Privacy Policy

Our Privacy Policy was updated on 25 May 2018. We have revamped the Privacy Policy front and back so that from this date onwards, this Privacy Policy can provide privacy details on how we manage your personal information for all Xiaomi products and services, unless a separate privacy policy is provided for a specific Xiaomi product or service.

Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.

Our commitment to you

This Privacy Policy sets out how Xiaomi Inc. and its affiliated companies within the Xiaomi Group (“Xiaomi”, “we”, “our” or “us”) collect, use, disclose, process and protect any information that you give us when you use our products and services located at www.mi.com, en.miui.com, account.xiaomi.com, MIUI and our Suite of applications that we offer on our mobile devices, for a list of these applications, please click here. Should we ask you to provide certain information by which you can be identified when using Xiaomi products and services, it will only be used in accordance with this Privacy Policy and/or our terms and conditions for users.

The Privacy Policy is designed with you in mind, and it is important that you have a comprehensive understanding of our personal information collection and usage practices, as well as full confidence that ultimately, you have control of any personal information provided to Xiaomi.

In this Privacy Policy, “personal information” means information that can be used to directly or indirectly identify an individual, either from that information alone or from that information combined with other information Xiaomi has access about that individual. Such personal information may include but not limit to the information you provide to us or upload, the information specific to you that may be assigned by us, your financial information, social information, device or sim-related information, location information, log information.

By using Xiaomi products and services or other acting permitted by the applicable laws, you are deemed to have read, acknowledged and accepted all the provisions stated here in the Privacy Policy, including any changes we may make from time to time. In order to comply with applicable laws, including local data protection legislation (e. g. General Data Protection Regulation in Europe Union), we will specifically seek prior explicit consent to the particular processing (e. g. automated individual decision-making) of special categories of personal data. Furthermore, we are committed to protecting the privacy, confidentiality and security of your personal information by complying with applicable laws, and we are equally committed to ensuring that all our employees and agents uphold these obligations.

If you use our products and services in the European Economic Area (EEA), Xiaomi Singapore Pte. Ltd. will act as the data controller and be responsible for the processing of the data. Contact details of Xiaomi Singapore Pte. Ltd. can be found in the "Contact Us" section.

Ultimately, what we want is the best for all our users. Should you have any concerns with our data handling practice as summarized in this Privacy Policy, please contact privacy@xiaomi.com to address your specific concerns. We will be happy to address them directly.

TRUSTe

If you have questions or concerns regarding our Privacy Policy or practices, please contact us at privacy@xiaomi.com. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request .

What information is collected and how can we use it?

Types of information collected

In order to provide our services to you, we will ask you to provide personal information that is necessary to provide those services to you. If you do not provide your personal information, we may not be able to provide you with our products or services.

We will only collect the information that is necessary for its specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. We may collect the following types of information (which may or may not be personal information):

We may also collect other types of information which are not directly or indirectly linked to an individual and which is aggregated, anonymized or de-identified. For example, the device model and system version number of the user’s Xiaomi mobile phone device may be collected when using a particular service. Such information is collected in order to improve the services we provide to you.

How the personal information can be used

Personal information is collected for providing services and / or products to you, and legal compliance on our part under applicable laws. You hereby consent that we may process and disclose personal information to our affiliated companies (which are in the communications, social media, technology and cloud businesses), Third Party Service Providers (defined below) for the purposes stated in this Privacy Policy.

We may use your personal information for the following purposes:

Here are more details on how we use your information (which may include personal information):

Direct marketing

Cookies and other technologies

With whom we share your information

We do not sell any personal information to third parties.

We may disclose your personal information on occasion to third parties (as described below) in order to provide the products or services that you have requested.

Disclosure may be made to Third Party Service Providers and affiliated companies listed in this section below. In each case described in this section, you can be assured that Xiaomi will only share your personal information in accordance with your consent. Your consent to Xiaomi will engage sub-processors for the processing of your personal information. You should know that when Xiaomi shares your personal information with a Third Party Service Provider under any circumstance described in this section, Xiaomi will contractually specify that the third party is subject to practices and obligations to comply with applicable local data protection laws. Xiaomi will contractually ensure compliance by any Third Party Service Providers with the privacy standards that apply to them in your home jurisdiction.

