Last modified: March 6,2023

1.    Introduction

This Privacy Policy describes how Vesync (UK) Co., Ltd, a subsidiary of Vesync Group, and its subsidiaries and affiliates (collectively, "Vesync", "our", "us" or "we") collect, use, share, and store information.

This policy applies to information we collect:

• when you register with, access, or use cosori.co.uk website (“Website”), and our services.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, or do not want us to collect the information, do not register with, or use the Websites. This policy may change from time to time (see Changes to Our Privacy Policy below). Your continued use of our Websites, or services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

2.   Information We May Collect and How We Collect It

Information we may collect

When You Use Our Websites, We May Collect the Following Information:

• Profile Data, such as your username, password, and email address.
• Logistics Data, such as receiver’s name, phone number, delivery address, postal code, and related product information.
• Financial Data, before placing orders, you'll be asked to provide financial data, including card numbers, card expiration dates, CVC codes, account holder name, and billing addresses. Importantly, we do not store this information. Instead, it is securely processed by our credit card payment service providers.
• Usage Data, such as details of your use of any of our devices, the Websites, and the App, including, but not limited to, history of operation, search queries, and length of visits to certain pages.
• Consumer Preference Data, such as products purchased, motivation for purchase, your preferences in receiving marketing from us and third parties, your responses to surveys, and other purchasing behavior and preferences.
• Communications Data, such as your communication preferences, your contact information, the audio recordings of calls when you call the Customer Service team, and records and copies of your correspondence (including email addresses and phone numbers), if you contact us.
• The correspondence may include information like proof of identification, gender, employment, medical information, or health insurance information when needed for Customer Service team to provide related support.
• Content Data, such as the content you post on the Websites.  The content data that you post on public areas of the Websites may be transmitted to other users of the Websites or third parties at your own risk.  Therefore, we cannot and do not guarantee that your content data will not be viewed by unauthorized persons.

• Aggregated Data

We may store and use any anonymized or aggregated data such as statistical or demographic data that incorporates or is derived from your personal information, which is not itself personal information (“Aggregated Data”); however, we will not do so in a way that identifies you personally. For example, we may aggregate users’ behavioral data to calculate the percentage of users accessing a specific feature, as well as facilitate and measure the effectiveness of advertisements. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

Cookies and Similar Technology

The Technologies We Use for Automatic Information Collection May Include (for more information, see Cookie Policy):

• Cookies (or browser cookies). 
• Web Beacons. 
• Flash Cookies. 

·       Click-through URL. 

• And other similar technologies.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking).

The information we collect automatically may include personal information. It helps us to improve our Websites or App and to deliver a better and more personalized service, including by enabling us to:

·       Estimate our audience size and usage patterns.

·       Store information about your preferences, allowing us to customize our Websites and App according to your individual interests.

·       Speed up your searches.

·       Recognize you when you return to our Websites or App.

·       Most websites will prompt you before accepting cookies. You may also change your cookies settings in your browser. Note, depending on your device or browser, it may not be possible to disable all tracking mechanisms. Also, if you set your browser to reject all cookies, parts of this Website may not work for you. For more information, please see our Cookie Policy.

3.   How We Use the Collected Information

We use information that we collect about you or that you provide to us, including any personal data, generally based on the following purposes:

Types of Data	Specific Purpose	Legal Basis for Processing
Profile Data	To allow you to register and log in to your account.	Performance of a contract with you. Necessary for our legitimate interests (for developing our products/services, running and growing our business, to prevent fraud).
	To enable you to place orders.
	To investigate and prevent fraud.
Logistics Data	To fulfil your orders and deliver products to you.	Performance of a contract with you. Necessary for our legitimate interests (to keep records updated and to analyze how customers use our products/ services).
	To process warranty, returns and/or repairs.
Financial Data	To process payments.	Performance of a contract with you. Necessary for our legitimate interests (to prevent fraud).
	To detect and prevent fraud.
Usage Data	To operate, maintain, and provide to you the features and functionalities, to identify your device for diagnostic purposes and fraud prevention, to improve or develop our products and new technologies via analytics, and to personalize the product functionalities and improve our marketing strategies.	Performance of a contract with you. Necessary for our legitimate interests (for developing our products/services, running and growing our business, provision of administration and IT services, network security).
	To provide customer services, such as dealing with any enquiries and complaints.
Consumer Preference Data	To develop new products and features available through our service or otherwise improve our service.	You consent. Necessary for our legitimate interests (for developing our products/services, running and growing our business).
Communication Data	To communicate with you.	You consent. Performance of a contract with you. Necessary for our legitimate interests (for developing our products/services, running and growing our business).
	To provide customer services, such as dealing with any inquiries and complaints.
	To provide new promotions to you and to provide you with information on new products and/or services.
Content Data	To operate, maintain, and provide to you the features and functionalities, to improve or develop our products and new technologies via analytics, and to personalize the product functionalities and improve our marketing strategies.	You consent. Necessary for our legitimate interests (for developing our products/services, running and growing our business).
Wellness Data	To operate, maintain, and provide to you the features and functionalities, to improve or develop our products and new technologies via analytics, and to personalize the product functionalities and improve our marketing strategies.	You consent.
	To enable you to manually input and track your wellness data, tailor available features to your particularized needs, and provide you with personalized recommendations, product offerings and promotions.

