Ava service PRIVACY NOTICE
Effective date: 30.04.25
This Ava Service Privacy Notice (referred to as “Privacy Notice”) is issued by Anker Innovations Technology Co., Ltd and its affiliates (together, “Anker”, “we”, “us” and “our”) and is addressed to individuals outside our organization with whom we interact, including customers, visitors to our Sites (together, “you”). Defined terms used in this Privacy Notice are explained in Section (11) below.
This Privacy Notice applies to Ava service.
We may update this Privacy Notice to reflect changes to our information practices. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on Ava you used prior to the change becoming effective. All changes shall be effective from the date of publication unless otherwise provided. We encourage you to periodically review this page for the latest information on our privacy practices.
You can find more information about your privacy in Privacy Notice.
1. Collection of Personal Data
2. Creation of Personal Data
3. Categories of Personal Data We Collect and Process
4. Purposes of Processing
5. Legal Basis for Processing
6. Disclosure of Personal Data
7. International Transfer of Personal Data
8. Data Retention
9. Your Privacy Rights
10. Contact Us
11. Definitions
Annex I – Details of Processing
1. Collection of Personal Data
Depending on how you use our Sites, we may collect or obtain Personal Data about you from the following sources:
Site or Application data: We collect or obtain Personal Data when you visit or use our Sites, or use any features or resources available on or through our Sites.
For more information on which data we collect, please also refer to the table in Annex I.
2. Creation of Personal Data
We also create Personal Data records about you in certain circumstances, such as records of your interactions with us, details of your past interactions with us. We may also link Personal Data collected from any of our Sites, Applications, products, or services, including where those data are collected from different devices.
3. Categories of Personal Data We Collect and Process
When you use Ava, we will collect the following product-specific data:
Information You Provide:
· Voice information : You may generate voice request when you use Ava, the text request will be transferred to Ava
service provider as a command after using speech-to-text technology to process your voice requests. Your voice information will not be stored.
· text information:You may generate text request when you use Ava, and your text request will be transferred to Ava
service provider as a command.
Sensitive personal information: When you use Ava service, we may collect your sensitive personal information, such as biometric data (as described above), with your explicit consent, in order to provide specific features.
4.Purposes of Processing
We may use the Personal Data we collect for the following purposes, subject to applicable law:
Fulfill our contractual obligations, to deliver Ava services;
You can find more information about how we Process your Personal Data in the table in Annex I.
The legal bases on which we rely for the processing of Personal Data , are as follows:
· Perform our contractual services or prior to entering into a contract with you: If you order products or services from us or if you contact us to request our products or services, we use your Personal Data to provide you with these products or services, including for account and contract management, to facilitate user benefits and services, including customer support and process payment for our products and services or with information that may be relevant for you to decide on whether you want to order our products and services;
· Justified by our legitimate interests: The usage of your Personal Data may also be necessary for our own business interests. For example, we may use some of your Personal Data to update and monitor the services, or diagnose or fix technology problems; help maintain the safety, security and integrity of our property and services, technology assets and business; enforce our terms, resolve disputes, carry out our obligations and enforce our rights, and protect our business interests and the interests and rights of third parties; and prevent, investigate or provide notice of fraud or unlawful or criminal activity.
· Consent: In some cases, we may ask you to grant us separate consent to use your Personal Data. In this case, you can revoke your consent at any time with effect for the future.
· Compliance with legal obligations: We are obligated to collect or retain certain Personal Data because of legal requirements, for example, tax or commercial laws, or we may be required by law enforcement to provide Personal Data on request.
You can find more information on the legal bases in the table in Annex I.
6.Disclosure of Personal Data
We may also share, transmit, disclose, grant access to, make available, and provide Personal Data with and to third parties, as described below.
Third-party Processors: We share Personal Data with third party contractors and service providers subject to reasonable confidentiality terms, such as Ava service provider, subject to the requirements noted below in this Section (6). These Processors support us in processing the types of Personal Data described above in Sections (1) - (3), and for the purposes described in Section (4). They only are authorized to process that information as necessary and as directed by us;
If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data; together with any additional requirements under applicable law. Please note that third parties and business partners may process your Personal Data in accordance with their own privacy policies and terms of service.
7. International Transfer of Personal Data
Because of the international nature of our business, we transfer Personal Data within the Anker group, and to third parties as noted in Section (6) above, in connection with the purposes set out in this Notice. For this reason, we transfer Personal Data to other countries that may have different laws and data protection compliance requirements than those that apply in the country in which you are located, including China, the EEA, the UK, and the US.
In the event of a transfer by Anker, we ensure that international transfers of your Personal Data are made pursuant to appropriate safeguards, such as:
(i) Ensuring that the Personal Data is only transferred to countries recognized as Adequate Jurisdictions. The current adequacy decisions can be found here. There is currently no adequacy decision for China; and there is only a partial adequacy decision for the U.S., where only such companies that are registered under the Data Privacy Framework are covered by an adequacy decision or
(ii) the transfer is made pursuant to appropriate safeguards, such as Standard Contractual Clauses adopted by the European Commission or UK Secretary of State (as applicable) in connection with appropriate supplementary measures. The decision and the template text of these Standard Contractual Clauses can be found here;
If you wish to enquire further about these safeguards, including the specific contracts entered into, or used, please contact us using the details set out under Section (10) of this Privacy Notice.