Sharing with our group and third party service providers

From time to time, in order to conduct business operations smoothly in providing you with the full capabilities of our products and services, we may disclose your personal information from time to time to other Xiaomi affiliated companies (in communications, social media, technology or cloud businesses), or our third party service providers which are our mailing houses, delivery service providers, telecommunications companies, data centers, data storage facilities, customer service providers, advertising and marketing service providers, agents acting on behalf of Xiaomi, [related corporations, and/or other third parties] (together “Third Party Service Providers”). Such Third Party Service Providers would be processing your personal information on Xiaomi’s behalf or for one or more of the purposes listed above. We may share your IP address with third parties when using certain mobile applications on our device in order to provide you with some of the services you requested. If you no longer wish to allow us to share this information, please contact us at privacy@xiaomi.com.

Sharing with our group’s ecosystem companies

Xiaomi works together with a cool group of companies, which together form the Mi Ecosystem. The Mi Ecosystem companies are independent entities, invested and incubated by Xiaomi, and are experts in their fields. Xiaomi may disclose your personal data to the Mi Ecosystem companies so as to provide you with and improve the exciting products and services (both hardware and software) from the Mi Ecosystem companies. Some of these products and services will still be under the Xiaomi brand, while others may use their own brand. The Mi Ecosystem companies may also share data with Xiaomi from time to time in relation to products and services under the Xiaomi brand and other brands owned by Xiaomi to provide hardware and software services, and to create better functions and user experience. Xiaomi will take appropriate organizational and technical measures to ensure the security of personal data during the process of sharing of information, including but not limited to the encryption of your personal data. If Xiaomi is involved in a merger, acquisition or asset sale of all or a portion of our assets, you will be notified via email and/or a prominent notice on our website, of any changes in ownership, uses of your personal information, and choices you may have regarding your personal information.

Sharing with others

Xiaomi may disclose your personal information without further consent when required under applicable law.

Information not requiring consent

Security safeguards

Xiaomi’s security measures

We are committed to ensuring that your personal information is secure. In order to prevent unauthorized access, disclosure or other similar risks, we have put in place reasonable physical, electronic and managerial procedures to safeguard and secure the information we collect on your mobile device and on Xiaomi websites. We will use all reasonable efforts to safeguard your personal information.

For example, when you access your Mi Account, you can choose to use our two-step verification process for better security. When you send or receive data from your Xiaomi device to our servers, we make sure they are encrypted using Secure Sockets Layer (“SSL”) and other algorithms.

All your personal information is stored on secure servers that are protected in controlled facilities. We classify your data based on importance and sensitivity, and ensure that your personal information has the highest security level. We make sure that our employees and Third Party Service Providers who access the information to help provide you with our products and services are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet such obligations. We have special access controls for cloud based data storage as well. All in all, we regularly review our information collection, storage and processing practices, including physical security measures, to guard against any unauthorized access and use.

We will take all practicable steps to safeguard your personal information. However, you should be aware that the use of the Internet is not entirely secure, and for this reason we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet.

We will take upon the personal data breach, notifying the breach to relevant supervisory authority or under some circumstances, notifying the personal data breach to the data subjects by complying with applicable laws, including your local data protection legislation.

What you can do

Retention policy

Personal information will be held for as long as it is necessary to fulfill the purpose for which it was collected, or as required or permitted by applicable laws. We shall cease to retain personal information, or remove the means by which the personal information can be associated with particular individuals, as soon as it is reasonable to assume that the purpose for which that personal information was collected is no longer being served by retention of the personal information. If further processing is for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes according to the applicable laws, the data can be further retained by Xiaomi even if the further processing is incompatible with original purposes.

Accessing other features on your device

Our applications may need access to certain features on your device such as enabling emails to contacts, SMS storage and Wi-Fi network status, as well as other features. This information is used to allow the applications to run on your device and allow you to interact with the applications. At any time you may revoke your permissions by turning these off at the device level or contacting us at privacy@xiaomi.com.

You have control over your personal information

Controlling settings

Xiaomi recognizes that privacy concerns differ from person to person. Therefore, we provide examples of ways Xiaomi makes available for you to choose to restrict the collection, use, disclosure or processing of your personal information and control your privacy settings:

You may obtain more details in relation to your device’s security status in the MIUI Security Center as well.

If you have previously agreed to us using your personal information for the abovementioned purposes, you may change your mind at any time by writing or emailing us at privacy@xiaomi.com.