4.    Personal Information Sharing and Disclosures

We may disclose personal information that we collect or you provide in the following ways:

• Sharing with consent: with your consent or at your request, we will share your personal data within the scope of your consent/request with specific third parties or categories of third parties authorized or designated by you.
• Sharing with Vesync Group: we may share your personal information with our subsidiaries, parents, affiliates only for explicit, and legitimate purposes, and the sharing is limited only to information required by services.
• Sharing with service providers: we also may disclose your information to contractors, service providers, or third parties we use to support our business. They usually perform certain business-related functions for us, such as website hosting, data analysis, payment and credit card processing, infrastructure provision, IT services, customer support service, e-mail delivery services, marketing, analytics, and other similar services. These service providers are contractually restricted from using or disclosing the information, except as necessary to perform services on our behalf or to comply with legal requirements.
• Sharing for complying with the law or legal process: we may be required to respond to a subpoena, court order, search warrant, administrative or judicial process, requests by law enforcement agencies, or other requests that we must respond to under applicable law. We may disclose your personal information in response to any of these requirements.
• Sharing for protection of our legal rights and/or those of others: we may disclose your personal information to preserve the security of our website; resolve disputes; or assess any possible wrongdoing.
• Sharing during asset transfer: to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users is among the assets transferred.
• To enforce our rights arising from any contracts entered into between you and us, including the Terms of Use, and for billing and collection.
• To fulfill the purpose for which you provide it.
• For any other purpose disclosed by us when you provide the information.

We will ensure that the lawfulness of this sharing and, if applicable, sign stringent non-disclosure agreements (NDAs) and/or data processing clauses with the companies, organizations, and individuals with whom personal data is shared, requiring them to comply with this policy and take appropriate confidentiality and security measures when processing personal information.

5.    Retention of Personal Information

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

This (Section 5) does not apply to anonymised, deidentified or Aggregated Data.

6.    How We Secure Personal Information

Vesync implements reasonable and appropriate industry-standard security controls to protect personal information in its possession. Vesync’s administrative, physical, and technical safeguards:

• Provide assurances of the integrity and confidentiality of personal information covered by this policy.
• Protect against reasonably anticipated threats or hazards to the security or integrity of personal information, and unauthorized uses or disclosures of such personal information; and
• Facilitate compliance with legal frameworks of requirements under applicable data protection laws.

To this end, we take the following measures:

• We take reasonable and feasible measures to ensure that the personal information collected is minimal and relevant to what is necessary in relation to the purposes for which they are processed. We retain your personal information for no longer than is necessary for the purposes stated in this policy and privacy notice of specific product or service, unless extending the retention period is required or permitted by law.
• We use a range of technologies such as cryptographic technologies to ensure the confidentiality of information in transmission. We implement trusted protection mechanisms to protect data and data storage servers from attacks.
• We deploy access control mechanisms to ensure that only authorized personnel can access your personal information. In addition, we control the number of authorized personnel and implement hierarchical permission management on them based on service requirements and personnel levels.
• We strictly select business partners and service providers and incorporate personal information protection requirements into commercial contracts, audits, and appraisal activities that are at least as stringent as the ones Vesync itself uses, consistent with this policy.
• We hold security and privacy protection training courses or other equivalent publicity activities to raise employees' personal information protection awareness.