Please note that when you transfer any Personal Data directly to any Anker entity established outside the UK, Switzerland, or the EEA (as applicable), this is considered a direct collection, to which the safeguards mentioned in this Section (7) may not apply. We will nevertheless Process your Personal Data, from the point at which we receive such data, in accordance with the provisions of this Privacy Notice.
8.Data Retention
We have implemented processes designed to ensure that your Personal Data are only processed for the minimum period necessary for the purposes set out in this Privacy Notice. The criteria for determining the duration for which we will retain your Personal Data are as follows:
(1)we will retain Personal Data in a form that permits identification only for as long as: |
(a) we maintain an ongoing relationship with you (e.g., where you are a user of our services); or |
(b) your Personal Data are necessary in connection with the lawful purposes set out in this Privacy Notice, for which we have a valid legal basis (e.g., where your Personal Data are included in a contract between you and us, and we have a legitimate interest in Processing those Personal Data for the purposes of operating our business and fulfilling our obligations under that contract; or where we have a legal obligation to retain your Personal Data), |
(2)the duration of: |
(a) any applicable limitation period under applicable law (i.e., either any statutory retention periods as required by the law of the applicable region (e.g., the European Union or a member state of the EEA), or any period during which any person could bring a legal claim against us in connection with your Personal Data, or to which your Personal Data are relevant); and |
(b) an additional two (2) month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any Personal Data that are relevant to that claim), |
(3)in addition, if any relevant legal claims are brought, we continue to Process Personal Data for such additional periods as are necessary in connection with that claim. |
During the periods noted in paragraphs (2)(a) and (2)(b) above, we will restrict our Processing of your Personal Data to storage of, and maintaining the security of, those data, except to the extent that those data need to be reviewed in connection with any legal claim, or any obligation under applicable law.
Once the periods in paragraphs (1), (2) and (3) above, each to the extent applicable, have concluded, we will either:
· permanently delete or destroy the Relevant Personal Data; or
· anonymize or deidentify the Relevant Personal Data.
9.Your Privacy Rights
Subject to applicable law, you may have the following rights regarding the Processing of your Relevant Personal Data:
· the right not to provide your Personal Data to us (however, please note that we may be unable to provide you with the full benefit of our services, if you do not provide us with your Personal Data – e.g., we might not be able to process your requests without the necessary details);
· the right to request access to, or copies of, your Relevant Personal Data, together with additional information, such as information regarding the nature, Processing and disclosure of those Relevant Personal Data;
· the right to request rectification of any inaccuracies or incompleteness in your Relevant Personal Data;
· the right to request, on legitimate grounds, restriction of Processing of your Relevant Personal Data (limiting the purposes for which we Process your Personal Data);
· the right to have certain Relevant Personal Data transferred to another Controller, in a structured, commonly used and machine-readable format, to the extent applicable;
· the right to request the deletion or removal of your Relevant Personal Data where there is no other legal basis for us to keep using it. Please note that we may not be able to immediately remove the information from the backup system due to applicable laws and regulations or technological limitations. If this is the case, we will isolate your Relevant Personal Data from any further processing until the backup can be deleted or be anonymized / deidentified.
· where we Process your Relevant Personal Data on the basis of your consent, the right to withdraw that consent at any time (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal).
· Under the GDPR , you may also have the following additional rights regarding the Processing of your Relevant Personal Data: · the right to object, on grounds relating to your particular situation, to the Processing of your Relevant Personal Data by us or on our behalf, where such processing is based on Articles 6(1)(e) (public interest) or 6(1)(f) (legitimate interests) of the GDPR; · the right to object to the Processing of your Relevant Personal Data by us or on our behalf for direct marketing purposes. · the right to lodge complaints regarding the Processing of your Relevant Personal Data with a competent Data Protection Authority (in particular, the UK Information Commissioner’s Office, or the Data Protection Authority of the EU Member State in which you live, or in which you work, or in which the alleged infringement occurred. If you live in Germany, the relevant Data Protection Authority is the "Bayerisches Landesamt für Datenschutzaufsicht", Promenade 18, 91522 Ansbach). However, we encourage you to first contact us so that we can together solve any concerns you may have.
|
This does not affect your statutory rights.
To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Privacy Notice, or about our Processing of your Personal Data, please use the contact details provided in Section (10) below. Please note that:
· in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights; and
· where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.
For general enquiries, or to exercise any of the rights set out in this Privacy Notice, please contact support@anker.com.
10.Contact Us
If you have questions or concerns with respect to our Privacy Notice or privacy practices, you may contact us at href="mailto:support@anker.com" support@anker.com or DPO@anker.com.
11. Definitions
· “Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
· “EEA” means the European Economic Area (Member States of the European Union together with Iceland, Norway, and Liechtenstein).
· “GDPR” means the General Data Protection Regulation (EU) 2016/679.
· “Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
· “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
· “Processor” means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
· “Profiling” means any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
· “Relevant Personal Data” means Personal Data in respect of which we are the Controller.
· “Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission.
Annex I - Details of Processing
Processing activity and Processed Personal Data |
Purposes |
Legal basis for Processing |
Providing Ava service: · Voice information and audio data · Text information
|
· Obtaining your voice request · Using speech-to-text to process your voice requests · Transferring your text request to Ava service provider as a command · Replying your request |
· The Processing is necessary for entering or performing a contract with you, or |
Legal: · All of the above
|
· Complying with regulatory obligations · Litigation · Exercise, enforcement and defense of claims |
· The Processing is necessary for our legitimate interest in compliance with regulatory obligations, and exercising, enforcing and defending of claims. |