Access, update, correct, erase or restrict processing your personal information

Withdrawal of consent

Transfer of personal information outside of your jurisdiction

To the extent that we may need to transfer personal information outside of your jurisdiction, whether to our affiliated companies (which are in the communications, social media, technology and cloud businesses) or Third Party Service Providers, we shall do so in accordance with the applicable laws. In particular, we will ensure that all transfers will be in accordance with requirements under your applicable local data protection laws by putting in place appropriate safeguards. You will have the right to be informed of the appropriate safeguards taken by Xiaomi for this transfer of your personal information.

Xiaomi is a China-headquartered company operating globally. As such, complying with applicable laws, we may transfer your personal data to any subsidiary of the Xiaomi group worldwide when processing that information for the purposes described in this Privacy Policy. We may also transfer your personal data to our third party service providers, who may be located in a country or area outside the area of the European Economic Area (EEA).

Whenever Xiaomi shares personal data originating in the EEA with a third party which may or may not be a Xiaomi entity outside the EEA, we will do so on the basis of EU standard contractual clauses or any other safeguards provided for in the GDPR.

Xiaomi may use overseas facilities operated and controlled by Xiaomi to process or back up your personal information. Currently, Xiaomi has data centers in Beijing, United States, Germany, Russia and Singapore. These overseas jurisdictions may or may not have in place data protection laws which are substantially similar to that in your home jurisdiction. You have understood that the risks under applicable data protection laws are different and we may transfer to and store your personal information at our overseas facilities. However, this does not change any of our commitments to safeguard your personal information in accordance with this Privacy Policy.

Miscellaneous

Minors

Order of precedence

If you have agreed to our applicable User Agreements, in the event of inconsistency between such User Agreements and this Privacy Policy, such User Agreements shall prevail.

Updates to the privacy policy

We keep our Privacy Policy under regular review and may update this privacy policy to reflect changes to our information practices. If we make material changes to our Privacy Policy, we will notify you by email (sent to the e-mail address specified in your account) or post the changes on all the Xiaomi websites or through our mobile devices, so that you may be aware of the information we collect and how we use it. Such changes to our Privacy Policy shall apply from the effective date as set out in the notice or on the website. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of products and services on the websites, mobile phones and/or any other device will be taken as acceptance of the updated Privacy Policy. We will seek your fresh consent before we collect more personal information from you or when we wish to use or disclose your personal information for new purposes.

Do I have to agree to any third party terms and conditions?

Our Privacy Policy does not apply to products and services offered by a third party. Xiaomi products and services may include third parties’ products, services and links to third parties’ websites. When you use such products or services, they may collect your information too. For this reason, we strongly suggest that you read the third party’s privacy policy as you have taken time to read ours. We are not responsible for and cannot control how third parties use personal information which they collect from you. Our Privacy Policy does not apply to other sites linked from our services.

Here are third party terms and privacy policies that apply when you use these specific products:

Social media (features) and widgets

Our websites include social media features, such as the Facebook Like button and Widgets, such as the Share this button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social media features and Widgets are either hosted by a third party or hosted directly on our websites. Your interactions with these Features are governed by the privacy policy of the company providing it.

Single sign-on

Depending on your jurisdiction, you may be able to log in to our website using sign-on services such as Facebook Connect or an Open ID provider. These services will authenticate your identity, provide you the option to share certain personal information (such as your name and email address) with us, and to pre-populate our sign up form. Services like Facebook Connect give you the option to post information about your activities on this website to your profile page to share with others within your network.

About our systematic approach to manage your personal information

If you are Europe Union user under GDPR, Xiaomi will provide systematic approach to manage personal data deeply engages our people, management processes and information systems by applying a risk management methodology. According to the GDPR, for instance, (1) Xiaomi set up a Data Protection Officer (DPO) in charge the data protection, and the contact of DPO is dpo@xiaomi.com; (2) procedure like data protection impact assessment (DPIA).

Contact us

If you have any comments or questions about this Privacy Policy or any questions relating to Xiaomi’s collection, use or disclosure of your personal information, please contact our Data Protection Officer at the address below referencing “Privacy Policy”:

Xiaomi Singapore Pte. Ltd.
20 Cross Street, China Court #02-12
Singapore 048422
Email: privacy@xiaomi.com

For users in the European Economic Area (EEA):
Xiaomi Technology Spain,S.L.
C/. Orense N.º 70-Ofic. 8º Dcha, 28020 Madrid

Thank you for taking the time to understand our Privacy Policy!

What’s new to you

We have made several major edits throughout the “Privacy Policy” as follows: