
school attended, course of study, academic degree obtained, grades, employment
history, professional certification/licenses received.
2. Information We Collect Automatically.
When you use our Sites and Services, we may collect certain information,
including Personal Data, about your use of the Sites and Services:
• Device Information: When you interact with our Sites and Services
through hardware, we may automatically collect device information, such as the
unique device ID number of your device, IP address, wireless connection
information, operating system type and version, browser type and version, push
notification identifier, and mobile network information.
• Usage Data: During your interaction with our Sites and Services, we may
automatically collect usage data relating to visits, clicks, downloads,
messages sent/received, and other usage of our Sites and Services.
The major purpose of collecting and using such data is to improve the
products or services we provide to you, and to collect different volumes of
data because of the different types functions of the products or services.
• Log Data: When you access or use our Sites and Services, any act you
engage that may pose any risk to us will be recorded in form of log files. This
may include without limitation, system logs, exception logs, or logs describing
how your operations may pose risk to us. Logs may be uploaded to backend.
Please note that one cannot identify a specific individual by using
device information or log information alone. However, if these types of
non-personal information, combined with other information, may be used to
identify a specific individual, such non-personal information will be treated
as Personal Data. Unless we have obtained your consent or unless otherwise
provided by data protection laws and regulations, we will aggregate and
desensitize such non-personal information.
3. Information We Acquire from Third Parties
In some cases, and as permitted by law, we may obtain your Personal Data
from a third party. For instance:
• You may authorize a third party to transmit data to us;
• We may obtain certain data from third-party partners, for instance,
public information, including company name, company contact person, company
email address, etc.;
• Data related to you provided by others, for example, when other users
purchase products or services for you, they may provide us with your Personal
Data, which may include your name, mailing address, and contact information.
Cookies and Similar Tracking Technologies
When you visit the Sites and Services, we and service providers on our
behalf may send one or more “cookies,” which are small data files, to your
devices to uniquely identify your browser and let us help you log in faster and
enhance your navigation through the Sites. Cookies help us measure, for
example, the total number of visitors to our Sites, the number of visitors to
each page of our Sites, how our users use and interact with the Services, and
the domain names of our visitors” Internet service providers. You can reset
your web browser to refuse all cookies or to indicate when a cookie is being
sent. If you do not want cookies to be installed on your device, there is a
simple procedure in most browsers that allows you to decline the use of
cookies. Please be aware that some features of the Sites and Services will not
function properly if the ability of your device to accept cookies is disabled.
We may also use web beacons to track usage patterns of users of the
Services. Additionally, we may use HTML-based emails sent to our users to track
which emails are opened by recipients. The information is used to enable more
accurate reporting and make the Services better for you.
We honor do-not-track signals or similar technologies that our systems
detect and identify. We do not track, plant cookies, or use advertising when
such do-not-track (DNT) browser mechanism is in place on your device.
Purpose and Legal Basis for Processing Personal Data
Please kindly read and accept our Terms of Use before you use our products and services. Upon your acceptance,
when you request us to provide such products and services, please note that we
may process information about you for the following purposes: To Provide Our Services to You. We process your account data, device
information, User Data, log data, location information(such as IP address), and
Smart Device data in order to provide Services that you have requested or
purchased. For example, you can connect the App and Smart Devices and control
Smart Devices through Apps, and securely store your pictures and videos when
purchasing cloud storage services. The legal basis for this processing is to
perform our contract with you according to our Terms of Use.
• To Operate and Improve Our Services. We process your device
information, usage data, location information and Smart Device data to analyze
trends and to track your usage of our Sites and Services as necessary to
develop and improve our websites, and provide our users with more relevant and
useful content. The legal basis for this processing is to perform our contract
with you according to our Terms of Use.
• Account Management. We process your Personal Data to create and manage
accounts when you register with us. The legal basis for this processing is to
perform our contract with you according to our Terms of Use.
• Handle Contact and Support Request. We process your Personal Data to
contact you to offer help based on diagnostic information about your Smart
Devices, to fulfill your requests, respond to your inquiries and to provide
support; Especially when you encounter usage problems when using Tuya products
or services, please contact Tuya customer service team in time so that we can
locate your problem more quickly and provide solutions. The legal basis for
this processing is to perform our contract with you according to our Terms of
Use.
• Marketing Communication. We process your Personal Data to inform you
about Services that we believe may be of interest to you. If we do so, each
communication we send you will contain instructions permitting you to opt-out
of receiving future communications of that nature. The legal basis for this
processing is your consent.