The safety and security of your data also depend on you. Where we have given you (or where you have chosen) a password for access to certain parts of our services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Although we do our best to protect your personal information, unfortunately, no security measures can provide absolute protection. To cope with possible risks, such as personal information leakage, damage, and loss, we have procedures in place to deal with suspected data security breaches. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with Contact Information below.

7.    How We Protect Children's Personal Information

Marketing and Sales to Adults

The Websites are not intended for children under the age of 18 or the equivalent age as specified by law in your jurisdiction. We do not knowingly collect personal information from children for purposes of marketing or sales. We also do not collect any personal information from children under the age of 18 without their parent’s or guardian’s consent. If we learn we have collected or received personal information from a child without parental consent, we will take steps to delete that information as soon as possible. If you believe that we have unknowingly collected information about a child in connection with our marketing or sales operations, please contact us using one of the methods in the Contact Information below for us to delete it.

8.    Your Rights and Choices

Data protection laws in your country of residence may give you a number of legal rights in relation to the Personal Data that we hold about you. Subject to limitations set out in applicable laws, these rights may include:

Right to Know, Correct and Data Portability

You can contact us to submit your right to access, correct, or modify your information.

To protect your privacy and maintain security, we take steps to verify your identity before granting you access to your personal information or complying with a deletion, portability, or other related request. We may, in certain situations, reject your request for access, correction, or portability, for example, we may reject access where you are unable to verify your identity.

Right to Delete

You can contact us to submit your right to delete your information. Please note that if you request deletion of your personal information, or if you delete your account, we may retain your personal information for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.  Also, because we take measures to protect data from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time.

Right to Object

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

·       Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent, please see our Cookies Policy here.

·       Promotional Offers from the Vesync. You may utilize the unsubscribe function in each promotional email. You may also submit your request to opt-out by sending us an email stating your request to support.uk@cosori.com.

This opt-out does not apply to information provided to us as a result of a product purchase, warranty registration, product service experience or other transactions.

We do not control third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can also opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.

Right to restriction of processing

For users in the EEA or the UK, you have the right to restrict the processing of your personal data in accordance with applicable laws.

Withdraw consent

For users in the EEA or the UK, you have the right to withdraw consent at any time when we are relying on consent to process your personal data. However, this may not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you.

You can exercise your rights by contacting us. You can also lodge a complaint with the data protection regulator if you think that any of your rights have been infringed by us.

9.     Links to Other Parties’ Websites, Products, and Services

The Websites may contain links to third-party websites, products, and services of interest. All links to third-party websites, products, and services are provided for users' convenience only. You need to determine your interaction with such links on your own. We cannot be responsible for the protection and privacy of any information which you provide while visiting or using such third-party websites, products, and/or services and they are not governed by this policy. You should exercise caution and look at the privacy statement applicable in question.

10.     Data Transfer Outside the EEA Countries, and UK

We share your personal data within the Vesync. Where personal data originated in the EEA, this will involve transferring your data outside the EEA. Whenever we transfer personal data to countries outside of the EEA, we will ensure that the data is transferred in accordance with this Privacy Policy and as permitted by the applicable laws on data protection.  Our commitment includes ensuring that an equivalent level of protection is afforded to it by ensuring appropriate safeguards are implemented in the form of specific contracts approved by the European Commission. Please contact us if you want further information on the transfer of personal data out of the EEA.

11.     Entire Privacy Policy

We may provide you with separate privacy notices for specific products and services, and such privacy notices are incorporated into herein by reference. If there is any inconsistency between specific privacy notices and this general Privacy Policy, the specific privacy notice shall prevail.

12.   Contact Information

Please direct all requests for assistance, questions, or complaints about our privacy practices to our privacy team by email or postal mail at the following contact data:

Vesync (UK) Co., Ltd

Attention:  Privacy Team

Email:  support.uk@cosori.com

Postal Address: Unit G2 Havebside Industrial Estate, Fishtoft Road, Boston, PE21 0AH, United Kingdom

If you have any concerns or complaints about Vesync’s privacy policies or practices, please provide information relevant to your complaint. Our privacy team will evaluate your concern or complaint based on the information you provide and send you a response. We may need to ask you for additional information to evaluate your concern or complaint. We will promptly investigate and respond to your communications about a complaint. You may have other rights under the law and the right to contact the privacy regulator in your local jurisdiction about your concern or complaint.