• Non-Marketing Communication: We process your Personal Data to send you
important information regarding the Services, changes to our terms, conditions,
and policies and/or other administrative information. Because this information
may be important, you may not opt-out of receiving such communications. The
legal basis for this processing is to perform our contract with you according
to our Terms of Use.
• Research. We process your Personal Data for our internal business
purposes, such as data analysis, audits, developing new products or services,
enhancing and improving the Services and identifying usage trends. The legal
basis for this processing is to perform our contract with you according to our
Terms of Use.
• Legal Compliance. We disclose information if we are legally required to
do so, or if we have a good faith belief that such use is reasonably necessary
to:
• comply with a legal obligation, process or request;
• enforce our Terms of Use and other agreements, policies, and standards,
including investigation of any potential violation thereof;
• protect the rights, property or safety of us, our users, a third party
or the public as required or permitted by law; or
• detect, prevent or otherwise address security, fraud or technical
issues.
If there is any change in the purposes for processing your Personal Data,
we will inform such change to you via email and/or a prominent notice on our
website of such changes of purposes, and choices you may have regarding your
Personal Data.
Who do We Share Personal Data with?
At Tuya, we only share Personal Data in ways that we tell you about.
Without your consent, we will not disclose your Personal Data to third-party
companies, organizations, or individuals except in the following cases:
• Sharing subject to your express consent: upon your express consent, we
may transfer your User Information to third parties. For instance, if you have
indicated that you wish to receive accurate push notifications and diversified
services that we provide, we may share your Personal Data with certain third
parties.
• To our third-party service providers who perform certain
business-related functions for us, including:
- cloud service providers who provide Tuya with fundamental structural
plans regarding cloud services, including network, server and virtual services,
website hosting, data analysis, payment and credit card processing,
infrastructure provision, IT services, e-mail delivery services, and other
similar services to enable them to provide services to us;
- customer service providers who provide Tuya with customer support
services, including customer service system support and personnel service
support;
- enterprise authentication service providers who helps us with
verification of enterprise accounts, contract signing and authentication of
enterprise status;
- when place an order on Tuya’s websites, we may share your information
with third parties to allow you to receive our products and/or services that
you order.
• To our customers and other business partners who provide you, directly
or indirectly, with your Smart Devices, and/or networks and systems through
which you access and use our Sites and Services.
• To subsidiaries or affiliates within our corporate family for purpose
of regular business activities based on our instructions and in compliance with
applicable law, this Privacy Policy and other appropriate confidentiality and
security measures.
• To an affiliate or other third party in the event of any
reorganization, merger, sale, joint venture, assignment, transfer or other
disposition of all or any portion of our business, assets or stock (including
without limitation in connection with any bankruptcy or similar proceedings).
In such an event, you will be notified via email and/or a prominent notice on
our website of any change in ownership, and choices you may have regarding your
Personal Data.
• As we believe in good faith that access to, or use, preservation, or
disclosure of the information is reasonably necessary or appropriate to:
(a) Comply with applicable law, regulation, legal process, or lawful
governmental request;
(b) Enforce our Terms of Use and other agreements, policies, and
standards, including investigation of any potential violation thereof
(c) Protect the rights, property or safety of us, our users, a third
party or the public as required or permitted by law.
(d) Perform risk management, screening and checks for unlawful,
fraudulent, deceptive or malicious activities.
Data Transfer
Tuya operates globally, and Personal Data may be transferred, stored and
processed outside of the country or region where it was initially collected.
Also, the applicable laws in the countries and regions where we operate may
differ from the laws applicable to your country of residence. Under the
Personal Data protection framework and in order to facilitate our operation, we
may transfer, store and process your Personal Data in jurisdictions other than
where you live.
We protect Personal Data in accordance with this Privacy Policy wherever
it is processed and take appropriate contractual or other steps to protect it
under applicable laws.
The European Commission has determined that certain countries outside of
the EEA, the UK or Switzerland can provide adequate protection of Personal
Data. Where Personal Data of users in the EEA, the UK or Switzerland is being
transferred to a recipient located in a country outside the EEA, the UK or
Switzerland which has not been recognized as having an adequate level of data
protection, we ensure that the transfer is governed by the European
Commission’s standard contractual clauses. You can review the agreement on the
basis of approved EU standard contractual clauses per GDPR Art. 46. For more
information, see here. If you would like further details on the safeguards we have in place
under the data transfer, you can contact us directly as described in this
Privacy Policy.
Security
We use commercially reasonable physical, administrative, and technical
safeguards to preserve the integrity and security of your Personal Data. Tuya
provides various security strategies to effectively ensure data security of
user and device. As for device access, Tuya proprietary algorithms are employed
to ensure data isolation, access authentication, applying for authorization. As
for data communication, communication using security algorithms and
transmission encryption protocols and commercial level information encryption
transmission based on dynamic keys are supported. As for data processing,
strict data filtering and validation and complete data audit are applied. As
for data storage, all confidential information of users will be safely
encrypted for storage. If you have reason to believe that your interaction with
us is no longer secure (for example, if you feel that the security of any
account you might have with us has been compromised), you could immediately
notify us of the problem by emailing privacy@tuya.com in accordance with the section
below. Data Subject Rights
We respect your rights and control over your Personal Data. You may
exercise any of the following rights by:
a) Forward your privacy request through online communication by clicking here, or; You do not have to pay a fee for executing your personal rights.
According to different data protection laws, your request of personal rights
will be handled within 15 business days, or within 30 calendar days due to
different response requirement.
In your request, please make clear what information you would like to
have changed, whether you would like to have your Personal Data deleted from
our database or otherwise let us know what limitations you would like to put on
our use of your Personal Data. Please note that we may ask you to verify your
identity before taking further action on your request, for security purposes.
You may:
• Request access to the Personal Data that we process about you;
• Request that we correct inaccurate or incomplete Personal Data about
you;
• Request deletion of Personal Data about you;
• Request restrictions, temporarily or permanently, on our processing of
some or all Personal Data about you;
• Request transfer of Personal Data to you or a third party where we
process the data based on your consent or a contract with you, and where our
processing is automated;
• Opt-out or object to our use of Personal Data about you where our use
is based on your consent or our legitimate interests.
You may opt-out from receiving marketing-related emails through the email
selection or other communications from us on a going-forward basis by emailing privacy@tuya.com. We will comply with your
opt-out request as soon as reasonably practicable. Please also note that if you
do opt-out of receiving marketing-related messages from us, we may still send
you important administrative messages, and you cannot opt-out from receiving
administrative messages. We partner with a third party to display advertising
on our website or to manage our advertising on other sites. Our third-party
partner may use cookies or similar technologies in order to provide you
advertising based upon your browsing activities and interests. If you wish to
opt out of interest-based advertising, please click here; or if you are located in the
European Union, please click here. Please note you will continue to receive generic ads. Your California Privacy Rights
California Civil Code Section 1798.83 permits users of the Software that
are California residents to request certain information regarding our
disclosure of Personal Data to third parties for their direct marketing
purposes. To make such a request, please contact us in accordance with the
“privacy@tuya.com” section below. We do not disclose Personal Data to third
parties for their direct marketing purposes without your consent. Visit our
Statement on California Privacy Notice page for more information. Data Retention
We process your Personal Data for the minimum period necessary for the
purposes set out in this Privacy Policy, unless there is a specific legal
requirement for us to keep the data for a longer retention period. We determine
the appropriate retention period based on the amount, nature, and sensitivity
of your Personal Data, and after the retention period ends, we will destruct
your Personal Data.
1- For as long as you require us to fulfill the products and services you
request from us as defined in the Terms of Use;
2- Personal Data will no longer be retained when you request to remove
your Personal Data, we will accordingly complete the task.
When we are unable to do so for technical reasons, we will ensure that
appropriate measures are put in place to prevent any further such use of your
Personal Data.
Children’s Privacy
Protecting the privacy of young children is especially important to us.
The Services are not directed to individuals under the age of thirteen (13) (or
such other age provided by applicable law in your country/region of residence),
and we request that these individuals do not provide any Personal Data to us.
We do not knowingly collect Personal Data from any child unless we first obtain
permission from that child’s parent or legal guardian. If we become aware that
we have collected Personal Data from any child without permission from that
child’s parent or legal guardian, we will take steps to remove that
information.
Changes to this Privacy Policy
We may update this Privacy Policy to reflect changes to our information
practices. If we make any material changes, we will notify you by email (send
to the e-mail address specified in your account) or by means of a notice on
this website prior to the change becoming effective. We encourage you to
periodically review this page for the latest information on our privacy
practices.
Dispute Resolution
Contact Us
If you have any questions about our practices or this Privacy Policy,
please contact us as follows:
Tuya Global Inc.
Postal Mailing Address:
333 West San Carlos Street Suite 600 San Jose, CA 95110
For EEA or UK data subjects, you have the right to lodge a complaint with
a supervisory authority concerning Tuya’s data processing activities. For
questions, or to exercise your rights as an EEA or UK data subject, please
contact our EEA/UK Representative below:
Name: Rickert Rechtsanwaltsgesellschaft mbH
Emailing Address: Colmantstraße 15, 53225 Bonn, Germany
You can contact our Data Protection Officer, Mr. Will Yu, by sending an
email to will@tuya.com. History Versions: